fix: harden auth flows and align api contracts

internal/api/handler/custom_field_handler.go

@@ -27,10 +27,10 @@ func NewCustomFieldHandler(customFieldService *service.CustomFieldService) *Cust
 // @Produce json
 // @Security BearerAuth
 // @Param request body service.CreateFieldRequest true "字段定义"
-// @Success 201 {object} Response{data=domain.CustomField} "创建成功"
+// @Success 201 {object} Response{data=SwaggerCustomField} "创建成功"
 // @Failure 400 {object} Response "请求参数错误"
 // @Failure 403 {object} Response "无权限"
-// @Router /api/v1/fields [post]
+// @Router /api/v1/custom-fields [post]
 func (h *CustomFieldHandler) CreateField(c *gin.Context) {
 	var req service.CreateFieldRequest
 	if err := c.ShouldBindJSON(&req); err != nil {
@@ -60,11 +60,11 @@ func (h *CustomFieldHandler) CreateField(c *gin.Context) {
 // @Security BearerAuth
 // @Param id path int true "字段ID"
 // @Param request body service.UpdateFieldRequest true "更新信息"
-// @Success 200 {object} Response{data=domain.CustomField} "更新成功"
+// @Success 200 {object} Response{data=SwaggerCustomField} "更新成功"
 // @Failure 400 {object} Response "请求参数错误"
 // @Failure 403 {object} Response "无权限"
 // @Failure 404 {object} Response "字段不存在"
-// @Router /api/v1/fields/{id} [put]
+// @Router /api/v1/custom-fields/{id} [put]
 func (h *CustomFieldHandler) UpdateField(c *gin.Context) {
 	id, err := strconv.ParseInt(c.Param("id"), 10, 64)
 	if err != nil {
@@ -101,7 +101,7 @@ func (h *CustomFieldHandler) UpdateField(c *gin.Context) {
 // @Success 200 {object} Response "删除成功"
 // @Failure 403 {object} Response "无权限"
 // @Failure 404 {object} Response "字段不存在"
-// @Router /api/v1/fields/{id} [delete]
+// @Router /api/v1/custom-fields/{id} [delete]
 func (h *CustomFieldHandler) DeleteField(c *gin.Context) {
 	id, err := strconv.ParseInt(c.Param("id"), 10, 64)
 	if err != nil {
@@ -127,9 +127,9 @@ func (h *CustomFieldHandler) DeleteField(c *gin.Context) {
 // @Produce json
 // @Security BearerAuth
 // @Param id path int true "字段ID"
-// @Success 200 {object} Response{data=domain.CustomField} "字段信息"
+// @Success 200 {object} Response{data=SwaggerCustomField} "字段信息"
 // @Failure 404 {object} Response "字段不存在"
-// @Router /api/v1/fields/{id} [get]
+// @Router /api/v1/custom-fields/{id} [get]
 func (h *CustomFieldHandler) GetField(c *gin.Context) {
 	id, err := strconv.ParseInt(c.Param("id"), 10, 64)
 	if err != nil {
@@ -156,8 +156,8 @@ func (h *CustomFieldHandler) GetField(c *gin.Context) {
 // @Tags 自定义字段
 // @Produce json
 // @Security BearerAuth
-// @Success 200 {object} Response{data=[]domain.CustomField} "字段列表"
-// @Router /api/v1/fields [get]
+// @Success 200 {object} Response{data=[]SwaggerCustomField} "字段列表"
+// @Router /api/v1/custom-fields [get]
 func (h *CustomFieldHandler) ListFields(c *gin.Context) {
 	fields, err := h.customFieldService.ListFields(c.Request.Context())
 	if err != nil {
@@ -183,7 +183,7 @@ func (h *CustomFieldHandler) ListFields(c *gin.Context) {
 // @Success 200 {object} Response "设置成功"
 // @Failure 400 {object} Response "请求参数错误"
 // @Failure 401 {object} Response "未认证"
-// @Router /api/v1/users/me/fields [put]
+// @Router /api/v1/users/me/custom-fields [put]
 func (h *CustomFieldHandler) SetUserFieldValues(c *gin.Context) {
 	userID, ok := getUserIDFromContext(c)
 	if !ok {
@@ -217,9 +217,9 @@ func (h *CustomFieldHandler) SetUserFieldValues(c *gin.Context) {
 // @Tags 自定义字段
 // @Produce json
 // @Security BearerAuth
-// @Success 200 {object} Response{data=map} "字段值"
+// @Success 200 {object} Response{data=CustomFieldValuesResponse} "字段值"
 // @Failure 401 {object} Response "未认证"
-// @Router /api/v1/users/me/fields [get]
+// @Router /api/v1/users/me/custom-fields [get]
 func (h *CustomFieldHandler) GetUserFieldValues(c *gin.Context) {
 	userID, ok := getUserIDFromContext(c)
 	if !ok {