fadd

app/main/api/desc/admin/admin_query_whitelist.api

@@ -0,0 +1,91 @@
+syntax = "v1"
+
+info (
+	title:   "后台查询白名单管理服务"
+	desc:    "对接天远 API 查询白名单配置接口"
+	version: "v1"
+)
+
+@server (
+	prefix: /api/v1/admin/query-whitelist
+	group:  admin_query_whitelist
+	middleware: AdminAuthInterceptor
+)
+service main {
+	// 创建查询白名单规则
+	@handler AdminCreateQueryWhitelist
+	post /create (AdminCreateQueryWhitelistReq) returns (AdminCreateQueryWhitelistResp)
+
+	// 追加产品编码到已有规则
+	@handler AdminAppendQueryWhitelist
+	// 获取操作记录列表
+	@handler AdminGetQueryWhitelistOpLogList
+	get /op-log/list (AdminGetQueryWhitelistOpLogListReq) returns (AdminGetQueryWhitelistOpLogListResp)
+}
+
+type (
+	AdminQueryWhitelistEntry {
+		Id           string   `json:"id"`
+		Name         string   `json:"name"`
+		IdCardMasked string   `json:"id_card_masked"`
+		ApiCodes     []string `json:"api_codes"`
+		Status       string   `json:"status"`
+		Remark       string   `json:"remark"`
+		CreatedAt    string   `json:"created_at"`
+		UpdatedAt    string   `json:"updated_at"`
+	}
+	AdminCreateQueryWhitelistReq {
+		Name     string   `json:"name,optional"`
+		IdCard   string   `json:"id_card"`
+		ApiCodes []string `json:"api_codes"`
+		Remark   string   `json:"remark,optional"`
+	}
+	AdminCreateQueryWhitelistResp {
+		Code          int                      `json:"code"`
+		Message       string                   `json:"message"`
+		TransactionId string                   `json:"transaction_id"`
+		Entry         *AdminQueryWhitelistEntry `json:"entry,optional"`
+	}
+	AdminAppendQueryWhitelistReq {
+		Name     string   `json:"name,optional"`
+		IdCard   string   `json:"id_card"`
+		ApiCodes []string `json:"api_codes"`
+		Remark   string   `json:"remark,optional"`
+	}
+	AdminAppendQueryWhitelistResp {
+		Code          int                      `json:"code"`
+		Message       string                   `json:"message"`
+		TransactionId string                   `json:"transaction_id"`
+		Entry         *AdminQueryWhitelistEntry `json:"entry,optional"`
+	}
+	AdminGetQueryWhitelistOpLogListReq {
+		Page         int64   `form:"page"`
+		PageSize     int64   `form:"pageSize"`
+		IdCard       *string `form:"id_card,optional"`
+		Action       *string `form:"action,optional"`
+		TianyuanCode *int64  `form:"tianyuan_code,optional"`
+	}
+	AdminQueryWhitelistOpLogItem {
+		Id              string   `json:"id"`
+		AdminUserId     string   `json:"admin_user_id"`
+		AdminUsername   string   `json:"admin_username"`
+		Action          string   `json:"action"`
+		ActionText      string   `json:"action_text"`
+		Name            string   `json:"name"`
+		IdCard          string   `json:"id_card"`
+		IdCardMasked    string   `json:"id_card_masked"`
+		ApiCodes        []string `json:"api_codes"`
+		Remark          string   `json:"remark"`
+		TianyuanCode    int64    `json:"tianyuan_code"`
+		TianyuanMessage string   `json:"tianyuan_message"`
+		TransactionId   string   `json:"transaction_id"`
+		EntryId         string   `json:"entry_id"`
+		EntryStatus     string   `json:"entry_status"`
+		EntryApiCodes   []string `json:"entry_api_codes"`
+		CreateTime      string   `json:"create_time"`
+	}
+	AdminGetQueryWhitelistOpLogListResp {
+		Total int64                          `json:"total"`
+		Items []AdminQueryWhitelistOpLogItem `json:"items"`
+	}
+)

app/main/api/desc/main.api

@@ -25,6 +25,7 @@ import "./admin/notification.api"
 import "./admin/admin_product.api"
 import "./admin/admin_feature.api"
 import "./admin/admin_whitelist.api"
+import "./admin/admin_query_whitelist.api"
 import "./admin/admin_query.api"
 import "./admin/admin_agent.api"
 import "./admin/admin_api.api"

