fix(identity-service): 修复并发auto-login请求导致的唯一约束冲突

- 在创建新token前先撤销该设备的旧token
- 使用upsert替代create避免并发时refresh_token_hash唯一约束冲突

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

backend/services/identity-service/src/application/services/token.service.ts

@@ -47,8 +47,27 @@ export class TokenService {
 
     // Save refresh token hash
     const tokenHash = this.hashToken(refreshToken);
-    await this.prisma.deviceToken.create({
-      data: {
+
+    // 先撤销该设备的旧 token，避免唯一约束冲突
+    await this.prisma.deviceToken.updateMany({
+      where: {
+        userId: BigInt(payload.userId),
+        deviceId: payload.deviceId,
+        revokedAt: null,
+      },
+      data: { revokedAt: new Date() },
+    });
+
+    // 使用 upsert 避免并发请求导致的唯一约束冲突
+    await this.prisma.deviceToken.upsert({
+      where: { refreshTokenHash: tokenHash },
+      update: {
+        userId: BigInt(payload.userId),
+        deviceId: payload.deviceId,
+        expiresAt: new Date(Date.now() + 30 * 24 * 60 * 60 * 1000),
+        revokedAt: null,
+      },
+      create: {
         userId: BigInt(payload.userId),
         deviceId: payload.deviceId,
         refreshTokenHash: tokenHash,