Clean backend debug logging and standardize error reporting.

This removes verbose trace output in handlers/services and keeps only actionable error-level logs.

internal/middleware/auth.go

@@ -1,7 +1,6 @@
 package middleware
 
 import (
-	"fmt"
 	"strings"
 
 	"github.com/gin-gonic/gin"
@@ -14,10 +13,8 @@ import (
 func Auth(jwtService *service.JWTService) gin.HandlerFunc {
 	return func(c *gin.Context) {
 		authHeader := c.GetHeader("Authorization")
-		fmt.Printf("[DEBUG] Auth middleware: Authorization header = %q\n", authHeader)
 
 		if authHeader == "" {
-			fmt.Printf("[DEBUG] Auth middleware: no Authorization header, returning 401\n")
 			response.Unauthorized(c, "authorization header is required")
 			c.Abort()
 			return
@@ -26,26 +23,21 @@ func Auth(jwtService *service.JWTService) gin.HandlerFunc {
 		// 提取Token
 		parts := strings.SplitN(authHeader, " ", 2)
 		if len(parts) != 2 || parts[0] != "Bearer" {
-			fmt.Printf("[DEBUG] Auth middleware: invalid Authorization header format\n")
 			response.Unauthorized(c, "invalid authorization header format")
 			c.Abort()
 			return
 		}
 
 		token := parts[1]
-		fmt.Printf("[DEBUG] Auth middleware: token = %q\n", token[:min(20, len(token))]+"...")
 
 		// 验证Token
 		claims, err := jwtService.ParseToken(token)
 		if err != nil {
-			fmt.Printf("[DEBUG] Auth middleware: failed to parse token: %v\n", err)
 			response.Unauthorized(c, "invalid token")
 			c.Abort()
 			return
 		}
 
-		fmt.Printf("[DEBUG] Auth middleware: parsed claims, user_id = %q, username = %q\n", claims.UserID, claims.Username)
-
 		// 将用户信息存入上下文
 		c.Set("user_id", claims.UserID)
 		c.Set("username", claims.Username)
@@ -54,13 +46,6 @@ func Auth(jwtService *service.JWTService) gin.HandlerFunc {
 	}
 }
 
-func min(a, b int) int {
-	if a < b {
-		return a
-	}
-	return b
-}
-
 // OptionalAuth 可选认证中间件
 func OptionalAuth(jwtService *service.JWTService) gin.HandlerFunc {
 	return func(c *gin.Context) {