feat(auth): upgrade casbin to v3 and enhance connection pool configurations

- Upgrade casbin from v2 to v3 across go.mod and pkg/auth/casbin.go
- Add slide captcha verification to registration flow (CheckVerified, ConsumeVerified)
- Add DB wrapper with connection pool statistics and health checks
- Add Redis connection pool optimizations with stats and health monitoring
- Add new config options: ConnMaxLifetime, HealthCheckInterval, EnableRetryOnError
- Optimize slow query threshold from 200ms to 100ms
- Add ping with retry mechanism for database and Redis connections

internal/handler/auth_handler.go

@@ -41,9 +41,23 @@ func (h *AuthHandler) Register(c *gin.Context) {
 		return
 	}
 
+	// 验证滑动验证码（检查是否已验证）
+	if ok, err := h.container.CaptchaService.CheckVerified(c.Request.Context(), req.CaptchaID); err != nil || !ok {
+		h.logger.Warn("滑动验证码验证失败", zap.String("captcha_id", req.CaptchaID), zap.Error(err))
+		RespondBadRequest(c, "滑动验证码验证失败", nil)
+		return
+	}
+
+	// 使用 defer 确保验证码在函数返回前被消耗（不管成功还是失败）
+	defer func() {
+		if err := h.container.CaptchaService.ConsumeVerified(c.Request.Context(), req.CaptchaID); err != nil {
+			h.logger.Warn("消耗验证码失败", zap.String("captcha_id", req.CaptchaID), zap.Error(err))
+		}
+	}()
+
 	// 验证邮箱验证码
 	if err := h.container.VerificationService.VerifyCode(c.Request.Context(), req.Email, req.VerificationCode, service.VerificationTypeRegister); err != nil {
-		h.logger.Warn("验证码验证失败", zap.String("email", req.Email), zap.Error(err))
+		h.logger.Warn("邮箱验证码验证失败", zap.String("email", req.Email), zap.Error(err))
 		RespondBadRequest(c, err.Error(), nil)
 		return
 	}