feat: 系统全面优化 - 设备管理/登录日志导出/性能监控/设置页面

后端：
- 新增全局设备管理 API（DeviceHandler.GetAllDevices）
- 新增登录日志导出功能（LogHandler.ExportLoginLogs, CSV/XLSX）
- 新增设置服务（SettingsService）和设置页面 API
- 设备管理支持多条件筛选（状态/信任状态/关键词）
- 登录日志支持流式导出防 OOM
- 操作日志支持按方法/时间范围搜索
- 主题配置服务（ThemeService）
- 增强监控健康检查（Prometheus metrics + SLO）
- 移除旧 ratelimit.go（已迁移至 robustness）
- 修复 SocialAccount NULL 扫描问题
- 新增 API 契约测试、Handler 测试、Settings 测试

前端：
- 新增管理员设备管理页面（DevicesPage）
- 新增管理员登录日志导出功能
- 新增系统设置页面（SettingsPage）
- 设备管理支持筛选和分页
- 增强 HTTP 响应类型

测试：
- 业务逻辑测试 68 个（含并发 CONC_001~003）
- 规模测试 16 个（P99 百分位统计）
- E2E 测试、集成测试、契约测试
- 性能基准测试、鲁棒性测试

全面测试通过（38 个测试包）

internal/repository/device.go

@@ -7,6 +7,7 @@ import (
 	"gorm.io/gorm"
 
 	"github.com/user-management-system/internal/domain"
+	"github.com/user-management-system/internal/pagination"
 )
 
 // DeviceRepository 设备数据访问层
@@ -209,7 +210,7 @@ func (r *DeviceRepository) GetTrustedDevices(ctx context.Context, userID int64)
 // ListDevicesParams 设备列表查询参数
 type ListDevicesParams struct {
 	UserID    int64
-	Status    domain.DeviceStatus
+	Status    *domain.DeviceStatus // nil-不筛选, 0-禁用, 1-激活
 	IsTrusted *bool
 	Keyword   string
 	Offset    int
@@ -228,8 +229,8 @@ func (r *DeviceRepository) ListAll(ctx context.Context, params *ListDevicesParam
 		query = query.Where("user_id = ?", params.UserID)
 	}
 	// 按状态筛选
-	if params.Status >= 0 {
-		query = query.Where("status = ?", params.Status)
+	if params.Status != nil {
+		query = query.Where("status = ?", *params.Status)
 	}
 	// 按信任状态筛选
 	if params.IsTrusted != nil {
@@ -254,3 +255,44 @@ func (r *DeviceRepository) ListAll(ctx context.Context, params *ListDevicesParam
 
 	return devices, total, nil
 }
+
+// ListAllCursor 游标分页查询所有设备（支持筛选）
+// Sort column: last_active_time DESC, id DESC
+func (r *DeviceRepository) ListAllCursor(ctx context.Context, params *ListDevicesParams, limit int, cursor *pagination.Cursor) ([]*domain.Device, bool, error) {
+	var devices []*domain.Device
+
+	query := r.db.WithContext(ctx).Model(&domain.Device{})
+
+	// Apply filters
+	if params.UserID > 0 {
+		query = query.Where("user_id = ?", params.UserID)
+	}
+	if params.Status != nil {
+		query = query.Where("status = ?", *params.Status)
+	}
+	if params.IsTrusted != nil {
+		query = query.Where("is_trusted = ?", *params.IsTrusted)
+	}
+	if params.Keyword != "" {
+		search := "%" + params.Keyword + "%"
+		query = query.Where("device_name LIKE ? OR ip LIKE ? OR location LIKE ?", search, search, search)
+	}
+
+	// Apply cursor condition for keyset navigation
+	if cursor != nil && cursor.LastID > 0 {
+		query = query.Where(
+			"(last_active_time < ? OR (last_active_time = ? AND id < ?))",
+			cursor.LastValue, cursor.LastValue, cursor.LastID,
+		)
+	}
+
+	if err := query.Order("last_active_time DESC, id DESC").Limit(limit + 1).Find(&devices).Error; err != nil {
+		return nil, false, err
+	}
+
+	hasMore := len(devices) > limit
+	if hasMore {
+		devices = devices[:limit]
+	}
+	return devices, hasMore, nil
+}

internal/repository/login_log.go

@@ -7,6 +7,7 @@ import (
 	"gorm.io/gorm"
 
