fix(wechat): 修复用户ID转换及头像更新逻辑

- 将返回的用户ID转为字符串格式
- 禁止通过当前接口更新用户头像，并返回400错误
- 优化头像加载服务中的空值判断和日志记录
- 增强头像路径的安全性校验，防止路径穿越
- 完善文件不存在时的日志提示信息

src/main/java/work/baiyun/chronicdiseaseapp/controller/WeChatController.java

@@ -141,7 +141,7 @@ public class WeChatController {
         }
 
         Map<String, Object> out = new HashMap<>();
-        out.put("id", ui.getId());
+        out.put("id", ui.getId().toString());
         out.put("wx_openid", ui.getWxOpenid());
         out.put("role", ui.getRole() != null ? ui.getRole().getCode() : null);
         out.put("avatar", ui.getAvatar());
@@ -190,7 +190,9 @@ public class WeChatController {
         }
 
         if (req != null) {
-            if (req.getAvatar() != null) ui.setAvatar(req.getAvatar());
+            if (req.getAvatar() != null) {
+                return R.fail(400, "不允许在此接口更新头像");
+            }
             if (req.getNickname() != null) ui.setNickname(req.getNickname());
             if (req.getPhone() != null) ui.setPhone(req.getPhone());
             if (req.getAge() != null) ui.setAge(req.getAge());

src/main/java/work/baiyun/chronicdiseaseapp/service/impl/UserAvatarServiceImpl.java

@@ -93,20 +93,28 @@ public class UserAvatarServiceImpl implements UserAvatarService {
         try {
             Long uid = Long.parseLong(userId);
             UserInfo ui = userInfoMapper.selectById(uid);
-            if (ui == null || ui.getAvatar() == null || ui.getAvatar().isEmpty()) {
+            if (ui == null) {
+                logger.warn("[AvatarLoad] userId={}, 用户不存在", userId);
                 return null;
             }
+            String avatarPath = ui.getAvatar();
+            if (avatarPath == null || avatarPath.isEmpty()) {
+                logger.info("[AvatarLoad] userId={}, avatar字段为空", userId);
+                return null;
+            }
+            logger.debug("[AvatarLoad] userId={}, avatarPath={}", userId, avatarPath);
             Path root = Paths.get(avatarProperties.getRootPath() == null ? "avatar-storage" : avatarProperties.getRootPath());
-            Path file = root.resolve(ui.getAvatar()).normalize();
+            Path file = root.resolve(avatarPath).normalize();
             Path rootReal = root.toAbsolutePath().normalize();
             if (!file.toAbsolutePath().startsWith(rootReal)) {
-                logger.error("[AvatarLoad] userId={}, error=路径穿越", userId);
+                logger.error("[AvatarLoad] userId={}, error=路径穿越, avatarPath={}", userId, avatarPath);
                 return null;
             }
             if (!Files.exists(file)) {
-                logger.info("[AvatarLoad] userId={}, file not exists {}", userId, file);
+                logger.warn("[AvatarLoad] userId={}, file not exists {}, avatarPath={}", userId, file, avatarPath);
                 return null;
             }
+            logger.debug("[AvatarLoad] userId={}, 成功加载文件 {}", userId, file);
             return new FileSystemResource(file.toFile());
         } catch (NumberFormatException e) {
             logger.error("[AvatarLoad] invalid userId {}", userId);