feat: Week 4 收尾 + 架构治理 — 搜索/家长中心/Feature Flag/Docker/环境配置

架构治理:
- Feature Flag 落地: Cargo.toml [features] default=["diary"] + main.rs cfg 条件编译
- 环境配置统一: AppConfig 类 + --dart-define 注入 + SSE 端口 8080→3000 修复

搜索替代方案 (无 FTS):
- SearchBloc + 标签/心情筛选接入后端 API
- JournalRepository 扩展 mood/tag 筛选参数
- 搜索页 UI 接入实际数据（替换占位文本）

家长中心最小集 (PIPL 合规):
- 后端: parent_service (绑定/查看/导出/删除/解绑) + parent_handler (6 个 API 端点)
- 前端: ParentBloc + ParentPage 功能完整实现
- 绑定孩子、只读查看日记、导出数据、删除数据、解绑

Docker 部署:
- verify.sh 健康检查脚本 (Axum/PG/Redis/OpenAPI 四项检查)

测试修复:
- home_bloc_test / calendar_bloc_test 适配 JournalRepository 新参数

验证: flutter test 84/84 pass, cargo test 76/76 pass, cargo check pass

crates/erp-diary/src/handler/parent_handler.rs

@@ -0,0 +1,340 @@
+// 家长中心 API 处理器 — PIPL 合规: 绑定/查阅/导出/删除
+
+use axum::extract::{Extension, FromRef, Query, State};
+use axum::response::Json;
+use serde::{Deserialize, Serialize};
+use utoipa::{IntoParams, ToSchema};
+use uuid::Uuid;
+
+use erp_core::error::AppError;
+use erp_core::rbac::require_permission;
+use erp_core::types::{ApiResponse, PaginatedResponse, TenantContext};
+
+use crate::dto::JournalResp;
+use crate::service::parent_service::ParentService;
+use crate::state::DiaryState;
+
+// ---- 请求/响应 DTO ----
+
+/// 绑定孩子请求
+#[derive(Debug, Deserialize, ToSchema)]
+pub struct BindChildReq {
+    /// 孩子的用户 ID
+    pub child_id: Uuid,
+}
+
+/// 查看孩子日记查询参数
+#[derive(Debug, Deserialize, IntoParams)]
+pub struct ChildJournalsQuery {
+    /// 孩子的用户 ID
+    pub child_id: Uuid,
+    /// 页码（默认 1）
+    pub page: Option<u64>,
+    /// 每页条数（默认 20，最大 100）
+    pub page_size: Option<u64>,
+}
+
+/// 导出数据查询参数
+#[derive(Debug, Deserialize, IntoParams)]
+pub struct ExportQuery {
+    /// 孩子的用户 ID
+    pub child_id: Uuid,
+}
+
+/// 删除孩子数据请求
+#[derive(Debug, Deserialize, ToSchema)]
+pub struct DeleteChildDataReq {
+    /// 孩子的用户 ID
+    pub child_id: Uuid,
+}
+
+/// 绑定信息响应
+#[derive(Debug, Serialize, ToSchema)]
+pub struct BindingResp {
+    pub binding_id: Uuid,
+    pub child_id: Uuid,
+    pub verified_at: Option<chrono::DateTime<chrono::Utc>>,
+}
+
+/// 删除结果响应
+#[derive(Debug, Serialize, ToSchema)]
+pub struct DeleteResultResp {
+    pub deleted_count: usize,
+    pub message: String,
+}
+
+// ---- Handler 函数 ----
+
+#[utoipa::path(
+    post,
+    path = "/api/v1/diary/parent/bind",
+    request_body = BindChildReq,
+    responses(
+        (status = 200, description = "绑定成功", body = ApiResponse<BindingResp>),
+        (status = 400, description = "已绑定该孩子"),
+        (status = 401, description = "未授权"),
+        (status = 403, description = "权限不足"),
+    ),
+    security(("bearer_auth" = [])),
+    tag = "家长中心"
+)]
+/// POST /api/v1/diary/parent/bind
+///
+/// 家长绑定孩子账号。需要 `diary.parent.bind` 权限。
+pub async fn bind_child<S>(
+    State(state): State<DiaryState>,
+    Extension(ctx): Extension<TenantContext>,
+    Json(req): Json<BindChildReq>,
+) -> Result<Json<ApiResponse<BindingResp>>, AppError>
+where
+    DiaryState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "diary.parent.bind")?;
+
+    let binding = ParentService::bind_child(
+        ctx.tenant_id,
+        ctx.user_id,
+        req.child_id,
+        &state.db,
+        &state.event_bus,
+    )
+    .await?;
+
+    Ok(Json(ApiResponse::ok(BindingResp {
+        binding_id: binding.id,
+        child_id: binding.child_id,
