70 lines
2.0 KiB
Markdown
70 lines
2.0 KiB
Markdown
# Council Plan — vr-shopxo-plugin 代码审议
|
||
|
||
> Round 1 — 2026-04-15
|
||
> Branch: council/FrontendDev → main
|
||
> 状态:**Draft Phase**
|
||
|
||
---
|
||
|
||
## Task Summary
|
||
|
||
对 vr-shopxo-plugin 插件进行全面的代码审议,覆盖插件架构、票务核心、前端页面、数据库 Schema、安全性 5 个维度。**仅评论不改代码**,输出独立评审报告到 `reviews/code-review-FrontendDev.md`。
|
||
|
||
---
|
||
|
||
## Review Scope
|
||
|
||
### 1. 插件架构
|
||
- `app/plugins/vr_ticket/EventListener.php`
|
||
- `app/plugins/vr_ticket/plugin.json`
|
||
- 生命周期钩子实现、数据库迁移策略、菜单/权限注册
|
||
|
||
### 2. 票务核心
|
||
- `app/plugins/vr_ticket/service/TicketService.php`
|
||
- `app/plugins/vr_ticket/service/BaseService.php`
|
||
- `onOrderPaid()` 并发问题、`verifyTicket()` 核销漏洞、AES QR 加密强度
|
||
|
||
### 3. 前端票务详情页
|
||
- `app/plugins/vr_ticket/view/goods/ticket_detail.html`
|
||
- HTML/CSS/JS 质量、座位图渲染逻辑、观演人表单安全性
|
||
|
||
### 4. 数据库 Schema
|
||
- `app/plugins/vr_ticket/database/migrations/001_vr_tables.sql`
|
||
- 表结构规范、索引合理性、外键关系
|
||
|
||
### 5. 安全性审计
|
||
- SQL 注入、XSS、支付回调重放攻击、QR 票防伪造
|
||
|
||
---
|
||
|
||
## Task Checklist
|
||
|
||
- [ ] R1: 评审插件架构 (EventListener.php / plugin.json)
|
||
- [ ] R2: 评审票务核心 (TicketService.php / BaseService.php)
|
||
- [ ] R3: 评审前端页面 (ticket_detail.html)
|
||
- [ ] R4: 评审数据库 Schema (001_vr_tables.sql)
|
||
- [ ] R5: 安全性综合审计(注入/XSS/重放/QR伪造)
|
||
- [ ] R6: 汇总评审报告 (reviews/code-review-FrontendDev.md)
|
||
|
||
---
|
||
|
||
## Phase Breakdown
|
||
|
||
| Phase | 内容 | 状态 |
|
||
|---|---|---|
|
||
| **Draft** | 各维度代码阅读 + 问题识别 | ⏳ Pending |
|
||
| **Review** | 输出完整评审报告 | ⏳ Pending |
|
||
| **Finalize** | 提交报告到 main | ⏳ Pending |
|
||
|
||
---
|
||
|
||
## Claim Status
|
||
|
||
| Task | Owner | Status |
|
||
|---|---|---|
|
||
| R1-R6: 完整评审 | council/FrontendDev | `[Claimed: council/FrontendDev]` |
|
||
|
||
---
|
||
|
||
**[CONSENSUS: NO]** — Round 1 规划完成,待执行审议
|