src/app/api/admin/orders/route.ts

import { NextRequest, NextResponse } from 'next/server';
import { prisma } from '@/lib/db';
import { verifyAdminToken, unauthorizedResponse } from '@/lib/admin-auth';
import { Prisma, OrderStatus } from '@prisma/client';

export async function GET(request: NextRequest) {
  if (!(await verifyAdminToken(request))) return unauthorizedResponse();

  const searchParams = request.nextUrl.searchParams;
  const page = Math.max(1, Number(searchParams.get('page') || '1'));
  const pageSize = Math.min(100, Math.max(1, Number(searchParams.get('page_size') || '20')));
  const status = searchParams.get('status');
  const userId = searchParams.get('user_id');
  const dateFrom = searchParams.get('date_from');
  const dateTo = searchParams.get('date_to');

  const where: Prisma.OrderWhereInput = {};
  if (status && status in OrderStatus) where.status = status as OrderStatus;

  // userId 校验：忽略无效值（NaN）
  if (userId) {
    const parsedUserId = Number(userId);
    if (Number.isFinite(parsedUserId)) {
      where.userId = parsedUserId;
    }
  }

  // 日期校验：忽略无效日期
  if (dateFrom || dateTo) {
    const createdAt: Prisma.DateTimeFilter = {};
    let hasValidDate = false;

    if (dateFrom) {
      const d = new Date(dateFrom);
      if (!isNaN(d.getTime())) {
        createdAt.gte = d;
        hasValidDate = true;
      }
    }
    if (dateTo) {
      const d = new Date(dateTo);
      if (!isNaN(d.getTime())) {
        createdAt.lte = d;
        hasValidDate = true;
      }
    }

    if (hasValidDate) {
      where.createdAt = createdAt;
    }
  }

  const [orders, total] = await Promise.all([
    prisma.order.findMany({
      where,
      orderBy: { createdAt: 'desc' },
      skip: (page - 1) * pageSize,
      take: pageSize,
      select: {
        id: true,
        userId: true,
        userName: true,
        userEmail: true,
        userNotes: true,
        amount: true,
        status: true,
        paymentType: true,
        createdAt: true,
        paidAt: true,
        completedAt: true,
        failedReason: true,
        expiresAt: true,
        srcHost: true,
      },
    }),
    prisma.order.count({ where }),
  ]);

  return NextResponse.json({
    orders: orders.map((o) => ({
      ...o,
      amount: Number(o.amount),
    })),
    total,
    page,
    page_size: pageSize,
    total_pages: Math.ceil(total / pageSize),
  });
}
-												feat: migrate payment provider to easy-pay, add order history and refund support

- Replace zpay with easy-pay payment provider (new lib/easy-pay/ module)
- Add order history page for users (pay/orders)
- Add GET /api/orders/my endpoint to list user's own orders
- Add GET /api/users/[id] endpoint for sub2api user lookup
- Add order status tracking module (lib/order/status.ts)
- Update config to support easy-pay credentials (merchant ID, key, gateway)
- Update PaymentForm and PaymentQRCode components for easy-pay flow
- Update pay page and admin page with new order management UI
- Update order service to support easy-pay, cancellation, and refund

											
										
										
											2026-03-01 03:04:24 +08:00
+								import { NextRequest, NextResponse } from 'next/server';
 								import { prisma } from '@/lib/db';
 								import { verifyAdminToken, unauthorizedResponse } from '@/lib/admin-auth';
-												feat: integrate Stripe payment with bugfixes and active timeout cancellation

- Add Stripe payment provider with Checkout Session flow
- Payment provider abstraction layer (EasyPay + Stripe unified interface)
- Stripe webhook with proper raw body handling and signature verification
- Frontend: Stripe button with URL validation, anti-duplicate click, noopener
- Active timeout cancellation: query platform before expiring, recover paid orders
- Singleton Stripe client, idempotency keys, Math.round for amounts
- Handle async_payment events, return null for unknown webhook events
- Set Checkout Session expires_at aligned with order timeout
- Add cancelPayment to provider interface (Stripe: sessions.expire, EasyPay: no-op)
- Enable stripe in frontend payment type list

											
										
										
											2026-03-01 17:58:08 +08:00
+								import { Prisma, OrderStatus } from '@prisma/client';
-												feat: migrate payment provider to easy-pay, add order history and refund support

- Replace zpay with easy-pay payment provider (new lib/easy-pay/ module)
- Add order history page for users (pay/orders)
- Add GET /api/orders/my endpoint to list user's own orders
- Add GET /api/users/[id] endpoint for sub2api user lookup
- Add order status tracking module (lib/order/status.ts)
- Update config to support easy-pay credentials (merchant ID, key, gateway)
- Update PaymentForm and PaymentQRCode components for easy-pay flow
- Update pay page and admin page with new order management UI
- Update order service to support easy-pay, cancellation, and refund

											
										
