diff --git a/backend/cmd/main.go b/backend/cmd/main.go
index 652c6c2..a1e10ff 100644
--- a/backend/cmd/main.go
+++ b/backend/cmd/main.go
@@ -104,7 +104,7 @@ func startServer(cfg *config.Config) {
 	mux.HandleFunc("/api/db/owners", api.CORS(handleGetOwners))
 	mux.HandleFunc("/api/db/owners/stats", api.CORS(handleGetOwnerStats))
 	mux.HandleFunc("/api/db/owners/clear", api.CORS(handleClearOwners))
-	mux.HandleFunc("/api/upload/validate", api.CORS(handleUploadValidate))
+	mux.HandleFunc("/api/upload/validate", api.CORS(api.HandleUploadValidate))
 
 	// 注册测试 API
 	mux.HandleFunc("/api/register/test", api.CORS(handleRegisterTest))
diff --git a/backend/cmd/upload.go b/backend/internal/api/upload.go
similarity index 88%
rename from backend/cmd/upload.go
rename to backend/internal/api/upload.go
index 0f9fd58..79dcc57 100644
--- a/backend/cmd/upload.go
+++ b/backend/internal/api/upload.go
@@ -1,4 +1,4 @@
-package main
+package api
 
 import (
 	"encoding/json"
@@ -8,7 +8,6 @@ import (
 	"strings"
 	"unicode"
 
-	"codex-pool/internal/api"
 	"codex-pool/internal/database"
 )
 
@@ -26,19 +25,20 @@ type accountRecord struct {
 	AccountID string `json:"account_id"`
 }
 
-func handleUploadValidate(w http.ResponseWriter, r *http.Request) {
+// HandleUploadValidate 处理上传验证请求
+func HandleUploadValidate(w http.ResponseWriter, r *http.Request) {
 	if r.Method != http.MethodPost {
-		api.Error(w, http.StatusMethodNotAllowed, "仅支持 POST")
+		Error(w, http.StatusMethodNotAllowed, "仅支持 POST")
 		return
 	}
 	if database.Instance == nil {
-		api.Error(w, http.StatusInternalServerError, "数据库未初始化")
+		Error(w, http.StatusInternalServerError, "数据库未初始化")
 		return
 	}
 
 	body, err := io.ReadAll(http.MaxBytesReader(w, r.Body, 10<<20))
 	if err != nil {
-		api.Error(w, http.StatusBadRequest, "读取请求失败")
+		Error(w, http.StatusBadRequest, "读取请求失败")
 		return
 	}
 
@@ -55,12 +55,12 @@ func handleUploadValidate(w http.ResponseWriter, r *http.Request) {
 	case strings.TrimSpace(req.Content) != "":
 		parsed, parseErr := parseAccountsFlexible(req.Content)
 		if parseErr != nil {
-			api.Error(w, http.StatusBadRequest, parseErr.Error())
+			Error(w, http.StatusBadRequest, parseErr.Error())
 			return
 		}
 		records = parsed
 	default:
-		api.Error(w, http.StatusBadRequest, "未提供账号内容")
+		Error(w, http.StatusBadRequest, "未提供账号内容")
 		return
 	}
 
@@ -68,24 +68,24 @@ func handleUploadValidate(w http.ResponseWriter, r *http.Request) {
 	for i, rec := range records {
 		owner, err := normalizeOwner(rec, i+1)
 		if err != nil {
-			api.Error(w, http.StatusBadRequest, err.Error())
+			Error(w, http.StatusBadRequest, err.Error())
 			return
 		}
 		owners = append(owners, owner)
 	}
 	if len(owners) == 0 {
-		api.Error(w, http.StatusBadRequest, "未解析到有效账号")
+		Error(w, http.StatusBadRequest, "未解析到有效账号")
 		return
 	}
 
 	inserted, err := database.Instance.AddTeamOwners(owners)
 	if err != nil {
-		api.Error(w, http.StatusInternalServerError, fmt.Sprintf("写入数据库失败: %v", err))
+		Error(w, http.StatusInternalServerError, fmt.Sprintf("写入数据库失败: %v", err))
 		return
 	}
 
 	stats := database.Instance.GetOwnerStats()
-	api.Success(w, map[string]interface{}{
+	Success(w, map[string]interface{}{
 		"imported": inserted,
 		"total":    len(owners),
 		"stats":    stats,