Merge branch 'main' of http://1.117.67.95:3000/team/tyapi-server

internal/application/api/api_application_service.go

@@ -609,42 +609,9 @@ func (s *ApiApplicationServiceImpl) GetUserApiCalls(ctx context.Context, userID
 	// 转换为响应DTO
 	var items []dto.ApiCallRecordResponse
 	for _, call := range calls {
-		// 解密请求参数
-		var requestParamsStr string = call.RequestParams // 默认使用原始值
-		if call.UserId != nil && *call.UserId != "" {
-			// 获取用户的API密钥信息
-			apiUser, err := s.apiUserService.LoadApiUserByUserId(ctx, *call.UserId)
-			if err != nil {
-				s.logger.Error("获取用户API信息失败",
-					zap.Error(err),
-					zap.String("call_id", call.ID),
-					zap.String("user_id", *call.UserId))
-				// 获取失败时使用原始值
-			} else if apiUser.SecretKey != "" {
-				// 使用用户的SecretKey解密请求参数
-				decryptedParams, err := s.DecryptParams(ctx, *call.UserId, &commands.DecryptCommand{
-					EncryptedData: call.RequestParams,
-					SecretKey:     apiUser.SecretKey,
-				})
-				if err != nil {
-					s.logger.Error("解密请求参数失败",
-						zap.Error(err),
-						zap.String("call_id", call.ID),
-						zap.String("user_id", *call.UserId))
-					// 解密失败时使用原始值
-				} else {
-					// 将解密后的数据转换为JSON字符串
-					if jsonBytes, err := json.Marshal(decryptedParams); err == nil {
-						requestParamsStr = string(jsonBytes)
-					} else {
-						s.logger.Error("序列化解密参数失败",
-							zap.Error(err),
-							zap.String("call_id", call.ID))
-						// 序列化失败时使用原始值
-					}
-				}
-			}
-		}
+		// 出于安全考虑，不再在数据库中存储或解密真实请求参数
+		// 这里只保留数据库中的原始占位值（通常为空字符串）
+		requestParamsStr := call.RequestParams
 
 		item := dto.ApiCallRecordResponse{
 			ID:            call.ID,

internal/domains/api/entities/api_call.go

@@ -71,9 +71,6 @@ func NewApiCall(accessId, requestParams, clientIp string) (*ApiCall, error) {
 	if accessId == "" {
 		return nil, errors.New("AccessId不能为空")
 	}
-	if requestParams == "" {
-		return nil, errors.New("请求参数不能为空")
-	}
 	if clientIp == "" {
 		return nil, errors.New("ClientIp不能为空")
 	}
@@ -83,7 +80,7 @@ func NewApiCall(accessId, requestParams, clientIp string) (*ApiCall, error) {
 		AccessId:      accessId,
 		TransactionId: GenerateTransactionID(),
 		ClientIp:      clientIp,
-		RequestParams: requestParams,
+		RequestParams: "",
 		Status:        ApiCallStatusPending,
 		StartAt:       time.Now(),
 	}, nil
@@ -92,11 +89,11 @@ func NewApiCall(accessId, requestParams, clientIp string) (*ApiCall, error) {
 // MarkSuccess 标记为成功
 func (a *ApiCall) MarkSuccess(cost decimal.Decimal) error {
 	// 校验除ErrorMsg和ErrorType外所有字段不能为空
-	if a.ID == "" || a.AccessId == "" || a.TransactionId == "" || a.RequestParams == "" || a.Status == "" || a.StartAt.IsZero() {
+	if a.ID == "" || a.AccessId == "" || a.TransactionId == "" || a.Status == "" || a.StartAt.IsZero() {
 		return errors.New("ApiCall字段不能为空（除ErrorMsg和ErrorType）")
 	}
 	// 可选字段也要有值
-	if a.UserId == nil || a.ProductId == nil  {
+	if a.UserId == nil || a.ProductId == nil {
 		return errors.New("ApiCall标记成功时UserId、ProductId不能为空")
 	}
 	a.Status = ApiCallStatusSuccess
@@ -132,9 +129,6 @@ func (a *ApiCall) Validate() error {
 	if a.TransactionId == "" {
 		return errors.New("TransactionId不能为空")
 	}
-	if a.RequestParams == "" {
-		return errors.New("请求参数不能为空")
-	}
 	if a.Status != ApiCallStatusPending && a.Status != ApiCallStatusSuccess && a.Status != ApiCallStatusFailed {
 		return errors.New("无效的调用状态")
 	}

