fix(security): 添加VITE_PAYMENT_URL环境变量配置

.qoder/rules/backend.md

@@ -0,0 +1,46 @@
+---
+description: Backend development rules for HealthLink-HIS Java/Spring Boot code
+paths:
+  - "healthlink-his-server/**/*.java"
+  - "healthlink-his-server/**/pom.xml"
+---
+
+# Backend Development Rules
+
+## Architecture
+- Layered: `Controller → AppService → Service → Mapper → Entity`
+- Package: `com.healthlink.his.web.{module}.{layer}`
+- All queries use `LambdaQueryWrapper`, no string SQL concatenation
+- All endpoints require `@PreAuthorize` permission control
+- Use `@Transactional(rollbackFor = Exception.class)` for transaction management
+
+## Naming conventions
+- Controller: `XxxController`
+- AppService: `IXxxAppService` / `XxxAppServiceImpl`
+- Service: `IXxxService` / `XxxServiceImpl`
+- Mapper: `XxxMapper`
+- Entity: `Xxx`
+- DTO: `XxxDto` / `XxxQueryDto`
+
+## Iron Laws (Backend)
+- **Iron Law 7**: Never modify existing public method signatures (no delete/rename, no parameter changes)
+- **Iron Law 18**: Never break existing functionality when adding new features
+- **Iron Law 19**: Compile errors are your responsibility to fix, regardless of origin
+- **Iron Law 6**: Never delete existing Java source files
+
+## DTO Field Type Defense
+- Frontend Boolean fields → use String + business layer conversion (Jackson strict Boolean validation)
+- All DTOs accepting frontend input: add `@JsonIgnoreProperties(ignoreUnknown = true)`
+
+## Verification commands
+```bash
+cd healthlink-his-server
+mvn clean compile -DskipTests    # Compile check
+mvn install -DskipTests          # Build and install
+mvn test                         # Run all tests
+```
+
+## Common patterns
+- Patient sensitive information must be desensitized in logs
+- Use Hutool utility classes for common operations
+- Flowable for workflow, LiteFlow for rule engine