feat: Go 重写后端，替换 Python FastAPI

用 Go (Gin + GORM + SQLite) 重写整个后端：
- 单二进制部署，不依赖 Python/pip/SDK
- net/http 原生客户端，无 Cloudflare TLS 指纹问题
- 多阶段 Dockerfile：Node 构建前端 + Go 构建后端 + Alpine 运行
- 内存占用从 ~95MB 降至 ~3MB
- 完整保留所有 API 路由、JWT 认证、API Key 权限、审计日志

handlers/auth.go

@@ -0,0 +1,67 @@
+package handlers
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	"golang.org/x/crypto/bcrypt"
+
+	"airwallex-admin/config"
+	"airwallex-admin/middleware"
+	"airwallex-admin/models"
+)
+
+type loginRequest struct {
+	Username string `json:"username" binding:"required"`
+	Password string `json:"password" binding:"required"`
+}
+
+func Login(c *gin.Context) {
+	var req loginRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusUnauthorized, gin.H{"detail": "Invalid request body"})
+		return
+	}
+
+	if req.Username != config.Cfg.AdminUsername {
+		c.JSON(http.StatusUnauthorized, gin.H{"detail": "Invalid username or password"})
+		return
+	}
+
+	passwordHash := models.GetSetting(models.DB, "admin_password_hash")
+	if passwordHash == "" {
+		c.JSON(http.StatusUnauthorized, gin.H{"detail": "Invalid username or password"})
+		return
+	}
+
+	if err := bcrypt.CompareHashAndPassword([]byte(passwordHash), []byte(req.Password)); err != nil {
+		c.JSON(http.StatusUnauthorized, gin.H{"detail": "Invalid username or password"})
+		return
+	}
+
+	token, err := middleware.GenerateToken(req.Username)
+	if err != nil {
+		c.JSON(http.StatusInternalServerError, gin.H{"detail": "Failed to generate token"})
+		return
+	}
+
+	// Create audit log
+	models.DB.Create(&models.AuditLog{
+		Action:       "login",
+		ResourceType: "auth",
+		Operator:     req.Username,
+		IPAddress:    c.ClientIP(),
+	})
+
+	c.JSON(http.StatusOK, gin.H{
+		"access_token": token,
+		"token_type":   "bearer",
+	})
+}
+
+func GetMe(c *gin.Context) {
+	username, _ := c.Get("username")
+	c.JSON(http.StatusOK, gin.H{
+		"username": username,
+	})
+}