iven
|
7a2d8e4664
|
fix(web): 前端功能验证修复 — 移除硬编码假数据/修正系统信息/修复dev.ps1环境变量
CI / rust-check (push) Has been cancelled
CI / rust-test (push) Has been cancelled
CI / frontend-build (push) Has been cancelled
CI / security-audit (push) Has been cancelled
- refactor(Home): 待办任务改为从工作流API获取真实数据
- refactor(Home): 最近动态改为从审计日志API获取真实操作记录
- refactor(Home): 移除硬编码的sparkline趋势图和假统计数据
- fix(Home): 系统信息 PostgreSQL 16→18,模块数量 5→6
- fix(Login): 移除硬编码版本号 v0.1.0
- fix(MainLayout): Footer 更新为 "HMS 健康管理平台"
- fix(dev.ps1): 添加缺失的 WECHAT/HEALTH 环境变量
|
2026-04-25 10:53:58 +08:00 |
|
iven
|
0bf1822fa9
|
fix: QA 第二轮修复 — PatientDetail 重构/测试覆盖/id_number 列宽/小程序 URL 规范化
CI / rust-check (push) Has been cancelled
CI / rust-test (push) Has been cancelled
CI / frontend-build (push) Has been cancelled
CI / security-audit (push) Has been cancelled
- refactor(web): PatientDetail.tsx 拆分为 4 个子组件(737→334行)
- refactor(web): 提取 usePaginatedData hook 消除重复分页状态
- feat(db): patient.id_number varchar(20)→varchar(255) 容纳加密值
- test(health): 添加预约模块集成测试(创建/列表/租户隔离)
- test(plugin): 添加 6 个 SQL 注入 sanitize 测试
- fix(miniprogram): 7 个 service 文件 URL 构建规范化(params 对象)
- fix(miniprogram): 跨平台字段名对齐(birth_date/start_time/end_time)
|
2026-04-25 10:22:44 +08:00 |
|
iven
|
55a3fd32d0
|
test(web): 添加 vitest 单元测试基础设施和初始测试用例
CI / rust-check (push) Has been cancelled
CI / rust-test (push) Has been cancelled
CI / frontend-build (push) Has been cancelled
CI / security-audit (push) Has been cancelled
- 安装 vitest + @testing-library/react + @testing-library/jest-dom + jsdom
- 创建 vitest.config.ts (jsdom 环境, 全局 API, e2e 目录排除)
- 创建 test/setup.ts (@testing-library/jest-dom 匹配器)
- 添加 29 个测试用例: health 常量 (14), useThemeMode hook (2), StatusTag 组件 (13)
|
2026-04-25 10:11:30 +08:00 |
|
iven
|
945ccd64ba
|
fix: 全面 QA 审计修复 — 安全加固/代码质量/跨平台一致性/测试覆盖
CI / rust-check (push) Has been cancelled
CI / rust-test (push) Has been cancelled
CI / frontend-build (push) Has been cancelled
CI / security-audit (push) Has been cancelled
Phase 0 安全热修复 (CRITICAL):
- 外部化微信 appid/secret 到 ERP__WECHAT__APPID/SECRET 环境变量
- 正确连接 HealthCrypto 到 ERP__HEALTH__AES_KEY/HMAC_KEY 环境变量
- 外部化小程序加密密钥到 TARO_APP_ENCRYPTION_KEY 环境变量
- 移除小程序 auth store 中的敏感信息 console.log
Phase 1 安全加固:
- 微信自动注册 display_name 添加 sanitize 防止 XSS
- 测试数据库凭据改为从 TEST_DB_URL 环境变量读取
Phase 2 代码质量:
- 提取 useThemeMode hook 消除 22 处重复暗色模式检测
- 提取共享健康常量到 constants/health.ts
- 拆分 patient_service.rs 脱敏函数到 masking.rs
- 移除未使用的 i18next/react-i18next 依赖
- 移除未使用的 api/errors.ts 和 erp-auth/anyhow 依赖
Phase 3 测试覆盖:
- 新增 5 个患者模块集成测试 (CRUD/租户隔离/验证/软删除)
Phase 4 跨平台一致性:
- 统一小程序 Patient.birthday → birth_date 匹配后端
- 统一小程序 Appointment.time_slot → start_time/end_time 匹配后端
Phase 5 架构:
- 微信登录添加多租户 TODO 注释
- 更新 wiki/infrastructure.md 环境变量文档
|
2026-04-25 10:00:49 +08:00 |
|
iven
|
07f4ba41ba
|
fix(health): 穷尽审计修复 — 权限同步/编译错误/前端bug/审计日志
CI / frontend-build (push) Has been cancelled
CI / rust-check (push) Has been cancelled
CI / rust-test (push) Has been cancelled
CI / security-audit (push) Has been cancelled
审计发现并修复的问题:
HIGH:
- H1: ConsultationDetail 使用 getSession(id) 替代错误的列表搜索
- H2: SessionResp 添加 version/updated_at 字段
- H3: 移除 FollowUpRecordList 调用不存在的导出端点
- H4: 新增 articles.ts 前端 API 模块
MEDIUM:
- M1: article delete 添加乐观锁 (expected_version)
- M2: 取消预约排班释放传播错误 (log::warn -> ?)
