merge: 合并 upstream/main 解决 PR #37 冲突

- 删除 backend/internal/model/account.go 符合重构方向
- 合并最新的项目结构重构
- 包含 SSE 格式解析修复
- 更新依赖和配置文件

backend/internal/handler/gateway_helper.go

@@ -6,7 +6,6 @@ import (
 	"net/http"
 	"time"
 
-	"github.com/Wei-Shaw/sub2api/internal/model"
 	"github.com/Wei-Shaw/sub2api/internal/service"
 
 	"github.com/gin-gonic/gin"
@@ -69,11 +68,11 @@ func (h *ConcurrencyHelper) DecrementWaitCount(ctx context.Context, userID int64
 // AcquireUserSlotWithWait acquires a user concurrency slot, waiting if necessary.
 // For streaming requests, sends ping events during the wait.
 // streamStarted is updated if streaming response has begun.
-func (h *ConcurrencyHelper) AcquireUserSlotWithWait(c *gin.Context, user *model.User, isStream bool, streamStarted *bool) (func(), error) {
+func (h *ConcurrencyHelper) AcquireUserSlotWithWait(c *gin.Context, userID int64, maxConcurrency int, isStream bool, streamStarted *bool) (func(), error) {
 	ctx := c.Request.Context()
 
 	// Try to acquire immediately
-	result, err := h.concurrencyService.AcquireUserSlot(ctx, user.ID, user.Concurrency)
+	result, err := h.concurrencyService.AcquireUserSlot(ctx, userID, maxConcurrency)
 	if err != nil {
 		return nil, err
 	}
@@ -83,17 +82,17 @@ func (h *ConcurrencyHelper) AcquireUserSlotWithWait(c *gin.Context, user *model.
 	}
 
 	// Need to wait - handle streaming ping if needed
-	return h.waitForSlotWithPing(c, "user", user.ID, user.Concurrency, isStream, streamStarted)
+	return h.waitForSlotWithPing(c, "user", userID, maxConcurrency, isStream, streamStarted)
 }
 
 // AcquireAccountSlotWithWait acquires an account concurrency slot, waiting if necessary.
 // For streaming requests, sends ping events during the wait.
 // streamStarted is updated if streaming response has begun.
-func (h *ConcurrencyHelper) AcquireAccountSlotWithWait(c *gin.Context, account *model.Account, isStream bool, streamStarted *bool) (func(), error) {
+func (h *ConcurrencyHelper) AcquireAccountSlotWithWait(c *gin.Context, accountID int64, maxConcurrency int, isStream bool, streamStarted *bool) (func(), error) {
 	ctx := c.Request.Context()
 
 	// Try to acquire immediately
-	result, err := h.concurrencyService.AcquireAccountSlot(ctx, account.ID, account.Concurrency)
+	result, err := h.concurrencyService.AcquireAccountSlot(ctx, accountID, maxConcurrency)
 	if err != nil {
 		return nil, err
 	}
@@ -103,7 +102,7 @@ func (h *ConcurrencyHelper) AcquireAccountSlotWithWait(c *gin.Context, account *
 	}
 
 	// Need to wait - handle streaming ping if needed
-	return h.waitForSlotWithPing(c, "account", account.ID, account.Concurrency, isStream, streamStarted)
+	return h.waitForSlotWithPing(c, "account", accountID, maxConcurrency, isStream, streamStarted)
 }
 
 // waitForSlotWithPing waits for a concurrency slot, sending ping events for streaming requests.

backend/internal/handler/openai_gateway_handler.go

@@ -46,7 +46,7 @@ func (h *OpenAIGatewayHandler) Responses(c *gin.Context) {
 		return
 	}
 
-	user, ok := middleware2.GetUserFromContext(c)
+	subject, ok := middleware2.GetAuthSubjectFromContext(c)
 	if !ok {
 		h.errorResponse(c, http.StatusInternalServerError, "api_error", "User context not found")
 		return
@@ -94,8 +94,8 @@ func (h *OpenAIGatewayHandler) Responses(c *gin.Context) {
 	subscription, _ := middleware2.GetSubscriptionFromContext(c)
 
 	// 0. Check if wait queue is full
-	maxWait := service.CalculateMaxWait(user.Concurrency)
-	canWait, err := h.concurrencyHelper.IncrementWaitCount(c.Request.Context(), user.ID, maxWait)
+	maxWait := service.CalculateMaxWait(subject.Concurrency)
+	canWait, err := h.concurrencyHelper.IncrementWaitCount(c.Request.Context(), subject.UserID, maxWait)
 	if err != nil {
 		log.Printf("Increment wait count failed: %v", err)
 		// On error, allow request to proceed
@@ -104,10 +104,10 @@ func (h *OpenAIGatewayHandler) Responses(c *gin.Context) {
 		return
 	}
 	// Ensure wait count is decremented when function exits
-	defer h.concurrencyHelper.DecrementWaitCount(c.Request.Context(), user.ID)
+	defer h.concurrencyHelper.DecrementWaitCount(c.Request.Context(), subject.UserID)
 
 	// 1. First acquire user concurrency slot
-	userReleaseFunc, err := h.concurrencyHelper.AcquireUserSlotWithWait(c, user, reqStream, &streamStarted)
+	userReleaseFunc, err := h.concurrencyHelper.AcquireUserSlotWithWait(c, subject.UserID, subject.Concurrency, reqStream, &streamStarted)
 	if err != nil {
 		log.Printf("User concurrency acquire failed: %v", err)
 		h.handleConcurrencyError(c, err, "user", streamStarted)
@@ -118,7 +118,7 @@ func (h *OpenAIGatewayHandler) Responses(c *gin.Context) {
 	}
 
 	// 2. Re-check billing eligibility after wait
-	if err := h.billingCacheService.CheckBillingEligibility(c.Request.Context(), user, apiKey, apiKey.Group, subscription); err != nil {
+	if err := h.billingCacheService.CheckBillingEligibility(c.Request.Context(), apiKey.User, apiKey, apiKey.Group, subscription); err != nil {
 		log.Printf("Billing eligibility check failed after wait: %v", err)
 		h.handleStreamingAwareError(c, http.StatusForbidden, "billing_error", err.Error(), streamStarted)
 		return
@@ -138,7 +138,7 @@ func (h *OpenAIGatewayHandler) Responses(c *gin.Context) {
 	log.Printf("[OpenAI Handler] Selected account: id=%d name=%s", account.ID, account.Name)
 
 	// 3. Acquire account concurrency slot
-	accountReleaseFunc, err := h.concurrencyHelper.AcquireAccountSlotWithWait(c, account, reqStream, &streamStarted)
+	accountReleaseFunc, err := h.concurrencyHelper.AcquireAccountSlotWithWait(c, account.ID, account.Concurrency, reqStream, &streamStarted)
 	if err != nil {
 		log.Printf("Account concurrency acquire failed: %v", err)
 		h.handleConcurrencyError(c, err, "account", streamStarted)
@@ -163,7 +163,7 @@ func (h *OpenAIGatewayHandler) Responses(c *gin.Context) {
 		if err := h.gatewayService.RecordUsage(ctx, &service.OpenAIRecordUsageInput{
 			Result:       result,
 			ApiKey:       apiKey,
-			User:         user,
+			User:         apiKey.User,
 			Account:      account,
 			Subscription: subscription,
 		}); err != nil {

backend/internal/handler/redeem_handler.go

 package handler
 
 import (
-	"github.com/Wei-Shaw/sub2api/internal/model"
+	"github.com/Wei-Shaw/sub2api/internal/handler/dto"
 	"github.com/Wei-Shaw/sub2api/internal/pkg/response"
+	middleware2 "github.com/Wei-Shaw/sub2api/internal/server/middleware"
 	"github.com/Wei-Shaw/sub2api/internal/service"
 
 	"github.com/gin-gonic/gin"
@@ -37,15 +38,9 @@ type RedeemResponse struct {
 // Redeem handles redeeming a code
 // POST /api/v1/redeem
 func (h *RedeemHandler) Redeem(c *gin.Context) {
-	userValue, exists := c.Get("user")
-	if !exists {
-		response.Unauthorized(c, "User not authenticated")
-		return
-	}
-
-	user, ok := userValue.(*model.User)
+	subject, ok := middleware2.GetAuthSubjectFromContext(c)
 	if !ok {
-		response.InternalError(c, "Invalid user context")
+		response.Unauthorized(c, "User not authenticated")
 		return
 	}
 
@@ -55,38 +50,36 @@ func (h *RedeemHandler) Redeem(c *gin.Context) {
 		return
 	}
 
-	result, err := h.redeemService.Redeem(c.Request.Context(), user.ID, req.Code)
+	result, err := h.redeemService.Redeem(c.Request.Context(), subject.UserID, req.Code)
 	if err != nil {
 		response.ErrorFrom(c, err)
 		return
 	}
 
-	response.Success(c, result)
+	response.Success(c, dto.RedeemCodeFromService(result))
 }
 
 // GetHistory returns the user's redemption history
 // GET /api/v1/redeem/history
 func (h *RedeemHandler) GetHistory(c *gin.Context) {
-	userValue, exists := c.Get("user")
-	if !exists {
-		response.Unauthorized(c, "User not authenticated")
-		return
-	}
-
-	user, ok := userValue.(*model.User)
+	subject, ok := middleware2.GetAuthSubjectFromContext(c)
 	if !ok {
-		response.InternalError(c, "Invalid user context")
+		response.Unauthorized(c, "User not authenticated")
 		return
 	}
 
 	// Default limit is 25
 	limit := 25
 
-	codes, err := h.redeemService.GetUserHistory(c.Request.Context(), user.ID, limit)
+	codes, err := h.redeemService.GetUserHistory(c.Request.Context(), subject.UserID, limit)
 	if err != nil {
 		response.ErrorFrom(c, err)
 		return
 	}
 
-	response.Success(c, codes)
+	out := make([]dto.RedeemCode, 0, len(codes))
+	for i := range codes {
+		out = append(out, *dto.RedeemCodeFromService(&codes[i]))
+	}
+	response.Success(c, out)
 }

backend/internal/handler/setting_handler.go

 package handler
 
 import (
+	"github.com/Wei-Shaw/sub2api/internal/handler/dto"
 	"github.com/Wei-Shaw/sub2api/internal/pkg/response"
 	"github.com/Wei-Shaw/sub2api/internal/service"
 
@@ -30,6 +31,17 @@ func (h *SettingHandler) GetPublicSettings(c *gin.Context) {
 		return
 	}
 
-	settings.Version = h.version
-	response.Success(c, settings)
+	response.Success(c, dto.PublicSettings{
+		RegistrationEnabled: settings.RegistrationEnabled,
+		EmailVerifyEnabled:  settings.EmailVerifyEnabled,
+		TurnstileEnabled:    settings.TurnstileEnabled,
+		TurnstileSiteKey:    settings.TurnstileSiteKey,
+		SiteName:            settings.SiteName,
+		SiteLogo:            settings.SiteLogo,
+		SiteSubtitle:        settings.SiteSubtitle,
+		ApiBaseUrl:          settings.ApiBaseUrl,
+		ContactInfo:         settings.ContactInfo,
+		DocUrl:              settings.DocUrl,
+		Version:             h.version,
+	})
 }

backend/internal/handler/subscription_handler.go

 package handler
 
 import (
-	"github.com/Wei-Shaw/sub2api/internal/model"
+	"github.com/Wei-Shaw/sub2api/internal/handler/dto"
 	"github.com/Wei-Shaw/sub2api/internal/pkg/response"
+	middleware2 "github.com/Wei-Shaw/sub2api/internal/server/middleware"
 	"github.com/Wei-Shaw/sub2api/internal/service"
 
 	"github.com/gin-gonic/gin"
@@ -25,7 +26,7 @@ type SubscriptionSummaryItem struct {
 
 // SubscriptionProgressInfo represents subscription with progress info
 type SubscriptionProgressInfo struct {
-	Subscription *model.UserSubscription       `json:"subscription"`
+	Subscription *dto.UserSubscription         `json:"subscription"`
 	Progress     *service.SubscriptionProgress `json:"progress"`
 }
 
@@ -44,68 +45,58 @@ func NewSubscriptionHandler(subscriptionService *service.SubscriptionService) *S
 // List handles listing current user's subscriptions
 // GET /api/v1/subscriptions
 func (h *SubscriptionHandler) List(c *gin.Context) {
-	user, exists := c.Get("user")
-	if !exists {
-		response.Unauthorized(c, "User not found in context")
-		return
-	}
-
-	u, ok := user.(*model.User)
+	subject, ok := middleware2.GetAuthSubjectFromContext(c)
 	if !ok {
-		response.InternalError(c, "Invalid user in context")
+		response.Unauthorized(c, "User not found in context")
 		return
 	}
 
-	subscriptions, err := h.subscriptionService.ListUserSubscriptions(c.Request.Context(), u.ID)
+	subscriptions, err := h.subscriptionService.ListUserSubscriptions(c.Request.Context(), subject.UserID)
 	if err != nil {
 		response.ErrorFrom(c, err)
 		return
 	}
 
-	response.Success(c, subscriptions)
+	out := make([]dto.UserSubscription, 0, len(subscriptions))
+	for i := range subscriptions {
+		out = append(out, *dto.UserSubscriptionFromService(&subscriptions[i]))
+	}
+	response.Success(c, out)
 }
 
 // GetActive handles getting current user's active subscriptions
 // GET /api/v1/subscriptions/active
 func (h *SubscriptionHandler) GetActive(c *gin.Context) {
-	user, exists := c.Get("user")
-	if !exists {
-		response.Unauthorized(c, "User not found in context")
-		return
-	}
-
-	u, ok := user.(*model.User)
+	subject, ok := middleware2.GetAuthSubjectFromContext(c)
 	if !ok {
-		response.InternalError(c, "Invalid user in context")
+		response.Unauthorized(c, "User not found in context")
 		return
 	}
 
