更新小程序隐私保护机制，新增手机号一键登录功能，用户需同意隐私协议后方可获取手机号。优化多个页面的登录交互，提升用户体验。调整相关配置以支持新功能。

2026-03-20 13:40:13 +08:00
parent 0bc32deb94
commit 385e47bc55
60 changed files with 2954 additions and 1669 deletions
--- a/soul-api/internal/handler/admin_withdrawals.go
+++ b/soul-api/internal/handler/admin_withdrawals.go
@@ -8,13 +8,66 @@ import (
 	"strconv"
 	"time"

+	"soul-api/internal/cache"
 	"soul-api/internal/database"
 	"soul-api/internal/model"
 	"soul-api/internal/wechat"

 	"github.com/gin-gonic/gin"
+	"gorm.io/gorm"
 )

+// AdminWithdrawalsAutoApproveGet GET /api/admin/withdrawals/auto-approve 获取自动审批开关状态
+func AdminWithdrawalsAutoApproveGet(c *gin.Context) {
+	db := database.DB()
+	enabled := false
+	var refCfg model.SystemConfig
+	if err := db.Where("config_key = ?", "referral_config").First(&refCfg).Error; err == nil {
+		var val map[string]interface{}
+		if err := json.Unmarshal(refCfg.ConfigValue, &val); err == nil {
+			if v, ok := val["enableAutoWithdraw"].(bool); ok {
+				enabled = v
+			}
+		}
+	}
+	c.JSON(http.StatusOK, gin.H{"success": true, "enableAutoApprove": enabled})
+}
+
+// AdminWithdrawalsAutoApprovePut PUT /api/admin/withdrawals/auto-approve 设置自动审批开关
+func AdminWithdrawalsAutoApprovePut(c *gin.Context) {
+	var body struct {
+		EnableAutoApprove bool `json:"enableAutoApprove"`
+	}
+	if err := c.ShouldBindJSON(&body); err != nil {
+		c.JSON(http.StatusOK, gin.H{"success": false, "error": "请求体无效"})
+		return
+	}
+	db := database.DB()
+	var refCfg model.SystemConfig
+	val := map[string]interface{}{
+		"distributorShare": float64(90), "minWithdrawAmount": float64(10), "bindingDays": float64(30),
+		"userDiscount": float64(5), "withdrawFee": float64(5), "enableAutoWithdraw": body.EnableAutoApprove,
+		"vipOrderShareVip": float64(20), "vipOrderShareNonVip": float64(10),
+	}
+	if err := db.Where("config_key = ?", "referral_config").First(&refCfg).Error; err == nil {
+		if err := json.Unmarshal(refCfg.ConfigValue, &val); err == nil {
+			val["enableAutoWithdraw"] = body.EnableAutoApprove
+		}
+	}
+	valBytes, _ := json.Marshal(val)
+	desc := "分销 / 推广规则配置"
+	if err := db.Where("config_key = ?", "referral_config").First(&refCfg).Error; err != nil {
+		refCfg = model.SystemConfig{ConfigKey: "referral_config", ConfigValue: valBytes, Description: &desc}
+		_ = db.Create(&refCfg)
+	} else {
+		refCfg.ConfigValue = valBytes
+		refCfg.Description = &desc
+		_ = db.Save(&refCfg)
+	}
+	cache.InvalidateConfig()
+	c.JSON(http.StatusOK, gin.H{"success": true, "enableAutoApprove": body.EnableAutoApprove, "message": "已更新"})
+}
+
 // AdminWithdrawalsList GET /api/admin/withdrawals（支持分页 page、pageSize，筛选 status）
 func AdminWithdrawalsList(c *gin.Context) {
 	statusFilter := c.Query("status")
@@ -97,11 +150,24 @@ func AdminWithdrawalsList(c *gin.Context) {
 		if userAvatar != nil {
 			avStr = resolveAvatarURL(*userAvatar)
 		}