app/main/api/etc/main.dev.yaml

@@ -94,6 +94,7 @@ Tianyuanapi:
     Key: "04c6b4c559be6d5ba5351c04c8713a64"
     BaseURL: "https://api.tianyuanapi.com"
     Timeout: 60
+    WhitelistMgmtKey: "2R12TmEc1e8P3p69RdIoN5Ykjk%H@4orPy7DZv7MXpGByoEL" # 查询白名单管理密钥，向平台商务/技术支持申请
 Authorization:
     FileBaseURL: "https://www.onecha.cn/api/v1/auth-docs" # 授权书文件访问基础URL
 Promotion:

app/main/api/etc/main.yaml

@@ -84,6 +84,7 @@ Tianyuanapi:
     Key: "04c6b4c559be6d5ba5351c04c8713a64"
     BaseURL: "https://api.tianyuanapi.com"
     Timeout: 60
+    WhitelistMgmtKey: "2R12TmEc1e8P3p69RdIoN5Ykjk%H@4orPy7DZv7MXpGByoEL" # 查询白名单管理密钥，向平台商务/技术支持申请
 Authorization:
     FileBaseURL: "https://www.onecha.cn/api/v1/auth-docs" # 授权书文件访问基础URL
 Promotion:

app/main/api/internal/config/config.go

@@ -102,10 +102,11 @@ type TaxConfig struct {
 	TaxExemptionAmount float64
 }
 type TianyuanapiConfig struct {
-	AccessID string
-	Key      string
-	BaseURL  string
-	Timeout  int64
+	AccessID          string
+	Key               string
+	BaseURL           string
+	Timeout           int64
+	WhitelistMgmtKey  string // 查询白名单管理密钥 Whitelist-Mgmt-Key
 }
 
 type AuthorizationConfig struct {

app/main/api/internal/handler/admin_query_whitelist/adminappendquerywhitelisthandler.go

@@ -0,0 +1,29 @@
+package admin_query_whitelist
+
+import (
+	"net/http"
+
+	"github.com/zeromicro/go-zero/rest/httpx"
+	"ycc-server/app/main/api/internal/logic/admin_query_whitelist"
+	"ycc-server/app/main/api/internal/svc"
+	"ycc-server/app/main/api/internal/types"
+	"ycc-server/common/result"
+	"ycc-server/pkg/lzkit/validator"
+)
+
+func AdminAppendQueryWhitelistHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var req types.AdminAppendQueryWhitelistReq
+		if err := httpx.Parse(r, &req); err != nil {
+			result.ParamErrorResult(r, w, err)
+			return
+		}
+		if err := validator.Validate(req); err != nil {
+			result.ParamValidateErrorResult(r, w, err)
+			return
+		}
+		l := admin_query_whitelist.NewAdminAppendQueryWhitelistLogic(r.Context(), svcCtx)
+		resp, err := l.AdminAppendQueryWhitelist(&req)
+		result.HttpResult(r, w, resp, err)
+	}
+}

app/main/api/internal/handler/admin_query_whitelist/admincreatequerywhitelisthandler.go

@@ -0,0 +1,29 @@
+package admin_query_whitelist
+
+import (
+	"net/http"
+
+	"github.com/zeromicro/go-zero/rest/httpx"
+	"ycc-server/app/main/api/internal/logic/admin_query_whitelist"
+	"ycc-server/app/main/api/internal/svc"
+	"ycc-server/app/main/api/internal/types"
+	"ycc-server/common/result"
+	"ycc-server/pkg/lzkit/validator"
+)
+
+func AdminCreateQueryWhitelistHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var req types.AdminCreateQueryWhitelistReq
+		if err := httpx.Parse(r, &req); err != nil {
+			result.ParamErrorResult(r, w, err)
+			return
+		}
+		if err := validator.Validate(req); err != nil {
+			result.ParamValidateErrorResult(r, w, err)
+			return
+		}
+		l := admin_query_whitelist.NewAdminCreateQueryWhitelistLogic(r.Context(), svcCtx)
+		resp, err := l.AdminCreateQueryWhitelist(&req)
+		result.HttpResult(r, w, resp, err)
+	}
+}

app/main/api/internal/handler/admin_query_whitelist/admingetquerywhitelistoploglisthandler.go

@@ -0,0 +1,29 @@
+package admin_query_whitelist
+
+import (
+	"net/http"
+
+	"github.com/zeromicro/go-zero/rest/httpx"
+	"ycc-server/app/main/api/internal/logic/admin_query_whitelist"
+	"ycc-server/app/main/api/internal/svc"
+	"ycc-server/app/main/api/internal/types"
+	"ycc-server/common/result"
+	"ycc-server/pkg/lzkit/validator"
+)
+
+func AdminGetQueryWhitelistOpLogListHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var req types.AdminGetQueryWhitelistOpLogListReq
+		if err := httpx.Parse(r, &req); err != nil {
+			result.ParamErrorResult(r, w, err)
+			return
+		}
+		if err := validator.Validate(req); err != nil {
+			result.ParamValidateErrorResult(r, w, err)
+			return
+		}
+		l := admin_query_whitelist.NewAdminGetQueryWhitelistOpLogListLogic(r.Context(), svcCtx)
+		resp, err := l.AdminGetQueryWhitelistOpLogList(&req)
+		result.HttpResult(r, w, resp, err)
+	}
+}

