diff --git a/app/main/api/desc/front/agent.api b/app/main/api/desc/front/agent.api index b3aca4e..f4c418d 100644 --- a/app/main/api/desc/front/agent.api +++ b/app/main/api/desc/front/agent.api @@ -579,11 +579,13 @@ type ( List []PromotionQueryItem `json:"list"` // 列表 } PromotionQueryItem { - Id string `json:"id"` // 查询ID - OrderId string `json:"order_id"` // 订单ID - ProductName string `json:"product_name"` // 产品名称 - CreateTime string `json:"create_time"` // 创建时间 - QueryState string `json:"query_state"` // 查询状态 + Id string `json:"id"` // 查询ID + OrderId string `json:"order_id"` // 订单ID + ProductName string `json:"product_name"` // 产品名称 + CreateTime string `json:"create_time"` // 创建时间 + QueryState string `json:"query_state"` // 查询状态 + Params map[string]interface{} `json:"params"` // 查询参数(已脱敏) + Price float64 `json:"price"` // 查询价格 } ) diff --git a/app/main/api/desc/front/query.api b/app/main/api/desc/front/query.api index 7a71035..5a48946 100644 --- a/app/main/api/desc/front/query.api +++ b/app/main/api/desc/front/query.api @@ -19,6 +19,8 @@ type Query { CreateTime string `json:"create_time"` // 创建时间 UpdateTime string `json:"update_time"` // 更新时间 QueryState string `json:"query_state"` // 查询状态 + Params map[string]interface{} `json:"params"` // 查询参数(已脱敏) + Price float64 `json:"price"` // 查询价格 } type QueryItem { diff --git a/app/main/api/internal/logic/agent/getpromotionquerylistlogic.go b/app/main/api/internal/logic/agent/getpromotionquerylistlogic.go index be064b9..dd004fe 100644 --- a/app/main/api/internal/logic/agent/getpromotionquerylistlogic.go +++ b/app/main/api/internal/logic/agent/getpromotionquerylistlogic.go @@ -2,10 +2,14 @@ package agent import ( "context" + "encoding/hex" + "encoding/json" + "strings" "ycc-server/app/main/model" "ycc-server/common/ctxdata" "ycc-server/common/globalkey" "ycc-server/common/xerr" + "ycc-server/pkg/lzkit/crypto" "github.com/jinzhu/copier" "github.com/pkg/errors" @@ -71,6 +75,34 @@ func (l *GetPromotionQueryListLogic) GetPromotionQueryList(req *types.GetPromoti return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询产品信息失败, %v", pErr) } + // 获取订单价格 + order, oErr := l.svcCtx.OrderModel.FindOne(l.ctx, ao.OrderId) + if oErr != nil { + return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询订单信息失败, %v", oErr) + } + + // 解密并脱敏params + var params map[string]interface{} + if q.QueryParams != "" { + secretKey := l.svcCtx.Config.Encrypt.SecretKey + key, decodeErr := hex.DecodeString(secretKey) + if decodeErr != nil { + return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "获取AES密钥失败, %v", decodeErr) + } + decryptedData, decryptErr := crypto.AesDecrypt(q.QueryParams, key) + if decryptErr != nil { + return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "解密查询参数失败, %v", decryptErr) + } + unmarshalErr := json.Unmarshal(decryptedData, ¶ms) + if unmarshalErr != nil { + return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "解析查询参数失败, %v", unmarshalErr) + } + // 脱敏处理 + params = l.desensitizeParams(params) + } else { + params = make(map[string]interface{}) + } + item := types.PromotionQueryItem{} _ = copier.Copy(&item, q) item.Id = q.Id @@ -78,6 +110,8 @@ func (l *GetPromotionQueryListLogic) GetPromotionQueryList(req *types.GetPromoti item.ProductName = product.ProductName item.CreateTime = q.CreateTime.Format("2006-01-02 15:04:05") item.QueryState = q.QueryState + item.Params = params + item.Price = order.Amount list = append(list, item) } @@ -86,3 +120,64 @@ func (l *GetPromotionQueryListLogic) GetPromotionQueryList(req *types.GetPromoti List: list, }, nil } + +// desensitizeParams 对敏感数据进行脱敏处理 +func (l *GetPromotionQueryListLogic) desensitizeParams(params map[string]interface{}) map[string]interface{} { + result := make(map[string]interface{}) + for key, value := range params { + if strValue, ok := value.