src/lib/easy-pay/provider.ts

import type {
  PaymentProvider,
  PaymentType,
  CreatePaymentRequest,
  CreatePaymentResponse,
  QueryOrderResponse,
  PaymentNotification,
  RefundRequest,
  RefundResponse,
} from '@/lib/payment/types';
import { createPayment, queryOrder, refund } from './client';
import { verifySign } from './sign';
import { getEnv } from '@/lib/config';

export class EasyPayProvider implements PaymentProvider {
  readonly name = 'easy-pay';
  readonly providerKey = 'easypay';
  readonly supportedTypes: PaymentType[] = ['alipay', 'wxpay'];
  readonly defaultLimits = {
    alipay: { singleMax: 1000, dailyMax: 10000 },
    wxpay: { singleMax: 1000, dailyMax: 10000 },
  };

  async createPayment(request: CreatePaymentRequest): Promise<CreatePaymentResponse> {
    const result = await createPayment({
      outTradeNo: request.orderId,
      amount: request.amount.toFixed(2),
      paymentType: request.paymentType as 'alipay' | 'wxpay',
      clientIp: request.clientIp || '127.0.0.1',
      productName: request.subject,
      returnUrl: request.returnUrl,
    });

    return {
      tradeNo: result.trade_no,
      payUrl: result.payurl,
      qrCode: result.qrcode,
    };
  }

  async queryOrder(tradeNo: string): Promise<QueryOrderResponse> {
    const result = await queryOrder(tradeNo);
    return {
      tradeNo: result.trade_no,
      status: result.status === 1 ? 'paid' : 'pending',
      amount: parseFloat(result.money),
      paidAt: result.endtime ? new Date(result.endtime) : undefined,
    };
  }

  async verifyNotification(rawBody: string | Buffer, _headers: Record<string, string>): Promise<PaymentNotification> {
    const env = getEnv();
    const body = typeof rawBody === 'string' ? rawBody : rawBody.toString('utf-8');
    const searchParams = new URLSearchParams(body);

    const params: Record<string, string> = {};
    for (const [key, value] of searchParams.entries()) {
      params[key] = value;
    }

    const sign = params.sign || '';
    const paramsForSign: Record<string, string> = {};
    for (const [key, value] of Object.entries(params)) {
      if (key !== 'sign' && key !== 'sign_type' && value !== undefined && value !== null) {
        paramsForSign[key] = value;
      }
    }

    if (!env.EASY_PAY_PKEY || !verifySign(paramsForSign, env.EASY_PAY_PKEY, sign)) {
      throw new Error('EasyPay notification signature verification failed');
    }

    // 校验 pid 与配置一致，防止跨商户回调注入
    if (params.pid && params.pid !== env.EASY_PAY_PID) {
      throw new Error(`EasyPay notification pid mismatch: expected ${env.EASY_PAY_PID}, got ${params.pid}`);
    }

    // 校验金额为有限正数
    const amount = parseFloat(params.money || '0');
    if (!Number.isFinite(amount) || amount <= 0) {
      throw new Error(`EasyPay notification invalid amount: ${params.money}`);
    }

    return {
      tradeNo: params.trade_no || '',
      orderId: params.out_trade_no || '',
      amount,
      status: params.trade_status === 'TRADE_SUCCESS' ? 'success' : 'failed',
      rawData: params,
    };
  }

  async refund(request: RefundRequest): Promise<RefundResponse> {
    await refund(request.tradeNo, request.orderId, request.amount.toFixed(2));
    return {
      refundId: `${request.tradeNo}-refund`,
      status: 'success',
    };
  }