app/main/api/internal/handler/routes.go

@@ -16,6 +16,7 @@ import (
 	admin_platform_user "ycc-server/app/main/api/internal/handler/admin_platform_user"
 	admin_product "ycc-server/app/main/api/internal/handler/admin_product"
 	admin_query "ycc-server/app/main/api/internal/handler/admin_query"
+	admin_query_whitelist "ycc-server/app/main/api/internal/handler/admin_query_whitelist"
 	admin_role "ycc-server/app/main/api/internal/handler/admin_role"
 	admin_role_api "ycc-server/app/main/api/internal/handler/admin_role_api"
 	admin_user "ycc-server/app/main/api/internal/handler/admin_user"
@@ -688,6 +689,30 @@ func RegisterHandlers(server *rest.Server, serverCtx *svc.ServiceContext) {
 		rest.WithPrefix("/api/v1/admin/whitelist"),
 	)
 
+	server.AddRoutes(
+		rest.WithMiddlewares(
+			[]rest.Middleware{serverCtx.AdminAuthInterceptor},
+			[]rest.Route{
+				{
+					Method:  http.MethodGet,
+					Path:    "/op-log/list",
+					Handler: admin_query_whitelist.AdminGetQueryWhitelistOpLogListHandler(serverCtx),
+				},
+				{
+					Method:  http.MethodPost,
+					Path:    "/append",
+					Handler: admin_query_whitelist.AdminAppendQueryWhitelistHandler(serverCtx),
+				},
+				{
+					Method:  http.MethodPost,
+					Path:    "/create",
+					Handler: admin_query_whitelist.AdminCreateQueryWhitelistHandler(serverCtx),
+				},
+			}...,
+		),
+		rest.WithPrefix("/api/v1/admin/query-whitelist"),
+	)
+
 	server.AddRoutes(
 		[]rest.Route{
 			{

app/main/api/internal/logic/admin_query_whitelist/adminappendquerywhitelistlogic.go

@@ -0,0 +1,46 @@
+package admin_query_whitelist
+
+import (
+	"context"
+
+	"ycc-server/app/main/api/internal/svc"
+	"ycc-server/app/main/api/internal/types"
+
+	"github.com/zeromicro/go-zero/core/logx"
+)
+
+type AdminAppendQueryWhitelistLogic struct {
+	logx.Logger
+	ctx    context.Context
+	svcCtx *svc.ServiceContext
+}
+
+func NewAdminAppendQueryWhitelistLogic(ctx context.Context, svcCtx *svc.ServiceContext) *AdminAppendQueryWhitelistLogic {
+	return &AdminAppendQueryWhitelistLogic{
+		Logger: logx.WithContext(ctx),
+		ctx:    ctx,
+		svcCtx: svcCtx,
+	}
+}
+
+func (l *AdminAppendQueryWhitelistLogic) AdminAppendQueryWhitelist(req *types.AdminAppendQueryWhitelistReq) (resp *types.AdminAppendQueryWhitelistResp, err error) {
+	if err = validateQueryWhitelistReq(req.IdCard, req.ApiCodes); err != nil {
+		return nil, err
+	}
+
+	apiResp, err := callQueryWhitelistMgmt(
+		l.svcCtx,
+		"/api/v1/query-whitelist/entries/append",
+		req.Name,
+		req.IdCard,
+		req.ApiCodes,
+		req.Remark,
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	recordQueryWhitelistOpLog(l.ctx, l.svcCtx, "append", req.Name, req.IdCard, req.ApiCodes, req.Remark, apiResp)
+
+	return toAppendResp(apiResp), nil
+}

app/main/api/internal/logic/admin_query_whitelist/admincreatequerywhitelistlogic.go

