first

server-api/tools/release_audit.php

@@ -0,0 +1,193 @@
+<?php
+
+declare(strict_types=1);
+
+require dirname(__DIR__) . '/vendor/autoload.php';
+
+$dotenv = Dotenv\Dotenv::createImmutable(dirname(__DIR__));
+$dotenv->safeLoad();
+
+$projectRoot = dirname(__DIR__, 2);
+$issues = [];
+
+function add_issue(array &$issues, string $level, string $title, string $detail): void
+{
+    $issues[] = compact('level', 'title', 'detail');
+}
+
+function check(bool $condition, array &$issues, string $failLevel, string $title, string $detail): void
+{
+    if (!$condition) {
+        add_issue($issues, $failLevel, $title, $detail);
+    }
+}
+
+function parseJsonFile(string $path): ?array
+{
+    $content = @file_get_contents($path);
+    if ($content === false) {
+        return null;
+    }
+
+    $content = preg_replace('/^\xEF\xBB\xBF/', '', $content);
+    $content = preg_replace('!/\*.*?\*/!s', '', $content);
+    $content = preg_replace('/^\s*\/\/.*$/m', '', $content);
+
+    $decoded = json_decode((string)$content, true);
+    return is_array($decoded) ? $decoded : null;
+}
+
+function isPlaceholderApiBase(string $apiBase): bool
+{
+    if ($apiBase === '') {
+        return true;
+    }
+
+    $normalized = strtolower($apiBase);
+    if (str_contains($normalized, '127.0.0.1') || str_contains($normalized, 'localhost')) {
+        return true;
+    }
+
+    return str_contains($normalized, 'example.com');
+}
+
+$env = $_ENV;
+check(($env['APP_ENV'] ?? '') === 'production', $issues, 'FAIL', 'APP_ENV 非 production', '当前 .env 中 APP_ENV 不是 production。');
+check(in_array(strtolower((string)($env['APP_DEBUG'] ?? '')), ['false', '0'], true), $issues, 'FAIL', 'APP_DEBUG 未关闭', '当前 .env 中 APP_DEBUG 仍然开启。');
+
+$dsn = sprintf(
+    'mysql:host=%s;port=%s;dbname=%s;charset=%s',
+    $env['DB_HOST'] ?? '127.0.0.1',
+    $env['DB_PORT'] ?? '3306',
+    $env['DB_DATABASE'] ?? '',
+    $env['DB_CHARSET'] ?? 'utf8mb4'
+);
+
+$pdo = new PDO(
+    $dsn,
+    $env['DB_USERNAME'] ?? '',
+    $env['DB_PASSWORD'] ?? '',
+    [
+        PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
+        PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
+    ]
+);
+
+$configRows = $pdo->query("SELECT config_group, config_key, config_value FROM system_configs")->fetchAll();
+$configMap = [];
+foreach ($configRows as $row) {
+    $configMap[$row['config_group'] . '.' . $row['config_key']] = (string)($row['config_value'] ?? '');
+}
+
+$requiredConfigKeys = [
+    'mini_program.app_id',
+    'mini_program.app_secret',
+    'mini_program.original_id',
+    'h5.app_id',
+    'h5.app_secret',
+    'h5.oauth_redirect_url',
+    'h5.page_base_url',
+    'sms.access_key_id',
+    'sms.access_key_secret',
+    'sms.sign_name',
+    'sms.login_template_code',
+    'payment.mch_id',
+    'payment.api_v3_key',
+    'payment.merchant_serial_no',
+    'payment.merchant_private_key',
+    'payment.platform_certificate_serial',
+    'payment.notify_url',
+];
+
+foreach ($requiredConfigKeys as $key) {
+    check(($configMap[$key] ?? '') !== '', $issues, 'FAIL', "系统配置缺失: {$key}", "后台系统配置中 {$key} 仍为空。");
+}
+
+if (($configMap['h5.page_base_url'] ?? '') !== '' && isPlaceholderApiBase((string)$configMap['h5.page_base_url'])) {
+    add_issue($issues, 'FAIL', 'H5 页面根地址未配置正式域名', '后台系统配置 h5.page_base_url 仍为本地或占位地址，扫码公开链接将无法用于正式环境。');
+}
+
+$demoValues = [
