From af4c3b2176e452b0e915cd26950dd9242c388bd5 Mon Sep 17 00:00:00 2001 From: zetaloop Date: Sat, 25 Apr 2026 06:54:22 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E8=AF=84=E4=BB=B7?= =?UTF-8?q?=E4=BA=89=E8=AE=AE=E5=8F=82=E4=B8=8E=E8=80=85=20ID=20=E6=98=A0?= =?UTF-8?q?=E5=B0=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/dispute/api/etc/dispute-api.yaml | 3 +++ app/dispute/api/internal/config/config.go | 1 + .../logic/dispute/createDisputeLogic.go | 13 ++++++--- .../logic/dispute/getOrderDisputeLogic.go | 6 ++++- .../api/internal/logic/dispute/helpers.go | 20 ++++++++++++++ .../api/internal/svc/serviceContext.go | 3 +++ app/review/api/etc/review-api.yaml | 3 +++ app/review/api/internal/config/config.go | 1 + .../logic/review/getOrderReviewsLogic.go | 22 +++++++++++++++ .../api/internal/logic/review/helpers.go | 20 ++++++++++++++ .../logic/review/submitReviewLogic.go | 27 +++++++++++++------ app/review/api/internal/svc/serviceContext.go | 3 +++ deploy/dev/test_all_apis.py | 23 +++++++++------- 13 files changed, 123 insertions(+), 22 deletions(-) diff --git a/app/dispute/api/etc/dispute-api.yaml b/app/dispute/api/etc/dispute-api.yaml index abecb24..a1c4893 100644 --- a/app/dispute/api/etc/dispute-api.yaml +++ b/app/dispute/api/etc/dispute-api.yaml @@ -14,3 +14,6 @@ DisputeRpcConf: OrderRpcConf: Endpoints: - order-rpc:8080 +PlayerRpcConf: + Endpoints: + - player-rpc:8080 diff --git a/app/dispute/api/internal/config/config.go b/app/dispute/api/internal/config/config.go index cc4fc3b..4075f90 100644 --- a/app/dispute/api/internal/config/config.go +++ b/app/dispute/api/internal/config/config.go @@ -9,4 +9,5 @@ type Config struct { rest.RestConf DisputeRpcConf zrpc.RpcClientConf OrderRpcConf zrpc.RpcClientConf + PlayerRpcConf zrpc.RpcClientConf } diff --git a/app/dispute/api/internal/logic/dispute/createDisputeLogic.go b/app/dispute/api/internal/logic/dispute/createDisputeLogic.go index 33e5a81..be649d2 100644 --- a/app/dispute/api/internal/logic/dispute/createDisputeLogic.go +++ b/app/dispute/api/internal/logic/dispute/createDisputeLogic.go @@ -53,11 +53,16 @@ func (l *CreateDisputeLogic) CreateDispute(req *types.CreateDisputeReq) (resp *t return nil, errors.New("order status does not allow disputes") } + consumerID, playerUserID, err := orderParticipantUserIDs(l.ctx, l.svcCtx, order) + if err != nil { + return nil, err + } + var respondentID int64 - if uid == order.GetConsumerId() { - respondentID = order.GetPlayerId() - } else if uid == order.GetPlayerId() { - respondentID = order.GetConsumerId() + if uid == consumerID { + respondentID = playerUserID + } else if uid == playerUserID { + respondentID = consumerID } else { return nil, errors.New("not a participant of this order") } diff --git a/app/dispute/api/internal/logic/dispute/getOrderDisputeLogic.go b/app/dispute/api/internal/logic/dispute/getOrderDisputeLogic.go index 18344b5..f1c32c0 100644 --- a/app/dispute/api/internal/logic/dispute/getOrderDisputeLogic.go +++ b/app/dispute/api/internal/logic/dispute/getOrderDisputeLogic.go @@ -44,7 +44,11 @@ func (l *GetOrderDisputeLogic) GetOrderDispute(req *types.DisputePathId) (resp * if order == nil { return nil, errors.New("order not found") } - if uid != order.GetConsumerId() && uid != order.GetPlayerId() { + consumerID, playerUserID, err := orderParticipantUserIDs(l.ctx, l.svcCtx, order) + if err != nil { + return nil, err + } + if uid != consumerID && uid != playerUserID { return nil, errors.New("not a participant of this order") } diff --git a/app/dispute/api/internal/logic/dispute/helpers.go b/app/dispute/api/internal/logic/dispute/helpers.go index 27c29b6..316ed02 100644 --- a/app/dispute/api/internal/logic/dispute/helpers.go +++ b/app/dispute/api/internal/logic/dispute/helpers.go @@ -1,13 +1,18 @@ package dispute import ( + "context" "encoding/json" + "errors" "sort" "strconv" "time" + "juwan-backend/app/dispute/api/internal/svc" "juwan-backend/app/dispute/api/internal/types" "juwan-backend/app/dispute/rpc/disputeservice" + "juwan-backend/app/order/rpc/orderservice" + "juwan-backend/app/player/rpc/playerservice" ) func formatUnix(ts int64) string { @@ -95,3 +100,18 @@ func detailsJSON(values map[string]any) string { } return string(b) } + +func orderParticipantUserIDs(ctx context.Context, svcCtx *svc.ServiceContext, order *orderservice.Orders) (int64, int64, error) { + if order == nil { + return 0, 0, errors.New("order not found") + } + playerResp, err := svcCtx.PlayerRpc.GetPlayersById(ctx, &playerservice.GetPlayersByIdReq{Id: order.GetPlayerId()}) + if err != nil { + return 0, 0, err + } + player := playerResp.GetPlayers() + if player == nil || player.GetUserId() <= 0 { + return 0, 0, errors.New("player not found") + } + return order.GetConsumerId(), player.GetUserId(), nil +} diff --git a/app/dispute/api/internal/svc/serviceContext.go b/app/dispute/api/internal/svc/serviceContext.go index c160ccb..118ead7 100644 --- a/app/dispute/api/internal/svc/serviceContext.go +++ b/app/dispute/api/internal/svc/serviceContext.go @@ -4,6 +4,7 @@ import ( "juwan-backend/app/dispute/api/internal/config" "juwan-backend/app/dispute/rpc/disputeservice" "juwan-backend/app/order/rpc/orderservice" + "juwan-backend/app/player/rpc/playerservice" "github.com/zeromicro/go-zero/zrpc" ) @@ -12,6 +13,7 @@ type ServiceContext struct { Config config.Config DisputeRpc disputeservice.DisputeService OrderRpc orderservice.OrderService + PlayerRpc playerservice.PlayerService } func NewServiceContext(c config.Config) *ServiceContext { @@ -19,5 +21,6 @@ func NewServiceContext(c config.Config) *ServiceContext { Config: c, DisputeRpc: disputeservice.NewDisputeService(zrpc.MustNewClient(c.DisputeRpcConf)), OrderRpc: orderservice.NewOrderService(zrpc.MustNewClient(c.OrderRpcConf)), + PlayerRpc: playerservice.NewPlayerService(zrpc.MustNewClient(c.PlayerRpcConf)), } } diff --git a/app/review/api/etc/review-api.yaml b/app/review/api/etc/review-api.yaml index 5cf6700..bc1437c 100644 --- a/app/review/api/etc/review-api.yaml +++ b/app/review/api/etc/review-api.yaml @@ -14,3 +14,6 @@ ReviewRpcConf: OrderRpcConf: Endpoints: - order-rpc:8080 +PlayerRpcConf: + Endpoints: + - player-rpc:8080 diff --git a/app/review/api/internal/config/config.go b/app/review/api/internal/config/config.go index aa128f3..5811850 100644 --- a/app/review/api/internal/config/config.go +++ b/app/review/api/internal/config/config.go @@ -9,4 +9,5 @@ type Config struct { rest.RestConf ReviewRpcConf zrpc.RpcClientConf OrderRpcConf zrpc.RpcClientConf + PlayerRpcConf zrpc.RpcClientConf } diff --git a/app/review/api/internal/logic/review/getOrderReviewsLogic.go b/app/review/api/internal/logic/review/getOrderReviewsLogic.go index 3196a34..7a8957f 100644 --- a/app/review/api/internal/logic/review/getOrderReviewsLogic.go +++ b/app/review/api/internal/logic/review/getOrderReviewsLogic.go @@ -5,10 +5,13 @@ package review import ( "context" + "errors" + "juwan-backend/app/order/rpc/orderservice" "juwan-backend/app/review/api/internal/svc" "juwan-backend/app/review/api/internal/types" reviewpb "juwan-backend/app/review/rpc/pb" + "juwan-backend/common/utils/contextj" "github.com/zeromicro/go-zero/core/logx" ) @@ -29,11 +32,30 @@ func NewGetOrderReviewsLogic(ctx context.Context, svcCtx *svc.ServiceContext) *G } func (l *GetOrderReviewsLogic) GetOrderReviews(req *types.GetOrderReviewsReq) (resp *types.ReviewListResp, err error) { + uid, err := contextj.UserIDFrom(l.ctx) + if