-	subscriptions, err := h.subscriptionService.ListActiveUserSubscriptions(c.Request.Context(), u.ID)
+	subscriptions, err := h.subscriptionService.ListActiveUserSubscriptions(c.Request.Context(), subject.UserID)
 	if err != nil {
 		response.ErrorFrom(c, err)
 		return
 	}
 
-	response.Success(c, subscriptions)
+	out := make([]dto.UserSubscription, 0, len(subscriptions))
+	for i := range subscriptions {
+		out = append(out, *dto.UserSubscriptionFromService(&subscriptions[i]))
+	}
+	response.Success(c, out)
 }
 
 // GetProgress handles getting subscription progress for current user
 // GET /api/v1/subscriptions/progress
 func (h *SubscriptionHandler) GetProgress(c *gin.Context) {
-	user, exists := c.Get("user")
-	if !exists {
-		response.Unauthorized(c, "User not found in context")
-		return
-	}
-
-	u, ok := user.(*model.User)
+	subject, ok := middleware2.GetAuthSubjectFromContext(c)
 	if !ok {
-		response.InternalError(c, "Invalid user in context")
+		response.Unauthorized(c, "User not found in context")
 		return
 	}
 
 	// Get all active subscriptions with progress
-	subscriptions, err := h.subscriptionService.ListActiveUserSubscriptions(c.Request.Context(), u.ID)
+	subscriptions, err := h.subscriptionService.ListActiveUserSubscriptions(c.Request.Context(), subject.UserID)
 	if err != nil {
 		response.ErrorFrom(c, err)
 		return
@@ -120,7 +111,7 @@ func (h *SubscriptionHandler) GetProgress(c *gin.Context) {
 			continue
 		}
 		result = append(result, SubscriptionProgressInfo{
-			Subscription: sub,
+			Subscription: dto.UserSubscriptionFromService(sub),
 			Progress:     progress,
 		})
 	}
@@ -131,20 +122,14 @@ func (h *SubscriptionHandler) GetProgress(c *gin.Context) {
 // GetSummary handles getting a summary of current user's subscription status
 // GET /api/v1/subscriptions/summary
 func (h *SubscriptionHandler) GetSummary(c *gin.Context) {
-	user, exists := c.Get("user")
-	if !exists {
-		response.Unauthorized(c, "User not found in context")
-		return
-	}
-
-	u, ok := user.(*model.User)
+	subject, ok := middleware2.GetAuthSubjectFromContext(c)
 	if !ok {
-		response.InternalError(c, "Invalid user in context")
+		response.Unauthorized(c, "User not found in context")
 		return
 	}
 
 	// Get all active subscriptions
-	subscriptions, err := h.subscriptionService.ListActiveUserSubscriptions(c.Request.Context(), u.ID)
+	subscriptions, err := h.subscriptionService.ListActiveUserSubscriptions(c.Request.Context(), subject.UserID)
 	if err != nil {
 		response.ErrorFrom(c, err)
 		return

backend/internal/handler/usage_handler.go

@@ -4,10 +4,11 @@ import (
 	"strconv"
 	"time"
 
-	"github.com/Wei-Shaw/sub2api/internal/model"
+	"github.com/Wei-Shaw/sub2api/internal/handler/dto"
 	"github.com/Wei-Shaw/sub2api/internal/pkg/pagination"
 	"github.com/Wei-Shaw/sub2api/internal/pkg/response"
 	"github.com/Wei-Shaw/sub2api/internal/pkg/timezone"
+	middleware2 "github.com/Wei-Shaw/sub2api/internal/server/middleware"
 	"github.com/Wei-Shaw/sub2api/internal/service"
 
 	"github.com/gin-gonic/gin"
@@ -30,15 +31,9 @@ func NewUsageHandler(usageService *service.UsageService, apiKeyService *service.
 // List handles listing usage records with pagination
 // GET /api/v1/usage
 func (h *UsageHandler) List(c *gin.Context) {
-	userValue, exists := c.Get("user")
-	if !exists {
-		response.Unauthorized(c, "User not authenticated")
-		return
-	}
-
-	user, ok := userValue.(*model.User)
+	subject, ok := middleware2.GetAuthSubjectFromContext(c)
 	if !ok {
-		response.InternalError(c, "Invalid user context")
+		response.Unauthorized(c, "User not authenticated")
 		return
 	}
 
@@ -58,7 +53,7 @@ func (h *UsageHandler) List(c *gin.Context) {
 			response.ErrorFrom(c, err)
 			return
 		}
-		if apiKey.UserID != user.ID {
+		if apiKey.UserID != subject.UserID {
 			response.Forbidden(c, "Not authorized to access this API key's usage records")
 			return
 		}
@@ -67,35 +62,33 @@ func (h *UsageHandler) List(c *gin.Context) {
 	}
 
 	params := pagination.PaginationParams{Page: page, PageSize: pageSize}
-	var records []model.UsageLog
+	var records []service.UsageLog
 	var result *pagination.PaginationResult
 	var err error
 
 	if apiKeyID > 0 {
 		records, result, err = h.usageService.ListByApiKey(c.Request.Context(), apiKeyID, params)
 	} else {
-		records, result, err = h.usageService.ListByUser(c.Request.Context(), user.ID, params)
+		records, result, err = h.usageService.ListByUser(c.Request.Context(), subject.UserID, params)
 	}
 	if err != nil {
 		response.ErrorFrom(c, err)
 		return
 	}
 
-	response.Paginated(c, records, result.Total, page, pageSize)
+	out := make([]dto.UsageLog, 0, len(records))
+	for i := range records {
+		out = append(out, *dto.UsageLogFromService(&records[i]))
+	}
+	response.Paginated(c, out, result.Total, page, pageSize)
 }
 
 // GetByID handles getting a single usage record
 // GET /api/v1/usage/:id
 func (h *UsageHandler) GetByID(c *gin.Context) {
-	userValue, exists := c.Get("user")
-	if !exists {
-		response.Unauthorized(c, "User not authenticated")
-		return
-	}
-
-	user, ok := userValue.(*model.User)
+	subject, ok := middleware2.GetAuthSubjectFromContext(c)
 	if !ok {
-		response.InternalError(c, "Invalid user context")
+		response.Unauthorized(c, "User not authenticated")
 		return
 	}
 
@@ -112,26 +105,20 @@ func (h *UsageHandler) GetByID(c *gin.Context) {
 	}
 
 	// 验证所有权
-	if record.UserID != user.ID {
+	if record.UserID != subject.UserID {
 		response.Forbidden(c, "Not authorized to access this record")
 		return
 	}
 
-	response.Success(c, record)
+	response.Success(c, dto.UsageLogFromService(record))
 }
 
 // Stats handles getting usage statistics
 // GET /api/v1/usage/stats
 func (h *UsageHandler) Stats(c *gin.Context) {
-	userValue, exists := c.Get("user")
-	if !exists {
-		response.Unauthorized(c, "User not authenticated")
-		return
-	}
-
-	user, ok := userValue.(*model.User)
+	subject, ok := middleware2.GetAuthSubjectFromContext(c)
 	if !ok {
-		response.InternalError(c, "Invalid user context")
+		response.Unauthorized(c, "User not authenticated")
 		return
 	}
 
@@ -149,7 +136,7 @@ func (h *UsageHandler) Stats(c *gin.Context) {
 			response.NotFound(c, "API key not found")
 			return
 		}
-		if apiKey.UserID != user.ID {
+		if apiKey.UserID != subject.UserID {
 			response.Forbidden(c, "Not authorized to access this API key's statistics")
 			return
 		}
@@ -201,7 +188,7 @@ func (h *UsageHandler) Stats(c *gin.Context) {
 	if apiKeyID > 0 {
 		stats, err = h.usageService.GetStatsByApiKey(c.Request.Context(), apiKeyID, startTime, endTime)
 	} else {
-		stats, err = h.usageService.GetStatsByUser(c.Request.Context(), user.ID, startTime, endTime)
+		stats, err = h.usageService.GetStatsByUser(c.Request.Context(), subject.UserID, startTime, endTime)
 	}
 	if err != nil {
 		response.ErrorFrom(c, err)
@@ -245,19 +232,13 @@ func parseUserTimeRange(c *gin.Context) (time.Time, time.Time) {
 // DashboardStats handles getting user dashboard statistics
 // GET /api/v1/usage/dashboard/stats
 func (h *UsageHandler) DashboardStats(c *gin.Context) {
-	userValue, exists := c.Get("user")
-	if !exists {
-		response.Unauthorized(c, "User not authenticated")
-		return
-	}
-
-	user, ok := userValue.(*model.User)
+	subject, ok := middleware2.GetAuthSubjectFromContext(c)
 	if !ok {
-		response.InternalError(c, "Invalid user context")
+		response.Unauthorized(c, "User not authenticated")
 		return
 	}
 
-	stats, err := h.usageService.GetUserDashboardStats(c.Request.Context(), user.ID)
+	stats, err := h.usageService.GetUserDashboardStats(c.Request.Context(), subject.UserID)
 	if err != nil {
 		response.ErrorFrom(c, err)
 		return
@@ -269,22 +250,16 @@ func (h *UsageHandler) DashboardStats(c *gin.Context) {
 // DashboardTrend handles getting user usage trend data
 // GET /api/v1/usage/dashboard/trend
 func (h *UsageHandler) DashboardTrend(c *gin.Context) {
-	userValue, exists := c.Get("user")
-	if !exists {
-		response.Unauthorized(c, "User not authenticated")
-		return
-	}
-
-	user, ok := userValue.(*model.User)
+	subject, ok := middleware2.GetAuthSubjectFromContext(c)
 	if !ok {
-		response.InternalError(c, "Invalid user context")
+		response.Unauthorized(c, "User not authenticated")
 		return
 	}
 
 	startTime, endTime := parseUserTimeRange(c)
 	granularity := c.DefaultQuery("granularity", "day")
 
-	trend, err := h.usageService.GetUserUsageTrendByUserID(c.Request.Context(), user.ID, startTime, endTime, granularity)
+	trend, err := h.usageService.GetUserUsageTrendByUserID(c.Request.Context(), subject.UserID, startTime, endTime, granularity)
 	if err != nil {
 		response.ErrorFrom(c, err)
 		return
@@ -301,21 +276,15 @@ func (h *UsageHandler) DashboardTrend(c *gin.Context) {
 // DashboardModels handles getting user model usage statistics
 // GET /api/v1/usage/dashboard/models
 func (h *UsageHandler) DashboardModels(c *gin.Context) {
-	userValue, exists := c.Get("user")
-	if !exists {
-		response.Unauthorized(c, "User not authenticated")
-		return
-	}
-
-	user, ok := userValue.(*model.User)
+	subject, ok := middleware2.GetAuthSubjectFromContext(c)
 	if !ok {
-		response.InternalError(c, "Invalid user context")
+		response.Unauthorized(c, "User not authenticated")
 		return
 	}
 
 	startTime, endTime := parseUserTimeRange(c)
 
-	stats, err := h.usageService.GetUserModelStats(c.Request.Context(), user.ID, startTime, endTime)
+	stats, err := h.usageService.GetUserModelStats(c.Request.Context(), subject.UserID, startTime, endTime)
 	if err != nil {
 		response.ErrorFrom(c, err)
 		return
@@ -336,15 +305,9 @@ type BatchApiKeysUsageRequest struct {
 // DashboardApiKeysUsage handles getting usage stats for user's own API keys
 // POST /api/v1/usage/dashboard/api-keys-usage
 func (h *UsageHandler) DashboardApiKeysUsage(c *gin.Context) {
-	userValue, exists := c.Get("user")
-	if !exists {
-		response.Unauthorized(c, "User not authenticated")
-		return
-	}
-
-	user, ok := userValue.(*model.User)
+	subject, ok := middleware2.GetAuthSubjectFromContext(c)
 	if !ok {
-		response.InternalError(c, "Invalid user context")
+		response.Unauthorized(c, "User not authenticated")
 		return
 	}
 
@@ -360,7 +323,7 @@ func (h *UsageHandler) DashboardApiKeysUsage(c *gin.Context) {
 	}
 
 	// Verify ownership of all requested API keys
-	userApiKeys, _, err := h.apiKeyService.List(c.Request.Context(), user.ID, pagination.PaginationParams{Page: 1, PageSize: 1000})
+	userApiKeys, _, err := h.apiKeyService.List(c.Request.Context(), subject.UserID, pagination.PaginationParams{Page: 1, PageSize: 1000})
 	if err != nil {
 		response.ErrorFrom(c, err)
 		return

backend/internal/handler/user_handler.go

 package handler
 
 import (
-	"github.com/Wei-Shaw/sub2api/internal/model"
+	"github.com/Wei-Shaw/sub2api/internal/handler/dto"
 	"github.com/Wei-Shaw/sub2api/internal/pkg/response"
+	middleware2 "github.com/Wei-Shaw/sub2api/internal/server/middleware"
 	"github.com/Wei-Shaw/sub2api/internal/service"
 
 	"github.com/gin-gonic/gin"
@@ -35,19 +36,13 @@ type UpdateProfileRequest struct {
 // GetProfile handles getting user profile
 // GET /api/v1/users/me
 func (h *UserHandler) GetProfile(c *gin.Context) {
-	userValue, exists := c.Get("user")
-	if !exists {
-		response.Unauthorized(c, "User not authenticated")
-		return
-	}
-
-	user, ok := userValue.(*model.User)
+	subject, ok := middleware2.GetAuthSubjectFromContext(c)
 	if !ok {
-		response.InternalError(c, "Invalid user context")
+		response.Unauthorized(c, "User not authenticated")
 		return
 	}
 
-	userData, err := h.userService.GetByID(c.Request.Context(), user.ID)
+	userData, err := h.userService.GetByID(c.Request.Context(), subject.UserID)
 	if err != nil {
 		response.ErrorFrom(c, err)
 		return
@@ -56,21 +51,15 @@ func (h *UserHandler) GetProfile(c *gin.Context) {
 	// 清空notes字段，普通用户不应看到备注
 	userData.Notes = ""
 