@@ -0,0 +1,46 @@
+package admin_query_whitelist
+
+import (
+	"context"
+
+	"ycc-server/app/main/api/internal/svc"
+	"ycc-server/app/main/api/internal/types"
+
+	"github.com/zeromicro/go-zero/core/logx"
+)
+
+type AdminCreateQueryWhitelistLogic struct {
+	logx.Logger
+	ctx    context.Context
+	svcCtx *svc.ServiceContext
+}
+
+func NewAdminCreateQueryWhitelistLogic(ctx context.Context, svcCtx *svc.ServiceContext) *AdminCreateQueryWhitelistLogic {
+	return &AdminCreateQueryWhitelistLogic{
+		Logger: logx.WithContext(ctx),
+		ctx:    ctx,
+		svcCtx: svcCtx,
+	}
+}
+
+func (l *AdminCreateQueryWhitelistLogic) AdminCreateQueryWhitelist(req *types.AdminCreateQueryWhitelistReq) (resp *types.AdminCreateQueryWhitelistResp, err error) {
+	if err = validateQueryWhitelistReq(req.IdCard, req.ApiCodes); err != nil {
+		return nil, err
+	}
+
+	apiResp, err := callQueryWhitelistMgmt(
+		l.svcCtx,
+		"/api/v1/query-whitelist/entries",
+		req.Name,
+		req.IdCard,
+		req.ApiCodes,
+		req.Remark,
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	recordQueryWhitelistOpLog(l.ctx, l.svcCtx, "create", req.Name, req.IdCard, req.ApiCodes, req.Remark, apiResp)
+
+	return toCreateResp(apiResp), nil
+}

app/main/api/internal/logic/admin_query_whitelist/admingetquerywhitelistoploglistlogic.go

@@ -0,0 +1,119 @@
+package admin_query_whitelist
+
+import (
+	"context"
+
+	"ycc-server/app/main/api/internal/svc"
+	"ycc-server/app/main/api/internal/types"
+	"ycc-server/app/main/model"
+	"ycc-server/common/xerr"
+
+	"github.com/Masterminds/squirrel"
+	"github.com/pkg/errors"
+	"github.com/zeromicro/go-zero/core/logx"
+)
+
+type AdminGetQueryWhitelistOpLogListLogic struct {
+	logx.Logger
+	ctx    context.Context
+	svcCtx *svc.ServiceContext
+}
+
+func NewAdminGetQueryWhitelistOpLogListLogic(ctx context.Context, svcCtx *svc.ServiceContext) *AdminGetQueryWhitelistOpLogListLogic {
+	return &AdminGetQueryWhitelistOpLogListLogic{
+		Logger: logx.WithContext(ctx),
+		ctx:    ctx,
+		svcCtx: svcCtx,
+	}
+}
+
+func (l *AdminGetQueryWhitelistOpLogListLogic) AdminGetQueryWhitelistOpLogList(req *types.AdminGetQueryWhitelistOpLogListReq) (resp *types.AdminGetQueryWhitelistOpLogListResp, err error) {
+	builder := l.svcCtx.QueryWhitelistOpLogModel.SelectBuilder()
+
+	if req.IdCard != nil && *req.IdCard != "" {
+		builder = builder.Where("id_card LIKE ?", "%"+*req.IdCard+"%")
+	}
+	if req.Action != nil && *req.Action != "" {
+		builder = builder.Where("action = ?", *req.Action)
+	}
+	if req.TianyuanCode != nil {
+		builder = builder.Where("tianyuan_code = ?", *req.TianyuanCode)
+	}
+
+	total, err := l.svcCtx.QueryWhitelistOpLogModel.FindCount(l.ctx, builder, "id")
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询操作记录总数失败, %v", err)
+	}
+
+	list, err := l.svcCtx.QueryWhitelistOpLogModel.FindPageListByPage(l.ctx, builder, req.Page, req.PageSize, "create_time DESC")
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询操作记录列表失败, %v", err)
+	}
+
+	adminNameMap := l.buildAdminUsernameMap(list)
+	items := make([]types.AdminQueryWhitelistOpLogItem, 0, len(list))
+	for _, row := range list {
+		items = append(items, types.AdminQueryWhitelistOpLogItem{
+			Id:              row.Id,
+			AdminUserId:     row.AdminUserId,
+			AdminUsername:   adminNameMap[row.AdminUserId],
+			Action:          row.Action,
+			ActionText:      queryWhitelistActionText(row.Action),
+			Name:            row.Name,
+			IdCard:          row.IdCard,
+			IdCardMasked:    row.IdCardMasked.String,
+			ApiCodes:        parseApiCodesJSON(row.ApiCodes),
+			Remark:          row.Remark.String,
+			TianyuanCode:    row.TianyuanCode,
+			TianyuanMessage: row.TianyuanMessage.String,
+			TransactionId:   row.TransactionId.String,
+			EntryId:         row.EntryId.String,
+			EntryStatus:     row.EntryStatus.String,
+			EntryApiCodes:   parseApiCodesJSON(row.EntryApiCodes.String),
+			CreateTime:      row.CreateTime.Format("2006-01-02 15:04:05"),
+		})
+	}
+
+	return &types.AdminGetQueryWhitelistOpLogListResp{
+		Total: total,
+		Items: items,
+	}, nil
+}
+
+func (l *AdminGetQueryWhitelistOpLogListLogic) buildAdminUsernameMap(list []*model.QueryWhitelistOpLog) map[string]string {
+	nameMap := make(map[string]string)
+	if len(list) == 0 {
+		return nameMap
+	}
+
+	adminIds := make([]string, 0, len(list))
+	seen := make(map[string]struct{}, len(list))
+	for _, row := range list {
+		if row.AdminUserId == "" {
+			continue
+		}
+		if _, ok := seen[row.AdminUserId]; ok {
+			continue
+		}
+		seen[row.AdminUserId] = struct{}{}
+		adminIds = append(adminIds, row.AdminUserId)
+	}
+	if len(adminIds) == 0 {
+		return nameMap
+	}
+
+	builder := l.svcCtx.AdminUserModel.SelectBuilder().Where(squirrel.Eq{"id": adminIds})
+	users, err := l.svcCtx.AdminUserModel.FindAll(l.ctx, builder, "")
+	if err != nil {
+		l.Errorf("批量查询管理员名称失败: %v", err)
+		return nameMap
+	}
+	for _, user := range users {
+		displayName := user.RealName
+		if displayName == "" {
+			displayName = user.Username
+		}
+		nameMap[user.Id] = displayName
+	}
+	return nameMap
+}

