refactor(数据库): 迁移持久层到 Ent 并清理 GORM

将仓储层/基础设施改为 Ent + 原生 SQL 执行路径，并移除 AutoMigrate 与 GORM 依赖。
重构内容包括：
- 仓储层改用 Ent/SQL（含 usage_log/account 等复杂查询），统一错误映射
- 基础设施与 setup 初始化切换为 Ent + SQL migrations
- 集成测试与 fixtures 迁移到 Ent 事务模型
- 清理遗留 GORM 模型/依赖，补充迁移与文档说明
- 增加根目录 Makefile 便于前后端编译

测试：
- go test -tags unit ./...
- go test -tags integration ./...

backend/ent/userallowedgroup_update.go

@@ -0,0 +1,423 @@
+// Code generated by ent, DO NOT EDIT.
+
+package ent
+
+import (
+	"context"
+	"errors"
+	"fmt"
+
+	"entgo.io/ent/dialect/sql"
+	"entgo.io/ent/dialect/sql/sqlgraph"
+	"entgo.io/ent/schema/field"
+	"github.com/Wei-Shaw/sub2api/ent/group"
+	"github.com/Wei-Shaw/sub2api/ent/predicate"
+	"github.com/Wei-Shaw/sub2api/ent/user"
+	"github.com/Wei-Shaw/sub2api/ent/userallowedgroup"
+)
+
+// UserAllowedGroupUpdate is the builder for updating UserAllowedGroup entities.
+type UserAllowedGroupUpdate struct {
+	config
+	hooks    []Hook
+	mutation *UserAllowedGroupMutation
+}
+
+// Where appends a list predicates to the UserAllowedGroupUpdate builder.
+func (_u *UserAllowedGroupUpdate) Where(ps ...predicate.UserAllowedGroup) *UserAllowedGroupUpdate {
+	_u.mutation.Where(ps...)
+	return _u
+}
+
+// SetUserID sets the "user_id" field.
+func (_u *UserAllowedGroupUpdate) SetUserID(v int64) *UserAllowedGroupUpdate {
+	_u.mutation.SetUserID(v)
+	return _u
+}
+
+// SetNillableUserID sets the "user_id" field if the given value is not nil.
+func (_u *UserAllowedGroupUpdate) SetNillableUserID(v *int64) *UserAllowedGroupUpdate {
+	if v != nil {
+		_u.SetUserID(*v)
+	}
+	return _u
+}
+
+// SetGroupID sets the "group_id" field.
+func (_u *UserAllowedGroupUpdate) SetGroupID(v int64) *UserAllowedGroupUpdate {
+	_u.mutation.SetGroupID(v)
+	return _u
+}
+
+// SetNillableGroupID sets the "group_id" field if the given value is not nil.
+func (_u *UserAllowedGroupUpdate) SetNillableGroupID(v *int64) *UserAllowedGroupUpdate {
+	if v != nil {
+		_u.SetGroupID(*v)
+	}
+	return _u
+}
+
+// SetUser sets the "user" edge to the User entity.
+func (_u *UserAllowedGroupUpdate) SetUser(v *User) *UserAllowedGroupUpdate {
+	return _u.SetUserID(v.ID)
+}
+
+// SetGroup sets the "group" edge to the Group entity.
+func (_u *UserAllowedGroupUpdate) SetGroup(v *Group) *UserAllowedGroupUpdate {
+	return _u.SetGroupID(v.ID)
+}
+
+// Mutation returns the UserAllowedGroupMutation object of the builder.
+func (_u *UserAllowedGroupUpdate) Mutation() *UserAllowedGroupMutation {
+	return _u.mutation
+}
+
+// ClearUser clears the "user" edge to the User entity.
+func (_u *UserAllowedGroupUpdate) ClearUser() *UserAllowedGroupUpdate {
+	_u.mutation.ClearUser()
+	return _u
+}
+
+// ClearGroup clears the "group" edge to the Group entity.
+func (_u *UserAllowedGroupUpdate) ClearGroup() *UserAllowedGroupUpdate {
+	_u.mutation.ClearGroup()
+	return _u
+}
+
+// Save executes the query and returns the number of nodes affected by the update operation.
+func (_u *UserAllowedGroupUpdate) Save(ctx context.Context) (int, error) {
+	return withHooks(ctx, _u.sqlSave, _u.mutation, _u.hooks)
+}
+
+// SaveX is like Save, but panics if an error occurs.
+func (_u *UserAllowedGroupUpdate) SaveX(ctx context.Context) int {
+	affected, err := _u.Save(ctx)
+	if err != nil {
+		panic(err)
+	}
+	return affected
+}
+
+// Exec executes the query.
+func (_u *UserAllowedGroupUpdate) Exec(ctx context.Context) error {
+	_, err := _u.Save(ctx)
+	return err
+}
+
+// ExecX is like Exec, but panics if an error occurs.