+		// 备注：失败时显示 failReason/errorMessage，否则显示用户 remark
+		remark := ""
+		if st == "rejected" || st == "failed" {
+			if w.FailReason != nil && *w.FailReason != "" {
+				remark = *w.FailReason
+			} else if w.ErrorMessage != nil && *w.ErrorMessage != "" {
+				remark = *w.ErrorMessage
+			}
+		}
+		if remark == "" && w.Remark != nil && *w.Remark != "" {
+			remark = *w.Remark
+		}
 		withdrawals = append(withdrawals, gin.H{
 			"id": w.ID, "userId": w.UserID, "userName": userName, "userAvatar": avStr,
 			"amount": w.Amount, "status": st, "createdAt": w.CreatedAt,
 			"method": "wechat", "account": account,
 			"userConfirmedAt": userConfirmedAt,
+			"remark": remark,
 		})
 	}

@@ -127,6 +193,109 @@ func AdminWithdrawalsList(c *gin.Context) {
 	})
 }

+// doApproveWithdrawal 执行提现审批逻辑（打款），供 AdminWithdrawalsAction 与自动审批共用
+// 返回 (successMessage, error)，成功时 err 为 nil
+func doApproveWithdrawal(db *gorm.DB, id string) (string, error) {
+	now := time.Now()
+	var w model.Withdrawal
+	if err := db.Where("id = ?", id).First(&w).Error; err != nil {
+		return "", fmt.Errorf("提现记录不存在")
+	}
+	st := ""
+	if w.Status != nil {
+		st = *w.Status
+	}
+	if st != "pending" && st != "processing" && st != "pending_confirm" {
+		return "", fmt.Errorf("当前状态不允许批准")
+	}
+	openID := ""
+	if w.WechatOpenid != nil && *w.WechatOpenid != "" {
+		openID = *w.WechatOpenid
+	}
+	if openID == "" {
+		var u model.User
+		if err := db.Where("id = ?", w.UserID).First(&u).Error; err == nil && u.OpenID != nil {
+			openID = *u.OpenID
+		}
+	}
+	if openID == "" {
+		return "", fmt.Errorf("用户未绑定微信 openid，无法打款")
+	}
+	_, totalCommission, withdrawn, pending, _ := computeAvailableWithdraw(db, w.UserID)
+	availableRaw := totalCommission - withdrawn - pending
+	if availableRaw < -0.01 {
+		return "", fmt.Errorf("用户当前可提现不足，无法批准")
+	}
+	remark := "提现"
+	if w.Remark != nil && *w.Remark != "" {
+		remark = *w.Remark
+	}
+	withdrawFee := 0.0
+	var refCfg model.SystemConfig
+	if err := db.Where("config_key = ?", "referral_config").First(&refCfg).Error; err == nil {
+		var refVal map[string]interface{}
+		if err := json.Unmarshal(refCfg.ConfigValue, &refVal); err == nil {
+			if v, ok := refVal["withdrawFee"].(float64); ok {
+				withdrawFee = v / 100
+			}
+		}
+	}
+	actualAmount := w.Amount * (1 - withdrawFee)
+	if actualAmount < 0.01 {
+		actualAmount = 0.01
+	}
+	amountFen := int(actualAmount * 100)
+	if amountFen < 1 {
+		return "", fmt.Errorf("提现金额异常")
+	}
+	params := wechat.FundAppTransferParams{
+		OutBillNo: w.ID, OpenID: openID, Amount: amountFen, Remark: remark,
+		NotifyURL: "", TransferSceneId: "1005",
+	}
+	result, err := wechat.InitiateTransferByFundApp(params)
+	if err != nil {
+		errMsg := err.Error()
+		if errMsg == "支付/转账未初始化，请先调用 wechat.Init" || errMsg == "转账客户端未初始化" {
+			_ = db.Model(&w).Updates(map[string]interface{}{"status": "success", "processed_at": now}).Error