-	response.Success(c, userData)
+	response.Success(c, dto.UserFromService(userData))
 }
 
 // ChangePassword handles changing user password
 // POST /api/v1/users/me/password
 func (h *UserHandler) ChangePassword(c *gin.Context) {
-	userValue, exists := c.Get("user")
-	if !exists {
-		response.Unauthorized(c, "User not authenticated")
-		return
-	}
-
-	user, ok := userValue.(*model.User)
+	subject, ok := middleware2.GetAuthSubjectFromContext(c)
 	if !ok {
-		response.InternalError(c, "Invalid user context")
+		response.Unauthorized(c, "User not authenticated")
 		return
 	}
 
@@ -84,7 +73,7 @@ func (h *UserHandler) ChangePassword(c *gin.Context) {
 		CurrentPassword: req.OldPassword,
 		NewPassword:     req.NewPassword,
 	}
-	err := h.userService.ChangePassword(c.Request.Context(), user.ID, svcReq)
+	err := h.userService.ChangePassword(c.Request.Context(), subject.UserID, svcReq)
 	if err != nil {
 		response.ErrorFrom(c, err)
 		return
@@ -96,15 +85,9 @@ func (h *UserHandler) ChangePassword(c *gin.Context) {
 // UpdateProfile handles updating user profile
 // PUT /api/v1/users/me
 func (h *UserHandler) UpdateProfile(c *gin.Context) {
-	userValue, exists := c.Get("user")
-	if !exists {
-		response.Unauthorized(c, "User not authenticated")
-		return
-	}
-
-	user, ok := userValue.(*model.User)
+	subject, ok := middleware2.GetAuthSubjectFromContext(c)
 	if !ok {
-		response.InternalError(c, "Invalid user context")
+		response.Unauthorized(c, "User not authenticated")
 		return
 	}
 
@@ -118,7 +101,7 @@ func (h *UserHandler) UpdateProfile(c *gin.Context) {
 		Username: req.Username,
 		Wechat:   req.Wechat,
 	}
-	updatedUser, err := h.userService.UpdateProfile(c.Request.Context(), user.ID, svcReq)
+	updatedUser, err := h.userService.UpdateProfile(c.Request.Context(), subject.UserID, svcReq)
 	if err != nil {
 		response.ErrorFrom(c, err)
 		return
@@ -127,5 +110,5 @@ func (h *UserHandler) UpdateProfile(c *gin.Context) {
 	// 清空notes字段，普通用户不应看到备注
 	updatedUser.Notes = ""
 
-	response.Success(c, updatedUser)
+	response.Success(c, dto.UserFromService(updatedUser))
 }

backend/internal/infrastructure/database.go

@@ -2,8 +2,8 @@ package infrastructure
 
 import (
 	"github.com/Wei-Shaw/sub2api/internal/config"
-	"github.com/Wei-Shaw/sub2api/internal/model"
 	"github.com/Wei-Shaw/sub2api/internal/pkg/timezone"
+	"github.com/Wei-Shaw/sub2api/internal/repository"
 
 	"gorm.io/driver/postgres"
 	"gorm.io/gorm"
@@ -30,7 +30,7 @@ func InitDB(cfg *config.Config) (*gorm.DB, error) {
 
 	// 自动迁移（始终执行，确保数据库结构与代码同步）
 	// GORM 的 AutoMigrate 只会添加新字段，不会删除或修改已有字段，是安全的
-	if err := model.AutoMigrate(db); err != nil {
+	if err := repository.AutoMigrate(db); err != nil {
 		return nil, err
 	}
 

backend/internal/model/account_group.go

-package model
-
-import (
-	"time"
-)
-
-type AccountGroup struct {
-	AccountID int64     `gorm:"primaryKey" json:"account_id"`
-	GroupID   int64     `gorm:"primaryKey" json:"group_id"`
-	Priority  int       `gorm:"default:50;not null" json:"priority"` // 分组内优先级
-	CreatedAt time.Time `gorm:"not null" json:"created_at"`
-
-	// 关联
-	Account *Account `gorm:"foreignKey:AccountID" json:"account,omitempty"`
-	Group   *Group   `gorm:"foreignKey:GroupID" json:"group,omitempty"`
-}
-
-func (AccountGroup) TableName() string {
-	return "account_groups"
-}

backend/internal/model/api_key.go

-package model
-
-import (
-	"time"
-
-	"gorm.io/gorm"
-)
-
-type ApiKey struct {
-	ID        int64          `gorm:"primaryKey" json:"id"`
-	UserID    int64          `gorm:"index;not null" json:"user_id"`
-	Key       string         `gorm:"uniqueIndex;size:128;not null" json:"key"` // sk-xxx
-	Name      string         `gorm:"size:100;not null" json:"name"`
-	GroupID   *int64         `gorm:"index" json:"group_id"`
-	Status    string         `gorm:"size:20;default:active;not null" json:"status"` // active/disabled
-	CreatedAt time.Time      `gorm:"not null" json:"created_at"`
-	UpdatedAt time.Time      `gorm:"not null" json:"updated_at"`
-	DeletedAt gorm.DeletedAt `gorm:"index" json:"-"`
-
-	// 关联
-	User  *User  `gorm:"foreignKey:UserID" json:"user,omitempty"`
-	Group *Group `gorm:"foreignKey:GroupID" json:"group,omitempty"`
-}
-
-func (ApiKey) TableName() string {
-	return "api_keys"
-}
-
-// IsActive 检查是否激活
-func (k *ApiKey) IsActive() bool {
-	return k.Status == "active"
-}

backend/internal/model/group.go

-package model
-
-import (
-	"time"
-
-	"gorm.io/gorm"
-)
-
-// 订阅类型常量
-const (
-	SubscriptionTypeStandard     = "standard"     // 标准计费模式（按余额扣费）
-	SubscriptionTypeSubscription = "subscription" // 订阅模式（按限额控制）
-)
-
-type Group struct {
-	ID             int64   `gorm:"primaryKey" json:"id"`
-	Name           string  `gorm:"uniqueIndex;size:100;not null" json:"name"`
-	Description    string  `gorm:"type:text" json:"description"`
-	Platform       string  `gorm:"size:50;default:anthropic;not null" json:"platform"` // anthropic/openai/gemini
-	RateMultiplier float64 `gorm:"type:decimal(10,4);default:1.0;not null" json:"rate_multiplier"`
-	IsExclusive    bool    `gorm:"default:false;not null" json:"is_exclusive"`
-	Status         string  `gorm:"size:20;default:active;not null" json:"status"` // active/disabled
-
-	// 订阅功能字段
-	SubscriptionType string   `gorm:"size:20;default:standard;not null" json:"subscription_type"` // standard/subscription
-	DailyLimitUSD    *float64 `gorm:"type:decimal(20,8)" json:"daily_limit_usd"`
-	WeeklyLimitUSD   *float64 `gorm:"type:decimal(20,8)" json:"weekly_limit_usd"`
-	MonthlyLimitUSD  *float64 `gorm:"type:decimal(20,8)" json:"monthly_limit_usd"`
-
-	CreatedAt time.Time      `gorm:"not null" json:"created_at"`
-	UpdatedAt time.Time      `gorm:"not null" json:"updated_at"`
-	DeletedAt gorm.DeletedAt `gorm:"index" json:"-"`
-
-	// 关联
-	AccountGroups []AccountGroup `gorm:"foreignKey:GroupID" json:"account_groups,omitempty"`
-
-	// 虚拟字段 (不存储到数据库)
-	AccountCount int64 `gorm:"-" json:"account_count,omitempty"`
-}
-
-func (Group) TableName() string {
-	return "groups"
-}
-
-// IsActive 检查是否激活
-func (g *Group) IsActive() bool {
-	return g.Status == "active"
-}
-
-// IsSubscriptionType 检查是否为订阅类型分组
-func (g *Group) IsSubscriptionType() bool {
-	return g.SubscriptionType == SubscriptionTypeSubscription
-}
-
-// IsFreeSubscription 检查是否为免费订阅（不扣余额但有限额）
-func (g *Group) IsFreeSubscription() bool {
-	return g.IsSubscriptionType() && g.RateMultiplier == 0
-}
-
-// HasDailyLimit 检查是否有日限额
-func (g *Group) HasDailyLimit() bool {
-	return g.DailyLimitUSD != nil && *g.DailyLimitUSD > 0
-}
-
-// HasWeeklyLimit 检查是否有周限额
-func (g *Group) HasWeeklyLimit() bool {
-	return g.WeeklyLimitUSD != nil && *g.WeeklyLimitUSD > 0
-}
-
-// HasMonthlyLimit 检查是否有月限额
-func (g *Group) HasMonthlyLimit() bool {
-	return g.MonthlyLimitUSD != nil && *g.MonthlyLimitUSD > 0
-}

backend/internal/model/model.go

-package model
-
-import (
-	"gorm.io/gorm"
-)
-
-// AutoMigrate 自动迁移所有模型
-func AutoMigrate(db *gorm.DB) error {
-	return db.AutoMigrate(
-		&User{},
-		&ApiKey{},
-		&Group{},
-		&Account{},
-		&AccountGroup{},
-		&Proxy{},
-		&RedeemCode{},
-		&UsageLog{},
-		&Setting{},
-		&UserSubscription{},
-	)
-}
-
-// 状态常量
-const (
-	StatusActive   = "active"
-	StatusDisabled = "disabled"
-	StatusError    = "error"
-	StatusUnused   = "unused"
-	StatusUsed     = "used"
-	StatusExpired  = "expired"
-)
-
-// 角色常量
-const (
-	RoleAdmin = "admin"
-	RoleUser  = "user"
-)
-
-// 平台常量
-const (
-	PlatformAnthropic = "anthropic"
-	PlatformOpenAI    = "openai"
-	PlatformGemini    = "gemini"
-)
-
-// 账号类型常量
-const (
-	AccountTypeOAuth      = "oauth"       // OAuth类型账号（full scope: profile + inference）
-	AccountTypeSetupToken = "setup-token" // Setup Token类型账号（inference only scope）
-	AccountTypeApiKey     = "apikey"      // API Key类型账号
-)
-
-// 卡密类型常量
-const (
-	RedeemTypeBalance      = "balance"
-	RedeemTypeConcurrency  = "concurrency"
-	RedeemTypeSubscription = "subscription"
-)
-
-// 管理员调整类型常量
-const (
-	AdjustmentTypeAdminBalance     = "admin_balance"     // 管理员调整余额
-	AdjustmentTypeAdminConcurrency = "admin_concurrency" // 管理员调整并发数
-)

backend/internal/model/proxy.go

-package model
-
-import (
-	"fmt"
-	"time"
-
-	"gorm.io/gorm"
-)
-
-type Proxy struct {
-	ID        int64          `gorm:"primaryKey" json:"id"`
-	Name      string         `gorm:"size:100;not null" json:"name"`
-	Protocol  string         `gorm:"size:20;not null" json:"protocol"` // http/https/socks5
-	Host      string         `gorm:"size:255;not null" json:"host"`
-	Port      int            `gorm:"not null" json:"port"`
-	Username  string         `gorm:"size:100" json:"username"`
-	Password  string         `gorm:"size:100" json:"-"`
-	Status    string         `gorm:"size:20;default:active;not null" json:"status"` // active/disabled
-	CreatedAt time.Time      `gorm:"not null" json:"created_at"`
-	UpdatedAt time.Time      `gorm:"not null" json:"updated_at"`
-	DeletedAt gorm.DeletedAt `gorm:"index" json:"-"`
-}
-
-func (Proxy) TableName() string {
-	return "proxies"
-}
-
-// IsActive 检查是否激活
-func (p *Proxy) IsActive() bool {
-	return p.Status == "active"
-}
-
-// URL 返回代理URL
-func (p *Proxy) URL() string {
-	if p.Username != "" && p.Password != "" {
-		return fmt.Sprintf("%s://%s:%s@%s:%d", p.Protocol, p.Username, p.Password, p.Host, p.Port)
-	}
-	return fmt.Sprintf("%s://%s:%d", p.Protocol, p.Host, p.Port)
-}
-
-// ProxyWithAccountCount extends Proxy with account count information
-type ProxyWithAccountCount struct {
-	Proxy
-	AccountCount int64 `json:"account_count"`
-}

backend/internal/model/redeem_code.go

-package model
-
-import (
-	"crypto/rand"
-	"encoding/hex"
-	"time"
-)
-
-type RedeemCode struct {
-	ID        int64      `gorm:"primaryKey" json:"id"`
-	Code      string     `gorm:"uniqueIndex;size:32;not null" json:"code"`
-	Type      string     `gorm:"size:20;default:balance;not null" json:"type"`  // balance/concurrency/subscription
-	Value     float64    `gorm:"type:decimal(20,8);not null" json:"value"`      // 面值(USD)或并发数或有效天数
-	Status    string     `gorm:"size:20;default:unused;not null" json:"status"` // unused/used
-	UsedBy    *int64     `gorm:"index" json:"used_by"`
-	UsedAt    *time.Time `json:"used_at"`
-	Notes     string     `gorm:"type:text" json:"notes"`
-	CreatedAt time.Time  `gorm:"not null" json:"created_at"`
-
-	// 订阅类型专用字段
-	GroupID      *int64 `gorm:"index" json:"group_id"`           // 订阅分组ID (仅subscription类型使用)
-	ValidityDays int    `gorm:"default:30" json:"validity_days"` // 订阅有效天数 (仅subscription类型使用)
-
-	// 关联
-	User  *User  `gorm:"foreignKey:UsedBy" json:"user,omitempty"`
-	Group *Group `gorm:"foreignKey:GroupID" json:"group,omitempty"`
-}
-
-func (RedeemCode) TableName() string {
-	return "redeem_codes"
-}
-
-// IsUsed 检查是否已使用
-func (r *RedeemCode) IsUsed() bool {
-	return r.Status == "used"
-}
-
-// CanUse 检查是否可以使用
-func (r *RedeemCode) CanUse() bool {
-	return r.Status == "unused"
-}
-
-// GenerateRedeemCode 生成唯一的兑换码
-func GenerateRedeemCode() (string, error) {
-	b := make([]byte, 16)
-	if _, err := rand.Read(b); err != nil {
-		return "", err
-	}
-	return hex.EncodeToString(b), nil
-}