+func (_u *UserAllowedGroupUpdate) ExecX(ctx context.Context) {
+	if err := _u.Exec(ctx); err != nil {
+		panic(err)
+	}
+}
+
+// check runs all checks and user-defined validators on the builder.
+func (_u *UserAllowedGroupUpdate) check() error {
+	if _u.mutation.UserCleared() && len(_u.mutation.UserIDs()) > 0 {
+		return errors.New(`ent: clearing a required unique edge "UserAllowedGroup.user"`)
+	}
+	if _u.mutation.GroupCleared() && len(_u.mutation.GroupIDs()) > 0 {
+		return errors.New(`ent: clearing a required unique edge "UserAllowedGroup.group"`)
+	}
+	return nil
+}
+
+func (_u *UserAllowedGroupUpdate) sqlSave(ctx context.Context) (_node int, err error) {
+	if err := _u.check(); err != nil {
+		return _node, err
+	}
+	_spec := sqlgraph.NewUpdateSpec(userallowedgroup.Table, userallowedgroup.Columns, sqlgraph.NewFieldSpec(userallowedgroup.FieldUserID, field.TypeInt64), sqlgraph.NewFieldSpec(userallowedgroup.FieldGroupID, field.TypeInt64))
+	if ps := _u.mutation.predicates; len(ps) > 0 {
+		_spec.Predicate = func(selector *sql.Selector) {
+			for i := range ps {
+				ps[i](selector)
+			}
+		}
+	}
+	if _u.mutation.UserCleared() {
+		edge := &sqlgraph.EdgeSpec{
+			Rel:     sqlgraph.M2O,
+			Inverse: false,
+			Table:   userallowedgroup.UserTable,
+			Columns: []string{userallowedgroup.UserColumn},
+			Bidi:    false,
+			Target: &sqlgraph.EdgeTarget{
+				IDSpec: sqlgraph.NewFieldSpec(user.FieldID, field.TypeInt64),
+			},
+		}
+		_spec.Edges.Clear = append(_spec.Edges.Clear, edge)
+	}
+	if nodes := _u.mutation.UserIDs(); len(nodes) > 0 {
+		edge := &sqlgraph.EdgeSpec{
+			Rel:     sqlgraph.M2O,
+			Inverse: false,
+			Table:   userallowedgroup.UserTable,
+			Columns: []string{userallowedgroup.UserColumn},
+			Bidi:    false,
+			Target: &sqlgraph.EdgeTarget{
+				IDSpec: sqlgraph.NewFieldSpec(user.FieldID, field.TypeInt64),
+			},
+		}
+		for _, k := range nodes {
+			edge.Target.Nodes = append(edge.Target.Nodes, k)
+		}
+		_spec.Edges.Add = append(_spec.Edges.Add, edge)
+	}
+	if _u.mutation.GroupCleared() {
+		edge := &sqlgraph.EdgeSpec{
+			Rel:     sqlgraph.M2O,
+			Inverse: false,
+			Table:   userallowedgroup.GroupTable,
+			Columns: []string{userallowedgroup.GroupColumn},
+			Bidi:    false,
+			Target: &sqlgraph.EdgeTarget{
+				IDSpec: sqlgraph.NewFieldSpec(group.FieldID, field.TypeInt64),
+			},
+		}
+		_spec.Edges.Clear = append(_spec.Edges.Clear, edge)
+	}
+	if nodes := _u.mutation.GroupIDs(); len(nodes) > 0 {
+		edge := &sqlgraph.EdgeSpec{
+			Rel:     sqlgraph.M2O,
+			Inverse: false,
+			Table:   userallowedgroup.GroupTable,
+			Columns: []string{userallowedgroup.GroupColumn},
+			Bidi:    false,
+			Target: &sqlgraph.EdgeTarget{
+				IDSpec: sqlgraph.NewFieldSpec(group.FieldID, field.TypeInt64),
+			},
+		}
+		for _, k := range nodes {
+			edge.Target.Nodes = append(edge.Target.Nodes, k)
+		}
+		_spec.Edges.Add = append(_spec.Edges.Add, edge)
+	}
+	if _node, err = sqlgraph.UpdateNodes(ctx, _u.driver, _spec); err != nil {
+		if _, ok := err.(*sqlgraph.NotFoundError); ok {
+			err = &NotFoundError{userallowedgroup.Label}
+		} else if sqlgraph.IsConstraintError(err) {
+			err = &ConstraintError{msg: err.Error(), wrap: err}
+		}
+		return 0, err
+	}
+	_u.mutation.done = true
+	return _node, nil
+}
+
+// UserAllowedGroupUpdateOne is the builder for updating a single UserAllowedGroup entity.