  async cancelPayment(): Promise<void> {
    // EasyPay does not support cancelling payments
  }
}
feat: integrate Stripe payment with bugfixes and active timeout cancellation - Add Stripe payment provider with Checkout Session flow - Payment provider abstraction layer (EasyPay + Stripe unified interface) - Stripe webhook with proper raw body handling and signature verification - Frontend: Stripe button with URL validation, anti-duplicate click, noopener - Active timeout cancellation: query platform before expiring, recover paid orders - Singleton Stripe client, idempotency keys, Math.round for amounts - Handle async_payment events, return null for unknown webhook events - Set Checkout Session expires_at aligned with order timeout - Add cancelPayment to provider interface (Stripe: sessions.expire, EasyPay: no-op) - Enable stripe in frontend payment type list 2026-03-01 17:58:08 +08:00			`import type {`
			`PaymentProvider,`
			`PaymentType,`
			`CreatePaymentRequest,`
			`CreatePaymentResponse,`
			`QueryOrderResponse,`
			`PaymentNotification,`
			`RefundRequest,`
			`RefundResponse,`
			`} from '@/lib/payment/types';`
			`import { createPayment, queryOrder, refund } from './client';`
			`import { verifySign } from './sign';`
			`import { getEnv } from '@/lib/config';`

			`export class EasyPayProvider implements PaymentProvider {`
			`readonly name = 'easy-pay';`
feat: 支付手续费功能 - 支持提供商级别和渠道级别手续费率配置（FEE_RATE_PROVIDER_* / FEE_RATE_*） - 用户多付手续费，到账金额不变（充值 ¥100 + 1.6% = 实付 ¥101.60） - 前端显示手续费明细和实付金额 - 退款时按实付金额退款，余额扣减到账金额 2026-03-03 22:00:44 +08:00			`readonly providerKey = 'easypay';`
feat: integrate Stripe payment with bugfixes and active timeout cancellation - Add Stripe payment provider with Checkout Session flow - Payment provider abstraction layer (EasyPay + Stripe unified interface) - Stripe webhook with proper raw body handling and signature verification - Frontend: Stripe button with URL validation, anti-duplicate click, noopener - Active timeout cancellation: query platform before expiring, recover paid orders - Singleton Stripe client, idempotency keys, Math.round for amounts - Handle async_payment events, return null for unknown webhook events - Set Checkout Session expires_at aligned with order timeout - Add cancelPayment to provider interface (Stripe: sessions.expire, EasyPay: no-op) - Enable stripe in frontend payment type list 2026-03-01 17:58:08 +08:00			`readonly supportedTypes: PaymentType[] = ['alipay', 'wxpay'];`
feat: 插件化支付渠道限额 — provider 自声明单笔/每日默认限额 - PaymentProvider 接口新增 defaultLimits（单笔 singleMax + 每日 dailyMax） - EasyPay 默认：支付宝/微信各单笔 ¥1000、每日 ¥10000 - Stripe 默认：不限额（0 = unlimited） - getMethodDailyLimit / getMethodSingleLimit 优先读 env var，再回退 provider 默认 - queryMethodLimits 返回 singleMax，PaymentForm 按渠道动态调整最大单笔金额 - MAX_DAILY_AMOUNT_* 改为可选 env var 覆盖（不再有硬编码默认值） 2026-03-01 22:51:09 +08:00			`readonly defaultLimits = {`
Revert "fix: 各支付渠道默认单笔限额从 1000 提升至 100000，每日限额改为不限" This reverts commit e1788437c9c0ae5786b5e21d0483bab9a38cf900. 2026-03-08 00:06:23 +08:00			`alipay: { singleMax: 1000, dailyMax: 10000 },`
			`wxpay: { singleMax: 1000, dailyMax: 10000 },`
feat: 插件化支付渠道限额 — provider 自声明单笔/每日默认限额 - PaymentProvider 接口新增 defaultLimits（单笔 singleMax + 每日 dailyMax） - EasyPay 默认：支付宝/微信各单笔 ¥1000、每日 ¥10000 - Stripe 默认：不限额（0 = unlimited） - getMethodDailyLimit / getMethodSingleLimit 优先读 env var，再回退 provider 默认 - queryMethodLimits 返回 singleMax，PaymentForm 按渠道动态调整最大单笔金额 - MAX_DAILY_AMOUNT_* 改为可选 env var 覆盖（不再有硬编码默认值） 2026-03-01 22:51:09 +08:00			`};`
feat: integrate Stripe payment with bugfixes and active timeout cancellation - Add Stripe payment provider with Checkout Session flow - Payment provider abstraction layer (EasyPay + Stripe unified interface) - Stripe webhook with proper raw body handling and signature verification - Frontend: Stripe button with URL validation, anti-duplicate click, noopener - Active timeout cancellation: query platform before expiring, recover paid orders - Singleton Stripe client, idempotency keys, Math.round for amounts - Handle async_payment events, return null for unknown webhook events - Set Checkout Session expires_at aligned with order timeout - Add cancelPayment to provider interface (Stripe: sessions.expire, EasyPay: no-op) - Enable stripe in frontend payment type list 2026-03-01 17:58:08 +08:00
			`async createPayment(request: CreatePaymentRequest): Promise<CreatePaymentResponse> {`
			`const result = await createPayment({`
			`outTradeNo: request.orderId,`
			`amount: request.amount.toFixed(2),`
			`paymentType: request.paymentType as 'alipay' \| 'wxpay',`
			`clientIp: request.clientIp \|\| '127.0.0.1',`
			`productName: request.subject,`
fix: EasyPay支付回调缺少access_token导致结果页显示"凭证缺失" EasyPay provider未将动态returnUrl传递给底层client，导致return_url使用静态环境变量，不含order_id和access_token参数。 2026-03-14 01:07:33 +08:00			`returnUrl: request.returnUrl,`
feat: integrate Stripe payment with bugfixes and active timeout cancellation - Add Stripe payment provider with Checkout Session flow - Payment provider abstraction layer (EasyPay + Stripe unified interface) - Stripe webhook with proper raw body handling and signature verification - Frontend: Stripe button with URL validation, anti-duplicate click, noopener - Active timeout cancellation: query platform before expiring, recover paid orders - Singleton Stripe client, idempotency keys, Math.round for amounts - Handle async_payment events, return null for unknown webhook events - Set Checkout Session expires_at aligned with order timeout - Add cancelPayment to provider interface (Stripe: sessions.expire, EasyPay: no-op) - Enable stripe in frontend payment type list 2026-03-01 17:58:08 +08:00			`});`

