feat(admin): Add user management and upgrade to module permission system

Features - User Management (Phase 4.1):
- Database: Add user_modules table for fine-grained module permissions
- Database: Add 4 user permissions (view/create/edit/delete) to role_permissions
- Backend: UserService (780 lines) - CRUD with tenant isolation
- Backend: UserController + UserRoutes (648 lines) - 13 API endpoints
- Backend: Batch import users from Excel
- Frontend: UserListPage (412 lines) - list/filter/search/pagination
- Frontend: UserFormPage (341 lines) - create/edit with module config
- Frontend: UserDetailPage (393 lines) - details/tenant/module management
- Frontend: 3 modal components (592 lines) - import/assign/configure
- API: GET/POST/PUT/DELETE /api/admin/users/* endpoints

Architecture Upgrade - Module Permission System:
- Backend: Add getUserModules() method in auth.service
- Backend: Login API returns modules array in user object
- Frontend: AuthContext adds hasModule() method
- Frontend: Navigation filters modules based on user.modules
- Frontend: RouteGuard checks requiredModule instead of requiredVersion
- Frontend: Remove deprecated version-based permission system
- UX: Only show accessible modules in navigation (clean UI)
- UX: Smart redirect after login (avoid 403 for regular users)

Fixes:
- Fix UTF-8 encoding corruption in ~100 docs files
- Fix pageSize type conversion in userService (String to Number)
- Fix authUser undefined error in TopNavigation
- Fix login redirect logic with role-based access check
- Update Git commit guidelines v1.2 with UTF-8 safety rules

Database Changes:
- CREATE TABLE user_modules (user_id, tenant_id, module_code, is_enabled)
- ADD UNIQUE CONSTRAINT (user_id, tenant_id, module_code)
- INSERT 4 permissions + role assignments
- UPDATE PUBLIC tenant with 8 module subscriptions

Technical:
- Backend: 5 new files (~2400 lines)
- Frontend: 10 new files (~2500 lines)
- Docs: 1 development record + 2 status updates + 1 guideline update
- Total: ~4900 lines of code

Status: User management 100% complete, module permission system operational

docs/04-开发规范/10-模块认证规范.md

@@ -1,29 +1,29 @@
 # 模块认证规范
 
-> <EFBFBD>祆<EFBFBD>獢<EFBFBD><EFBFBD>銋劐<EFBFBD>銝𡁜𦛚璅∪<EFBFBD>憒<EFBFBD><EFBFBD>甇<EFBFBD>＆雿輻鍂撟喳蝱霈方<EFBFBD><EFBFBD>賢<EFBFBD>嚗𣬚＆靽脲<EFBFBD><EFBFBD>?API <20>賣迤蝖格𡉼撣血<E692A3>撉諹<E69289><E8ABB9>冽<EFBFBD>頨思遢<E6809D>?
+> 本文档定义了业务模块如何正确使用平台认证能力，确保所有 API 都正确携带和验证用户身份。
 
