fix: harden auth flows and align api contracts

internal/api/handler/handler_test.go

@@ -120,6 +120,8 @@ func setupHandlerTestServer(t *testing.T) (*httptest.Server, func()) {
 	opLogSvc := service.NewOperationLogService(opLogRepo)
 	webhookSvc := service.NewWebhookService(db)
 	captchaSvc := service.NewCaptchaService(cacheManager)
+	exportSvc := service.NewExportService(userRepo, roleRepo)
+
 	totpSvc := service.NewTOTPService(userRepo)
 	pwdResetCfg := service.DefaultPasswordResetConfig()
 	pwdResetSvc := service.NewPasswordResetService(userRepo, cacheManager, pwdResetCfg).
@@ -128,6 +130,15 @@ func setupHandlerTestServer(t *testing.T) (*httptest.Server, func()) {
 	themeSvc := service.NewThemeService(themeRepo)
 	avatarH := handler.NewAvatarHandler(userRepo)
 
+	ssoManager := auth.NewSSOManager()
+	ssoClientsStore := auth.NewDefaultSSOClientsStore()
+	ssoClientsStore.RegisterClient(&auth.SSOClient{
+		ClientID:     "test-client",
+		ClientSecret: "test-secret",
+		Name:         "Handler Test Client",
+		RedirectURIs: []string{"http://localhost/callback"},
+	})
+	ssoH := handler.NewSSOHandler(ssoManager, ssoClientsStore)
 	rateLimitCfg := config.RateLimitConfig{}
 	rateLimitMiddleware := middleware.NewRateLimitMiddleware(rateLimitCfg)
 	authMiddleware := middleware.NewAuthMiddleware(
@@ -147,12 +158,13 @@ func setupHandlerTestServer(t *testing.T) (*httptest.Server, func()) {
 	totpHandler := handler.NewTOTPHandler(authSvc, totpSvc)
 	pwdResetHandler := handler.NewPasswordResetHandler(pwdResetSvc)
 	themeHandler := handler.NewThemeHandler(themeSvc)
+	exportHandler := handler.NewExportHandler(exportSvc)
 
 	r := router.NewRouter(
 		authHandler, userHandler, roleHandler, permHandler, deviceHandler,
 		logHandler, authMiddleware, rateLimitMiddleware, opLogMiddleware,
 		pwdResetHandler, captchaHandler, totpHandler, webhookHandler,
-		nil, nil, nil, nil, nil, themeHandler, nil, nil, nil, avatarH,
+		nil, exportHandler, nil, nil, nil, themeHandler, ssoH, nil, nil, avatarH,
 	)
 	engine := r.Setup()