fix(miniprogram): Analytics PII 清理 — 移除 userId/patientId 字段 + sanitizeProperties (S2-1)

- 移除 AnalyticsEvent 接口中的 userId/patientId 字段 - 新增 sanitizeProperties 运行时过滤 14 种 PII 标识字段 - trackEvent 自动清理 properties 中的 PII - 3 个单元测试覆盖 PII 过滤场景
2026-05-22 08:17:58 +08:00
parent ca9d065d31
commit 2aa393dd65
2 changed files with 120 additions and 3 deletions
--- a/apps/miniprogram/src/services/analytics.ts
+++ b/apps/miniprogram/src/services/analytics.ts
@@ -17,12 +17,30 @@ type EventName =
  | 'family_add'
  | 'profile_edit';

+const PII_KEYS = new Set([
+  'userId', 'user_id', 'patientId', 'patient_id',
+  'user_name', 'username', 'phone', 'mobile',
+  'id_card', 'id_number', 'email', 'address',
+  'openid', 'access_token', 'refresh_token',
+]);
+
+function sanitizeProperties(
+  properties?: Record<string, unknown>,
+): Record<string, unknown> | undefined {
+  if (!properties) return undefined;
+  const cleaned: Record<string, unknown> = {};
+  for (const [key, value] of Object.entries(properties)) {
+    if (!PII_KEYS.has(key)) {
+      cleaned[key] = value;
+    }
+  }
+  return Object.keys(cleaned).length > 0 ? cleaned : undefined;
+}
+
 interface AnalyticsEvent {
  event: EventName | string;
  properties?: Record<string, unknown>;
  timestamp: number;
-  userId?: string;
-  patientId?: string;
 }

 const STORAGE_KEY = 'analytics_queue';
@@ -51,7 +69,7 @@ export function trackEvent(event: EventName | string, properties?: Record<string
  loadQueue();
  const evt: AnalyticsEvent = {
    event,
-    properties,
+    properties: sanitizeProperties(properties),
    timestamp: Date.now(),
  };
  memoryQueue.push(evt);