addf

app/main/api/desc/admin/admin_query_whitelist.api

@@ -0,0 +1,85 @@
+syntax = "v1"
+
+info (
+	title:   "查询白名单管理"
+	desc:    "代理天远查询白名单配置接口"
+	version: "v1"
+)
+
+@server (
+	prefix: /api/v1/admin/query-whitelist
+	group:  admin_query_whitelist
+	middleware: AdminAuthInterceptor
+)
+service main {
+	@doc "创建查询白名单规则"
+	@handler AdminQueryWhitelistCreate
+	post /create (AdminQueryWhitelistCreateReq) returns (AdminQueryWhitelistOpResp)
+
+	@doc "追加查询白名单产品编码"
+	@handler AdminQueryWhitelistAppend
+	post /append (AdminQueryWhitelistAppendReq) returns (AdminQueryWhitelistOpResp)
+
+	@doc "查询白名单操作记录列表"
+	@handler AdminGetQueryWhitelistOpLogList
+	get /op-log/list (AdminGetQueryWhitelistOpLogListReq) returns (AdminGetQueryWhitelistOpLogListResp)
+}
+
+type (
+	AdminQueryWhitelistCreateReq {
+		Name     string   `json:"name"` // 姓名，* 表示只按身份证匹配
+		IdCard   string   `json:"id_card"` // 18位身份证号
+		ApiCodes []string `json:"api_codes"` // 产品编码列表
+		Remark   string   `json:"remark,optional"` // 备注
+	}
+	AdminQueryWhitelistAppendReq {
+		Name     string   `json:"name"` // 姓名，* 表示只按身份证匹配
+		IdCard   string   `json:"id_card"` // 18位身份证号
+		ApiCodes []string `json:"api_codes"` // 追加的产品编码列表
+		Remark   string   `json:"remark,optional"` // 备注，非空会覆盖原备注
+	}
+	AdminQueryWhitelistOpResp {
+		TianyuanCode    int                         `json:"tianyuan_code"` // 天远业务码
+		TianyuanMessage string                      `json:"tianyuan_message"` // 天远返回描述
+		TransactionId   string                      `json:"transaction_id,optional"` // 天远流水号
+		Entry           *QueryWhitelistEntryResult  `json:"entry,optional"` // 成功时规则详情
+	}
+	QueryWhitelistEntryResult {
+		Id           string   `json:"id"` // 规则ID
+		Name         string   `json:"name"` // 姓名规则
+		IdCardMasked string   `json:"id_card_masked"` // 脱敏身份证号
+		ApiCodes     []string `json:"api_codes"` // 当前产品编码列表
+		Status       string   `json:"status"` // 规则状态
+		Remark       string   `json:"remark"` // 备注
+		CreatedAt    string   `json:"created_at"` // 创建时间
+		UpdatedAt    string   `json:"updated_at"` // 更新时间
+	}
+	AdminGetQueryWhitelistOpLogListReq {
+		Page          int64  `form:"page,default=1"` // 页码
+		PageSize      int64  `form:"page_size,default=20"` // 每页数量
+		IdCard        string `form:"id_card,optional"` // 身份证号
+		Action        string `form:"action,optional"` // 操作类型：create / append
+		TianyuanResult string `form:"tianyuan_result,optional"` // 业务结果：success / fail
+	}
+	AdminGetQueryWhitelistOpLogListResp {
+		Total int64                        `json:"total"` // 总数
+		Items []QueryWhitelistOpLogListItem `json:"items"` // 列表
+	}
+	QueryWhitelistOpLogListItem {
+		Id              int64    `json:"id"` // 主键ID
+		AdminUserId     int64    `json:"admin_user_id"` // 操作管理员ID
+		Action          string   `json:"action"` // 操作类型
+		Name            string   `json:"name"` // 姓名规则
+		IdCard          string   `json:"id_card"` // 身份证号
+		IdCardMasked    string   `json:"id_card_masked"` // 脱敏身份证号
+		ApiCodes        []string `json:"api_codes"` // 本次提交的产品编码
+		Remark          string   `json:"remark"` // 备注
+		TianyuanCode    int64    `json:"tianyuan_code"` // 天远业务码
+		TianyuanMessage string   `json:"tianyuan_message"` // 天远返回描述
+		TransactionId   string   `json:"transaction_id"` // 天远流水号
+		EntryId         string   `json:"entry_id"` // 规则ID
+		EntryStatus     string   `json:"entry_status"` // 规则状态
+		EntryApiCodes   []string `json:"entry_api_codes"` // 规则当前产品编码
+		CreateTime      string   `json:"create_time"` // 创建时间
+	}
+)

app/main/api/desc/front/toolbox.api

@@ -6,9 +6,15 @@ info (
 	version: "v1"
 )
 
-// ==================== 通用请求/响应 ====================
-
 type (
+	ToolInfo {
+		Key  string `json:"key"` // 工具标识
+		Name string `json:"name"` // 工具名称
+		Desc string `json:"desc"` // 工具描述
+	}
+	ToolboxListResp {
+		Tools []ToolInfo `json:"tools"` // 工具列表
+	}
 	ToolboxQueryReq {
 		ToolKey string                 `json:"tool_key" validate:"required"`
 		Params  map[string]interface{} `json:"params"`
@@ -19,14 +25,16 @@ type (
 	}
 )
 
-// ==================== 免费接口（无需登录） ====================
-
 @server (
 	prefix: api/v1
 	group:  toolbox
 )
 service main {
+	@doc "获取工具列表"
+	@handler ToolboxList
+	get /toolbox/list returns (ToolboxListResp)
+
 	@doc "通用工具查询"
-	@handler toolboxQuery
+	@handler ToolboxQuery
 	post /toolbox/query (ToolboxQueryReq) returns (ToolboxQueryResp)
 }

app/main/api/desc/main.api

@@ -16,6 +16,7 @@ import "./front/app.api"
 import "./front/authorization.api"
 import "./front/upload.api"
 import "./front/tianyuan.api"
+import "./front/toolbox.api"
 // 后台
 import "./admin/auth.api"
 import "./admin/menu.api"
@@ -32,3 +33,4 @@ import "./admin/admin_agent.api"
 import "./admin/admin_api.api"
 import "./admin/admin_role_api.api"
 import "./admin/admin_queue.api"
+import "./admin/admin_query_whitelist.api"

app/main/api/etc/main.dev.yaml

@@ -91,6 +91,7 @@ Tianyuanapi:
     Key: "04c6b4c559be6d5ba5351c04c8713a64"
     BaseURL: "https://api.tianyuanapi.com"
     Timeout: 60
+    WhitelistMgmtKey: "2R12TmEc1e8P3p69RdIoN5Ykjk%H@4orPy7DZv7MXpGByoEL"
 Authorization:
     FileBaseURL: "https://www.tianyuancha.cn/api/v1/auth-docs" # 授权书文件访问基础URL
 Upload:

app/main/api/etc/main.yaml

@@ -106,6 +106,7 @@ Tianyuanapi:
     Key: "74902aff197d72d1caa5593560cb281e"
     BaseURL: "https://api.tianyuanapi.com"
     Timeout: 60
+    WhitelistMgmtKey: "2R12TmEc1e8P3p69RdIoN5Ykjk%H@4orPy7DZv7MXpGByoEL"
 tianxingjuhe:
     url: "https://apis.tianapi.com"
     key: "4ceffb1ffb95b83230b9a9c9df2467e1"

app/main/api/internal/config/config.go

@@ -143,6 +143,7 @@ type TianyuanapiConfig struct {
 	Key              string
 	BaseURL          string
 	Timeout          int64
+	WhitelistMgmtKey string // 查询白名单管理密钥 Whitelist-Mgmt-Key
 }
 
 type AuthorizationConfig struct {

app/main/api/internal/handler/admin_query_whitelist/admingetquerywhitelistoploglisthandler.go

@@ -0,0 +1,29 @@
+package admin_query_whitelist
+
+import (
+	"net/http"
+
+	"github.com/zeromicro/go-zero/rest/httpx"
+	"tyc-server/app/main/api/internal/logic/admin_query_whitelist"
+	"tyc-server/app/main/api/internal/svc"
+	"tyc-server/app/main/api/internal/types"
+	"tyc-server/common/result"
+	"tyc-server/pkg/lzkit/validator"
+)
+
+func AdminGetQueryWhitelistOpLogListHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var req types.AdminGetQueryWhitelistOpLogListReq
+		if err := httpx.Parse(r, &req); err != nil {
+			result.ParamErrorResult(r, w, err)
+			return
+		}
+		if err := validator.Validate(req); err != nil {
+			result.ParamValidateErrorResult(r, w, err)
+			return
+		}
+		l := admin_query_whitelist.NewAdminGetQueryWhitelistOpLogListLogic(r.Context(), svcCtx)
+		resp, err := l.AdminGetQueryWhitelistOpLogList(&req)
+		result.HttpResult(r, w, resp, err)
+	}
+}

app/main/api/internal/handler/admin_query_whitelist/adminquerywhitelistappendhandler.go

