iven/hms
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(health): family_member + doctor_profile PII 加密
Some checks failed
CI / rust-check (push) Has been cancelled
Details
CI / rust-test (push) Has been cancelled
Details
CI / frontend-build (push) Has been cancelled
Details
CI / security-audit (push) Has been cancelled
Details

Browse Source 
- 迁移 m000067: patient_family_member 添加 phone_hash + key_version
- 迁移 m000068: doctor_profile 添加 license_number_hash + key_version
- family_member: phone 加密 + HMAC 索引 + 列表脱敏
- doctor_profile: license_number 加密 + HMAC 搜索重写 + 详情解密
- 列表中 Tier 1 字段返回 None
This commit is contained in:
iven
2026-04-26 12:23:10 +08:00
parent 2474905727
commit cb3653c92e
7 changed files with 213 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
crates/erp-server/migration/src/lib.rs
View File

@@ -66,6 +66,8 @@ mod m20260427_000063_content_management;
mod m20260427_000064_add_patient_pii_fields;
mod m20260427_000065_add_consultation_message_key_version;
mod m20260427_000066_add_follow_up_record_key_version;
mod m20260427_000067_add_family_member_pii_fields;
mod m20260427_000068_add_doctor_profile_pii_fields;
pub struct Migrator;
@@ -139,6 +141,8 @@ impl MigratorTrait for Migrator {
Box::new(m20260427_000064_add_patient_pii_fields::Migration),
Box::new(m20260427_000065_add_consultation_message_key_version::Migration),
Box::new(m20260427_000066_add_follow_up_record_key_version::Migration),
Box::new(m20260427_000067_add_family_member_pii_fields::Migration),
Box::new(m20260427_000068_add_doctor_profile_pii_fields::Migration),
]
}
}

56
crates/erp-server/migration/src/m20260427_000067_add_family_member_pii_fields.rs Normal file
View File

@@ -0,0 +1,56 @@
use sea_orm_migration::prelude::*;
#[derive(DeriveMigrationName)]
pub struct Migration;
#[async_trait::async_trait]
impl MigrationTrait for Migration {
async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
manager
.alter_table(
Table::alter()
.table(PatientFamilyMember::Table)
.add_column(ColumnDef::new(PatientFamilyMember::PhoneHash).string_len(64).null())
.add_column(ColumnDef::new(PatientFamilyMember::KeyVersion).integer().null())
.to_owned(),
)
.await?;
manager
.create_index(
Index::create()
.name("idx_family_member_phone_hash")
.table(PatientFamilyMember::Table)
.col(PatientFamilyMember::PhoneHash)
.to_owned(),
)
.await?;
Ok(())
}
async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
manager
.drop_index(Index::drop().name("idx_family_member_phone_hash").to_owned())
.await?;
manager
.alter_table(
Table::alter()
.table(PatientFamilyMember::Table)
.drop_column(PatientFamilyMember::PhoneHash)
.drop_column(PatientFamilyMember::KeyVersion)
.to_owned(),
)
.await?;
Ok(())
}
}
#[derive(DeriveIden)]
enum PatientFamilyMember {
Table,
PhoneHash,
KeyVersion,
}

56
crates/erp-server/migration/src/m20260427_000068_add_doctor_profile_pii_fields.rs Normal file
View File

@@ -0,0 +1,56 @@
use sea_orm_migration::prelude::*;
#[derive(DeriveMigrationName)]
pub struct Migration;
#[async_trait::async_trait]
impl MigrationTrait for Migration {
async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
manager
.alter_table(
Table::alter()
.table(DoctorProfile::Table)
.add_column(ColumnDef::new(DoctorProfile::LicenseNumberHash).string_len(64).null())
.add_column(ColumnDef::new(DoctorProfile::KeyVersion).integer().null())
.to_owned(),
)
.await?;
manager
.create_index(
Index::create()
.name("idx_doctor_profile_license_hash")
.table(DoctorProfile::Table)
.col(DoctorProfile::LicenseNumberHash)
.to_owned(),
)
.await?;
Ok(())
}
async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
manager
.drop_index(Index::drop().name("idx_doctor_profile_license_hash").to_owned())
.await?;
manager
.alter_table(
Table::alter()
.table(DoctorProfile::Table)
.drop_column(DoctorProfile::LicenseNumberHash)
.drop_column(DoctorProfile::KeyVersion)
.to_owned(),
)
.await?;
Ok(())
}
}
#[derive(DeriveIden)]
enum DoctorProfile {
Table,
LicenseNumberHash,
KeyVersion,
}