- M3: FollowUpTaskList 日期格式 Dayjs -> string
- M4: 补充 15 个缺失审计日志
LOW:
- L1: 替换 follow_up_service 中的 .unwrap()
- L2: PatientListItem 添加 version 字段
CRITICAL (新发现):
- 权限未同步: 健康模块 14 个权限从未写入数据库,添加启动时自动同步
- migration 表名错误: patients -> patient
- 编译错误: health_trend entity 未导入, ToPrimitive trait 未导入
- HealthError 缺少 From<AppError> 实现
|
2026-04-25 08:58:58 +08:00 |
|
iven
|
9ffb938128
|
docs: 更新健康管理模块状态为已完成
CI / rust-check (push) Has been cancelled
CI / rust-test (push) Has been cancelled
CI / frontend-build (push) Has been cancelled
CI / security-audit (push) Has been cancelled
- erp-health 从"开发中"更新为"完成"
- 添加健康模块迭代进度条目(安全地基+后端补完+Web前端10页面)
|
2026-04-25 01:05:20 +08:00 |
|
iven
|
0c21f13e72
|
feat(web): 健康管理模块 10 页面完整实现
CI / security-audit (push) Has been cancelled
CI / rust-check (push) Has been cancelled
CI / rust-test (push) Has been cancelled
CI / frontend-build (push) Has been cancelled
Task 12 - 患者管理:
- PatientList: 搜索+状态筛选+CRUD+行点击跳转详情
- PatientTagManage: 患者标签管理+批量打标
- PatientDetail: 3Tab详情页(基本信息/健康数据/随访记录)+编辑
Task 13 - 医护预约:
- DoctorList: 科室筛选+CRUD+在线状态Badge
- AppointmentList: 状态筛选+日期筛选+创建预约+状态流转
- DoctorSchedule: 医生选择+列表/日历视图+排班CRUD
Task 14 - 随访咨询:
- FollowUpTaskList: 任务CRUD+填写记录+分配医护
- FollowUpRecordList: 只读台账+日期范围筛选+导出
- ConsultationList: 会话列表+创建+关闭+行点击跳转
- ConsultationDetail: 聊天界面+消息分页+发送+图片预览
修正: consultations.ts Session类型补充 updated_at/version
|
2026-04-25 00:57:48 +08:00 |
|
iven
|
02c96d9b45
|
test(health): validation.rs 纯函数测试 57 用例
CI / rust-check (push) Has been cancelled
CI / rust-test (push) Has been cancelled
CI / frontend-build (push) Has been cancelled
CI / security-audit (push) Has been cancelled
覆盖所有枚举校验和状态机转换:
- gender/blood_type/appointment_type 等 13 种枚举白名单
- appointment 状态转换 8 条路径
- follow_up 状态转换 11 条路径(含 overdue)
|
2026-04-25 00:46:09 +08:00 |
|
iven
|
cdbf381060
|
feat(web): 路由和菜单集成 + 10 页面占位
CI / security-audit (push) Has been cancelled
CI / rust-check (push) Has been cancelled
CI / rust-test (push) Has been cancelled
CI / frontend-build (push) Has been cancelled
- App.tsx 添加 10 条 lazy 路由(患者/医护/预约/随访/咨询)
- MainLayout.tsx 添加健康管理菜单组(7 项菜单 + 10 条标题映射)
- 创建 10 个页面占位组件
|
2026-04-25 00:42:12 +08:00 |
|
iven
|
6296ce22d2
|
feat(web): 健康模块通用组件 8 个
- StatusTag: 通用状态标签(预约/随访/咨询/患者状态)
- PatientSelect: 患者远程搜索选择器
- DoctorSelect: 医护远程搜索选择器
- VitalSignsChart: ECharts 趋势图(可切换指标)
- CalendarView: 日历视图(排班展示)
- ChatBubble: 聊天气泡(角色区分左右布局)
- ImagePreview: 图片预览(Ant Design Image.PreviewGroup)
- ExportButton: 导出按钮(blob 下载)
|
2026-04-25 00:40:11 +08:00 |
|
iven
|
778ae79d84
|
feat(web): 健康模块 API 服务层 6 文件 47 端点
- patients.ts: 患者CRUD/标签/家庭/医护关联 14端点
- healthData.ts: 体征/化验/健康档案CRUD + 趋势 18端点
- appointments.ts: 预约CRUD + 排班管理 + 日历 8端点
- followUp.ts: 随访任务/记录CRUD 7端点
