30 Commits

Author	SHA1	Message	Date
iven	6c70e2a783	feat(health): 身份证号 AES-256-GCM 加密 + HMAC 索引 + 字段级脱敏 ... - crypto.rs: AES-256-GCM 加密/解密 + HMAC-SHA256 索引 - create/update: id_number 加密存储, id_number_hash 索引 - list: 不返回 id_number, 手机号掩码 - detail: 解密后身份证掩码(前3后4), 手机号掩码 - 搜索: 改用 HMAC 精确匹配(不再模糊搜索加密列) - 迁移 m000048: 添加 patients.id_number_hash 列	2026-04-25 00:21:49 +08:00
iven	a0ca156e2c	fix(health): 精准审计修复 6 个真实问题 — 安全/一致性/性能 ... P0: consultation handler sender_role 从请求体移除，改为服务端推导（防伪造） P1: 所有软删除操作统一使用 check_version 乐观锁（6个函数） P1: 修复 health_trend 索引缺少 tenant_id 前导列 + follow_up_record 补 (tenant_id, executed_date) 索引 P2: Decimal->f64 使用 ToPrimitive::to_f64 替代脆弱的 to_string().parse() P2: 预约取消释放槽位+状态更新包裹进同一事务	2026-04-24 08:36:22 +08:00
iven	ef6d76ef6c	fix(miniprogram+auth): 二次审计修复 — 3 HIGH + 2 MEDIUM ... HIGH: - wechat_users 迁移补充 created_by/updated_by/version 标准字段 - Entity 同步更新，bind_phone 创建记录时填充新字段 - appointment create 移除 schedule_id 空字符串，改为可选 - appointment list 用 useRef 替代 useCallback 的 loading 依赖，消除 stale closure MEDIUM: - report 页 patientId 从顶层读取改为 useDidShow 内动态获取，就诊人切换后正确刷新 - profile/reports 同上修复 - profile/followups 移除 useDidShow 非法的第二参数	2026-04-24 08:05:58 +08:00
iven	4867202437	fix(health): 四次审计修复 — 6 CRITICAL + 8 HIGH + 4 MEDIUM ... CRITICAL: - C-1: consultation sender_id 改为从 JWT ctx.user_id 注入，防伪造 - C-2: consultation session 更新改为 CAS 原子操作，防并发丢失 - C-3: 随访记录创建包裹在事务中，保证记录/任务/后续任务一致性 - C-4/C-5/C-6: 唯一索引改为 partial index WHERE deleted_at IS NULL HIGH: - H-1: manage_patient_tags 添加 tag_ids 租户归属校验 - H-2: assign_doctor 添加重复关联检查 - H-3: calendar_view 限制日期范围最多 90 天 - H-4: export_sessions 添加 10000 条上限 - H-5: patient_tag_relation/patient_doctor_relation 添加 version 字段 - H-6: create_schedule 添加医生存在性检查 - H-7: 预约取消排班释放错误改为日志记录 - H-8: follow_up_task.related_appointment_id 添加 FK 约束 MEDIUM: - M-2: 修复 search LIKE 双重 % 包裹问题 - M-3: article_service 错误类型改为 ArticleNotFound - M-4: patient.created 事件移除 PII（姓名） - M-6: lab_report 添加 (tenant_id, report_type) 索引	2026-04-24 07:50:14 +08:00
iven	6fbe7ec530	fix(health): 三次审计批次B修复 — 12个HIGH问题 ... - H-6: appointment_service 状态转换复用 validation.rs 函数 - H-7: 添加 validate_record_type (checkup/outpatient/inpatient) - H-8: 添加 validate_patient_status + validate_verification_status 白名单 - H-9: 添加 validate_online_status + online_status 变更事件 - H-10: create_appointment 添加 doctor_id 存在性检查 - H-12/H-13/H-14: 添加 lab_report GIN/health_trend/follow_up_record 索引	2026-04-24 01:07:04 +08:00
iven	9ef65b9a9f	feat(health+miniprogram): 预约/报告/随访/资讯/家庭管理 — Chunk 4-6 ... 后端: - 添加 articles 表迁移 + Entity + Service + Handler - 健康数据趋势 API (get_mini_trend) 注册路由 - article CRUD (list/get) + DTO 前端 (11个新页面 + 5个服务): - 预约挂号: 列表/创建向导/详情页 - 报告管理: 列表/详情页 - 随访管理: 任务列表/记录详情页 - 资讯文章: 文章详情页 - 个人中心: 就诊人管理/新增/我的报告/我的随访/用药提醒/设置 - 更新 app.config.ts 注册全部路由 - 更新 profile/article 页面为真实功能	2026-04-24 00:58:40 +08:00
iven	ba132921cc	feat(auth): 添加微信小程序登录支持 ... - 新增 wechat_users 表迁移和 SeaORM Entity - 实现微信登录 Service（code→openid→绑定状态查询） - 实现手机号绑定 Service（创建/关联 user + 签发 JWT） - 添加公开路由 POST /auth/wechat/login 和 /auth/wechat/bind-phone - 新增 WechatConfig 到 AppConfig（appid/secret 通过环境变量配置） - 添加 reqwest 依赖用于调用微信 jscode2session API	2026-04-24 00:05:43 +08:00