+			return "已标记为已打款。当前未接入微信转账，请线下打款。", nil
+		}
+		_ = db.Model(&w).Updates(map[string]interface{}{
+			"status": "failed", "fail_reason": errMsg, "error_message": errMsg, "processed_at": now,
+		}).Error
+		return "", fmt.Errorf("%s", errMsg)
+	}
+	if result.OutBillNo == "" {
+		failMsg := "微信未返回商户单号，请检查商户平台（如 IP 白名单）或查看服务端日志"
+		_ = db.Model(&w).Updates(map[string]interface{}{
+			"status": "failed", "fail_reason": failMsg, "error_message": failMsg, "processed_at": now,
+		}).Error
+		return "", fmt.Errorf("%s", failMsg)
+	}
+	rowStatus := "processing"
+	if result.State == "WAIT_USER_CONFIRM" {
+		rowStatus = "pending_confirm"
+	}
+	upd := map[string]interface{}{
+		"status": rowStatus, "detail_no": result.OutBillNo, "batch_no": result.OutBillNo,
+		"batch_id": result.TransferBillNo, "processed_at": now,
+	}
+	if result.PackageInfo != "" {
+		upd["package_info"] = result.PackageInfo
+	}
+	if err := db.Model(&w).Updates(upd).Error; err != nil {
+		return "", fmt.Errorf("更新状态失败: %w", err)
+	}
+	if openID != "" {
+		go func() {
+			ctx := context.Background()
+			if e := wechat.SendWithdrawSubscribeMessage(ctx, openID, w.Amount, true); e != nil {
+				fmt.Printf("[AdminWithdrawals] 订阅消息发送失败 id=%s: %v\n", id, e)
+			}
+		}()
+	}
+	return "已发起打款，微信处理中", nil
+}
+
 // AdminWithdrawalsAction PUT /api/admin/withdrawals 审核/打款
 // approve：先调微信转账接口打款，成功则标为 processing，失败则标为 failed 并返回错误。
 // 若未初始化微信转账客户端，则仅将状态标为 success（线下打款后批准）。
@@ -169,167 +338,12 @@ func AdminWithdrawalsAction(c *gin.Context) {
 		return

 	case "approve":
-		var w model.Withdrawal
-		if err := db.Where("id = ?", body.ID).First(&w).Error; err != nil {
-			c.JSON(http.StatusOK, gin.H{"success": false, "error": "提现记录不存在"})
-			return
-		}
-		st := ""
-		if w.Status != nil {
-			st = *w.Status
-		}
-		if st != "pending" && st != "processing" && st != "pending_confirm" {
-			c.JSON(http.StatusOK, gin.H{"success": false, "error": "当前状态不允许批准"})
-			return
-		}
-
-		openID := ""
-		if w.WechatOpenid != nil && *w.WechatOpenid != "" {
-			openID = *w.WechatOpenid
-		}
-		if openID == "" {
-			var u model.User
-			if err := db.Where("id = ?", w.UserID).First(&u).Error; err == nil && u.OpenID != nil {
-				openID = *u.OpenID
-			}
-		}
-		if openID == "" {
-			c.JSON(http.StatusOK, gin.H{"success": false, "error": "用户未绑定微信 openid，无法打款"})
-			return
-		}
-
-		// 批准前二次校验可提现金额，与申请时口径一致，防止退款/冲正后超额打款
-		available, _, _, _, _ := computeAvailableWithdraw(db, w.UserID)
-		if w.Amount > available {
-			c.JSON(http.StatusOK, gin.H{
-				"success": false,
-				"error":   "用户当前可提现不足，无法批准",
-				"message": fmt.Sprintf("用户当前可提现 ¥%.2f，本笔申请 ¥%.2f，可能因退款/冲正导致。请核对后再批或联系用户。", available, w.Amount),
-			})
-			return
-		}
-
-		// 调用微信转账接口：按提现手续费扣除后打款，例如申请100元、手续费5%则实际打款95元
-		remark := "提现"
-		if w.Remark != nil && *w.Remark != "" {
-			remark = *w.Remark
-		}
