1

2025-04-08 12:49:19 +08:00
parent 39af208ea3
commit 14b5d10992
20 changed files with 1437 additions and 67 deletions
--- a/app/user/cmd/api/internal/logic/query/querydetailbyorderidlogic.go
+++ b/app/user/cmd/api/internal/logic/query/querydetailbyorderidlogic.go
@@ -7,6 +7,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"time"
+	"tydata-server/common/ctxdata"
 	"tydata-server/common/xerr"
 	"tydata-server/pkg/lzkit/crypto"
 	"tydata-server/pkg/lzkit/delay"
@@ -17,6 +18,7 @@ import (

 	"tydata-server/app/user/cmd/api/internal/svc"
 	"tydata-server/app/user/cmd/api/internal/types"
+	"tydata-server/app/user/model"

 	"github.com/zeromicro/go-zero/core/logx"
 )
@@ -36,12 +38,26 @@ func NewQueryDetailByOrderIdLogic(ctx context.Context, svcCtx *svc.ServiceContex
 }

 func (l *QueryDetailByOrderIdLogic) QueryDetailByOrderId(req *types.QueryDetailByOrderIdReq) (resp *types.QueryDetailByOrderIdResp, err error) {
+	// 获取当前用户ID
+	userId, err := ctxdata.GetUidFromCtx(l.ctx)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "获取用户ID失败: %v", err)
+	}
+
 	// 获取订单信息
 	order, err := l.svcCtx.OrderModel.FindOne(l.ctx, req.OrderId)
 	if err != nil {
+		if errors.Is(err, model.ErrNotFound) {
+			return nil, errors.Wrapf(xerr.NewErrCode(xerr.LOGIC_QUERY_NOT_FOUND), "报告查询, 订单不存在: %v", err)
+		}
 		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "报告查询, 查找报告错误: %v", err)
 	}

+	// 安全验证：确保订单属于当前用户
+	if order.UserId != userId {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.LOGIC_QUERY_NOT_FOUND), "无权查看此订单报告")
+	}
+
 	// 创建渐进式延迟策略实例
 	progressiveDelayOrder, err := delay.New(200*time.Millisecond, 3*time.Second, 10*time.Second, 1.5)
 	if err != nil {
--- a/app/user/cmd/api/internal/logic/query/querydetailbyordernologic.go
+++ b/app/user/cmd/api/internal/logic/query/querydetailbyordernologic.go
@@ -5,6 +5,7 @@ import (
 	"encoding/hex"
 	"fmt"
 	"time"
+	"tydata-server/common/ctxdata"
 	"tydata-server/common/xerr"
 	"tydata-server/pkg/lzkit/delay"

@@ -13,6 +14,7 @@ import (

 	"tydata-server/app/user/cmd/api/internal/svc"
 	"tydata-server/app/user/cmd/api/internal/types"
+	"tydata-server/app/user/model"

 	"github.com/zeromicro/go-zero/core/logx"
 )
@@ -32,12 +34,26 @@ func NewQueryDetailByOrderNoLogic(ctx context.Context, svcCtx *svc.ServiceContex
 }

 func (l *QueryDetailByOrderNoLogic) QueryDetailByOrderNo(req *types.QueryDetailByOrderNoReq) (resp *types.QueryDetailByOrderNoResp, err error) {
+	// 获取当前用户ID
+	userId, err := ctxdata.GetUidFromCtx(l.ctx)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "获取用户ID失败: %v", err)
+	}
+
 	// 获取订单信息
 	order, err := l.svcCtx.OrderModel.FindOneByOrderNo(l.ctx, req.OrderNo)
 	if err != nil {
+		if errors.Is(err, model.ErrNotFound) {
+			return nil, errors.Wrapf(xerr.NewErrCode(xerr.LOGIC_QUERY_NOT_FOUND), "报告查询, 订单不存在: %v", err)
+		}
 		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "报告查询, 查找报告错误: %v", err)
 	}

+	// 安全验证：确保订单属于当前用户
+	if order.UserId != userId {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.LOGIC_QUERY_NOT_FOUND), "无权查看此订单报告")
+	}
+
 	// 创建渐进式延迟策略实例
 	progressiveDelayOrder, err := delay.New(200*time.Millisecond, 3*time.Second, 10*time.Second, 1.5)
 	if err != nil {