- consultations.ts: 咨询会话/消息CRUD + 导出 6端点
- doctors.ts: 医护CRUD 5端点
|
2026-04-25 00:37:59 +08:00 |
|
iven
|
994119ded1
|
feat(health): 文章管理 CRUD 补充 create/update/delete
CI / rust-check (push) Has been cancelled
CI / rust-test (push) Has been cancelled
CI / frontend-build (push) Has been cancelled
CI / security-audit (push) Has been cancelled
- article_dto 新增 CreateArticleReq/UpdateArticleReq 含 sanitize
- article_service 新增 create_article/update_article/delete_article 含审计日志
- article_handler 新增三个 handler 端点含权限校验
- module.rs 文章路由合并 POST/PUT/DELETE
|
2026-04-25 00:34:15 +08:00 |
|
iven
|
43e127d4f7
|
feat(health): 事件驱动集成 + 数据一致性修复 + 逾期随访检查
- event.rs 重写为有状态处理器(订阅 workflow.task.completed / message.sent)
- module.rs on_startup 初始化 HealthCrypto 并注册事件处理器
- consultation_service 消息发送改为事务包裹(INSERT + CAS 原子更新)
- appointment_service 取消预约释放排班名额增加下限保护
- appointment_service update_schedule 增加 max_appointments >= current_appointments 校验
- follow_up_service 新增 complete_task_by_system 和 check_overdue_tasks
- validation.rs 随访状态机增加 overdue 状态支持
- main.rs 启动时运行逾期随访检查后台任务
|
2026-04-25 00:30:32 +08:00 |
|
iven
|
6c70e2a783
|
feat(health): 身份证号 AES-256-GCM 加密 + HMAC 索引 + 字段级脱敏
- crypto.rs: AES-256-GCM 加密/解密 + HMAC-SHA256 索引
- create/update: id_number 加密存储, id_number_hash 索引
- list: 不返回 id_number, 手机号掩码
- detail: 解密后身份证掩码(前3后4), 手机号掩码
- 搜索: 改用 HMAC 精确匹配(不再模糊搜索加密列)
- 迁移 m000048: 添加 patients.id_number_hash 列
|
2026-04-25 00:21:49 +08:00 |
|
iven
|
479b5900c9
|
feat(health): 注入审计日志覆盖所有写入操作
17 个方法全覆盖:patient(4)、appointment(2)、consultation(3)、
follow_up(2)、doctor(3)、health_data(3)。使用 fire-and-forget 模式。
|
2026-04-25 00:12:19 +08:00 |
|
iven
|
1d1f01df81
|
feat(health): 为所有 DTO 添加 sanitize 防止存储型 XSS
覆盖 patient/health_data/appointment/follow_up/consultation/doctor
6 个 DTO 模块共 14 个请求结构体,在 handler 层统一调用 sanitize。
|
2026-04-25 00:04:25 +08:00 |
|
iven
|
a63043f447
|
fix(miniprogram): 深度审查修复多个功能问题
CI / security-audit (push) Has been cancelled
CI / rust-check (push) Has been cancelled
CI / rust-test (push) Has been cancelled
CI / frontend-build (push) Has been cancelled
- settings: 清除缓存不再错误读取明文 token,改由 auth store restore 恢复
- appointment: 移除多余的 detail_cache Storage 写入
- reports: 未选择就诊人时显示引导提示而非空白
- health/input: 血压录入验证舒张压必填
- followups: tab 切换时不再清空列表导致闪烁
|
2026-04-24 18:36:56 +08:00 |
|
iven
|
81cc84e4b2
|
fix(miniprogram): 修复 project.config.json 配置
CI / rust-check (push) Has been cancelled
CI / rust-test (push) Has been cancelled
CI / frontend-build (push) Has been cancelled
CI / security-audit (push) Has been cancelled
添加 miniprogramRoot: dist/ 指向 Taro 编译产物目录,
修复微信开发者工具无法加载小程序代码的问题。
更新 appid 为真实值,启用生产构建选项。
|
2026-04-24 17:47:29 +08:00 |
|
iven
|
b4e8399194
|
feat(miniprogram): 文章分享功能 onShareAppMessage