(string); ok { + keyLower := strings.ToLower(key) + if (strings.Contains(keyLower, "name") || strings.Contains(keyLower, "姓名")) && len(strValue) > 0 { + result[key] = l.maskName(strValue) + } else if (strings.Contains(keyLower, "idcard") || strings.Contains(keyLower, "id_card") || strings.Contains(keyLower, "身份证")) && len(strValue) > 10 { + result[key] = l.maskIDCard(strValue) + } else if (strings.Contains(keyLower, "mobile") || strings.Contains(keyLower, "phone") || strings.Contains(keyLower, "手机")) && len(strValue) >= 8 { + result[key] = l.maskPhone(strValue) + } else { + result[key] = strValue + } + } else { + result[key] = value + } + } + return result +} + +// maskName 姓名脱敏 +func (l *GetPromotionQueryListLogic) maskName(name string) string { + runes := []rune(name) + length := len(runes) + if length <= 1 { + return name + } + if length == 2 { + return string(runes[0]) + "*" + } + return string(runes[0]) + strings.Repeat("*", length-2) + string(runes[length-1]) +} + +// maskIDCard 身份证号脱敏 +func (l *GetPromotionQueryListLogic) maskIDCard(idCard string) string { + length := len(idCard) + if length <= 10 { + return idCard + } + // 保留前3位和后4位 + if length > 7 { + return idCard[:3] + strings.Repeat("*", length-7) + idCard[length-4:] + } + return idCard +} + +// maskPhone 手机号脱敏 +func (l *GetPromotionQueryListLogic) maskPhone(phone string) string { + length := len(phone) + if length < 8 { + return phone + } + // 保留前3位和后4位 + if length > 7 { + return phone[:3] + strings.Repeat("*", length-7) + phone[length-4:] + } + return phone +} diff --git a/app/main/api/internal/logic/query/querygeneratesharelinklogic.go b/app/main/api/internal/logic/query/querygeneratesharelinklogic.go index 252352d..0514bb0 100644 --- a/app/main/api/internal/logic/query/querygeneratesharelinklogic.go +++ b/app/main/api/internal/logic/query/querygeneratesharelinklogic.go @@ -82,8 +82,15 @@ func (l *QueryGenerateShareLinkLogic) QueryGenerateShareLink(req *types.QueryGen return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "生成分享链接, 获取用户失败: %v", err) } if user.Inside != 1 { + // 检查是否是订单所有者或订单的代理 if order.UserId != userId { - return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "生成分享链接, 无权操作此订单") + isAgent, aerr := IsOrderAgent(l.ctx, l.svcCtx, userId, order.Id) + if aerr != nil { + return nil, aerr + } + if !isAgent { + return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "生成分享链接, 无权操作此订单") + } } } diff --git a/app/main/api/internal/logic/query/querylistlogic.go b/app/main/api/internal/logic/query/querylistlogic.go index d373b83..6bd9106 100644 --- a/app/main/api/internal/logic/query/querylistlogic.go +++ b/app/main/api/internal/logic/query/querylistlogic.go @@ -2,11 +2,15 @@ package query import ( "context" + "encoding/hex" + "encoding/json" + "strings" "ycc-server/app/main/api/internal/svc" "ycc-server/app/main/api/internal/types" "ycc-server/app/main/model" "ycc-server/common/ctxdata" "ycc-server/common/xerr" + "ycc-server/pkg/lzkit/crypto" "github.com/Masterminds/squirrel" "github.com/jinzhu/copier" @@ -59,14 +63,42 @@ func (l *QueryListLogic) QueryList(req *types.QueryListReq) (resp *types.QueryLi if findProductErr != nil { return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "报告列表查询, 获取商品信息失败, %+v", err) } - + // 检查订单状态,如果订单已退款,则设置查询状态为已退款 order, findOrderErr := l.svcCtx.OrderModel.FindOne(l.ctx, queryModel.OrderId) - if findOrderErr == nil && order.Status == model.OrderStatusRefunded { + if findOrderErr != nil { + return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "报告列表查询, 查询订单信息失败, %+v", findOrderErr) + } + if order.Status == model.OrderStatusRefunded { query.QueryState = model.QueryStateRefunded } + + // 解密并脱敏params + var params map[string]interface{} + if queryModel.QueryParams != "" { + secretKey := l.svcCtx.Config.Encrypt.SecretKey + key, decodeErr := hex.DecodeString(secretKey) + if