										
											2026-03-01 03:04:24 +08:00
 								export async function GET(request: NextRequest) {
-												style: 全量 prettier 格式化

											
										
										
											2026-03-05 23:10:44 +08:00
+								  if (!(await verifyAdminToken(request))) return unauthorizedResponse();
-												feat: migrate payment provider to easy-pay, add order history and refund support

- Replace zpay with easy-pay payment provider (new lib/easy-pay/ module)
- Add order history page for users (pay/orders)
- Add GET /api/orders/my endpoint to list user's own orders
- Add GET /api/users/[id] endpoint for sub2api user lookup
- Add order status tracking module (lib/order/status.ts)
- Update config to support easy-pay credentials (merchant ID, key, gateway)
- Update PaymentForm and PaymentQRCode components for easy-pay flow
- Update pay page and admin page with new order management UI
- Update order service to support easy-pay, cancellation, and refund

											
										
										
											2026-03-01 03:04:24 +08:00
 								  const searchParams = request.nextUrl.searchParams;
 								  const page = Math.max(1, Number(searchParams.get('page') || '1'));
 								  const pageSize = Math.min(100, Math.max(1, Number(searchParams.get('page_size') || '20')));
 								  const status = searchParams.get('status');
 								  const userId = searchParams.get('user_id');
 								  const dateFrom = searchParams.get('date_from');
 								  const dateTo = searchParams.get('date_to');
 								  const where: Prisma.OrderWhereInput = {};
-												feat: integrate Stripe payment with bugfixes and active timeout cancellation

- Add Stripe payment provider with Checkout Session flow
- Payment provider abstraction layer (EasyPay + Stripe unified interface)
- Stripe webhook with proper raw body handling and signature verification
- Frontend: Stripe button with URL validation, anti-duplicate click, noopener
- Active timeout cancellation: query platform before expiring, recover paid orders
- Singleton Stripe client, idempotency keys, Math.round for amounts
- Handle async_payment events, return null for unknown webhook events
- Set Checkout Session expires_at aligned with order timeout
- Add cancelPayment to provider interface (Stripe: sessions.expire, EasyPay: no-op)
- Enable stripe in frontend payment type list

											
										
										
											2026-03-01 17:58:08 +08:00
+								  if (status && status in OrderStatus) where.status = status as OrderStatus;
-												fix: API 路由安全加固与架构优化 — 认证、错误处理、Registry 统一

- /api/user 添加 token 认证，防止用户枚举
- Admin token 支持 Authorization header
- /api/orders/my 区分认证失败和服务端错误
- Admin orders userId/date 参数校验
- Decimal 字段统一 Number() 转换
- 抽取 handleApiError/extractHeaders 工具函数
- Webhook 路由改用 Registry 获取 Provider
- PaymentRegistry lazy init 自动初始化

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

											
										
										
											2026-03-07 04:15:54 +08:00
 								  // userId 校验：忽略无效值（NaN）
 								  if (userId) {
 								    const parsedUserId = Number(userId);
 								    if (Number.isFinite(parsedUserId)) {
 								      where.userId = parsedUserId;
 								    }
 								  }
 								  // 日期校验：忽略无效日期
-												feat: migrate payment provider to easy-pay, add order history and refund support

- Replace zpay with easy-pay payment provider (new lib/easy-pay/ module)
- Add order history page for users (pay/orders)
- Add GET /api/orders/my endpoint to list user's own orders
- Add GET /api/users/[id] endpoint for sub2api user lookup
- Add order status tracking module (lib/order/status.ts)
- Update config to support easy-pay credentials (merchant ID, key, gateway)
- Update PaymentForm and PaymentQRCode components for easy-pay flow
- Update pay page and admin page with new order management UI
- Update order service to support easy-pay, cancellation, and refund

											
										
										
											2026-03-01 03:04:24 +08:00
+								  if (dateFrom || dateTo) {
-												fix: API 路由安全加固与架构优化 — 认证、错误处理、Registry 统一

- /api/user 添加 token 认证，防止用户枚举
- Admin token 支持 Authorization header
- /api/orders/my 区分认证失败和服务端错误
- Admin orders userId/date 参数校验
- Decimal 字段统一 Number() 转换
- 抽取 handleApiError/extractHeaders 工具函数
- Webhook 路由改用 Registry 获取 Provider
- PaymentRegistry lazy init 自动初始化

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

											
										
										
											2026-03-07 04:15:54 +08:00
+								    const createdAt: Prisma.DateTimeFilter = {};
 								    let hasValidDate = false;
 								    if (dateFrom) {
 								      const d = new Date(dateFrom);
 								      if (!isNaN(d.getTime())) {
 								        createdAt.gte = d;
 								        hasValidDate = true;
 								      }
 								    }
 								    if (dateTo) {
 								      const d = new Date(dateTo);
 								      if (!isNaN(d.getTime())) {
 								        createdAt.lte = d;
 								        hasValidDate = true;
 								      }
 								    }
 								    if (hasValidDate) {
 								      where.createdAt = createdAt;
 								    }
-												feat: migrate payment provider to easy-pay, add order history and refund support