 	"github.com/user-management-system/internal/domain"
+	"github.com/user-management-system/internal/pagination"
 )
 
 // LoginLogRepository 登录日志仓储
@@ -138,3 +139,84 @@ func (r *LoginLogRepository) ListAllForExport(ctx context.Context, userID int64,
 	}
 	return logs, nil
 }
+
+// ExportBatchSize 单次导出的最大记录数
+const ExportBatchSize = 100000
+
+// ListLogsForExportBatch 分批获取登录日志（用于流式导出）
+// cursor 是上一次最后一条记录的 ID，limit 是每批数量
+func (r *LoginLogRepository) ListLogsForExportBatch(ctx context.Context, userID int64, status int, startAt, endAt *time.Time, cursor int64, limit int) ([]*domain.LoginLog, bool, error) {
+	var logs []*domain.LoginLog
+	query := r.db.WithContext(ctx).Model(&domain.LoginLog{}).Where("id < ?", cursor)
+
+	if userID > 0 {
+		query = query.Where("user_id = ?", userID)
+	}
+	if status == 0 || status == 1 {
+		query = query.Where("status = ?", status)
+	}
+	if startAt != nil {
+		query = query.Where("created_at >= ?", startAt)
+	}
+	if endAt != nil {
+		query = query.Where("created_at <= ?", endAt)
+	}
+
+	if err := query.Order("id DESC").Limit(limit).Find(&logs).Error; err != nil {
+		return nil, false, err
+	}
+
+	hasMore := len(logs) == limit
+	return logs, hasMore, nil
+}
+
+// ListCursor 游标分页查询登录日志（管理员用）
+// Uses keyset pagination: WHERE (created_at < ? OR (created_at = ? AND id < ?))
+// This avoids the O(offset) deep-pagination problem of OFFSET/LIMIT.
+func (r *LoginLogRepository) ListCursor(ctx context.Context, limit int, cursor *pagination.Cursor) ([]*domain.LoginLog, bool, error) {
+	var logs []*domain.LoginLog
+
+	query := r.db.WithContext(ctx).Model(&domain.LoginLog{})
+
+	// Apply cursor condition for keyset navigation
+	if cursor != nil && cursor.LastID > 0 {
+		query = query.Where(
+			"(created_at < ? OR (created_at = ? AND id < ?))",
+			cursor.LastValue, cursor.LastValue, cursor.LastID,
+		)
+	}
+
+	if err := query.Order("created_at DESC, id DESC").Limit(limit + 1).Find(&logs).Error; err != nil {
+		return nil, false, err
+	}
+
+	hasMore := len(logs) > limit
+	if hasMore {
+		logs = logs[:limit]
+	}
+	return logs, hasMore, nil
+}
+
+// ListByUserIDCursor 按用户ID游标分页查询登录日志
+func (r *LoginLogRepository) ListByUserIDCursor(ctx context.Context, userID int64, limit int, cursor *pagination.Cursor) ([]*domain.LoginLog, bool, error) {
+	var logs []*domain.LoginLog
+
+	query := r.db.WithContext(ctx).Model(&domain.LoginLog{}).Where("user_id = ?", userID)
+
+	if cursor != nil && cursor.LastID > 0 {
+		query = query.Where(
+			"(created_at < ? OR (created_at = ? AND id < ?))",
+			cursor.LastValue, cursor.LastValue, cursor.LastID,
+		)
+	}
+
+	if err := query.Order("created_at DESC, id DESC").Limit(limit + 1).Find(&logs).Error; err != nil {
+		return nil, false, err
+	}
+
+	hasMore := len(logs) > limit
+	if hasMore {
+		logs = logs[:limit]
+	}
+	return logs, hasMore, nil
+}

internal/repository/operation_log.go

@@ -7,6 +7,7 @@ import (
 	"gorm.io/gorm"
 
 	"github.com/user-management-system/internal/domain"
+	"github.com/user-management-system/internal/pagination"
 )
 