 ## 1. 架构概览
 
 ```
-<EFBFBD>𢞖<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?
-<EFBFBD>?                       <EFBFBD>滨垢                                  <EFBFBD>?
-<EFBFBD>? <20>𢞖<EFBFBD><F0A29E96><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?  <20>?
-<EFBFBD>? <20>? common/api/axios.ts  <EFBFBD>?撣西恕霂<E68195><E99C82> axios 摰硺<EFBFBD>         <EFBFBD>?  <20>?
-<EFBFBD>? <20>? framework/auth/api.ts <EFBFBD>?Token 蝞∠<EFBFBD> (getAccessToken)<EFBFBD>?  <20>?
-<EFBFBD>? <20>婙<EFBFBD><E5A999><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?  <20>?
-<EFBFBD>婙<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?
-                              <EFBFBD>?
-                              <EFBFBD>?Authorization: Bearer <token>
-                              <EFBFBD>?
-<EFBFBD>𢞖<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?
-<EFBFBD>?                       <EFBFBD>𡒊垢                                  <EFBFBD>?
-<EFBFBD>? <20>𢞖<EFBFBD><F0A29E96><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?  <20>?
-<EFBFBD>? <20>? common/auth/auth.middleware.ts                      <EFBFBD>?  <20>?
-<EFBFBD>? <20>? - authenticate: 撉諹<EFBFBD> JWT Token                     <EFBFBD>?  <20>?
-<EFBFBD>? <20>? - requirePermission: <EFBFBD><EFBFBD><EFBFBD>璉<EFBFBD><EFBFBD>?                      <EFBFBD>?  <20>?
-<EFBFBD>? <20>? - requireRoles: 閫坿𠧧璉<EFBFBD><EFBFBD>?                           <EFBFBD>?  <20>?
-<EFBFBD>? <20>婙<EFBFBD><E5A999><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?  <20>?
-<EFBFBD>婙<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>?
+┌─────────────────────────────────────────────────────────────┐
+│                        前端                                  │
+│  ┌─────────────────────────────────────────────────────┐   │
+│  │  common/api/axios.ts  ← 带认证的 axios 实例         │   │
+│  │  framework/auth/api.ts ← Token 管理 (getAccessToken)│   │
+│  └─────────────────────────────────────────────────────┘   │
+└─────────────────────────────────────────────────────────────┘
+                              │
+                              │ Authorization: Bearer <token>
+                              ▼
+┌─────────────────────────────────────────────────────────────┐
+│                        后端                                  │
+│  ┌─────────────────────────────────────────────────────┐   │
+│  │  common/auth/auth.middleware.ts                      │   │
+│  │  - authenticate: 验证 JWT Token                     │   │
+│  │  - requirePermission: 权限检查                       │   │
+│  │  - requireRoles: 角色检查                            │   │
+│  └─────────────────────────────────────────────────────┘   │
+└─────────────────────────────────────────────────────────────┘
 ```
 
 ## 2. 前端规范
@@ -34,12 +34,12 @@
 // 导入带认证的 apiClient
 import apiClient from '../../../common/api/axios';
 
-// 雿輻鍂<EFBFBD>孵<EFBFBD>銝?axios 摰<><E691B0><EFBFBD>詨<EFBFBD>嚗諹䌊<E8ABB9>冽𡉼撣?JWT Token
+// 使用方式与 axios 完全相同，自动携带 JWT Token
 const response = await apiClient.get('/api/v2/xxx');
 const response = await apiClient.post('/api/v2/xxx', data);
 ```
 
-### 2.2 雿輻鍂<EFBFBD>毺<EFBFBD> fetch嚗<68><E59A97><EFBFBD>见𢆡瘛餃<E7989B> Token嚗?
+### 2.2 使用原生 fetch（需手动添加 Token）
 
 ```typescript
 import { getAccessToken } from '../../../framework/auth/api';
@@ -56,12 +56,12 @@ function getAuthHeaders(): HeadersInit {
   return headers;
 }
 
-// <EFBFBD><EFBFBD><EFBFBD>?fetch 霂瑟<EFBFBD>雿輻鍂 getAuthHeaders()
+// 所有 fetch 请求使用 getAuthHeaders()
 const response = await fetch(url, {
   headers: getAuthHeaders(),
 });
 
-// <EFBFBD><EFBFBD>辣銝𠹺<EFBFBD>嚗<EFBFBD><EFBFBD>霈曄蔭 Content-Type嚗?
+// 文件上传（不设置 Content-Type）
 const token = getAccessToken();
 const headers: HeadersInit = {};
 if (token) {
@@ -76,22 +76,22 @@ const response = await fetch(url, {
 
 ## 3. 后端规范
 
-### 3.1 頝舐眏瘛餃<EFBFBD>霈方<EFBFBD>銝剝𡢿隞?
+### 3.1 路由添加认证中间件
 
 ```typescript
-// 撖澆<EFBFBD>霈方<EFBFBD>銝剝𡢿隞?
+// 导入认证中间件
 import { authenticate, requirePermission } from '../../../common/auth/auth.middleware.js';
 
-// 瘛餃<EFBFBD><EFBFBD>啗楝<EFBFBD>?
+// 添加到路由
 fastify.get('/xxx', { preHandler: [authenticate] }, handler);
 
-// <EFBFBD><EFBFBD>閬<EFBFBD>鸌摰𡁏<EFBFBD><EFBFBD>?
+// 需要特定权限
 fastify.post('/xxx', { 
   preHandler: [authenticate, requirePermission('module:action')] 
 }, handler);
 ```
 