app/main/api/internal/logic/admin_query_whitelist/query_whitelist_helper.go

@@ -0,0 +1,199 @@
+package admin_query_whitelist
+
+import (
+	"context"
+	"database/sql"
+	"encoding/json"
+	"regexp"
+	"strings"
+
+	"ycc-server/app/main/api/internal/svc"
+	"ycc-server/app/main/api/internal/types"
+	tianyuanapi "ycc-server/app/main/api/internal/service/tianyuanapi_sdk"
+	"ycc-server/app/main/model"
+	"ycc-server/common/ctxdata"
+	"ycc-server/common/xerr"
+
+	"github.com/pkg/errors"
+	"github.com/zeromicro/go-zero/core/logx"
+)
+
+var idCardPattern = regexp.MustCompile(`^\d{17}[\dXx]$`)
+
+func validateQueryWhitelistReq(idCard string, apiCodes []string) error {
+	if strings.TrimSpace(idCard) == "" {
+		return errors.Wrapf(xerr.NewErrMsg("身份证号不能为空"), "")
+	}
+	if !idCardPattern.MatchString(strings.TrimSpace(idCard)) {
+		return errors.Wrapf(xerr.NewErrMsg("身份证号格式不正确，需为18位中国大陆身份证号"), "")
+	}
+	if len(apiCodes) == 0 {
+		return errors.Wrapf(xerr.NewErrMsg("请至少选择一个产品编码"), "")
+	}
+	for _, code := range apiCodes {
+		if strings.TrimSpace(code) == "" {
+			return errors.Wrapf(xerr.NewErrMsg("产品编码不能为空"), "")
+		}
+		if code == "*" {
+			return errors.Wrapf(xerr.NewErrMsg("产品编码不支持通配符 *"), "")
+		}
+	}
+	return nil
+}
+
+func buildQueryWhitelistPayload(name, idCard string, apiCodes []string, remark string) map[string]interface{} {
+	payload := map[string]interface{}{
+		"name":      name,
+		"id_card":   strings.TrimSpace(idCard),
+		"api_codes": apiCodes,
+	}
+	if strings.TrimSpace(remark) != "" {
+		payload["remark"] = strings.TrimSpace(remark)
+	}
+	return payload
+}
+
+func callQueryWhitelistMgmt(
+	svcCtx *svc.ServiceContext,
+	apiPath string,
+	name, idCard string,
+	apiCodes []string,
+	remark string,
+) (*tianyuanapi.QueryWhitelistMgmtResponse, error) {
+	mgmtKey := svcCtx.Config.Tianyuanapi.WhitelistMgmtKey
+	if mgmtKey == "" {
+		return nil, errors.Wrapf(xerr.NewErrMsg("查询白名单管理密钥未配置，请在服务端配置 Tianyuanapi.WhitelistMgmtKey"), "")
+	}
+	if svcCtx.TianyuanapiClient == nil {
+		return nil, errors.Wrapf(xerr.NewErrMsg("天远 API 客户端未初始化"), "")
+	}
+
+	if strings.TrimSpace(name) == "" {
+		name = "*"
+	}
+
+	payload := buildQueryWhitelistPayload(name, idCard, apiCodes, remark)
+	return svcCtx.TianyuanapiClient.CallQueryWhitelistMgmt(apiPath, payload, mgmtKey)
+}
+
+func toAdminEntry(entry *tianyuanapi.QueryWhitelistEntry) *types.AdminQueryWhitelistEntry {
+	if entry == nil {
+		return nil
+	}
+	return &types.AdminQueryWhitelistEntry{
+		Id:           entry.ID,
+		Name:         entry.Name,
+		IdCardMasked: entry.IdCardMasked,
+		ApiCodes:     entry.ApiCodes,
+		Status:       entry.Status,
+		Remark:       entry.Remark,
+		CreatedAt:    entry.CreatedAt,
+		UpdatedAt:    entry.UpdatedAt,
+	}
+}
+
+func toCreateResp(resp *tianyuanapi.QueryWhitelistMgmtResponse) *types.AdminCreateQueryWhitelistResp {
+	return &types.AdminCreateQueryWhitelistResp{