@@ -0,0 +1,29 @@
+package admin_query_whitelist
+
+import (
+	"net/http"
+
+	"github.com/zeromicro/go-zero/rest/httpx"
+	"tyc-server/app/main/api/internal/logic/admin_query_whitelist"
+	"tyc-server/app/main/api/internal/svc"
+	"tyc-server/app/main/api/internal/types"
+	"tyc-server/common/result"
+	"tyc-server/pkg/lzkit/validator"
+)
+
+func AdminQueryWhitelistAppendHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var req types.AdminQueryWhitelistAppendReq
+		if err := httpx.Parse(r, &req); err != nil {
+			result.ParamErrorResult(r, w, err)
+			return
+		}
+		if err := validator.Validate(req); err != nil {
+			result.ParamValidateErrorResult(r, w, err)
+			return
+		}
+		l := admin_query_whitelist.NewAdminQueryWhitelistAppendLogic(r.Context(), svcCtx)
+		resp, err := l.AdminQueryWhitelistAppend(&req)
+		result.HttpResult(r, w, resp, err)
+	}
+}

app/main/api/internal/handler/admin_query_whitelist/adminquerywhitelistcreatehandler.go

@@ -0,0 +1,29 @@
+package admin_query_whitelist
+
+import (
+	"net/http"
+
+	"github.com/zeromicro/go-zero/rest/httpx"
+	"tyc-server/app/main/api/internal/logic/admin_query_whitelist"
+	"tyc-server/app/main/api/internal/svc"
+	"tyc-server/app/main/api/internal/types"
+	"tyc-server/common/result"
+	"tyc-server/pkg/lzkit/validator"
+)
+
+func AdminQueryWhitelistCreateHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var req types.AdminQueryWhitelistCreateReq
+		if err := httpx.Parse(r, &req); err != nil {
+			result.ParamErrorResult(r, w, err)
+			return
+		}
+		if err := validator.Validate(req); err != nil {
+			result.ParamValidateErrorResult(r, w, err)
+			return
+		}
+		l := admin_query_whitelist.NewAdminQueryWhitelistCreateLogic(r.Context(), svcCtx)
+		resp, err := l.AdminQueryWhitelistCreate(&req)
+		result.HttpResult(r, w, resp, err)
+	}
+}

app/main/api/internal/handler/routes.go

@@ -15,6 +15,7 @@ import (
 	admin_product "tyc-server/app/main/api/internal/handler/admin_product"
 	admin_promotion "tyc-server/app/main/api/internal/handler/admin_promotion"
 	admin_query "tyc-server/app/main/api/internal/handler/admin_query"
+	admin_query_whitelist "tyc-server/app/main/api/internal/handler/admin_query_whitelist"
 	admin_role "tyc-server/app/main/api/internal/handler/admin_role"
 	admin_role_api "tyc-server/app/main/api/internal/handler/admin_role_api"
 	admin_user "tyc-server/app/main/api/internal/handler/admin_user"
@@ -607,6 +608,33 @@ func RegisterHandlers(server *rest.Server, serverCtx *svc.ServiceContext) {
 		rest.WithPrefix("/api/v1/admin/query"),
 	)
 
+	server.AddRoutes(
+		rest.WithMiddlewares(
+			[]rest.Middleware{serverCtx.AdminAuthInterceptor},
+			[]rest.Route{
+				{
+					// 追加查询白名单产品编码
+					Method:  http.MethodPost,
+					Path:    "/append",
+					Handler: admin_query_whitelist.AdminQueryWhitelistAppendHandler(serverCtx),
+				},
+				{
+					// 创建查询白名单规则
+					Method:  http.MethodPost,
+					Path:    "/create",
+					Handler: admin_query_whitelist.AdminQueryWhitelistCreateHandler(serverCtx),
+				},
+				{
+					// 查询白名单操作记录列表
+					Method:  http.MethodGet,
+					Path:    "/op-log/list",
+					Handler: admin_query_whitelist.AdminGetQueryWhitelistOpLogListHandler(serverCtx),
+				},
+			}...,
+		),
+		rest.WithPrefix("/api/v1/admin/query-whitelist"),
+	)
+
 	server.AddRoutes(
 		rest.WithMiddlewares(
 			[]rest.Middleware{serverCtx.AdminAuthInterceptor},

app/main/api/internal/logic/admin_query_whitelist/admingetquerywhitelistoploglistlogic.go

@@ -0,0 +1,108 @@
+package admin_query_whitelist
+
+import (
+	"context"
+
+	"tyc-server/app/main/api/internal/svc"
+	"tyc-server/app/main/api/internal/types"
+	"tyc-server/app/main/model"
+	"tyc-server/common/globalkey"
+	"tyc-server/common/xerr"
+
+	"github.com/pkg/errors"
+	"github.com/zeromicro/go-zero/core/logx"
+	"github.com/zeromicro/go-zero/core/mr"
+)
+
+type AdminGetQueryWhitelistOpLogListLogic struct {
+	logx.Logger
+	ctx    context.Context
+	svcCtx *svc.ServiceContext
+}
+
+func NewAdminGetQueryWhitelistOpLogListLogic(ctx context.Context, svcCtx *svc.ServiceContext) *AdminGetQueryWhitelistOpLogListLogic {
+	return &AdminGetQueryWhitelistOpLogListLogic{
+		Logger: logx.WithContext(ctx),
+		ctx:    ctx,
+		svcCtx: svcCtx,
+	}
+}
+
+func (l *AdminGetQueryWhitelistOpLogListLogic) AdminGetQueryWhitelistOpLogList(req *types.AdminGetQueryWhitelistOpLogListReq) (resp *types.AdminGetQueryWhitelistOpLogListResp, err error) {
+	builder := l.svcCtx.QueryWhitelistOpLogModel.SelectBuilder().
+		Where("del_state = ?", globalkey.DelStateNo)
+
+	if req.IdCard != "" {
+		builder = builder.Where("id_card = ?", req.IdCard)
+	}
+	if req.Action != "" {
+		builder = builder.Where("action = ?", req.Action)
+	}
+	switch req.TianyuanResult {
+	case "success":
+		builder = builder.Where("tianyuan_code = ?", 0)
+	case "fail":
+		builder = builder.Where("tianyuan_code != ?", 0)
+	}
+
+	var total int64
+	var logs []*model.QueryWhitelistOpLog
+	err = mr.Finish(func() error {
+		var err error
+		total, err = l.svcCtx.QueryWhitelistOpLogModel.FindCount(l.ctx, builder, "id")
+		if err != nil {
+			return errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询操作记录总数失败: %v", err)
+		}
+		return nil
+	}, func() error {
+		var err error
+		logs, err = l.svcCtx.QueryWhitelistOpLogModel.FindPageListByPage(l.ctx, builder, req.Page, req.PageSize, "id DESC")
+		if err != nil {
+			return errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询操作记录列表失败: %v", err)
+		}
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	resp = &types.AdminGetQueryWhitelistOpLogListResp{
+		Total: total,
+		Items: make([]types.QueryWhitelistOpLogListItem, 0, len(logs)),
+	}
+
+	for _, log := range logs {
+		item := types.QueryWhitelistOpLogListItem{
+			Id:            log.Id,
+			AdminUserId:   log.AdminUserId,
+			Action:        log.Action,
+			Name:          log.Name,
+			IdCard:        log.IdCard,
+			ApiCodes:      parseApiCodesJSON(log.ApiCodes),
+			TianyuanCode:  log.TianyuanCode,
+			CreateTime:    log.CreateTime.Format("2006-01-02 15:04:05"),
+			EntryApiCodes: parseApiCodesJSON(log.EntryApiCodes.String),
+		}
+		if log.IdCardMasked.Valid {
+			item.IdCardMasked = log.IdCardMasked.String
+		}
+		if log.Remark.Valid {
+			item.Remark = log.Remark.String
+		}
+		if log.TianyuanMessage.Valid {
+			item.TianyuanMessage = log.TianyuanMessage.String
+		}
+		if log.TransactionId.Valid {
+			item.TransactionId = log.TransactionId.String
+		}
+		if log.EntryId.Valid {
+			item.EntryId = log.EntryId.String
+		}
+		if log.EntryStatus.Valid {
+			item.EntryStatus = log.EntryStatus.String
+		}
+		resp.Items = append(resp.Items, item)
+	}
+
+	return resp, nil
+}

app/main/api/internal/logic/admin_query_whitelist/adminquerywhitelistappendlogic.go