 // OperationLogRepository 操作日志仓储
@@ -111,3 +112,28 @@ func (r *OperationLogRepository) Search(ctx context.Context, keyword string, off
 	}
 	return logs, total, nil
 }
+
+// ListCursor 游标分页查询操作日志（管理员用）
+// Uses keyset pagination: WHERE (created_at < ? OR (created_at = ? AND id < ?))
+func (r *OperationLogRepository) ListCursor(ctx context.Context, limit int, cursor *pagination.Cursor) ([]*domain.OperationLog, bool, error) {
+	var logs []*domain.OperationLog
+
+	query := r.db.WithContext(ctx).Model(&domain.OperationLog{})
+
+	if cursor != nil && cursor.LastID > 0 {
+		query = query.Where(
+			"(created_at < ? OR (created_at = ? AND id < ?))",
+			cursor.LastValue, cursor.LastValue, cursor.LastID,
+		)
+	}
+
+	if err := query.Order("created_at DESC, id DESC").Limit(limit + 1).Find(&logs).Error; err != nil {
+		return nil, false, err
+	}
+
+	hasMore := len(logs) > limit
+	if hasMore {
+		logs = logs[:limit]
+	}
+	return logs, hasMore, nil
+}

internal/repository/user.go

@@ -8,6 +8,7 @@ import (
 	"gorm.io/gorm"
 
 	"github.com/user-management-system/internal/domain"
+	"github.com/user-management-system/internal/pagination"
 )
 
 // escapeLikePattern 转义 LIKE 模式中的特殊字符（% 和 _）
@@ -312,3 +313,71 @@ func (r *UserRepository) AdvancedSearch(ctx context.Context, filter *AdvancedFil
 
 	return users, total, nil
 }
+
+// ListCursor 游标分页查询用户列表（支持筛选）
+// Sort column: created_at DESC, id DESC
+func (r *UserRepository) ListCursor(ctx context.Context, filter *AdvancedFilter, limit int, cursor *pagination.Cursor) ([]*domain.User, bool, error) {
+	var users []*domain.User
+
+	query := r.db.WithContext(ctx).Model(&domain.User{})
+
+	// Apply filters (same as AdvancedFilter)
+	if filter.Keyword != "" {
+		escapedKeyword := escapeLikePattern(filter.Keyword)
+		pattern := "%" + escapedKeyword + "%"
+		query = query.Where(
+			"username LIKE ? OR email LIKE ? OR phone LIKE ? OR nickname LIKE ?",
+			pattern, pattern, pattern, pattern,
+		)
+	}
+	if filter.Status >= 0 && filter.Status <= 3 {
+		query = query.Where("status = ?", filter.Status)
+	}
+	if len(filter.RoleIDs) > 0 {
+		query = query.Where(
+			"id IN (SELECT user_id FROM user_roles WHERE role_id IN ? AND deleted_at IS NULL)",
+			filter.RoleIDs,
+		)
+	}
+	if filter.CreatedFrom != nil {
+		query = query.Where("created_at >= ?", *filter.CreatedFrom)
+	}
+	if filter.CreatedTo != nil {
+		query = query.Where("created_at <= ?", *filter.CreatedTo)
+	}
+
+	// Apply cursor condition
+	if cursor != nil && cursor.LastID > 0 {
+		query = query.Where(
+			"(created_at < ? OR (created_at = ? AND id < ?))",
+			cursor.LastValue, cursor.LastValue, cursor.LastID,
+		)
+	}
+
+	// Determine sort field
+	sortBy := "created_at"
+	if filter.SortBy != "" {
+		allowedFields := map[string]bool{
+			"created_at": true, "last_login_time": true,
+			"username": true, "updated_at": true,
+		}
+		if allowedFields[filter.SortBy] {
+			sortBy = filter.SortBy
+		}
+	}
+	sortOrder := "DESC"
+	if filter.SortOrder == "asc" {
+		sortOrder = "ASC"
+	}
+
+	orderClause := sortBy + " " + sortOrder + ", id " + sortOrder
+	if err := query.Order(orderClause).Limit(limit + 1).Find(&users).Error; err != nil {
+		return nil, false, err
+	}
+
+	hasMore := len(users) > limit
+	if hasMore {
+		users = users[:limit]
+	}
+	return users, hasMore, nil
+}