feat(health): consultation_message + follow_up_record PII 加密

- 迁移 m000065/m000066: 添加 key_version 列 - consultation_message: content 加密写入 + 解密读取 - follow_up_record: result/patient_condition/medical_advice 加密 - Entity: 添加 key_version 字段
2026-04-26 12:17:49 +08:00
parent e6f036eaf4
commit 1b3caf0e69
7 changed files with 121 additions and 15 deletions
--- a/crates/erp-server/migration/src/lib.rs
+++ b/crates/erp-server/migration/src/lib.rs
@@ -64,6 +64,8 @@ mod m20260426_000061_create_consent;
 mod m20260427_000062_create_tenant_crypto_keys;
 mod m20260427_000063_content_management;
 mod m20260427_000064_add_patient_pii_fields;
+mod m20260427_000065_add_consultation_message_key_version;
+mod m20260427_000066_add_follow_up_record_key_version;

 pub struct Migrator;

@@ -135,6 +137,8 @@ impl MigratorTrait for Migrator {
            Box::new(m20260427_000062_create_tenant_crypto_keys::Migration),
            Box::new(m20260427_000063_content_management::Migration),
            Box::new(m20260427_000064_add_patient_pii_fields::Migration),
+            Box::new(m20260427_000065_add_consultation_message_key_version::Migration),
+            Box::new(m20260427_000066_add_follow_up_record_key_version::Migration),
        ]
    }
 }
--- a/crates/erp-server/migration/src/m20260427_000065_add_consultation_message_key_version.rs
+++ b/crates/erp-server/migration/src/m20260427_000065_add_consultation_message_key_version.rs
@@ -0,0 +1,39 @@
+use sea_orm_migration::prelude::*;
+
+#[derive(DeriveMigrationName)]
+pub struct Migration;
+
+#[async_trait::async_trait]
+impl MigrationTrait for Migration {
+    async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
+        manager
+            .alter_table(
+                Table::alter()
+                    .table(ConsultationMessage::Table)
+                    .add_column(ColumnDef::new(ConsultationMessage::KeyVersion).integer().null())
+                    .to_owned(),
+            )
+            .await?;
+
+        Ok(())
+    }
+
+    async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
+        manager
+            .alter_table(
+                Table::alter()
+                    .table(ConsultationMessage::Table)
+                    .drop_column(ConsultationMessage::KeyVersion)
+                    .to_owned(),
+            )
+            .await?;
+
+        Ok(())
+    }
+}
+
+#[derive(DeriveIden)]
+enum ConsultationMessage {
+    Table,
+    KeyVersion,
+}
--- a/crates/erp-server/migration/src/m20260427_000066_add_follow_up_record_key_version.rs
+++ b/crates/erp-server/migration/src/m20260427_000066_add_follow_up_record_key_version.rs
@@ -0,0 +1,39 @@
+use sea_orm_migration::prelude::*;
+
+#[derive(DeriveMigrationName)]
+pub struct Migration;
+
+#[async_trait::async_trait]
+impl MigrationTrait for Migration {
+    async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
+        manager
+            .alter_table(
+                Table::alter()
+                    .table(FollowUpRecord::Table)
+                    .add_column(ColumnDef::new(FollowUpRecord::KeyVersion).integer().null())
+                    .to_owned(),
+            )
+            .await?;
+
+        Ok(())
+    }
+
+    async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
+        manager
+            .alter_table(
+                Table::alter()
+                    .table(FollowUpRecord::Table)
+                    .drop_column(FollowUpRecord::KeyVersion)
+                    .to_owned(),
+            )
+            .await?;
+
+        Ok(())
+    }
+}
+
+#[derive(DeriveIden)]
+enum FollowUpRecord {
+    Table,
+    KeyVersion,
+}