+        verified_at: binding.verified_at,
+    })))
+}
+
+#[utoipa::path(
+    get,
+    path = "/api/v1/diary/parent/children",
+    responses(
+        (status = 200, description = "孩子列表", body = ApiResponse<Vec<BindingResp>>),
+        (status = 401, description = "未授权"),
+        (status = 403, description = "权限不足"),
+    ),
+    security(("bearer_auth" = [])),
+    tag = "家长中心"
+)]
+/// GET /api/v1/diary/parent/children
+///
+/// 获取家长绑定的孩子列表。需要 `diary.parent.bind` 权限。
+pub async fn list_children<S>(
+    State(state): State<DiaryState>,
+    Extension(ctx): Extension<TenantContext>,
+) -> Result<Json<ApiResponse<Vec<BindingResp>>>, AppError>
+where
+    DiaryState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "diary.parent.bind")?;
+
+    let bindings = ParentService::list_children(ctx.tenant_id, ctx.user_id, &state.db).await?;
+
+    let resp: Vec<BindingResp> = bindings
+        .into_iter()
+        .map(|b| BindingResp {
+            binding_id: b.id,
+            child_id: b.child_id,
+            verified_at: b.verified_at,
+        })
+        .collect();
+
+    Ok(Json(ApiResponse::ok(resp)))
+}
+
+#[utoipa::path(
+    get,
+    path = "/api/v1/diary/parent/journals",
+    params(ChildJournalsQuery),
+    responses(
+        (status = 200, description = "孩子日记列表", body = ApiResponse<PaginatedResponse<JournalResp>>),
+        (status = 401, description = "未授权"),
+        (status = 403, description = "权限不足或未绑定该孩子"),
+    ),
+    security(("bearer_auth" = [])),
+    tag = "家长中心"
+)]
+/// GET /api/v1/diary/parent/journals
+///
+/// 查看已绑定孩子的日记列表（只读）。需要 `diary.journal.read` 权限。
+pub async fn get_child_journals<S>(
+    State(state): State<DiaryState>,
+    Extension(ctx): Extension<TenantContext>,
+    Query(params): Query<ChildJournalsQuery>,
+) -> Result<Json<ApiResponse<PaginatedResponse<JournalResp>>>, AppError>
+where
+    DiaryState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "diary.journal.read")?;
+
+    let page = params.page.unwrap_or(1);
+    let page_size = params.page_size.unwrap_or(20).min(100);
+
+    let (models, total) = ParentService::get_child_journals(
+        ctx.tenant_id,
+        ctx.user_id,
+        params.child_id,
+        page,
+        page_size,
+        &state.db,
+    )
+    .await?;
+
+    let items: Vec<JournalResp> = models.into_iter().map(journal_model_to_resp).collect();
+    let total_pages = total.div_ceil(page_size);
+
+    Ok(Json(ApiResponse::ok(PaginatedResponse {
+        data: items,
+        total,
+        page,
+        page_size,
+        total_pages,
+    })))
+}
+
+#[utoipa::path(
+    get,
+    path = "/api/v1/diary/parent/export",
+    params(ExportQuery),
+    responses(
+        (status = 200, description = "导出数据"),
+        (status = 401, description = "未授权"),
+        (status = 403, description = "权限不足或未绑定该孩子"),
+    ),
+    security(("bearer_auth" = [])),
+    tag = "家长中心"
+)]
+/// GET /api/v1/diary/parent/export
+///
+/// 导出孩子所有日记数据（PIPL 数据可携带权）。需要 `diary.journal.read` 权限。
+pub async fn export_child_data<S>(
+    State(state): State<DiaryState>,
+    Extension(ctx): Extension<TenantContext>,
+    Query(params): Query<ExportQuery>,
+) -> Result<Json<serde_json::Value>, AppError>
+where
+    DiaryState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "diary.journal.read")?;
+
