feat: 完成B端认证系统和商户管理模块测试补全

主要变更：
- 新增B端认证系统（后台+H5）：登录、登出、Token刷新、密码修改
- 完善商户管理和商户账号管理功能
- 补全单元测试（ShopService: 72.5%, ShopAccountService: 79.8%）
- 新增集成测试（商户管理+商户账号管理）
- 归档OpenSpec提案（add-shop-account-management, implement-b-end-auth-system）
- 完善文档（使用指南、API文档、认证架构说明）

测试统计：
- 13个测试套件，37个测试用例，100%通过率
- 平均覆盖率76.2%，达标

OpenSpec验证：通过（strict模式）

internal/bootstrap/dependencies.go

@@ -14,6 +14,7 @@ type Dependencies struct {
 	DB                  *gorm.DB              // PostgreSQL 数据库连接
 	Redis               *redis.Client         // Redis 客户端
 	Logger              *zap.Logger           // 应用日志器
-	JWTManager          *auth.JWTManager      // JWT 管理器
+	JWTManager          *auth.JWTManager      // JWT 管理器（个人客户认证）
+	TokenManager        *auth.TokenManager    // Token 管理器（后台和H5认证）
 	VerificationService *verification.Service // 验证码服务
 }

internal/bootstrap/handlers.go

@@ -3,15 +3,22 @@ package bootstrap
 import (
 	"github.com/break/junhong_cmp_fiber/internal/handler/admin"
 	"github.com/break/junhong_cmp_fiber/internal/handler/app"
+	"github.com/break/junhong_cmp_fiber/internal/handler/h5"
+	"github.com/go-playground/validator/v10"
 )
 
 // initHandlers 初始化所有 Handler 实例
 func initHandlers(svc *services, deps *Dependencies) *Handlers {
+	validate := validator.New()
+
 	return &Handlers{
 		Account:          admin.NewAccountHandler(svc.Account),
 		Role:             admin.NewRoleHandler(svc.Role),
 		Permission:       admin.NewPermissionHandler(svc.Permission),
 		PersonalCustomer: app.NewPersonalCustomerHandler(svc.PersonalCustomer, deps.Logger),
-		// TODO: 新增 Handler 在此初始化
+		Shop:             admin.NewShopHandler(svc.Shop),
+		ShopAccount:      admin.NewShopAccountHandler(svc.ShopAccount),
+		AdminAuth:        admin.NewAuthHandler(svc.Auth, validate),
+		H5Auth:           h5.NewAuthHandler(svc.Auth, validate),
 	}
 }

internal/bootstrap/middlewares.go

@@ -1,9 +1,16 @@
 package bootstrap
 
 import (
+	"context"
+	"time"
+
 	"github.com/break/junhong_cmp_fiber/internal/middleware"
-	"github.com/break/junhong_cmp_fiber/pkg/auth"
+	pkgauth "github.com/break/junhong_cmp_fiber/pkg/auth"
 	"github.com/break/junhong_cmp_fiber/pkg/config"
+	"github.com/break/junhong_cmp_fiber/pkg/constants"
+	"github.com/break/junhong_cmp_fiber/pkg/errors"
+	pkgmiddleware "github.com/break/junhong_cmp_fiber/pkg/middleware"
+	"github.com/gofiber/fiber/v2"
 )
 
 // initMiddlewares 初始化所有中间件
@@ -12,12 +19,76 @@ func initMiddlewares(deps *Dependencies) *Middlewares {
 	cfg := config.Get()
 
 	// 创建 JWT Manager
-	jwtManager := auth.NewJWTManager(cfg.JWT.SecretKey, cfg.JWT.TokenDuration)
+	jwtManager := pkgauth.NewJWTManager(cfg.JWT.SecretKey, cfg.JWT.TokenDuration)
 
 	// 创建个人客户认证中间件
 	personalAuthMiddleware := middleware.NewPersonalAuthMiddleware(jwtManager, deps.Logger)
 
