fix: close auth, permission, contract and e2e review blockers

internal/api/handler/avatar_handler.go

@@ -13,6 +13,7 @@ import (
 
 	"github.com/gin-gonic/gin"
 
+	apimiddleware "github.com/user-management-system/internal/api/middleware"
 	"github.com/user-management-system/internal/domain"
 )
 
@@ -33,10 +34,12 @@ func NewAvatarHandler(userRepo avatarUserRepository) *AvatarHandler {
 }
 
 // generateSecureToken generates a secure random token
-func generateSecureToken(length int) string {
+func generateSecureToken(length int) (string, error) {
 	bytes := make([]byte, length)
-	rand.Read(bytes)
-	return hex.EncodeToString(bytes)[:length]
+	if _, err := rand.Read(bytes); err != nil {
+		return "", err
+	}
+	return hex.EncodeToString(bytes)[:length], nil
 }
 
 // UploadAvatar 上传用户头像
@@ -70,17 +73,7 @@ func (h *AvatarHandler) UploadAvatar(c *gin.Context) {
 	}
 
 	// Check permission: user can only update their own avatar, or admin can update any
-	isAdmin := false
-	if roles, ok := c.Get("user_roles"); ok {
-		for _, role := range roles.([]*domain.Role) {
-			if role.Code == "admin" {
-				isAdmin = true
-				break
-			}
-		}
-	}
-
-	if currentUserID != userID && !isAdmin {
+	if currentUserID != userID && !apimiddleware.IsAdmin(c) {
 		c.JSON(http.StatusForbidden, gin.H{"code": 403, "message": "permission denied"})
 		return
 	}
@@ -140,7 +133,12 @@ func (h *AvatarHandler) UploadAvatar(c *gin.Context) {
 	}
 
 	// Generate unique filename
-	avatarFilename := fmt.Sprintf("avatar_%d_%s%s", userID, generateSecureToken(8), ext)
+	token, err := generateSecureToken(8)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"code": 500, "message": "failed to generate avatar token"})
+		return
+	}
+	avatarFilename := fmt.Sprintf("avatar_%d_%s%s", userID, token, ext)
 	uploadDir := "./uploads/avatars"
 
 	// Create upload directory if not exists