+		Code:          resp.Code,
+		Message:       resp.Message,
+		TransactionId: resp.TransactionID,
+		Entry:         toAdminEntry(resp.Entry),
+	}
+}
+
+func toAppendResp(resp *tianyuanapi.QueryWhitelistMgmtResponse) *types.AdminAppendQueryWhitelistResp {
+	return &types.AdminAppendQueryWhitelistResp{
+		Code:          resp.Code,
+		Message:       resp.Message,
+		TransactionId: resp.TransactionID,
+		Entry:         toAdminEntry(resp.Entry),
+	}
+}
+
+func resolveName(name string) string {
+	if strings.TrimSpace(name) == "" {
+		return "*"
+	}
+	return strings.TrimSpace(name)
+}
+
+func parseApiCodesJSON(raw string) []string {
+	if raw == "" {
+		return nil
+	}
+	var codes []string
+	if err := json.Unmarshal([]byte(raw), &codes); err != nil {
+		return nil
+	}
+	return codes
+}
+
+func queryWhitelistActionText(action string) string {
+	switch action {
+	case "create":
+		return "创建规则"
+	case "append":
+		return "追加接口"
+	default:
+		return action
+	}
+}
+
+func recordQueryWhitelistOpLog(
+	ctx context.Context,
+	svcCtx *svc.ServiceContext,
+	action, name, idCard string,
+	apiCodes []string,
+	remark string,
+	apiResp *tianyuanapi.QueryWhitelistMgmtResponse,
+) {
+	adminUserId, err := ctxdata.GetUidFromCtx(ctx)
+	if err != nil {
+		logx.WithContext(ctx).Errorf("记录查询白名单操作日志失败: 获取管理员ID失败, %v", err)
+		adminUserId = ""
+	}
+
+	apiCodesJSON, marshalErr := json.Marshal(apiCodes)
+	if marshalErr != nil {
+		logx.WithContext(ctx).Errorf("记录查询白名单操作日志失败: 序列化 api_codes 失败, %v", marshalErr)
+		return
+	}
+
+	log := &model.QueryWhitelistOpLog{
+		AdminUserId:  adminUserId,
+		Action:       action,
+		Name:         resolveName(name),
+		IdCard:       strings.TrimSpace(idCard),
+		ApiCodes:     string(apiCodesJSON),
+		TianyuanCode: int64(apiResp.Code),
+	}
+
+	if strings.TrimSpace(remark) != "" {
+		log.Remark = sql.NullString{String: strings.TrimSpace(remark), Valid: true}
+	}
+	if apiResp.Message != "" {
+		log.TianyuanMessage = sql.NullString{String: apiResp.Message, Valid: true}
+	}
+	if apiResp.TransactionID != "" {
+		log.TransactionId = sql.NullString{String: apiResp.TransactionID, Valid: true}
+	}
+	if apiResp.Entry != nil {
+		if apiResp.Entry.IdCardMasked != "" {
+			log.IdCardMasked = sql.NullString{String: apiResp.Entry.IdCardMasked, Valid: true}
+		}
+		if apiResp.Entry.ID != "" {
+			log.EntryId = sql.NullString{String: apiResp.Entry.ID, Valid: true}
+		}
+		if apiResp.Entry.Status != "" {
+			log.EntryStatus = sql.NullString{String: apiResp.Entry.Status, Valid: true}
+		}
+		if len(apiResp.Entry.ApiCodes) > 0 {
+			entryCodesJSON, _ := json.Marshal(apiResp.Entry.ApiCodes)
+			log.EntryApiCodes = sql.NullString{String: string(entryCodesJSON), Valid: true}
+		}
+	}
+
+	if _, insertErr := svcCtx.QueryWhitelistOpLogModel.Insert(ctx, nil, log); insertErr != nil {
+		logx.WithContext(ctx).Errorf("记录查询白名单操作日志失败: %v", insertErr)
+	}
+}