decodeErr != nil { + return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "报告列表查询, 获取AES密钥失败, %+v", decodeErr) + } + decryptedData, decryptErr := crypto.AesDecrypt(queryModel.QueryParams, key) + if decryptErr != nil { + return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "报告列表查询, 解密查询参数失败, %+v", decryptErr) + } + unmarshalErr := json.Unmarshal(decryptedData, ¶ms) + if unmarshalErr != nil { + return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "报告列表查询, 解析查询参数失败, %+v", unmarshalErr) + } + // 脱敏处理 + params = l.desensitizeParams(params) + } else { + params = make(map[string]interface{}) + } + query.ProductName = product.ProductName query.Product = product.ProductEn + query.Params = params + query.Price = order.Amount list = append(list, query) } } @@ -76,3 +108,64 @@ func (l *QueryListLogic) QueryList(req *types.QueryListReq) (resp *types.QueryLi List: list, }, nil } + +// desensitizeParams 对敏感数据进行脱敏处理 +func (l *QueryListLogic) desensitizeParams(params map[string]interface{}) map[string]interface{} { + result := make(map[string]interface{}) + for key, value := range params { + if strValue, ok := value.(string); ok { + keyLower := strings.ToLower(key) + if (strings.Contains(keyLower, "name") || strings.Contains(keyLower, "姓名")) && len(strValue) > 0 { + result[key] = l.maskName(strValue) + } else if (strings.Contains(keyLower, "idcard") || strings.Contains(keyLower, "id_card") || strings.Contains(keyLower, "身份证")) && len(strValue) > 10 { + result[key] = l.maskIDCard(strValue) + } else if (strings.Contains(keyLower, "mobile") || strings.Contains(keyLower, "phone") || strings.Contains(keyLower, "手机")) && len(strValue) >= 8 { + result[key] = l.maskPhone(strValue) + } else { + result[key] = strValue + } + } else { + result[key] = value + } + } + return result +} + +// maskName 姓名脱敏 +func (l *QueryListLogic) maskName(name string) string { + runes := []rune(name) + length := len(runes) + if length <= 1 { + return name + } + if length == 2 { + return string(runes[0]) + "*" + } + return string(runes[0]) + strings.Repeat("*", length-2) + string(runes[length-1]) +} + +// maskIDCard 身份证号脱敏 +func (l *QueryListLogic) maskIDCard(idCard string) string { + length := len(idCard) + if length <= 10 { + return idCard + } + // 保留前3位和后4位 + if length > 7 { + return idCard[:3] + strings.Repeat("*", length-7) + idCard[length-4:] + } + return idCard +} + +// maskPhone 手机号脱敏 +func (l *QueryListLogic) maskPhone(phone string) string { + length := len(phone) + if length < 8 { + return phone + } + // 保留前3位和后4位 + if length > 7 { + return phone[:3] + strings.Repeat("*", length-7) + phone[length-4:] + } + return phone +} diff --git a/app/main/api/internal/types/types.go b/app/main/api/internal/types/types.go index c9222c3..c8d9d57 100644 --- a/app/main/api/internal/types/types.go +++ b/app/main/api/internal/types/types.go @@ -394,11 +394,13 @@ type ProductListItem struct { } type PromotionQueryItem struct { - Id string `json:"id"` // 查询ID - OrderId string `json:"order_id"` // 订单ID - ProductName string `json:"product_name"` // 产品名称 - CreateTime string `json:"create_time"` // 创建时间 - QueryState string `json:"query_state"` // 查询状态 + Id string `json:"id"` // 查询ID + OrderId string `json:"order_id"` // 订单ID + ProductName string `json:"product_name"` // 产品名称 + CreateTime string `json:"create_time"` // 创建时间 + QueryState string `json:"query_state"` // 查询状态 + Params map[string]interface{} `json:"params"` // 查询参数(已脱敏) + Price float64 `json:"price"` // 查询价格 } type Query struct { @@ -412,6 +414,8 @@ type Query struct { CreateTime string `json:"create_time"` // 创建时间 UpdateTime string `json:"update_time"` // 更新时间 QueryState string `json:"query_state"` // 查询状态 + Params map[string]interface{} `json:"params"` // 查询参数(已脱敏) + Price float64 `json:"price"` // 查询价格 } type QueryCleanupConfigItem struct {