CI / rust-check (push) Has been cancelled
CI / rust-test (push) Has been cancelled
CI / frontend-build (push) Has been cancelled
CI / security-audit (push) Has been cancelled
- 文章详情页注册微信分享(分享标题 + 路径带 article id)
- 分享时触发 article_share 埋点事件
|
2026-04-24 13:03:02 +08:00 |
|
iven
|
030afb8213
|
feat(miniprogram): 埋点事件追踪服务
CI / rust-check (push) Has been cancelled
CI / rust-test (push) Has been cancelled
CI / frontend-build (push) Has been cancelled
CI / security-audit (push) Has been cancelled
- 新增 analytics.ts:trackEvent/trackPageView/flushEvents
- 事件队列本地缓存,批量上报到 /analytics/batch
- 首页 page_view、预约创建、随访提交、健康数据录入四个关键埋点
|
2026-04-24 13:02:08 +08:00 |
|
iven
|
afc307e373
|
feat(miniprogram): 用户协议 + 隐私政策页面,登录需勾选同意
CI / rust-check (push) Has been cancelled
CI / rust-test (push) Has been cancelled
CI / frontend-build (push) Has been cancelled
CI / security-audit (push) Has been cancelled
- 新增 legal/user-agreement 和 legal/privacy-policy 页面
- 登录页增加协议勾选复选框(未勾选时拦截登录/绑定)
- 协议链接可点击跳转查看全文
- RichText 渲染 HTML 格式协议内容
|
2026-04-24 12:58:27 +08:00 |
|
iven
|
6776a82926
|
feat(auth): 微信手机号真实 AES 解密替换 MVP 占位
CI / rust-check (push) Has been cancelled
CI / rust-test (push) Has been cancelled
CI / frontend-build (push) Has been cancelled
CI / security-audit (push) Has been cancelled
- login 阶段缓存 session_key(内存 HashMap,5 分钟 TTL)
- bind_phone 用 AES-128-CBC + PKCS7 解密 encryptedData 获取真实手机号
- 新增 workspace 依赖:aes, cbc, hex, base64
- 移除硬编码 "13800000000" 占位逻辑
|
2026-04-24 12:56:12 +08:00 |
|
iven
|
60a8a591a8
|
feat(miniprogram): Token XOR 混淆存储
CI / rust-check (push) Has been cancelled
CI / rust-test (push) Has been cancelled
CI / frontend-build (push) Has been cancelled
CI / security-audit (push) Has been cancelled
- 新增 secure-storage 工具:XOR + Base64 混淆 token 存储
- request.ts 和 auth.ts 中所有 access_token/refresh_token 存取
均通过 secure-storage,避免明文暴露在 Storage 中
|
2026-04-24 12:52:20 +08:00 |
|
iven
|
37ff907815
|
feat(miniprogram): 用药提醒时间选择器 + 家人编辑功能
CI / rust-check (push) Has been cancelled
CI / rust-test (push) Has been cancelled
CI / frontend-build (push) Has been cancelled
CI / security-audit (push) Has been cancelled
- 用药提醒页:时间输入改为 Taro TimePicker 原生选择器
- 家人列表页:每个就诊人增加编辑按钮入口
- 家人添加页:支持编辑模式(URL 传 id + Storage 传数据 + updatePatient API)
|
2026-04-24 12:50:42 +08:00 |
|
iven
|
3a333535ea
|
feat(miniprogram): 随访详情页截止日期倒计时 + 状态色增强
CI / rust-check (push) Has been cancelled
CI / rust-test (push) Has been cancelled
CI / frontend-build (push) Has been cancelled
CI / security-audit (push) Has been cancelled
- 添加截止日期倒计时(还剩 X 天 / 今天截止 / 已过期 X 天)
- 紧急倒计时(≤3天/已过期)使用红色警告样式
- 状态标签增加颜色区分:已完成(绿)/已过期(红)/待完成(黄)
|
2026-04-24 12:48:53 +08:00 |
|
iven
|
0fe4cab593
|
feat(miniprogram): 微信订阅消息引导 + 个人中心消息 badge 占位
