fix(miniprogram+auth): 二次审计修复 — 3 HIGH + 2 MEDIUM

HIGH:
- wechat_users 迁移补充 created_by/updated_by/version 标准字段
- Entity 同步更新，bind_phone 创建记录时填充新字段
- appointment create 移除 schedule_id 空字符串，改为可选
- appointment list 用 useRef 替代 useCallback 的 loading 依赖，消除 stale closure

MEDIUM:
- report 页 patientId 从顶层读取改为 useDidShow 内动态获取，就诊人切换后正确刷新
- profile/reports 同上修复
- profile/followups 移除 useDidShow 非法的第二参数

apps/miniprogram/src/pages/appointment/create/index.tsx

@@ -88,7 +88,6 @@ export default function AppointmentCreate() {
       await createAppointment({
         patient_id: currentPatient.id,
         doctor_id: selectedDoctor.id,
-        schedule_id: '',
         appointment_date: appointmentDate,
         time_slot: timeSlot.trim(),
         reason: reason.trim() || undefined,

apps/miniprogram/src/pages/appointment/index.tsx

@@ -1,4 +1,4 @@
-import React, { useState, useCallback } from 'react';
+import React, { useState, useCallback, useRef } from 'react';
 import { View, Text } from '@tarojs/components';
 import Taro, { useDidShow, useReachBottom, usePullDownRefresh } from '@tarojs/taro';
 import { listAppointments, cancelAppointment } from '../../services/appointment';
@@ -19,10 +19,11 @@ export default function AppointmentList() {
   const [page, setPage] = useState(1);
   const [total, setTotal] = useState(0);
   const [loading, setLoading] = useState(false);
-  const [refreshing, setRefreshing] = useState(false);
+  const loadingRef = useRef(false);
 
   const fetchData = useCallback(async (pageNum: number, isRefresh = false) => {
-    if (loading) return;
+    if (loadingRef.current) return;
+    loadingRef.current = true;
     setLoading(true);
     try {
       const res = await listAppointments(pageNum);
@@ -37,17 +38,16 @@ export default function AppointmentList() {
     } catch {
       Taro.showToast({ title: '加载失败', icon: 'none' });
     } finally {
+      loadingRef.current = false;
       setLoading(false);
-      setRefreshing(false);
     }
-  }, [loading]);
+  }, []);
 
   useDidShow(() => {
     fetchData(1, true);
   });
 
   usePullDownRefresh(() => {
-    setRefreshing(true);
     fetchData(1, true).finally(() => {
       Taro.stopPullDownRefresh();
     });

apps/miniprogram/src/pages/profile/followups/index.tsx

@@ -31,7 +31,7 @@ export default function MyFollowUps() {
 
   useDidShow(() => {
     fetchTasks(activeTab);
-  }, [activeTab, fetchTasks]);
+  });
 
   const handleTabChange = (key: string) => {
     setActiveTab(key);

apps/miniprogram/src/pages/profile/reports/index.tsx

@@ -14,9 +14,8 @@ export default function MyReports() {
   const [total, setTotal] = useState(0);
   const [loading, setLoading] = useState(false);
 
-  const patientId = Taro.getStorageSync('current_patient_id') || '';
-
   const fetchData = useCallback(async (p: number, append = false) => {
+    const patientId = Taro.getStorageSync('current_patient_id') || '';
     if (!patientId) return;
     setLoading(true);
     try {
@@ -30,11 +29,11 @@ export default function MyReports() {
     } finally {
       setLoading(false);
     }
-  }, [patientId]);
+  }, []);
 
   useDidShow(() => {
     fetchData(1);
-  }, [fetchData]);
+  });
 
   usePullDownRefresh(() => {
     fetchData(1).finally(() => {

apps/miniprogram/src/pages/report/index.tsx

@@ -14,9 +14,8 @@ export default function ReportList() {
   const [total, setTotal] = useState(0);
   const [loading, setLoading] = useState(false);
 
-  const patientId = Taro.getStorageSync('current_patient_id') || '';
-
   const fetchData = useCallback(async (p: number, append = false) => {
+    const patientId = Taro.getStorageSync('current_patient_id') || '';
     if (!patientId) return;
     setLoading(true);
     try {
@@ -30,7 +29,7 @@ export default function ReportList() {
     } finally {
       setLoading(false);
     }
-  }, [patientId]);
+  }, []);
 
   useDidShow(() => {
     fetchData(1);

apps/miniprogram/src/services/appointment.ts

@@ -33,7 +33,7 @@ export async function listAppointments(page = 1) {
 export async function createAppointment(data: {
   patient_id: string;
   doctor_id: string;
-  schedule_id: string;
+  schedule_id?: string;
   appointment_date: string;
   time_slot: string;
   reason?: string;

crates/erp-auth/src/entity/wechat_user.rs

@@ -14,8 +14,11 @@ pub struct Model {
     pub phone: Option<String>,
     pub created_at: DateTimeUtc,
     pub updated_at: DateTimeUtc,
+    pub created_by: Option<Uuid>,
+    pub updated_by: Option<Uuid>,
     #[serde(skip_serializing_if = "Option::is_none")]
     pub deleted_at: Option<DateTimeUtc>,
+    pub version: i32,
 }
 
 #[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]

crates/erp-auth/src/service/wechat_service.rs

@@ -105,7 +105,10 @@ impl WechatService {
             phone: Set(Some(phone)),
             created_at: Set(now),
             updated_at: Set(now),
+            created_by: Set(Some(user_id)),
+            updated_by: Set(Some(user_id)),
             deleted_at: Set(None),
+            version: Set(1),
         };
         wu.insert(&state.db)
             .await

crates/erp-server/migration/src/m20260423_000043_create_wechat_users.rs

@@ -29,10 +29,13 @@ impl MigrationTrait for Migration {
                             .not_null()
                             .default(Expr::current_timestamp()),
                     )
+                    .col(ColumnDef::new(WechatUsers::CreatedBy).uuid())
+                    .col(ColumnDef::new(WechatUsers::UpdatedBy).uuid())
                     .col(
                         ColumnDef::new(WechatUsers::DeletedAt)
                             .timestamp_with_time_zone(),
                     )
+                    .col(ColumnDef::new(WechatUsers::Version).integer().not_null().default(1))
                     .to_owned(),
             )
             .await?;
@@ -72,4 +75,7 @@ enum WechatUsers {
     CreatedAt,
     UpdatedAt,
     DeletedAt,
+    CreatedBy,
+    UpdatedBy,
+    Version,
 }