@@ -0,0 +1,33 @@
+package admin_query_whitelist
+
+import (
+	"context"
+
+	"tyc-server/app/main/api/internal/svc"
+	"tyc-server/app/main/api/internal/types"
+
+	"github.com/zeromicro/go-zero/core/logx"
+)
+
+type AdminQueryWhitelistAppendLogic struct {
+	logx.Logger
+	ctx    context.Context
+	svcCtx *svc.ServiceContext
+}
+
+func NewAdminQueryWhitelistAppendLogic(ctx context.Context, svcCtx *svc.ServiceContext) *AdminQueryWhitelistAppendLogic {
+	return &AdminQueryWhitelistAppendLogic{
+		Logger: logx.WithContext(ctx),
+		ctx:    ctx,
+		svcCtx: svcCtx,
+	}
+}
+
+func (l *AdminQueryWhitelistAppendLogic) AdminQueryWhitelistAppend(req *types.AdminQueryWhitelistAppendReq) (resp *types.AdminQueryWhitelistOpResp, err error) {
+	return callAndRecord(l.ctx, l.svcCtx, actionAppend, opParams{
+		Name:     req.Name,
+		IdCard:   req.IdCard,
+		ApiCodes: req.ApiCodes,
+		Remark:   req.Remark,
+	}, l.svcCtx.TianyuanapiClient.AppendQueryWhitelistEntry)
+}

app/main/api/internal/logic/admin_query_whitelist/adminquerywhitelistcreatelogic.go

@@ -0,0 +1,33 @@
+package admin_query_whitelist
+
+import (
+	"context"
+
+	"tyc-server/app/main/api/internal/svc"
+	"tyc-server/app/main/api/internal/types"
+
+	"github.com/zeromicro/go-zero/core/logx"
+)
+
+type AdminQueryWhitelistCreateLogic struct {
+	logx.Logger
+	ctx    context.Context
+	svcCtx *svc.ServiceContext
+}
+
+func NewAdminQueryWhitelistCreateLogic(ctx context.Context, svcCtx *svc.ServiceContext) *AdminQueryWhitelistCreateLogic {
+	return &AdminQueryWhitelistCreateLogic{
+		Logger: logx.WithContext(ctx),
+		ctx:    ctx,
+		svcCtx: svcCtx,
+	}
+}
+
+func (l *AdminQueryWhitelistCreateLogic) AdminQueryWhitelistCreate(req *types.AdminQueryWhitelistCreateReq) (resp *types.AdminQueryWhitelistOpResp, err error) {
+	return callAndRecord(l.ctx, l.svcCtx, actionCreate, opParams{
+		Name:     req.Name,
+		IdCard:   req.IdCard,
+		ApiCodes: req.ApiCodes,
+		Remark:   req.Remark,
+	}, l.svcCtx.TianyuanapiClient.CreateQueryWhitelistEntry)
+}

app/main/api/internal/logic/admin_query_whitelist/helper.go

@@ -0,0 +1,195 @@
+package admin_query_whitelist
+
+import (
+	"context"
+	"database/sql"
+	"encoding/json"
+	"fmt"
+	"regexp"
+	"strings"
+
+	tianyuanapi "tyc-server/app/main/api/internal/service/tianyuanapi_sdk"
+	"tyc-server/app/main/api/internal/svc"
+	"tyc-server/app/main/api/internal/types"
+	"tyc-server/app/main/model"
+	"tyc-server/common/ctxdata"
+	"tyc-server/common/xerr"
+
+	"github.com/pkg/errors"
+)
+
+const (
+	actionCreate = "create"
+	actionAppend = "append"
+)
+
+var idCardPattern = regexp.MustCompile(`^\d{17}[\dXx]$`)
+
+type opParams struct {
+	Name     string
+	IdCard   string
+	ApiCodes []string
+	Remark   string
+}
+
+func validateOpParams(p opParams) error {
+	if strings.TrimSpace(p.Name) == "" {
+		return fmt.Errorf("姓名不能为空")
+	}
+	idCard := strings.TrimSpace(p.IdCard)
+	if idCard == "" {
+		return fmt.Errorf("身份证号不能为空")
+	}
+	if !idCardPattern.MatchString(idCard) {
+		return fmt.Errorf("身份证号格式不正确")
+	}
+	if len(p.ApiCodes) == 0 {
+		return fmt.Errorf("产品编码不能为空")
+	}
+	for _, code := range p.ApiCodes {
+		if strings.TrimSpace(code) == "" {
+			return fmt.Errorf("产品编码不能包含空值")
+		}
+		if code == "*" {
+			return fmt.Errorf("产品编码不支持通配符 *")
+		}
+	}
+	if len(p.Remark) > 500 {
+		return fmt.Errorf("备注最长 500 字符")
+	}
+	return nil
+}
+
+func toTianyuanParams(p opParams) tianyuanapi.QueryWhitelistParams {
+	name := strings.TrimSpace(p.Name)
+	if name == "" {
+		name = "*"
+	}
+	return tianyuanapi.QueryWhitelistParams{
+		Name:     name,
+		IdCard:   strings.ToUpper(strings.TrimSpace(p.IdCard)),
+		ApiCodes: p.ApiCodes,
+		Remark:   strings.TrimSpace(p.Remark),
+	}
+}
+
+func toEntryResult(entry *tianyuanapi.QueryWhitelistEntry) *types.QueryWhitelistEntryResult {
+	if entry == nil {
+		return nil
+	}
+	return &types.QueryWhitelistEntryResult{
+		Id:           entry.ID,
+		Name:         entry.Name,
+		IdCardMasked: entry.IdCardMasked,
+		ApiCodes:     entry.ApiCodes,
+		Status:       entry.Status,
+		Remark:       entry.Remark,
+		CreatedAt:    entry.CreatedAt,
+		UpdatedAt:    entry.UpdatedAt,
+	}
+}
+
+func toOpResp(result *tianyuanapi.QueryWhitelistResult) *types.AdminQueryWhitelistOpResp {
+	if result == nil {
+		return &types.AdminQueryWhitelistOpResp{}
+	}
+	return &types.AdminQueryWhitelistOpResp{
+		TianyuanCode:    result.Code,
+		TianyuanMessage: result.Message,
+		TransactionId:   result.TransactionID,
+		Entry:           toEntryResult(result.Entry),
+	}
+}
+
+func saveOpLog(ctx context.Context, svcCtx *svc.ServiceContext, action string, params opParams, result *tianyuanapi.QueryWhitelistResult) error {
+	adminUserID, err := ctxdata.GetUidFromCtx(ctx)
+	if err != nil {
+		return errors.Wrapf(xerr.NewErrCode(xerr.TOKEN_EXPIRE_ERROR), "获取管理员ID失败: %v", err)
+	}
+
+	apiCodesJSON, err := json.Marshal(params.ApiCodes)
+	if err != nil {
+		return err
+	}
+
+	log := &model.QueryWhitelistOpLog{
+		AdminUserId:  adminUserID,
+		Action:       action,
+		Name:         strings.TrimSpace(params.Name),
+		IdCard:       strings.ToUpper(strings.TrimSpace(params.IdCard)),
+		ApiCodes:     string(apiCodesJSON),
+		TianyuanCode: int64(result.Code),
+	}
+
+	if params.Remark != "" {
+		log.Remark = sql.NullString{String: params.Remark, Valid: true}
+	}
+	if result.Message != "" {
+		log.TianyuanMessage = sql.NullString{String: result.Message, Valid: true}
+	}
+	if result.TransactionID != "" {
+		log.TransactionId = sql.NullString{String: result.TransactionID, Valid: true}
+	}
+	if result.Entry != nil {
+		if result.Entry.IdCardMasked != "" {
+			log.IdCardMasked = sql.NullString{String: result.Entry.IdCardMasked, Valid: true}
+		}
+		if result.Entry.ID != "" {
+			log.EntryId = sql.NullString{String: result.Entry.ID, Valid: true}
+		}
+		if result.Entry.Status != "" {
+			log.EntryStatus = sql.NullString{String: result.Entry.Status, Valid: true}
+		}
+		if len(result.Entry.ApiCodes) > 0 {
+			entryCodesJSON, err := json.Marshal(result.Entry.ApiCodes)
+			if err != nil {
+				return err
+			}
+			log.EntryApiCodes = sql.NullString{String: string(entryCodesJSON), Valid: true}
+		}
+	}
+
+	_, err = svcCtx.QueryWhitelistOpLogModel.Insert(ctx, nil, log)
+	if err != nil {
+		return errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "保存操作记录失败: %v", err)
+	}
+	return nil
+}
+
+func callAndRecord(
+	ctx context.Context,
+	svcCtx *svc.ServiceContext,
+	action string,
+	params opParams,
+	call func(tianyuanapi.QueryWhitelistParams) (*tianyuanapi.QueryWhitelistResult, error),
+) (*types.AdminQueryWhitelistOpResp, error) {
+	if err := validateOpParams(params); err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.REUQEST_PARAM_ERROR), "%s", err.Error())
+	}
+
+	if svcCtx.TianyuanapiClient == nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "天远 API 客户端未初始化")
+	}
+
+	result, err := call(toTianyuanParams(params))
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "调用天远 API 失败: %v", err)
+	}
+
+	if err := saveOpLog(ctx, svcCtx, action, params, result); err != nil {
+		return nil, err
+	}
+
+	return toOpResp(result), nil
+}
+
+func parseApiCodesJSON(raw string) []string {
+	if raw == "" {
+		return []string{}
+	}
+	var codes []string
+	if err := json.Unmarshal([]byte(raw), &codes); err != nil {
+		return []string{}
+	}
+	return codes
+}

