fix(health): 全 handler page_size 上限 100 防止 DoS
22 个 handler 文件统一添加 .min(100) 限制分页大小
This commit is contained in:
iven
@@ -33,7 +33,7 @@ where
|
||||
{
|
||||
require_permission(&ctx, "health.alerts.list")?;
|
||||
let page = query.page.unwrap_or(1);
|
||||
let page_size = query.page_size.unwrap_or(20);
|
||||
let page_size = query.page_size.unwrap_or(20).min(100);
|
||||
|
||||
let (items, total) = alert_service::list_alerts(
|
||||
&state,
|
||||
|
||||
@@ -36,7 +36,7 @@ where
|
||||
{
|
||||
require_permission(&ctx, "health.alert-rules.list")?;
|
||||
let page = query.page.unwrap_or(1);
|
||||
let page_size = query.page_size.unwrap_or(20);
|
||||
let page_size = query.page_size.unwrap_or(20).min(100);
|
||||
|
||||
let (items, total) = alert_rule_service::list_rules(
|
||||
&state,
|
||||
|
||||
@@ -62,7 +62,7 @@ where
|
||||
{
|
||||
require_permission(&ctx, "health.appointment.list")?;
|
||||
let page = params.page.unwrap_or(1);
|
||||
let page_size = params.page_size.unwrap_or(20);
|
||||
let page_size = params.page_size.unwrap_or(20).min(100);
|
||||
let result = appointment_service::list_appointments(
|
||||
&state,
|
||||
ctx.tenant_id,
|
||||
@@ -148,7 +148,7 @@ where
|
||||
{
|
||||
require_permission(&ctx, "health.appointment.list")?;
|
||||
let page = params.page.unwrap_or(1);
|
||||
let page_size = params.page_size.unwrap_or(20);
|
||||
let page_size = params.page_size.unwrap_or(20).min(100);
|
||||
let result = appointment_service::list_schedules(
|
||||
&state,
|
||||
ctx.tenant_id,
|
||||
|
||||
@@ -138,7 +138,7 @@ where
|
||||
{
|
||||
require_permission(&ctx, "health.ble-gateways.list")?;
|
||||
let page = params.page.unwrap_or(1);
|
||||
let page_size = params.page_size.unwrap_or(20);
|
||||
let page_size = params.page_size.unwrap_or(20).min(100);
|
||||
let result =
|
||||
ble_gateway_service::list_bindings(&state, ctx.tenant_id, gateway_id, page, page_size)
|
||||
.await?;
|
||||
|
||||
@@ -118,7 +118,7 @@ where
|
||||
{
|
||||
require_permission(&ctx, "health.care-plan.list")?;
|
||||
let page = params.page.unwrap_or(1);
|
||||
let page_size = params.page_size.unwrap_or(20);
|
||||
let page_size = params.page_size.unwrap_or(20).min(100);
|
||||
let result =
|
||||
care_plan_service::list_care_plan_items(&state, ctx.tenant_id, plan_id, page, page_size)
|
||||
.await?;
|
||||
@@ -211,7 +211,7 @@ where
|
||||
{
|
||||
require_permission(&ctx, "health.care-plan.list")?;
|
||||
let page = params.page.unwrap_or(1);
|
||||
let page_size = params.page_size.unwrap_or(20);
|
||||
let page_size = params.page_size.unwrap_or(20).min(100);
|
||||
let result =
|
||||
care_plan_service::list_care_plan_outcomes(&state, ctx.tenant_id, plan_id, page, page_size)
|
||||
.await?;
|
||||
|
||||
@@ -35,7 +35,7 @@ where
|
||||
{
|
||||
require_permission(&ctx, "health.consent.list")?;
|
||||
let page = params.page.unwrap_or(1);
|
||||
let page_size = params.page_size.unwrap_or(20);
|
||||
let page_size = params.page_size.unwrap_or(20).min(100);
|
||||
let result =
|
||||
consent_service::list_consents(&state, ctx.tenant_id, patient_id, page, page_size).await?;
|
||||
Ok(Json(ApiResponse::ok(result)))
|
||||
|
||||
@@ -29,7 +29,7 @@ where
|
||||
{
|
||||
require_permission(&ctx, "health.critical-alerts.list")?;
|
||||
let page = query.page.unwrap_or(1);
|
||||
let page_size = query.page_size.unwrap_or(20);
|
||||
let page_size = query.page_size.unwrap_or(20).min(100);
|
||||
|
||||
let (items, total) =
|
||||
critical_alert_service::list_pending_alerts(&state, ctx.tenant_id, page, page_size)
|
||||
|
||||
@@ -48,7 +48,7 @@ where
|
||||
{
|
||||
require_permission(&ctx, "health.devices.list")?;
|
||||
let page = query.page.unwrap_or(1);
|
||||
let page_size = query.page_size.unwrap_or(20);
|
||||
let page_size = query.page_size.unwrap_or(20).min(100);
|