-		withdrawFee := 0.0
-		var refCfg model.SystemConfig
-		if err := db.Where("config_key = ?", "referral_config").First(&refCfg).Error; err == nil {
-			var refVal map[string]interface{}
-			if err := json.Unmarshal(refCfg.ConfigValue, &refVal); err == nil {
-				if v, ok := refVal["withdrawFee"].(float64); ok {
-					withdrawFee = v / 100
-				}
-			}
-		}
-		actualAmount := w.Amount * (1 - withdrawFee)
-		if actualAmount < 0.01 {
-			actualAmount = 0.01
-		}
-		amountFen := int(actualAmount * 100)
-		if amountFen < 1 {
-			c.JSON(http.StatusOK, gin.H{"success": false, "error": "提现金额异常"})
-			return
-		}
-		outBillNo := w.ID // 商户单号，回调时 out_bill_no 即此值，用于更新该条提现
-		params := wechat.FundAppTransferParams{
-			OutBillNo:       outBillNo,
-			OpenID:          openID,
-			Amount:          amountFen,
-			Remark:          remark,
-			NotifyURL:       "", // 由 wechat 包从配置读取 WechatTransferURL
-			TransferSceneId: "1005",
-		}
-
-		result, err := wechat.InitiateTransferByFundApp(params)
+		msg, err := doApproveWithdrawal(db, body.ID)
 		if err != nil {
-			errMsg := err.Error()
-			fmt.Printf("[AdminWithdrawals] 发起转账失败 id=%s: %s\n", body.ID, errMsg)
-			// 未初始化或未配置转账：仅标记为已打款并提示线下处理
-			if errMsg == "支付/转账未初始化，请先调用 wechat.Init" || errMsg == "转账客户端未初始化" {
-				_ = db.Model(&w).Updates(map[string]interface{}{
-					"status":       "success",
-					"processed_at": now,
-				}).Error
-				c.JSON(http.StatusOK, gin.H{
-					"success": true,
-					"message": "已标记为已打款。当前未接入微信转账，请线下打款。",
-				})
-				return
-			}
-			// 微信接口报错或其它失败：把微信/具体原因返回给管理端展示，不返回「微信处理中」
-			failMsg := errMsg
-			_ = db.Model(&w).Updates(map[string]interface{}{
-				"status":        "failed",
-				"fail_reason":   failMsg,
-				"error_message": failMsg,
-				"processed_at":  now,
-			}).Error
-			c.JSON(http.StatusOK, gin.H{
-				"success": false,
-				"error":   "发起打款失败",
-				"message": failMsg, // 管理端直接展示微信报错信息（如 IP 白名单、参数错误等）
-			})
+			c.JSON(http.StatusOK, gin.H{"success": false, "error": err.Error(), "message": err.Error()})
 			return
 		}
-
-		// 防护：微信未返回商户单号时也按失败返回，避免管理端显示「已发起打款」却无单号
-		if result.OutBillNo == "" {
-			failMsg := "微信未返回商户单号，请检查商户平台（如 IP 白名单）或查看服务端日志"
-			_ = db.Model(&w).Updates(map[string]interface{}{
-				"status":        "failed",
-				"fail_reason":   failMsg,
-				"error_message": failMsg,
-				"processed_at":  now,
-			}).Error
-			c.JSON(http.StatusOK, gin.H{
-				"success": false,
-				"error":   "发起打款失败",
-				"message": failMsg,
-			})
-			return
-		}
-
-		// 打款已受理（微信同步返回），立即落库：商户单号、微信单号、package_info、按 state 设 status（不依赖回调）
-		fmt.Printf("[AdminWithdrawals] 微信已受理 id=%s out_bill_no=%s transfer_bill_no=%s state=%s\n", body.ID, result.OutBillNo, result.TransferBillNo, result.State)
-		rowStatus := "processing"
-		if result.State == "WAIT_USER_CONFIRM" {
-			rowStatus = "pending_confirm" // 待用户在小程序点击确认收款，回调在用户确认后才触发
-		}
