重新设计状态码规范

server/app/api/controller/AuthTokenController.php

@@ -25,7 +25,7 @@ class AuthTokenController extends OpenController
     public function index(Request $request): Response
     {
         if (strtoupper($request->method()) !== 'GET') {
-            return $this->fail('仅支持 GET 请求', ReturnCode::EMPTY_PARAMS);
+            return $this->fail('仅支持 GET 请求', ReturnCode::PARAMS_ERROR);
         }
 
         $param = $request->get();
@@ -35,27 +35,27 @@ class AuthTokenController extends OpenController
         $time = trim((string) ($param['time'] ?? ''));
 
         if ($signature === '' || $secret === '' || $device === '' || $time === '') {
-            return $this->fail('signature、secret、device、time 均为必传且不能为空', ReturnCode::EMPTY_PARAMS);
+            return $this->fail('signature、secret、device、time 均为必传且不能为空', ReturnCode::PARAMS_ERROR);
         }
 
         $serverSecret = trim((string) config('api.auth_token_secret', ''));
         if ($serverSecret === '') {
-            return $this->fail('服务未配置 API_AUTH_TOKEN_SECRET', ReturnCode::EMPTY_PARAMS);
+            return $this->fail('服务未配置 API_AUTH_TOKEN_SECRET', ReturnCode::PARAMS_ERROR);
         }
         if ($secret !== $serverSecret) {
-            return $this->fail('密钥错误', ReturnCode::EMPTY_PARAMS);
+            return $this->fail('密钥错误', ReturnCode::FORBIDDEN);
         }
 
         $tolerance = (int) config('api.auth_token_time_tolerance', 300);
         $now = time();
         $ts = is_numeric($time) ? (int) $time : 0;
         if ($ts <= 0 || abs($now - $ts) > $tolerance) {
-            return $this->fail('时间戳无效或已过期', ReturnCode::EMPTY_PARAMS);
+            return $this->fail('时间戳无效或已过期', ReturnCode::PARAMS_ERROR);
         }
 
         $sign = $this->getAuthToken($device, $serverSecret, $time);
         if ($sign !== $signature) {
-            return $this->fail('签名验证失败', ReturnCode::EMPTY_PARAMS);
+            return $this->fail('签名验证失败', ReturnCode::FORBIDDEN);
         }
 
         $exp = (int) config('api.auth_token_exp', 86400);