fix: harden auth flows and align api contracts

internal/api/handler/device_handler.go

@@ -31,7 +31,7 @@ func NewDeviceHandler(deviceService *service.DeviceService) *DeviceHandler {
 // @Produce json
 // @Security BearerAuth
 // @Param request body service.CreateDeviceRequest true "设备信息"
-// @Success 201 {object} Response{data=domain.Device} "设备创建成功"
+// @Success 201 {object} Response{data=SwaggerDevice} "设备创建成功"
 // @Failure 401 {object} Response "未认证"
 // @Router /api/v1/devices [post]
 func (h *DeviceHandler) CreateDevice(c *gin.Context) {
@@ -109,7 +109,7 @@ func (h *DeviceHandler) GetMyDevices(c *gin.Context) {
 // @Produce json
 // @Security BearerAuth
 // @Param id path int true "设备ID"
-// @Success 200 {object} Response{data=domain.Device} "设备信息"
+// @Success 200 {object} Response{data=SwaggerDevice} "设备信息"
 // @Failure 404 {object} Response "设备不存在"
 // @Router /api/v1/devices/{id} [get]
 func (h *DeviceHandler) GetDevice(c *gin.Context) {
@@ -140,7 +140,7 @@ func (h *DeviceHandler) GetDevice(c *gin.Context) {
 // @Security BearerAuth
 // @Param id path int true "设备ID"
 // @Param request body service.UpdateDeviceRequest true "更新信息"
-// @Success 200 {object} Response{data=domain.Device} "更新成功"
+// @Success 200 {object} Response{data=SwaggerDevice} "更新成功"
 // @Failure 400 {object} Response "请求参数错误"
 // @Failure 404 {object} Response "设备不存在"
 // @Router /api/v1/devices/{id} [put]
@@ -245,6 +245,7 @@ func (h *DeviceHandler) UpdateDeviceStatus(c *gin.Context) {
 		status = domain.DeviceStatusActive
 	case "inactive", "0":
 		status = domain.DeviceStatusInactive
+
 	default:
 		c.JSON(http.StatusBadRequest, gin.H{"code": 400, "message": "invalid status"})
 		return
@@ -272,7 +273,7 @@ func (h *DeviceHandler) UpdateDeviceStatus(c *gin.Context) {
 // @Param page_size query int false "每页数量"
 // @Success 200 {object} Response{data=DeviceListResponse} "设备列表"
 // @Failure 403 {object} Response "无权限"
-// @Router /api/v1/users/{id}/devices [get]
+// @Router /api/v1/devices/users/{id} [get]
 func (h *DeviceHandler) GetUserDevices(c *gin.Context) {
 	// IDOR 修复：检查当前用户是否有权限查看指定用户的设备
 	currentUserID, ok := getUserIDFromContext(c)
@@ -430,7 +431,7 @@ func (h *DeviceHandler) TrustDevice(c *gin.Context) {
 // @Param request body TrustDeviceRequest true "信任配置"
 // @Success 200 {object} Response "设置成功"
 // @Failure 401 {object} Response "未认证"
-// @Router /api/v1/devices/trust/{deviceId} [post]
+// @Router /api/v1/devices/by-device-id/{deviceId}/trust [post]
 func (h *DeviceHandler) TrustDeviceByDeviceID(c *gin.Context) {
 	userID, ok := getUserIDFromContext(c)
 	if !ok {
@@ -502,9 +503,9 @@ func (h *DeviceHandler) UntrustDevice(c *gin.Context) {
 // @Tags 设备管理
 // @Produce json
 // @Security BearerAuth
-// @Success 200 {object} Response{data=[]domain.Device} "信任设备列表"
+// @Success 200 {object} Response{data=[]SwaggerDevice} "信任设备列表"
 // @Failure 401 {object} Response "未认证"
-// @Router /api/v1/devices/trusted [get]
+// @Router /api/v1/devices/me/trusted [get]
 func (h *DeviceHandler) GetMyTrustedDevices(c *gin.Context) {
 	userID, ok := getUserIDFromContext(c)
 	if !ok {
@@ -535,7 +536,7 @@ func (h *DeviceHandler) GetMyTrustedDevices(c *gin.Context) {
 // @Success 200 {object} Response "登出成功"
 // @Failure 400 {object} Response "无效的设备ID"
 // @Failure 401 {object} Response "未认证"
-// @Router /api/v1/devices/logout-others [post]
+// @Router /api/v1/devices/me/logout-others [post]
 func (h *DeviceHandler) LogoutAllOtherDevices(c *gin.Context) {
 	userID, ok := getUserIDFromContext(c)
 	if !ok {