backend/internal/model/usage_log.go

-package model
-
-import (
-	"time"
-)
-
-// 消费类型常量
-const (
-	BillingTypeBalance      int8 = 0 // 钱包余额
-	BillingTypeSubscription int8 = 1 // 订阅套餐
-)
-
-type UsageLog struct {
-	ID        int64  `gorm:"primaryKey" json:"id"`
-	UserID    int64  `gorm:"index;not null" json:"user_id"`
-	ApiKeyID  int64  `gorm:"index;not null" json:"api_key_id"`
-	AccountID int64  `gorm:"index;not null" json:"account_id"`
-	RequestID string `gorm:"size:64" json:"request_id"`
-	Model     string `gorm:"size:100;index;not null" json:"model"`
-
-	// 订阅关联（可选）
-	GroupID        *int64 `gorm:"index" json:"group_id"`
-	SubscriptionID *int64 `gorm:"index" json:"subscription_id"`
-
-	// Token使用量（4类）
-	InputTokens         int `gorm:"default:0;not null" json:"input_tokens"`
-	OutputTokens        int `gorm:"default:0;not null" json:"output_tokens"`
-	CacheCreationTokens int `gorm:"default:0;not null" json:"cache_creation_tokens"`
-	CacheReadTokens     int `gorm:"default:0;not null" json:"cache_read_tokens"`
-
-	// 详细的缓存创建分类
-	CacheCreation5mTokens int `gorm:"default:0;not null" json:"cache_creation_5m_tokens"`
-	CacheCreation1hTokens int `gorm:"default:0;not null" json:"cache_creation_1h_tokens"`
-
-	// 费用（USD）
-	InputCost         float64 `gorm:"type:decimal(20,10);default:0;not null" json:"input_cost"`
-	OutputCost        float64 `gorm:"type:decimal(20,10);default:0;not null" json:"output_cost"`
-	CacheCreationCost float64 `gorm:"type:decimal(20,10);default:0;not null" json:"cache_creation_cost"`
-	CacheReadCost     float64 `gorm:"type:decimal(20,10);default:0;not null" json:"cache_read_cost"`
-	TotalCost         float64 `gorm:"type:decimal(20,10);default:0;not null" json:"total_cost"`     // 原始总费用
-	ActualCost        float64 `gorm:"type:decimal(20,10);default:0;not null" json:"actual_cost"`    // 实际扣除费用
-	RateMultiplier    float64 `gorm:"type:decimal(10,4);default:1;not null" json:"rate_multiplier"` // 计费倍率
-
-	// 元数据
-	BillingType  int8 `gorm:"type:smallint;default:0;not null" json:"billing_type"` // 0=余额 1=订阅
-	Stream       bool `gorm:"default:false;not null" json:"stream"`
-	DurationMs   *int `json:"duration_ms"`
-	FirstTokenMs *int `json:"first_token_ms"` // 首字时间（流式请求）
-
-	CreatedAt time.Time `gorm:"index;not null" json:"created_at"`
-
-	// 关联
-	User         *User             `gorm:"foreignKey:UserID" json:"user,omitempty"`
-	ApiKey       *ApiKey           `gorm:"foreignKey:ApiKeyID" json:"api_key,omitempty"`
-	Account      *Account          `gorm:"foreignKey:AccountID" json:"account,omitempty"`
-	Group        *Group            `gorm:"foreignKey:GroupID" json:"group,omitempty"`
-	Subscription *UserSubscription `gorm:"foreignKey:SubscriptionID" json:"subscription,omitempty"`
-}
-
-func (UsageLog) TableName() string {
-	return "usage_logs"
-}
-
-// TotalTokens 总token数
-func (u *UsageLog) TotalTokens() int {
-	return u.InputTokens + u.OutputTokens + u.CacheCreationTokens + u.CacheReadTokens
-}

backend/internal/model/user.go

-package model
-
-import (
-	"time"
-
-	"github.com/lib/pq"
-	"golang.org/x/crypto/bcrypt"
-	"gorm.io/gorm"
-)
-
-type User struct {
-	ID            int64          `gorm:"primaryKey" json:"id"`
-	Email         string         `gorm:"uniqueIndex;size:255;not null" json:"email"`
-	Username      string         `gorm:"size:100;default:''" json:"username"`
-	Wechat        string         `gorm:"size:100;default:''" json:"wechat"`
-	Notes         string         `gorm:"type:text;default:''" json:"notes"`
-	PasswordHash  string         `gorm:"size:255;not null" json:"-"`
-	Role          string         `gorm:"size:20;default:user;not null" json:"role"` // admin/user
-	Balance       float64        `gorm:"type:decimal(20,8);default:0;not null" json:"balance"`
-	Concurrency   int            `gorm:"default:5;not null" json:"concurrency"`
-	Status        string         `gorm:"size:20;default:active;not null" json:"status"` // active/disabled
-	AllowedGroups pq.Int64Array  `gorm:"type:bigint[]" json:"allowed_groups"`
-	CreatedAt     time.Time      `gorm:"not null" json:"created_at"`
-	UpdatedAt     time.Time      `gorm:"not null" json:"updated_at"`
-	DeletedAt     gorm.DeletedAt `gorm:"index" json:"-"`
-
-	// 关联
-	ApiKeys       []ApiKey           `gorm:"foreignKey:UserID" json:"api_keys,omitempty"`
-	Subscriptions []UserSubscription `gorm:"foreignKey:UserID" json:"subscriptions,omitempty"`
-}
-
-func (User) TableName() string {
-	return "users"
-}
-
-// IsAdmin 检查是否管理员
-func (u *User) IsAdmin() bool {
-	return u.Role == "admin"
-}
-
-// IsActive 检查是否激活
-func (u *User) IsActive() bool {
-	return u.Status == "active"
-}
-
-// CanBindGroup 检查是否可以绑定指定分组
-// 对于标准类型分组：
-// - 如果 AllowedGroups 设置了值（非空数组），只能绑定列表中的分组
-// - 如果 AllowedGroups 为 nil 或空数组，可以绑定所有非专属分组
-func (u *User) CanBindGroup(groupID int64, isExclusive bool) bool {
-	// 如果设置了 allowed_groups 且不为空，只能绑定指定的分组
-	if len(u.AllowedGroups) > 0 {
-		for _, id := range u.AllowedGroups {
-			if id == groupID {
-				return true
-			}
-		}
-		return false
-	}
-	// 如果没有设置 allowed_groups 或为空数组，可以绑定所有非专属分组
-	return !isExclusive
-}
-
-// SetPassword 设置密码（哈希存储）
-func (u *User) SetPassword(password string) error {
-	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
-	if err != nil {
-		return err
-	}
-	u.PasswordHash = string(hash)
-	return nil
-}
-
-// CheckPassword 验证密码
-func (u *User) CheckPassword(password string) bool {
-	err := bcrypt.CompareHashAndPassword([]byte(u.PasswordHash), []byte(password))
-	return err == nil
-}

backend/internal/repository/account_repo.go

@@ -5,10 +5,10 @@ import (
 	"errors"
 	"time"
 
-	"github.com/Wei-Shaw/sub2api/internal/model"
 	"github.com/Wei-Shaw/sub2api/internal/pkg/pagination"
 	"github.com/Wei-Shaw/sub2api/internal/service"
 
+	"gorm.io/datatypes"
 	"gorm.io/gorm"
 	"gorm.io/gorm/clause"
 )
@@ -21,69 +21,66 @@ func NewAccountRepository(db *gorm.DB) service.AccountRepository {
 	return &accountRepository{db: db}
 }
 
-func (r *accountRepository) Create(ctx context.Context, account *model.Account) error {
-	return r.db.WithContext(ctx).Create(account).Error
+func (r *accountRepository) Create(ctx context.Context, account *service.Account) error {
+	m := accountModelFromService(account)
+	err := r.db.WithContext(ctx).Create(m).Error
+	if err == nil {
+		applyAccountModelToService(account, m)
+	}
+	return err
 }
 
-func (r *accountRepository) GetByID(ctx context.Context, id int64) (*model.Account, error) {
-	var account model.Account
-	err := r.db.WithContext(ctx).Preload("Proxy").Preload("AccountGroups.Group").First(&account, id).Error
+func (r *accountRepository) GetByID(ctx context.Context, id int64) (*service.Account, error) {
+	var m accountModel
+	err := r.db.WithContext(ctx).Preload("Proxy").Preload("AccountGroups.Group").First(&m, id).Error
 	if err != nil {
 		return nil, translatePersistenceError(err, service.ErrAccountNotFound, nil)
 	}
-	// 填充 GroupIDs 和 Groups 虚拟字段
-	account.GroupIDs = make([]int64, 0, len(account.AccountGroups))
-	account.Groups = make([]*model.Group, 0, len(account.AccountGroups))
-	for _, ag := range account.AccountGroups {
-		account.GroupIDs = append(account.GroupIDs, ag.GroupID)
-		if ag.Group != nil {
-			account.Groups = append(account.Groups, ag.Group)
-		}
-	}
-	return &account, nil
+	return accountModelToService(&m), nil
 }
 
-func (r *accountRepository) GetByCRSAccountID(ctx context.Context, crsAccountID string) (*model.Account, error) {
+func (r *accountRepository) GetByCRSAccountID(ctx context.Context, crsAccountID string) (*service.Account, error) {
 	if crsAccountID == "" {
 		return nil, nil
 	}
 
-	var account model.Account
-	err := r.db.WithContext(ctx).Where("extra->>'crs_account_id' = ?", crsAccountID).First(&account).Error
+	var m accountModel
+	err := r.db.WithContext(ctx).Where("extra->>'crs_account_id' = ?", crsAccountID).First(&m).Error
 	if err != nil {
 		if errors.Is(err, gorm.ErrRecordNotFound) {
 			return nil, nil
 		}
 		return nil, err
 	}
-	return &account, nil
+	return accountModelToService(&m), nil
 }
 
-func (r *accountRepository) Update(ctx context.Context, account *model.Account) error {
-	return r.db.WithContext(ctx).Save(account).Error
+func (r *accountRepository) Update(ctx context.Context, account *service.Account) error {
+	m := accountModelFromService(account)
+	err := r.db.WithContext(ctx).Save(m).Error
+	if err == nil {
+		applyAccountModelToService(account, m)
+	}
+	return err
 }
 
 func (r *accountRepository) Delete(ctx context.Context, id int64) error {
-	// 先删除账号与分组的绑定关系
-	if err := r.db.WithContext(ctx).Where("account_id = ?", id).Delete(&model.AccountGroup{}).Error; err != nil {
+	if err := r.db.WithContext(ctx).Where("account_id = ?", id).Delete(&accountGroupModel{}).Error; err != nil {
 		return err
 	}
-	// 再删除账号
-	return r.db.WithContext(ctx).Delete(&model.Account{}, id).Error
+	return r.db.WithContext(ctx).Delete(&accountModel{}, id).Error
 }
 
-func (r *accountRepository) List(ctx context.Context, params pagination.PaginationParams) ([]model.Account, *pagination.PaginationResult, error) {
+func (r *accountRepository) List(ctx context.Context, params pagination.PaginationParams) ([]service.Account, *pagination.PaginationResult, error) {
 	return r.ListWithFilters(ctx, params, "", "", "", "")
 }
 
-// ListWithFilters lists accounts with optional filtering by platform, type, status, and search query
-func (r *accountRepository) ListWithFilters(ctx context.Context, params pagination.PaginationParams, platform, accountType, status, search string) ([]model.Account, *pagination.PaginationResult, error) {
-	var accounts []model.Account
+func (r *accountRepository) ListWithFilters(ctx context.Context, params pagination.PaginationParams, platform, accountType, status, search string) ([]service.Account, *pagination.PaginationResult, error) {
+	var accounts []accountModel
 	var total int64
 
-	db := r.db.WithContext(ctx).Model(&model.Account{})
+	db := r.db.WithContext(ctx).Model(&accountModel{})
 
-	// Apply filters
 	if platform != "" {
 		db = db.Where("platform = ?", platform)
 	}
@@ -106,67 +103,84 @@ func (r *accountRepository) ListWithFilters(ctx context.Context, params paginati
 		return nil, nil, err
 	}
 
-	// 填充每个 Account 的虚拟字段（GroupIDs 和 Groups）
+	outAccounts := make([]service.Account, 0, len(accounts))
 	for i := range accounts {
-		accounts[i].GroupIDs = make([]int64, 0, len(accounts[i].AccountGroups))
-		accounts[i].Groups = make([]*model.Group, 0, len(accounts[i].AccountGroups))
-		for _, ag := range accounts[i].AccountGroups {
-			accounts[i].GroupIDs = append(accounts[i].GroupIDs, ag.GroupID)
-			if ag.Group != nil {
-				accounts[i].Groups = append(accounts[i].Groups, ag.Group)
-			}
-		}
+		outAccounts = append(outAccounts, *accountModelToService(&accounts[i]))
 	}
 
-	pages := int(total) / params.Limit()
-	if int(total)%params.Limit() > 0 {
-		pages++
-	}
-
-	return accounts, &pagination.PaginationResult{
-		Total:    total,
-		Page:     params.Page,
-		PageSize: params.Limit(),
-		Pages:    pages,
-	}, nil
+	return outAccounts, paginationResultFromTotal(total, params), nil
 }
 
