2026-03-01 03:04:24 +08:00
|
|
|
|
import { NextRequest, NextResponse } from 'next/server';
|
|
|
|
|
|
import { prisma } from '@/lib/db';
|
|
|
|
|
|
|
2026-03-07 04:15:54 +08:00
|
|
|
|
/**
|
|
|
|
|
|
* 订单状态轮询接口 — 仅返回 status / expiresAt 两个字段。
|
|
|
|
|
|
*
|
|
|
|
|
|
* 安全考虑:
|
|
|
|
|
|
* - 订单 ID 使用 CUID(25 位随机字符),具有足够的不可预测性,
|
|
|
|
|
|
* 暴力猜测的成本远高于信息价值。
|
|
|
|
|
|
* - 仅暴露 status 和 expiresAt,不涉及用户隐私或金额信息。
|
|
|
|
|
|
* - 前端 PaymentQRCode 组件每 2 秒轮询此接口以更新支付状态,
|
|
|
|
|
|
* 添加认证会增加不必要的复杂度且影响轮询性能。
|
|
|
|
|
|
*/
|
2026-03-01 17:58:08 +08:00
|
|
|
|
export async function GET(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
|
2026-03-01 03:04:24 +08:00
|
|
|
|
const { id } = await params;
|
|
|
|
|
|
|
|
|
|
|
|
const order = await prisma.order.findUnique({
|
|
|
|
|
|
where: { id },
|
|
|
|
|
|
select: {
|
|
|
|
|
|
id: true,
|
|
|
|
|
|
status: true,
|
|
|
|
|
|
expiresAt: true,
|
|
|
|
|
|
},
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
if (!order) {
|
|
|
|
|
|
return NextResponse.json({ error: '订单不存在' }, { status: 404 });
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return NextResponse.json({
|
2026-03-01 19:25:14 +08:00
|
|
|
|
id: order.id,
|
2026-03-01 03:04:24 +08:00
|
|
|
|
status: order.status,
|
2026-03-01 19:25:14 +08:00
|
|
|
|
expiresAt: order.expiresAt,
|
2026-03-01 03:04:24 +08:00
|
|
|
|
});
|
|
|
|
|
|
}
|
