修复: 代码审查4个必改项+4个建议改进

- 工单编号改为业务格式 TK-yyMMdd-NNN
- 类型断言加 comma-ok 防 panic
- priority 用指针区分未传/P0
- json.Marshal 错误处理
- 提取 ParseID 公共函数消除重复
- HTTP client 包级别复用
- LIKE 查询特殊字符转义
- interface{} → any
- auth 中间件用 dto.Fail 统一响应

backend/internal/middleware/auth.go

@@ -1,6 +1,9 @@
 package middleware
 
 import (
+	"strconv"
+
+	"github.com/casehub/ticket-workbench/internal/dto"
 	"github.com/casehub/ticket-workbench/internal/model"
 	"github.com/casehub/ticket-workbench/internal/service"
 	"github.com/gin-gonic/gin"
@@ -11,14 +14,14 @@ func Auth(db *gorm.DB) gin.HandlerFunc {
 	return func(c *gin.Context) {
 		sessionID := extractSessionID(c)
 		if sessionID == "" {
-			c.JSON(200, map[string]interface{}{"success": false, "retcode": -1, "retinfo": "未登录"})
+			c.JSON(200, dto.Fail("未登录"))
 			c.Abort()
 			return
 		}
 
 		user := service.GetUserBySession(sessionID)
 		if user == nil {
-			c.JSON(200, map[string]interface{}{"success": false, "retcode": -1, "retinfo": "登录已过期"})
+			c.JSON(200, dto.Fail("登录已过期"))
 			c.Abort()
 			return
 		}
@@ -43,17 +46,30 @@ func extractSessionID(c *gin.Context) string {
 }
 
 func GetCurrentUser(c *gin.Context) *model.TicketUser {
-	userid, exists := c.Get("userid")
-	if !exists {
+	uid, ok := c.Get("userid")
+	if !ok {
+		return nil
+	}
+	userid, ok := uid.(int)
+	if !ok {
 		return nil
 	}
 	username, _ := c.Get("username")
 	role, _ := c.Get("role")
 	team, _ := c.Get("team")
 	return &model.TicketUser{
-		Userid:   userid.(int),
+		Userid:   userid,
 		Username: username.(string),
 		Role:     role.(int16),
 		Team:     team.(string),
 	}
 }
+
+func ParseID(c *gin.Context) (int, bool) {
+	id, err := strconv.Atoi(c.Param("id"))
+	if err != nil {
+		c.JSON(200, dto.Fail("参数错误"))
+		return 0, false
+	}
+	return id, true
+}