fix(admin): touchSession persist state, platform session prefix to user:, middleware pass permissions header

admin/src/lib/auth.ts

@@ -167,7 +167,8 @@ export async function touchSession(sessionId: string): Promise<void> {
   const state = await loadSession(sessionId);
   if (!state) return;
   state["session:last_active"] = new Date().toISOString();
-  await refreshSessionTtl(sessionId, ADMIN_SESSION_TTL);
+  const { saveSession } = await import("@/lib/redis");
+  await saveSession(sessionId, state, ADMIN_SESSION_TTL);
 }
 
 // ============ 登出 ============

admin/src/lib/redis.ts

@@ -10,7 +10,7 @@ import { REDIS_URL, REDIS_CLUSTER_URLS } from "./env";
 // Admin 专用的 Redis 前缀
 const ADMIN_PREFIX = "admin:session:";
 // 平台用户 Session 前缀（与 Rust 主应用一致）
-const PLATFORM_SESSION_PREFIX = "session:user_uid:";
+const PLATFORM_SESSION_PREFIX = "user:";
 
 let redis: Redis | null = null;
 

admin/src/middleware.ts

@@ -124,6 +124,7 @@ export async function middleware(req: NextRequest) {
       permissions = tokenResult.permissions || [];
       headers.set("x-admin-auth-type", "token");
       headers.set("x-admin-token-id", String(tokenResult.tokenId));
+      headers.set("x-admin-permissions", permissions.join(","));
     } else {
       // 回退到 Session 认证
       const cookieHeader = req.headers.get("cookie");