-func (r *accountRepository) ListByGroup(ctx context.Context, groupID int64) ([]model.Account, error) {
-	var accounts []model.Account
+func (r *accountRepository) ListByGroup(ctx context.Context, groupID int64) ([]service.Account, error) {
+	var accounts []accountModel
 	err := r.db.WithContext(ctx).
 		Joins("JOIN account_groups ON account_groups.account_id = accounts.id").
-		Where("account_groups.group_id = ? AND accounts.status = ?", groupID, model.StatusActive).
+		Where("account_groups.group_id = ? AND accounts.status = ?", groupID, service.StatusActive).
 		Preload("Proxy").
 		Order("account_groups.priority ASC, accounts.priority ASC").
 		Find(&accounts).Error
-	return accounts, err
+	if err != nil {
+		return nil, err
+	}
+
+	outAccounts := make([]service.Account, 0, len(accounts))
+	for i := range accounts {
+		outAccounts = append(outAccounts, *accountModelToService(&accounts[i]))
+	}
+	return outAccounts, nil
 }
 
-func (r *accountRepository) ListActive(ctx context.Context) ([]model.Account, error) {
-	var accounts []model.Account
+func (r *accountRepository) ListActive(ctx context.Context) ([]service.Account, error) {
+	var accounts []accountModel
 	err := r.db.WithContext(ctx).
-		Where("status = ?", model.StatusActive).
+		Where("status = ?", service.StatusActive).
 		Preload("Proxy").
 		Order("priority ASC").
 		Find(&accounts).Error
-	return accounts, err
+	if err != nil {
+		return nil, err
+	}
+
+	outAccounts := make([]service.Account, 0, len(accounts))
+	for i := range accounts {
+		outAccounts = append(outAccounts, *accountModelToService(&accounts[i]))
+	}
+	return outAccounts, nil
+}
+
+func (r *accountRepository) ListByPlatform(ctx context.Context, platform string) ([]service.Account, error) {
+	var accounts []accountModel
+	err := r.db.WithContext(ctx).
+		Where("platform = ? AND status = ?", platform, service.StatusActive).
+		Preload("Proxy").
+		Order("priority ASC").
+		Find(&accounts).Error
+	if err != nil {
+		return nil, err
+	}
+
+	outAccounts := make([]service.Account, 0, len(accounts))
+	for i := range accounts {
+		outAccounts = append(outAccounts, *accountModelToService(&accounts[i]))
+	}
+	return outAccounts, nil
 }
 
 func (r *accountRepository) UpdateLastUsed(ctx context.Context, id int64) error {
 	now := time.Now()
-	return r.db.WithContext(ctx).Model(&model.Account{}).Where("id = ?", id).Update("last_used_at", now).Error
+	return r.db.WithContext(ctx).Model(&accountModel{}).Where("id = ?", id).Update("last_used_at", now).Error
 }
 
 func (r *accountRepository) SetError(ctx context.Context, id int64, errorMsg string) error {
-	return r.db.WithContext(ctx).Model(&model.Account{}).Where("id = ?", id).
+	return r.db.WithContext(ctx).Model(&accountModel{}).Where("id = ?", id).
 		Updates(map[string]any{
-			"status":        model.StatusError,
+			"status":        service.StatusError,
 			"error_message": errorMsg,
 		}).Error
 }
 
 func (r *accountRepository) AddToGroup(ctx context.Context, accountID, groupID int64, priority int) error {
-	ag := &model.AccountGroup{
+	ag := &accountGroupModel{
 		AccountID: accountID,
 		GroupID:   groupID,
 		Priority:  priority,
@@ -176,131 +190,148 @@ func (r *accountRepository) AddToGroup(ctx context.Context, accountID, groupID i
 
 func (r *accountRepository) RemoveFromGroup(ctx context.Context, accountID, groupID int64) error {
 	return r.db.WithContext(ctx).Where("account_id = ? AND group_id = ?", accountID, groupID).
-		Delete(&model.AccountGroup{}).Error
+		Delete(&accountGroupModel{}).Error
 }
 
-func (r *accountRepository) GetGroups(ctx context.Context, accountID int64) ([]model.Group, error) {
-	var groups []model.Group
+func (r *accountRepository) GetGroups(ctx context.Context, accountID int64) ([]service.Group, error) {
+	var groups []groupModel
 	err := r.db.WithContext(ctx).
 		Joins("JOIN account_groups ON account_groups.group_id = groups.id").
 		Where("account_groups.account_id = ?", accountID).
 		Find(&groups).Error
-	return groups, err
-}
+	if err != nil {
+		return nil, err
+	}
 
-func (r *accountRepository) ListByPlatform(ctx context.Context, platform string) ([]model.Account, error) {
-	var accounts []model.Account
-	err := r.db.WithContext(ctx).
-		Where("platform = ? AND status = ?", platform, model.StatusActive).
-		Preload("Proxy").
-		Order("priority ASC").
-		Find(&accounts).Error
-	return accounts, err
+	outGroups := make([]service.Group, 0, len(groups))
+	for i := range groups {
+		outGroups = append(outGroups, *groupModelToService(&groups[i]))
+	}
+	return outGroups, nil
 }
 
 func (r *accountRepository) BindGroups(ctx context.Context, accountID int64, groupIDs []int64) error {
-	// 删除现有绑定
-	if err := r.db.WithContext(ctx).Where("account_id = ?", accountID).Delete(&model.AccountGroup{}).Error; err != nil {
+	if err := r.db.WithContext(ctx).Where("account_id = ?", accountID).Delete(&accountGroupModel{}).Error; err != nil {
 		return err
 	}
 
-	// 添加新绑定
-	if len(groupIDs) > 0 {
-		accountGroups := make([]model.AccountGroup, 0, len(groupIDs))
-		for i, groupID := range groupIDs {
-			accountGroups = append(accountGroups, model.AccountGroup{
-				AccountID: accountID,
-				GroupID:   groupID,
-				Priority:  i + 1, // 使用索引作为优先级
-			})
-		}
-		return r.db.WithContext(ctx).Create(&accountGroups).Error
+	if len(groupIDs) == 0 {
+		return nil
 	}
 
-	return nil
+	accountGroups := make([]accountGroupModel, 0, len(groupIDs))
+	for i, groupID := range groupIDs {
+		accountGroups = append(accountGroups, accountGroupModel{
+			AccountID: accountID,
+			GroupID:   groupID,
+			Priority:  i + 1,
+		})
+	}
+	return r.db.WithContext(ctx).Create(&accountGroups).Error
 }
 
-// ListSchedulable 获取所有可调度的账号
-func (r *accountRepository) ListSchedulable(ctx context.Context) ([]model.Account, error) {
-	var accounts []model.Account
+func (r *accountRepository) ListSchedulable(ctx context.Context) ([]service.Account, error) {
+	var accounts []accountModel
 	now := time.Now()
 	err := r.db.WithContext(ctx).
-		Where("status = ? AND schedulable = ?", model.StatusActive, true).
+		Where("status = ? AND schedulable = ?", service.StatusActive, true).
 		Where("(overload_until IS NULL OR overload_until <= ?)", now).
 		Where("(rate_limit_reset_at IS NULL OR rate_limit_reset_at <= ?)", now).
 		Preload("Proxy").
 		Order("priority ASC").
 		Find(&accounts).Error
-	return accounts, err
+	if err != nil {
+		return nil, err
+	}
+	outAccounts := make([]service.Account, 0, len(accounts))
+	for i := range accounts {
+		outAccounts = append(outAccounts, *accountModelToService(&accounts[i]))
+	}
+	return outAccounts, nil
 }
 
-// ListSchedulableByGroupID 按组获取可调度的账号
-func (r *accountRepository) ListSchedulableByGroupID(ctx context.Context, groupID int64) ([]model.Account, error) {
-	var accounts []model.Account
+func (r *accountRepository) ListSchedulableByGroupID(ctx context.Context, groupID int64) ([]service.Account, error) {
+	var accounts []accountModel
 	now := time.Now()
 	err := r.db.WithContext(ctx).
 		Joins("JOIN account_groups ON account_groups.account_id = accounts.id").
 		Where("account_groups.group_id = ?", groupID).
-		Where("accounts.status = ? AND accounts.schedulable = ?", model.StatusActive, true).
+		Where("accounts.status = ? AND accounts.schedulable = ?", service.StatusActive, true).
 		Where("(accounts.overload_until IS NULL OR accounts.overload_until <= ?)", now).
 		Where("(accounts.rate_limit_reset_at IS NULL OR accounts.rate_limit_reset_at <= ?)", now).
 		Preload("Proxy").
 		Order("account_groups.priority ASC, accounts.priority ASC").
 		Find(&accounts).Error
-	return accounts, err
+	if err != nil {
+		return nil, err
+	}
+	outAccounts := make([]service.Account, 0, len(accounts))
+	for i := range accounts {
+		outAccounts = append(outAccounts, *accountModelToService(&accounts[i]))
+	}
+	return outAccounts, nil
 }
 
-// ListSchedulableByPlatform 按平台获取可调度的账号
-func (r *accountRepository) ListSchedulableByPlatform(ctx context.Context, platform string) ([]model.Account, error) {
-	var accounts []model.Account
+func (r *accountRepository) ListSchedulableByPlatform(ctx context.Context, platform string) ([]service.Account, error) {
+	var accounts []accountModel
 	now := time.Now()
 	err := r.db.WithContext(ctx).
 		Where("platform = ?", platform).
-		Where("status = ? AND schedulable = ?", model.StatusActive, true).
+		Where("status = ? AND schedulable = ?", service.StatusActive, true).
 		Where("(overload_until IS NULL OR overload_until <= ?)", now).
 		Where("(rate_limit_reset_at IS NULL OR rate_limit_reset_at <= ?)", now).
 		Preload("Proxy").
 		Order("priority ASC").
 		Find(&accounts).Error
-	return accounts, err
+	if err != nil {
+		return nil, err
+	}
+	outAccounts := make([]service.Account, 0, len(accounts))
+	for i := range accounts {
+		outAccounts = append(outAccounts, *accountModelToService(&accounts[i]))
+	}
+	return outAccounts, nil
 }
 
-// ListSchedulableByGroupIDAndPlatform 按组和平台获取可调度的账号
-func (r *accountRepository) ListSchedulableByGroupIDAndPlatform(ctx context.Context, groupID int64, platform string) ([]model.Account, error) {
-	var accounts []model.Account
+func (r *accountRepository) ListSchedulableByGroupIDAndPlatform(ctx context.Context, groupID int64, platform string) ([]service.Account, error) {
+	var accounts []accountModel
 	now := time.Now()
 	err := r.db.WithContext(ctx).
 		Joins("JOIN account_groups ON account_groups.account_id = accounts.id").
 		Where("account_groups.group_id = ?", groupID).
 		Where("accounts.platform = ?", platform).
-		Where("accounts.status = ? AND accounts.schedulable = ?", model.StatusActive, true).
+		Where("accounts.status = ? AND accounts.schedulable = ?", service.StatusActive, true).
 		Where("(accounts.overload_until IS NULL OR accounts.overload_until <= ?)", now).
 		Where("(accounts.rate_limit_reset_at IS NULL OR accounts.rate_limit_reset_at <= ?)", now).
 		Preload("Proxy").
 		Order("account_groups.priority ASC, accounts.priority ASC").
 		Find(&accounts).Error
-	return accounts, err
+	if err != nil {
+		return nil, err
+	}
+	outAccounts := make([]service.Account, 0, len(accounts))
+	for i := range accounts {
+		outAccounts = append(outAccounts, *accountModelToService(&accounts[i]))
+	}
+	return outAccounts, nil
 }
 
-// SetRateLimited 标记账号为限流状态(429)
 func (r *accountRepository) SetRateLimited(ctx context.Context, id int64, resetAt time.Time) error {
 	now := time.Now()
-	return r.db.WithContext(ctx).Model(&model.Account{}).Where("id = ?", id).
+	return r.db.WithContext(ctx).Model(&accountModel{}).Where("id = ?", id).
 		Updates(map[string]any{
 			"rate_limited_at":     now,
 			"rate_limit_reset_at": resetAt,
 		}).Error
 }
 
-// SetOverloaded 标记账号为过载状态(529)
 func (r *accountRepository) SetOverloaded(ctx context.Context, id int64, until time.Time) error {
-	return r.db.WithContext(ctx).Model(&model.Account{}).Where("id = ?", id).
+	return r.db.WithContext(ctx).Model(&accountModel{}).Where("id = ?", id).
 		Update("overload_until", until).Error
 }
 
-// ClearRateLimit 清除账号的限流状态
 func (r *accountRepository) ClearRateLimit(ctx context.Context, id int64) error {
-	return r.db.WithContext(ctx).Model(&model.Account{}).Where("id = ?", id).
+	return r.db.WithContext(ctx).Model(&accountModel{}).Where("id = ?", id).
 		Updates(map[string]any{
 			"rate_limited_at":     nil,
 			"rate_limit_reset_at": nil,
@@ -308,7 +339,6 @@ func (r *accountRepository) ClearRateLimit(ctx context.Context, id int64) error
 		}).Error
 }
 
-// UpdateSessionWindow 更新账号的5小时时间窗口信息
 func (r *accountRepository) UpdateSessionWindow(ctx context.Context, id int64, start, end *time.Time, status string) error {
 	updates := map[string]any{
 		"session_window_status": status,
@@ -319,45 +349,35 @@ func (r *accountRepository) UpdateSessionWindow(ctx context.Context, id int64, s
 	if end != nil {
 		updates["session_window_end"] = end
 	}
-	return r.db.WithContext(ctx).Model(&model.Account{}).Where("id = ?", id).Updates(updates).Error
+	return r.db.WithContext(ctx).Model(&accountModel{}).Where("id = ?", id).Updates(updates).Error
 }
 
-// SetSchedulable 设置账号的调度开关
 func (r *accountRepository) SetSchedulable(ctx context.Context, id int64, schedulable bool) error {
-	return r.db.WithContext(ctx).Model(&model.Account{}).Where("id = ?", id).
+	return r.db.WithContext(ctx).Model(&accountModel{}).Where("id = ?", id).
 		Update("schedulable", schedulable).Error
 }
 