||||
|
||||
let (items, total) = device_service::list_devices(
|
||||
&state,
|
||||
|
||||
@@ -76,7 +76,7 @@ where
|
||||
{
|
||||
require_permission(&ctx, "health.device-readings.list")?;
|
||||
let page = query.page.unwrap_or(1);
|
||||
let page_size = query.page_size.unwrap_or(20);
|
||||
let page_size = query.page_size.unwrap_or(20).min(100);
|
||||
let result = device_reading_service::query_device_readings(
|
||||
&state,
|
||||
ctx.tenant_id,
|
||||
@@ -109,7 +109,7 @@ where
|
||||
{
|
||||
require_permission(&ctx, "health.device-readings.list")?;
|
||||
let page = query.page.unwrap_or(1);
|
||||
let page_size = query.page_size.unwrap_or(20);
|
||||
let page_size = query.page_size.unwrap_or(20).min(100);
|
||||
let days = query.days.unwrap_or(7);
|
||||
let result = device_reading_service::query_hourly_readings(
|
||||
&state,
|
||||
|
||||
@@ -35,7 +35,7 @@ where
|
||||
{
|
||||
require_permission(&ctx, "health.health-data.list")?;
|
||||
let page = params.page.unwrap_or(1);
|
||||
let page_size = params.page_size.unwrap_or(20);
|
||||
let page_size = params.page_size.unwrap_or(20).min(100);
|
||||
let result =
|
||||
diagnosis_service::list_diagnoses(&state, ctx.tenant_id, patient_id, page, page_size)
|
||||
.await?;
|
||||
|
||||
@@ -40,7 +40,7 @@ where
|
||||
{
|
||||
require_permission(&ctx, "health.doctor.list")?;
|
||||
let page = params.page.unwrap_or(1);
|
||||
let page_size = params.page_size.unwrap_or(20);
|
||||
let page_size = params.page_size.unwrap_or(20).min(100);
|
||||
let result = doctor_service::list_doctors(
|
||||
&state,
|
||||
ctx.tenant_id,
|
||||
|
||||
@@ -119,7 +119,7 @@ where
|
||||
{
|
||||
require_permission(&ctx, "health.follow-up.list")?;
|
||||
let page = params.page.unwrap_or(1);
|
||||
let page_size = params.page_size.unwrap_or(20);
|
||||
let page_size = params.page_size.unwrap_or(20).min(100);
|
||||
let result = follow_up_service::list_tasks(
|
||||
&state,
|
||||
ctx.tenant_id,
|
||||
@@ -239,7 +239,7 @@ where
|
||||
{
|
||||
require_permission(&ctx, "health.follow-up.list")?;
|
||||
let page = params.page.unwrap_or(1);
|
||||
let page_size = params.page_size.unwrap_or(20);
|
||||
let page_size = params.page_size.unwrap_or(20).min(100);
|
||||
let result = follow_up_service::list_records(
|
||||
&state,
|
||||
ctx.tenant_id,
|
||||
|
||||
@@ -39,7 +39,7 @@ where
|
||||
{
|
||||
require_permission(&ctx, "health.follow-up-templates.list")?;
|
||||
let page = params.page.unwrap_or(1);
|
||||
let page_size = params.page_size.unwrap_or(20);
|
||||
let page_size = params.page_size.unwrap_or(20).min(100);
|
||||
let result = follow_up_template_service::list_templates(
|
||||
&state,
|
||||
ctx.tenant_id,
|
||||
|
||||
@@ -29,7 +29,7 @@ where
|
||||
{
|
||||
require_permission(&ctx, "health.medication-records.list")?;
|
||||
let page = params.page.unwrap_or(1);
|
||||
let page_size = params.page_size.unwrap_or(20);
|
||||
let page_size = params.page_size.unwrap_or(20).min(100);
|
||||
let result = medication_record_service::list_medications(
|
||||
&state,
|
||||
ctx.tenant_id,
|
||||
|
||||
@@ -28,7 +28,7 @@ where
|
||||
{
|
||||
require_permission(&ctx, "health.medication-reminders.list")?;
|
||||
let page = params.page.unwrap_or(1);
|
||||
let page_size = params.page_size.unwrap_or(20);
|
||||
let page_size = params.page_size.unwrap_or(20).min(100);
|
||||
let result = medication_reminder_service::list_reminders(
|
||||
&state,
|
||||
ctx.tenant_id,
|
||||
|
||||
@@ -44,7 +44,7 @@ where
|
||||
{
|
||||
require_permission(&ctx, "health.patient.list")?;
|
||||
let page = params.page.unwrap_or(1);
|
||||
let page_size = params.page_size.unwrap_or(20);
|
||||
let page_size = params.page_size.unwrap_or(20).min(100);
|
||||
let result = patient_service::list_patients(
|
||||
&state,
|
||||
ctx.tenant_id,
|
||||
|
