chore: 提交所有工作进度 — SaaS 后端增强、Admin UI、桌面端集成

包含大量 SaaS 平台改进、Admin 管理后台更新、桌面端集成完善、文档同步、测试文件重构等内容。为 QA 测试准备干净工作树。
2026-03-29 10:46:26 +08:00
parent 9a5fad2b59
commit 5fdf96c3f5
268 changed files with 22011 additions and 3886 deletions
--- a/crates/zclaw-saas/src/auth/mod.rs
+++ b/crates/zclaw-saas/src/auth/mod.rs
@@ -29,7 +29,7 @@ async fn verify_api_token(state: &AppState, raw_token: &str, client_ip: Option<S

    let row: Option<(String, Option<String>, String)> = sqlx::query_as(
        "SELECT account_id, expires_at, permissions FROM api_tokens
-         WHERE token_hash = ?1 AND revoked_at IS NULL"
+         WHERE token_hash = $1 AND revoked_at IS NULL"
    )
    .bind(&token_hash)
    .fetch_optional(&state.db)
@@ -50,7 +50,7 @@ async fn verify_api_token(state: &AppState, raw_token: &str, client_ip: Option<S

    // 查询关联账号的角色
    let (role,): (String,) = sqlx::query_as(
-        "SELECT role FROM accounts WHERE id = ?1 AND status = 'active'"
+        "SELECT role FROM accounts WHERE id = $1 AND status = 'active'"
    )
    .bind(&account_id)
    .fetch_optional(&state.db)
@@ -71,7 +71,7 @@ async fn verify_api_token(state: &AppState, raw_token: &str, client_ip: Option<S
    let db = state.db.clone();
    tokio::spawn(async move {
        let now = chrono::Utc::now().to_rfc3339();
-        let _ = sqlx::query("UPDATE api_tokens SET last_used_at = ?1 WHERE token_hash = ?2")
+        let _ = sqlx::query("UPDATE api_tokens SET last_used_at = $1 WHERE token_hash = $2")
            .bind(&now).bind(&token_hash)
            .execute(&db).await;
    });
@@ -121,7 +121,8 @@ pub async fn auth_middleware(
                verify_api_token(&state, token, client_ip.clone()).await
            } else {
                // JWT 路径
-                jwt::verify_token(token, state.jwt_secret.expose_secret())
+                let verify_result = jwt::verify_token(token, state.jwt_secret.expose_secret());
+                verify_result
                    .map(|claims| AuthContext {
                        account_id: claims.sub,
                        role: claims.role,
@@ -153,6 +154,7 @@ pub fn routes() -> axum::Router<AppState> {
    axum::Router::new()
        .route("/api/v1/auth/register", post(handlers::register))
        .route("/api/v1/auth/login", post(handlers::login))
+        .route("/api/v1/auth/refresh", post(handlers::refresh))
 }

 /// 需要认证的路由
@@ -160,7 +162,6 @@ pub fn protected_routes() -> axum::Router<AppState> {
    use axum::routing::{get, post, put};

    axum::Router::new()
-        .route("/api/v1/auth/refresh", post(handlers::refresh))
        .route("/api/v1/auth/me", get(handlers::me))
        .route("/api/v1/auth/password", put(handlers::change_password))
        .route("/api/v1/auth/totp/setup", post(totp::setup_totp))