			`return {`
			`tradeNo: result.trade_no,`
			`payUrl: result.payurl,`
			`qrCode: result.qrcode,`
			`};`
			`}`

			`async queryOrder(tradeNo: string): Promise<QueryOrderResponse> {`
			`const result = await queryOrder(tradeNo);`
			`return {`
			`tradeNo: result.trade_no,`
			`status: result.status === 1 ? 'paid' : 'pending',`
			`amount: parseFloat(result.money),`
			`paidAt: result.endtime ? new Date(result.endtime) : undefined,`
			`};`
			`}`

			`async verifyNotification(rawBody: string \| Buffer, _headers: Record<string, string>): Promise<PaymentNotification> {`
			`const env = getEnv();`
			`const body = typeof rawBody === 'string' ? rawBody : rawBody.toString('utf-8');`
			`const searchParams = new URLSearchParams(body);`

			`const params: Record<string, string> = {};`
			`for (const [key, value] of searchParams.entries()) {`
			`params[key] = value;`
			`}`

			`const sign = params.sign \|\| '';`
			`const paramsForSign: Record<string, string> = {};`
			`for (const [key, value] of Object.entries(params)) {`
			`if (key !== 'sign' && key !== 'sign_type' && value !== undefined && value !== null) {`
			`paramsForSign[key] = value;`
			`}`
			`}`

			`if (!env.EASY_PAY_PKEY \|\| !verifySign(paramsForSign, env.EASY_PAY_PKEY, sign)) {`
			`throw new Error('EasyPay notification signature verification failed');`
			`}`

fix: 全面安全审计修复 — 支付验签、IDOR、竞态、token过期等 - H1: 支付宝响应验签 (verifyResponseSign + bracket-matching 提取签名内容) - H2/H3: EasyPay queryOrder 从 GET 改 POST，PKEY 不再暴露于 URL - H5: users/[id] IDOR 修复，校验当前用户只能查询自身信息 - H6: 限额校验移入 prisma.$transaction() 防止 TOCTOU 竞态 - C1: access_token 增加 24h 过期、userId 绑定、派生密钥分离 - M1: EasyPay 回调增加 pid 校验防跨商户注入 - M4: 充值码增加 crypto.randomBytes 随机后缀 - M5: 过期订单批量处理增加 BATCH_SIZE 限制 - M6: 退款失败增加 [CRITICAL] 日志和余额补偿标记 - M7: admin channels PUT 增加 Zod schema 校验 - M8: admin subscriptions 分页参数增加上限 - M9: orders src_url 限制 HTTP/HTTPS 协议 - L1: 微信支付回调时间戳 NaN 检查 - L9: WXPAY_API_V3_KEY 长度校验 2026-03-14 04:36:33 +08:00			`// 校验 pid 与配置一致，防止跨商户回调注入`
			`if (params.pid && params.pid !== env.EASY_PAY_PID) {`
			throw new Error(`EasyPay notification pid mismatch: expected ${env.EASY_PAY_PID}, got ${params.pid}`);
			`}`

