fix(mp): Phase 0 基础设施修复 — secureGet 解密 + Storage 一致性

- secureGet: 移除错误的 startsWith 条件，始终尝试 XOR 解密 - request.ts: current_patient_id 读取改用 safeGet，清理改用 secureRemove - health.ts: getTodaySummary 使用 getCachedPatientId 替代直接 Storage - auth.ts: analytics_queue 清理改用明文 Taro.removeStorageSync
2026-05-21 16:13:43 +08:00
parent 43795b2fb7
commit 23f7bcb8ce
4 changed files with 16 additions and 14 deletions
--- a/apps/miniprogram/src/services/health.ts
+++ b/apps/miniprogram/src/services/health.ts
@@ -1,5 +1,5 @@
 import Taro from '@tarojs/taro';
-import { api } from './request';
+import { api, getCachedPatientId } from './request';

 export interface VitalSignInput {
  indicator_type: string;
@@ -17,7 +17,7 @@ export interface TodaySummary {
 }

 export async function getTodaySummary(patientId?: string) {
-  const pid = patientId || Taro.getStorageSync('current_patient_id') || '';
+  const pid = patientId || getCachedPatientId() || '';
  const params: Record<string, string> = {};
  if (pid) params.patient_id = pid;
  return api.get<TodaySummary>('/health/vital-signs/today', params);
--- a/apps/miniprogram/src/services/request.ts
+++ b/apps/miniprogram/src/services/request.ts
@@ -146,7 +146,7 @@ function refreshHeadersCache(): void {
  cachedToken = safeGet('access_token');
  cachedTenantId = safeGet('tenant_id');
  if (!responseCache.getPatientId()) {
-    responseCache.setPatientId(Taro.getStorageSync('current_patient_id') || '');
+    responseCache.setPatientId(safeGet('current_patient_id') || '');
  }
  headersCacheTs = Date.now();
 }
@@ -214,8 +214,8 @@ async function doRefresh(): Promise<boolean> {
  secureRemove('user_roles');
  secureRemove('tenant_id');
  secureRemove('wechat_openid');
-  Taro.removeStorageSync('current_patient');
-  Taro.removeStorageSync('current_patient_id');
+  secureRemove('current_patient');
+  secureRemove('current_patient_id');
  clearRequestCache();
  responseCache.setPatientId('');
  headersCacheTs = 0;
--- a/apps/miniprogram/src/stores/auth.ts
+++ b/apps/miniprogram/src/stores/auth.ts
@@ -263,7 +263,8 @@ export const useAuthStore = create<AuthState>((set, get) => ({
    secureRemove('wechat_openid');
    secureRemove('current_patient');
    secureRemove('current_patient_id');
-    secureRemove('analytics_queue');
+    // analytics_queue 使用明文存储（analytics.ts STORAGE_KEY = 'analytics_queue'）
+    Taro.removeStorageSync('analytics_queue');
    secureRemove('edit_patient');
    secureRemove('ai_chat_history');
    // 清理 BLE DataBuffer 缓存（key 格式：ble_buffer_{patientId}_{bucket}）
--- a/apps/miniprogram/src/utils/secure-storage.ts
+++ b/apps/miniprogram/src/utils/secure-storage.ts
@@ -57,16 +57,17 @@ export function secureGet(key: string): string {
  const raw = Taro.getStorageSync(prefixedKey);
  if (!raw || typeof raw !== 'string') return '';

-  if (raw.startsWith('{') || raw.startsWith('eyJ')) {
-    try {
-      const decoded = fromBase64(raw);
-      if (decoded) {
-        return xorEncrypt(decoded, ENCRYPTION_KEY);
-      }
-    } catch {
-      // fallthrough
+  // 始终尝试 base64 解码 + XOR 解密（secureSet 的写入格式）
+  try {
+    const decoded = fromBase64(raw);
+    if (decoded) {
+      return xorEncrypt(decoded, ENCRYPTION_KEY);
    }
+  } catch {
+    // fallthrough — 可能是未加密的旧数据
  }
+
+  // fallback: 兼容未加密的旧数据（明文 JSON/JWT 或其他值）
  return raw;
 }