err != nil { + return nil, err + } + orderResp, err := l.svcCtx.OrderRpc.GetOrdersById(l.ctx, &orderservice.GetOrdersByIdReq{Id: req.Id}) + if err != nil { + return nil, err + } + order := orderResp.GetOrders() + consumerID, playerUserID, err := orderParticipantUserIDs(l.ctx, l.svcCtx, order) + if err != nil { + return nil, err + } + if uid != consumerID && uid != playerUserID { + return nil, errors.New("not a participant of this order") + } + orderId := req.Id + sealed := false result, err := l.svcCtx.ReviewRpc.SearchReviews(l.ctx, &reviewpb.SearchReviewsReq{ Offset: 0, Limit: 10, OrderId: &orderId, + Sealed: &sealed, }) if err != nil { return nil, err diff --git a/app/review/api/internal/logic/review/helpers.go b/app/review/api/internal/logic/review/helpers.go index 8e35e03..0f04ba5 100644 --- a/app/review/api/internal/logic/review/helpers.go +++ b/app/review/api/internal/logic/review/helpers.go @@ -1,8 +1,13 @@ package review import ( + "context" + "errors" "time" + "juwan-backend/app/order/rpc/orderservice" + "juwan-backend/app/player/rpc/playerservice" + "juwan-backend/app/review/api/internal/svc" "juwan-backend/app/review/api/internal/types" reviewpb "juwan-backend/app/review/rpc/pb" ) @@ -26,3 +31,18 @@ func toAPIReview(r *reviewpb.Reviews) types.Review { CreatedAt: formatUnix(r.GetCreatedAt()), } } + +func orderParticipantUserIDs(ctx context.Context, svcCtx *svc.ServiceContext, order *orderservice.Orders) (int64, int64, error) { + if order == nil { + return 0, 0, errors.New("order not found") + } + playerResp, err := svcCtx.PlayerRpc.GetPlayersById(ctx, &playerservice.GetPlayersByIdReq{Id: order.GetPlayerId()}) + if err != nil { + return 0, 0, err + } + player := playerResp.GetPlayers() + if player == nil || player.GetUserId() <= 0 { + return 0, 0, errors.New("player not found") + } + return order.GetConsumerId(), player.GetUserId(), nil +} diff --git a/app/review/api/internal/logic/review/submitReviewLogic.go b/app/review/api/internal/logic/review/submitReviewLogic.go index 5b63ad6..20f845d 100644 --- a/app/review/api/internal/logic/review/submitReviewLogic.go +++ b/app/review/api/internal/logic/review/submitReviewLogic.go @@ -46,13 +46,18 @@ func (l *SubmitReviewLogic) SubmitReview(req *types.SubmitReviewReq) (resp *type return nil, errors.New("order is not in pending_review status") } + consumerID, playerUserID, err := orderParticipantUserIDs(l.ctx, l.svcCtx, order) + if err != nil { + return nil, err + } + var fromUserId, toUserId int64 - if uid == order.GetConsumerId() { - fromUserId = order.GetConsumerId() - toUserId = order.GetPlayerId() - } else if uid == order.GetPlayerId() { - fromUserId = order.GetPlayerId() - toUserId = order.GetConsumerId() + if uid == consumerID { + fromUserId = consumerID + toUserId = playerUserID + } else if uid == playerUserID { + fromUserId = playerUserID + toUserId = consumerID } else { return nil, errors.New("not a participant of this order") } @@ -82,22 +87,28 @@ func (l *SubmitReviewLogic) SubmitReview(req *types.SubmitReviewReq) (resp *type now := time.Now().Unix() sealed := false for _, r := range existing.GetReviews() { - _, _ = l.svcCtx.ReviewRpc.UpdateReviews(l.ctx, &reviewpb.UpdateReviewsReq{ + _, err = l.svcCtx.ReviewRpc.UpdateReviews(l.ctx, &reviewpb.UpdateReviewsReq{ Id: r.GetId(), Sealed: &sealed, UnsealedAt: &now, }) + if err != nil { + return nil, err + } } completedStatus := "completed" completedAt := now updatedAt := now - _, _ = l.svcCtx.OrderRpc.UpdateOrders(l.ctx, &orderservice.UpdateOrdersReq{ + _, err = l.svcCtx.OrderRpc.UpdateOrders(l.ctx, &orderservice.UpdateOrdersReq{ Id: req.Id, Status: &completedStatus, CompletedAt: &completedAt, UpdatedAt: &updatedAt, }) + if err != nil { + return