iven	2e9eb55f2c	fix(health): 修复审计发现的 10 个 CRITICAL 问题 ... 权限与安全: - 为全部 51 个 handler 端点添加 require_permission 权限检查 - 修复 CAS 预约操作中 doctor_id 为 None 时使用 Uuid::nil() 的问题 状态机修复: - 预约初始状态从 "scheduled" 改为 "pending"（匹配设计规格） - 排班状态从 "active" 改为 "enabled" - 咨询会话添加 waiting→active 自动触发（首条消息时） - 新增 create_session 端点和 DTO 数据完整性: - doctor_profile 表添加 name 列（entity + migration + service） - lab_report/health_trend 的 json 列改为 json_binary（支持 GIN 索引） - 添加关键索引：patient.id_number UNIQUE、patient_tag UNIQUE、 doctor_schedule 唯一排班槽位、health_trend、doctor_profile.name - 随访记录完成后自动检查 next_follow_up_date 创建后续任务 事件总线: - 实现 10 种核心事件发布（patient/appointment/follow_up/consultation/lab_report） - 实现 workflow.task.completed 和 message.sent 事件订阅框架 种子数据: - 实现 seed_tenant_health（8 个默认患者标签） - 实现 soft_delete_tenant_data（16 张表级联软删除）	2026-04-23 23:25:53 +08:00
iven	d6678d001e	feat(health): Handler 接线 + Doctor Service + DTO 统一 ... - 重写全部 6 个 handler 文件，从占位错误改为调用 service 层 - 删除 handler 内联 DTO，统一使用 dto/ 模块类型 - 新增 dto/doctor_dto.rs 和 dto/follow_up_dto.rs - 新增 service/doctor_service.rs 实现医护档案 CRUD - 将 follow_up_service 内联 DTO 迁移到 dto/follow_up_dto.rs - 修复 consultation_session 列名 type→consultation_type（数据库+entity+迁移同步） - 全部 51 个 API 端点已验证可用 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-23 21:31:42 +08:00
iven	ca50d32f6e	feat(health): 添加 erp-health 健康管理模块骨架 ... 新建 erp-health 原生 Rust crate，覆盖设计规格中定义的 5 大业务域： - 16 个 SeaORM Entity（患者/家属/标签/医生/健康档案/体征/化验单/预约/排班/随访/咨询等） - 16 表数据库迁移（含索引、外键、默认值、可回滚） - 40+ API 路由骨架（患者管理/健康数据/预约排班/随访/咨询/医生管理） - 12 个权限声明（health.patient/health-data/appointment/follow-up/consultation/doctor 各 .list/.manage） - DTO / Service / Handler / Event 四层架构，Service 使用 todo!() 占位 - erp-server 集成：模块注册 + AppState FromRef 桥接 + 路由挂载 同步更新 CLAUDE.md 项目进度、wiki 知识库、设计规格文档。	2026-04-23 19:59:22 +08:00
iven	a7a48167ca	feat(plugin): P1-P4 审计修复 — 第三批 (配置变更通知 + 自定义视图) ... 3.1 配置变更通知: - update_config 增加 EventBus 参数 - 更新成功后发布 plugin.config.updated 事件 - handler 传入 event_bus 3.2 自定义视图: - plugin_user_views 表迁移 (id/tenant_id/user_id/plugin_id/entity/view_name/view_config/is_default) - CRUD API: GET/POST /plugins/{id}/{entity}/views, DELETE /plugins/{id}/{entity}/views/{view_id} - 默认视图互斥逻辑	2026-04-19 18:25:03 +08:00
iven	e429448c42	feat(plugin): P2-P4 插件平台演进 — 通用服务 + 质量保障 + 市场 ... P2 平台通用服务: - manifest 扩展: settings/numbering/templates/trigger_events/importable/exportable 声明 - 插件配置 UI: PluginSettingsForm 自动表单 + 后端校验 + 详情抽屉 Settings 标签页 - 编号规则: Host API numbering-generate + PostgreSQL 序列 + manifest 绑定 - 触发事件: data_service create/update/delete 自动发布 DomainEvent - WIT 接口: 新增 numbering-generate/setting-get Host API P3 质量保障: - plugin_validator.rs: 安全扫描(WASM大小/实体数量/字段校验) + 复杂度评分 - 运行时监控指标: RuntimeMetrics (错误率/响应时间/Fuel/内存) - 性能基准: BenchmarkResult 阈值定义 - 上传时自动安全扫描 + /validate API 端点 P4 插件市场: - 数据库迁移: plugin_market_entries + plugin_market_reviews 表 - 前端 PluginMarket 页面: 分类浏览/搜索/详情/评分 - 路由注册: /plugins/market 测试: 269 全通过 (71 erp-plugin + 41 auth + 57 config + 34 core + 50 message + 16 workflow)	2026-04-19 12:16:24 +08:00
