fix(miniprogram): 小程序审计修复 — 安全加固+功能链路+输入验证

安全修复: - H1: Token 刷新竞态条件 → Singleton Promise 模式防止并发刷新 - H4: 移除 store 中的 token 明文状态，统一走 secure storage - H5: 登录/绑定手机号添加 loading 防重复点击保护 - H6: Analytics 改用 request.ts 统一请求层，不再绕过认证 - M1: logout 清理所有残留数据(openid/tenant_id/analytics_queue) - M2/M7: 敏感数据(user/openid/tenant_id)统一走加密存储 - M3: 移除开发日志中的请求体打印 - M4: secure-storage 解密失败返回 null 而非空串功能修复: - F1: 今日体征概览 API 支持 patient_id 查询参数(后端+前端) - F2: 积分商城对无患者档案用户展示引导 UI - M6: daily-monitoring 添加 Zod 数值范围验证清理: - L4: 移除 devLogin 开发辅助函数
2026-04-27 00:41:30 +08:00
parent 2defbd7ab3
commit 3424a33b6b
12 changed files with 198 additions and 63 deletions
--- a/apps/miniprogram/src/pages/mall/index.tsx
+++ b/apps/miniprogram/src/pages/mall/index.tsx
@@ -8,6 +8,7 @@ import {
  listProducts,
 } from '../../services/points';
 import type { PointsAccount, PointsProduct, CheckinStatus } from '../../services/points';
+import { useAuthStore } from '../../stores/auth';
 import EmptyState from '../../components/EmptyState';
 import Loading from '../../components/Loading';
 import './index.scss';
@@ -26,6 +27,7 @@ const TYPE_COLORS: Record<string, string> = {
 };

 export default function Mall() {
+  const { currentPatient } = useAuthStore();
  const [account, setAccount] = useState<PointsAccount | null>(null);
  const [checkinStatus, setCheckinStatus] = useState<CheckinStatus | null>(null);
  const [products, setProducts] = useState<PointsProduct[]>([]);
@@ -34,9 +36,15 @@ export default function Mall() {
  const [total, setTotal] = useState(0);
  const [loading, setLoading] = useState(false);
  const [checkinLoading, setCheckinLoading] = useState(false);
+  const [noProfile, setNoProfile] = useState(false);
  const loadingRef = useRef(false);

  const fetchAccountAndCheckin = useCallback(async () => {
+    if (!currentPatient) {
+      setNoProfile(true);
+      return;
+    }
+    setNoProfile(false);
    try {
      const [acct, status] = await Promise.all([
        getAccount(),
@@ -45,9 +53,9 @@ export default function Mall() {
      setAccount(acct);
      setCheckinStatus(status);
    } catch {
-      // 账户可能尚未创建，静默处理
+      // 账户可能尚未创建
    }
-  }, []);
+  }, [currentPatient]);

  const fetchProducts = useCallback(
    async (pageNum: number, type: string, isRefresh = false) => {
@@ -144,6 +152,21 @@ export default function Mall() {

  return (
    <View className='mall-page'>
+      {/* 未关联患者档案时显示引导 */}
+      {noProfile && (
+        <View className='mall-page'>
+          <EmptyState
+            icon='👤'
+            text='请先完善个人档案'
+            hint='建档后即可使用积分商城、签到等功能'
+            actionText='去建档'
+            onAction={() => Taro.navigateTo({ url: '/pages/profile/family-add/index' })}
+          />
+        </View>
+      )}
+
+      {!noProfile && (
+        <>
      {/* 积分余额卡片 */}
      <View className='mall-header'>
        <View className='points-card'>
@@ -239,6 +262,8 @@ export default function Mall() {
          )}
        </View>
      )}
+        </>
+      )}
    </View>
  );
 }