app/main/api/internal/service/tianyuanapi_sdk/client.go

@@ -63,6 +63,7 @@ type Client struct {
 	baseURL  string
 	timeout  time.Duration
 	client   *http.Client
+	mgmtKey  string // 查询白名单管理密钥 Whitelist-Mgmt-Key
 }
 
 // Config 客户端配置

app/main/api/internal/service/tianyuanapi_sdk/query_whitelist.go

@@ -0,0 +1,124 @@
+package tianyuanapi
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"time"
+)
+
+// QueryWhitelistParams 查询白名单请求参数（加密前明文）
+type QueryWhitelistParams struct {
+	Name     string   `json:"name"`
+	IdCard   string   `json:"id_card"`
+	ApiCodes []string `json:"api_codes"`
+	Remark   string   `json:"remark,omitempty"`
+}
+
+// QueryWhitelistEntry 查询白名单规则详情（解密后）
+type QueryWhitelistEntry struct {
+	ID           string   `json:"id"`
+	Name         string   `json:"name"`
+	IdCardMasked string   `json:"id_card_masked"`
+	ApiCodes     []string `json:"api_codes"`
+	Status       string   `json:"status"`
+	Remark       string   `json:"remark"`
+	CreatedAt    string   `json:"created_at"`
+	UpdatedAt    string   `json:"updated_at"`
+}
+
+// QueryWhitelistResult 查询白名单 API 调用结果
+type QueryWhitelistResult struct {
+	Code          int                  `json:"code"`
+	Message       string               `json:"message"`
+	TransactionID string               `json:"transaction_id"`
+	Entry         *QueryWhitelistEntry `json:"entry,omitempty"`
+	RequestTimeMs int64                `json:"request_time_ms"`
+}
+
+// SetWhitelistMgmtKey 设置白名单管理密钥
+func (c *Client) SetWhitelistMgmtKey(key string) {
+	c.mgmtKey = key
+}
+
+// CreateQueryWhitelistEntry 创建查询白名单规则
+func (c *Client) CreateQueryWhitelistEntry(params QueryWhitelistParams) (*QueryWhitelistResult, error) {
+	return c.callQueryWhitelist("/api/v1/query-whitelist/entries", params)
+}
+
+// AppendQueryWhitelistEntry 向已有规则追加产品编码
+func (c *Client) AppendQueryWhitelistEntry(params QueryWhitelistParams) (*QueryWhitelistResult, error) {
+	return c.callQueryWhitelist("/api/v1/query-whitelist/entries/append", params)
+}
+
+func (c *Client) callQueryWhitelist(path string, params QueryWhitelistParams) (*QueryWhitelistResult, error) {
+	if c.mgmtKey == "" {
+		return nil, fmt.Errorf("Whitelist-Mgmt-Key 未配置")
+	}
+
+	startTime := time.Now()
+
+	jsonData, err := json.Marshal(params)
+	if err != nil {
+		return nil, fmt.Errorf("参数序列化失败: %v", err)
+	}
+
+	encryptedData, err := c.encrypt(string(jsonData))
+	if err != nil {
+		return nil, fmt.Errorf("数据加密失败: %v", err)
+	}
+
+	requestBody := map[string]string{"data": encryptedData}
+	requestBodyBytes, err := json.Marshal(requestBody)
+	if err != nil {
+		return nil, fmt.Errorf("请求体序列化失败: %v", err)
+	}
+
+	url := c.baseURL + path
+	httpReq, err := http.NewRequest(http.MethodPost, url, bytes.NewBuffer(requestBodyBytes))
+	if err != nil {
+		return nil, fmt.Errorf("创建HTTP请求失败: %v", err)
+	}
+
+	httpReq.Header.Set("Content-Type", "application/json")
+	httpReq.Header.Set("Access-Id", c.accessID)
+	httpReq.Header.Set("Whitelist-Mgmt-Key", c.mgmtKey)
+	httpReq.Header.Set("User-Agent", "TianyuanAPI-Go-SDK/1.0.0")
+
+	resp, err := c.client.Do(httpReq)
+	if err != nil {
+		return nil, fmt.Errorf("请求失败: %v", err)
+	}
+	defer resp.Body.Close()
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, fmt.Errorf("读取响应失败: %v", err)
+	}
+
+	var apiResp ApiResponse
+	if err := json.Unmarshal(body, &apiResp); err != nil {
+		return nil, fmt.Errorf("响应解析失败: %v", err)
+	}
+
+	result := &QueryWhitelistResult{
+		Code:          apiResp.Code,
+		Message:       apiResp.Message,
+		TransactionID: apiResp.TransactionID,
+		RequestTimeMs: time.Since(startTime).Milliseconds(),
+	}
+
+	if apiResp.Data != "" {
+		decryptedData, err := c.decrypt(apiResp.Data)
+		if err == nil {
+			var entry QueryWhitelistEntry
+			if json.Unmarshal([]byte(decryptedData), &entry) == nil {
+				result.Entry = &entry
+			}
+		}
+	}
+
+	return result, nil
+}

app/main/api/internal/svc/servicecontext.go

@@ -45,6 +45,7 @@ type ServiceContext struct {
 	QueryCleanupDetailModel model.QueryCleanupDetailModel
 	QueryCleanupConfigModel model.QueryCleanupConfigModel
 	QueryUserRecordModel    model.QueryUserRecordModel
+	QueryWhitelistOpLogModel model.QueryWhitelistOpLogModel
 
 	// 代理相关模型
 	AgentModel                        model.AgentModel
@@ -104,6 +105,7 @@ type ServiceContext struct {
 	AuthorizationService           *service.AuthorizationService
 	ToolboxService                 *service.ToolboxService
 	TianxingjuheService            *tianxingjuhe.Client
+	TianyuanapiClient              *tianyuanapi.Client
 }
 
 // NewServiceContext 创建服务上下文
@@ -138,6 +140,7 @@ func NewServiceContext(c config.Config) *ServiceContext {
 	queryCleanupDetailModel := model.NewQueryCleanupDetailModel(db, cacheConf)
 	queryCleanupConfigModel := model.NewQueryCleanupConfigModel(db, cacheConf)
 	queryUserRecordModel := model.NewQueryUserRecordModel(db, cacheConf)
+	queryWhitelistOpLogModel := model.NewQueryWhitelistOpLogModel(db, cacheConf)
 
 	// ============================== 代理相关模型 ==============================
 	agentModel := model.NewAgentModel(db, cacheConf)
@@ -189,6 +192,8 @@ func NewServiceContext(c config.Config) *ServiceContext {
 	})
 	if err != nil {
 		logx.Errorf("初始化天远API失败: %+v", err)
+	} else if c.Tianyuanapi.WhitelistMgmtKey != "" {
+		tianyuanapi.SetWhitelistMgmtKey(c.Tianyuanapi.WhitelistMgmtKey)
 	}
 
