From ee6a092a1ae3a41ed75df929be465aef2f6634dd Mon Sep 17 00:00:00 2001
From: hailin <hailin.zhao@gdzx.xyz>
Date: Thu, 8 Jan 2026 10:15:40 -0800
Subject: [PATCH] =?UTF-8?q?fix(authorization-service):=20=E4=BF=AE?=
 =?UTF-8?q?=E5=A4=8D=E6=8E=88=E6=9D=83=E6=9F=A5=E8=AF=A2=E4=BD=BF=E7=94=A8?=
 =?UTF-8?q?=E9=94=99=E8=AF=AF=E5=AD=97=E6=AE=B5=E5=AF=BC=E8=87=B4=E7=9C=81?=
 =?UTF-8?q?=E5=B8=82=E4=BA=92=E6=96=A5=E9=AA=8C=E8=AF=81=E5=A4=B1=E6=95=88?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

问题：数据库 user_id 列存储的是 accountSequence，但查询时使用 userId.value，
导致查询不到已有授权记录，省市互斥验证被绕过。

修复方法：所有基于 UserId 的查询改为使用 accountSequence 字段：
- findByUserIdAndRoleType
- findByUserIdRoleTypeAndRegion
- findByUserId
- findPendingByUserId
- findAllByUserIdIncludeDeleted

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .claude/settings.local.json                            |  3 ++-
 .../repositories/authorization-role.repository.impl.ts | 10 +++++-----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/.claude/settings.local.json b/.claude/settings.local.json
index 6bae0722..ffca055f 100644
--- a/.claude/settings.local.json
+++ b/.claude/settings.local.json
@@ -658,7 +658,8 @@
       "Bash($env:DATABASE_URL=\"postgresql://test:test@localhost:5432/test\")",
       "Bash(DATABASE_URL=\"postgresql://test:test@localhost:5432/test\" npx prisma validate:*)",
       "Bash(DATABASE_URL=\"postgresql://test:test@localhost:5432/test\" npx prisma format:*)",
-      "Bash(timeout 60 npx tsc:*)"
+      "Bash(timeout 60 npx tsc:*)",
+      "Bash(git commit -m \"$\\(cat <<''EOF''\nfeat\\(wallet-service\\): 三层保护机制确保内部转账接收方钱包存在\n\n新增三层保护机制：\n1. 用户注册时：监听 identity.UserAccountCreated 事件自动创建钱包\n2. 发起转账时：检测内部转账后调用 ensureWalletExists\\(\\) 预创建钱包\n3. 链上确认时：原有 upsert 逻辑兜底（保持不变）\n\n新增文件：\n- identity-event-consumer.service.ts: 消费 identity 用户注册事件\n- user-account-created.handler.ts: 处理用户注册事件创建钱包\n\n新增 API：\n- POST /wallets/ensure-wallet: 确保单个钱包存在\n- POST /wallets/ensure-wallets: 批量确保钱包存在\n\n🤖 Generated with [Claude Code]\\(https://claude.com/claude-code\\)\n\nCo-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>\nEOF\n\\)\")"
     ],
     "deny": [],
     "ask": []
diff --git a/backend/services/authorization-service/src/infrastructure/persistence/repositories/authorization-role.repository.impl.ts b/backend/services/authorization-service/src/infrastructure/persistence/repositories/authorization-role.repository.impl.ts
index 9ae901f2..f74b6dd0 100644
--- a/backend/services/authorization-service/src/infrastructure/persistence/repositories/authorization-role.repository.impl.ts
+++ b/backend/services/authorization-service/src/infrastructure/persistence/repositories/authorization-role.repository.impl.ts
@@ -89,7 +89,7 @@ export class AuthorizationRoleRepositoryImpl implements IAuthorizationRoleReposi
   ): Promise<AuthorizationRole | null> {
     const record = await this.prisma.authorizationRole.findFirst({
       where: {
-        userId: userId.value,
+        accountSequence: userId.accountSequence,
         roleType: roleType,
         ...this.notDeleted,
       },
@@ -104,7 +104,7 @@ export class AuthorizationRoleRepositoryImpl implements IAuthorizationRoleReposi
   ): Promise<AuthorizationRole | null> {
     const record = await this.prisma.authorizationRole.findFirst({
       where: {
-        userId: userId.value,
+        accountSequence: userId.accountSequence,
         roleType: roleType,
         regionCode: regionCode.value,
         ...this.notDeleted,
@@ -129,7 +129,7 @@ export class AuthorizationRoleRepositoryImpl implements IAuthorizationRoleReposi
 
   async findByUserId(userId: UserId): Promise<AuthorizationRole[]> {
     const records = await this.prisma.authorizationRole.findMany({
-      where: { userId: userId.value, ...this.notDeleted },
+      where: { accountSequence: userId.accountSequence, ...this.notDeleted },
       orderBy: { createdAt: 'desc' },
     })
     return records.map((record) => this.toDomain(record))
@@ -174,7 +174,7 @@ export class AuthorizationRoleRepositoryImpl implements IAuthorizationRoleReposi
   async findPendingByUserId(userId: UserId): Promise<AuthorizationRole[]> {
     const records = await this.prisma.authorizationRole.findMany({
       where: {
-        userId: userId.value,
+        accountSequence: userId.accountSequence,
         status: AuthorizationStatus.PENDING,
         ...this.notDeleted,
       },
@@ -430,7 +430,7 @@ export class AuthorizationRoleRepositoryImpl implements IAuthorizationRoleReposi
 
   async findAllByUserIdIncludeDeleted(userId: UserId): Promise<AuthorizationRole[]> {
     const records = await this.prisma.authorizationRole.findMany({
-      where: { userId: userId.value },
+      where: { accountSequence: userId.accountSequence },
       orderBy: { createdAt: 'desc' },
     })
     return records.map((record) => this.toDomain(record))