app/main/api/internal/service/tianyuanapi_sdk/query_whitelist.go

@@ -0,0 +1,105 @@
+package tianyuanapi
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"time"
+)
+
+// QueryWhitelistEntry 查询白名单规则详情（解密后）
+type QueryWhitelistEntry struct {
+	ID           string   `json:"id"`
+	Name         string   `json:"name"`
+	IdCardMasked string   `json:"id_card_masked"`
+	ApiCodes     []string `json:"api_codes"`
+	Status       string   `json:"status"`
+	Remark       string   `json:"remark"`
+	CreatedAt    string   `json:"created_at"`
+	UpdatedAt    string   `json:"updated_at"`
+}
+
+// QueryWhitelistMgmtResponse 查询白名单管理接口响应
+type QueryWhitelistMgmtResponse struct {
+	Code          int                  `json:"code"`
+	Message       string               `json:"message"`
+	TransactionID string               `json:"transaction_id"`
+	Entry         *QueryWhitelistEntry `json:"entry,omitempty"`
+	Timeout       int64                `json:"timeout"`
+}
+
+// CallQueryWhitelistMgmt 调用查询白名单管理接口（创建/追加）
+func (c *Client) CallQueryWhitelistMgmt(apiPath string, params map[string]interface{}, mgmtKey string) (*QueryWhitelistMgmtResponse, error) {
+	startTime := time.Now()
+
+	if mgmtKey == "" {
+		return nil, fmt.Errorf("Whitelist-Mgmt-Key 不能为空")
+	}
+	if params == nil {
+		return nil, fmt.Errorf("params不能为空")
+	}
+
+	jsonData, err := json.Marshal(params)
+	if err != nil {
+		return nil, fmt.Errorf("参数序列化失败: %v", err)
+	}
+
+	encryptedData, err := c.encrypt(string(jsonData))
+	if err != nil {
+		return nil, fmt.Errorf("数据加密失败: %v", err)
+	}
+
+	requestBody := map[string]string{"data": encryptedData}
+	requestBodyBytes, err := json.Marshal(requestBody)
+	if err != nil {
+		return nil, fmt.Errorf("请求体序列化失败: %v", err)
+	}
+
+	url := c.baseURL + apiPath
+	httpReq, err := http.NewRequest(http.MethodPost, url, bytes.NewBuffer(requestBodyBytes))
+	if err != nil {
+		return nil, fmt.Errorf("创建HTTP请求失败: %v", err)
+	}
+
+	httpReq.Header.Set("Content-Type", "application/json")
+	httpReq.Header.Set("Access-Id", c.accessID)
+	httpReq.Header.Set("Whitelist-Mgmt-Key", mgmtKey)
+	httpReq.Header.Set("User-Agent", "TianyuanAPI-Go-SDK/1.0.0")
+
+	resp, err := c.client.Do(httpReq)
+	if err != nil {
+		return nil, fmt.Errorf("请求失败: %v", err)
+	}
+	defer resp.Body.Close()
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, fmt.Errorf("读取响应失败: %v", err)
+	}
+
+	var apiResp ApiResponse
+	if err := json.Unmarshal(body, &apiResp); err != nil {
+		return nil, fmt.Errorf("响应解析失败: %v", err)
+	}
+
+	result := &QueryWhitelistMgmtResponse{
+		Code:          apiResp.Code,
+		Message:       apiResp.Message,
+		TransactionID: apiResp.TransactionID,
+		Timeout:       time.Since(startTime).Milliseconds(),
+	}
+
+	if apiResp.Data != "" {
+		decryptedData, decryptErr := c.decrypt(apiResp.Data)
+		if decryptErr == nil {
+			var entry QueryWhitelistEntry
+			if json.Unmarshal([]byte(decryptedData), &entry) == nil {
+				result.Entry = &entry
+			}
+		}
+	}
+
+	return result, nil
+}

app/main/api/internal/svc/servicecontext.go

@@ -37,11 +37,13 @@ type ServiceContext struct {
 	// 天元API调用记录模型
 	TianyuanapiCallLogModel   model.TianyuanapiCallLogModel
 	TianyuanapiCallLogService *service.TianyuanapiCallLogService
+	TianyuanapiClient         *tianyuanapi.Client
 
 	// 白名单相关模型
-	UserFeatureWhitelistModel model.UserFeatureWhitelistModel
-	WhitelistOrderModel       model.WhitelistOrderModel
-	WhitelistOrderItemModel   model.WhitelistOrderItemModel
+	UserFeatureWhitelistModel  model.UserFeatureWhitelistModel
+	WhitelistOrderModel        model.WhitelistOrderModel
+	WhitelistOrderItemModel    model.WhitelistOrderItemModel
+	QueryWhitelistOpLogModel   model.QueryWhitelistOpLogModel
 