 	// 初始化天行聚合API客户端
@@ -262,6 +267,7 @@ func NewServiceContext(c config.Config) *ServiceContext {
 		QueryCleanupDetailModel: queryCleanupDetailModel,
 		QueryCleanupConfigModel: queryCleanupConfigModel,
 		QueryUserRecordModel:    queryUserRecordModel,
+		QueryWhitelistOpLogModel: queryWhitelistOpLogModel,
 
 		// 代理相关模型
 		AgentModel:                        agentModel,
@@ -321,6 +327,7 @@ func NewServiceContext(c config.Config) *ServiceContext {
 		AuthorizationService:           authorizationService,
 		ToolboxService:                 toolboxService,
 		TianxingjuheService:            tianxingjuheService,
+		TianyuanapiClient:              tianyuanapi,
 	}
 }
 

app/main/api/internal/types/types.go

@@ -688,6 +688,19 @@ type AdminGetQueryDetailByOrderIdResp struct {
 	QueryState      string                 `json:"query_state"` // 查询状态
 }
 
+type AdminGetQueryWhitelistOpLogListReq struct {
+	Page           int64  `form:"page,default=1"`           // 页码
+	PageSize       int64  `form:"page_size,default=20"`     // 每页数量
+	IdCard         string `form:"id_card,optional"`         // 身份证号
+	Action         string `form:"action,optional"`          // 操作类型：create / append
+	TianyuanResult string `form:"tianyuan_result,optional"` // 业务结果：success / fail
+}
+
+type AdminGetQueryWhitelistOpLogListResp struct {
+	Total int64                         `json:"total"` // 总数
+	Items []QueryWhitelistOpLogListItem `json:"items"` // 列表
+}
+
 type AdminGetRefundStatisticsReq struct {
 }
 
@@ -773,6 +786,27 @@ type AdminQueryItem struct {
 	Data    interface{} `json:"data"` // 这里可以是 map 或 具体的 struct
 }
 
+type AdminQueryWhitelistAppendReq struct {
+	Name     string   `json:"name"`            // 姓名，* 表示只按身份证匹配
+	IdCard   string   `json:"id_card"`         // 18位身份证号
+	ApiCodes []string `json:"api_codes"`       // 追加的产品编码列表
+	Remark   string   `json:"remark,optional"` // 备注，非空会覆盖原备注
+}
+
+type AdminQueryWhitelistCreateReq struct {
+	Name     string   `json:"name"`            // 姓名，* 表示只按身份证匹配
+	IdCard   string   `json:"id_card"`         // 18位身份证号
+	ApiCodes []string `json:"api_codes"`       // 产品编码列表
+	Remark   string   `json:"remark,optional"` // 备注
+}
+
+type AdminQueryWhitelistOpResp struct {
+	TianyuanCode    int                        `json:"tianyuan_code"`           // 天远业务码
+	TianyuanMessage string                     `json:"tianyuan_message"`        // 天远返回描述
+	TransactionId   string                     `json:"transaction_id,optional"` // 天远流水号
+	Entry           *QueryWhitelistEntryResult `json:"entry,optional"`          // 成功时规则详情
+}
+
 type AdminRefundOrderReq struct {
 	Id           int64   `path:"id"`            // 订单ID
 	RefundAmount float64 `json:"refund_amount"` // 退款金额
@@ -2088,6 +2122,35 @@ type QuerySingleTestResp struct {
 	Api  string      `json:"api"`
 }
 
+type QueryWhitelistEntryResult struct {
+	Id           string   `json:"id"`             // 规则ID
+	Name         string   `json:"name"`           // 姓名规则
+	IdCardMasked string   `json:"id_card_masked"` // 脱敏身份证号
+	ApiCodes     []string `json:"api_codes"`      // 当前产品编码列表
+	Status       string   `json:"status"`         // 规则状态
+	Remark       string   `json:"remark"`         // 备注
+	CreatedAt    string   `json:"created_at"`     // 创建时间
+	UpdatedAt    string   `json:"updated_at"`     // 更新时间
+}
+
+type QueryWhitelistOpLogListItem struct {
+	Id              int64    `json:"id"`               // 主键ID
+	AdminUserId     int64    `json:"admin_user_id"`    // 操作管理员ID
+	Action          string   `json:"action"`           // 操作类型
+	Name            string   `json:"name"`             // 姓名规则
+	IdCard          string   `json:"id_card"`          // 身份证号
+	IdCardMasked    string   `json:"id_card_masked"`   // 脱敏身份证号
+	ApiCodes        []string `json:"api_codes"`        // 本次提交的产品编码
+	Remark          string   `json:"remark"`           // 备注
+	TianyuanCode    int64    `json:"tianyuan_code"`    // 天远业务码
+	TianyuanMessage string   `json:"tianyuan_message"` // 天远返回描述
+	TransactionId   string   `json:"transaction_id"`   // 天远流水号
+	EntryId         string   `json:"entry_id"`         // 规则ID
+	EntryStatus     string   `json:"entry_status"`     // 规则状态
+	EntryApiCodes   []string `json:"entry_api_codes"`  // 规则当前产品编码
+	CreateTime      string   `json:"create_time"`      // 创建时间
+}
+
 type RecordLinkClickReq struct {
 	Path string `path:"path"` // 链接路径
 }
@@ -2135,6 +2198,16 @@ type TimeRangeReport struct {
 	Report     int     `json:"report"`     // 报告量
 }
 
+type ToolInfo struct {
+	Key  string `json:"key"`  // 工具标识
+	Name string `json:"name"` // 工具名称
+	Desc string `json:"desc"` // 工具描述
+}
+
+type ToolboxListResp struct {
+	Tools []ToolInfo `json:"tools"` // 工具列表
+}
+
 type ToolboxQueryReq struct {
 	ToolKey string                 `json:"tool_key" validate:"required"`
 	Params  map[string]interface{} `json:"params"`
@@ -2145,16 +2218,6 @@ type ToolboxQueryResp struct {
 	Result  map[string]interface{} `json:"result"`
 }
 
-type ToolInfo struct {
-	Key  string `json:"key"`
-	Name string `json:"name"`
-	Desc string `json:"desc"`
-}
-
-type ToolboxListResp struct {
-	Tools []ToolInfo `json:"tools"`
-}
-
 type UpdateMenuReq struct {
 	Id        int64                  `path:"id"`                 // 菜单ID
 	Pid       int64                  `json:"pid,optional"`       // 父菜单ID

app/main/model/queryWhitelistOpLogModel.go

@@ -0,0 +1,27 @@
+package model
+
+import (
+	"github.com/zeromicro/go-zero/core/stores/cache"
+	"github.com/zeromicro/go-zero/core/stores/sqlx"
+)
+
+var _ QueryWhitelistOpLogModel = (*customQueryWhitelistOpLogModel)(nil)
+
+type (
+	// QueryWhitelistOpLogModel is an interface to be customized, add more methods here,
+	// and implement the added methods in customQueryWhitelistOpLogModel.
+	QueryWhitelistOpLogModel interface {
+		queryWhitelistOpLogModel
+	}
+
+	customQueryWhitelistOpLogModel struct {
+		*defaultQueryWhitelistOpLogModel
+	}
+)
+
+// NewQueryWhitelistOpLogModel returns a model for the database table.
+func NewQueryWhitelistOpLogModel(conn sqlx.SqlConn, c cache.CacheConf) QueryWhitelistOpLogModel {
+	return &customQueryWhitelistOpLogModel{
+		defaultQueryWhitelistOpLogModel: newQueryWhitelistOpLogModel(conn, c),
+	}
+}

