feat: Go 重写后端，替换 Python FastAPI

用 Go (Gin + GORM + SQLite) 重写整个后端：
- 单二进制部署，不依赖 Python/pip/SDK
- net/http 原生客户端，无 Cloudflare TLS 指纹问题
- 多阶段 Dockerfile：Node 构建前端 + Go 构建后端 + Alpine 运行
- 内存占用从 ~95MB 降至 ~3MB
- 完整保留所有 API 路由、JWT 认证、API Key 权限、审计日志

models/api_token.go

@@ -0,0 +1,14 @@
+package models
+
+import "time"
+
+type ApiToken struct {
+	ID          uint       `json:"id" gorm:"primaryKey;autoIncrement"`
+	Name        string     `json:"name" gorm:"type:varchar(255);not null"`
+	Token       string     `json:"-" gorm:"type:varchar(512);uniqueIndex:ix_api_tokens_token;not null"`
+	Permissions string     `json:"permissions" gorm:"type:text;not null"`
+	IsActive    bool       `json:"is_active" gorm:"not null"`
+	CreatedAt   time.Time  `json:"created_at" gorm:"not null;autoCreateTime"`
+	ExpiresAt   *time.Time `json:"expires_at"`
+	LastUsedAt  *time.Time `json:"last_used_at"`
+}

models/audit_log.go

@@ -0,0 +1,14 @@
+package models
+
+import "time"
+
+type AuditLog struct {
+	ID           uint      `json:"id" gorm:"primaryKey;autoIncrement"`
+	Action       string    `json:"action" gorm:"type:varchar(100);not null"`
+	ResourceType string    `json:"resource_type" gorm:"type:varchar(100);not null"`
+	ResourceID   string    `json:"resource_id" gorm:"type:varchar(255)"`
+	Operator     string    `json:"operator" gorm:"type:varchar(255);not null"`
+	IPAddress    string    `json:"ip_address" gorm:"type:varchar(45)"`
+	Details      string    `json:"details" gorm:"type:text"`
+	CreatedAt    time.Time `json:"created_at" gorm:"not null;autoCreateTime"`
+}

models/card_log.go

@@ -0,0 +1,15 @@
+package models
+
+import "time"
+
+type CardLog struct {
+	ID           uint      `json:"id" gorm:"primaryKey;autoIncrement"`
+	CardID       string    `json:"card_id" gorm:"type:varchar(255)"`
+	CardholderID string    `json:"cardholder_id" gorm:"type:varchar(255)"`
+	Action       string    `json:"action" gorm:"type:varchar(100);not null"`
+	Status       string    `json:"status" gorm:"type:varchar(50);not null"`
+	Operator     string    `json:"operator" gorm:"type:varchar(255);not null"`
+	RequestData  string    `json:"request_data" gorm:"type:text"`
+	ResponseData string    `json:"response_data" gorm:"type:text"`
+	CreatedAt    time.Time `json:"created_at" gorm:"not null;autoCreateTime"`
+}

models/db.go

@@ -0,0 +1,46 @@
+package models
+
+import (
+	"log"
+	"os"
+	"path/filepath"
+
+	"airwallex-admin/config"
+
+	"github.com/glebarez/sqlite"
+	"gorm.io/gorm"
+)
+
+var DB *gorm.DB
+
+func InitDB() *gorm.DB {
+	dbPath := config.Cfg.DatabaseURL
+
+	// Ensure the directory exists
+	dir := filepath.Dir(dbPath)
+	if dir != "." && dir != "" {
+		if err := os.MkdirAll(dir, 0755); err != nil {
+			log.Fatalf("failed to create database directory: %v", err)
+		}
+	}
+
+	db, err := gorm.Open(sqlite.Open(dbPath), &gorm.Config{})
+	if err != nil {
+		log.Fatalf("failed to connect to database: %v", err)
+	}
+
+	// Create tables only if they don't exist (skip AutoMigrate to avoid
+	// SQLite ALTER TABLE issues with existing Python-created schemas)
+	migrator := db.Migrator()
+	models := []interface{}{&SystemSetting{}, &ApiToken{}, &CardLog{}, &AuditLog{}}
+	for _, model := range models {
+		if !migrator.HasTable(model) {
+			if err := migrator.CreateTable(model); err != nil {
+				log.Fatalf("failed to create table: %v", err)
+			}
+		}
+	}
+
+	DB = db
+	return db
+}

models/init.go

@@ -0,0 +1,40 @@
+package models
+
+import (
+	"log"
+	"os"
+
+	"airwallex-admin/config"
+
+	"golang.org/x/crypto/bcrypt"
+	"gorm.io/gorm"
+)
+
+func InitializeDefaults(db *gorm.DB) {
+	// Set admin password hash if not already set
+	if GetSetting(db, "admin_password_hash") == "" {
+		hash, err := bcrypt.GenerateFromPassword([]byte(config.Cfg.AdminPassword), bcrypt.DefaultCost)
+		if err != nil {
+			log.Fatalf("failed to hash admin password: %v", err)
+		}
+		SetSetting(db, "admin_password_hash", string(hash), false)
+	}
+
+	// Set default daily card limit
+	if GetSetting(db, "daily_card_limit") == "" {
+		SetSetting(db, "daily_card_limit", "100", false)
+	}
+
+	// Store Airwallex credentials from environment if not already set
+	envSettings := map[string]string{
+		"airwallex_client_id": os.Getenv("AIRWALLEX_CLIENT_ID"),
+		"airwallex_api_key":   os.Getenv("AIRWALLEX_API_KEY"),
+		"airwallex_base_url":  os.Getenv("AIRWALLEX_BASE_URL"),
+	}
+
+	for key, value := range envSettings {
+		if value != "" && GetSetting(db, key) == "" {
+			SetSetting(db, key, value, key != "airwallex_base_url")
+		}
+	}
+}

models/system_setting.go

@@ -0,0 +1,37 @@
+package models
+
+import (
+	"time"
+
+	"gorm.io/gorm"
+	"gorm.io/gorm/clause"
+)
+
+type SystemSetting struct {
+	ID        uint      `json:"id" gorm:"primaryKey;autoIncrement"`
+	Key       string    `json:"key" gorm:"column:key;type:varchar(255);uniqueIndex:ix_system_settings_key;not null"`
+	Value     string    `json:"value" gorm:"type:text;not null"`
+	Encrypted bool      `json:"encrypted" gorm:"not null"`
+	UpdatedAt time.Time `json:"updated_at" gorm:"not null;autoUpdateTime"`
+}
+
+func GetSetting(db *gorm.DB, key string) string {
+	var setting SystemSetting
+	result := db.Where("`key` = ?", key).First(&setting)
+	if result.Error != nil {
+		return ""
+	}
+	return setting.Value
+}
+
+func SetSetting(db *gorm.DB, key, value string, encrypted bool) {
+	setting := SystemSetting{
+		Key:       key,
+		Value:     value,
+		Encrypted: encrypted,
+	}
+	db.Clauses(clause.OnConflict{
+		Columns:   []clause.Column{{Name: "key"}},
+		DoUpdates: clause.AssignmentColumns([]string{"value", "encrypted", "updated_at"}),
+	}).Create(&setting)
+}