fix(nginx): 修复 CORS 配置，将 add_header 移出 if 块

nginx 不允许在 if 块中使用 add_header 指令，
将 CORS 配置提取到独立的 snippets/cors-params.conf 文件。

修改内容：
- 新增 cors-params.conf 配置文件
- 在每个 location 块中引入 cors-params.conf
- 从 server 块移除内联的 CORS 配置
- 更新目录结构说明和部署步骤

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

backend/services/identity-service/docs/DEPLOYMENT_GUIDE.md

@@ -129,6 +129,7 @@
 │   └── rwaapi.szaiai.com.conf → ../sites-available/rwaapi.szaiai.com.conf
 └── snippets/                          # 可复用配置片段
     ├── proxy-params.conf             # 代理参数
+    ├── cors-params.conf              # CORS 跨域配置
     └── ssl-params.conf               # SSL 安全参数
 
 /etc/letsencrypt/live/rwaapi.szaiai.com/   # Let's Encrypt SSL 证书 (自动管理)
@@ -213,7 +214,28 @@ proxy_buffers 8 4k;
 proxy_busy_buffers_size 8k;
 ```
 
-### 3.4 SSL 安全参数 `/etc/nginx/snippets/ssl-params.conf`
+### 3.4 CORS 配置 `/etc/nginx/snippets/cors-params.conf`
+
+```nginx
+# CORS 预检请求处理
+if ($request_method = 'OPTIONS') {
+    add_header 'Access-Control-Allow-Origin' '*' always;
+    add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+    add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
+    add_header 'Access-Control-Max-Age' 1728000;
+    add_header 'Content-Type' 'text/plain; charset=utf-8';
+    add_header 'Content-Length' 0;
+    return 204;
+}
+
+# CORS 响应头
+add_header 'Access-Control-Allow-Origin' '*' always;
+add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
+add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
+```
+
+### 3.5 SSL 安全参数 `/etc/nginx/snippets/ssl-params.conf`
 
 ```nginx
 # SSL 会话配置
@@ -230,7 +252,7 @@ ssl_prefer_server_ciphers off;
 add_header Strict-Transport-Security "max-age=63072000" always;
 ```
 
-### 3.5 API 网关配置 `/etc/nginx/sites-available/rwaapi.szaiai.com.conf`
+### 3.6 API 网关配置 `/etc/nginx/sites-available/rwaapi.szaiai.com.conf`
 
 ```nginx
 # ============================================
@@ -299,23 +321,6 @@ server {
     add_header X-Content-Type-Options "nosniff" always;
     add_header X-XSS-Protection "1; mode=block" always;
 
-    # CORS 配置
-    add_header 'Access-Control-Allow-Origin' '*' always;
-    add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
-    add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
-    add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
-
-    # 处理 OPTIONS 预检请求
-    if ($request_method = 'OPTIONS') {
-        add_header 'Access-Control-Allow-Origin' '*';
-        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
-        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
-        add_header 'Access-Control-Max-Age' 1728000;
-        add_header 'Content-Type' 'text/plain; charset=utf-8';
-        add_header 'Content-Length' 0;
-        return 204;
-    }
-
     # 限流
     limit_req zone=api_limit burst=20 nodelay;
     limit_conn conn_limit 10;
@@ -336,11 +341,13 @@ server {
     # GET  /api/v1/user/profile - 获取用户信息
     # ============================================
     location /api/v1/user {
+        include snippets/cors-params.conf;
         proxy_pass http://identity_service/api/v1/user;
         include snippets/proxy-params.conf;
     }
 
     location /api/v1/auth {
+        include snippets/cors-params.conf;
         proxy_pass http://identity_service/api/v1/auth;
         include snippets/proxy-params.conf;
     }
@@ -351,18 +358,21 @@ server {
     # POST /api/v1/wallet/create - 创建钱包
     # ============================================
     location /api/v1/wallet {
+        include snippets/cors-params.conf;
         proxy_pass http://wallet_service/api/v1/wallet;
         include snippets/proxy-params.conf;
     }
 
     # Trading - 交易
     location /api/v1/trading {
+        include snippets/cors-params.conf;
         proxy_pass http://wallet_service/api/v1/trading;
         include snippets/proxy-params.conf;
     }
 
     # Deposit - 充值
     location /api/v1/deposit {
+        include snippets/cors-params.conf;
         proxy_pass http://wallet_service/api/v1/deposit;
         include snippets/proxy-params.conf;
     }
@@ -373,6 +383,7 @@ server {
     # POST /api/v1/planting/submit - 提交认种
     # ============================================
     location /api/v1/planting {
+        include snippets/cors-params.conf;
         proxy_pass http://planting_service/api/v1/planting;
         include snippets/proxy-params.conf;
     }
@@ -383,11 +394,13 @@ server {
     # GET  /api/v1/community/referrals - 获取推荐列表
     # ============================================
     location /api/v1/referral {
+        include snippets/cors-params.conf;
         proxy_pass http://referral_service/api/v1/referral;
         include snippets/proxy-params.conf;
     }
 
     location /api/v1/community {
+        include snippets/cors-params.conf;
         proxy_pass http://referral_service/api/v1/community;
         include snippets/proxy-params.conf;
     }
@@ -399,11 +412,13 @@ server {
     # POST /api/v1/mining/claim - 领取奖励
     # ============================================
     location /api/v1/mining {
+        include snippets/cors-params.conf;
         proxy_pass http://reward_service/api/v1/mining;
         include snippets/proxy-params.conf;
     }
 
     location /api/v1/reward {
+        include snippets/cors-params.conf;
         proxy_pass http://reward_service/api/v1/reward;
         include snippets/proxy-params.conf;
     }
@@ -414,11 +429,13 @@ server {
     # GET /api/v1/ranking/weekly - 周榜
     # ============================================
     location /api/v1/ranking {
+        include snippets/cors-params.conf;
         proxy_pass http://leaderboard_service/api/ranking;
         include snippets/proxy-params.conf;
     }
 
     location /api/v1/leaderboard {
+        include snippets/cors-params.conf;
         proxy_pass http://leaderboard_service/api/leaderboard;
         include snippets/proxy-params.conf;
     }
@@ -430,11 +447,13 @@ server {
     # POST /api/v1/telemetry/events - 事件上报
     # ============================================
     location /api/v1/telemetry {
+        include snippets/cors-params.conf;
         proxy_pass http://reporting_service/api/v1/telemetry;
         include snippets/proxy-params.conf;
     }
 
     location /api/v1/report {
+        include snippets/cors-params.conf;
         proxy_pass http://reporting_service/api/v1/report;
         include snippets/proxy-params.conf;
     }
@@ -965,6 +984,7 @@ certbot certonly --standalone -d rwaapi.szaiai.com
 # 将上面的配置文件复制到对应目录:
 # - nginx.conf → /etc/nginx/nginx.conf
 # - proxy-params.conf → /etc/nginx/snippets/proxy-params.conf
+# - cors-params.conf → /etc/nginx/snippets/cors-params.conf
 # - ssl-params.conf → /etc/nginx/snippets/ssl-params.conf
 # - rwaapi.szaiai.com.conf → /etc/nginx/sites-available/rwaapi.szaiai.com.conf