internal/infrastructure/external/jiguang/jiguang_service.go

@@ -108,7 +108,7 @@ func (j *JiguangService) CallAPI(ctx context.Context, apiCode string, apiPath st
 
 	// 记录请求日志
 	if j.logger != nil {
-		j.logger.LogRequest(requestID, transactionID, apiCode, requestURL, params)
+		j.logger.LogRequest(requestID, transactionID, apiCode, requestURL)
 	}
 
 	// 将请求参数转换为JSON
@@ -212,12 +212,12 @@ func (j *JiguangService) CallAPI(ctx context.Context, apiCode string, apiPath st
 		return nil, err
 	}
 
-	// 记录响应日志
+	// 记录响应日志（不记录具体响应数据）
 	if j.logger != nil {
 		if jiguangResp.OrderID != "" {
-			j.logger.LogResponseWithID(requestID, transactionID, apiCode, httpResp.StatusCode, bodyBytes, duration, jiguangResp.OrderID)
+			j.logger.LogResponseWithID(requestID, transactionID, apiCode, httpResp.StatusCode, duration, jiguangResp.OrderID)
 		} else {
-			j.logger.LogResponse(requestID, transactionID, apiCode, httpResp.StatusCode, bodyBytes, duration)
+			j.logger.LogResponse(requestID, transactionID, apiCode, httpResp.StatusCode, duration)
 		}
 	}
 

internal/infrastructure/external/muzi/muzi_service.go

@@ -118,7 +118,7 @@ func (m *MuziService) CallAPI(ctx context.Context, prodCode string, path string,
 	}
 
 	if m.logger != nil {
-		m.logger.LogRequest(requestID, transactionID, prodCode, m.config.URL, requestBody)
+		m.logger.LogRequest(requestID, transactionID, prodCode, m.config.URL)
 	}
 
 	bodyBytes, marshalErr := json.Marshal(requestBody)
@@ -187,7 +187,8 @@ func (m *MuziService) CallAPI(ctx context.Context, prodCode string, path string,
 	}
 
 	if m.logger != nil {
-		m.logger.LogResponse(requestID, transactionID, prodCode, resp.StatusCode, respBody, time.Since(now))
+		// 记录响应日志（不记录具体响应数据）
+		m.logger.LogResponse(requestID, transactionID, prodCode, resp.StatusCode, time.Since(now))
 	}
 
 	if resp.StatusCode != http.StatusOK {

internal/infrastructure/external/westdex/westdex_service.go

@@ -95,7 +95,7 @@ func (w *WestDexService) CallAPI(ctx context.Context, code string, reqData map[s
 
 	// 记录请求日志
 	if w.logger != nil {
-		w.logger.LogRequest(requestID, transactionID, code, reqUrl, reqData)
+		w.logger.LogRequest(requestID, transactionID, code, reqUrl)
 	}
 
 	jsonData, marshalErr := json.Marshal(reqData)
@@ -186,9 +186,9 @@ func (w *WestDexService) CallAPI(ctx context.Context, code string, reqData map[s
 			return nil, err
 		}
 