-		upd := map[string]interface{}{
-			"status":       rowStatus,
-			"detail_no":    result.OutBillNo,
-			"batch_no":     result.OutBillNo,
-			"batch_id":     result.TransferBillNo,
-			"processed_at": now,
-		}
-		if result.PackageInfo != "" {
-			upd["package_info"] = result.PackageInfo
-		}
-		if err := db.Model(&w).Updates(upd).Error; err != nil {
-			fmt.Printf("[AdminWithdrawals] 更新提现状态失败 id=%s: %v\n", body.ID, err)
-			c.JSON(http.StatusOK, gin.H{"success": false, "error": "更新状态失败: " + err.Error()})
-			return
-		}
-		// 发起转账成功后发订阅消息（异步，失败不影响接口返回）
-		if openID != "" {
-			go func() {
-				ctx := context.Background()
-				if err := wechat.SendWithdrawSubscribeMessage(ctx, openID, w.Amount, true); err != nil {
-					fmt.Printf("[AdminWithdrawals] 订阅消息发送失败 id=%s: %v\n", body.ID, err)
-				}
-			}()
-		}
-		c.JSON(http.StatusOK, gin.H{
-			"success": true,
-			"message": "已发起打款，微信处理中",
-			"data": gin.H{
-				"out_bill_no":      result.OutBillNo,
-				"transfer_bill_no": result.TransferBillNo,
-			},
-		})
+		c.JSON(http.StatusOK, gin.H{"success": true, "message": msg})
 		return

 	default:
--- a/soul-api/internal/handler/miniprogram.go
+++ b/soul-api/internal/handler/miniprogram.go
@@ -240,6 +240,88 @@ func MiniprogramDevLoginAs(c *gin.Context) {
 	})
 }

+// MiniprogramDevLoginByPhone POST /api/miniprogram/dev/login-by-phone 开发专用：按手机号登录（仅 APP_ENV=development 可用，密码可空）
+func MiniprogramDevLoginByPhone(c *gin.Context) {
+	if strings.ToLower(strings.TrimSpace(os.Getenv("APP_ENV"))) != "development" {
+		c.JSON(http.StatusForbidden, gin.H{"success": false, "error": "仅开发环境可用"})
+		return
+	}
+	var req struct {
+		Phone    string `json:"phone" binding:"required"`
+		Password string `json:"password"`
+	}
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"success": false, "error": "缺少手机号"})
+		return
+	}
+	phone := strings.TrimSpace(strings.ReplaceAll(req.Phone, " ", ""))
+	if phone == "" {
+		c.JSON(http.StatusBadRequest, gin.H{"success": false, "error": "手机号不能为空"})
+		return
+	}
+	db := database.DB()
+	var user model.User
+	// 支持纯数字或带 +86 前缀
+	if err := db.Where("phone = ? OR phone = ? OR phone = ?", phone, "+86"+phone, "+86 "+phone).First(&user).Error; err != nil {
+		c.JSON(http.StatusNotFound, gin.H{"success": false, "error": "该手机号未注册"})
+		return
+	}
+	openID := getStringValue(user.OpenID)
+	if openID == "" {
+		openID = user.ID
+	}
+	tokenSuffix := openID
+	if len(openID) >= 8 {
+		tokenSuffix = openID[len(openID)-8:]
+	}
+	token := fmt.Sprintf("tk_%s_%d", tokenSuffix, time.Now().Unix())
+
+	var purchasedSections []string
+	var orderRows []struct {
+		ProductID string `gorm:"column:product_id"`
+	}
+	db.Raw(`SELECT DISTINCT product_id FROM orders WHERE user_id = ? AND status = 'paid' AND product_type = 'section'`, user.ID).Scan(&orderRows)
+	for _, row := range orderRows {
+		if row.ProductID != "" {