CI / rust-check (push) Has been cancelled
CI / rust-test (push) Has been cancelled
CI / frontend-build (push) Has been cancelled
CI / security-audit (push) Has been cancelled
- 新增 wechat-templates.ts 集中管理模板 ID
- 预约成功后引导用户订阅预约提醒
- 随访记录提交后引导订阅随访提醒
- 个人中心新增消息中心入口 + 未读数 badge(MVP 占位 unreadCount: 0)
|
2026-04-24 12:47:25 +08:00 |
|
iven
|
38e53efaec
|
feat(appointment): 预约创建页重写 — 宫格科室+周视图日历+时段卡片
|
2026-04-24 12:42:46 +08:00 |
|
iven
|
487432b4e9
|
feat(appointment): 新增 StepIndicator 步骤指示器 + WeekCalendar 周视图日历组件
|
2026-04-24 12:40:59 +08:00 |
|
iven
|
4f2efdb643
|
feat(health): 表单验证升级为 zod schema + 异常值警告 + 录入后清除缓存
CI / rust-check (push) Has been cancelled
CI / rust-test (push) Has been cancelled
CI / frontend-build (push) Has been cancelled
CI / security-audit (push) Has been cancelled
|
2026-04-24 12:39:36 +08:00 |
|
iven
|
a9861a0cde
|
feat(health): 趋势图升级为 ECharts 折线图 + 缓存 TTL 5分钟
|
2026-04-24 12:38:07 +08:00 |
|
iven
|
7b5b00fbac
|
feat(health): 新增 TrendChart ECharts 折线图组件
|
2026-04-24 12:36:48 +08:00 |
|
iven
|
fa21bbcadd
|
feat(health): 健康卡片增加状态色(正常绿/异常红)+ 参考范围显示
|
2026-04-24 12:35:13 +08:00 |
|
iven
|
8dc00fbd9e
|
spike(miniprogram): echarts-taro3-react 在 Taro 4 webpack5 下验证通过,编译正常
|
2026-04-24 12:33:27 +08:00 |
|
iven
|
6bb3babcb9
|
chore(miniprogram): stores 层启用 @/ 路径别名 + webpack alias 配置
CI / rust-check (push) Has been cancelled
CI / rust-test (push) Has been cancelled
CI / frontend-build (push) Has been cancelled
CI / security-audit (push) Has been cancelled
|
2026-04-24 12:30:02 +08:00 |
|
iven
|
54a0e393ac
|
fix(miniprogram): 首页/健康页/详情页统一使用 Loading 组件
|
2026-04-24 12:27:16 +08:00 |
|
iven
|
f75bc191e6
|
fix(miniprogram): 预约详情/随访详情改为 API 获取数据,移除 Storage 缓存传递
|
2026-04-24 12:24:49 +08:00 |
|
iven
|
2dc280a401
|
feat(health): 新增预约/随访单条查询 GET 端点
|
2026-04-24 12:22:52 +08:00 |
|
iven
|
74d7efec1f
|
fix(miniprogram): 添加全局 ErrorBoundary,修复 tryRefreshToken 静默吞异常
|
2026-04-24 12:20:34 +08:00 |
|
iven
|
f3716dbdc5
|
fix(miniprogram): 删除重复页面 report/followup,修复 EmptyState 导入 bug
|
2026-04-24 12:19:24 +08:00 |
|
iven
|
d26a847be2
|
fix(health): 对接今日体征摘要新端点 /health/vital-signs/today
|
2026-04-24 12:18:23 +08:00 |
|
iven
|
e7b6bdfcac
|
feat(health): 新增小程序专用今日体征摘要端点 GET /health/vital-signs/today
|
2026-04-24 12:17:17 +08:00 |
|
iven
|
19be2a08c7
|
docs(miniprogram): 新增小程序迭代设计规格 + 25 Task 实施计划
CI / security-audit (push) Has been cancelled
CI / rust-check (push) Has been cancelled
CI / rust-test (push) Has been cancelled
CI / frontend-build (push) Has been cancelled
设计规格:4 Sprint 混合策略(Sprint 0 修基础 → Sprint 1-3 模块打磨),
覆盖 18 个问题,含健康数据、预约挂号、报告详情、安全加固、增长基础。
实施计划:25 个 Task,4 个 Chunk,经 4 轮审查修复关键问题:
- Task 10 依赖后端 today 端点 status/reference_range 字段
