From 7dfcf41b417085385ad3ef2b50cc32bf50a6148f Mon Sep 17 00:00:00 2001
From: huang <youdang2000@gmail.com>
Date: Sat, 21 Mar 2026 11:33:57 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E5=8D=A1=E7=B1=BB?=
 =?UTF-8?q?=E5=9E=8B=E8=B5=84=E4=BA=A7=E7=BB=91=E5=AE=9A=E9=94=AE=E9=94=99?=
 =?UTF-8?q?=E8=AF=AF=E5=AF=BC=E8=87=B4=E5=BD=92=E5=B1=9E=E6=A0=A1=E9=AA=8C?=
 =?UTF-8?q?=E6=B0=B8=E8=BF=9C=E5=A4=B1=E8=B4=A5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

resolveAssetBindingKey 对卡类型错误地返回 card.ICCID 作为绑定键，
但归属校验 isCustomerOwnAsset 使用 card.VirtualNo 比对，二者不一致
导致所有卡资产的 C 端接口返回 403 无权限。

修复：卡类型绑定键改为 card.VirtualNo，与设计文档一致。
附带数据迁移修正已有的错误绑定记录。
---
 internal/service/client_auth/service.go                  | 2 +-
 .../000087_fix_personal_device_card_binding_key.down.sql | 8 ++++++++
 .../000087_fix_personal_device_card_binding_key.up.sql   | 9 +++++++++
 3 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 migrations/000087_fix_personal_device_card_binding_key.down.sql
 create mode 100644 migrations/000087_fix_personal_device_card_binding_key.up.sql

diff --git a/internal/service/client_auth/service.go b/internal/service/client_auth/service.go
index a1c58b3..c1a3978 100644
--- a/internal/service/client_auth/service.go
+++ b/internal/service/client_auth/service.go
@@ -640,7 +640,7 @@ func (s *Service) resolveAssetBindingKey(ctx context.Context, tx *gorm.DB, asset
 			}
 			return "", errors.Wrap(errors.CodeInternalError, err, "查询卡资产失败")
 		}
-		return card.ICCID, nil
+		return card.VirtualNo, nil
 	}
 
 	if assetType == assetTypeDevice {
diff --git a/migrations/000087_fix_personal_device_card_binding_key.down.sql b/migrations/000087_fix_personal_device_card_binding_key.down.sql
new file mode 100644
index 0000000..e42333d
--- /dev/null
+++ b/migrations/000087_fix_personal_device_card_binding_key.down.sql
@@ -0,0 +1,8 @@
+-- 回滚：将已修复的 VirtualNo 还原为 ICCID
+-- 注意：只还原那些 virtual_no 能匹配到 iot_card.virtual_no 的记录
+UPDATE tb_personal_customer_device pcd
+SET virtual_no = ic.iccid
+FROM tb_iot_card ic
+WHERE pcd.virtual_no = ic.virtual_no
+  AND pcd.deleted_at IS NULL
+  AND ic.virtual_no != ic.iccid;
diff --git a/migrations/000087_fix_personal_device_card_binding_key.up.sql b/migrations/000087_fix_personal_device_card_binding_key.up.sql
new file mode 100644
index 0000000..43d2f02
--- /dev/null
+++ b/migrations/000087_fix_personal_device_card_binding_key.up.sql
@@ -0,0 +1,9 @@
+-- 修复个人客户设备绑定表中卡类型资产的绑定键
+-- 问题：resolveAssetBindingKey 对卡类型错误地使用了 card.ICCID，应使用 card.VirtualNo
+-- 影响：所有通过卡 ICCID 登录的个人客户绑定记录的 virtual_no 字段存的是 ICCID 而非资产虚拟号
+-- 导致：归属校验 isCustomerOwnAsset 比对 VirtualNo 时永远不匹配，返回 403
+UPDATE tb_personal_customer_device pcd
+SET virtual_no = ic.virtual_no
+FROM tb_iot_card ic
+WHERE pcd.virtual_no = ic.iccid
+  AND pcd.deleted_at IS NULL;