iven	841766b168	fix(用户管理): 修复用户列表页面加载失败问题 ... 修复用户列表页面加载失败导致测试超时的问题，确保页面元素正确渲染	2026-04-19 08:46:28 +08:00
iven	ef89ed38a1	feat(plugin): P1 跨插件数据引用系统 — 后端 Phase 1-3 ... 实现跨插件实体引用的基础后端能力： Phase 1 — Manifest 扩展 + Entity Registry 数据层: - PluginField 新增 ref_plugin/ref_fallback_label 支持跨插件引用声明 - PluginRelation 新增 name/relation_type/display_field（CRM 已在用的字段） - PluginEntity 新增 is_public 标记可被其他插件引用的实体 - 数据库迁移：plugin_entities 新增 manifest_id + is_public 列 + 索引 - SeaORM Entity 和 install 流程同步更新 Phase 2 — 后端跨插件引用解析 + 校验: - data_service: 新增 resolve_cross_plugin_entity/is_plugin_active 函数 - validate_ref_entities: 支持 ref_plugin 字段，目标插件未安装时跳过校验（软警告） - host.rs: HostState 新增 cross_plugin_entities 映射，db_query 支持点分记号 - engine.rs: execute_wasm 自动构建跨插件实体映射 Phase 3 — API 端点: - POST /plugins/{id}/{entity}/resolve-labels 批量标签解析 - GET /plugin-registry/entities 公开实体注册表查询	2026-04-19 00:49:00 +08:00
iven	62eea3d20d	feat(auth,plugin): Q3 行级数据权限 — user_departments 表 + JWT 注入 department_ids + data_scope 接线 ... - 新增 user_departments 关联表（migration + entity） - JWT 中间件查询用户部门并注入 TenantContext.department_ids - role_permission entity 添加 data_scope 字段 - data_handler 接线行级数据权限过滤（list/count/aggregate） - DataScopeParams + build_scope_sql + merge_scope_condition 实现全链路	2026-04-17 21:42:40 +08:00
iven	6f286acbeb	feat(db): role_permissions 添加 data_scope 列 ... 行级数据权限基础设施 — role_permissions 表新增 data_scope 列， 支持 all/self/department/department_tree 四种数据范围。	2026-04-17 10:32:12 +08:00
iven	67bdf9e942	feat(db): 添加 pg_trgm 扩展 + plugin_entity_columns 元数据表 ... - 启用 pg_trgm 扩展加速 ILIKE '%keyword%' 模糊搜索 - 新增 plugin_entity_columns 表，记录插件动态表中哪些字段被提取为 Generated Column - 添加 plugin_entity_id 外键关联 plugin_entities 表 - down 方法仅删表不卸载 pg_trgm（其他功能可能依赖）	2026-04-17 10:08:09 +08:00
iven	ff352a4c24	feat(plugin): 集成 WASM 插件系统到主服务并修复链路问题 ... - 新增 erp-plugin crate：插件管理、WASM 运行时、动态表、数据 CRUD - 新增前端插件管理页面（PluginAdmin/PluginCRUDPage）和 API 层 - 新增插件数据迁移（plugins/plugin_entities/plugin_event_subscriptions） - 新增权限补充迁移（为已有租户补充 plugin.admin/plugin.list 权限） - 修复 PluginAdmin 页面 InstallOutlined 图标不存在的崩溃问题 - 修复 settings 唯一索引迁移顺序错误（先去重再建索引） - 更新 wiki 和 CLAUDE.md 反映插件系统集成状态 - 新增 dev.ps1 一键启动脚本	2026-04-15 23:32:02 +08:00
iven	9568dd7875	chore: apply cargo fmt across workspace and update docs ... - Run cargo fmt on all Rust crates for consistent formatting - Update CLAUDE.md with WASM plugin commands and dev.ps1 instructions - Update wiki: add WASM plugin architecture, rewrite dev environment docs - Minor frontend cleanup (unused imports)	2026-04-15 00:49:20 +08:00
iven	9557c9ca16	fix(db): resolve migration bugs preventing fresh database initialization ... - Fix composite primary keys in role_permissions and user_roles tables (PostgreSQL does not allow multiple PRIMARY KEY constraints) - Fix FK table name mismatch: tasks → tokens (was wf_tokens) - Fix FK table name mismatch: messages → message_templates (was message_templates_ref) - Fix tenant table name in main.rs SQL: tenant (not tenants) - Fix React Router nested routes: add /* wildcard for child route matching	2026-04-12 16:58:47 +08:00
