修改:分享增加代理权限
This commit is contained in:
@@ -579,11 +579,13 @@ type (
|
||||
List []PromotionQueryItem `json:"list"` // 列表
|
||||
}
|
||||
PromotionQueryItem {
|
||||
Id string `json:"id"` // 查询ID
|
||||
OrderId string `json:"order_id"` // 订单ID
|
||||
ProductName string `json:"product_name"` // 产品名称
|
||||
CreateTime string `json:"create_time"` // 创建时间
|
||||
QueryState string `json:"query_state"` // 查询状态
|
||||
Id string `json:"id"` // 查询ID
|
||||
OrderId string `json:"order_id"` // 订单ID
|
||||
ProductName string `json:"product_name"` // 产品名称
|
||||
CreateTime string `json:"create_time"` // 创建时间
|
||||
QueryState string `json:"query_state"` // 查询状态
|
||||
Params map[string]interface{} `json:"params"` // 查询参数(已脱敏)
|
||||
Price float64 `json:"price"` // 查询价格
|
||||
}
|
||||
)
|
||||
|
||||
|
||||
@@ -19,6 +19,8 @@ type Query {
|
||||
CreateTime string `json:"create_time"` // 创建时间
|
||||
UpdateTime string `json:"update_time"` // 更新时间
|
||||
QueryState string `json:"query_state"` // 查询状态
|
||||
Params map[string]interface{} `json:"params"` // 查询参数(已脱敏)
|
||||
Price float64 `json:"price"` // 查询价格
|
||||
}
|
||||
|
||||
type QueryItem {
|
||||
|
||||
@@ -2,10 +2,14 @@ package agent
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/hex"
|
||||
"encoding/json"
|
||||
"strings"
|
||||
"ycc-server/app/main/model"
|
||||
"ycc-server/common/ctxdata"
|
||||
"ycc-server/common/globalkey"
|
||||
"ycc-server/common/xerr"
|
||||
"ycc-server/pkg/lzkit/crypto"
|
||||
|
||||
"github.com/jinzhu/copier"
|
||||
"github.com/pkg/errors"
|
||||
@@ -71,6 +75,34 @@ func (l *GetPromotionQueryListLogic) GetPromotionQueryList(req *types.GetPromoti
|
||||
return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询产品信息失败, %v", pErr)
|
||||
}
|
||||
|
||||
// 获取订单价格
|
||||
order, oErr := l.svcCtx.OrderModel.FindOne(l.ctx, ao.OrderId)
|
||||
if oErr != nil {
|
||||
return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询订单信息失败, %v", oErr)
|
||||
}
|
||||
|
||||
// 解密并脱敏params
|
||||
var params map[string]interface{}
|
||||
if q.QueryParams != "" {
|
||||
secretKey := l.svcCtx.Config.Encrypt.SecretKey
|
||||
key, decodeErr := hex.DecodeString(secretKey)
|
||||
if decodeErr != nil {
|
||||
return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "获取AES密钥失败, %v", decodeErr)
|
||||
}
|
||||
decryptedData, decryptErr := crypto.AesDecrypt(q.QueryParams, key)
|
||||
if decryptErr != nil {
|
||||
return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "解密查询参数失败, %v", decryptErr)
|
||||
}
|
||||
unmarshalErr := json.Unmarshal(decryptedData, ¶ms)
|
||||
if unmarshalErr != nil {
|
||||
return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "解析查询参数失败, %v", unmarshalErr)
|
||||
}
|
||||
// 脱敏处理
|
||||
params = l.desensitizeParams(params)
|
||||
} else {
|
||||
params = make(map[string]interface{})
|
||||
}
|
||||
|
||||
item := types.PromotionQueryItem{}
|
||||
_ = copier.Copy(&item, q)
|
||||
item.Id = q.Id
|
||||
@@ -78,6 +110,8 @@ func (l *GetPromotionQueryListLogic) GetPromotionQueryList(req *types.GetPromoti
|
||||
item.ProductName = product.ProductName
|
||||
item.CreateTime = q.CreateTime.Format("2006-01-02 15:04:05")
|
||||
item.QueryState = q.QueryState
|
||||
item.Params = params
|
||||
item.Price = order.Amount
|
||||
list = append(list, item)
|
||||
}
|
||||
|
||||
@@ -86,3 +120,64 @@ func (l *GetPromotionQueryListLogic) GetPromotionQueryList(req *types.GetPromoti
|
||||
List: list,
|
||||
}, nil
|
||||
}
|
||||
|
||||
// desensitizeParams 对敏感数据进行脱敏处理
|
||||
func (l *GetPromotionQueryListLogic) desensitizeParams(params map[string]interface{}) map[string]interface{} {
|
||||
result := make(map[string]interface{})
|
||||
for key, value := range params {
|
||||
if strValue, ok := value.(string); ok {
|
||||
keyLower := strings.ToLower(key)
|
||||
if (strings.Contains(keyLower, "name") || strings.Contains(keyLower, "姓名")) && len(strValue) > 0 {
|
||||
result[key] = l.maskName(strValue)
