fix: P0/P1 security and quality fixes

P0-01: Add ESCAPE clause to LIKE queries in operation_log.go and device.go
P0-02: Add atomic Increment to L1Cache and L2Cache interfaces
P0-07: Add TOTP verification step after password login
P1-01: Sanitize error messages in error.go middleware
P1-03: Remove err.Error() from export error messages
P1-04: Add error return to CountByResultSince in login_log.go
P1-05: Add transactional DeleteCascade to RoleRepository
P1-06: Add PasswordChangedAt tracking for JWT token invalidation
P1-07: Wrap theme SetDefault in database transaction
P1-08: Use config values for database pool parameters
P1-09: Add rows.Err() checks in social_account_repo.go
P1-10: Validate sortOrder with map in user.go ORDER BY
P1-11: Add GORM tags to Announcement struct
P1-15: Add pageSize upper limit (100) to device and log handlers

internal/database/db.go

@@ -59,11 +59,29 @@ func NewDB(cfg *config.Config) (*DB, error) {
 		log.Printf("warn: set busy_timeout failed: %v", err)
 	}
 
-	// 连接池配置：SQLite 本身不支持真正的并发写，但需要控制连接数量
-	sqlDB.SetMaxOpenConns(10)
-	sqlDB.SetMaxIdleConns(5)
-	sqlDB.SetConnMaxLifetime(30 * time.Minute)
-	sqlDB.SetConnMaxIdleTime(10 * time.Minute)
+	// 连接池配置：使用配置文件中的参数
+	maxOpenConns := 10
+	maxIdleConns := 5
+	connMaxLifetime := 30 * time.Minute
+	connMaxIdleTime := 10 * time.Minute
+	if cfg != nil {
+		if cfg.Database.MaxOpenConns > 0 {
+			maxOpenConns = cfg.Database.MaxOpenConns
+		}
+		if cfg.Database.MaxIdleConns > 0 {
+			maxIdleConns = cfg.Database.MaxIdleConns
+		}
+		if cfg.Database.ConnMaxLifetimeMinutes > 0 {
+			connMaxLifetime = time.Duration(cfg.Database.ConnMaxLifetimeMinutes) * time.Minute
+		}
+		if cfg.Database.ConnMaxIdleTimeMinutes > 0 {
+			connMaxIdleTime = time.Duration(cfg.Database.ConnMaxIdleTimeMinutes) * time.Minute
+		}
+	}
+	sqlDB.SetMaxOpenConns(maxOpenConns)
+	sqlDB.SetMaxIdleConns(maxIdleConns)
+	sqlDB.SetConnMaxLifetime(connMaxLifetime)
+	sqlDB.SetConnMaxIdleTime(connMaxIdleTime)
 
 	log.Println("database: SQLite WAL mode enabled, connection pool configured")