iven	685df5e458	feat(core): implement event outbox persistence ... Add domain_events migration and SeaORM entity. Modify EventBus::publish to persist events before broadcasting (best-effort: DB failure logs warning but still broadcasts in-memory). Update all 19 publish call sites across 4 crates to pass db reference. Add outbox relay background task that polls pending events every 5s and re-broadcasts them, ensuring no events are lost on server restart.	2026-04-12 00:10:49 +08:00
iven	f29f6d76ee	fix(message): resolve Phase 5-6 audit findings ... - Add missing version column to all message tables (migration + entities) - Replace N+1 mark_all_read loop with single batch UPDATE query - Fix NotificationList infinite re-render (extract queryFilter to stable ref) - Fix NotificationPreferences dynamic import and remove unused Dayjs type - Add Semaphore (max 8) to event listener for backpressure control - Add /docs/openapi.json endpoint for API documentation - Add permission check to unread_count handler - Add version: Set(1) to all ActiveModel inserts	2026-04-11 14:16:45 +08:00
iven	b3c7f76b7f	fix(security): resolve audit findings and compilation errors (Phase 6) ... Security fixes: - Add startup warning for default JWT secret in config - Add enum validation for priority, recipient_type, channel fields - Add pagination size cap (max 100) via safe_page_size() - Return generic "权限不足" instead of specific permission names Compilation fixes: - Fix missing standard fields in ActiveModel for tokens/process_variables - Fix migration imports for Statement/DatabaseBackend/Uuid - Add version_field to process_definition ActiveModel Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-11 12:49:45 +08:00
iven	bddd33ac2f	feat(core): add audit log infrastructure (Phase 6) ... - Add audit_logs database migration with indexes - Add AuditLog struct in erp-core with builder pattern - Support old/new value tracking, IP address, user agent Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-11 12:31:27 +08:00
iven	5ceed71e62	feat(message): add message center module (Phase 5) ... Implement the complete message center with: - Database migrations for message_templates, messages, message_subscriptions tables - erp-message crate with entities, DTOs, services, handlers - Message CRUD, send, read/unread tracking, soft delete - Template management with variable interpolation - Subscription preferences with DND support - Frontend: messages page, notification panel, unread count badge - Server integration with module registration and routing Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-11 12:25:05 +08:00