|
||||
} else if (strings.Contains(keyLower, "idcard") || strings.Contains(keyLower, "id_card") || strings.Contains(keyLower, "身份证")) && len(strValue) > 10 {
|
||||
result[key] = l.maskIDCard(strValue)
|
||||
} else if (strings.Contains(keyLower, "mobile") || strings.Contains(keyLower, "phone") || strings.Contains(keyLower, "手机")) && len(strValue) >= 8 {
|
||||
result[key] = l.maskPhone(strValue)
|
||||
} else {
|
||||
result[key] = strValue
|
||||
}
|
||||
} else {
|
||||
result[key] = value
|
||||
}
|
||||
}
|
||||
return result
|
||||
}
|
||||
|
||||
// maskName 姓名脱敏
|
||||
func (l *GetPromotionQueryListLogic) maskName(name string) string {
|
||||
runes := []rune(name)
|
||||
length := len(runes)
|
||||
if length <= 1 {
|
||||
return name
|
||||
}
|
||||
if length == 2 {
|
||||
return string(runes[0]) + "*"
|
||||
}
|
||||
return string(runes[0]) + strings.Repeat("*", length-2) + string(runes[length-1])
|
||||
}
|
||||
|
||||
// maskIDCard 身份证号脱敏
|
||||
func (l *GetPromotionQueryListLogic) maskIDCard(idCard string) string {
|
||||
length := len(idCard)
|
||||
if length <= 10 {
|
||||
return idCard
|
||||
}
|
||||
// 保留前3位和后4位
|
||||
if length > 7 {
|
||||
return idCard[:3] + strings.Repeat("*", length-7) + idCard[length-4:]
|
||||
}
|
||||
return idCard
|
||||
}
|
||||
|
||||
// maskPhone 手机号脱敏
|
||||
func (l *GetPromotionQueryListLogic) maskPhone(phone string) string {
|
||||
length := len(phone)
|
||||
if length < 8 {
|
||||
return phone
|
||||
}
|
||||
// 保留前3位和后4位
|
||||
if length > 7 {
|
||||
return phone[:3] + strings.Repeat("*", length-7) + phone[length-4:]
|
||||
}
|
||||
return phone
|
||||
}
|
||||
|
||||
@@ -82,8 +82,15 @@ func (l *QueryGenerateShareLinkLogic) QueryGenerateShareLink(req *types.QueryGen
|
||||
return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "生成分享链接, 获取用户失败: %v", err)
|
||||
}
|
||||
if user.Inside != 1 {
|
||||
// 检查是否是订单所有者或订单的代理
|
||||
if order.UserId != userId {
|
||||
return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "生成分享链接, 无权操作此订单")
|
||||
isAgent, aerr := IsOrderAgent(l.ctx, l.svcCtx, userId, order.Id)
|
||||
if aerr != nil {
|
||||
return nil, aerr
|
||||
}
|
||||
if !isAgent {
|
||||
return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "生成分享链接, 无权操作此订单")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -2,11 +2,15 @@ package query
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/hex"
|
||||
"encoding/json"
|
||||
"strings"
|
||||
"ycc-server/app/main/api/internal/svc"
|
||||
"ycc-server/app/main/api/internal/types"
|
||||
"ycc-server/app/main/model"
|
||||
"ycc-server/common/ctxdata"
|
||||
"ycc-server/common/xerr"
|
||||
"ycc-server/pkg/lzkit/crypto"
|
||||
|
||||
"github.com/Masterminds/squirrel"
|
||||
"github.com/jinzhu/copier"
|
||||
@@ -62,11 +66,39 @@ func (l *QueryListLogic) QueryList(req *types.QueryListReq) (resp *types.QueryLi
|
||||
|
||||
// 检查订单状态,如果订单已退款,则设置查询状态为已退款
|
||||
order, findOrderErr := l.svcCtx.OrderModel.FindOne(l.ctx, queryModel.OrderId)
|
||||
if findOrderErr == nil && order.Status == model.OrderStatusRefunded {
|
||||
if findOrderErr != nil {
|
||||
return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "报告列表查询, 查询订单信息失败, %+v", findOrderErr)
|
||||
}
|
||||
if order.Status == model.OrderStatusRefunded {
|
||||
query.QueryState = model.QueryStateRefunded
|
||||
}
|
||||
|
||||
// 解密并脱敏params
|
||||
var params map[string]interface{}
|
||||
if queryModel.QueryParams != "" {
|
||||
secretKey := l.svcCtx.Config.Encrypt.SecretKey
|
||||
key, decodeErr := hex.DecodeString(secretKey)
|
||||
if decodeErr != nil {
|
||||
return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "报告列表查询, 获取AES密钥失败, %+v", decodeErr)
|
||||
}
|
||||
decryptedData, decryptErr := crypto.AesDecrypt(queryModel.QueryParams, key)
|
||||
if decryptErr != nil {
|
||||
return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "报告列表查询, 解密查询参数失败, %+v", decryptErr)
|
||||
}
|
||||