nil, err + } } return &types.EmptyResp{}, nil diff --git a/app/review/api/internal/svc/serviceContext.go b/app/review/api/internal/svc/serviceContext.go index 4c02f7d..7c1c14b 100644 --- a/app/review/api/internal/svc/serviceContext.go +++ b/app/review/api/internal/svc/serviceContext.go @@ -2,6 +2,7 @@ package svc import ( "juwan-backend/app/order/rpc/orderservice" + "juwan-backend/app/player/rpc/playerservice" "juwan-backend/app/review/api/internal/config" "juwan-backend/app/review/rpc/reviewservice" @@ -12,6 +13,7 @@ type ServiceContext struct { Config config.Config ReviewRpc reviewservice.ReviewService OrderRpc orderservice.OrderService + PlayerRpc playerservice.PlayerService } func NewServiceContext(c config.Config) *ServiceContext { @@ -19,5 +21,6 @@ func NewServiceContext(c config.Config) *ServiceContext { Config: c, ReviewRpc: reviewservice.NewReviewService(zrpc.MustNewClient(c.ReviewRpcConf)), OrderRpc: orderservice.NewOrderService(zrpc.MustNewClient(c.OrderRpcConf)), + PlayerRpc: playerservice.NewPlayerService(zrpc.MustNewClient(c.PlayerRpcConf)), } } diff --git a/deploy/dev/test_all_apis.py b/deploy/dev/test_all_apis.py index 4d1d1ff..5e3aa00 100644 --- a/deploy/dev/test_all_apis.py +++ b/deploy/dev/test_all_apis.py @@ -954,7 +954,7 @@ def phase8_order(s_consumer: Session, s_actor: Session, player_id, service_id, s return order_id -def phase8b_review(s_consumer: Session, order_id, player_id): +def phase8b_review(s_consumer: Session, order_id, player_user_id): print("\n=== Phase 8b: Reviews ===") if not order_id: skip("Review flow", "No pending_review order id") @@ -971,20 +971,26 @@ def phase8b_review(s_consumer: Session, order_id, player_id): code, body, _ = s_consumer.get(f"{GATEWAY}/api/v1/orders/{order_id}/reviews") report(f"GET /orders/{order_id}/reviews", code, body) if code == 200: + items = pick_items(body) report_check( f"GET /orders/{order_id}/reviews shape", - isinstance(pick_items(body), list) and isinstance(body.get("meta"), dict), + isinstance(items, list) and isinstance(body.get("meta"), dict), + body, + ) + report_check( + f"GET /orders/{order_id}/reviews hides sealed review", + len(items) == 0, body, ) code, body, _ = s_consumer.get(f"{GATEWAY}/api/v1/reviews?limit=20") report("GET /reviews?limit=20", code, body) - if player_id: + if player_user_id: code, body, _ = s_consumer.get( - f"{GATEWAY}/api/v1/users/{player_id}/reviews?limit=20", + f"{GATEWAY}/api/v1/users/{player_user_id}/reviews?limit=20", ) - report(f"GET /users/{player_id}/reviews?limit=20", code, body) + report(f"GET /users/{player_user_id}/reviews?limit=20", code, body) def phase8c_dispute(s_consumer: Session, s_actor: Session, player_id, service_id, shop_id): @@ -1053,16 +1059,15 @@ def phase8c_dispute(s_consumer: Session, s_actor: Session, player_id, service_id code, body, _ = s_actor.post( f"{GATEWAY}/api/v1/disputes/{dispute_id}/response", json_body={ - "reason": "test respondent guard", + "reason": "test respondent response", "evidence": ["http://example.com/response.jpg"], }, headers=s_actor.csrf_headers(), ) report( - f"POST /disputes/{dispute_id}/response (expect participant check)", + f"POST /disputes/{dispute_id}/response", code, body, - expect_status=(400, 403, 500), ) code, body, _ = s_consumer.post( @@ -1481,7 +1486,7 @@ def main(): shop_id = phase7_shop(s_user, s_consumer, user_id, invited_player_id) order_id = phase8_order(s_consumer, s_user, player_id, service_id, shop_id) - phase8b_review(s_consumer, order_id, player_id) + phase8b_review(s_consumer, order_id, user_id) phase8c_dispute(s_consumer, s_user, player_id, service_id, shop_id) phase8d_notifications(s_consumer) phase8e_search_and_favorites(s_consumer, consumer_user_id, player_id, shop_id)