			`// 校验金额为有限正数`
			`const amount = parseFloat(params.money \|\| '0');`
			`if (!Number.isFinite(amount) \|\| amount <= 0) {`
			throw new Error(`EasyPay notification invalid amount: ${params.money}`);
			`}`

feat: integrate Stripe payment with bugfixes and active timeout cancellation - Add Stripe payment provider with Checkout Session flow - Payment provider abstraction layer (EasyPay + Stripe unified interface) - Stripe webhook with proper raw body handling and signature verification - Frontend: Stripe button with URL validation, anti-duplicate click, noopener - Active timeout cancellation: query platform before expiring, recover paid orders - Singleton Stripe client, idempotency keys, Math.round for amounts - Handle async_payment events, return null for unknown webhook events - Set Checkout Session expires_at aligned with order timeout - Add cancelPayment to provider interface (Stripe: sessions.expire, EasyPay: no-op) - Enable stripe in frontend payment type list 2026-03-01 17:58:08 +08:00			`return {`
			`tradeNo: params.trade_no \|\| '',`
			`orderId: params.out_trade_no \|\| '',`
fix: 全面安全审计修复 — 支付验签、IDOR、竞态、token过期等 - H1: 支付宝响应验签 (verifyResponseSign + bracket-matching 提取签名内容) - H2/H3: EasyPay queryOrder 从 GET 改 POST，PKEY 不再暴露于 URL - H5: users/[id] IDOR 修复，校验当前用户只能查询自身信息 - H6: 限额校验移入 prisma.$transaction() 防止 TOCTOU 竞态 - C1: access_token 增加 24h 过期、userId 绑定、派生密钥分离 - M1: EasyPay 回调增加 pid 校验防跨商户注入 - M4: 充值码增加 crypto.randomBytes 随机后缀 - M5: 过期订单批量处理增加 BATCH_SIZE 限制 - M6: 退款失败增加 [CRITICAL] 日志和余额补偿标记 - M7: admin channels PUT 增加 Zod schema 校验 - M8: admin subscriptions 分页参数增加上限 - M9: orders src_url 限制 HTTP/HTTPS 协议 - L1: 微信支付回调时间戳 NaN 检查 - L9: WXPAY_API_V3_KEY 长度校验 2026-03-14 04:36:33 +08:00			`amount,`
feat: integrate Stripe payment with bugfixes and active timeout cancellation - Add Stripe payment provider with Checkout Session flow - Payment provider abstraction layer (EasyPay + Stripe unified interface) - Stripe webhook with proper raw body handling and signature verification - Frontend: Stripe button with URL validation, anti-duplicate click, noopener - Active timeout cancellation: query platform before expiring, recover paid orders - Singleton Stripe client, idempotency keys, Math.round for amounts - Handle async_payment events, return null for unknown webhook events - Set Checkout Session expires_at aligned with order timeout - Add cancelPayment to provider interface (Stripe: sessions.expire, EasyPay: no-op) - Enable stripe in frontend payment type list 2026-03-01 17:58:08 +08:00			`status: params.trade_status === 'TRADE_SUCCESS' ? 'success' : 'failed',`
			`rawData: params,`
			`};`
			`}`

			`async refund(request: RefundRequest): Promise<RefundResponse> {`
			`await refund(request.tradeNo, request.orderId, request.amount.toFixed(2));`
			`return {`
			refundId: `${request.tradeNo}-refund`,
			`status: 'success',`
			`};`
			`}`

			`async cancelPayment(): Promise<void> {`
			`// EasyPay does not support cancelling payments`
			`}`
			`}`