-		// 记录响应日志，包含响应ID
+		// 记录响应日志（不记录具体响应数据）
 		if w.logger != nil {
-			w.logger.LogResponseWithID(requestID, transactionID, code, httpResp.StatusCode, bodyBytes, duration, westDexResp.ID)
+			w.logger.LogResponseWithID(requestID, transactionID, code, httpResp.StatusCode, duration, westDexResp.ID)
 		}
 
 		if westDexResp.Code != "00000" && westDexResp.Code != "200" && westDexResp.Code != "0" {
@@ -268,7 +268,7 @@ func (w *WestDexService) G05HZ01CallAPI(ctx context.Context, code string, reqDat
 
 	// 记录请求日志
 	if w.logger != nil {
-		w.logger.LogRequest(requestID, transactionID, code, reqUrl, reqData)
+		w.logger.LogRequest(requestID, transactionID, code, reqUrl)
 	}
 
 	jsonData, marshalErr := json.Marshal(reqData)
@@ -356,9 +356,9 @@ func (w *WestDexService) G05HZ01CallAPI(ctx context.Context, code string, reqDat
 			return nil, err
 		}
 
-		// 记录响应日志，包含响应ID
+		// 记录响应日志（不记录具体响应数据）
 		if w.logger != nil {
-			w.logger.LogResponseWithID(requestID, transactionID, code, httpResp.StatusCode, bodyBytes, duration, westDexResp.ID)
+			w.logger.LogResponseWithID(requestID, transactionID, code, httpResp.StatusCode, duration, westDexResp.ID)
 		}
 
 		if westDexResp.Code != "0000" {

internal/infrastructure/external/xingwei/xingwei_service.go

@@ -128,7 +128,7 @@ func (x *XingweiService) CallAPI(ctx context.Context, projectID string, params m
 
 	// 记录请求日志
 	if x.logger != nil {
-		x.logger.LogRequest(requestID, transactionID, "xingwei_api", x.config.URL, params)
+		x.logger.LogRequest(requestID, transactionID, "xingwei_api", x.config.URL)
 	}
 
 	// 将请求参数转换为JSON
@@ -212,9 +212,9 @@ func (x *XingweiService) CallAPI(ctx context.Context, projectID string, params m
 		return nil, err
 	}
 
-	// 记录响应日志
+	// 记录响应日志（不记录具体响应数据）
 	if x.logger != nil {
-		x.logger.LogResponse(requestID, transactionID, "xingwei_api", httpResp.StatusCode, bodyBytes, duration)
+		x.logger.LogResponse(requestID, transactionID, "xingwei_api", httpResp.StatusCode, duration)
 	}
 
 	// 检查HTTP状态码
@@ -259,7 +259,8 @@ func (x *XingweiService) CallAPI(ctx context.Context, projectID string, params m
 	case CodeNotFound:
 		// 未查询到结果，返回空数组
 		if x.logger != nil {
-			x.logger.LogResponse(requestID, transactionID, "xingwei_api", httpResp.StatusCode, []byte("[]"), duration)
+			// 这里只记录有响应，不记录具体返回内容
+			x.logger.LogResponse(requestID, transactionID, "xingwei_api", httpResp.StatusCode, duration)
 		}
 		return []byte("[]"), nil
 

internal/infrastructure/external/yushan/yushan_service.go

@@ -64,7 +64,7 @@ func (y *YushanService) CallAPI(ctx context.Context, code string, params map[str
 
 	// 记录请求日志
 	if y.logger != nil {
-		y.logger.LogRequest(requestID, transactionID, code, y.config.URL, params)
+		y.logger.LogRequest(requestID, transactionID, code, y.config.URL)
 	}
 
 	// 获取当前时间戳
@@ -176,10 +176,10 @@ func (y *YushanService) CallAPI(ctx context.Context, code string, params map[str
 	}
 	retCode := gjson.GetBytes(respData, "retcode").String()
 
