From fac825245b8ab7142491d84105daf214407b1931 Mon Sep 17 00:00:00 2001
From: Zuncle <34310384@qq.com>
Date: Sun, 15 Mar 2026 13:18:37 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E8=B5=A0=E9=80=81?=
 =?UTF-8?q?=E6=B5=81=E7=A8=8B=E5=9C=B0=E5=9D=80=E5=BD=92=E5=B1=9E=E9=94=99?=
 =?UTF-8?q?=E8=AF=AF=EF=BC=8C=E5=BC=BA=E5=88=B6=E7=99=BB=E5=BD=95=E5=90=8E?=
 =?UTF-8?q?=E6=89=8D=E8=83=BD=E5=A1=AB=E5=86=99=E6=94=B6=E8=B4=A7=E5=9C=B0?=
 =?UTF-8?q?=E5=9D=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

接收者未登录时提交地址会错误保存到赠送者名下，现改为：
- API层：登录态从可选改为必选，未登录返回401
- Service层：始终用提交者ID作为地址归属人
---
 .../api/user/address_share_submit_public.go    | 18 +++++++++++-------
 internal/service/user/address_share.go         | 10 +++++-----
 2 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/internal/api/user/address_share_submit_public.go b/internal/api/user/address_share_submit_public.go
index f3004ce..0b1858c 100755
--- a/internal/api/user/address_share_submit_public.go
+++ b/internal/api/user/address_share_submit_public.go
@@ -45,16 +45,20 @@ func (h *handler) SubmitAddressShare() core.HandlerFunc {
 			return
 		}
 
-		// 尝试获取登录用户信息 (可选)
+		// 登录态验证 - 必须登录才能提交（确保地址归属正确）
 		var submitUserID *int64
 		authHeader := ctx.GetHeader("Authorization")
-		if authHeader != "" {
-			// 如果有 Authorization 尝试解析
-			if claims, err := jwtoken.New(configs.Get().JWT.PatientSecret).Parse(authHeader); err == nil {
-				uid := int64(claims.SessionUserInfo.Id)
-				submitUserID = &uid
-			}
+		if authHeader == "" {
+			ctx.AbortWithError(core.Error(http.StatusUnauthorized, 10027, "请先登录后再提交收货地址"))
+			return
 		}
+		claims, claimsErr := jwtoken.New(configs.Get().JWT.PatientSecret).Parse(authHeader)
+		if claimsErr != nil {
+			ctx.AbortWithError(core.Error(http.StatusUnauthorized, 10027, "登录已过期，请重新登录"))
+			return
+		}
+		uid := int64(claims.SessionUserInfo.Id)
+		submitUserID = &uid
 
 		ip := ctx.Request().RemoteAddr
 		// 统一使用 ctx.RequestContext() 包含 context 内容
diff --git a/internal/service/user/address_share.go b/internal/service/user/address_share.go
index 4405f2e..fdb20d2 100755
--- a/internal/service/user/address_share.go
+++ b/internal/service/user/address_share.go
@@ -113,12 +113,12 @@ func (s *service) SubmitAddressShare(ctx context.Context, shareToken string, nam
 	s.logger.Info("SubmitAddressShare: Processing", zap.Int64("invID", claims.InventoryID), zap.Int64("owner", claims.OwnerUserID))
 
 	// 1. 确定资产最终归属地 (实名转赠逻辑)
-	targetUserID := claims.OwnerUserID
-	isTransfer := false
-	if submittedByUserID != nil && *submittedByUserID > 0 && *submittedByUserID != claims.OwnerUserID {
-		targetUserID = *submittedByUserID
-		isTransfer = true
+	// 必须登录才能提交，submittedByUserID 由 API 层保证非空
+	if submittedByUserID == nil || *submittedByUserID <= 0 {
+		return 0, fmt.Errorf("login_required")
 	}
+	targetUserID := *submittedByUserID
+	isTransfer := targetUserID != claims.OwnerUserID
 
 	var addrID int64
 	err = s.repo.GetDbW().Transaction(func(tx *gorm.DB) error {