iven/hms
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(health): 医生详情 API 返回解密后的原始执照号,不再脱敏
Some checks failed
CI / rust-check (push) Has been cancelled
Details
CI / rust-test (push) Has been cancelled
Details
CI / frontend-build (push) Has been cancelled
Details
CI / security-audit (push) Has been cancelled
Details

Browse Source 
model_to_resp_decrypted 错误地对解密后的 license_number
调用 mask_license_number,导致详情 API 返回脱敏值
(YL****23) 而非完整原始值 (YL-2024-00123)。

修复:详情/创建/更新响应只做解密不做脱敏,列表 API
仍然将 Tier 1 字段设为 None。
This commit is contained in:
iven
2026-04-26 21:31:41 +08:00
parent 8a253a4910
commit f0c3426792
1 changed files with 23 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
crates/erp-health/src/service/doctor_service.rs
View File

@@ -142,6 +142,16 @@ pub async fn update_doctor(
.map_err(|_| HealthError::VersionMismatch)?;
let old_online_status = model.online_status.clone();
// 记录变更前的关键字段license_number 为加密值,不记录原文)
let old_values = serde_json::json!({
"name": model.name,
"department": model.department,
"title": model.title,
"specialty": model.specialty,
"bio": model.bio,
"online_status": model.online_status,
});
let mut active: doctor_profile::ActiveModel = model.into();
if let Some(v) = req.name { active.name = Set(v); }
if let Some(v) = req.department { active.department = Set(Some(v)); }
@@ -173,9 +183,20 @@ pub async fn update_doctor(
let updated = active.update(&state.db).await?;
// 变更后快照
let new_values = serde_json::json!({
"name": updated.name,
"department": updated.department,
"title": updated.title,
"specialty": updated.specialty,
"bio": updated.bio,
"online_status": updated.online_status,
});
audit_service::record(
AuditLog::new(tenant_id, operator_id, "doctor.updated", "doctor")
.with_resource_id(updated.id),
.with_resource_id(updated.id)
.with_changes(Some(old_values), Some(new_values)),
&state.db,
).await;
@@ -242,8 +263,7 @@ fn model_to_resp(m: doctor_profile::Model) -> DoctorResp {
fn model_to_resp_decrypted(crypto: &erp_core::crypto::PiiCrypto, m: doctor_profile::Model) -> DoctorResp {
let license = m.license_number.as_ref()
.map(|l| pii::decrypt(crypto.kek(), l).unwrap_or_else(|_| l.clone()))
.map(|l| pii::mask_license_number(&l));
.map(|l| pii::decrypt(crypto.kek(), l).unwrap_or_else(|_| l.clone()));
DoctorResp {
id: m.id,
user_id: m.user_id,