chore: checkpoint local workspace changes

2026-04-23 12:45:15 +08:00
parent 3eb9390e8f
commit a6cd9afcbb
47 changed files with 2154 additions and 529 deletions
--- a/server-rs/crates/api-server/src/phone_auth.rs
+++ b/server-rs/crates/api-server/src/phone_auth.rs
@@ -13,6 +13,7 @@ use shared_contracts::auth::{
    PhoneSendCodeResponse,
 };
 use time::OffsetDateTime;
+use tracing::{info, warn};

 use crate::{
    api_response::json_success_body,
@@ -37,17 +38,54 @@ pub async fn send_phone_code(
        );
    }
    let scene = map_phone_auth_scene(payload.scene.as_deref())?;
-    let result = state
+    let phone_input_masked = mask_phone_input(payload.phone.as_str());
+    info!(
+        request_id = request_context.request_id(),
+        operation = request_context.operation(),
+        scene = scene.as_str(),
+        provider = state.config.sms_auth_provider.as_str(),
+        phone_input_masked = phone_input_masked.as_str(),
+        "收到手机号验证码发送请求"
+    );
+    let result = match state
        .phone_auth_service()
        .send_code(
            SendPhoneCodeInput {
                phone_number: payload.phone,
-                scene,
+                scene: scene.clone(),
            },
            OffsetDateTime::now_utc(),
        )
        .await
-        .map_err(map_phone_auth_error)?;
+    {
+        Ok(result) => {
+            info!(
+                request_id = request_context.request_id(),
+                operation = request_context.operation(),
+                scene = %result.scene,
+                phone_masked = %result.phone_number_masked,
+                provider = %result.provider,
+                provider_request_id = %result.provider_request_id.as_deref().unwrap_or("unknown"),
+                provider_out_id = %result.provider_out_id.as_deref().unwrap_or("unknown"),
+                cooldown_seconds = result.cooldown_seconds,
+                expires_in_seconds = result.expires_in_seconds,
+                "手机号验证码发送请求已提交"
+            );
+            result
+        }
+        Err(error) => {
+            warn!(
+                request_id = request_context.request_id(),
+                operation = request_context.operation(),
+                scene = scene.as_str(),
+                provider = state.config.sms_auth_provider.as_str(),
+                phone_input_masked = phone_input_masked.as_str(),
+                error = %error,
+                "手机号验证码发送失败"
+            );
+            return Err(map_phone_auth_error(error));
+        }
+    };

    Ok(json_success_body(
        Some(&request_context),
@@ -72,7 +110,7 @@ pub async fn phone_login(
            AppError::from_status(StatusCode::BAD_REQUEST).with_message("手机号登录暂未启用")
        );
    }
-    let result = state
+    let result = match state
        .phone_auth_service()
        .login(
            PhoneLoginInput {
@@ -82,7 +120,32 @@ pub async fn phone_login(
            OffsetDateTime::now_utc(),
        )
        .await
-        .map_err(map_phone_auth_error)?;
+    {
+        Ok(result) => {
+            info!(
+                request_id = request_context.request_id(),
+                operation = request_context.operation(),
+                scene = "login",
+                phone_masked = %result.phone_number_masked,
+                provider = %result.provider,
+                provider_out_id = %result.provider_out_id.as_deref().unwrap_or("unknown"),
+                user_id = %result.user.id,
+                created = result.created,
+                "手机号验证码登录成功"
+            );
+            result
+        }
+        Err(error) => {
+            warn!(
+                request_id = request_context.request_id(),
+                operation = request_context.operation(),
+                scene = "login",
+                error = %error,
+                "手机号验证码登录失败"
+            );
+            return Err(map_phone_auth_error(error));
+        }
+    };
    let session_client = resolve_session_client_context(&headers);
    let signed_session = create_auth_session(
        &state,
@@ -128,6 +191,37 @@ fn map_phone_auth_scene(raw_scene: Option<&str>) -> Result<PhoneAuthScene, AppEr
    }
 }

+fn mask_phone_input(phone: &str) -> String {
+    let trimmed = phone.trim();
+    if trimmed.is_empty() {
+        return "empty".to_string();
+    }
+    let digits: String = trimmed.chars().filter(|ch| ch.is_ascii_digit()).collect();
+    let target = if digits.len() >= 7 {
+        digits
+    } else {
+        trimmed.to_string()
+    };
+    mask_phone_digits(&target)
+}
+
+fn mask_phone_digits(value: &str) -> String {
+    let chars: Vec<char> = value.chars().collect();
+    if chars.len() <= 4 {
+        return "*".repeat(chars.len().max(1));
+    }
+    let prefix_len = chars.len().min(3);
+    let suffix_len = 4.min(chars.len().saturating_sub(prefix_len));
+    let mask_len = chars.len().saturating_sub(prefix_len + suffix_len);
+    let mut masked = String::new();
+    masked.extend(chars.iter().take(prefix_len));
+    masked.push_str(&"*".repeat(mask_len.max(1)));
+    if suffix_len > 0 {
+        masked.extend(chars.iter().skip(chars.len() - suffix_len));
+    }
+    masked
+}
+
 fn map_phone_auth_error(error: PhoneAuthError) -> AppError {
    match error {
        PhoneAuthError::InvalidPhoneNumber