修改：分享增加代理权限

2025-12-23 14:35:57 +08:00
parent 21fc156af0
commit 7b47f4512f
6 changed files with 216 additions and 13 deletions
--- a/app/main/api/internal/logic/query/querygeneratesharelinklogic.go
+++ b/app/main/api/internal/logic/query/querygeneratesharelinklogic.go
@@ -82,8 +82,15 @@ func (l *QueryGenerateShareLinkLogic) QueryGenerateShareLink(req *types.QueryGen
 		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "生成分享链接, 获取用户失败: %v", err)
 	}
 	if user.Inside != 1 {
+		// 检查是否是订单所有者或订单的代理
 		if order.UserId != userId {
-			return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "生成分享链接, 无权操作此订单")
+			isAgent, aerr := IsOrderAgent(l.ctx, l.svcCtx, userId, order.Id)
+			if aerr != nil {
+				return nil, aerr
+			}
+			if !isAgent {
+				return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "生成分享链接, 无权操作此订单")
+			}
 		}
 	}

--- a/app/main/api/internal/logic/query/querylistlogic.go
+++ b/app/main/api/internal/logic/query/querylistlogic.go
@@ -2,11 +2,15 @@ package query

 import (
 	"context"
+	"encoding/hex"
+	"encoding/json"
+	"strings"
 	"ycc-server/app/main/api/internal/svc"
 	"ycc-server/app/main/api/internal/types"
 	"ycc-server/app/main/model"
 	"ycc-server/common/ctxdata"
 	"ycc-server/common/xerr"
+	"ycc-server/pkg/lzkit/crypto"

 	"github.com/Masterminds/squirrel"
 	"github.com/jinzhu/copier"
@@ -59,14 +63,42 @@ func (l *QueryListLogic) QueryList(req *types.QueryListReq) (resp *types.QueryLi
 			if findProductErr != nil {
 				return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "报告列表查询, 获取商品信息失败, %+v", err)
 			}
-			
+
 			// 检查订单状态，如果订单已退款，则设置查询状态为已退款
 			order, findOrderErr := l.svcCtx.OrderModel.FindOne(l.ctx, queryModel.OrderId)
-			if findOrderErr == nil && order.Status == model.OrderStatusRefunded {
+			if findOrderErr != nil {
+				return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "报告列表查询, 查询订单信息失败, %+v", findOrderErr)
+			}
+			if order.Status == model.OrderStatusRefunded {
 				query.QueryState = model.QueryStateRefunded
 			}
+
+			// 解密并脱敏params
+			var params map[string]interface{}
+			if queryModel.QueryParams != "" {
+				secretKey := l.svcCtx.Config.Encrypt.SecretKey
+				key, decodeErr := hex.DecodeString(secretKey)
+				if decodeErr != nil {
+					return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "报告列表查询, 获取AES密钥失败, %+v", decodeErr)
+				}
+				decryptedData, decryptErr := crypto.AesDecrypt(queryModel.QueryParams, key)
+				if decryptErr != nil {
+					return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "报告列表查询, 解密查询参数失败, %+v", decryptErr)
+				}
+				unmarshalErr := json.Unmarshal(decryptedData, &params)
+				if unmarshalErr != nil {
+					return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "报告列表查询, 解析查询参数失败, %+v", unmarshalErr)
+				}
+				// 脱敏处理
+				params = l.desensitizeParams(params)
+			} else {
+				params = make(map[string]interface{})
+			}
+
 			query.ProductName = product.ProductName
 			query.Product = product.ProductEn
+			query.Params = params
+			query.Price = order.Amount
 			list = append(list, query)
 		}
 	}
@@ -76,3 +108,64 @@ func (l *QueryListLogic) QueryList(req *types.QueryListReq) (resp *types.QueryLi
 		List:  list,
 	}, nil
 }
+
+// desensitizeParams 对敏感数据进行脱敏处理
+func (l *QueryListLogic) desensitizeParams(params map[string]interface{}) map[string]interface{} {
+	result := make(map[string]interface{})
+	for key, value := range params {
+		if strValue, ok := value.(string); ok {
+			keyLower := strings.ToLower(key)
+			if (strings.Contains(keyLower, "name") || strings.Contains(keyLower, "姓名")) && len(strValue) > 0 {
+				result[key] = l.maskName(strValue)
+			} else if (strings.Contains(keyLower, "idcard") || strings.Contains(keyLower, "id_card") || strings.Contains(keyLower, "身份证")) && len(strValue) > 10 {
+				result[key] = l.maskIDCard(strValue)
+			} else if (strings.Contains(keyLower, "mobile") || strings.Contains(keyLower, "phone") || strings.Contains(keyLower, "手机")) && len(strValue) >= 8 {
+				result[key] = l.maskPhone(strValue)
+			} else {
+				result[key] = strValue
+			}
+		} else {
+			result[key] = value
+		}
+	}
+	return result
+}
+
+// maskName 姓名脱敏
+func (l *QueryListLogic) maskName(name string) string {
+	runes := []rune(name)
+	length := len(runes)
+	if length <= 1 {
+		return name
+	}
+	if length == 2 {
+		return string(runes[0]) + "*"
+	}
+	return string(runes[0]) + strings.Repeat("*", length-2) + string(runes[length-1])
+}
+
+// maskIDCard 身份证号脱敏
+func (l *QueryListLogic) maskIDCard(idCard string) string {
+	length := len(idCard)
+	if length <= 10 {
+		return idCard
+	}
+	// 保留前3位和后4位
+	if length > 7 {
+		return idCard[:3] + strings.Repeat("*", length-7) + idCard[length-4:]
+	}
+	return idCard
+}
+
+// maskPhone 手机号脱敏
+func (l *QueryListLogic) maskPhone(phone string) string {
+	length := len(phone)
+	if length < 8 {
+		return phone
+	}
+	// 保留前3位和后4位
+	if length > 7 {
+		return phone[:3] + strings.Repeat("*", length-7) + phone[length-4:]
+	}
+	return phone
+}