+type UserAllowedGroupUpdateOne struct {
+	config
+	fields   []string
+	hooks    []Hook
+	mutation *UserAllowedGroupMutation
+}
+
+// SetUserID sets the "user_id" field.
+func (_u *UserAllowedGroupUpdateOne) SetUserID(v int64) *UserAllowedGroupUpdateOne {
+	_u.mutation.SetUserID(v)
+	return _u
+}
+
+// SetNillableUserID sets the "user_id" field if the given value is not nil.
+func (_u *UserAllowedGroupUpdateOne) SetNillableUserID(v *int64) *UserAllowedGroupUpdateOne {
+	if v != nil {
+		_u.SetUserID(*v)
+	}
+	return _u
+}
+
+// SetGroupID sets the "group_id" field.
+func (_u *UserAllowedGroupUpdateOne) SetGroupID(v int64) *UserAllowedGroupUpdateOne {
+	_u.mutation.SetGroupID(v)
+	return _u
+}
+
+// SetNillableGroupID sets the "group_id" field if the given value is not nil.
+func (_u *UserAllowedGroupUpdateOne) SetNillableGroupID(v *int64) *UserAllowedGroupUpdateOne {
+	if v != nil {
+		_u.SetGroupID(*v)
+	}
+	return _u
+}
+
+// SetUser sets the "user" edge to the User entity.
+func (_u *UserAllowedGroupUpdateOne) SetUser(v *User) *UserAllowedGroupUpdateOne {
+	return _u.SetUserID(v.ID)
+}
+
+// SetGroup sets the "group" edge to the Group entity.
+func (_u *UserAllowedGroupUpdateOne) SetGroup(v *Group) *UserAllowedGroupUpdateOne {
+	return _u.SetGroupID(v.ID)
+}
+
+// Mutation returns the UserAllowedGroupMutation object of the builder.
+func (_u *UserAllowedGroupUpdateOne) Mutation() *UserAllowedGroupMutation {
+	return _u.mutation
+}
+
+// ClearUser clears the "user" edge to the User entity.
+func (_u *UserAllowedGroupUpdateOne) ClearUser() *UserAllowedGroupUpdateOne {
+	_u.mutation.ClearUser()
+	return _u
+}
+
+// ClearGroup clears the "group" edge to the Group entity.
+func (_u *UserAllowedGroupUpdateOne) ClearGroup() *UserAllowedGroupUpdateOne {
+	_u.mutation.ClearGroup()
+	return _u
+}
+
+// Where appends a list predicates to the UserAllowedGroupUpdate builder.
+func (_u *UserAllowedGroupUpdateOne) Where(ps ...predicate.UserAllowedGroup) *UserAllowedGroupUpdateOne {
+	_u.mutation.Where(ps...)
+	return _u
+}
+
+// Select allows selecting one or more fields (columns) of the returned entity.
+// The default is selecting all fields defined in the entity schema.
+func (_u *UserAllowedGroupUpdateOne) Select(field string, fields ...string) *UserAllowedGroupUpdateOne {
+	_u.fields = append([]string{field}, fields...)
+	return _u
+}
+
+// Save executes the query and returns the updated UserAllowedGroup entity.
+func (_u *UserAllowedGroupUpdateOne) Save(ctx context.Context) (*UserAllowedGroup, error) {
+	return withHooks(ctx, _u.sqlSave, _u.mutation, _u.hooks)
+}
+
+// SaveX is like Save, but panics if an error occurs.
+func (_u *UserAllowedGroupUpdateOne) SaveX(ctx context.Context) *UserAllowedGroup {
+	node, err := _u.Save(ctx)
+	if err != nil {
+		panic(err)
+	}
+	return node
+}
+
+// Exec executes the query on the entity.
+func (_u *UserAllowedGroupUpdateOne) Exec(ctx context.Context) error {
+	_, err := _u.Save(ctx)
+	return err
+}
+
+// ExecX is like Exec, but panics if an error occurs.
+func (_u *UserAllowedGroupUpdateOne) ExecX(ctx context.Context) {
+	if err := _u.Exec(ctx); err != nil {
+		panic(err)
+	}
+}
+
+// check runs all checks and user-defined validators on the builder.