-### 3.2 <EFBFBD>批<EFBFBD><EFBFBD>刻繮<EFBFBD>𣇉鍂<EFBFBD>?ID
+### 3.2 控制器获取用户 ID
 
 ```typescript
 /**
@@ -105,7 +105,7 @@ function getUserId(request: FastifyRequest): string {
   return userId;
 }
 
-// <EFBFBD>冽綉<EFBFBD>嗅膥<EFBFBD>寞<EFBFBD>銝凋蝙<EFBFBD>?
+// 在控制器方法中使用
 async function myHandler(request: FastifyRequest, reply: FastifyReply) {
   const userId = getUserId(request);
   // ... 使用 userId
@@ -117,7 +117,7 @@ async function myHandler(request: FastifyRequest, reply: FastifyReply) {
 ```typescript
 interface DecodedToken {
   userId: string;      // 用户ID
-  phone: string;       // <EFBFBD>𧢲㦤<EFBFBD>?
+  phone: string;       // 手机号
   role: string;        // 角色
   tenantId: string;    // 租户ID
   tenantCode?: string; // 租户Code
@@ -126,69 +126,68 @@ interface DecodedToken {
 }
 ```
 
-## 4. 璉<EFBFBD><EFBFBD>交<EFBFBD><EFBFBD>?
+## 4. 检查清单
 
-### 4.1 <EFBFBD>唳芋<EFBFBD>堒<EFBFBD><EFBFBD>烐<EFBFBD><EFBFBD>交<EFBFBD><EFBFBD>?
+### 4.1 新模块开发检查清单
 
 - [ ] **前端 API 文件**
-  - [ ] 雿輻鍂 `apiClient` <EFBFBD>𡝗溶<EFBFBD>?`getAuthHeaders()`
-  - [ ] <EFBFBD><EFBFBD>辣銝𠹺<EFBFBD><EFBFBD>閧𡠺憭<EFBFBD><EFBFBD>嚗<EFBFBD><EFBFBD>霈曄蔭 Content-Type嚗?
+  - [ ] 使用 `apiClient` 或添加 `getAuthHeaders()`
+  - [ ] 文件上传单独处理（不设置 Content-Type）
   - [ ] 导出函数不包含测试用 userId 参数
 
 - [ ] **后端路由文件**
-  - [ ] 撖澆<EFBFBD> `authenticate` 銝剝𡢿隞?
+  - [ ] 导入 `authenticate` 中间件
   - [ ] 所有需要认证的路由添加 `preHandler: [authenticate]`
-  - [ ] <EFBFBD>砍<EFBFBD> API嚗<EFBFBD><EFBFBD>璅⊥踎<EFBFBD>𡑒”嚗匧虾銝齿溶<EFBFBD>㰘恕霂?
+  - [ ] 公开 API（如模板列表）可不添加认证
 
-- [ ] **<EFBFBD>𡒊垢<EFBFBD>批<EFBFBD><EFBFBD>冽<EFBFBD>隞?*
+- [ ] **后端控制器文件**
   - [ ] 添加 `getUserId()` 辅助函数
-  - [ ] 蝘駁膄<EFBFBD><EFBFBD><EFBFBD>?`MOCK_USER_ID` <EFBFBD>𣇉′蝻𣇉<EFBFBD>暺䁅恕<EFBFBD>?
+  - [ ] 移除所有 `MOCK_USER_ID` 或硬编码默认值
   - [ ] 使用 `getUserId(request)` 获取用户 ID
 
-### 4.2 撌脣<EFBFBD><EFBFBD>鞉芋<EFBFBD>㛖𠶖<EFBFBD>?
+### 4.2 已完成模块状态
 
-| 璅∪<EFBFBD> | <20>滨垢 API | <20>𡒊垢頝舐眏 | <20>𡒊垢<F0A1928A>批<EFBFBD><E689B9>?| <20>嗆<EFBFBD>?|
+| 模块 | 前端 API | 后端路由 | 后端控制器 | 状态 |
 |------|---------|---------|-----------|------|
-| RVW | <EFBFBD>?apiClient | <EFBFBD>?authenticate | <EFBFBD>?getUserId | <EFBFBD>?|
-| PKB | <EFBFBD>?<3F>行⏛<E8A18C>?| <20>?authenticate | <EFBFBD>?getUserId | <EFBFBD>?|
-| ASL | <EFBFBD>?getAuthHeaders | <EFBFBD>?authenticate | <EFBFBD>?getUserId | <EFBFBD>?|
