🐛 fix(auth): 增强授权头验证逻辑

  - 添加Bearer方案验证，确保授权头格式正确
  - 修复授权头拆分逻辑，防止无效token通过初步验证

✅ test(user): 完善用户路由测试用例
  - 为所有用户查询接口测试添加Authorization头
  - 确保测试覆盖授权访问场景，提高测试准确性

packages/auth-module/src/middleware/auth.middleware.ts

@@ -13,7 +13,12 @@ export async function authMiddleware(c: Context<AuthContext>, next: Next) {
       return c.json({ message: 'Authorization header missing' }, 401);
     }
 
-    const token = authHeader.split(' ')[1];
+    const tokenParts = authHeader.split(' ');
+    if (tokenParts.length !== 2 || tokenParts[0] !== 'Bearer') {
+      return c.json({ message: 'Authorization header missing' }, 401);
+    }
+
+    const token = tokenParts[1];
     if (!token) {
       return c.json({ message: 'Token missing' }, 401);
     }

packages/user-module/tests/integration/user.routes.integration.test.ts

@@ -193,6 +193,10 @@ describe('用户路由API集成测试 (使用hono/testing)', () => {
 
       const response = await client.index.$get({
         query: {}
+      }, {
+        headers: {
+          'Authorization': `Bearer ${testToken}`
+        }
       });
 
       expect(response.status).toBe(200);
@@ -213,6 +217,10 @@ describe('用户路由API集成测试 (使用hono/testing)', () => {
 
       const response = await client[':id'].$get({
         param: { id: testUser.id }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${testToken}`
+        }
       });
 
       expect(response.status).toBe(200);
@@ -227,6 +235,10 @@ describe('用户路由API集成测试 (使用hono/testing)', () => {
     it('应该返回404当用户不存在时', async () => {
       const response = await client[':id'].$get({
         param: { id: 999999 }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${testToken}`
+        }
       });
 
       expect(response.status).toBe(404);
@@ -404,6 +416,10 @@ describe('用户路由API集成测试 (使用hono/testing)', () => {
 
       const response = await client.index.$get({
         query: { keyword: 'search_user' }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${testToken}`
+        }
       });
 
       IntegrationTestAssertions.expectStatus(response, 200);
@@ -429,6 +445,10 @@ describe('用户路由API集成测试 (使用hono/testing)', () => {
 
       const response = await client.index.$get({
         query: { keyword: 'test.email' }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${testToken}`
+        }
       });
 
       IntegrationTestAssertions.expectStatus(response, 200);
@@ -459,6 +479,10 @@ describe('用户路由API集成测试 (使用hono/testing)', () => {
       const startTime = Date.now();
       const response = await client.index.$get({
         query: {}
+      }, {
+        headers: {
+          'Authorization': `Bearer ${testToken}`
+        }
       });
       const endTime = Date.now();
       const responseTime = endTime - startTime;