iven/hms
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(health): DTO 输入校验补全 + handler .validate() 调用

Browse Source 
- daily_monitoring_dto: Create/Update 添加 Validate derive + 血压/体重/血糖/入液量范围校验
- health_data_dto: LabReport/HealthRecord Create/Update/Review 添加 Validate derive
- consultation_dto: CreateSessionReq/CreateMessageReq 添加 Validate + content length
- article_dto: title max=500→200 匹配 DB VARCHAR(200)
- health_data_handler: 7 个 create/update handler 添加 .validate() 调用
- consultation_handler: create_session/create_message 添加 .validate() 调用
- daily_monitoring_handler: create/update 添加 .validate() 调用
This commit is contained in:
iven
2026-05-21 22:37:26 +08:00
parent 21481dbd88
commit 4b40d47b71
8 changed files with 102 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
crates/erp-health/src/handler/article_handler.rs
View File

@@ -25,7 +25,7 @@ where
{
require_permission(&ctx, "health.articles.list")?;
let page = params.page.unwrap_or(1);
let page_size = params.page_size.unwrap_or(20);
let page_size = params.page_size.unwrap_or(20).min(100);
// 非管理权限用户只能查看已发布文章,防止草稿泄露
let status =
if require_any_permission(&ctx, &["health.articles.manage", "health.articles.review"])
@@ -58,7 +58,7 @@ pub async fn list_public_articles(
.tenant_id
.ok_or_else(|| AppError::Validation("tenant_id is required".into()))?;
let page = params.page.unwrap_or(1);
let page_size = params.page_size.unwrap_or(20);
let page_size = params.page_size.unwrap_or(20).min(100);
let result = article_service::list_articles(
&state,
tenant_id,
@@ -307,7 +307,7 @@ where
{
require_permission(&ctx, "health.articles.list")?;
let page = params.page.unwrap_or(1);
let page_size = params.page_size.unwrap_or(20);
let page_size = params.page_size.unwrap_or(20).min(100);
let result =
article_service::list_revisions(&state, ctx.tenant_id, id, page, page_size).await?;
Ok(Json(ApiResponse::ok(result)))

9
crates/erp-health/src/handler/consultation_handler.rs
View File

@@ -68,6 +68,8 @@ where
S: Clone + Send + Sync + 'static,
{
require_permission(&ctx, "health.consultation.manage")?;
req.validate()
.map_err(|e| AppError::Validation(e.to_string()))?;
let result =
consultation_service::create_session(&state, ctx.tenant_id, Some(ctx.user_id), req).await?;
Ok(Json(ApiResponse::ok(result)))
@@ -84,7 +86,7 @@ where
{
require_permission(&ctx, "health.consultation.list")?;
let page = params.page.unwrap_or(1);
let page_size = params.page_size.unwrap_or(20);
let page_size = params.page_size.unwrap_or(20).min(100);
let result = consultation_service::list_sessions(
&state,
ctx.tenant_id,
@@ -124,7 +126,7 @@ where
{
require_permission(&ctx, "health.consultation.list")?;
let page = params.page.unwrap_or(1);
let page_size = params.page_size.unwrap_or(20);
let page_size = params.page_size.unwrap_or(20).min(100);
let result = consultation_service::list_messages(
&state,
ctx.tenant_id,
@@ -209,6 +211,9 @@ where
content: req.content,
media_id: None,
};
msg_req
.validate()
.map_err(|e| AppError::Validation(e.to_string()))?;
msg_req.sanitize();
let result = consultation_service::create_message(
&state,

7
crates/erp-health/src/handler/daily_monitoring_handler.rs
View File

@@ -3,6 +3,7 @@ use axum::extract::{FromRef, Json, Path, Query, State};
use serde::Deserialize;
use utoipa::IntoParams;
use uuid::Uuid;
use validator::Validate;
use erp_core::error::AppError;
use erp_core::rbac::require_permission;
@@ -38,7 +39,7 @@ where
{
require_permission(&ctx, "health.daily-monitoring.list")?;
let page = params.page.unwrap_or(1);
let page_size = params.page_size.unwrap_or(20);
let page_size = params.page_size.unwrap_or(20).min(100);
let result = daily_monitoring_service::list_daily_monitoring(
&state,
ctx.tenant_id,
@@ -76,6 +77,8 @@ where
{
require_permission(&ctx, "health.daily-monitoring.manage")?;
let mut req = req;
req.validate()
.map_err(|e| AppError::Validation(e.to_string()))?;
req.sanitize();
let result = daily_monitoring_service::create_daily_monitoring(
&state,
@@ -99,6 +102,8 @@ where
{
require_permission(&ctx, "health.daily-monitoring.manage")?;
let mut data = req.data;
data.validate()
.map_err(|e| AppError::Validation(e.to_string()))?;
data.sanitize();
let result = daily_monitoring_service::update_daily_monitoring(
&state,