+			purchasedSections = append(purchasedSections, row.ProductID)
+		}
+	}
+	if purchasedSections == nil {
+		purchasedSections = []string{}
+	}
+
+	responseUser := map[string]interface{}{
+		"id":                user.ID,
+		"openId":            openID,
+		"nickname":          getStringValue(user.Nickname),
+		"avatar":            resolveAvatarURL(getStringValue(user.Avatar)),
+		"phone":             getStringValue(user.Phone),
+		"wechatId":          getStringValue(user.WechatID),
+		"referralCode":      getStringValue(user.ReferralCode),
+		"hasFullBook":       getBoolValue(user.HasFullBook),
+		"purchasedSections": purchasedSections,
+		"earnings":          getFloatValue(user.Earnings),
+		"pendingEarnings":   getFloatValue(user.PendingEarnings),
+		"referralCount":     getIntValue(user.ReferralCount),
+		"createdAt":         user.CreatedAt,
+	}
+	if user.IsVip != nil {
+		responseUser["isVip"] = *user.IsVip
+	}
+	if user.VipExpireDate != nil {
+		responseUser["vipExpireDate"] = user.VipExpireDate.Format("2006-01-02")
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"success": true,
+		"data": map[string]interface{}{
+			"openId": openID,
+			"user":   responseUser,
+			"token":  token,
+		},
+	})
+}
+
 // 辅助函数
 func getStringValue(ptr *string) string {
 	if ptr == nil {
--- a/soul-api/internal/handler/withdraw.go
+++ b/soul-api/internal/handler/withdraw.go
@@ -51,7 +51,7 @@ func generateWithdrawID() string {
 }

 // WithdrawPost POST /api/withdraw 创建提现申请（仅落库待审核，不调用微信打款接口）
-// 可提现逻辑与小程序 referral 页一致；二次查库校验防止超额。打款由管理端审核后手动/后续接入官方接口再处理。
+// 余额不足时也允许落库，用户侧显示「申请已提交」而非「提现失败」；管理端批准时再校验可提现，不足则拒绝。
 func WithdrawPost(c *gin.Context) {
 	var req struct {
 		UserID   string  `json:"userId" binding:"required"`
@@ -69,14 +69,8 @@ func WithdrawPost(c *gin.Context) {
 	}

 	db := database.DB()
-	available, _, _, _, minWithdrawAmount := computeAvailableWithdraw(db, req.UserID)
-	if req.Amount > available {
-		c.JSON(http.StatusBadRequest, gin.H{
-			"success": false,
-			"message": fmt.Sprintf("可提现金额不足（当前可提现：%.2f元）", available),
-		})
-		return
-	}
+	_, _, _, _, minWithdrawAmount := computeAvailableWithdraw(db, req.UserID)
+	// 不再在此处校验余额：余额不足也落库，由管理端批准时校验并拒绝，避免用户侧直接报「提现失败」
 	if req.Amount < minWithdrawAmount {
 		c.JSON(http.StatusBadRequest, gin.H{
 			"success": false,
@@ -119,6 +113,23 @@ func WithdrawPost(c *gin.Context) {
 		return
 	}

+	// 自动审批：若 referral_config.enableAutoWithdraw 为 true，异步执行审批打款
+	var refCfg model.SystemConfig
+	if err := db.Where("config_key = ?", "referral_config").First(&refCfg).Error; err == nil {
+		var config map[string]interface{}
+		if _ = json.Unmarshal(refCfg.ConfigValue, &config); config != nil {
+			if enabled, ok := config["enableAutoWithdraw"].(bool); ok && enabled {
+				go func(id string) {
+					if _, e := doApproveWithdrawal(db, id); e != nil {
+						fmt.Printf("[WithdrawPost] 自动审批失败 id=%s: %v\n", id, e)
