Add short video configuration and related API endpoints

- Updated .env.example to include SHORT_VIDEO_API_KEY, SHORT_VIDEO_FREE_QUOTA, and SHORT_VIDEO_TIMEOUT_SECONDS.
- Enhanced main.go to auto-migrate new VideoParseLog and VideoParseUnlock models.
- Introduced VideoService and VideoHandler for handling video-related operations.
- Added protected API routes for removing watermarks and unlocking video features.
- Updated config.go to support short video configuration settings.
- Expanded documentation to reflect new features and configuration options.

internal/middleware/auth_middleware.go

@@ -0,0 +1,50 @@
+package middleware
+
+import (
+	"net/http"
+	"strings"
+
+	"github.com/gin-gonic/gin"
+	"gorm.io/gorm"
+
+	"wx_service/internal/model"
+)
+
+const ContextCurrentUserKey = "currentUser"
+
+func AuthMiddleware(db *gorm.DB) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		token := extractToken(c.GetHeader("Authorization"))
+		if token == "" {
+			c.AbortWithStatusJSON(http.StatusUnauthorized, model.Error(http.StatusUnauthorized, "missing authorization header"))
+			return
+		}
+
+		var user model.User
+		if err := db.WithContext(c.Request.Context()).Where("session_key = ?", token).First(&user).Error; err != nil {
+			if err == gorm.ErrRecordNotFound {
+				c.AbortWithStatusJSON(http.StatusUnauthorized, model.Error(http.StatusUnauthorized, "invalid token"))
+				return
+			}
+			c.AbortWithStatusJSON(http.StatusInternalServerError, model.Error(http.StatusInternalServerError, "load user failed"))
+			return
+		}
+
+		c.Set(ContextCurrentUserKey, &user)
+		c.Next()
+	}
+}
+
+func extractToken(authHeader string) string {
+	if authHeader == "" {
+		return ""
+	}
+	parts := strings.SplitN(authHeader, " ", 2)
+	if len(parts) != 2 {
+		return ""
+	}
+	if !strings.EqualFold(parts[0], "Bearer") {
+		return ""
+	}
+	return strings.TrimSpace(parts[1])
+}