+func (_u *UserAllowedGroupUpdateOne) check() error {
+	if _u.mutation.UserCleared() && len(_u.mutation.UserIDs()) > 0 {
+		return errors.New(`ent: clearing a required unique edge "UserAllowedGroup.user"`)
+	}
+	if _u.mutation.GroupCleared() && len(_u.mutation.GroupIDs()) > 0 {
+		return errors.New(`ent: clearing a required unique edge "UserAllowedGroup.group"`)
+	}
+	return nil
+}
+
+func (_u *UserAllowedGroupUpdateOne) sqlSave(ctx context.Context) (_node *UserAllowedGroup, err error) {
+	if err := _u.check(); err != nil {
+		return _node, err
+	}
+	_spec := sqlgraph.NewUpdateSpec(userallowedgroup.Table, userallowedgroup.Columns, sqlgraph.NewFieldSpec(userallowedgroup.FieldUserID, field.TypeInt64), sqlgraph.NewFieldSpec(userallowedgroup.FieldGroupID, field.TypeInt64))
+	if id, ok := _u.mutation.UserID(); !ok {
+		return nil, &ValidationError{Name: "user_id", err: errors.New(`ent: missing "UserAllowedGroup.user_id" for update`)}
+	} else {
+		_spec.Node.CompositeID[0].Value = id
+	}
+	if id, ok := _u.mutation.GroupID(); !ok {
+		return nil, &ValidationError{Name: "group_id", err: errors.New(`ent: missing "UserAllowedGroup.group_id" for update`)}
+	} else {
+		_spec.Node.CompositeID[1].Value = id
+	}
+	if fields := _u.fields; len(fields) > 0 {
+		_spec.Node.Columns = make([]string, len(fields))
+		for i, f := range fields {
+			if !userallowedgroup.ValidColumn(f) {
+				return nil, &ValidationError{Name: f, err: fmt.Errorf("ent: invalid field %q for query", f)}
+			}
+			_spec.Node.Columns[i] = f
+		}
+	}
+	if ps := _u.mutation.predicates; len(ps) > 0 {
+		_spec.Predicate = func(selector *sql.Selector) {
+			for i := range ps {
+				ps[i](selector)
+			}
+		}
+	}
+	if _u.mutation.UserCleared() {
+		edge := &sqlgraph.EdgeSpec{
+			Rel:     sqlgraph.M2O,
+			Inverse: false,
+			Table:   userallowedgroup.UserTable,
+			Columns: []string{userallowedgroup.UserColumn},
+			Bidi:    false,
+			Target: &sqlgraph.EdgeTarget{
+				IDSpec: sqlgraph.NewFieldSpec(user.FieldID, field.TypeInt64),
+			},
+		}
+		_spec.Edges.Clear = append(_spec.Edges.Clear, edge)
+	}
+	if nodes := _u.mutation.UserIDs(); len(nodes) > 0 {
+		edge := &sqlgraph.EdgeSpec{
+			Rel:     sqlgraph.M2O,
+			Inverse: false,
+			Table:   userallowedgroup.UserTable,
+			Columns: []string{userallowedgroup.UserColumn},
+			Bidi:    false,
+			Target: &sqlgraph.EdgeTarget{
+				IDSpec: sqlgraph.NewFieldSpec(user.FieldID, field.TypeInt64),
+			},
+		}
+		for _, k := range nodes {
+			edge.Target.Nodes = append(edge.Target.Nodes, k)
+		}
+		_spec.Edges.Add = append(_spec.Edges.Add, edge)
+	}
+	if _u.mutation.GroupCleared() {
+		edge := &sqlgraph.EdgeSpec{
+			Rel:     sqlgraph.M2O,
+			Inverse: false,
+			Table:   userallowedgroup.GroupTable,
+			Columns: []string{userallowedgroup.GroupColumn},
+			Bidi:    false,
+			Target: &sqlgraph.EdgeTarget{
+				IDSpec: sqlgraph.NewFieldSpec(group.FieldID, field.TypeInt64),
+			},
+		}
+		_spec.Edges.Clear = append(_spec.Edges.Clear, edge)
+	}
+	if nodes := _u.mutation.GroupIDs(); len(nodes) > 0 {
+		edge := &sqlgraph.EdgeSpec{
+			Rel:     sqlgraph.M2O,
+			Inverse: false,
+			Table:   userallowedgroup.GroupTable,
+			Columns: []string{userallowedgroup.GroupColumn},
+			Bidi:    false,
+			Target: &sqlgraph.EdgeTarget{
+				IDSpec: sqlgraph.NewFieldSpec(group.FieldID, field.TypeInt64),
+			},
+		}
+		for _, k := range nodes {
+			edge.Target.Nodes = append(edge.Target.Nodes, k)
+		}
+		_spec.Edges.Add = append(_spec.Edges.Add, edge)
+	}
+	_node = &UserAllowedGroup{config: _u.config}
+	_spec.Assign = _node.assignValues
+	_spec.ScanValues = _node.scanValues
+	if err = sqlgraph.UpdateNode(ctx, _u.driver, _spec); err != nil {
+		if _, ok := err.(*sqlgraph.NotFoundError); ok {
+			err = &NotFoundError{userallowedgroup.Label}
+		} else if sqlgraph.IsConstraintError(err) {
+			err = &ConstraintError{msg: err.Error(), wrap: err}
+		}
+		return nil, err
+	}
+	_u.mutation.done = true
+	return _node, nil
+}