refactor: 提取 requireUserId/requireUser/requireMembership 校验工具

- 新增 requireUserId：统一 14 处 userId 非空校验，返回 401
- 新增 requireUser：统一 4 处用户存在性检查，返回 404
- validateMembership 升级为 requireMembership，直接抛 403
- 混合校验拆分为 auth(401) + 字段(400)，状态码更准确

src/app/api/user/route.ts

@@ -1,7 +1,7 @@
 import { NextResponse } from "next/server";
 import { prisma } from "@/lib/prisma";
 import bcrypt from "bcryptjs";
-import { apiHandler, ApiError } from "@/lib/api";
+import { apiHandler, ApiError, requireUserId, requireUser } from "@/lib/api";
 
 export const GET = apiHandler(async (req) => {
   const userId = req.nextUrl.searchParams.get("id");
@@ -27,10 +27,8 @@ export const PUT = apiHandler(async (req) => {
   const body = await req.json();
   const { userId } = body;
 
-  if (!userId) throw new ApiError("缺少用户 ID");
-
-  const existing = await prisma.user.findUnique({ where: { id: userId } });
-  if (!existing) throw new ApiError("用户不存在", 404);
+  requireUserId(userId);
+  const existing = await requireUser(userId);
 
   const updateData: Record<string, unknown> = {};