-	// 记录响应日志
+	// 记录响应日志（不记录具体响应数据）
 	if y.logger != nil {
 		duration := time.Since(startTime)
-		y.logger.LogResponse(requestID, transactionID, code, resp.StatusCode, respData, duration)
+		y.logger.LogResponse(requestID, transactionID, code, resp.StatusCode, duration)
 	}
 
 	if retCode == "100000" {

internal/infrastructure/external/zhicha/zhicha_service.go

@@ -101,7 +101,7 @@ func (z *ZhichaService) CallAPI(ctx context.Context, proID string, params map[st
 
 	// 记录请求日志
 	if z.logger != nil {
-		z.logger.LogRequest(requestID, transactionID, proID, z.config.URL, params)
+		z.logger.LogRequest(requestID, transactionID, proID, z.config.URL)
 	}
 
 	jsonData, marshalErr := json.Marshal(params)
@@ -175,10 +175,10 @@ func (z *ZhichaService) CallAPI(ctx context.Context, proID string, params map[st
 		return nil, err
 	}
 
-	// 记录响应日志
+	// 记录响应日志（不记录具体响应数据）
 	if z.logger != nil {
 		duration := time.Since(startTime)
-		z.logger.LogResponse(requestID, transactionID, proID, response.StatusCode, respBody, duration)
+		z.logger.LogResponse(requestID, transactionID, proID, response.StatusCode, duration)
 	}
 
 	// 检查HTTP状态码

internal/shared/external_logger/external_logger.go

@@ -295,7 +295,7 @@ func createFileWriter(logDir, level string, config ExternalServiceLevelFileConfi
 }
 
 // LogRequest 记录请求日志
-func (e *ExternalServiceLogger) LogRequest(requestID, transactionID, apiCode string, url interface{}, params interface{}) {
+func (e *ExternalServiceLogger) LogRequest(requestID, transactionID, apiCode string, url interface{}) {
 	logger := e.requestLogger
 	if logger == nil {
 		logger = e.logger
@@ -306,13 +306,12 @@ func (e *ExternalServiceLogger) LogRequest(requestID, transactionID, apiCode str
 		zap.String("transaction_id", transactionID),
 		zap.String("api_code", apiCode),
 		zap.Any("url", url),
-		zap.Any("params", params),
 		zap.String("timestamp", time.Now().Format(time.RFC3339)),
 	)
 }
 
 // LogResponse 记录响应日志
-func (e *ExternalServiceLogger) LogResponse(requestID, transactionID, apiCode string, statusCode int, response []byte, duration time.Duration) {
+func (e *ExternalServiceLogger) LogResponse(requestID, transactionID, apiCode string, statusCode int, duration time.Duration) {
 	logger := e.responseLogger
 	if logger == nil {
 		logger = e.logger
@@ -323,14 +322,13 @@ func (e *ExternalServiceLogger) LogResponse(requestID, transactionID, apiCode st
 		zap.String("transaction_id", transactionID),
 		zap.String("api_code", apiCode),
 		zap.Int("status_code", statusCode),
-		zap.String("response", string(response)),
 		zap.Duration("duration", duration),
 		zap.String("timestamp", time.Now().Format(time.RFC3339)),
 	)
 }
 
 // LogResponseWithID 记录包含响应ID的响应日志
-func (e *ExternalServiceLogger) LogResponseWithID(requestID, transactionID, apiCode string, statusCode int, response []byte, duration time.Duration, responseID string) {
+func (e *ExternalServiceLogger) LogResponseWithID(requestID, transactionID, apiCode string, statusCode int, duration time.Duration, responseID string) {
 	logger := e.responseLogger
 	if logger == nil {
 		logger = e.logger
@@ -341,7 +339,6 @@ func (e *ExternalServiceLogger) LogResponseWithID(requestID, transactionID, apiC
 		zap.String("transaction_id", transactionID),
 		zap.String("api_code", apiCode),
 		zap.Int("status_code", statusCode),
-		zap.String("response", string(response)),
 		zap.Duration("duration", duration),
 		zap.String("response_id", responseID),
 		zap.String("timestamp", time.Now().Format(time.RFC3339)),