fix(api): 修复商户列表查询逻辑并增强用户过滤条件

- 修改查询条件，将 `delete_time` 为空作为有效数据筛选 - 优化用户过滤，支持 `user_id` 字段匹配及 JSON 字段中包含该用户 - 修正代码格式和缩进以提升可读性 - 增加对请求参数 `limit` 的范围校验 - 优化错误处理逻辑，确保查询异常时返回正确状态码
2025-12-18 22:02:04 +08:00 · 2025-12-18 22:02:04 +08:00 · 962d1c0ae3
parent c45cabbfdc
commit 962d1c0ae3
1 changed files with 55 additions and 49 deletions
--- a/server/internal/api/ymt_merchants.go
+++ b/server/internal/api/ymt_merchants.go
@ -1,62 +1,68 @@
 package api
 import (
-    "database/sql"
+	"database/sql"
-    "net/http"
+	"net/http"
-    "strconv"
+	"strconv"
 )
 type YMTMerchantsAPI struct {
-    ymt *sql.DB
+	ymt *sql.DB
 }
 func YMTMerchantsHandler(ymt *sql.DB) http.Handler {
-    api := &YMTMerchantsAPI{ymt: ymt}
+	api := &YMTMerchantsAPI{ymt: ymt}
-    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-        if r.Method == http.MethodGet {
+		if r.Method == http.MethodGet {
-            api.list(w, r)
+			api.list(w, r)
-            return
+			return
-        }
+		}
-        w.WriteHeader(http.StatusNotFound)
+		w.WriteHeader(http.StatusNotFound)
-    })
+	})
 }
 func (a *YMTMerchantsAPI) list(w http.ResponseWriter, r *http.Request) {
-    q := r.URL.Query()
+	q := r.URL.Query()
-    userIDStr := q.Get("user_id")
+	userIDStr := q.Get("user_id")
-    like := q.Get("q")
+	like := q.Get("q")
-    limitStr := q.Get("limit")
+	limitStr := q.Get("limit")
-    limit := 2000
+	limit := 2000
-    if limitStr != "" {
+	if limitStr != "" {
-        if n, err := strconv.Atoi(limitStr); err == nil && n > 0 && n <= 10000 { limit = n }
+		if n, err := strconv.Atoi(limitStr); err == nil && n > 0 && n <= 10000 {
-    }
+			limit = n
-    sql1 := "SELECT id, name FROM merchant WHERE id IS NOT NULL"
+		}
-    args := []interface{}{}
+	}
-    if userIDStr != "" {
+	sql1 := "SELECT id, name FROM merchant WHERE delete_time IS NULL"
-        sql1 += " AND user_id = ?"
+	args := []interface{}{}
-        args = append(args, userIDStr)
+	if userIDStr != "" {
-    }
+		// user_id 匹配 或者 operation_user JSON 中包含该 user_id
-    if like != "" {
+		sql1 += " AND (user_id = ? OR JSON_CONTAINS(operation_user, JSON_OBJECT('user_id', CAST(? AS SIGNED))))"
-        sql1 += " AND (CAST(id AS CHAR) LIKE ? OR name LIKE ?)"
+		args = append(args, userIDStr, userIDStr)
-        s := "%" + like + "%"
+	}
-        args = append(args, s, s)
+	if like != "" {
-    }
+		sql1 += " AND (CAST(id AS CHAR) LIKE ? OR name LIKE ?)"
-    sql1 += " ORDER BY id ASC LIMIT ?"
+		s := "%" + like + "%"
-    args = append(args, limit)
+		args = append(args, s, s)
-    rows, err := a.ymt.Query(sql1, args...)
+	}
-    if err != nil {
+	sql1 += " ORDER BY id ASC LIMIT ?"
-        fail(w, r, http.StatusInternalServerError, err.Error())
+	args = append(args, limit)
-        return
+	rows, err := a.ymt.Query(sql1, args...)
-    }
+	if err != nil {
-    defer rows.Close()
+		fail(w, r, http.StatusInternalServerError, err.Error())
-    out := []map[string]interface{}{}
+		return
-    for rows.Next() {
+	}
-        var id sql.NullInt64
+	defer rows.Close()
-        var name sql.NullString
+	out := []map[string]interface{}{}
-        if err := rows.Scan(&id, &name); err != nil { continue }
+	for rows.Next() {
-        if !id.Valid { continue }
+		var id sql.NullInt64
-        out = append(out, map[string]interface{}{"id": id.Int64, "name": name.String})
+		var name sql.NullString
-    }
+		if err := rows.Scan(&id, &name); err != nil {
-    ok(w, r, out)
+			continue
 		}
 		if !id.Valid {
 			continue
 		}
 		out = append(out, map[string]interface{}{"id": id.Int64, "name": name.String})
 	}
 	ok(w, r, out)
 }