fix(api): 改进认证错误返回及添加分销商查询过滤

- 优化认证中间件，支持根据HTTP状态码和业务code判断认证状态
- 返回更详细的业务错误码和消息，默认消息为“认证失败”
- 添加响应头Content-Type为application/json，确保响应格式正确
- 在分销商列表查询中新增creator参数支持
- 支持从请求上下文获取创建者ID列表，结合参数动态构建SQL过滤条件
- 使用OR连接creator参数和上下文创建者ID的过滤条件
- 增加搜索功能，对分销商ID和名称支持模糊查询
- 查询结果默认排序并限制最大返回数量

server/internal/api/middleware.go

@@ -138,10 +138,18 @@ func withAuth(apiDomain string) func(http.Handler) http.Handler {
 				return
 			}
 
-			// 检查认证是否成功
+			// 检查认证是否成功（支持 HTTP 状态码和业务 code）
-			if authResp.Code != 200 {
+			if resp.StatusCode != http.StatusOK || authResp.Code != 200 {
-				errorMsg := fmt.Sprintf("{\"code\":%d,\"message\":\"%s\",\"data\":null}", authResp.Code, authResp.Message)
+				// 优先使用业务返回的错误信息
-				http.Error(w, errorMsg, http.StatusUnauthorized)
+				errorMsg := authResp.Message
+				if errorMsg == "" {
+					errorMsg = "认证失败"
+				}
+				// 返回原始的业务错误码和消息
+				responseBody := fmt.Sprintf("{\"code\":%d,\"message\":\"%s\",\"data\":null}", authResp.Code, errorMsg)
+				w.Header().Set("Content-Type", "application/json")
+				w.WriteHeader(http.StatusUnauthorized)
+				w.Write([]byte(responseBody))
 				return
 			}
 

server/internal/api/resellers.go

@@ -2,6 +2,7 @@ package api
 
 import (
 	"database/sql"
+	"fmt"
 	"net/http"
 	"strconv"
 	"strings"
@@ -25,6 +26,7 @@ func ResellersHandler(resellerDB *sql.DB) http.Handler {
 
 func (a *ResellersAPI) list(w http.ResponseWriter, r *http.Request) {
 	q := r.URL.Query().Get("q")
+	creatorParam := r.URL.Query().Get("creator")
 	limitStr := r.URL.Query().Get("limit")
 	limit := 2000
 	if limitStr != "" {
@@ -32,16 +34,58 @@ func (a *ResellersAPI) list(w http.ResponseWriter, r *http.Request) {
 			limit = n
 		}
 	}
-	// 不再过滤 creator，返回所有分销商
+
+	// 从 context 中获取创建者 ID 列表
+	creatorIDs := CreatorIDsFrom(r)
+
+	// 构建 SQL 查询
 	sql1 := "SELECT id, COALESCE(name,'') AS name FROM reseller"
 	args := []interface{}{}
+	whereClauses := []string{}
+
+	// 构建 creator 过滤条件（URL 参数 OR context 中的创建者 ID）
+	if creatorParam != "" || len(creatorIDs) > 0 {
+		creatorConditions := []string{}
+
+		// 添加 URL 参数的 creator 条件
+		if creatorParam != "" {
+			if creatorID, err := strconv.Atoi(creatorParam); err == nil {
+				creatorConditions = append(creatorConditions, "creator = ?")
+				args = append(args, creatorID)
+			}
+		}
+
+		// 添加 context 中的创建者 ID IN 条件
+		if len(creatorIDs) > 0 {
+			placeholders := []string{}
+			for _, id := range creatorIDs {
+				placeholders = append(placeholders, "?")
+				args = append(args, id)
+			}
+			creatorConditions = append(creatorConditions, fmt.Sprintf("creator IN (%s)", strings.Join(placeholders, ",")))
+		}
+
+		// 使用 OR 连接两个条件
+		if len(creatorConditions) > 0 {
+			whereClauses = append(whereClauses, fmt.Sprintf("(%s)", strings.Join(creatorConditions, " OR ")))
+		}
+	}
+
+	// 添加搜索条件
 	if q != "" {
-		sql1 += " WHERE CAST(id AS CHAR) LIKE ? OR name LIKE ?"
+		whereClauses = append(whereClauses, "(CAST(id AS CHAR) LIKE ? OR name LIKE ?)")
 		like := "%" + q + "%"
 		args = append(args, like, like)
 	}
+
+	// 组装 WHERE 子句
+	if len(whereClauses) > 0 {
+		sql1 += " WHERE " + strings.Join(whereClauses, " AND ")
+	}
+
 	sql1 += " ORDER BY id ASC LIMIT ?"
 	args = append(args, limit)
+
 	rows, err := a.resellerDB.Query(sql1, args...)
 	if err != nil {
 		fail(w, r, http.StatusInternalServerError, err.Error())