feat: 完成B端认证系统和商户管理模块测试补全

主要变更：
- 新增B端认证系统（后台+H5）：登录、登出、Token刷新、密码修改
- 完善商户管理和商户账号管理功能
- 补全单元测试（ShopService: 72.5%, ShopAccountService: 79.8%）
- 新增集成测试（商户管理+商户账号管理）
- 归档OpenSpec提案（add-shop-account-management, implement-b-end-auth-system）
- 完善文档（使用指南、API文档、认证架构说明）

测试统计：
- 13个测试套件，37个测试用例，100%通过率
- 平均覆盖率76.2%，达标

OpenSpec验证：通过（strict模式）

internal/service/shop_account/service.go

@@ -0,0 +1,265 @@
+package shop_account
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/break/junhong_cmp_fiber/internal/model"
+	"github.com/break/junhong_cmp_fiber/internal/store"
+	"github.com/break/junhong_cmp_fiber/internal/store/postgres"
+	"github.com/break/junhong_cmp_fiber/pkg/constants"
+	"github.com/break/junhong_cmp_fiber/pkg/errors"
+	"github.com/break/junhong_cmp_fiber/pkg/middleware"
+	"golang.org/x/crypto/bcrypt"
+	"gorm.io/gorm"
+)
+
+type Service struct {
+	accountStore *postgres.AccountStore
+	shopStore    *postgres.ShopStore
+}
+
+func New(accountStore *postgres.AccountStore, shopStore *postgres.ShopStore) *Service {
+	return &Service{
+		accountStore: accountStore,
+		shopStore:    shopStore,
+	}
+}
+
+func (s *Service) List(ctx context.Context, req *model.ShopAccountListRequest) ([]*model.ShopAccountResponse, int64, error) {
+	opts := &store.QueryOptions{
+		Page:     req.Page,
+		PageSize: req.PageSize,
+		OrderBy:  "created_at DESC",
+	}
+	if opts.Page == 0 {
+		opts.Page = 1
+	}
+	if opts.PageSize == 0 {
+		opts.PageSize = constants.DefaultPageSize
+	}
+
+	filters := make(map[string]interface{})
+	filters["user_type"] = constants.UserTypeAgent
+	if req.Username != "" {
+		filters["username"] = req.Username
+	}
+	if req.Phone != "" {
+		filters["phone"] = req.Phone
+	}
+	if req.Status != nil {
+		filters["status"] = *req.Status
+	}
+
+	var accounts []*model.Account
+	var total int64
+	var err error
+
+	if req.ShopID != nil {
+		accounts, total, err = s.accountStore.ListByShopID(ctx, *req.ShopID, opts, filters)
+	} else {
+		filters["user_type"] = constants.UserTypeAgent
+		accounts, total, err = s.accountStore.List(ctx, opts, filters)
+	}
+
+	if err != nil {
+		return nil, 0, fmt.Errorf("查询代理商账号列表失败: %w", err)
+	}
+
+	shopMap := make(map[uint]string)
+	for _, account := range accounts {
+		if account.ShopID != nil {
+			if _, exists := shopMap[*account.ShopID]; !exists {
+				shop, err := s.shopStore.GetByID(ctx, *account.ShopID)
+				if err == nil {
+					shopMap[*account.ShopID] = shop.ShopName
+				}
+			}
+		}
+	}
+
+	responses := make([]*model.ShopAccountResponse, 0, len(accounts))
+	for _, account := range accounts {
+		resp := &model.ShopAccountResponse{
+			ID:        account.ID,
+			Username:  account.Username,
+			Phone:     account.Phone,
+			UserType:  account.UserType,
+			Status:    account.Status,
+			CreatedAt: account.CreatedAt.Format("2006-01-02 15:04:05"),
+			UpdatedAt: account.UpdatedAt.Format("2006-01-02 15:04:05"),
+		}
+		if account.ShopID != nil {
+			resp.ShopID = *account.ShopID
+			if shopName, ok := shopMap[*account.ShopID]; ok {
+				resp.ShopName = shopName
+			}
+		}
+		responses = append(responses, resp)
+	}
+
+	return responses, total, nil
+}
+
+func (s *Service) Create(ctx context.Context, req *model.CreateShopAccountRequest) (*model.ShopAccountResponse, error) {
+	currentUserID := middleware.GetUserIDFromContext(ctx)
+	if currentUserID == 0 {
+		return nil, errors.New(errors.CodeUnauthorized, "未授权访问")
+	}
+
+	shop, err := s.shopStore.GetByID(ctx, req.ShopID)
+	if err != nil {
+		if err == gorm.ErrRecordNotFound {
+			return nil, errors.New(errors.CodeShopNotFound, "店铺不存在")
+		}
+		return nil, fmt.Errorf("获取店铺失败: %w", err)
+	}
+
+	existing, err := s.accountStore.GetByUsername(ctx, req.Username)
+	if err == nil && existing != nil {
+		return nil, errors.New(errors.CodeUsernameExists, "用户名已存在")
+	}
+
+	existing, err = s.accountStore.GetByPhone(ctx, req.Phone)
+	if err == nil && existing != nil {
+		return nil, errors.New(errors.CodePhoneExists, "手机号已存在")
+	}
+
+	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)
+	if err != nil {