+    let data =
+        ParentService::export_child_data(ctx.tenant_id, ctx.user_id, params.child_id, &state.db)
+            .await?;
+
+    Ok(Json(data))
+}
+
+#[utoipa::path(
+    delete,
+    path = "/api/v1/diary/parent/data",
+    request_body = DeleteChildDataReq,
+    responses(
+        (status = 200, description = "删除成功", body = ApiResponse<DeleteResultResp>),
+        (status = 401, description = "未授权"),
+        (status = 403, description = "权限不足或未绑定该孩子"),
+    ),
+    security(("bearer_auth" = [])),
+    tag = "家长中心"
+)]
+/// DELETE /api/v1/diary/parent/data
+///
+/// 软删除孩子所有日记数据（PIPL 删除权）。需要 `diary.parent.bind` 权限。
+/// 数据将在 30 天内完成清理。
+pub async fn delete_child_data<S>(
+    State(state): State<DiaryState>,
+    Extension(ctx): Extension<TenantContext>,
+    Json(req): Json<DeleteChildDataReq>,
+) -> Result<Json<ApiResponse<DeleteResultResp>>, AppError>
+where
+    DiaryState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "diary.parent.bind")?;
+
+    let count = ParentService::delete_child_data(
+        ctx.tenant_id,
+        ctx.user_id,
+        req.child_id,
+        &state.db,
+        &state.event_bus,
+    )
+    .await?;
+
+    Ok(Json(ApiResponse::ok(DeleteResultResp {
+        deleted_count: count,
+        message: "数据删除请求已提交，将在 30 天内完成删除".to_string(),
+    })))
+}
+
+#[utoipa::path(
+    delete,
+    path = "/api/v1/diary/parent/unbind",
+    request_body = BindChildReq,
+    responses(
+        (status = 200, description = "解绑成功"),
+        (status = 401, description = "未授权"),
+        (status = 403, description = "权限不足"),
+        (status = 404, description = "绑定关系不存在"),
+    ),
+    security(("bearer_auth" = [])),
+    tag = "家长中心"
+)]
+/// DELETE /api/v1/diary/parent/unbind
+///
+/// 解绑孩子。需要 `diary.parent.bind` 权限。
+pub async fn unbind_child<S>(
+    State(state): State<DiaryState>,
+    Extension(ctx): Extension<TenantContext>,
+    Json(req): Json<BindChildReq>,
+) -> Result<Json<ApiResponse<()>>, AppError>
+where
+    DiaryState: FromRef<S>,
+    S: Clone + Send + Sync + 'static,
+{
+    require_permission(&ctx, "diary.parent.bind")?;
+
+    ParentService::unbind_child(ctx.tenant_id, ctx.user_id, req.child_id, &state.db).await?;
+
+    Ok(Json(ApiResponse {
+        success: true,
+        data: None,
+        message: Some("已解绑".to_string()),
+    }))
+}
+
+/// journal_entry::Model -> JournalResp DTO 转换
+///
+/// 与 journal_service 中的 model_to_resp 逻辑一致，
+/// 但这里直接从 Model 转换避免循环依赖。
+fn journal_model_to_resp(model: crate::entity::journal_entry::Model) -> JournalResp {
+    use crate::dto::{Mood, Weather};
+
+    let mood: Mood = serde_json::from_str(&model.mood).unwrap_or(Mood::Happy);
+    let weather: Weather = serde_json::from_str(&model.weather).unwrap_or(Weather::Sunny);
+    let tags: Vec<String> = model
+        .tags
+        .and_then(|v| serde_json::from_value(v).ok())
+        .unwrap_or_default();
+
+    JournalResp {
+        id: model.id,
+        author_id: model.author_id,
+        class_id: model.class_id,
+        title: model.title,
+        date: model.date,
+        mood,
+        weather,
+        tags,
+        is_private: model.is_private,
+        shared_to_class: model.shared_to_class,
+        version: model.version,
+        created_at: model.created_at,
+        updated_at: model.updated_at,
+    }
+}