unmarshalErr := json.Unmarshal(decryptedData, ¶ms)
|
||||
if unmarshalErr != nil {
|
||||
return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "报告列表查询, 解析查询参数失败, %+v", unmarshalErr)
|
||||
}
|
||||
// 脱敏处理
|
||||
params = l.desensitizeParams(params)
|
||||
} else {
|
||||
params = make(map[string]interface{})
|
||||
}
|
||||
|
||||
query.ProductName = product.ProductName
|
||||
query.Product = product.ProductEn
|
||||
query.Params = params
|
||||
query.Price = order.Amount
|
||||
list = append(list, query)
|
||||
}
|
||||
}
|
||||
@@ -76,3 +108,64 @@ func (l *QueryListLogic) QueryList(req *types.QueryListReq) (resp *types.QueryLi
|
||||
List: list,
|
||||
}, nil
|
||||
}
|
||||
|
||||
// desensitizeParams 对敏感数据进行脱敏处理
|
||||
func (l *QueryListLogic) desensitizeParams(params map[string]interface{}) map[string]interface{} {
|
||||
result := make(map[string]interface{})
|
||||
for key, value := range params {
|
||||
if strValue, ok := value.(string); ok {
|
||||
keyLower := strings.ToLower(key)
|
||||
if (strings.Contains(keyLower, "name") || strings.Contains(keyLower, "姓名")) && len(strValue) > 0 {
|
||||
result[key] = l.maskName(strValue)
|
||||
} else if (strings.Contains(keyLower, "idcard") || strings.Contains(keyLower, "id_card") || strings.Contains(keyLower, "身份证")) && len(strValue) > 10 {
|
||||
result[key] = l.maskIDCard(strValue)
|
||||
} else if (strings.Contains(keyLower, "mobile") || strings.Contains(keyLower, "phone") || strings.Contains(keyLower, "手机")) && len(strValue) >= 8 {
|
||||
result[key] = l.maskPhone(strValue)
|
||||
} else {
|
||||
result[key] = strValue
|
||||
}
|
||||
} else {
|
||||
result[key] = value
|
||||
}
|
||||
}
|
||||
return result
|
||||
}
|
||||
|
||||
// maskName 姓名脱敏
|
||||
func (l *QueryListLogic) maskName(name string) string {
|
||||
runes := []rune(name)
|
||||
length := len(runes)
|
||||
if length <= 1 {
|
||||
return name
|
||||
}
|
||||
if length == 2 {
|
||||
return string(runes[0]) + "*"
|
||||
}
|
||||
return string(runes[0]) + strings.Repeat("*", length-2) + string(runes[length-1])
|
||||
}
|
||||
|
||||
// maskIDCard 身份证号脱敏
|
||||
func (l *QueryListLogic) maskIDCard(idCard string) string {
|
||||
length := len(idCard)
|
||||
if length <= 10 {
|
||||
return idCard
|
||||
}
|
||||
// 保留前3位和后4位
|
||||
if length > 7 {
|
||||
return idCard[:3] + strings.Repeat("*", length-7) + idCard[length-4:]
|
||||
}
|
||||
return idCard
|
||||
}
|
||||
|
||||
// maskPhone 手机号脱敏
|
||||
func (l *QueryListLogic) maskPhone(phone string) string {
|
||||
length := len(phone)
|
||||
if length < 8 {
|
||||
return phone
|
||||
}
|
||||
// 保留前3位和后4位
|
||||
if length > 7 {
|
||||
return phone[:3] + strings.Repeat("*", length-7) + phone[length-4:]
|
||||
}
|
||||
return phone
|
||||
}
|
||||
|
||||
@@ -394,11 +394,13 @@ type ProductListItem struct {
|
||||
}
|
||||
|
||||
type PromotionQueryItem struct {
|
||||
Id string `json:"id"` // 查询ID
|
||||
OrderId string `json:"order_id"` // 订单ID
|
||||
ProductName string `json:"product_name"` // 产品名称
|
||||
CreateTime string `json:"create_time"` // 创建时间
|
||||
QueryState string `json:"query_state"` // 查询状态
|
||||
Id string `json:"id"` // 查询ID
|
||||
OrderId string `json:"order_id"` // 订单ID
|
||||
ProductName string `json:"product_name"` // 产品名称
|
||||
CreateTime string `json:"create_time"` // 创建时间
|
||||
QueryState string `json:"query_state"` // 查询状态
|
||||
Params map[string]interface{} `json:"params"` // 查询参数(已脱敏)
|
||||
Price float64 `json:"price"` // 查询价格
|
||||
}
|
||||
|
||||
type Query struct {
|
||||
@@ -412,6 +414,8 @@ type Query struct {
|
||||
CreateTime string `json:"create_time"` // 创建时间
|
||||
UpdateTime string `json:"update_time"` // 更新时间
|
||||
QueryState string `json:"query_state"` // 查询状态
|
||||
Params map[string]interface{} `json:"params"` // 查询参数(已脱敏)
|
||||
Price float64 `json:"price"` // 查询价格
|
||||
}
|
||||
|
||||
type QueryCleanupConfigItem struct {
|
||||
|
||||
Reference in New Issue
Block a user