-// UpdateExtra updates specific fields in account's Extra JSONB field
-// It merges the updates into existing Extra data without overwriting other fields
 func (r *accountRepository) UpdateExtra(ctx context.Context, id int64, updates map[string]any) error {
 	if len(updates) == 0 {
 		return nil
 	}
 
-	// Get current account to preserve existing Extra data
-	var account model.Account
+	var account accountModel
 	if err := r.db.WithContext(ctx).Select("extra").Where("id = ?", id).First(&account).Error; err != nil {
 		return err
 	}
 
-	// Initialize Extra if nil
 	if account.Extra == nil {
-		account.Extra = make(model.JSONB)
+		account.Extra = datatypes.JSONMap{}
 	}
-
-	// Merge updates into existing Extra
 	for k, v := range updates {
 		account.Extra[k] = v
 	}
 
-	// Save updated Extra
-	return r.db.WithContext(ctx).Model(&model.Account{}).Where("id = ?", id).
+	return r.db.WithContext(ctx).Model(&accountModel{}).Where("id = ?", id).
 		Update("extra", account.Extra).Error
 }
 
-// BulkUpdate updates multiple accounts with the provided fields.
-// It merges credentials/extra JSONB fields instead of overwriting them.
 func (r *accountRepository) BulkUpdate(ctx context.Context, ids []int64, updates service.AccountBulkUpdate) (int64, error) {
 	if len(ids) == 0 {
 		return 0, nil
@@ -381,10 +401,10 @@ func (r *accountRepository) BulkUpdate(ctx context.Context, ids []int64, updates
 		updateMap["status"] = *updates.Status
 	}
 	if len(updates.Credentials) > 0 {
-		updateMap["credentials"] = gorm.Expr("COALESCE(credentials,'{}') || ?", updates.Credentials)
+		updateMap["credentials"] = gorm.Expr("COALESCE(credentials,'{}') || ?", datatypes.JSONMap(updates.Credentials))
 	}
 	if len(updates.Extra) > 0 {
-		updateMap["extra"] = gorm.Expr("COALESCE(extra,'{}') || ?", updates.Extra)
+		updateMap["extra"] = gorm.Expr("COALESCE(extra,'{}') || ?", datatypes.JSONMap(updates.Extra))
 	}
 
 	if len(updateMap) == 0 {
@@ -392,10 +412,178 @@ func (r *accountRepository) BulkUpdate(ctx context.Context, ids []int64, updates
 	}
 
 	result := r.db.WithContext(ctx).
-		Model(&model.Account{}).
+		Model(&accountModel{}).
 		Where("id IN ?", ids).
 		Clauses(clause.Returning{}).
 		Updates(updateMap)
 
 	return result.RowsAffected, result.Error
 }
+
+type accountModel struct {
+	ID           int64             `gorm:"primaryKey"`
+	Name         string            `gorm:"size:100;not null"`
+	Platform     string            `gorm:"size:50;not null"`
+	Type         string            `gorm:"size:20;not null"`
+	Credentials  datatypes.JSONMap `gorm:"type:jsonb;default:'{}'"`
+	Extra        datatypes.JSONMap `gorm:"type:jsonb;default:'{}'"`
+	ProxyID      *int64            `gorm:"index"`
+	Concurrency  int               `gorm:"default:3;not null"`
+	Priority     int               `gorm:"default:50;not null"`
+	Status       string            `gorm:"size:20;default:active;not null"`
+	ErrorMessage string            `gorm:"type:text"`
+	LastUsedAt   *time.Time        `gorm:"index"`
+	CreatedAt    time.Time         `gorm:"not null"`
+	UpdatedAt    time.Time         `gorm:"not null"`
+	DeletedAt    gorm.DeletedAt    `gorm:"index"`
+
+	Schedulable bool `gorm:"default:true;not null"`
+
+	RateLimitedAt    *time.Time `gorm:"index"`
+	RateLimitResetAt *time.Time `gorm:"index"`
+	OverloadUntil    *time.Time `gorm:"index"`
+
+	SessionWindowStart  *time.Time
+	SessionWindowEnd    *time.Time
+	SessionWindowStatus string `gorm:"size:20"`
+
+	Proxy         *proxyModel         `gorm:"foreignKey:ProxyID"`
+	AccountGroups []accountGroupModel `gorm:"foreignKey:AccountID"`
+}
+
+func (accountModel) TableName() string { return "accounts" }
+
+type accountGroupModel struct {
+	AccountID int64     `gorm:"primaryKey"`
+	GroupID   int64     `gorm:"primaryKey"`
+	Priority  int       `gorm:"default:50;not null"`
+	CreatedAt time.Time `gorm:"not null"`
+
+	Account *accountModel `gorm:"foreignKey:AccountID"`
+	Group   *groupModel   `gorm:"foreignKey:GroupID"`
+}
+
+func (accountGroupModel) TableName() string { return "account_groups" }
+
+func accountGroupModelToService(m *accountGroupModel) *service.AccountGroup {
+	if m == nil {
+		return nil
+	}
+	return &service.AccountGroup{
+		AccountID: m.AccountID,
+		GroupID:   m.GroupID,
+		Priority:  m.Priority,
+		CreatedAt: m.CreatedAt,
+		Account:   accountModelToService(m.Account),
+		Group:     groupModelToService(m.Group),
+	}
+}
+
+func accountModelToService(m *accountModel) *service.Account {
+	if m == nil {
+		return nil
+	}
+
+	var credentials map[string]any
+	if m.Credentials != nil {
+		credentials = map[string]any(m.Credentials)
+	}
+
+	var extra map[string]any
+	if m.Extra != nil {
+		extra = map[string]any(m.Extra)
+	}
+
+	account := &service.Account{
+		ID:                  m.ID,
+		Name:                m.Name,
+		Platform:            m.Platform,
+		Type:                m.Type,
+		Credentials:         credentials,
+		Extra:               extra,
+		ProxyID:             m.ProxyID,
+		Concurrency:         m.Concurrency,
+		Priority:            m.Priority,
+		Status:              m.Status,
+		ErrorMessage:        m.ErrorMessage,
+		LastUsedAt:          m.LastUsedAt,
+		CreatedAt:           m.CreatedAt,
+		UpdatedAt:           m.UpdatedAt,
+		Schedulable:         m.Schedulable,
+		RateLimitedAt:       m.RateLimitedAt,
+		RateLimitResetAt:    m.RateLimitResetAt,
+		OverloadUntil:       m.OverloadUntil,
+		SessionWindowStart:  m.SessionWindowStart,
+		SessionWindowEnd:    m.SessionWindowEnd,
+		SessionWindowStatus: m.SessionWindowStatus,
+		Proxy:               proxyModelToService(m.Proxy),
+	}
+
+	if len(m.AccountGroups) > 0 {
+		account.AccountGroups = make([]service.AccountGroup, 0, len(m.AccountGroups))
+		account.GroupIDs = make([]int64, 0, len(m.AccountGroups))
+		account.Groups = make([]*service.Group, 0, len(m.AccountGroups))
+		for i := range m.AccountGroups {
+			ag := accountGroupModelToService(&m.AccountGroups[i])
+			if ag == nil {
+				continue
+			}
+			account.AccountGroups = append(account.AccountGroups, *ag)
+			account.GroupIDs = append(account.GroupIDs, ag.GroupID)
+			if ag.Group != nil {
+				account.Groups = append(account.Groups, ag.Group)
+			}
+		}
+	}
+
+	return account
+}
+
+func accountModelFromService(a *service.Account) *accountModel {
+	if a == nil {
+		return nil
+	}
+
+	var credentials datatypes.JSONMap
+	if a.Credentials != nil {
+		credentials = datatypes.JSONMap(a.Credentials)
+	}
+
+	var extra datatypes.JSONMap
+	if a.Extra != nil {
+		extra = datatypes.JSONMap(a.Extra)
+	}
+
+	return &accountModel{
+		ID:                  a.ID,
+		Name:                a.Name,
+		Platform:            a.Platform,
+		Type:                a.Type,
+		Credentials:         credentials,
+		Extra:               extra,
+		ProxyID:             a.ProxyID,
+		Concurrency:         a.Concurrency,
+		Priority:            a.Priority,
+		Status:              a.Status,
+		ErrorMessage:        a.ErrorMessage,
+		LastUsedAt:          a.LastUsedAt,
+		CreatedAt:           a.CreatedAt,
+		UpdatedAt:           a.UpdatedAt,
+		Schedulable:         a.Schedulable,
+		RateLimitedAt:       a.RateLimitedAt,
+		RateLimitResetAt:    a.RateLimitResetAt,
+		OverloadUntil:       a.OverloadUntil,
+		SessionWindowStart:  a.SessionWindowStart,
+		SessionWindowEnd:    a.SessionWindowEnd,
+		SessionWindowStatus: a.SessionWindowStatus,
+	}
+}
+
+func applyAccountModelToService(account *service.Account, m *accountModel) {
+	if account == nil || m == nil {
+		return
+	}
+	account.ID = m.ID
+	account.CreatedAt = m.CreatedAt
+	account.UpdatedAt = m.UpdatedAt
+}

backend/internal/repository/account_repo_integration_test.go

@@ -7,10 +7,10 @@ import (
 	"testing"
 	"time"
 
-	"github.com/Wei-Shaw/sub2api/internal/model"
 	"github.com/Wei-Shaw/sub2api/internal/pkg/pagination"
 	"github.com/Wei-Shaw/sub2api/internal/service"
 	"github.com/stretchr/testify/suite"
+	"gorm.io/datatypes"
 	"gorm.io/gorm"
 )
 
@@ -34,11 +34,16 @@ func TestAccountRepoSuite(t *testing.T) {
 // --- Create / GetByID / Update / Delete ---
 
 func (s *AccountRepoSuite) TestCreate() {
-	account := &model.Account{
-		Name:     "test-create",
-		Platform: model.PlatformAnthropic,
-		Type:     model.AccountTypeOAuth,
-		Status:   model.StatusActive,
+	account := &service.Account{
+		Name:        "test-create",
+		Platform:    service.PlatformAnthropic,
+		Type:        service.AccountTypeOAuth,
+		Status:      service.StatusActive,
+		Credentials: map[string]any{},
+		Extra:       map[string]any{},
+		Concurrency: 3,
+		Priority:    50,
+		Schedulable: true,
 	}
 
 	err := s.repo.Create(s.ctx, account)
@@ -56,7 +61,7 @@ func (s *AccountRepoSuite) TestGetByID_NotFound() {
 }
 
 func (s *AccountRepoSuite) TestUpdate() {
-	account := mustCreateAccount(s.T(), s.db, &model.Account{Name: "original"})
+	account := accountModelToService(mustCreateAccount(s.T(), s.db, &accountModel{Name: "original"}))
 
 	account.Name = "updated"
 	err := s.repo.Update(s.ctx, account)
@@ -68,7 +73,7 @@ func (s *AccountRepoSuite) TestUpdate() {
 }
 
 func (s *AccountRepoSuite) TestDelete() {
-	account := mustCreateAccount(s.T(), s.db, &model.Account{Name: "to-delete"})
+	account := mustCreateAccount(s.T(), s.db, &accountModel{Name: "to-delete"})
 
 	err := s.repo.Delete(s.ctx, account.ID)
 	s.Require().NoError(err, "Delete")
@@ -78,23 +83,23 @@ func (s *AccountRepoSuite) TestDelete() {
 }
 
 func (s *AccountRepoSuite) TestDelete_WithGroupBindings() {
-	group := mustCreateGroup(s.T(), s.db, &model.Group{Name: "g-del"})
-	account := mustCreateAccount(s.T(), s.db, &model.Account{Name: "acc-del"})
+	group := mustCreateGroup(s.T(), s.db, &groupModel{Name: "g-del"})
+	account := mustCreateAccount(s.T(), s.db, &accountModel{Name: "acc-del"})
 	mustBindAccountToGroup(s.T(), s.db, account.ID, group.ID, 1)
 
 	err := s.repo.Delete(s.ctx, account.ID)
 	s.Require().NoError(err, "Delete should cascade remove bindings")
 
 	var count int64
-	s.db.Model(&model.AccountGroup{}).Where("account_id = ?", account.ID).Count(&count)
+	s.db.Model(&accountGroupModel{}).Where("account_id = ?", account.ID).Count(&count)
 	s.Require().Zero(count, "expected bindings to be removed")
 }
 
