src/lib/admin-auth.ts

import { NextRequest, NextResponse } from 'next/server';
import { getEnv } from '@/lib/config';
import crypto from 'crypto';

function isLocalAdminToken(token: string): boolean {
  const env = getEnv();
  const expected = Buffer.from(env.ADMIN_TOKEN);
  const received = Buffer.from(token);

  if (expected.length !== received.length) return false;
  return crypto.timingSafeEqual(expected, received);
}

async function isSub2ApiAdmin(token: string): Promise<boolean> {
  try {
    const env = getEnv();
    const response = await fetch(`${env.SUB2API_BASE_URL}/api/v1/auth/me`, {
      headers: { Authorization: `Bearer ${token}` },
    });
    if (!response.ok) return false;
    const data = await response.json();
    return data.data?.role === 'admin';
  } catch {
    return false;
  }
}

export async function verifyAdminToken(request: NextRequest): Promise<boolean> {
  const token = request.nextUrl.searchParams.get('token');
  if (!token) return false;

  // 1. 本地 admin token
  if (isLocalAdminToken(token)) return true;

  // 2. Sub2API 管理员 token
  return isSub2ApiAdmin(token);
}

export function unauthorizedResponse() {
  return NextResponse.json({ error: '未授权' }, { status: 401 });
}
feat: migrate payment provider to easy-pay, add order history and refund support - Replace zpay with easy-pay payment provider (new lib/easy-pay/ module) - Add order history page for users (pay/orders) - Add GET /api/orders/my endpoint to list user's own orders - Add GET /api/users/[id] endpoint for sub2api user lookup - Add order status tracking module (lib/order/status.ts) - Update config to support easy-pay credentials (merchant ID, key, gateway) - Update PaymentForm and PaymentQRCode components for easy-pay flow - Update pay page and admin page with new order management UI - Update order service to support easy-pay, cancellation, and refund 2026-03-01 03:04:24 +08:00			`import { NextRequest, NextResponse } from 'next/server';`
			`import { getEnv } from '@/lib/config';`
			`import crypto from 'crypto';`

feat: 管理后台支持 Sub2API 管理员 token 认证保留原有 ADMIN_TOKEN 认证，同时支持传入 Sub2API 用户 token，通过 /api/v1/auth/me 验证 role=admin 身份。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-03 00:41:27 +08:00			`function isLocalAdminToken(token: string): boolean {`
feat: migrate payment provider to easy-pay, add order history and refund support - Replace zpay with easy-pay payment provider (new lib/easy-pay/ module) - Add order history page for users (pay/orders) - Add GET /api/orders/my endpoint to list user's own orders - Add GET /api/users/[id] endpoint for sub2api user lookup - Add order status tracking module (lib/order/status.ts) - Update config to support easy-pay credentials (merchant ID, key, gateway) - Update PaymentForm and PaymentQRCode components for easy-pay flow - Update pay page and admin page with new order management UI - Update order service to support easy-pay, cancellation, and refund 2026-03-01 03:04:24 +08:00			`const env = getEnv();`
			`const expected = Buffer.from(env.ADMIN_TOKEN);`
			`const received = Buffer.from(token);`

			`if (expected.length !== received.length) return false;`
			`return crypto.timingSafeEqual(expected, received);`
			`}`

feat: 管理后台支持 Sub2API 管理员 token 认证保留原有 ADMIN_TOKEN 认证，同时支持传入 Sub2API 用户 token，通过 /api/v1/auth/me 验证 role=admin 身份。 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-03 00:41:27 +08:00			`async function isSub2ApiAdmin(token: string): Promise<boolean> {`
			`try {`
			`const env = getEnv();`
			const response = await fetch(`${env.SUB2API_BASE_URL}/api/v1/auth/me`, {
			headers: { Authorization: `Bearer ${token}` },
			`});`
			`if (!response.ok) return false;`
			`const data = await response.json();`
			`return data.data?.role === 'admin';`
			`} catch {`
			`return false;`
			`}`
			`}`

			`export async function verifyAdminToken(request: NextRequest): Promise<boolean> {`
			`const token = request.nextUrl.searchParams.get('token');`
			`if (!token) return false;`

			`// 1. 本地 admin token`
			`if (isLocalAdminToken(token)) return true;`

			`// 2. Sub2API 管理员 token`
			`return isSub2ApiAdmin(token);`
			`}`

feat: migrate payment provider to easy-pay, add order history and refund support - Replace zpay with easy-pay payment provider (new lib/easy-pay/ module) - Add order history page for users (pay/orders) - Add GET /api/orders/my endpoint to list user's own orders - Add GET /api/users/[id] endpoint for sub2api user lookup - Add order status tracking module (lib/order/status.ts) - Update config to support easy-pay credentials (merchant ID, key, gateway) - Update PaymentForm and PaymentQRCode components for easy-pay flow - Update pay page and admin page with new order management UI - Update order service to support easy-pay, cancellation, and refund 2026-03-01 03:04:24 +08:00			`export function unauthorizedResponse() {`
			`return NextResponse.json({ error: '未授权' }, { status: 401 });`
			`}`