refactor: optimize middleware with pure ASGI implementation and enhance security measures

- Replace BaseHTTPMiddleware with pure ASGI implementation in plugin middleware for better streaming response handling
- Add trusted proxy count configuration for client IP extraction in reverse proxy environments
- Implement audit log cleanup scheduler with configurable retention period
- Replace plaintext token logging with SHA256 hash fingerprints for security
- Fix database session lifecycle management in middleware
- Improve request tracing and error logging throughout the system
- Add comprehensive tests for pipeline architecture

src/plugins/auth/jwt.py

@@ -3,6 +3,7 @@ JWT认证插件
 支持JWT Bearer token认证
 """
 
+import hashlib
 from typing import Optional
 
 from fastapi import Request
@@ -46,8 +47,8 @@ class JwtAuthPlugin(AuthPlugin):
             logger.debug("未找到JWT token")
             return None
 
-        # 记录认证尝试的详细信息
-        logger.info(f"JWT认证尝试 - 路径: {request.url.path}, Token前20位: {token[:20]}...")
+        token_fingerprint = hashlib.sha256(token.encode()).hexdigest()[:12]
+        logger.info(f"JWT认证尝试 - 路径: {request.url.path}, token_fp={token_fingerprint}")
 
         try:
             # 验证JWT token