+					} else {
+						fmt.Printf("[WithdrawPost] 自动审批成功 id=%s\n", id)
+					}
+				}(withdrawal.ID)
+			}
+		}
+	}
+
 	c.JSON(http.StatusOK, gin.H{
 		"success": true,
 		"message": "提现申请已提交，审核通过后将打款至您的微信零钱",
--- a/soul-api/internal/model/withdrawal.go
+++ b/soul-api/internal/model/withdrawal.go
@@ -14,8 +14,9 @@ type Withdrawal struct {
 	DetailNo     *string    `gorm:"column:detail_no;size:100" json:"detailNo,omitempty"`     // 商家明细单号
 	BatchID      *string    `gorm:"column:batch_id;size:100" json:"batchId,omitempty"`       // 微信批次单号
 	PackageInfo  *string    `gorm:"column:package_info;size:500" json:"packageInfo,omitempty"` // 微信返回的 package_info，供小程序 wx.requestMerchantTransfer
-	Remark       *string    `gorm:"column:remark;size:200" json:"remark,omitempty"`          // 提现备注
-	FailReason   *string    `gorm:"column:fail_reason;size:500" json:"failReason,omitempty"` // 失败原因
+	Remark       *string    `gorm:"column:remark;size:200" json:"remark,omitempty"`          // 提现备注（用户填写）
+	FailReason   *string    `gorm:"column:fail_reason;size:500" json:"failReason,omitempty"` // 失败原因（打款失败/拒绝时记录）
+	ErrorMessage *string    `gorm:"column:error_message;size:500" json:"errorMessage,omitempty"` // 错误信息（与 fail_reason 同步）
 	UserConfirmedAt *time.Time `gorm:"column:user_confirmed_at" json:"userConfirmedAt,omitempty"`         // 用户点击「确认收款」时间
 	CreatedAt       time.Time  `gorm:"column:created_at" json:"createdAt"`
 	ProcessedAt     *time.Time `gorm:"column:processed_at" json:"processedAt"`
--- a/soul-api/internal/router/router.go
+++ b/soul-api/internal/router/router.go
@@ -78,6 +78,8 @@ func Setup(cfg *config.Config) *gin.Engine {
 			admin.GET("/withdrawals", handler.AdminWithdrawalsList)
 			admin.PUT("/withdrawals", handler.AdminWithdrawalsAction)
 			admin.POST("/withdrawals/sync", handler.AdminWithdrawalsSync)
+			admin.GET("/withdrawals/auto-approve", handler.AdminWithdrawalsAutoApproveGet)
+			admin.PUT("/withdrawals/auto-approve", handler.AdminWithdrawalsAutoApprovePut)
 			admin.GET("/withdraw-test", handler.AdminWithdrawTest)
 			admin.POST("/withdraw-test", handler.AdminWithdrawTest)
 			admin.GET("/settings", handler.AdminSettingsGet)
@@ -295,7 +297,8 @@ func Setup(cfg *config.Config) *gin.Engine {
 			miniprogram.GET("/config", handler.GetPublicDBConfig)
 			miniprogram.POST("/login", handler.MiniprogramLogin)
 			miniprogram.POST("/phone-login", handler.WechatPhoneLogin)
-			miniprogram.POST("/dev/login-as", handler.MiniprogramDevLoginAs) // 开发专用：按 userId 切换账号
+			miniprogram.POST("/dev/login-as", handler.MiniprogramDevLoginAs)       // 开发专用：按 userId 切换账号
+			miniprogram.POST("/dev/login-by-phone", handler.MiniprogramDevLoginByPhone) // 开发专用：按手机号登录（密码可空）
 			miniprogram.POST("/phone", handler.MiniprogramPhone)
 			miniprogram.GET("/pay", handler.MiniprogramPay)
 			miniprogram.POST("/pay", handler.MiniprogramPay)