Merge remote-tracking branch 'origin/dev' into cody/netwrok_SDK

# Conflicts:
#	apps/im_app/lib/features/chat/presentation/chat_db_test_view_model.dart
#	apps/im_app/lib/features/login/presentation/login_view_model.dart

修复逻辑漏洞，性能优化

apps/im_app/lib/data/remote/login_request.dart

@@ -8,57 +8,140 @@ part 'login_request.g.dart';
 
 /// # /auth/login — 登录接口
 ///
-/// 一个端点 = 一个文件，Response DTO + Request 放在同一文件中。
-///
 /// ## 数据流位置
 ///
 /// ```
 /// AuthRepositoryImpl.login(email, password)
 ///   → _client.executeRequest( ★ LoginRequest ★ )     ← 你在这里
 ///     → 服务端 POST /auth/login
-///     → 响应 JSON → ★ LoginData ★                    ← 也在这里
-///       → LoginData.toEntity() → User
+///     → 响应 JSON → ★ LoginResponse ★                ← 也在这里
+///       → LoginResponse.toEntity() → User
 /// ```
 
 // ─────────────────────────────────────────────
 //  Response DTO
 // ─────────────────────────────────────────────
 
-/// 登录响应 DTO
-///
-/// 服务端返回的登录数据，包含 token 和用户信息。
-/// 通过 [toEntity] 转换为 Domain Entity [User]。
-@JsonSerializable()
-class LoginData {
-  final String token;
-  @JsonKey(name: 'user_id')
-  final String userId;
+@JsonSerializable(createToJson: false)
+class LoginProfile {
+  final int uid;
+  final String uuid;
+  @JsonKey(name: 'last_online')
+  final int lastOnline;
+  @JsonKey(name: 'profile_pic')
+  final String profilePic;
+  @JsonKey(name: 'profile_pic_gaussian')
+  final String profilePicGaussian;
+  final String nickname;
+  final String contact;
+  @JsonKey(name: 'country_code')
+  final String countryCode;
   final String email;
-  final String? nickname;
-  final String? avatar;
+  @JsonKey(name: 'recovery_email')
+  final String recoveryEmail;
+  final String username;
+  final String bio;
+  final int relationship;
+  @JsonKey(name: 'user_alias')
+  final String? userAlias;
+  @JsonKey(name: 'channel_id')
+  final int channelId;
+  @JsonKey(name: 'channel_group_id')
+  final int channelGroupId;
+  final String hint;
+
+  const LoginProfile({
+    required this.uid,
+    required this.uuid,
+    required this.lastOnline,
+    required this.profilePic,
+    required this.profilePicGaussian,
+    required this.nickname,
+    required this.contact,
+    required this.countryCode,
+    required this.email,
+    required this.recoveryEmail,
+    required this.username,
+    required this.bio,
+    required this.relationship,
+    this.userAlias,
+    required this.channelId,
+    required this.channelGroupId,
+    required this.hint,
+  });
+
+  factory LoginProfile.fromJson(Map<String, dynamic> json) =>
+      _$LoginProfileFromJson(json);
+
+  User toEntity() => User(
+    uid: uid,
+    uuid: uuid,
+    lastOnline: lastOnline,
+    profilePic: profilePic,
+    profilePicGaussian: profilePicGaussian,
+    nickname: nickname,
+    contact: contact,
+    countryCode: countryCode,
+    email: email,
+    recoveryEmail: recoveryEmail,
+    username: username,
+    bio: bio,
+    relationship: relationship,
+    userAlias: userAlias,
+    channelId: channelId,
+    channelGroupId: channelGroupId,
+    hint: hint,
+  );
+}
+
+@JsonSerializable(createToJson: false, explicitToJson: true)
+class LoginData {
+  @JsonKey(name: 'account_id')
+  final String accountId;
+  final LoginProfile profile;
+  final String nonce;
+  @JsonKey(name: 'access_token')
+  final String accessToken;
+  @JsonKey(name: 'refresh_token')
+  final String refreshToken;
+  @JsonKey(name: 'device_id')
+  final String deviceId;
+  @JsonKey(name: 'login_data')
+  final String loginData;
 
   const LoginData({
-    required this.token,
-    required this.userId,
-    required this.email,
-    this.nickname,
-    this.avatar,
+    required this.accountId,
+    required this.profile,
+    required this.nonce,
+    required this.accessToken,
+    required this.refreshToken,
+    required this.deviceId,
+    required this.loginData,
   });
 
   factory LoginData.fromJson(Map<String, dynamic> json) =>
       _$LoginDataFromJson(json);
 
-  Map<String, dynamic> toJson() => _$LoginDataToJson(this);
+  User toEntity() => profile.toEntity();
+}
 
-  /// DTO → Domain Entity
-  User toEntity() {
-    return User(
-      id: userId,
-      email: email,
-      nickname: nickname,
-      avatar: avatar,
-    );
-  }
+/// Top-level envelope: { "code": 0, "message": "OK", "data": { ... } }
+@JsonSerializable(createToJson: false, explicitToJson: true)
+class LoginResponse {
+  final int code;
+  final String message;
+  final LoginData data;
+
+  const LoginResponse({
+    required this.code,
+    required this.message,
+    required this.data,
+  });
+
+  factory LoginResponse.fromJson(Map<String, dynamic> json) =>
+      _$LoginResponseFromJson(json);
+
+  User toEntity() => data.toEntity();
 }
 
 // ─────────────────────────────────────────────
@@ -67,24 +150,21 @@ class LoginData {
 
 /// 登录请求
 ///
-/// `@ApiRequest` 自动生成 `_$LoginRequestApi` mixin，
-/// 提供 path / method / requestType / includeToken / fromJson 自动注册。
+/// `@ApiRequest` 一个注解搞定一切：
+/// - mixin 自动生成 path / method / requestType / includeToken / toJson
+/// - toJson 只序列化类自身字段（email, password），不含继承属性
+/// - Response 的 fromJson 在 parameters getter 中自动注册
+/// - 无需 @JsonSerializable，无需手写 fromJson / toJson
 @ApiRequest(
   path: ApiPaths.authLogin,
   method: HttpMethod.post,
-  responseType: LoginData,
+  responseType: LoginResponse,
   requestType: ApiRequestType.login,
 )
-@JsonSerializable()
-class LoginRequest extends ApiRequestable<LoginData> with _$LoginRequestApi {
+class LoginRequest extends ApiRequestable<LoginResponse>
+    with _$LoginRequestApi {
   final String email;
   final String password;
 
   LoginRequest({required this.email, required this.password});
-
-  factory LoginRequest.fromJson(Map<String, dynamic> json) =>
-      _$LoginRequestFromJson(json);
-
-  @override
-  Map<String, dynamic> toJson() => _$LoginRequestToJson(this);
 }