app/main/model/queryWhitelistOpLogModel_gen.go

@@ -0,0 +1,379 @@
+// Code generated by goctl. DO NOT EDIT!
+
+package model
+
+import (
+	"context"
+	"database/sql"
+	"fmt"
+	"strings"
+
+	"time"
+
+	"github.com/Masterminds/squirrel"
+	"github.com/pkg/errors"
+	"github.com/zeromicro/go-zero/core/stores/builder"
+	"github.com/zeromicro/go-zero/core/stores/cache"
+	"github.com/zeromicro/go-zero/core/stores/sqlc"
+	"github.com/zeromicro/go-zero/core/stores/sqlx"
+	"github.com/zeromicro/go-zero/core/stringx"
+	"tyc-server/common/globalkey"
+)
+
+var (
+	queryWhitelistOpLogFieldNames          = builder.RawFieldNames(&QueryWhitelistOpLog{})
+	queryWhitelistOpLogRows                = strings.Join(queryWhitelistOpLogFieldNames, ",")
+	queryWhitelistOpLogRowsExpectAutoSet   = strings.Join(stringx.Remove(queryWhitelistOpLogFieldNames, "`id`", "`create_time`", "`update_time`"), ",")
+	queryWhitelistOpLogRowsWithPlaceHolder = strings.Join(stringx.Remove(queryWhitelistOpLogFieldNames, "`id`", "`create_time`", "`update_time`"), "=?,") + "=?"
+
+	cacheQueryWhitelistOpLogIdPrefix = "cache:queryWhitelistOpLog:id:"
+)
+
+type (
+	queryWhitelistOpLogModel interface {
+		Insert(ctx context.Context, session sqlx.Session, data *QueryWhitelistOpLog) (sql.Result, error)
+		FindOne(ctx context.Context, id int64) (*QueryWhitelistOpLog, error)
+		Update(ctx context.Context, session sqlx.Session, data *QueryWhitelistOpLog) (sql.Result, error)
+		UpdateWithVersion(ctx context.Context, session sqlx.Session, data *QueryWhitelistOpLog) error
+		Trans(ctx context.Context, fn func(context context.Context, session sqlx.Session) error) error
+		SelectBuilder() squirrel.SelectBuilder
+		DeleteSoft(ctx context.Context, session sqlx.Session, data *QueryWhitelistOpLog) error
+		FindSum(ctx context.Context, sumBuilder squirrel.SelectBuilder, field string) (float64, error)
+		FindCount(ctx context.Context, countBuilder squirrel.SelectBuilder, field string) (int64, error)
+		FindAll(ctx context.Context, rowBuilder squirrel.SelectBuilder, orderBy string) ([]*QueryWhitelistOpLog, error)
+		FindPageListByPage(ctx context.Context, rowBuilder squirrel.SelectBuilder, page, pageSize int64, orderBy string) ([]*QueryWhitelistOpLog, error)
+		FindPageListByPageWithTotal(ctx context.Context, rowBuilder squirrel.SelectBuilder, page, pageSize int64, orderBy string) ([]*QueryWhitelistOpLog, int64, error)
+		FindPageListByIdDESC(ctx context.Context, rowBuilder squirrel.SelectBuilder, preMinId, pageSize int64) ([]*QueryWhitelistOpLog, error)
+		FindPageListByIdASC(ctx context.Context, rowBuilder squirrel.SelectBuilder, preMaxId, pageSize int64) ([]*QueryWhitelistOpLog, error)
+		Delete(ctx context.Context, session sqlx.Session, id int64) error
+	}
+
+	defaultQueryWhitelistOpLogModel struct {
+		sqlc.CachedConn
+		table string
+	}
+
+	QueryWhitelistOpLog struct {
+		Id              int64          `db:"id"`
+		CreateTime      time.Time      `db:"create_time"`
+		UpdateTime      time.Time      `db:"update_time"`
+		DeleteTime      sql.NullTime   `db:"delete_time"` // 删除时间
+		DelState        int64          `db:"del_state"`
+		Version         int64          `db:"version"`          // 版本号
+		AdminUserId     int64          `db:"admin_user_id"`    // 操作管理员ID
+		Action          string         `db:"action"`           // 操作类型：create=创建规则，append=追加接口
+		Name            string         `db:"name"`             // 姓名规则
+		IdCard          string         `db:"id_card"`          // 身份证号（明文，供后台审计）
+		IdCardMasked    sql.NullString `db:"id_card_masked"`   // 天远返回的脱敏身份证号
+		ApiCodes        string         `db:"api_codes"`        // 本次提交的产品编码（JSON数组）
+		Remark          sql.NullString `db:"remark"`           // 备注
+		TianyuanCode    int64          `db:"tianyuan_code"`    // 天远 API 业务码
+		TianyuanMessage sql.NullString `db:"tianyuan_message"` // 天远 API 返回描述
+		TransactionId   sql.NullString `db:"transaction_id"`   // 天远 API 流水号
+		EntryId         sql.NullString `db:"entry_id"`         // 天远规则ID（成功时）
+		EntryStatus     sql.NullString `db:"entry_status"`     // 规则状态（成功时）
+		EntryApiCodes   sql.NullString `db:"entry_api_codes"`  // 规则当前产品编码列表（JSON数组，成功时）
+	}
+)
+
+func newQueryWhitelistOpLogModel(conn sqlx.SqlConn, c cache.CacheConf) *defaultQueryWhitelistOpLogModel {
+	return &defaultQueryWhitelistOpLogModel{
+		CachedConn: sqlc.NewConn(conn, c),
+		table:      "`query_whitelist_op_log`",
+	}
+}
+
+func (m *defaultQueryWhitelistOpLogModel) Insert(ctx context.Context, session sqlx.Session, data *QueryWhitelistOpLog) (sql.Result, error) {
+	data.DelState = globalkey.DelStateNo
+	queryWhitelistOpLogIdKey := fmt.Sprintf("%s%v", cacheQueryWhitelistOpLogIdPrefix, data.Id)
+	return m.ExecCtx(ctx, func(ctx context.Context, conn sqlx.SqlConn) (result sql.Result, err error) {
+		query := fmt.Sprintf("insert into %s (%s) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", m.table, queryWhitelistOpLogRowsExpectAutoSet)
+		if session != nil {
+			return session.ExecCtx(ctx, query, data.DeleteTime, data.DelState, data.Version, data.AdminUserId, data.Action, data.Name, data.IdCard, data.IdCardMasked, data.ApiCodes, data.Remark, data.TianyuanCode, data.TianyuanMessage, data.TransactionId, data.EntryId, data.EntryStatus, data.EntryApiCodes)
+		}
+		return conn.ExecCtx(ctx, query, data.DeleteTime, data.DelState, data.Version, data.AdminUserId, data.Action, data.Name, data.IdCard, data.IdCardMasked, data.ApiCodes, data.Remark, data.TianyuanCode, data.TianyuanMessage, data.TransactionId, data.EntryId, data.EntryStatus, data.EntryApiCodes)
+	}, queryWhitelistOpLogIdKey)
+}
+
+func (m *defaultQueryWhitelistOpLogModel) FindOne(ctx context.Context, id int64) (*QueryWhitelistOpLog, error) {
+	queryWhitelistOpLogIdKey := fmt.Sprintf("%s%v", cacheQueryWhitelistOpLogIdPrefix, id)
+	var resp QueryWhitelistOpLog
+	err := m.QueryRowCtx(ctx, &resp, queryWhitelistOpLogIdKey, func(ctx context.Context, conn sqlx.SqlConn, v interface{}) error {
+		query := fmt.Sprintf("select %s from %s where `id` = ? and del_state = ? limit 1", queryWhitelistOpLogRows, m.table)
+		return conn.QueryRowCtx(ctx, v, query, id, globalkey.DelStateNo)
+	})
+	switch err {
+	case nil:
+		return &resp, nil
+	case sqlc.ErrNotFound:
+		return nil, ErrNotFound
+	default:
+		return nil, err
+	}
+}
+
+func (m *defaultQueryWhitelistOpLogModel) Update(ctx context.Context, session sqlx.Session, data *QueryWhitelistOpLog) (sql.Result, error) {
+	queryWhitelistOpLogIdKey := fmt.Sprintf("%s%v", cacheQueryWhitelistOpLogIdPrefix, data.Id)
+	return m.ExecCtx(ctx, func(ctx context.Context, conn sqlx.SqlConn) (result sql.Result, err error) {
+		query := fmt.Sprintf("update %s set %s where `id` = ?", m.table, queryWhitelistOpLogRowsWithPlaceHolder)
+		if session != nil {
+			return session.ExecCtx(ctx, query, data.DeleteTime, data.DelState, data.Version, data.AdminUserId, data.Action, data.Name, data.IdCard, data.IdCardMasked, data.ApiCodes, data.Remark, data.TianyuanCode, data.TianyuanMessage, data.TransactionId, data.EntryId, data.EntryStatus, data.EntryApiCodes, data.Id)
+		}
+		return conn.ExecCtx(ctx, query, data.DeleteTime, data.DelState, data.Version, data.AdminUserId, data.Action, data.Name, data.IdCard, data.IdCardMasked, data.ApiCodes, data.Remark, data.TianyuanCode, data.TianyuanMessage, data.TransactionId, data.EntryId, data.EntryStatus, data.EntryApiCodes, data.Id)
+	}, queryWhitelistOpLogIdKey)
+}
+
+func (m *defaultQueryWhitelistOpLogModel) UpdateWithVersion(ctx context.Context, session sqlx.Session, data *QueryWhitelistOpLog) error {
+
+	oldVersion := data.Version
+	data.Version += 1
+
+	var sqlResult sql.Result
+	var err error
+
+	queryWhitelistOpLogIdKey := fmt.Sprintf("%s%v", cacheQueryWhitelistOpLogIdPrefix, data.Id)
+	sqlResult, err = m.ExecCtx(ctx, func(ctx context.Context, conn sqlx.SqlConn) (result sql.Result, err error) {
