iven/hms
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
647 Commits 2 Branches 0 Tags
a16e86bf044f89017d181a1007ebb02e7bc6c823
Commit Graph

5 Commits

Author SHA1 Message Date
iven
dffa2dd47d fix(health+server+mp): 审计 P0 批次修复 — 积分冲突/文章草稿泄露/商城空白/模板ID配置化
Some checks failed
CI / rust-check (push) Has been cancelled
Details
CI / rust-test (push) Has been cancelled
Details
CI / frontend-build (push) Has been cancelled
Details
CI / security-audit (push) Has been cancelled
Details 
P0-1: 微信模板 ID 从硬编码空字符串改为环境变量注入
  - wechat-templates.ts 读取 process.env.TARO_APP_WX_TEMPLATE_*
  - defineConstants 新增 5 个模板 ID 编译时注入

P0-2: 积分商城 Tab 空白降级
  - mall/index.tsx 在 currentPatient 为 null 时先调用 loadPatients()
  - 仍无档案才显示空状态引导,而非直接阻断

P0-3: 消除 erp-points 重复路由冲突
  - 从 erp-server 移除 erp-points 模块注册和路由 merge
  - 积分功能统一由 erp-health /health/points/* 提供
  - erp-points crate 保留但不参与编译

P0-4: 文章列表按角色过滤防止草稿泄露
  - list_articles handler: 非管理权限强制 status=published
  - get_article service: 新增 is_admin 参数控制状态过滤
 2026-04-29 15:11:05 +08:00
iven
cb6f5cc651 feat(mp+health): 小程序分包迁移 + 积分商城后台列表 API
Some checks failed
CI / rust-check (push) Has been cancelled
Details
CI / rust-test (push) Has been cancelled
Details
CI / frontend-build (push) Has been cancelled
Details
CI / security-audit (push) Has been cancelled
Details 
- 小程序页面迁移到 pkg-health/pkg-mall/pkg-profile 分包目录
- 删除旧 pages/health/input、pages/mall/detail 等旧路径
- 导航路径更新为分包路径(/pages/pkg-mall/exchange/index 等)
- TrendChart 组件优化
- 后台添加 admin_list_products API(支持查看已下架商品)
- config/index.ts 添加 defineConstants 环境变量
- mp e2e check-readiness 路径修正
 2026-04-29 07:29:49 +08:00
iven
945ccd64ba fix: 全面 QA 审计修复 — 安全加固/代码质量/跨平台一致性/测试覆盖
Some checks failed
CI / rust-check (push) Has been cancelled
Details
CI / rust-test (push) Has been cancelled
Details
CI / frontend-build (push) Has been cancelled
Details
CI / security-audit (push) Has been cancelled
Details 
Phase 0 安全热修复 (CRITICAL):
- 外部化微信 appid/secret 到 ERP__WECHAT__APPID/SECRET 环境变量
- 正确连接 HealthCrypto 到 ERP__HEALTH__AES_KEY/HMAC_KEY 环境变量
- 外部化小程序加密密钥到 TARO_APP_ENCRYPTION_KEY 环境变量
- 移除小程序 auth store 中的敏感信息 console.log

Phase 1 安全加固:
- 微信自动注册 display_name 添加 sanitize 防止 XSS
- 测试数据库凭据改为从 TEST_DB_URL 环境变量读取

Phase 2 代码质量:
- 提取 useThemeMode hook 消除 22 处重复暗色模式检测
- 提取共享健康常量到 constants/health.ts
- 拆分 patient_service.rs 脱敏函数到 masking.rs
- 移除未使用的 i18next/react-i18next 依赖
- 移除未使用的 api/errors.ts 和 erp-auth/anyhow 依赖

Phase 3 测试覆盖:
- 新增 5 个患者模块集成测试 (CRUD/租户隔离/验证/软删除)

Phase 4 跨平台一致性:
- 统一小程序 Patient.birthday → birth_date 匹配后端
- 统一小程序 Appointment.time_slot → start_time/end_time 匹配后端

Phase 5 架构:
- 微信登录添加多租户 TODO 注释
- 更新 wiki/infrastructure.md 环境变量文档
 2026-04-25 10:00:49 +08:00
iven
6bb3babcb9 chore(miniprogram): stores 层启用 @/ 路径别名 + webpack alias 配置
Some checks failed
CI / rust-check (push) Has been cancelled
Details
CI / rust-test (push) Has been cancelled
Details
CI / frontend-build (push) Has been cancelled
Details
CI / security-audit (push) Has been cancelled
Details
2026-04-24 12:30:02 +08:00
iven
0f84c881ef feat(miniprogram): 初始化 Taro 4 + React 小程序项目
Some checks failed
CI / rust-check (push) Has been cancelled
Details
CI / rust-test (push) Has been cancelled
Details
CI / frontend-build (push) Has been cancelled
Details
CI / security-audit (push) Has been cancelled
Details 
- 手动创建 Taro 4.2 + React 18 + TypeScript 项目骨架
- 配置 webpack5 编译、SCSS 样式、医疗清新主题
- 实现 API 请求层(JWT 自动注入 + token 刷新)
- 实现 auth store(微信登录 + 手机号绑定 + 就诊人管理)
- 实现登录页(微信一键登录 + 手机号授权绑定)
- 实现首页(问候栏 + 今日健康卡片 + 快捷服务 + 即将到来)
- 实现我的页面(个人信息 + 功能菜单 + 退出登录)
- 健康/预约/资讯占位页
- TabBar 5 个入口:首页/健康/预约/资讯/我的
 2026-04-24 00:28:38 +08:00