From 962d1c0ae3cc75563b2163225d4748c47241721e Mon Sep 17 00:00:00 2001 From: zhouyonggao <1971162852@qq.com> Date: Thu, 18 Dec 2025 22:02:04 +0800 Subject: [PATCH] =?UTF-8?q?fix(api):=20=E4=BF=AE=E5=A4=8D=E5=95=86?= =?UTF-8?q?=E6=88=B7=E5=88=97=E8=A1=A8=E6=9F=A5=E8=AF=A2=E9=80=BB=E8=BE=91?= =?UTF-8?q?=E5=B9=B6=E5=A2=9E=E5=BC=BA=E7=94=A8=E6=88=B7=E8=BF=87=E6=BB=A4?= =?UTF-8?q?=E6=9D=A1=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 修改查询条件,将 `delete_time` 为空作为有效数据筛选 - 优化用户过滤,支持 `user_id` 字段匹配及 JSON 字段中包含该用户 - 修正代码格式和缩进以提升可读性 - 增加对请求参数 `limit` 的范围校验 - 优化错误处理逻辑,确保查询异常时返回正确状态码 --- server/internal/api/ymt_merchants.go | 104 ++++++++++++++------------- 1 file changed, 55 insertions(+), 49 deletions(-) diff --git a/server/internal/api/ymt_merchants.go b/server/internal/api/ymt_merchants.go index 5d15510..3ca372e 100644 --- a/server/internal/api/ymt_merchants.go +++ b/server/internal/api/ymt_merchants.go @@ -1,62 +1,68 @@ package api import ( - "database/sql" - "net/http" - "strconv" + "database/sql" + "net/http" + "strconv" ) type YMTMerchantsAPI struct { - ymt *sql.DB + ymt *sql.DB } func YMTMerchantsHandler(ymt *sql.DB) http.Handler { - api := &YMTMerchantsAPI{ymt: ymt} - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if r.Method == http.MethodGet { - api.list(w, r) - return - } - w.WriteHeader(http.StatusNotFound) - }) + api := &YMTMerchantsAPI{ymt: ymt} + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.Method == http.MethodGet { + api.list(w, r) + return + } + w.WriteHeader(http.StatusNotFound) + }) } func (a *YMTMerchantsAPI) list(w http.ResponseWriter, r *http.Request) { - q := r.URL.Query() - userIDStr := q.Get("user_id") - like := q.Get("q") - limitStr := q.Get("limit") - limit := 2000 - if limitStr != "" { - if n, err := strconv.Atoi(limitStr); err == nil && n > 0 && n <= 10000 { limit = n } - } - sql1 := "SELECT id, name FROM merchant WHERE id IS NOT NULL" - args := []interface{}{} - if userIDStr != "" { - sql1 += " AND user_id = ?" - args = append(args, userIDStr) - } - if like != "" { - sql1 += " AND (CAST(id AS CHAR) LIKE ? OR name LIKE ?)" - s := "%" + like + "%" - args = append(args, s, s) - } - sql1 += " ORDER BY id ASC LIMIT ?" - args = append(args, limit) - rows, err := a.ymt.Query(sql1, args...) - if err != nil { - fail(w, r, http.StatusInternalServerError, err.Error()) - return - } - defer rows.Close() - out := []map[string]interface{}{} - for rows.Next() { - var id sql.NullInt64 - var name sql.NullString - if err := rows.Scan(&id, &name); err != nil { continue } - if !id.Valid { continue } - out = append(out, map[string]interface{}{"id": id.Int64, "name": name.String}) - } - ok(w, r, out) + q := r.URL.Query() + userIDStr := q.Get("user_id") + like := q.Get("q") + limitStr := q.Get("limit") + limit := 2000 + if limitStr != "" { + if n, err := strconv.Atoi(limitStr); err == nil && n > 0 && n <= 10000 { + limit = n + } + } + sql1 := "SELECT id, name FROM merchant WHERE delete_time IS NULL" + args := []interface{}{} + if userIDStr != "" { + // user_id 匹配 或者 operation_user JSON 中包含该 user_id + sql1 += " AND (user_id = ? OR JSON_CONTAINS(operation_user, JSON_OBJECT('user_id', CAST(? AS SIGNED))))" + args = append(args, userIDStr, userIDStr) + } + if like != "" { + sql1 += " AND (CAST(id AS CHAR) LIKE ? OR name LIKE ?)" + s := "%" + like + "%" + args = append(args, s, s) + } + sql1 += " ORDER BY id ASC LIMIT ?" + args = append(args, limit) + rows, err := a.ymt.Query(sql1, args...) + if err != nil { + fail(w, r, http.StatusInternalServerError, err.Error()) + return + } + defer rows.Close() + out := []map[string]interface{}{} + for rows.Next() { + var id sql.NullInt64 + var name sql.NullString + if err := rows.Scan(&id, &name); err != nil { + continue + } + if !id.Valid { + continue + } + out = append(out, map[string]interface{}{"id": id.Int64, "name": name.String}) + } + ok(w, r, out) } -