iven/hms
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(health): 精准审计修复 6 个真实问题 — 安全/一致性/性能
Some checks failed
CI / rust-check (push) Has been cancelled
Details
CI / rust-test (push) Has been cancelled
Details
CI / frontend-build (push) Has been cancelled
Details
CI / security-audit (push) Has been cancelled
Details

Browse Source 
P0: consultation handler sender_role 从请求体移除,改为服务端推导(防伪造)
P1: 所有软删除操作统一使用 check_version 乐观锁(6个函数)
P1: 修复 health_trend 索引缺少 tenant_id 前导列 + follow_up_record 补 (tenant_id, executed_date) 索引
P2: Decimal->f64 使用 ToPrimitive::to_f64 替代脆弱的 to_string().parse()
P2: 预约取消释放槽位+状态更新包裹进同一事务
This commit is contained in:
iven
2026-04-24 08:36:22 +08:00
parent 6391a13467
commit a0ca156e2c
14 changed files with 136 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
crates/erp-server/migration/src/lib.rs
View File

@@ -46,6 +46,7 @@ mod m20260423_000043_create_wechat_users;
mod m20260423_000044_create_articles;
mod m20260424_000045_health_indexes;
mod m20260424_000046_health_constraints_fix;
mod m20260424_000047_health_index_fix;
pub struct Migrator;
@@ -99,6 +100,7 @@ impl MigratorTrait for Migrator {
Box::new(m20260423_000044_create_articles::Migration),
Box::new(m20260424_000045_health_indexes::Migration),
Box::new(m20260424_000046_health_constraints_fix::Migration),
Box::new(m20260424_000047_health_index_fix::Migration),
]
}
}

49
crates/erp-server/migration/src/m20260424_000047_health_index_fix.rs Normal file
View File

@@ -0,0 +1,49 @@
use sea_orm_migration::prelude::*;
#[derive(DeriveMigrationName)]
pub struct Migration;
#[async_trait::async_trait]
impl MigrationTrait for Migration {
async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
let db = manager.get_connection();
// 删除旧索引(缺少 tenant_id 前导列)
db.execute_unprepared(
"DROP INDEX IF EXISTS idx_health_trend_patient_period"
).await?;
// 重建为包含 tenant_id 的正确索引
db.execute_unprepared(
"CREATE INDEX IF NOT EXISTS idx_health_trend_tenant_patient_period \
ON health_trend (tenant_id, patient_id, period_start DESC)"
).await?;
// 添加 follow_up_record 缺失的 (tenant_id, executed_date) 索引
db.execute_unprepared(
"CREATE INDEX IF NOT EXISTS idx_follow_up_record_tenant_executed_date \
ON follow_up_record (tenant_id, executed_date DESC)"
).await?;
Ok(())
}
async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
let db = manager.get_connection();
db.execute_unprepared(
"DROP INDEX IF EXISTS idx_health_trend_tenant_patient_period"
).await?;
db.execute_unprepared(
"DROP INDEX IF EXISTS idx_follow_up_record_tenant_executed_date"
).await?;
db.execute_unprepared(
"CREATE INDEX IF NOT EXISTS idx_health_trend_patient_period \
ON health_trend (patient_id, period_start)"
).await?;
Ok(())
}
}