fix(authorization-service): 修复授权查询使用错误字段导致省市互斥验证失效

问题：数据库 user_id 列存储的是 accountSequence，但查询时使用 userId.value，导致查询不到已有授权记录，省市互斥验证被绕过。修复方法：所有基于 UserId 的查询改为使用 accountSequence 字段： - findByUserIdAndRoleType - findByUserIdRoleTypeAndRegion - findByUserId - findPendingByUserId - findAllByUserIdIncludeDeleted 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-08 10:15:40 -08:00 · 2026-01-08 10:15:40 -08:00 · ee6a092a1a
parent 347e5ce3de
commit ee6a092a1a
2 changed files with 7 additions and 6 deletions
--- a/.claude/settings.local.json
+++ b/.claude/settings.local.json
@ -658,7 +658,8 @@
      "Bash($env:DATABASE_URL=\"postgresql://test:test@localhost:5432/test\")",
      "Bash(DATABASE_URL=\"postgresql://test:test@localhost:5432/test\" npx prisma validate:*)",
      "Bash(DATABASE_URL=\"postgresql://test:test@localhost:5432/test\" npx prisma format:*)",
-      "Bash(timeout 60 npx tsc:*)"
+      "Bash(timeout 60 npx tsc:*)",
+      "Bash(git commit -m \"$\\(cat <<''EOF''\nfeat\\(wallet-service\\): 三层保护机制确保内部转账接收方钱包存在\n\n新增三层保护机制：\n1. 用户注册时：监听 identity.UserAccountCreated 事件自动创建钱包\n2. 发起转账时：检测内部转账后调用 ensureWalletExists\\(\\) 预创建钱包\n3. 链上确认时：原有 upsert 逻辑兜底（保持不变）\n\n新增文件：\n- identity-event-consumer.service.ts: 消费 identity 用户注册事件\n- user-account-created.handler.ts: 处理用户注册事件创建钱包\n\n新增 API：\n- POST /wallets/ensure-wallet: 确保单个钱包存在\n- POST /wallets/ensure-wallets: 批量确保钱包存在\n\n🤖 Generated with [Claude Code]\\(https://claude.com/claude-code\\)\n\nCo-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>\nEOF\n\\)\")"
    ],
    "deny": [],
    "ask": []
--- a/backend/services/authorization-service/src/infrastructure/persistence/repositories/authorization-role.repository.impl.ts
+++ b/backend/services/authorization-service/src/infrastructure/persistence/repositories/authorization-role.repository.impl.ts
@ -89,7 +89,7 @@ export class AuthorizationRoleRepositoryImpl implements IAuthorizationRoleReposi
  ): Promise<AuthorizationRole | null> {
    const record = await this.prisma.authorizationRole.findFirst({
      where: {
-        userId: userId.value,
+        accountSequence: userId.accountSequence,
        roleType: roleType,
        ...this.notDeleted,
      },
@ -104,7 +104,7 @@ export class AuthorizationRoleRepositoryImpl implements IAuthorizationRoleReposi
  ): Promise<AuthorizationRole | null> {
    const record = await this.prisma.authorizationRole.findFirst({
      where: {
-        userId: userId.value,
+        accountSequence: userId.accountSequence,
        roleType: roleType,
        regionCode: regionCode.value,
        ...this.notDeleted,
@ -129,7 +129,7 @@ export class AuthorizationRoleRepositoryImpl implements IAuthorizationRoleReposi

  async findByUserId(userId: UserId): Promise<AuthorizationRole[]> {
    const records = await this.prisma.authorizationRole.findMany({
-      where: { userId: userId.value, ...this.notDeleted },
+      where: { accountSequence: userId.accountSequence, ...this.notDeleted },
      orderBy: { createdAt: 'desc' },
    })
    return records.map((record) => this.toDomain(record))
@ -174,7 +174,7 @@ export class AuthorizationRoleRepositoryImpl implements IAuthorizationRoleReposi
  async findPendingByUserId(userId: UserId): Promise<AuthorizationRole[]> {
    const records = await this.prisma.authorizationRole.findMany({
      where: {
-        userId: userId.value,
+        accountSequence: userId.accountSequence,
        status: AuthorizationStatus.PENDING,
        ...this.notDeleted,
      },
@ -430,7 +430,7 @@ export class AuthorizationRoleRepositoryImpl implements IAuthorizationRoleReposi

  async findAllByUserIdIncludeDeleted(userId: UserId): Promise<AuthorizationRole[]> {
    const records = await this.prisma.authorizationRole.findMany({
-      where: { userId: userId.value },
+      where: { accountSequence: userId.accountSequence },
      orderBy: { createdAt: 'desc' },
    })
    return records.map((record) => this.toDomain(record))