refactor(auth): 按扁平接口简化鉴权解析

登录/刷新/发短信直接解析根级字段，移除 data 包装与 mergeUser 等多余逻辑。
首页侧栏用户信息随 localStorage 与 chatone-user-changed 更新，优先展示 nickname。

Made-with: Cursor

src/api/auth.ts

@@ -18,43 +18,27 @@ export type AuthUser = Record<string, unknown>;
 /** 发送短信验证码时 `scene` 取值（与后端约定一致） */
 export const AUTH_SMS_SCENE_LOGIN = "login";
 
-/** `POST .../auth/sms/send` 响应（含开发环境可能返回的 `testCode`） */
+/** `POST .../auth/sms/send` 响应（联调环境可能返回 `testCode`） */
 export type SmsSendResponse = {
   testCode?: string;
-  data?: {
-    testCode?: string;
-  };
 };
 
-function pickSmsSendPayload(body: SmsSendResponse & { data?: SmsSendResponse }): SmsSendResponse {
-  if (body.data && typeof body.data === "object") {
-    return { ...body, testCode: body.data.testCode ?? body.testCode };
-  }
-  return body;
-}
-
-/** `POST .../auth/sms/login` 成功后的典型响应（若后端包一层 `data`，见 `pickAuthPayload`） */
+/**
+ * `POST .../auth/sms/login` 成功响应（与后端一致：根级 token + `user`）。
+ * 例：`{ accessToken, refreshToken, user: { id, phone, nickname, avatarUrl } }`
+ */
 export type SmsLoginResponse = {
   accessToken: string;
   refreshToken: string;
   user?: AuthUser;
 };
 
-/** `POST .../auth/refresh` 成功后的典型响应 */
+/** `POST .../auth/refresh` 成功响应 */
 export type RefreshTokenResponse = {
   accessToken: string;
   refreshToken: string;
 };
 
-function pickAuthPayload<T extends { accessToken?: string; refreshToken?: string }>(
-  body: T & { data?: T },
-): T {
-  if (body.data && typeof body.data.accessToken === "string") {
-    return body.data;
-  }
-  return body;
-}
-
 /** 写入一对令牌，并清理历史 mock 键 `token` */
 export function persistTokens(accessToken: string, refreshToken: string): void {
   window.localStorage.setItem(ACCESS_TOKEN_KEY, accessToken);
@@ -66,6 +50,7 @@ export function persistTokens(accessToken: string, refreshToken: string): void {
 export function persistUser(user: AuthUser | undefined): void {
   if (!user) return;
   window.localStorage.setItem(USER_KEY, JSON.stringify(user));
+  window.dispatchEvent(new CustomEvent("chatone-user-changed"));
 }
 
 /** 清除本地会话（含兼容旧键） */
@@ -74,6 +59,7 @@ export function clearSession(): void {
   window.localStorage.removeItem(REFRESH_TOKEN_KEY);
   window.localStorage.removeItem(USER_KEY);
   window.localStorage.removeItem("token");
+  window.dispatchEvent(new CustomEvent("chatone-user-changed"));
 }
 
 /**
@@ -119,12 +105,8 @@ export async function sendAuthSmsCode(
   phone: string,
   scene: string = AUTH_SMS_SCENE_LOGIN,
 ): Promise<{ testCode?: string }> {
-  const raw = await postJson<SmsSendResponse & { data?: SmsSendResponse }>(ApiPath.authSmsSend, {
-    phone,
-    scene,
-  });
-  const merged = pickSmsSendPayload(raw);
-  const testCode = merged.testCode;
+  const raw = await postJson<SmsSendResponse>(ApiPath.authSmsSend, { phone, scene });
+  const testCode = raw.testCode;
   if (typeof testCode === "string" && testCode.trim()) {
     return { testCode: testCode.trim() };
   }
@@ -137,11 +119,7 @@ export async function sendAuthSmsCode(
  * @param code 短信验证码
  */
 export async function smsLogin(phone: string, code: string): Promise<SmsLoginResponse> {
-  const raw = await postJson<SmsLoginResponse & { data?: SmsLoginResponse }>(ApiPath.authSmsLogin, {
-    phone,
-    code,
-  });
-  return pickAuthPayload(raw);
+  return postJson<SmsLoginResponse>(ApiPath.authSmsLogin, { phone, code });
 }
 
 /**
@@ -149,9 +127,5 @@ export async function smsLogin(phone: string, code: string): Promise<SmsLoginRes
  * 该请求在 `http` 层不会附带旧的 `Authorization`。
  */
 export async function refreshTokens(refreshToken: string): Promise<RefreshTokenResponse> {
-  const raw = await postJson<RefreshTokenResponse & { data?: RefreshTokenResponse }>(
-    ApiPath.authRefresh,
-    { refreshToken },
-  );
-  return pickAuthPayload(raw);
+  return postJson<RefreshTokenResponse>(ApiPath.authRefresh, { refreshToken });
 }