feat: 静态 Token 鉴权改造

- 将 token_secret 改为 access_token（长期有效）
- 移除 token_required 字段，统一使用 token 验证
- 生成链接简化为 ?tid=xxx&token=xxx 格式
- 前端移除签名验证开关，链接永久有效

backend/app/routers/tenant_apps.py

@@ -24,8 +24,7 @@ class TenantAppCreate(BaseModel):
     wechat_corp_id: Optional[str] = None
     wechat_agent_id: Optional[str] = None
     wechat_secret: Optional[str] = None  # 明文，存储时加密
-    token_secret: Optional[str] = None  # 如果不传则自动生成
-    token_required: bool = False
+    access_token: Optional[str] = None  # 如果不传则自动生成
     allowed_origins: Optional[List[str]] = None
     allowed_tools: Optional[List[str]] = None
 
@@ -35,8 +34,7 @@ class TenantAppUpdate(BaseModel):
     wechat_corp_id: Optional[str] = None
     wechat_agent_id: Optional[str] = None
     wechat_secret: Optional[str] = None
-    token_secret: Optional[str] = None
-    token_required: Optional[bool] = None
+    access_token: Optional[str] = None
     allowed_origins: Optional[List[str]] = None
     allowed_tools: Optional[List[str]] = None
     status: Optional[int] = None
@@ -101,8 +99,8 @@ async def create_tenant_app(
     if exists:
         raise HTTPException(status_code=400, detail="该租户应用配置已存在")
     
-    # 自动生成 token_secret
-    token_secret = data.token_secret or secrets.token_hex(32)
+    # 自动生成 access_token
+    access_token = data.access_token or secrets.token_hex(32)
     
     # 加密 wechat_secret
     wechat_secret_encrypted = None
@@ -116,8 +114,7 @@ async def create_tenant_app(
         wechat_corp_id=data.wechat_corp_id,
         wechat_agent_id=data.wechat_agent_id,
         wechat_secret_encrypted=wechat_secret_encrypted,
-        token_secret=token_secret,
-        token_required=1 if data.token_required else 0,
+        access_token=access_token,
         allowed_origins=json.dumps(data.allowed_origins) if data.allowed_origins else None,
         allowed_tools=json.dumps(data.allowed_tools) if data.allowed_tools else None,
         status=1
@@ -126,7 +123,7 @@ async def create_tenant_app(
     db.commit()
     db.refresh(app)
     
-    return {"success": True, "id": app.id, "token_secret": token_secret}
+    return {"success": True, "id": app.id, "access_token": access_token}
 
 
 @router.put("/{app_id}")
@@ -155,10 +152,6 @@ async def update_tenant_app(
     if 'allowed_tools' in update_data:
         update_data['allowed_tools'] = json.dumps(update_data['allowed_tools']) if update_data['allowed_tools'] else None
     
-    # 处理 token_required
-    if 'token_required' in update_data:
-        update_data['token_required'] = 1 if update_data['token_required'] else 0
-    
     for key, value in update_data.items():
         setattr(app, key, value)
     
@@ -189,16 +182,16 @@ async def regenerate_token(
     user: User = Depends(require_operator),
     db: Session = Depends(get_db)
 ):
-    """重新生成 token_secret"""
+    """重新生成 access_token"""
     app = db.query(TenantApp).filter(TenantApp.id == app_id).first()
     if not app:
         raise HTTPException(status_code=404, detail="应用配置不存在")
     
     new_token = secrets.token_hex(32)
-    app.token_secret = new_token
+    app.access_token = new_token
     db.commit()
     
-    return {"success": True, "token_secret": new_token}
+    return {"success": True, "access_token": new_token}
 
 
 @router.get("/{app_id}/wechat-secret")
@@ -229,8 +222,7 @@ def format_tenant_app(app: TenantApp, mask_secret: bool = True) -> dict:
         "wechat_corp_id": app.wechat_corp_id,
         "wechat_agent_id": app.wechat_agent_id,
         "has_wechat_secret": bool(app.wechat_secret_encrypted),
-        "token_secret": "******" if mask_secret and app.token_secret else app.token_secret,
-        "token_required": bool(app.token_required),
+        "access_token": "******" if mask_secret and app.access_token else app.access_token,
         "allowed_origins": json.loads(app.allowed_origins) if app.allowed_origins else [],
         "allowed_tools": json.loads(app.allowed_tools) if app.allowed_tools else [],
         "status": app.status,