931edc3025
安全审计修复: - 补全 6 个 DTO 的 sanitize 方法(diagnosis/consent/alert/medication_record/medication_reminder/follow_up_template) - 4 个 handler 添加 .sanitize() 调用(diagnosis/consent/alert_rule/medication_record) - 修复咨询消息 sender_id/sender_role 从客户端提交改为服务端从 JWT 提取 - 修复小程序 AI 报告 markdownToHtml XSS(添加 sanitizeHtml 过滤)
105 lines
3.0 KiB
Rust
105 lines
3.0 KiB
Rust
use axum::extract::{FromRef, Path, Query, State};
|
|
use axum::response::IntoResponse;
|
|
use axum::Extension;
|
|
use serde::Deserialize;
|
|
use utoipa::IntoParams;
|
|
use uuid::Uuid;
|
|
|
|
use erp_core::error::AppError;
|
|
use erp_core::rbac::require_permission;
|
|
use erp_core::types::{ApiResponse, PaginatedResponse, TenantContext};
|
|
|
|
use crate::dto::alert_dto::{CreateAlertRuleRequest, UpdateAlertRuleRequest};
|
|
use crate::service::alert_rule_service;
|
|
use crate::state::HealthState;
|
|
|
|
#[derive(Debug, Deserialize, IntoParams)]
|
|
pub struct RuleListQuery {
|
|
pub device_type: Option<String>,
|
|
pub page: Option<u64>,
|
|
pub page_size: Option<u64>,
|
|
}
|
|
|
|
#[derive(Debug, Deserialize)]
|
|
pub struct DeactivateRequest {
|
|
pub version: i32,
|
|
}
|
|
|
|
pub async fn list_rules<S>(
|
|
State(state): State<HealthState>,
|
|
Extension(ctx): Extension<TenantContext>,
|
|
Query(query): Query<RuleListQuery>,
|
|
) -> Result<impl IntoResponse, AppError>
|
|
where
|
|
HealthState: FromRef<S>,
|
|
S: Clone + Send + Sync + 'static,
|
|
{
|
|
require_permission(&ctx, "health.alert-rules.list")?;
|
|
let page = query.page.unwrap_or(1);
|
|
let page_size = query.page_size.unwrap_or(20);
|
|
|
|
let (items, total) = alert_rule_service::list_rules(
|
|
&state, ctx.tenant_id, query.device_type.as_deref(), page, page_size,
|
|
).await?;
|
|
|
|
Ok(axum::Json(ApiResponse::ok(PaginatedResponse {
|
|
data: items,
|
|
total,
|
|
page,
|
|
page_size,
|
|
total_pages: total.div_ceil(page_size.max(1)),
|
|
})))
|
|
}
|
|
|
|
pub async fn create<S>(
|
|
State(state): State<HealthState>,
|
|
Extension(ctx): Extension<TenantContext>,
|
|
axum::Json(mut body): axum::Json<CreateAlertRuleRequest>,
|
|
) -> Result<impl IntoResponse, AppError>
|
|
where
|
|
HealthState: FromRef<S>,
|
|
S: Clone + Send + Sync + 'static,
|
|
{
|
|
require_permission(&ctx, "health.alert-rules.manage")?;
|
|
body.sanitize();
|
|
let rule = alert_rule_service::create_rule(
|
|
&state, ctx.tenant_id, ctx.user_id, body,
|
|
).await?;
|
|
Ok(axum::Json(ApiResponse::ok(rule)))
|
|
}
|
|
|
|
pub async fn update<S>(
|
|
State(state): State<HealthState>,
|
|
Extension(ctx): Extension<TenantContext>,
|
|
Path(id): Path<Uuid>,
|
|
axum::Json(mut body): axum::Json<UpdateAlertRuleRequest>,
|
|
) -> Result<impl IntoResponse, AppError>
|
|
where
|
|
HealthState: FromRef<S>,
|
|
S: Clone + Send + Sync + 'static,
|
|
{
|
|
require_permission(&ctx, "health.alert-rules.manage")?;
|
|
body.sanitize();
|
|
let rule = alert_rule_service::update_rule(
|
|
&state, ctx.tenant_id, id, ctx.user_id, body,
|
|
).await?;
|
|
Ok(axum::Json(ApiResponse::ok(rule)))
|
|
}
|
|
|
|
pub async fn deactivate<S>(
|
|
State(state): State<HealthState>,
|
|
Extension(ctx): Extension<TenantContext>,
|
|
Path(id): Path<Uuid>,
|
|
axum::Json(body): axum::Json<DeactivateRequest>,
|
|
) -> Result<impl IntoResponse, AppError>
|
|
where
|
|
HealthState: FromRef<S>,
|
|
S: Clone + Send + Sync + 'static,
|
|
{
|
|
require_permission(&ctx, "health.alert-rules.manage")?;
|
|
let rule = alert_rule_service::deactivate_rule(
|
|
&state, ctx.tenant_id, id, body.version,
|
|
).await?;
|
|
Ok(axum::Json(ApiResponse::ok(rule)))
|
|
}
|