+		query := fmt.Sprintf("update %s set %s where `id` = ? and version = ? ", m.table, queryWhitelistOpLogRowsWithPlaceHolder)
+		if session != nil {
+			return session.ExecCtx(ctx, query, data.DeleteTime, data.DelState, data.Version, data.AdminUserId, data.Action, data.Name, data.IdCard, data.IdCardMasked, data.ApiCodes, data.Remark, data.TianyuanCode, data.TianyuanMessage, data.TransactionId, data.EntryId, data.EntryStatus, data.EntryApiCodes, data.Id, oldVersion)
+		}
+		return conn.ExecCtx(ctx, query, data.DeleteTime, data.DelState, data.Version, data.AdminUserId, data.Action, data.Name, data.IdCard, data.IdCardMasked, data.ApiCodes, data.Remark, data.TianyuanCode, data.TianyuanMessage, data.TransactionId, data.EntryId, data.EntryStatus, data.EntryApiCodes, data.Id, oldVersion)
+	}, queryWhitelistOpLogIdKey)
+	if err != nil {
+		return err
+	}
+	updateCount, err := sqlResult.RowsAffected()
+	if err != nil {
+		return err
+	}
+	if updateCount == 0 {
+		return ErrNoRowsUpdate
+	}
+
+	return nil
+}
+
+func (m *defaultQueryWhitelistOpLogModel) DeleteSoft(ctx context.Context, session sqlx.Session, data *QueryWhitelistOpLog) error {
+	data.DelState = globalkey.DelStateYes
+	data.DeleteTime = sql.NullTime{Time: time.Now(), Valid: true}
+	if err := m.UpdateWithVersion(ctx, session, data); err != nil {
+		return errors.Wrapf(errors.New("delete soft failed "), "QueryWhitelistOpLogModel delete err : %+v", err)
+	}
+	return nil
+}
+
+func (m *defaultQueryWhitelistOpLogModel) FindSum(ctx context.Context, builder squirrel.SelectBuilder, field string) (float64, error) {
+
+	if len(field) == 0 {
+		return 0, errors.Wrapf(errors.New("FindSum Least One Field"), "FindSum Least One Field")
+	}
+
+	builder = builder.Columns("IFNULL(SUM(" + field + "),0)")
+
+	query, values, err := builder.Where("del_state = ?", globalkey.DelStateNo).ToSql()
+	if err != nil {
+		return 0, err
+	}
+
+	var resp float64
+	err = m.QueryRowNoCacheCtx(ctx, &resp, query, values...)
+	switch err {
+	case nil:
+		return resp, nil
+	default:
+		return 0, err
+	}
+}
+
+func (m *defaultQueryWhitelistOpLogModel) FindCount(ctx context.Context, builder squirrel.SelectBuilder, field string) (int64, error) {
+
+	if len(field) == 0 {
+		return 0, errors.Wrapf(errors.New("FindCount Least One Field"), "FindCount Least One Field")
+	}
+
+	builder = builder.Columns("COUNT(" + field + ")")
+
+	query, values, err := builder.Where("del_state = ?", globalkey.DelStateNo).ToSql()
+	if err != nil {
+		return 0, err
+	}
+
+	var resp int64
+	err = m.QueryRowNoCacheCtx(ctx, &resp, query, values...)
+	switch err {
+	case nil:
+		return resp, nil
+	default:
+		return 0, err
+	}
+}
+
+func (m *defaultQueryWhitelistOpLogModel) FindAll(ctx context.Context, builder squirrel.SelectBuilder, orderBy string) ([]*QueryWhitelistOpLog, error) {
+
+	builder = builder.Columns(queryWhitelistOpLogRows)
+
+	if orderBy == "" {
+		builder = builder.OrderBy("id DESC")
+	} else {
+		builder = builder.OrderBy(orderBy)
+	}
+
+	query, values, err := builder.Where("del_state = ?", globalkey.DelStateNo).ToSql()
+	if err != nil {
+		return nil, err
+	}
+
+	var resp []*QueryWhitelistOpLog
+	err = m.QueryRowsNoCacheCtx(ctx, &resp, query, values...)
+	switch err {
+	case nil:
+		return resp, nil
+	default:
+		return nil, err
+	}
+}
+
+func (m *defaultQueryWhitelistOpLogModel) FindPageListByPage(ctx context.Context, builder squirrel.SelectBuilder, page, pageSize int64, orderBy string) ([]*QueryWhitelistOpLog, error) {
+
+	builder = builder.Columns(queryWhitelistOpLogRows)
+
+	if orderBy == "" {
+		builder = builder.OrderBy("id DESC")
+	} else {
+		builder = builder.OrderBy(orderBy)
+	}
+
+	if page < 1 {
+		page = 1
+	}
+	offset := (page - 1) * pageSize
+
+	query, values, err := builder.Where("del_state = ?", globalkey.DelStateNo).Offset(uint64(offset)).Limit(uint64(pageSize)).ToSql()
+	if err != nil {
+		return nil, err
+	}
+
+	var resp []*QueryWhitelistOpLog
+	err = m.QueryRowsNoCacheCtx(ctx, &resp, query, values...)
+	switch err {
+	case nil:
+		return resp, nil
+	default:
+		return nil, err
+	}
+}
+
+func (m *defaultQueryWhitelistOpLogModel) FindPageListByPageWithTotal(ctx context.Context, builder squirrel.SelectBuilder, page, pageSize int64, orderBy string) ([]*QueryWhitelistOpLog, int64, error) {
+
+	total, err := m.FindCount(ctx, builder, "id")
+	if err != nil {
+		return nil, 0, err
+	}
+
+	builder = builder.Columns(queryWhitelistOpLogRows)
+
+	if orderBy == "" {
+		builder = builder.OrderBy("id DESC")
+	} else {
+		builder = builder.OrderBy(orderBy)
+	}
+
+	if page < 1 {
+		page = 1
+	}
+	offset := (page - 1) * pageSize
+
+	query, values, err := builder.Where("del_state = ?", globalkey.DelStateNo).Offset(uint64(offset)).Limit(uint64(pageSize)).ToSql()
+	if err != nil {
+		return nil, total, err
+	}
+
+	var resp []*QueryWhitelistOpLog
+	err = m.QueryRowsNoCacheCtx(ctx, &resp, query, values...)
+	switch err {
+	case nil:
+		return resp, total, nil
+	default:
+		return nil, total, err
+	}
+}
+
+func (m *defaultQueryWhitelistOpLogModel) FindPageListByIdDESC(ctx context.Context, builder squirrel.SelectBuilder, preMinId, pageSize int64) ([]*QueryWhitelistOpLog, error) {
+
+	builder = builder.Columns(queryWhitelistOpLogRows)
+
+	if preMinId > 0 {
+		builder = builder.Where(" id < ? ", preMinId)
+	}
+
+	query, values, err := builder.Where("del_state = ?", globalkey.DelStateNo).OrderBy("id DESC").Limit(uint64(pageSize)).ToSql()
+	if err != nil {
+		return nil, err
+	}
+
+	var resp []*QueryWhitelistOpLog
+	err = m.QueryRowsNoCacheCtx(ctx, &resp, query, values...)
+	switch err {
+	case nil:
+		return resp, nil
+	default:
+		return nil, err
+	}
+}
+
+func (m *defaultQueryWhitelistOpLogModel) FindPageListByIdASC(ctx context.Context, builder squirrel.SelectBuilder, preMaxId, pageSize int64) ([]*QueryWhitelistOpLog, error) {
+
+	builder = builder.Columns(queryWhitelistOpLogRows)
+
+	if preMaxId > 0 {
+		builder = builder.Where(" id > ? ", preMaxId)
+	}
+
+	query, values, err := builder.Where("del_state = ?", globalkey.DelStateNo).OrderBy("id ASC").Limit(uint64(pageSize)).ToSql()
+	if err != nil {
+		return nil, err
+	}
+
+	var resp []*QueryWhitelistOpLog
+	err = m.QueryRowsNoCacheCtx(ctx, &resp, query, values...)
+	switch err {
+	case nil:
+		return resp, nil
+	default:
+		return nil, err
+	}
+}
+
+func (m *defaultQueryWhitelistOpLogModel) Trans(ctx context.Context, fn func(ctx context.Context, session sqlx.Session) error) error {
+
+	return m.TransactCtx(ctx, func(ctx context.Context, session sqlx.Session) error {
+		return fn(ctx, session)
+	})
+
+}
+
+func (m *defaultQueryWhitelistOpLogModel) SelectBuilder() squirrel.SelectBuilder {
+	return squirrel.Select().From(m.table)
+}
+func (m *defaultQueryWhitelistOpLogModel) Delete(ctx context.Context, session sqlx.Session, id int64) error {
+	queryWhitelistOpLogIdKey := fmt.Sprintf("%s%v", cacheQueryWhitelistOpLogIdPrefix, id)
+	_, err := m.ExecCtx(ctx, func(ctx context.Context, conn sqlx.SqlConn) (result sql.Result, err error) {
+		query := fmt.Sprintf("delete from %s where `id` = ?", m.table)
+		if session != nil {
+			return session.ExecCtx(ctx, query, id)
+		}
+		return conn.ExecCtx(ctx, query, id)
+	}, queryWhitelistOpLogIdKey)
+	return err
+}
+func (m *defaultQueryWhitelistOpLogModel) formatPrimary(primary interface{}) string {
+	return fmt.Sprintf("%s%v", cacheQueryWhitelistOpLogIdPrefix, primary)
+}
+func (m *defaultQueryWhitelistOpLogModel) queryPrimary(ctx context.Context, conn sqlx.SqlConn, v, primary interface{}) error {
+	query := fmt.Sprintf("select %s from %s where `id` = ? and del_state = ? limit 1", queryWhitelistOpLogRows, m.table)
+	return conn.QueryRowCtx(ctx, v, query, primary, globalkey.DelStateNo)
+}
+
+func (m *defaultQueryWhitelistOpLogModel) tableName() string {
+	return m.table
+}

