src/lib/admin-auth.ts

import { NextRequest, NextResponse } from 'next/server';
import { getEnv } from '@/lib/config';
import crypto from 'crypto';

export function verifyAdminToken(request: NextRequest): boolean {
  const token = request.nextUrl.searchParams.get('token');
  if (!token) return false;

  const env = getEnv();
  const expected = Buffer.from(env.ADMIN_TOKEN);
  const received = Buffer.from(token);

  if (expected.length !== received.length) return false;
  return crypto.timingSafeEqual(expected, received);
}

export function unauthorizedResponse() {
  return NextResponse.json({ error: '未授权' }, { status: 401 });
}
feat: migrate payment provider to easy-pay, add order history and refund support - Replace zpay with easy-pay payment provider (new lib/easy-pay/ module) - Add order history page for users (pay/orders) - Add GET /api/orders/my endpoint to list user's own orders - Add GET /api/users/[id] endpoint for sub2api user lookup - Add order status tracking module (lib/order/status.ts) - Update config to support easy-pay credentials (merchant ID, key, gateway) - Update PaymentForm and PaymentQRCode components for easy-pay flow - Update pay page and admin page with new order management UI - Update order service to support easy-pay, cancellation, and refund 2026-03-01 03:04:24 +08:00			`import { NextRequest, NextResponse } from 'next/server';`
			`import { getEnv } from '@/lib/config';`
			`import crypto from 'crypto';`

			`export function verifyAdminToken(request: NextRequest): boolean {`
			`const token = request.nextUrl.searchParams.get('token');`
			`if (!token) return false;`

			`const env = getEnv();`
			`const expected = Buffer.from(env.ADMIN_TOKEN);`
			`const received = Buffer.from(token);`

			`if (expected.length !== received.length) return false;`
			`return crypto.timingSafeEqual(expected, received);`
			`}`

			`export function unauthorizedResponse() {`
			`return NextResponse.json({ error: '未授权' }, { status: 401 });`
			`}`