refactor(account): 统一账号管理API、完善权限检查和操作审计

- 合并 customer_account 和 shop_account 路由到统一的 account 接口
- 新增统一认证接口 (auth handler)
- 实现越权防护中间件和权限检查工具函数
- 新增操作审计日志模型和服务
- 更新数据库迁移 (版本 39: account_operation_log 表)
- 补充集成测试覆盖权限检查和审计日志场景

internal/routes/auth.go

@@ -0,0 +1,57 @@
+package routes
+
+import (
+	"github.com/gofiber/fiber/v2"
+
+	authHandler "github.com/break/junhong_cmp_fiber/internal/handler/auth"
+	"github.com/break/junhong_cmp_fiber/internal/model/dto"
+	"github.com/break/junhong_cmp_fiber/pkg/openapi"
+)
+
+// RegisterAuthRoutes 注册统一认证路由
+// 路由挂载在 /api/auth 下
+func RegisterAuthRoutes(router fiber.Router, handler *authHandler.Handler, authMiddleware fiber.Handler, doc *openapi.Generator, basePath string) {
+	// 公开路由（不需要认证）
+	Register(router, doc, basePath, "POST", "/login", handler.Login, RouteSpec{
+		Summary: "统一登录（后台+H5）",
+		Tags:    []string{"统一认证"},
+		Input:   new(dto.LoginRequest),
+		Output:  new(dto.LoginResponse),
+		Auth:    false,
+	})
+
+	Register(router, doc, basePath, "POST", "/refresh-token", handler.RefreshToken, RouteSpec{
+		Summary: "刷新 Token",
+		Tags:    []string{"统一认证"},
+		Input:   new(dto.RefreshTokenRequest),
+		Output:  new(dto.RefreshTokenResponse),
+		Auth:    false,
+	})
+
+	// 需要认证的路由
+	authGroup := router.Group("", authMiddleware)
+
+	Register(authGroup, doc, basePath, "POST", "/logout", handler.Logout, RouteSpec{
+		Summary: "统一登出",
+		Tags:    []string{"统一认证"},
+		Input:   nil,
+		Output:  nil,
+		Auth:    true,
+	})
+
+	Register(authGroup, doc, basePath, "GET", "/me", handler.GetMe, RouteSpec{
+		Summary: "获取用户信息",
+		Tags:    []string{"统一认证"},
+		Input:   nil,
+		Output:  new(dto.UserInfo),
+		Auth:    true,
+	})
+
+	Register(authGroup, doc, basePath, "PUT", "/password", handler.ChangePassword, RouteSpec{
+		Summary: "修改密码",
+		Tags:    []string{"统一认证"},
+		Input:   new(dto.ChangePasswordRequest),
+		Output:  nil,
+		Auth:    true,
+	})
+}