deploy/sql/query_whitelist_op_log.sql

@@ -0,0 +1,111 @@
+-- 查询白名单功能部署 SQL
+-- 数据库：tyc
+-- 执行后请重新登录管理后台
+
+-- ============================================
+-- 1. 创建操作记录表
+-- ============================================
+CREATE TABLE IF NOT EXISTS `query_whitelist_op_log` (
+  `id` bigint NOT NULL AUTO_INCREMENT,
+  `create_time` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `update_time` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+  `delete_time` datetime DEFAULT NULL COMMENT '删除时间',
+  `del_state` tinyint NOT NULL DEFAULT '0',
+  `version` bigint NOT NULL DEFAULT '0' COMMENT '版本号',
+
+  `admin_user_id` bigint NOT NULL COMMENT '操作管理员ID',
+  `action` varchar(20) NOT NULL COMMENT '操作类型：create=创建规则，append=追加接口',
+  `name` varchar(50) NOT NULL DEFAULT '*' COMMENT '姓名规则',
+  `id_card` varchar(50) NOT NULL COMMENT '身份证号（明文，供后台审计）',
+  `id_card_masked` varchar(50) DEFAULT NULL COMMENT '天远返回的脱敏身份证号',
+  `api_codes` varchar(2000) NOT NULL COMMENT '本次提交的产品编码（JSON数组）',
+  `remark` varchar(500) DEFAULT NULL COMMENT '备注',
+  `tianyuan_code` int NOT NULL DEFAULT 0 COMMENT '天远 API 业务码',
+  `tianyuan_message` varchar(500) DEFAULT NULL COMMENT '天远 API 返回描述',
+  `transaction_id` varchar(64) DEFAULT NULL COMMENT '天远 API 流水号',
+  `entry_id` varchar(64) DEFAULT NULL COMMENT '天远规则ID（成功时）',
+  `entry_status` varchar(20) DEFAULT NULL COMMENT '规则状态（成功时）',
+  `entry_api_codes` varchar(2000) DEFAULT NULL COMMENT '规则当前产品编码列表（JSON数组，成功时）',
+
+  PRIMARY KEY (`id`),
+  KEY `idx_admin_user_id` (`admin_user_id`),
+  KEY `idx_id_card` (`id_card`),
+  KEY `idx_action` (`action`),
+  KEY `idx_tianyuan_code` (`tianyuan_code`),
+  KEY `idx_create_time` (`create_time`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci COMMENT='查询白名单操作记录表';
+
+-- ============================================
+-- 2. 新增「查询白名单」菜单
+-- ============================================
+INSERT INTO `admin_menu` (
+  `pid`, `name`, `path`, `component`, `redirect`, `meta`, `status`, `type`, `sort`, `del_state`, `version`
+)
+SELECT
+  20,
+  'queryWhitelist',
+  '/product-manage/query-whitelist/list',
+  '/product-manage/query-whitelist/list',
+  NULL,
+  JSON_OBJECT('icon', 'lucide:shield-off', 'title', '查询白名单'),
+  1,
+  1,
+  0,
+  0,
+  0
+FROM DUAL
+WHERE NOT EXISTS (
+  SELECT 1 FROM `admin_menu`
+  WHERE `path` = '/product-manage/query-whitelist/list' AND `del_state` = 0
+);
+
+-- ============================================
+-- 3. 给超级管理员（role_id=1）授权菜单
+-- ============================================
+INSERT INTO `admin_role_menu` (`role_id`, `menu_id`, `del_state`, `version`)
+SELECT
+  1,
+  m.`id`,
+  0,
+  0
+FROM `admin_menu` m
+WHERE m.`path` = '/product-manage/query-whitelist/list'
+  AND m.`del_state` = 0
+  AND NOT EXISTS (
+    SELECT 1 FROM `admin_role_menu` rm
+    WHERE rm.`role_id` = 1
+      AND rm.`menu_id` = m.`id`
+      AND rm.`del_state` = 0
+  );
+
+-- ============================================
+-- 4. 注册 admin_api 权限
+-- ============================================
+INSERT INTO `admin_api` (`api_name`, `api_code`, `method`, `url`, `status`, `description`, `del_state`, `version`)
+SELECT 'query-whitelist-create', 'post__api_v1_admin_query-whitelist_create', 'POST', '/api/v1/admin/query-whitelist/create', 1, '创建查询白名单规则', 0, 0
+FROM DUAL WHERE NOT EXISTS (SELECT 1 FROM `admin_api` WHERE `url` = '/api/v1/admin/query-whitelist/create' AND `del_state` = 0);
+
+INSERT INTO `admin_api` (`api_name`, `api_code`, `method`, `url`, `status`, `description`, `del_state`, `version`)
+SELECT 'query-whitelist-append', 'post__api_v1_admin_query-whitelist_append', 'POST', '/api/v1/admin/query-whitelist/append', 1, '追加查询白名单产品编码', 0, 0
+FROM DUAL WHERE NOT EXISTS (SELECT 1 FROM `admin_api` WHERE `url` = '/api/v1/admin/query-whitelist/append' AND `del_state` = 0);
+
+INSERT INTO `admin_api` (`api_name`, `api_code`, `method`, `url`, `status`, `description`, `del_state`, `version`)
+SELECT 'query-whitelist-op-log-list', 'get__api_v1_admin_query-whitelist_op-log_list', 'GET', '/api/v1/admin/query-whitelist/op-log/list', 1, '查询白名单操作记录列表', 0, 0
+FROM DUAL WHERE NOT EXISTS (SELECT 1 FROM `admin_api` WHERE `url` = '/api/v1/admin/query-whitelist/op-log/list' AND `del_state` = 0);
+
+-- ============================================
+-- 5. 给超级管理员（role_id=1）授权 API
+-- ============================================
+INSERT INTO `admin_role_api` (`role_id`, `api_id`, `del_state`, `version`)
+SELECT 1, a.`id`, 0, 0
+FROM `admin_api` a
+WHERE a.`url` IN (
+  '/api/v1/admin/query-whitelist/create',
+  '/api/v1/admin/query-whitelist/append',
+  '/api/v1/admin/query-whitelist/op-log/list'
+)
+AND a.`del_state` = 0
+AND NOT EXISTS (
+  SELECT 1 FROM `admin_role_api` ra
+  WHERE ra.`role_id` = 1 AND ra.`api_id` = a.`id` AND ra.`del_state` = 0
+);