 // --- List / ListWithFilters ---
 
 func (s *AccountRepoSuite) TestList() {
-	mustCreateAccount(s.T(), s.db, &model.Account{Name: "acc1"})
-	mustCreateAccount(s.T(), s.db, &model.Account{Name: "acc2"})
+	mustCreateAccount(s.T(), s.db, &accountModel{Name: "acc1"})
+	mustCreateAccount(s.T(), s.db, &accountModel{Name: "acc2"})
 
 	accounts, page, err := s.repo.List(s.ctx, pagination.PaginationParams{Page: 1, PageSize: 10})
 	s.Require().NoError(err, "List")
@@ -111,53 +116,53 @@ func (s *AccountRepoSuite) TestListWithFilters() {
 		status    string
 		search    string
 		wantCount int
-		validate  func(accounts []model.Account)
+		validate  func(accounts []service.Account)
 	}{
 		{
 			name: "filter_by_platform",
 			setup: func(db *gorm.DB) {
-				mustCreateAccount(s.T(), db, &model.Account{Name: "a1", Platform: model.PlatformAnthropic})
-				mustCreateAccount(s.T(), db, &model.Account{Name: "a2", Platform: model.PlatformOpenAI})
+				mustCreateAccount(s.T(), db, &accountModel{Name: "a1", Platform: service.PlatformAnthropic})
+				mustCreateAccount(s.T(), db, &accountModel{Name: "a2", Platform: service.PlatformOpenAI})
 			},
-			platform:  model.PlatformOpenAI,
+			platform:  service.PlatformOpenAI,
 			wantCount: 1,
-			validate: func(accounts []model.Account) {
-				s.Require().Equal(model.PlatformOpenAI, accounts[0].Platform)
+			validate: func(accounts []service.Account) {
+				s.Require().Equal(service.PlatformOpenAI, accounts[0].Platform)
 			},
 		},
 		{
 			name: "filter_by_type",
 			setup: func(db *gorm.DB) {
-				mustCreateAccount(s.T(), db, &model.Account{Name: "t1", Type: model.AccountTypeOAuth})
-				mustCreateAccount(s.T(), db, &model.Account{Name: "t2", Type: model.AccountTypeApiKey})
+				mustCreateAccount(s.T(), db, &accountModel{Name: "t1", Type: service.AccountTypeOAuth})
+				mustCreateAccount(s.T(), db, &accountModel{Name: "t2", Type: service.AccountTypeApiKey})
 			},
-			accType:   model.AccountTypeApiKey,
+			accType:   service.AccountTypeApiKey,
 			wantCount: 1,
-			validate: func(accounts []model.Account) {
-				s.Require().Equal(model.AccountTypeApiKey, accounts[0].Type)
+			validate: func(accounts []service.Account) {
+				s.Require().Equal(service.AccountTypeApiKey, accounts[0].Type)
 			},
 		},
 		{
 			name: "filter_by_status",
 			setup: func(db *gorm.DB) {
-				mustCreateAccount(s.T(), db, &model.Account{Name: "s1", Status: model.StatusActive})
-				mustCreateAccount(s.T(), db, &model.Account{Name: "s2", Status: model.StatusDisabled})
+				mustCreateAccount(s.T(), db, &accountModel{Name: "s1", Status: service.StatusActive})
+				mustCreateAccount(s.T(), db, &accountModel{Name: "s2", Status: service.StatusDisabled})
 			},
-			status:    model.StatusDisabled,
+			status:    service.StatusDisabled,
 			wantCount: 1,
-			validate: func(accounts []model.Account) {
-				s.Require().Equal(model.StatusDisabled, accounts[0].Status)
+			validate: func(accounts []service.Account) {
+				s.Require().Equal(service.StatusDisabled, accounts[0].Status)
 			},
 		},
 		{
 			name: "filter_by_search",
 			setup: func(db *gorm.DB) {
-				mustCreateAccount(s.T(), db, &model.Account{Name: "alpha-account"})
-				mustCreateAccount(s.T(), db, &model.Account{Name: "beta-account"})
+				mustCreateAccount(s.T(), db, &accountModel{Name: "alpha-account"})
+				mustCreateAccount(s.T(), db, &accountModel{Name: "beta-account"})
 			},
 			search:    "alpha",
 			wantCount: 1,
-			validate: func(accounts []model.Account) {
+			validate: func(accounts []service.Account) {
 				s.Require().Contains(accounts[0].Name, "alpha")
 			},
 		},
@@ -185,9 +190,9 @@ func (s *AccountRepoSuite) TestListWithFilters() {
 // --- ListByGroup / ListActive / ListByPlatform ---
 
 func (s *AccountRepoSuite) TestListByGroup() {
-	group := mustCreateGroup(s.T(), s.db, &model.Group{Name: "g-list"})
-	acc1 := mustCreateAccount(s.T(), s.db, &model.Account{Name: "a1", Status: model.StatusActive})
-	acc2 := mustCreateAccount(s.T(), s.db, &model.Account{Name: "a2", Status: model.StatusActive})
+	group := mustCreateGroup(s.T(), s.db, &groupModel{Name: "g-list"})
+	acc1 := mustCreateAccount(s.T(), s.db, &accountModel{Name: "a1", Status: service.StatusActive})
+	acc2 := mustCreateAccount(s.T(), s.db, &accountModel{Name: "a2", Status: service.StatusActive})
 	mustBindAccountToGroup(s.T(), s.db, acc1.ID, group.ID, 2)
 	mustBindAccountToGroup(s.T(), s.db, acc2.ID, group.ID, 1)
 
@@ -199,8 +204,8 @@ func (s *AccountRepoSuite) TestListByGroup() {
 }
 
 func (s *AccountRepoSuite) TestListActive() {
-	mustCreateAccount(s.T(), s.db, &model.Account{Name: "active1", Status: model.StatusActive})
-	mustCreateAccount(s.T(), s.db, &model.Account{Name: "inactive1", Status: model.StatusDisabled})
+	mustCreateAccount(s.T(), s.db, &accountModel{Name: "active1", Status: service.StatusActive})
+	mustCreateAccount(s.T(), s.db, &accountModel{Name: "inactive1", Status: service.StatusDisabled})
 
 	accounts, err := s.repo.ListActive(s.ctx)
 	s.Require().NoError(err, "ListActive")
@@ -209,22 +214,22 @@ func (s *AccountRepoSuite) TestListActive() {
 }
 
 func (s *AccountRepoSuite) TestListByPlatform() {
-	mustCreateAccount(s.T(), s.db, &model.Account{Name: "p1", Platform: model.PlatformAnthropic, Status: model.StatusActive})
-	mustCreateAccount(s.T(), s.db, &model.Account{Name: "p2", Platform: model.PlatformOpenAI, Status: model.StatusActive})
+	mustCreateAccount(s.T(), s.db, &accountModel{Name: "p1", Platform: service.PlatformAnthropic, Status: service.StatusActive})
+	mustCreateAccount(s.T(), s.db, &accountModel{Name: "p2", Platform: service.PlatformOpenAI, Status: service.StatusActive})
 
-	accounts, err := s.repo.ListByPlatform(s.ctx, model.PlatformAnthropic)
+	accounts, err := s.repo.ListByPlatform(s.ctx, service.PlatformAnthropic)
 	s.Require().NoError(err, "ListByPlatform")
 	s.Require().Len(accounts, 1)
-	s.Require().Equal(model.PlatformAnthropic, accounts[0].Platform)
+	s.Require().Equal(service.PlatformAnthropic, accounts[0].Platform)
 }
 
 // --- Preload and VirtualFields ---
 
 func (s *AccountRepoSuite) TestPreload_And_VirtualFields() {
-	proxy := mustCreateProxy(s.T(), s.db, &model.Proxy{Name: "p1"})
-	group := mustCreateGroup(s.T(), s.db, &model.Group{Name: "g1"})
+	proxy := mustCreateProxy(s.T(), s.db, &proxyModel{Name: "p1"})
+	group := mustCreateGroup(s.T(), s.db, &groupModel{Name: "g1"})
 
-	account := mustCreateAccount(s.T(), s.db, &model.Account{
+	account := mustCreateAccount(s.T(), s.db, &accountModel{
 		Name:    "acc1",
 		ProxyID: &proxy.ID,
 	})
@@ -252,9 +257,9 @@ func (s *AccountRepoSuite) TestPreload_And_VirtualFields() {
 // --- GroupBinding / AddToGroup / RemoveFromGroup / BindGroups / GetGroups ---
 
 func (s *AccountRepoSuite) TestGroupBinding_And_BindGroups() {
-	g1 := mustCreateGroup(s.T(), s.db, &model.Group{Name: "g1"})
-	g2 := mustCreateGroup(s.T(), s.db, &model.Group{Name: "g2"})
-	account := mustCreateAccount(s.T(), s.db, &model.Account{Name: "acc"})
+	g1 := mustCreateGroup(s.T(), s.db, &groupModel{Name: "g1"})
+	g2 := mustCreateGroup(s.T(), s.db, &groupModel{Name: "g2"})
+	account := mustCreateAccount(s.T(), s.db, &accountModel{Name: "acc"})
 
 	s.Require().NoError(s.repo.AddToGroup(s.ctx, account.ID, g1.ID, 10), "AddToGroup")
 	groups, err := s.repo.GetGroups(s.ctx, account.ID)
@@ -274,8 +279,8 @@ func (s *AccountRepoSuite) TestGroupBinding_And_BindGroups() {
 }
 
 func (s *AccountRepoSuite) TestBindGroups_EmptyList() {
-	account := mustCreateAccount(s.T(), s.db, &model.Account{Name: "acc-empty"})
-	group := mustCreateGroup(s.T(), s.db, &model.Group{Name: "g-empty"})
+	account := mustCreateAccount(s.T(), s.db, &accountModel{Name: "acc-empty"})
+	group := mustCreateGroup(s.T(), s.db, &groupModel{Name: "g-empty"})
 	mustBindAccountToGroup(s.T(), s.db, account.ID, group.ID, 1)
 
 	s.Require().NoError(s.repo.BindGroups(s.ctx, account.ID, []int64{}), "BindGroups empty")
@@ -289,13 +294,13 @@ func (s *AccountRepoSuite) TestBindGroups_EmptyList() {
 
 func (s *AccountRepoSuite) TestListSchedulable() {
 	now := time.Now()
-	group := mustCreateGroup(s.T(), s.db, &model.Group{Name: "g-sched"})
+	group := mustCreateGroup(s.T(), s.db, &groupModel{Name: "g-sched"})
 
-	okAcc := mustCreateAccount(s.T(), s.db, &model.Account{Name: "ok", Schedulable: true})
+	okAcc := mustCreateAccount(s.T(), s.db, &accountModel{Name: "ok", Schedulable: true})
 	mustBindAccountToGroup(s.T(), s.db, okAcc.ID, group.ID, 1)
 
 	future := now.Add(10 * time.Minute)
-	overloaded := mustCreateAccount(s.T(), s.db, &model.Account{Name: "over", Schedulable: true, OverloadUntil: &future})
+	overloaded := mustCreateAccount(s.T(), s.db, &accountModel{Name: "over", Schedulable: true, OverloadUntil: &future})
 	mustBindAccountToGroup(s.T(), s.db, overloaded.ID, group.ID, 1)
 
 	sched, err := s.repo.ListSchedulable(s.ctx)
@@ -307,16 +312,16 @@ func (s *AccountRepoSuite) TestListSchedulable() {
 
 func (s *AccountRepoSuite) TestListSchedulableByGroupID_TimeBoundaries_And_StatusUpdates() {
 	now := time.Now()
-	group := mustCreateGroup(s.T(), s.db, &model.Group{Name: "g-sched"})
+	group := mustCreateGroup(s.T(), s.db, &groupModel{Name: "g-sched"})
 
-	okAcc := mustCreateAccount(s.T(), s.db, &model.Account{Name: "ok", Schedulable: true})
+	okAcc := mustCreateAccount(s.T(), s.db, &accountModel{Name: "ok", Schedulable: true})
 	mustBindAccountToGroup(s.T(), s.db, okAcc.ID, group.ID, 1)
 
 	future := now.Add(10 * time.Minute)
-	overloaded := mustCreateAccount(s.T(), s.db, &model.Account{Name: "over", Schedulable: true, OverloadUntil: &future})
+	overloaded := mustCreateAccount(s.T(), s.db, &accountModel{Name: "over", Schedulable: true, OverloadUntil: &future})
 	mustBindAccountToGroup(s.T(), s.db, overloaded.ID, group.ID, 1)
 
-	rateLimited := mustCreateAccount(s.T(), s.db, &model.Account{Name: "rl", Schedulable: true})
+	rateLimited := mustCreateAccount(s.T(), s.db, &accountModel{Name: "rl", Schedulable: true})
 	mustBindAccountToGroup(s.T(), s.db, rateLimited.ID, group.ID, 1)
 	s.Require().NoError(s.repo.SetRateLimited(s.ctx, rateLimited.ID, now.Add(10*time.Minute)), "SetRateLimited")
 
@@ -334,30 +339,30 @@ func (s *AccountRepoSuite) TestListSchedulableByGroupID_TimeBoundaries_And_Statu
 }
 
 func (s *AccountRepoSuite) TestListSchedulableByPlatform() {
-	mustCreateAccount(s.T(), s.db, &model.Account{Name: "a1", Platform: model.PlatformAnthropic, Schedulable: true})
-	mustCreateAccount(s.T(), s.db, &model.Account{Name: "a2", Platform: model.PlatformOpenAI, Schedulable: true})
+	mustCreateAccount(s.T(), s.db, &accountModel{Name: "a1", Platform: service.PlatformAnthropic, Schedulable: true})
+	mustCreateAccount(s.T(), s.db, &accountModel{Name: "a2", Platform: service.PlatformOpenAI, Schedulable: true})
 
-	accounts, err := s.repo.ListSchedulableByPlatform(s.ctx, model.PlatformAnthropic)
+	accounts, err := s.repo.ListSchedulableByPlatform(s.ctx, service.PlatformAnthropic)
 	s.Require().NoError(err)
 	s.Require().Len(accounts, 1)
-	s.Require().Equal(model.PlatformAnthropic, accounts[0].Platform)
+	s.Require().Equal(service.PlatformAnthropic, accounts[0].Platform)
 }
 
 func (s *AccountRepoSuite) TestListSchedulableByGroupIDAndPlatform() {
-	group := mustCreateGroup(s.T(), s.db, &model.Group{Name: "g-sp"})
-	a1 := mustCreateAccount(s.T(), s.db, &model.Account{Name: "a1", Platform: model.PlatformAnthropic, Schedulable: true})
-	a2 := mustCreateAccount(s.T(), s.db, &model.Account{Name: "a2", Platform: model.PlatformOpenAI, Schedulable: true})
+	group := mustCreateGroup(s.T(), s.db, &groupModel{Name: "g-sp"})
+	a1 := mustCreateAccount(s.T(), s.db, &accountModel{Name: "a1", Platform: service.PlatformAnthropic, Schedulable: true})
+	a2 := mustCreateAccount(s.T(), s.db, &accountModel{Name: "a2", Platform: service.PlatformOpenAI, Schedulable: true})
 	mustBindAccountToGroup(s.T(), s.db, a1.ID, group.ID, 1)
 	mustBindAccountToGroup(s.T(), s.db, a2.ID, group.ID, 2)
 