- Replace zpay with easy-pay payment provider (new lib/easy-pay/ module)
- Add order history page for users (pay/orders)
- Add GET /api/orders/my endpoint to list user's own orders
- Add GET /api/users/[id] endpoint for sub2api user lookup
- Add order status tracking module (lib/order/status.ts)
- Update config to support easy-pay credentials (merchant ID, key, gateway)
- Update PaymentForm and PaymentQRCode components for easy-pay flow
- Update pay page and admin page with new order management UI
- Update order service to support easy-pay, cancellation, and refund

											
										
										
											2026-03-01 03:04:24 +08:00
+								  }
 								  const [orders, total] = await Promise.all([
 								    prisma.order.findMany({
 								      where,
 								      orderBy: { createdAt: 'desc' },
 								      skip: (page - 1) * pageSize,
 								      take: pageSize,
 								      select: {
 								        id: true,
 								        userId: true,
 								        userName: true,
 								        userEmail: true,
-												feat: 管理后台订单列表展示用户备注，用户信息摊平显示

- 新增 userNotes 字段，创建订单时从 Sub2API 读取用户 notes 保存
- 管理后台订单列表将用户名、邮箱、备注拆分为独立列，节约行高

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

											
										
										
											2026-03-03 04:37:39 +08:00
+								        userNotes: true,
-												feat: migrate payment provider to easy-pay, add order history and refund support

- Replace zpay with easy-pay payment provider (new lib/easy-pay/ module)
- Add order history page for users (pay/orders)
- Add GET /api/orders/my endpoint to list user's own orders
- Add GET /api/users/[id] endpoint for sub2api user lookup
- Add order status tracking module (lib/order/status.ts)
- Update config to support easy-pay credentials (merchant ID, key, gateway)
- Update PaymentForm and PaymentQRCode components for easy-pay flow
- Update pay page and admin page with new order management UI
- Update order service to support easy-pay, cancellation, and refund

											
										
										
											2026-03-01 03:04:24 +08:00
+								        amount: true,
 								        status: true,
 								        paymentType: true,
 								        createdAt: true,
 								        paidAt: true,
 								        completedAt: true,
 								        failedReason: true,
 								        expiresAt: true,
-												feat: 管理后台订单列表显示来源域名（srcHost）

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

											
										
										
											2026-03-03 00:19:01 +08:00
+								        srcHost: true,
-												feat: migrate payment provider to easy-pay, add order history and refund support

- Replace zpay with easy-pay payment provider (new lib/easy-pay/ module)
- Add order history page for users (pay/orders)
- Add GET /api/orders/my endpoint to list user's own orders
- Add GET /api/users/[id] endpoint for sub2api user lookup
- Add order status tracking module (lib/order/status.ts)
- Update config to support easy-pay credentials (merchant ID, key, gateway)
- Update PaymentForm and PaymentQRCode components for easy-pay flow
- Update pay page and admin page with new order management UI
- Update order service to support easy-pay, cancellation, and refund

											
										
										
											2026-03-01 03:04:24 +08:00
+								      },
 								    }),
 								    prisma.order.count({ where }),
 								  ]);
 								  return NextResponse.json({
-												feat: integrate Stripe payment with bugfixes and active timeout cancellation

- Add Stripe payment provider with Checkout Session flow
- Payment provider abstraction layer (EasyPay + Stripe unified interface)
- Stripe webhook with proper raw body handling and signature verification
- Frontend: Stripe button with URL validation, anti-duplicate click, noopener
- Active timeout cancellation: query platform before expiring, recover paid orders
- Singleton Stripe client, idempotency keys, Math.round for amounts
- Handle async_payment events, return null for unknown webhook events
- Set Checkout Session expires_at aligned with order timeout
- Add cancelPayment to provider interface (Stripe: sessions.expire, EasyPay: no-op)
- Enable stripe in frontend payment type list

											
										
										
											2026-03-01 17:58:08 +08:00
+								    orders: orders.map((o) => ({
-												feat: migrate payment provider to easy-pay, add order history and refund support

- Replace zpay with easy-pay payment provider (new lib/easy-pay/ module)
- Add order history page for users (pay/orders)
- Add GET /api/orders/my endpoint to list user's own orders
- Add GET /api/users/[id] endpoint for sub2api user lookup
- Add order status tracking module (lib/order/status.ts)
- Update config to support easy-pay credentials (merchant ID, key, gateway)
- Update PaymentForm and PaymentQRCode components for easy-pay flow
- Update pay page and admin page with new order management UI
- Update order service to support easy-pay, cancellation, and refund

											
										
										
											2026-03-01 03:04:24 +08:00
+								      ...o,
 								      amount: Number(o.amount),
 								    })),
 								    total,
 								    page,
 								    page_size: pageSize,
 								    total_pages: Math.ceil(total / pageSize),
 								  });
 								}