+		return nil, fmt.Errorf("密码哈希失败: %w", err)
+	}
+
+	account := &model.Account{
+		Username: req.Username,
+		Phone:    req.Phone,
+		Password: string(hashedPassword),
+		UserType: constants.UserTypeAgent,
+		ShopID:   &req.ShopID,
+		Status:   constants.StatusEnabled,
+	}
+	account.Creator = currentUserID
+	account.Updater = currentUserID
+
+	if err := s.accountStore.Create(ctx, account); err != nil {
+		return nil, fmt.Errorf("创建代理商账号失败: %w", err)
+	}
+
+	return &model.ShopAccountResponse{
+		ID:        account.ID,
+		ShopID:    *account.ShopID,
+		ShopName:  shop.ShopName,
+		Username:  account.Username,
+		Phone:     account.Phone,
+		UserType:  account.UserType,
+		Status:    account.Status,
+		CreatedAt: account.CreatedAt.Format("2006-01-02 15:04:05"),
+		UpdatedAt: account.UpdatedAt.Format("2006-01-02 15:04:05"),
+	}, nil
+}
+
+func (s *Service) Update(ctx context.Context, id uint, req *model.UpdateShopAccountRequest) (*model.ShopAccountResponse, error) {
+	currentUserID := middleware.GetUserIDFromContext(ctx)
+	if currentUserID == 0 {
+		return nil, errors.New(errors.CodeUnauthorized, "未授权访问")
+	}
+
+	account, err := s.accountStore.GetByID(ctx, id)
+	if err != nil {
+		if err == gorm.ErrRecordNotFound {
+			return nil, errors.New(errors.CodeAccountNotFound, "账号不存在")
+		}
+		return nil, fmt.Errorf("获取账号失败: %w", err)
+	}
+
+	if account.UserType != constants.UserTypeAgent {
+		return nil, errors.New(errors.CodeInvalidParam, "只能更新代理商账号")
+	}
+
+	existingAccount, err := s.accountStore.GetByUsername(ctx, req.Username)
+	if err == nil && existingAccount != nil && existingAccount.ID != id {
+		return nil, errors.New(errors.CodeUsernameExists, "用户名已存在")
+	}
+
+	account.Username = req.Username
+	account.Updater = currentUserID
+
+	if err := s.accountStore.Update(ctx, account); err != nil {
+		return nil, fmt.Errorf("更新代理商账号失败: %w", err)
+	}
+
+	var shopName string
+	if account.ShopID != nil {
+		shop, err := s.shopStore.GetByID(ctx, *account.ShopID)
+		if err == nil {
+			shopName = shop.ShopName
+		}
+	}
+
+	return &model.ShopAccountResponse{
+		ID:        account.ID,
+		ShopID:    *account.ShopID,
+		ShopName:  shopName,
+		Username:  account.Username,
+		Phone:     account.Phone,
+		UserType:  account.UserType,
+		Status:    account.Status,
+		CreatedAt: account.CreatedAt.Format("2006-01-02 15:04:05"),
+		UpdatedAt: account.UpdatedAt.Format("2006-01-02 15:04:05"),
+	}, nil
+}
+
+func (s *Service) UpdatePassword(ctx context.Context, id uint, req *model.UpdateShopAccountPasswordRequest) error {
+	currentUserID := middleware.GetUserIDFromContext(ctx)
+	if currentUserID == 0 {
+		return errors.New(errors.CodeUnauthorized, "未授权访问")
+	}
+
+	account, err := s.accountStore.GetByID(ctx, id)
+	if err != nil {
+		if err == gorm.ErrRecordNotFound {
+			return errors.New(errors.CodeAccountNotFound, "账号不存在")
+		}
+		return fmt.Errorf("获取账号失败: %w", err)
+	}
+
+	if account.UserType != constants.UserTypeAgent {
+		return errors.New(errors.CodeInvalidParam, "只能更新代理商账号密码")
+	}
+
+	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(req.NewPassword), bcrypt.DefaultCost)
+	if err != nil {
+		return fmt.Errorf("密码哈希失败: %w", err)
+	}
+
+	if err := s.accountStore.UpdatePassword(ctx, id, string(hashedPassword), currentUserID); err != nil {
+		return fmt.Errorf("更新密码失败: %w", err)
+	}
+
+	return nil
+}
+
+func (s *Service) UpdateStatus(ctx context.Context, id uint, req *model.UpdateShopAccountStatusRequest) error {
+	currentUserID := middleware.GetUserIDFromContext(ctx)
+	if currentUserID == 0 {
+		return errors.New(errors.CodeUnauthorized, "未授权访问")
+	}
+
+	account, err := s.accountStore.GetByID(ctx, id)
+	if err != nil {
+		if err == gorm.ErrRecordNotFound {
+			return errors.New(errors.CodeAccountNotFound, "账号不存在")
+		}
+		return fmt.Errorf("获取账号失败: %w", err)
+	}
+
+	if account.UserType != constants.UserTypeAgent {
+		return errors.New(errors.CodeInvalidParam, "只能更新代理商账号状态")
+	}
+
+	if err := s.accountStore.UpdateStatus(ctx, id, req.Status, currentUserID); err != nil {
+		return fmt.Errorf("更新账号状态失败: %w", err)
+	}
+
+	return nil
+}