||||
@@ -91,7 +91,7 @@ where
|
||||
require_permission(&ctx, "health.points.list")?;
|
||||
let patient_id = resolve_patient_id(&state, ctx.tenant_id, ctx.user_id).await?;
|
||||
let page = params.page.unwrap_or(1);
|
||||
let page_size = params.page_size.unwrap_or(20);
|
||||
let page_size = params.page_size.unwrap_or(20).min(100);
|
||||
let result =
|
||||
points_service::list_transactions(&state, ctx.tenant_id, patient_id, page, page_size)
|
||||
.await?;
|
||||
@@ -110,7 +110,7 @@ where
|
||||
{
|
||||
require_permission(&ctx, "health.points.list")?;
|
||||
let p = page.page.unwrap_or(1);
|
||||
let ps = page.page_size.unwrap_or(20);
|
||||
let ps = page.page_size.unwrap_or(20).min(100);
|
||||
let result =
|
||||
points_service::list_products(&state, ctx.tenant_id, params.product_type, p, ps).await?;
|
||||
Ok(Json(ApiResponse::ok(result)))
|
||||
@@ -159,7 +159,7 @@ where
|
||||
require_permission(&ctx, "health.points.list")?;
|
||||
let patient_id = resolve_patient_id(&state, ctx.tenant_id, ctx.user_id).await?;
|
||||
let page = params.page.unwrap_or(1);
|
||||
let page_size = params.page_size.unwrap_or(20);
|
||||
let page_size = params.page_size.unwrap_or(20).min(100);
|
||||
let result =
|
||||
points_service::list_orders(&state, ctx.tenant_id, patient_id, page, page_size).await?;
|
||||
Ok(Json(ApiResponse::ok(result)))
|
||||
@@ -182,7 +182,7 @@ where
|
||||
// 患者端端点:验证当前用户有关联的患者档案
|
||||
let _patient_id = resolve_patient_id(&state, ctx.tenant_id, ctx.user_id).await?;
|
||||
let page = params.page.unwrap_or(1);
|
||||
let page_size = params.page_size.unwrap_or(20);
|
||||
let page_size = params.page_size.unwrap_or(20).min(100);
|
||||
let result =
|
||||
points_service::list_offline_events(&state, ctx.tenant_id, page, page_size).await?;
|
||||
Ok(Json(ApiResponse::ok(result)))
|
||||
@@ -318,7 +318,7 @@ where
|
||||
{
|
||||
require_permission(&ctx, "health.points.list")?;
|
||||
let p = page.page.unwrap_or(1);
|
||||
let ps = page.page_size.unwrap_or(20);
|
||||
let ps = page.page_size.unwrap_or(20).min(100);
|
||||
let result = points_service::admin_list_products(
|
||||
&state,
|
||||
ctx.tenant_id,
|
||||
@@ -406,7 +406,7 @@ where
|
||||
{
|
||||
require_permission(&ctx, "health.points.list")?;
|
||||
let page = params.page.unwrap_or(1);
|
||||
let page_size = params.page_size.unwrap_or(20);
|
||||
let page_size = params.page_size.unwrap_or(20).min(100);
|
||||
// 管理端查看所有订单 — 不按 patient_id 过滤
|
||||
let result = points_service::admin_list_orders(&state, ctx.tenant_id, page, page_size).await?;
|
||||
Ok(Json(ApiResponse::ok(result)))
|
||||
@@ -498,7 +498,7 @@ where
|
||||
{
|
||||
require_permission(&ctx, "health.points.list")?;
|
||||
let page = params.page.unwrap_or(1);
|
||||
let page_size = params.page_size.unwrap_or(20);
|
||||
let page_size = params.page_size.unwrap_or(20).min(100);
|
||||
let result = points_service::admin_list_offline_events(
|
||||
&state,
|
||||
ctx.tenant_id,
|
||||
@@ -579,7 +579,7 @@ where
|
||||
{
|
||||
require_permission(&ctx, "health.points.list")?;
|
||||
let page = params.page.unwrap_or(1);
|
||||
let page_size = params.page_size.unwrap_or(20);
|
||||
let page_size = params.page_size.unwrap_or(20).min(100);
|
||||
let result =
|
||||
points_service::list_transactions(&state, ctx.tenant_id, patient_id, page, page_size)
|
||||
.await?;
|
||||
|
||||
@@ -118,7 +118,7 @@ where
|
||||
{
|
||||
require_permission(&ctx, "health.shifts.list")?;
|
||||
let page = params.page.unwrap_or(1);
|
||||
let page_size = params.page_size.unwrap_or(20);
|
||||
let page_size = params.page_size.unwrap_or(20).min(100);
|
||||
let result =
|
||||
shift_service::list_assignments(&state, ctx.tenant_id, shift_id, page, page_size).await?;
|
||||
Ok(Json(ApiResponse::ok(result)))
|
||||
|
||||
Reference in New Issue
Block a user