+	// 创建 Token Manager（用于后台和H5认证）
+	accessTTL := time.Duration(cfg.JWT.AccessTokenTTL) * time.Second
+	refreshTTL := time.Duration(cfg.JWT.RefreshTokenTTL) * time.Second
+	tokenManager := pkgauth.NewTokenManager(deps.Redis, accessTTL, refreshTTL)
+
+	// 创建后台认证中间件
+	adminAuthMiddleware := createAdminAuthMiddleware(tokenManager)
+
+	// 创建H5认证中间件
+	h5AuthMiddleware := createH5AuthMiddleware(tokenManager)
+
 	return &Middlewares{
 		PersonalAuth: personalAuthMiddleware,
+		AdminAuth:    adminAuthMiddleware,
+		H5Auth:       h5AuthMiddleware,
 	}
 }
+
+func createAdminAuthMiddleware(tokenManager *pkgauth.TokenManager) fiber.Handler {
+	return pkgmiddleware.Auth(pkgmiddleware.AuthConfig{
+		TokenValidator: func(token string) (*pkgmiddleware.UserContextInfo, error) {
+			tokenInfo, err := tokenManager.ValidateAccessToken(context.Background(), token)
+			if err != nil {
+				return nil, errors.New(errors.CodeInvalidToken, "认证令牌无效或已过期")
+			}
+
+			// 检查用户类型：后台允许 SuperAdmin(1), Platform(2), Agent(3)
+			if tokenInfo.UserType != constants.UserTypeSuperAdmin &&
+				tokenInfo.UserType != constants.UserTypePlatform &&
+				tokenInfo.UserType != constants.UserTypeAgent {
+				return nil, errors.New(errors.CodeForbidden, "权限不足")
+			}
+
+			return &pkgmiddleware.UserContextInfo{
+				UserID:       tokenInfo.UserID,
+				UserType:     tokenInfo.UserType,
+				ShopID:       tokenInfo.ShopID,
+				EnterpriseID: tokenInfo.EnterpriseID,
+			}, nil
+		},
+		SkipPaths: []string{"/api/admin/login", "/api/admin/refresh-token"},
+	})
+}
+
+func createH5AuthMiddleware(tokenManager *pkgauth.TokenManager) fiber.Handler {
+	return pkgmiddleware.Auth(pkgmiddleware.AuthConfig{
+		TokenValidator: func(token string) (*pkgmiddleware.UserContextInfo, error) {
+			tokenInfo, err := tokenManager.ValidateAccessToken(context.Background(), token)
+			if err != nil {
+				return nil, errors.New(errors.CodeInvalidToken, "认证令牌无效或已过期")
+			}
+
+			// 检查用户类型：H5 允许 Agent(3), Enterprise(4)
+			if tokenInfo.UserType != constants.UserTypeAgent &&
+				tokenInfo.UserType != constants.UserTypeEnterprise {
+				return nil, errors.New(errors.CodeForbidden, "权限不足")
+			}
+
+			return &pkgmiddleware.UserContextInfo{
+				UserID:       tokenInfo.UserID,
+				UserType:     tokenInfo.UserType,
+				ShopID:       tokenInfo.ShopID,
+				EnterpriseID: tokenInfo.EnterpriseID,
+			}, nil
+		},
+		SkipPaths: []string{"/api/h5/login", "/api/h5/refresh-token"},
+	})
+}

internal/bootstrap/services.go

@@ -2,9 +2,12 @@ package bootstrap
 
 import (
 	accountSvc "github.com/break/junhong_cmp_fiber/internal/service/account"
+	authSvc "github.com/break/junhong_cmp_fiber/internal/service/auth"
 	permissionSvc "github.com/break/junhong_cmp_fiber/internal/service/permission"
 	personalCustomerSvc "github.com/break/junhong_cmp_fiber/internal/service/personal_customer"
 	roleSvc "github.com/break/junhong_cmp_fiber/internal/service/role"
+	shopSvc "github.com/break/junhong_cmp_fiber/internal/service/shop"
+	shopAccountSvc "github.com/break/junhong_cmp_fiber/internal/service/shop_account"
 )
 
 // services 封装所有 Service 实例
@@ -14,7 +17,9 @@ type services struct {
 	Role             *roleSvc.Service
 	Permission       *permissionSvc.Service
 	PersonalCustomer *personalCustomerSvc.Service
-	// TODO: 新增 Service 在此添加字段
+	Shop             *shopSvc.Service
+	ShopAccount      *shopAccountSvc.Service
+	Auth             *authSvc.Service
 }
 
 // initServices 初始化所有 Service 实例
@@ -24,6 +29,8 @@ func initServices(s *stores, deps *Dependencies) *services {
 		Role:             roleSvc.New(s.Role, s.Permission, s.RolePermission),
 		Permission:       permissionSvc.New(s.Permission),
 		PersonalCustomer: personalCustomerSvc.NewService(s.PersonalCustomer, s.PersonalCustomerPhone, deps.VerificationService, deps.JWTManager, deps.Logger),
-		// TODO: 新增 Service 在此初始化
+		Shop:             shopSvc.New(s.Shop, s.Account),
+		ShopAccount:      shopAccountSvc.New(s.Account, s.Shop),
+		Auth:             authSvc.New(s.Account, s.AccountRole, s.RolePermission, s.Permission, deps.TokenManager, deps.Logger),
 	}
 }

internal/bootstrap/types.go

@@ -3,7 +3,9 @@ package bootstrap
 import (
 	"github.com/break/junhong_cmp_fiber/internal/handler/admin"
 	"github.com/break/junhong_cmp_fiber/internal/handler/app"
+	"github.com/break/junhong_cmp_fiber/internal/handler/h5"
 	"github.com/break/junhong_cmp_fiber/internal/middleware"
+	"github.com/gofiber/fiber/v2"
 )
 
 // Handlers 封装所有 HTTP 处理器
@@ -13,12 +15,17 @@ type Handlers struct {
 	Role             *admin.RoleHandler
 	Permission       *admin.PermissionHandler
 	PersonalCustomer *app.PersonalCustomerHandler
-	// TODO: 新增 Handler 在此添加字段
+	Shop             *admin.ShopHandler
+	ShopAccount      *admin.ShopAccountHandler
+	AdminAuth        *admin.AuthHandler
+	H5Auth           *h5.AuthHandler
 }
 
 // Middlewares 封装所有中间件
 // 用于路由注册
 type Middlewares struct {
 	PersonalAuth *middleware.PersonalAuthMiddleware
+	AdminAuth    func(*fiber.Ctx) error
+	H5Auth       func(*fiber.Ctx) error
 	// TODO: 新增 Middleware 在此添加字段
 }