+    'mini_program.app_id' => 'wx1234567890test',
+    'h5.app_id' => 'h5_app_demo',
+    'payment.mch_id' => '1900000109',
+    'payment.api_v3_key' => 'demo_api_v3_key_1234567890',
+];
+
+foreach ($demoValues as $key => $value) {
+    check(($configMap[$key] ?? '') !== $value, $issues, 'FAIL', "系统配置仍是演示值: {$key}", "后台系统配置 {$key} 仍为演示值 {$value}。");
+}
+
+$admins = $pdo->query("SELECT id, mobile, password, status FROM admin_users ORDER BY id ASC")->fetchAll();
+$hasDefaultAdmin = false;
+$hasViewerAdmin = false;
+foreach ($admins as $admin) {
+    if (($admin['mobile'] ?? '') === '13800138000') {
+        $hasDefaultAdmin = true;
+        if (password_verify('Admin@123456', (string)$admin['password'])) {
+            add_issue($issues, 'FAIL', '默认超级管理员密码未修改', '管理员 13800138000 仍可用默认密码 Admin@123456 登录。');
+        }
+    }
+    if (($admin['mobile'] ?? '') === '13800138001' && ($admin['status'] ?? '') === 'enabled') {
+        $hasViewerAdmin = true;
+    }
+}
+if ($hasViewerAdmin) {
+    add_issue($issues, 'WARN', '测试管理员仍启用', '测试管理员 13800138001 / Test@123456 仍处于启用状态。');
+}
+if (!$hasDefaultAdmin) {
+    add_issue($issues, 'WARN', '未检测到默认超级管理员', '未找到手机号 13800138000 的默认超级管理员账号。');
+}
+
+$user = $pdo->query("SELECT nickname FROM users WHERE id = 1")->fetch();
+if ($user && str_contains((string)$user['nickname'], '测试')) {
+    add_issue($issues, 'WARN', '测试昵称未清理', '用户昵称仍包含“测试”字样。');
+}
+
+$manifestPath = $projectRoot . '/user-app/src/manifest.json';
+$manifest = parseJsonFile($manifestPath);
+if (!is_array($manifest)) {
+    add_issue($issues, 'FAIL', 'manifest.json 解析失败', '无法解析 user-app/src/manifest.json。');
+} else {
+    check(($manifest['mp-weixin']['appid'] ?? '') !== '', $issues, 'FAIL', '小程序 manifest appid 为空', 'manifest.json 中 mp-weixin.appid 仍为空。');
+    if (($configMap['mini_program.app_id'] ?? '') !== '') {
+        check(
+            ($manifest['mp-weixin']['appid'] ?? '') === $configMap['mini_program.app_id'],
+            $issues,
+            'FAIL',
+            '小程序 manifest appid 未同步后台配置',
+            'manifest.json 中 mp-weixin.appid 与后台系统配置 mini_program.app_id 不一致，请先执行配置同步。'
+        );
+    }
+}
+
+$adminProdEnvPath = $projectRoot . '/admin-web/.env.production';
+$userProdEnvPath = $projectRoot . '/user-app/.env.production';
+$adminProdEnv = @parse_ini_file($adminProdEnvPath);
+$userProdEnv = @parse_ini_file($userProdEnvPath);
+if (is_array($adminProdEnv)) {
+    $adminApiBase = (string)($adminProdEnv['VITE_API_BASE_URL'] ?? '');
+    if (isPlaceholderApiBase($adminApiBase)) {
+        add_issue($issues, 'FAIL', 'admin-web 生产 API 未配置正式域名', 'admin-web/.env.production 的 VITE_API_BASE_URL 仍为本地或占位地址。');
+    }
+} else {
+    add_issue($issues, 'FAIL', 'admin-web 缺少生产环境变量', '无法解析 admin-web/.env.production。');
+}
+if (is_array($userProdEnv)) {
+    $userApiBase = (string)($userProdEnv['VITE_API_BASE_URL'] ?? '');
+    if (isPlaceholderApiBase($userApiBase)) {
+        add_issue($issues, 'FAIL', 'user-app 生产 API 未配置正式域名', 'user-app/.env.production 的 VITE_API_BASE_URL 仍为本地或占位地址。');
+    }
+} else {
+    add_issue($issues, 'FAIL', 'user-app 缺少生产环境变量', '无法解析 user-app/.env.production。');
+}
+
+if (!$issues) {
+    echo "RELEASE_AUDIT_OK\n";
+    exit(0);
+}
+
+echo "RELEASE_AUDIT_ISSUES\n";
+foreach ($issues as $item) {
+    echo "[{$item['level']}] {$item['title']} - {$item['detail']}\n";
+}