 	// 订单相关模型
 	OrderModel              model.OrderModel
@@ -140,6 +142,7 @@ func NewServiceContext(c config.Config) *ServiceContext {
 	userFeatureWhitelistModel := model.NewUserFeatureWhitelistModel(db, cacheConf)
 	whitelistOrderModel := model.NewWhitelistOrderModel(db, cacheConf)
 	whitelistOrderItemModel := model.NewWhitelistOrderItemModel(db, cacheConf)
+	queryWhitelistOpLogModel := model.NewQueryWhitelistOpLogModel(db, cacheConf)
 
 	// ============================== 订单相关模型 ==============================
 	orderModel := model.NewOrderModel(db, cacheConf)
@@ -254,11 +257,13 @@ func NewServiceContext(c config.Config) *ServiceContext {
 		// 天元API调用记录模型
 		TianyuanapiCallLogModel:   tianyuanapiCallLogModel,
 		TianyuanapiCallLogService: tianyuanapiCallLogService,
+		TianyuanapiClient:         tianyuanapi,
 
 		// 白名单相关模型
 		UserFeatureWhitelistModel: userFeatureWhitelistModel,
 		WhitelistOrderModel:       whitelistOrderModel,
 		WhitelistOrderItemModel:   whitelistOrderItemModel,
+		QueryWhitelistOpLogModel:  queryWhitelistOpLogModel,
 
 		// 订单相关模型
 		OrderModel:              orderModel,

app/main/api/internal/types/types.go

@@ -197,6 +197,78 @@ type AdminCreateWhitelistResp struct {
 	Id string `json:"id"`
 }
 
+type AdminAppendQueryWhitelistReq struct {
+	Name     string   `json:"name,optional"`
+	IdCard   string   `json:"id_card"`
+	ApiCodes []string `json:"api_codes"`
+	Remark   string   `json:"remark,optional"`
+}
+
+type AdminAppendQueryWhitelistResp struct {
+	Code          int                       `json:"code"`
+	Message       string                    `json:"message"`
+	TransactionId string                    `json:"transaction_id"`
+	Entry         *AdminQueryWhitelistEntry `json:"entry,optional"`
+}
+
+type AdminCreateQueryWhitelistReq struct {
+	Name     string   `json:"name,optional"`
+	IdCard   string   `json:"id_card"`
+	ApiCodes []string `json:"api_codes"`
+	Remark   string   `json:"remark,optional"`
+}
+
+type AdminCreateQueryWhitelistResp struct {
+	Code          int                       `json:"code"`
+	Message       string                    `json:"message"`
+	TransactionId string                    `json:"transaction_id"`
+	Entry         *AdminQueryWhitelistEntry `json:"entry,optional"`
+}
+
+type AdminQueryWhitelistEntry struct {
+	Id           string   `json:"id"`
+	Name         string   `json:"name"`
+	IdCardMasked string   `json:"id_card_masked"`
+	ApiCodes     []string `json:"api_codes"`
+	Status       string   `json:"status"`
+	Remark       string   `json:"remark"`
+	CreatedAt    string   `json:"created_at"`
+	UpdatedAt    string   `json:"updated_at"`
+}
+
+type AdminGetQueryWhitelistOpLogListReq struct {
+	Page         int64   `form:"page"`
+	PageSize     int64   `form:"pageSize"`
+	IdCard       *string `form:"id_card,optional"`
+	Action       *string `form:"action,optional"`
+	TianyuanCode *int64  `form:"tianyuan_code,optional"`
+}
+
+type AdminQueryWhitelistOpLogItem struct {
+	Id              string   `json:"id"`
+	AdminUserId     string   `json:"admin_user_id"`
+	AdminUsername   string   `json:"admin_username"`
+	Action          string   `json:"action"`
+	ActionText      string   `json:"action_text"`
+	Name            string   `json:"name"`
+	IdCard          string   `json:"id_card"`
+	IdCardMasked    string   `json:"id_card_masked"`
+	ApiCodes        []string `json:"api_codes"`
+	Remark          string   `json:"remark"`
+	TianyuanCode    int64    `json:"tianyuan_code"`
+	TianyuanMessage string   `json:"tianyuan_message"`
+	TransactionId   string   `json:"transaction_id"`
+	EntryId         string   `json:"entry_id"`
+	EntryStatus     string   `json:"entry_status"`
+	EntryApiCodes   []string `json:"entry_api_codes"`
+	CreateTime      string   `json:"create_time"`
+}
+
+type AdminGetQueryWhitelistOpLogListResp struct {
+	Total int64                          `json:"total"`
+	Items []AdminQueryWhitelistOpLogItem `json:"items"`
+}
+
 type AdminDeleteApiReq struct {
 	Id string `path:"id"`
 }