iven	91ecaa3ed7	feat(workflow): add workflow engine module (Phase 4) ... Implement complete workflow engine with BPMN subset support: Backend (erp-workflow crate): - Token-driven execution engine with exclusive/parallel gateway support - BPMN parser with flow graph validation - Expression evaluator for conditional branching - Process definition CRUD with draft/publish lifecycle - Process instance management (start, suspend, terminate) - Task service (pending, complete, delegate) - PostgreSQL advisory locks for concurrent safety - 5 database tables: process_definitions, process_instances, tokens, tasks, process_variables - 13 API endpoints with RBAC protection - Timeout checker framework (placeholder) Frontend: - Workflow page with 4 tabs (definitions, pending, completed, monitor) - React Flow visual process designer (@xyflow/react) - Process viewer with active node highlighting - 3 API client modules for workflow endpoints - Sidebar menu integration	2026-04-11 09:54:02 +08:00
iven	0cbd08eb78	fix(config): resolve critical audit findings from Phase 1-3 review ... - C-1: Add tenant_id to settings unique index to prevent cross-tenant conflicts - C-2: Move pg_advisory_xact_lock inside the transaction for correct concurrency (previously lock was released before the numbering transaction started) - H-5: Add CORS middleware (permissive for dev, TODO: restrict in production)	2026-04-11 08:26:43 +08:00
iven	0baaf5f7ee	feat(config): add system configuration module (Phase 3) ... Implement the complete erp-config crate with: - Data dictionaries (CRUD + items management) - Dynamic menus (tree structure with role filtering) - System settings (hierarchical: platform > tenant > org > user) - Numbering rules (concurrency-safe via PostgreSQL advisory_lock) - Theme and language configuration (via settings store) - 6 database migrations (dictionaries, menus, settings, numbering_rules) - Frontend Settings page with 5 tabs (dictionary, menu, numbering, settings, theme) Refactor: move RBAC functions (require_permission) from erp-auth to erp-core to avoid cross-module dependencies. Add 20 new seed permissions for config module operations.	2026-04-11 08:09:19 +08:00
iven	d98e0d383c	feat(db): add auth schema migrations (10 tables) ... - users with partial unique index on (tenant_id, username) WHERE deleted_at IS NULL - user_credentials, user_tokens with FK cascade - roles, permissions with composite unique (tenant_id, code) - role_permissions, user_roles junction tables - organizations (self-ref tree), departments (tree + org FK), positions - All tables include standard fields: id, tenant_id, timestamps, soft delete, version	2026-04-11 02:03:23 +08:00
iven	5901ee82f0	feat: complete Phase 1 infrastructure ... - erp-core: error types, shared types, event bus, ErpModule trait - erp-server: config loading, database/Redis connections, migrations - erp-server/migration: tenants table with SeaORM - apps/web: Vite + React 18 + TypeScript + Ant Design 5 + TailwindCSS - Web frontend: main layout with sidebar, header, routing - Docker: PostgreSQL 16 + Redis 7 development environment - All workspace crates compile successfully (cargo check passes)	2026-04-11 01:07:31 +08:00