- Task 14/15 补全 StepIndicator 连接线 + WeekCalendar 完整实现
- Task 21 request.ts Token 加密绕过修复
- Task 22 手机号解密前后端 API 契约明确(推荐 code 模式)
- Task 24 埋点补充核心页面手动调用
- Task 25 hooks 无条件调用修复
|
2026-04-24 12:08:13 +08:00 |
|
iven
|
a0ca156e2c
|
fix(health): 精准审计修复 6 个真实问题 — 安全/一致性/性能
CI / rust-check (push) Has been cancelled
CI / rust-test (push) Has been cancelled
CI / frontend-build (push) Has been cancelled
CI / security-audit (push) Has been cancelled
P0: consultation handler sender_role 从请求体移除,改为服务端推导(防伪造)
P1: 所有软删除操作统一使用 check_version 乐观锁(6个函数)
P1: 修复 health_trend 索引缺少 tenant_id 前导列 + follow_up_record 补 (tenant_id, executed_date) 索引
P2: Decimal->f64 使用 ToPrimitive::to_f64 替代脆弱的 to_string().parse()
P2: 预约取消释放槽位+状态更新包裹进同一事务
|
2026-04-24 08:36:22 +08:00 |
|
iven
|
6391a13467
|
fix(auth+miniprogram): 清除全部审计遗留问题
CI / rust-check (push) Has been cancelled
CI / rust-test (push) Has been cancelled
CI / frontend-build (push) Has been cancelled
CI / security-audit (push) Has been cancelled
MEDIUM:
- WechatLoginReq/WechatBindPhoneReq 添加 Validate 派生 + 字段校验规则
- handler 中调用 req.validate() 并 map_err 转换
- 新增 AuthError::DbError 变体,wechat_service 所有 DB 错误从 Validation 改为 DbError
- DbError 映射到 AppError::Internal,不再误导前端
LOW:
- fetch_session 改用 reqwest Client.query() 构建参数,自动 URL 编码
- app.tsx PropsWithChildren<any> 改为 Record<string, unknown>
- login handleGetPhone 回调 e: any 改为内联类型
- appointment/create 4 个事件回调 e: any 改为内联类型
- health/input catch (e: any) 改为 catch (e: unknown) + instanceof 守卫
- report/detail Object.entries 去掉 [string, any] 类型断言
- wechat_service 移除 decrypt_phone_placeholder 函数,内联占位注释
|
2026-04-24 08:16:01 +08:00 |
|
iven
|
ef6d76ef6c
|
fix(miniprogram+auth): 二次审计修复 — 3 HIGH + 2 MEDIUM
CI / rust-check (push) Has been cancelled
CI / rust-test (push) Has been cancelled
CI / frontend-build (push) Has been cancelled
CI / security-audit (push) Has been cancelled
HIGH:
- wechat_users 迁移补充 created_by/updated_by/version 标准字段
- Entity 同步更新,bind_phone 创建记录时填充新字段
- appointment create 移除 schedule_id 空字符串,改为可选
- appointment list 用 useRef 替代 useCallback 的 loading 依赖,消除 stale closure
MEDIUM:
- report 页 patientId 从顶层读取改为 useDidShow 内动态获取,就诊人切换后正确刷新
- profile/reports 同上修复
- profile/followups 移除 useDidShow 非法的第二参数
|
2026-04-24 08:05:58 +08:00 |
|
iven
|
4867202437
|
fix(health): 四次审计修复 — 6 CRITICAL + 8 HIGH + 4 MEDIUM
CI / rust-check (push) Has been cancelled
CI / rust-test (push) Has been cancelled
CI / frontend-build (push) Has been cancelled
CI / security-audit (push) Has been cancelled
CRITICAL:
- C-1: consultation sender_id 改为从 JWT ctx.user_id 注入,防伪造
- C-2: consultation session 更新改为 CAS 原子操作,防并发丢失
- C-3: 随访记录创建包裹在事务中,保证记录/任务/后续任务一致性
- C-4/C-5/C-6: 唯一索引改为 partial index WHERE deleted_at IS NULL
HIGH:
- H-1: manage_patient_tags 添加 tag_ids 租户归属校验
- H-2: assign_doctor 添加重复关联检查
- H-3: calendar_view 限制日期范围最多 90 天
- H-4: export_sessions 添加 10000 条上限
- H-5: patient_tag_relation/patient_doctor_relation 添加 version 字段
- H-6: create_schedule 添加医生存在性检查
- H-7: 预约取消排班释放错误改为日志记录
- H-8: follow_up_task.related_appointment_id 添加 FK 约束
MEDIUM:
- M-2: 修复 search LIKE 双重 % 包裹问题
- M-3: article_service 错误类型改为 ArticleNotFound
- M-4: patient.created 事件移除 PII(姓名)
- M-6: lab_report 添加 (tenant_id, report_type) 索引
|
2026-04-24 07:50:14 +08:00 |
|
iven
|
7b7677dfec
|
fix(miniprogram): 审计修复 — P0/P1 共 16 个问题
CI / rust-check (push) Has been cancelled
CI / rust-test (push) Has been cancelled
CI / frontend-build (push) Has been cancelled
CI / security-audit (push) Has been cancelled
P0 功能阻断:
- 修复 login→bindPhone openid 状态传递断裂
- 首页健康卡片对接 useHealthStore 真实数据
- 血压录入改为收缩压/舒张压双输入
- 快捷服务路径修正(报告→/pages/report、随访→/pages/followup)
P1 类型安全 + 组件:
- 替换所有 <input>/<image>/<textarea> 为 Taro 组件
- service 层 any 类型全部替换(Doctor/DoctorSchedule/IndicatorDetail/FollowUpContent/PatientUpdateInput)
- 预约详情数据传递简化为纯 Storage 缓存
- Article 接口添加 author 字段
|
2026-04-24 01:37:34 +08:00 |
|
iven
|
6fbe7ec530
|
fix(health): 三次审计批次B修复 — 12个HIGH问题
CI / frontend-build (push) Has been cancelled
CI / rust-check (push) Has been cancelled
CI / rust-test (push) Has been cancelled
CI / security-audit (push) Has been cancelled
- H-6: appointment_service 状态转换复用 validation.rs 函数
- H-7: 添加 validate_record_type (checkup/outpatient/inpatient)
- H-8: 添加 validate_patient_status + validate_verification_status 白名单
- H-9: 添加 validate_online_status + online_status 变更事件
- H-10: create_appointment 添加 doctor_id 存在性检查
- H-12/H-13/H-14: 添加 lab_report GIN/health_trend/follow_up_record 索引
|
2026-04-24 01:07:04 +08:00 |
|
iven
|
0c73927450
|
feat(miniprogram): 通用组件 + 页面接入 — Chunk 7
CI / rust-check (push) Has been cancelled
CI / rust-test (push) Has been cancelled
CI / frontend-build (push) Has been cancelled
CI / security-audit (push) Has been cancelled
- 创建 EmptyState/ErrorState/Loading 三个通用组件
- 8个列表页面接入通用组件替换内联空状态/loading
- app.config.ts 添加 login 页面路由
|
2026-04-24 01:03:23 +08:00 |
|
iven
|
9ef65b9a9f
|
feat(health+miniprogram): 预约/报告/随访/资讯/家庭管理 — Chunk 4-6
CI / rust-check (push) Has been cancelled
CI / rust-test (push) Has been cancelled
CI / frontend-build (push) Has been cancelled
CI / security-audit (push) Has been cancelled
后端:
- 添加 articles 表迁移 + Entity + Service + Handler
- 健康数据趋势 API (get_mini_trend) 注册路由
- article CRUD (list/get) + DTO
前端 (11个新页面 + 5个服务):
- 预约挂号: 列表/创建向导/详情页
- 报告管理: 列表/详情页
- 随访管理: 任务列表/记录详情页
- 资讯文章: 文章详情页
- 个人中心: 就诊人管理/新增/我的报告/我的随访/用药提醒/设置
- 更新 app.config.ts 注册全部路由
- 更新 profile/article 页面为真实功能
|
2026-04-24 00:58:40 +08:00 |
|