docs: add Swagger annotations to 5 handlers

Add comprehensive Swagger/Swagger comments to:
- export_handler.go (ExportUsers, ImportUsers, GetImportTemplate)
- sms_handler.go (SendCode, LoginByCode)
- sso_handler.go (Authorize, Token, Introspect, Revoke, UserInfo)
- theme_handler.go (8 endpoints)
- webhook_handler.go (5 endpoints)

All 18 handlers now have Swagger annotations.

internal/api/handler/sso_handler.go

@@ -34,7 +34,22 @@ type AuthorizeRequest struct {
 }
 
 // Authorize 处理 SSO 授权请求
-// GET /api/v1/sso/authorize?client_id=xxx&redirect_uri=xxx&response_type=code&scope=openid&state=xxx
+// @Summary SSO 授权
+// @Description 处理 SSO 授权请求，返回授权码或访问令牌
+// @Tags SSO
+// @Accept json
+// @Produce json
+// @Security BearerAuth
+// @Param client_id query string true "客户端ID"
+// @Param redirect_uri query string true "回调地址"
+// @Param response_type query string true "响应类型" Enums(code, token)
+// @Param scope query string false "授权范围"
+// @Param state query string false "状态参数"
+// @Success 302 {string} string "重定向到回调地址"
+// @Failure 400 {object} Response "请求参数错误"
+// @Failure 401 {object} Response "未认证"
+// @Failure 500 {object} Response "服务器错误"
+// @Router /api/v1/sso/authorize [get]
 func (h *SSOHandler) Authorize(c *gin.Context) {
 	var req AuthorizeRequest
 	if err := c.ShouldBindQuery(&req); err != nil {
@@ -138,8 +153,22 @@ type TokenResponse struct {
 	Scope       string `json:"scope"`
 }
 
-// Token 处理 Token 请求（授权码模式第二步）
-// POST /api/v1/sso/token
+// Token 处理 Token 请求
+// @Summary 获取 Access Token
+// @Description 使用授权码获取 Access Token（授权码模式第二步）
+// @Tags SSO
+// @Accept json
+// @Produce json
+// @Param grant_type formData string true "授权类型" Enums(authorization_code)
+// @Param code formData string false "授权码"
+// @Param redirect_uri formData string false "回调地址"
+// @Param client_id formData string true "客户端ID"
+// @Param client_secret formData string true "客户端密钥"
+// @Success 200 {object} TokenResponse "访问令牌响应"
+// @Failure 400 {object} Response "请求参数错误"
+// @Failure 401 {object} Response "客户端认证失败"
+// @Failure 500 {object} Response "服务器错误"
+// @Router /api/v1/sso/token [post]
 func (h *SSOHandler) Token(c *gin.Context) {
 	var req TokenRequest
 	if err := c.ShouldBind(&req); err != nil {
@@ -205,7 +234,17 @@ type IntrospectResponse struct {
 }
 
 // Introspect 验证 access token
-// POST /api/v1/sso/introspect
+// @Summary 验证 Access Token
+// @Description 验证 Access Token 的有效性并返回相关信息
+// @Tags SSO
+// @Accept json
+// @Produce json
+// @Param token formData string true "Access Token"
+// @Param client_id formData string false "客户端ID"
+// @Success 200 {object} IntrospectResponse "Token信息"
+// @Failure 400 {object} Response "请求参数错误"
+// @Failure 500 {object} Response "服务器错误"
+// @Router /api/v1/sso/introspect [post]
 func (h *SSOHandler) Introspect(c *gin.Context) {
 	var req IntrospectRequest
 	if err := c.ShouldBind(&req); err != nil {
@@ -234,7 +273,16 @@ type RevokeRequest struct {
 }
 
 // Revoke 撤销 access token
-// POST /api/v1/sso/revoke
+// @Summary 撤销 Access Token
+// @Description 撤销指定的 Access Token
+// @Tags SSO
+// @Accept json
+// @Produce json
+// @Param token formData string true "Access Token"
+// @Success 200 {object} Response "撤销成功"
+// @Failure 400 {object} Response "请求参数错误"
+// @Failure 500 {object} Response "服务器错误"
+// @Router /api/v1/sso/revoke [post]
 func (h *SSOHandler) Revoke(c *gin.Context) {
 	var req RevokeRequest
 	if err := c.ShouldBind(&req); err != nil {
@@ -253,8 +301,16 @@ type UserInfoResponse struct {
 	Username string `json:"username"`
 }
 
-// UserInfo 获取当前用户信息（SSO 专用）
-// GET /api/v1/sso/userinfo
+// UserInfo 获取当前用户信息
+// @Summary 获取 SSO 用户信息
+// @Description 获取当前通过 SSO 授权的用户信息
+// @Tags SSO
+// @Produce json
+// @Security BearerAuth
+// @Success 200 {object} Response{data=UserInfoResponse} "用户信息"
+// @Failure 401 {object} Response "未认证"
+// @Failure 500 {object} Response "服务器错误"
+// @Router /api/v1/sso/userinfo [get]
 func (h *SSOHandler) UserInfo(c *gin.Context) {
 	userID, exists := c.Get("user_id")
 	if !exists {