fix(health): 三次审计批次B修复 — 12个HIGH问题

- H-6: appointment_service 状态转换复用 validation.rs 函数
- H-7: 添加 validate_record_type (checkup/outpatient/inpatient)
- H-8: 添加 validate_patient_status + validate_verification_status 白名单
- H-9: 添加 validate_online_status + online_status 变更事件
- H-10: create_appointment 添加 doctor_id 存在性检查
- H-12/H-13/H-14: 添加 lab_report GIN/health_trend/follow_up_record 索引

crates/erp-server/migration/src/lib.rs

@@ -44,6 +44,7 @@ mod m20260419_000041_plugin_user_views;
 mod m20260423_000042_create_health_tables;
 mod m20260423_000043_create_wechat_users;
 mod m20260423_000044_create_articles;
+mod m20260424_000045_health_indexes;
 
 pub struct Migrator;
 
@@ -95,6 +96,7 @@ impl MigratorTrait for Migrator {
             Box::new(m20260423_000042_create_health_tables::Migration),
             Box::new(m20260423_000043_create_wechat_users::Migration),
             Box::new(m20260423_000044_create_articles::Migration),
+            Box::new(m20260424_000045_health_indexes::Migration),
         ]
     }
 }

crates/erp-server/migration/src/m20260424_000045_health_indexes.rs

@@ -0,0 +1,57 @@
+use sea_orm_migration::prelude::*;
+
+#[derive(DeriveMigrationName)]
+pub struct Migration;
+
+#[async_trait::async_trait]
+impl MigrationTrait for Migration {
+    async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
+        // H-12: lab_report.indicators GIN 索引（JSONB 查询加速）
+        manager
+            .get_connection()
+            .execute_unprepared(
+                "CREATE INDEX IF NOT EXISTS idx_lab_report_indicators_gin ON lab_report USING GIN (indicators)",
+            )
+            .await?;
+
+        // H-13: health_trend (patient_id, period_start) 联合索引（趋势查询加速）
+        manager
+            .create_index(
+                Index::create()
+                    .name("idx_health_trend_patient_period")
+                    .table(Alias::new("health_trend"))
+                    .col(Alias::new("patient_id"))
+                    .col(Alias::new("period_start"))
+                    .to_owned(),
+            )
+            .await?;
+
+        // H-14: follow_up_record (task_id, executed_date) 联合索引（随访记录查询加速）
+        manager
+            .create_index(
+                Index::create()
+                    .name("idx_follow_up_record_task_date")
+                    .table(Alias::new("follow_up_record"))
+                    .col(Alias::new("task_id"))
+                    .col(Alias::new("executed_date"))
+                    .to_owned(),
+            )
+            .await?;
+
+        Ok(())
+    }
+
+    async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
+        manager
+            .get_connection()
+            .execute_unprepared("DROP INDEX IF EXISTS idx_lab_report_indicators_gin")
+            .await?;
+        manager
+            .drop_index(Index::drop().name("idx_health_trend_patient_period").to_owned())
+            .await?;
+        manager
+            .drop_index(Index::drop().name("idx_follow_up_record_task_date").to_owned())
+            .await?;
+        Ok(())
+    }
+}