fix(ci,web): API 路径检查脚本归一化 + DEV 模式路由覆盖率校验

- check-api-paths.sh: 归一化前端硬编码 ID、扩展后端路由提取范围 (users/roles/departments 等基础模块)、排除插件动态路由假阳性结果: 46 个不匹配 → 0 个，CI PASS - routeConfig.ts: 新增 validateRouteCoverage() 开发模式校验函数 - App.tsx: 挂载时调用路由覆盖率校验，未声明权限的路由会 console.warn
2026-05-13 14:48:10 +08:00
parent c681049c82
commit e9458a6bdf
3 changed files with 116 additions and 19 deletions
--- a/apps/web/src/routeConfig.ts
+++ b/apps/web/src/routeConfig.ts
@@ -175,6 +175,14 @@ const ENTRIES: RoutePermissionEntry[] = [
    path: "/health/article-tags",
    permissions: ["health.articles.list", "health.articles.manage"],
  },
+  {
+    path: "/health/banners",
+    permissions: ["health.banners.list", "health.banners.manage"],
+  },
+  {
+    path: "/health/media-library",
+    permissions: ["health.media.list", "health.media.manage"],
+  },

  // ===== 健康管理 — 其他 =====
  {
@@ -187,7 +195,7 @@ const ENTRIES: RoutePermissionEntry[] = [
  },
  {
    path: "/health/medication-records",
-    permissions: ["health.medication-records.manage"],
+    permissions: ["health.medication-records.list", "health.medication-records.manage"],
  },

  // ===== 冻结路由 =====
@@ -219,6 +227,11 @@ const ENTRIES: RoutePermissionEntry[] = [
    permissions: ["health.dialysis.list", "health.dialysis.manage"],
    frozen: true,
  },
+  {
+    path: "/health/dialysis-prescriptions",
+    permissions: ["health.dialysis-prescription.list", "health.dialysis-prescription.manage"],
+    frozen: true,
+  },
  {
    path: "/health/schedules",
    permissions: ["health.appointment.list", "health.appointment.manage"],
@@ -244,3 +257,26 @@ if (import.meta.env.DEV) {
    console.error("[routeConfig] 检测到重复路径:", dupes);
  }
 }
+
+/**
+ * DEV 模式路由覆盖率校验。
+ * 在 App.tsx 挂载后调用，检查所有实际路由是否都有权限声明。
+ * 忽略带参数的子路由（如 /health/patients/:id），它们通过前缀匹配继承权限。
+ */
+export function validateRouteCoverage(registeredPaths: string[]): void {
+  if (!import.meta.env.DEV) return;
+
+  const allConfigPaths = ENTRIES.map((e) => e.path);
+  const uncovered = registeredPaths.filter((p) => {
+    if (p === "/" || p === "/login" || p === "/*") return false;
+    if (p.includes(":")) return false; // 子路由通过前缀继承
+    return !allConfigPaths.includes(p);
+  });
+
+  if (uncovered.length > 0) {
+    console.warn(
+      "[routeConfig] 以下路由未在 routeConfig.ts 中声明权限，将被 PrivateRoute 默认 403 拦截：",
+      uncovered,
+    );
+  }
+}