-| DC Tool B | <EFBFBD>?getAuthHeaders | <EFBFBD>?authenticate | <EFBFBD>?getUserId | <EFBFBD>?|
-| DC Tool C | <EFBFBD>?apiClient | <EFBFBD>?authenticate | <EFBFBD>?getUserId | <EFBFBD>?|
-| IIT | N/A (隡<EFBFBD><EFBFBD>敺桐縑) | N/A | <EFBFBD>?隡<><E99AA1>敺桐縑userId | <EFBFBD>?|
-| Prompt蝞∠<EFBFBD> | <EFBFBD>?getAuthHeaders | <EFBFBD>?authenticate | <EFBFBD>?getUserId | <EFBFBD>?|
+| RVW | ✅ apiClient | ✅ authenticate | ✅ getUserId | ✅ |
+| PKB | ✅ 拦截器 | ✅ authenticate | ✅ getUserId | ✅ |
+| ASL | ✅ getAuthHeaders | ✅ authenticate | ✅ getUserId | ✅ |
+| DC Tool B | ✅ getAuthHeaders | ✅ authenticate | ✅ getUserId | ✅ |
+| DC Tool C | ✅ apiClient | ✅ authenticate | ✅ getUserId | ✅ |
+| IIT | N/A (企业微信) | N/A | ✅ 企业微信userId | ✅ |
+| Prompt管理 | ✅ getAuthHeaders | ✅ authenticate | ✅ getUserId | ✅ |
 
-## 5. 撣貉<EFBFBD><EFBFBD>躰秤<EFBFBD>諹圾<EFBFBD>單䲮獢?
+## 5. 常见错误和解决方案
 
 ### 5.1 401 Unauthorized
 
-**<EFBFBD>笔<EFBFBD>**: <EFBFBD>滨垢瘝⊥<EFBFBD><EFBFBD>箏蒂 JWT Token <EFBFBD>?Token 餈<EFBFBD><EFBFBD>
+**原因**: 前端没有携带 JWT Token 或 Token 过期
 
 **解决**: 
-1. 璉<EFBFBD><EFBFBD>亙<EFBFBD>蝡?API <20>臬炏雿輻鍂 `apiClient` <EFBFBD>?`getAuthHeaders()`
-2. 璉<EFBFBD><EFBFBD>?localStorage 銝剜糓<EFBFBD>行<EFBFBD> `accessToken`
+1. 检查前端 API 是否使用 `apiClient` 或 `getAuthHeaders()`
+2. 检查 localStorage 中是否有 `accessToken`
 3. 如果 Token 过期，尝试刷新或重新登录
 
 ### 5.2 User not authenticated
 
-**<EFBFBD>笔<EFBFBD>**: <EFBFBD>𡒊垢頝舐眏瘝⊥<EFBFBD>瘛餃<EFBFBD> `authenticate` 銝剝𡢿隞?
+**原因**: 后端路由没有添加 `authenticate` 中间件
 
 **解决**: 在路由定义中添加 `preHandler: [authenticate]`
 
 ### 5.3 TypeError: Cannot read property 'userId' of undefined
 
-**<EFBFBD>笔<EFBFBD>**: 雿輻鍂鈭<EFBFBD><EFBFBD>霂舐<EFBFBD>撅墧<EFBFBD>批<EFBFBD>嚗Ǒrequest.user.id` <20>屸<EFBFBD> `request.user.userId`嚗?
+**原因**: 使用了错误的属性名（`request.user.id` 而非 `request.user.userId`）
 
 **解决**: 使用 `(request as any).user?.userId`
 
-## 6. <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>隞?
+## 6. 参考文件
 
 - 前端 axios 实例: `frontend-v2/src/common/api/axios.ts`
 - 前端 Token 管理: `frontend-v2/src/framework/auth/api.ts`
-- <20>𡒊垢霈方<E99C88>銝剝𡢿隞? `backend/src/common/auth/auth.middleware.ts`
+- 后端认证中间件: `backend/src/common/auth/auth.middleware.ts`
 - 后端 JWT 服务: `backend/src/common/auth/jwt.service.ts`
 
 
 
 
 
-