feat(health): 身份证号 AES-256-GCM 加密 + HMAC 索引 + 字段级脱敏

- crypto.rs: AES-256-GCM 加密/解密 + HMAC-SHA256 索引 - create/update: id_number 加密存储, id_number_hash 索引 - list: 不返回 id_number, 手机号掩码 - detail: 解密后身份证掩码(前3后4), 手机号掩码 - 搜索: 改用 HMAC 精确匹配(不再模糊搜索加密列) - 迁移 m000048: 添加 patients.id_number_hash 列
2026-04-25 00:21:49 +08:00
parent 479b5900c9
commit 6c70e2a783
12 changed files with 233 additions and 10 deletions
--- a/crates/erp-server/src/state.rs
+++ b/crates/erp-server/src/state.rs
@@ -105,6 +105,7 @@ impl FromRef<AppState> for erp_health::HealthState {
        Self {
            db: state.db.clone(),
            event_bus: state.event_bus.clone(),
+            crypto: erp_health::HealthCrypto::dev_default(),
        }
    }
 }