24
crates/erp-health/src/handler/health_data_handler.rs
View File

@@ -8,6 +8,8 @@ use erp_core::error::AppError;
use erp_core::rbac::require_permission;
use erp_core::types::{ApiResponse, PaginatedResponse, TenantContext};
use validator::Validate;
use crate::dto::DeleteWithVersion;
use crate::dto::health_data_dto::*;
use crate::service::health_data_service;
@@ -58,7 +60,7 @@ where
{
require_permission(&ctx, "health.health-data.list")?;
let page = params.page.unwrap_or(1);
let page_size = params.page_size.unwrap_or(20);
let page_size = params.page_size.unwrap_or(20).min(100);
let result =
health_data_service::list_vital_signs(&state, ctx.tenant_id, patient_id, page, page_size)
.await?;
@@ -77,6 +79,8 @@ where
{
require_permission(&ctx, "health.health-data.manage")?;
let mut req = req;
req.validate()
.map_err(|e| AppError::Validation(e.to_string()))?;
req.sanitize();
let result = health_data_service::create_vital_signs(
&state,
@@ -101,6 +105,8 @@ where
{
require_permission(&ctx, "health.health-data.manage")?;
let mut data = req.data;
data.validate()
.map_err(|e| AppError::Validation(e.to_string()))?;
data.sanitize();
let result = health_data_service::update_vital_signs(
&state,
@@ -153,7 +159,7 @@ where
{
require_permission(&ctx, "health.health-data.list")?;
let page = params.page.unwrap_or(1);
let page_size = params.page_size.unwrap_or(20);
let page_size = params.page_size.unwrap_or(20).min(100);
let result =
health_data_service::list_lab_reports(&state, ctx.tenant_id, patient_id, page, page_size)
.await?;
@@ -172,6 +178,8 @@ where
{
require_permission(&ctx, "health.health-data.manage")?;
let mut req = req;
req.validate()
.map_err(|e| AppError::Validation(e.to_string()))?;
req.sanitize();
let result = health_data_service::create_lab_report(
&state,
@@ -196,6 +204,8 @@ where
{
require_permission(&ctx, "health.health-data.manage")?;
let mut data = req.data;
data.validate()
.map_err(|e| AppError::Validation(e.to_string()))?;
data.sanitize();
let result = health_data_service::update_lab_report(
&state,
@@ -244,6 +254,8 @@ where
{
require_permission(&ctx, "health.health-data.manage")?;
let mut data = req.data;
data.validate()
.map_err(|e| AppError::Validation(e.to_string()))?;
data.sanitize();
let result = health_data_service::review_lab_report(
&state,
@@ -274,7 +286,7 @@ where
{
require_permission(&ctx, "health.health-data.list")?;
let page = params.page.unwrap_or(1);
let page_size = params.page_size.unwrap_or(20);
let page_size = params.page_size.unwrap_or(20).min(100);
let result = health_data_service::list_health_records(
&state,
ctx.tenant_id,
@@ -298,6 +310,8 @@ where
{
require_permission(&ctx, "health.health-data.manage")?;
let mut req = req;
req.validate()
.map_err(|e| AppError::Validation(e.to_string()))?;
req.sanitize();
let result = health_data_service::create_health_record(
&state,
@@ -322,6 +336,8 @@ where
{
require_permission(&ctx, "health.health-data.manage")?;
let mut data = req.data;
data.validate()
.map_err(|e| AppError::Validation(e.to_string()))?;
data.sanitize();
let result = health_data_service::update_health_record(
&state,
@@ -374,7 +390,7 @@ where
{
require_permission(&ctx, "health.health-data.list")?;
let page = params.page.unwrap_or(1);
let page_size = params.page_size.unwrap_or(20);
let page_size = params.page_size.unwrap_or(20).min(100);
let result =
trend_service::list_trends(&state, ctx.tenant_id, patient_id, page, page_size).await?;
Ok(Json(ApiResponse::ok(result)))