feat(pms-base): pms-base 模块加固 + U1-U10 全链路实现 #2
Loading…
Reference in New Issue
No description provided.
Delete Branch "feat/pms-base-hardening"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
pms-base 模块加固 — U1-U10 全链路实现
本 PR 基于
docs/plans/2026-07-02-001-fix-pms-base-hardening-plan.md计划,完成 10 个实现单元的安全/质量/可靠性加固。变更概览
实现单元清单
U1: AES 加密加固
AesEncryptUtil迁移到 AES-256-GCM(IV 随机化、GCM 完整性校验)V12__MigrateAesEcbToGcm.java:Flyway Java 迁移,回填历史 NULLid_no_hashU2: ProjectSecurityChecker
feat/user-org-perm合并后由@PreAuthorize替换U3: BigDecimal → Long(分)全链路迁移
V13__migrate_amount_to_long_fen.sql:UPDATE(×100) 先于 ALTER(避免 DECIMAL→BIGINT 舍入丢失分位)Long amountFen替换BigDecimal amountU4: phone/email 加密 + hash 索引
V14__encrypt_phone_email.sql:3 表新增phone_hash/email_hash/phone_last4_hash/email_last4_hash+ 9 个索引Owner/Tenant/Enterprise实体新增 hash 字段U5: 输入校验
@RequestBody参数添加@Valid@Pattern/@Email/@Size/@PositiveOrZeroMethodArgumentNotValidExceptionU6: 测试覆盖
LifecycleWriteGuardnull 测试失败(@Mock注入)U7: Resilience4j 熔断 + Feign fallback
build.gradle引入resilience4j-spring-boot3application.yml配置熔断参数(50% 失败率、2s 慢调用阈值、30s open 持续)AuthClientfallback 从return success(null)改为throw ServiceCallException(503)AuthClientFallbackTest验证异常抛出U8: @Transactional
DeviceCategoryServiceImpl/ContractTypeServiceImpl/ProjectServiceImpl的 delete 方法添加@Transactional(rollbackFor = Exception.class)U9: @Lazy 循环依赖文档
CONCEPTS.md新增「代码设计约定」章节lazy-injection-reflectiontestutils-testing.md补充「为什么不用事件总线解耦」设计依据U10: @PreAuthorize 方法级鉴权
@PreAuthorize注解(permission codebase:xxx:manage)V15__add_base_permissions.sql:20 个权限码(ID 300-319),ROLE_ADMIN 全部授权,ROLE_PROPERTY 授权 15 个feat/user-org-perm合并的 Spring Security 基础设施ce-code-review 修复
EnterpriseSaveRequest.roomIds添加@Size(max=500)约束ce-simplify-code 优化
fillNullHash改为addBatch/executeBatch(每 500 条 flush),N 次网络往返 → N/500 次ProjectServiceImpl.create删除冗余setProjectId(null)Advisory 项(未在本 PR 处理,记录待后续)
AesEncryptUtil为 pms-base 本地实现(业务代码使用 pms-common CryptoUtil),plan U1 决策保留ProjectServiceImpl.update/delete缺lifecycleWriteGuard调用(行为变更,非简化范畴)测试
关联
docs/plans/2026-07-02-001-fix-pms-base-hardening-plan.mdfeat/user-org-perm(已合并 main,提供 Spring Security 基础设施)Pull request closed