-	accounts, err := s.repo.ListSchedulableByGroupIDAndPlatform(s.ctx, group.ID, model.PlatformAnthropic)
+	accounts, err := s.repo.ListSchedulableByGroupIDAndPlatform(s.ctx, group.ID, service.PlatformAnthropic)
 	s.Require().NoError(err)
 	s.Require().Len(accounts, 1)
 	s.Require().Equal(a1.ID, accounts[0].ID)
 }
 
 func (s *AccountRepoSuite) TestSetSchedulable() {
-	account := mustCreateAccount(s.T(), s.db, &model.Account{Name: "acc-sched", Schedulable: true})
+	account := mustCreateAccount(s.T(), s.db, &accountModel{Name: "acc-sched", Schedulable: true})
 
 	s.Require().NoError(s.repo.SetSchedulable(s.ctx, account.ID, false))
 
@@ -369,7 +374,7 @@ func (s *AccountRepoSuite) TestSetSchedulable() {
 // --- SetOverloaded / SetRateLimited / ClearRateLimit ---
 
 func (s *AccountRepoSuite) TestSetOverloaded() {
-	account := mustCreateAccount(s.T(), s.db, &model.Account{Name: "acc-over"})
+	account := mustCreateAccount(s.T(), s.db, &accountModel{Name: "acc-over"})
 	until := time.Date(2025, 6, 15, 12, 0, 0, 0, time.UTC)
 
 	s.Require().NoError(s.repo.SetOverloaded(s.ctx, account.ID, until))
@@ -381,7 +386,7 @@ func (s *AccountRepoSuite) TestSetOverloaded() {
 }
 
 func (s *AccountRepoSuite) TestSetRateLimited() {
-	account := mustCreateAccount(s.T(), s.db, &model.Account{Name: "acc-rl"})
+	account := mustCreateAccount(s.T(), s.db, &accountModel{Name: "acc-rl"})
 	resetAt := time.Date(2025, 6, 15, 14, 0, 0, 0, time.UTC)
 
 	s.Require().NoError(s.repo.SetRateLimited(s.ctx, account.ID, resetAt))
@@ -394,7 +399,7 @@ func (s *AccountRepoSuite) TestSetRateLimited() {
 }
 
 func (s *AccountRepoSuite) TestClearRateLimit() {
-	account := mustCreateAccount(s.T(), s.db, &model.Account{Name: "acc-clear"})
+	account := mustCreateAccount(s.T(), s.db, &accountModel{Name: "acc-clear"})
 	until := time.Now().Add(1 * time.Hour)
 	s.Require().NoError(s.repo.SetOverloaded(s.ctx, account.ID, until))
 	s.Require().NoError(s.repo.SetRateLimited(s.ctx, account.ID, until))
@@ -411,7 +416,7 @@ func (s *AccountRepoSuite) TestClearRateLimit() {
 // --- UpdateLastUsed ---
 
 func (s *AccountRepoSuite) TestUpdateLastUsed() {
-	account := mustCreateAccount(s.T(), s.db, &model.Account{Name: "acc-used"})
+	account := mustCreateAccount(s.T(), s.db, &accountModel{Name: "acc-used"})
 	s.Require().Nil(account.LastUsedAt)
 
 	s.Require().NoError(s.repo.UpdateLastUsed(s.ctx, account.ID))
@@ -424,20 +429,20 @@ func (s *AccountRepoSuite) TestUpdateLastUsed() {
 // --- SetError ---
 
 func (s *AccountRepoSuite) TestSetError() {
-	account := mustCreateAccount(s.T(), s.db, &model.Account{Name: "acc-err", Status: model.StatusActive})
+	account := mustCreateAccount(s.T(), s.db, &accountModel{Name: "acc-err", Status: service.StatusActive})
 
 	s.Require().NoError(s.repo.SetError(s.ctx, account.ID, "something went wrong"))
 
 	got, err := s.repo.GetByID(s.ctx, account.ID)
 	s.Require().NoError(err)
-	s.Require().Equal(model.StatusError, got.Status)
+	s.Require().Equal(service.StatusError, got.Status)
 	s.Require().Equal("something went wrong", got.ErrorMessage)
 }
 
 // --- UpdateSessionWindow ---
 
 func (s *AccountRepoSuite) TestUpdateSessionWindow() {
-	account := mustCreateAccount(s.T(), s.db, &model.Account{Name: "acc-win"})
+	account := mustCreateAccount(s.T(), s.db, &accountModel{Name: "acc-win"})
 	start := time.Date(2025, 6, 15, 10, 0, 0, 0, time.UTC)
 	end := time.Date(2025, 6, 15, 15, 0, 0, 0, time.UTC)
 
@@ -453,9 +458,9 @@ func (s *AccountRepoSuite) TestUpdateSessionWindow() {
 // --- UpdateExtra ---
 
 func (s *AccountRepoSuite) TestUpdateExtra_MergesFields() {
-	account := mustCreateAccount(s.T(), s.db, &model.Account{
+	account := mustCreateAccount(s.T(), s.db, &accountModel{
 		Name:  "acc-extra",
-		Extra: model.JSONB{"a": "1"},
+		Extra: datatypes.JSONMap{"a": "1"},
 	})
 	s.Require().NoError(s.repo.UpdateExtra(s.ctx, account.ID, map[string]any{"b": "2"}), "UpdateExtra")
 
@@ -466,12 +471,12 @@ func (s *AccountRepoSuite) TestUpdateExtra_MergesFields() {
 }
 
 func (s *AccountRepoSuite) TestUpdateExtra_EmptyUpdates() {
-	account := mustCreateAccount(s.T(), s.db, &model.Account{Name: "acc-extra-empty"})
+	account := mustCreateAccount(s.T(), s.db, &accountModel{Name: "acc-extra-empty"})
 	s.Require().NoError(s.repo.UpdateExtra(s.ctx, account.ID, map[string]any{}))
 }
 
 func (s *AccountRepoSuite) TestUpdateExtra_NilExtra() {
-	account := mustCreateAccount(s.T(), s.db, &model.Account{Name: "acc-nil-extra", Extra: nil})
+	account := mustCreateAccount(s.T(), s.db, &accountModel{Name: "acc-nil-extra", Extra: nil})
 	s.Require().NoError(s.repo.UpdateExtra(s.ctx, account.ID, map[string]any{"key": "val"}))
 
 	got, err := s.repo.GetByID(s.ctx, account.ID)
@@ -483,9 +488,9 @@ func (s *AccountRepoSuite) TestUpdateExtra_NilExtra() {
 
 func (s *AccountRepoSuite) TestGetByCRSAccountID() {
 	crsID := "crs-12345"
-	mustCreateAccount(s.T(), s.db, &model.Account{
+	mustCreateAccount(s.T(), s.db, &accountModel{
 		Name:  "acc-crs",
-		Extra: model.JSONB{"crs_account_id": crsID},
+		Extra: datatypes.JSONMap{"crs_account_id": crsID},
 	})
 
 	got, err := s.repo.GetByCRSAccountID(s.ctx, crsID)
@@ -509,8 +514,8 @@ func (s *AccountRepoSuite) TestGetByCRSAccountID_EmptyString() {
 // --- BulkUpdate ---
 
 func (s *AccountRepoSuite) TestBulkUpdate() {
-	a1 := mustCreateAccount(s.T(), s.db, &model.Account{Name: "bulk1", Priority: 1})
-	a2 := mustCreateAccount(s.T(), s.db, &model.Account{Name: "bulk2", Priority: 1})
+	a1 := mustCreateAccount(s.T(), s.db, &accountModel{Name: "bulk1", Priority: 1})
+	a2 := mustCreateAccount(s.T(), s.db, &accountModel{Name: "bulk2", Priority: 1})
 
 	newPriority := 99
 	affected, err := s.repo.BulkUpdate(s.ctx, []int64{a1.ID, a2.ID}, service.AccountBulkUpdate{
@@ -526,13 +531,13 @@ func (s *AccountRepoSuite) TestBulkUpdate() {
 }
 
 func (s *AccountRepoSuite) TestBulkUpdate_MergeCredentials() {
-	a1 := mustCreateAccount(s.T(), s.db, &model.Account{
+	a1 := mustCreateAccount(s.T(), s.db, &accountModel{
 		Name:        "bulk-cred",
-		Credentials: model.JSONB{"existing": "value"},
+		Credentials: datatypes.JSONMap{"existing": "value"},
 	})
 
 	_, err := s.repo.BulkUpdate(s.ctx, []int64{a1.ID}, service.AccountBulkUpdate{
-		Credentials: model.JSONB{"new_key": "new_value"},
+		Credentials: datatypes.JSONMap{"new_key": "new_value"},
 	})
 	s.Require().NoError(err)
 
@@ -542,13 +547,13 @@ func (s *AccountRepoSuite) TestBulkUpdate_MergeCredentials() {
 }
 
 func (s *AccountRepoSuite) TestBulkUpdate_MergeExtra() {
-	a1 := mustCreateAccount(s.T(), s.db, &model.Account{
+	a1 := mustCreateAccount(s.T(), s.db, &accountModel{
 		Name:  "bulk-extra",
-		Extra: model.JSONB{"existing": "val"},
+		Extra: datatypes.JSONMap{"existing": "val"},
 	})
 
 	_, err := s.repo.BulkUpdate(s.ctx, []int64{a1.ID}, service.AccountBulkUpdate{
-		Extra: model.JSONB{"new_key": "new_val"},
+		Extra: datatypes.JSONMap{"new_key": "new_val"},
 	})
 	s.Require().NoError(err)
 
@@ -564,14 +569,14 @@ func (s *AccountRepoSuite) TestBulkUpdate_EmptyIDs() {
 }
 
 func (s *AccountRepoSuite) TestBulkUpdate_EmptyUpdates() {
-	a1 := mustCreateAccount(s.T(), s.db, &model.Account{Name: "bulk-empty"})
+	a1 := mustCreateAccount(s.T(), s.db, &accountModel{Name: "bulk-empty"})
 
 	affected, err := s.repo.BulkUpdate(s.ctx, []int64{a1.ID}, service.AccountBulkUpdate{})
 	s.Require().NoError(err)
 	s.Require().Zero(affected)
 }
 
-func idsOfAccounts(accounts []model.Account) []int64 {
+func idsOfAccounts(accounts []service.Account) []int64 {
 	out := make([]int64, 0, len(accounts))
 	for i := range accounts {
 		out = append(out, accounts[i].ID)

backend/internal/repository/api_key_cache.go

@@ -2,6 +2,7 @@ package repository
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"time"
 
@@ -14,6 +15,11 @@ const (
 	apiKeyRateLimitDuration  = 24 * time.Hour
 )
 
+// apiKeyRateLimitKey generates the Redis key for API key creation rate limiting.
+func apiKeyRateLimitKey(userID int64) string {
+	return fmt.Sprintf("%s%d", apiKeyRateLimitKeyPrefix, userID)
+}
+
 type apiKeyCache struct {
 	rdb *redis.Client
 }
@@ -23,12 +29,16 @@ func NewApiKeyCache(rdb *redis.Client) service.ApiKeyCache {
 }
 
 func (c *apiKeyCache) GetCreateAttemptCount(ctx context.Context, userID int64) (int, error) {
-	key := fmt.Sprintf("%s%d", apiKeyRateLimitKeyPrefix, userID)
-	return c.rdb.Get(ctx, key).Int()
+	key := apiKeyRateLimitKey(userID)
+	count, err := c.rdb.Get(ctx, key).Int()
+	if errors.Is(err, redis.Nil) {
+		return 0, nil
+	}
+	return count, err
 }
 
 func (c *apiKeyCache) IncrementCreateAttemptCount(ctx context.Context, userID int64) error {
-	key := fmt.Sprintf("%s%d", apiKeyRateLimitKeyPrefix, userID)
+	key := apiKeyRateLimitKey(userID)
 	pipe := c.rdb.Pipeline()
 	pipe.Incr(ctx, key)
 	pipe.Expire(ctx, key, apiKeyRateLimitDuration)
@@ -37,7 +47,7 @@ func (c *apiKeyCache) IncrementCreateAttemptCount(ctx context.Context, userID in
 }
 
 func (c *apiKeyCache) DeleteCreateAttemptCount(ctx context.Context, userID int64) error {
-	key := fmt.Sprintf("%s%d", apiKeyRateLimitKeyPrefix, userID)
+	key := apiKeyRateLimitKey(userID)
 	return c.rdb.Del(ctx, key).Err()
 }
 

backend/internal/repository/api_key_cache_integration_test.go

@@ -23,13 +23,14 @@ func (s *ApiKeyCacheSuite) TestCreateAttemptCount() {
 		fn   func(ctx context.Context, rdb *redis.Client, cache *apiKeyCache)
 	}{
 		{
-			name: "missing_key_returns_redis_nil",
+			name: "missing_key_returns_zero_nil",
 			fn: func(ctx context.Context, rdb *redis.Client, cache *apiKeyCache) {
 				userID := int64(1)
 
-				_, err := cache.GetCreateAttemptCount(ctx, userID)
+				count, err := cache.GetCreateAttemptCount(ctx, userID)
 
-				require.ErrorIs(s.T(), err, redis.Nil, "expected redis.Nil for missing key")
+				require.NoError(s.T(), err, "expected nil error for missing key")
+				require.Equal(s.T(), 0, count, "expected zero count for missing key")
 			},
 		},
 		{
@@ -58,8 +59,9 @@ func (s *ApiKeyCacheSuite) TestCreateAttemptCount() {
 				require.NoError(s.T(), cache.IncrementCreateAttemptCount(ctx, userID))
 				require.NoError(s.T(), cache.DeleteCreateAttemptCount(ctx, userID), "DeleteCreateAttemptCount")
 
-				_, err := cache.GetCreateAttemptCount(ctx, userID)
-				require.ErrorIs(s.T(), err, redis.Nil, "expected redis.Nil after delete")
+				count, err := cache.GetCreateAttemptCount(ctx, userID)
+				require.NoError(s.T(), err, "expected nil error after delete")
+				require.Equal(s.T(), 0, count, "expected zero count after delete")
 			},
 		},
 	}