fix: 提取 resolveEnabledPaymentTypes 共享函数，下单接口同步校验 + 恢复并发

- 将 resolveEnabledPaymentTypes 提取到 src/lib/payment/resolve-enabled-types.ts - /api/orders 下单时也校验 ENABLED_PAYMENT_TYPES 配置，防止绕过前端直接调用 - /api/user 恢复 queryMethodLimits 与 getUser 并发执行，避免性能退化
2026-03-15 02:56:28 +08:00
parent 0a94cecad8
commit 33e4a811f3
3 changed files with 47 additions and 20 deletions
--- a/src/app/api/orders/route.ts
+++ b/src/app/api/orders/route.ts
@@ -3,6 +3,7 @@ import { z } from 'zod';
 import { createOrder } from '@/lib/order/service';
 import { getEnv } from '@/lib/config';
 import { paymentRegistry } from '@/lib/payment';
+import { getEnabledPaymentTypes } from '@/lib/payment/resolve-enabled-types';
 import { getCurrentUserByToken } from '@/lib/sub2api/client';
 import { handleApiError } from '@/lib/utils/api';

@@ -59,8 +60,9 @@ export async function POST(request: NextRequest) {
      }
    }

-    // Validate payment type is enabled
-    if (!paymentRegistry.getSupportedTypes().includes(payment_type)) {
+    // Validate payment type is enabled (registry + ENABLED_PAYMENT_TYPES config)
+    const enabledTypes = await getEnabledPaymentTypes();
+    if (!enabledTypes.includes(payment_type)) {
      return NextResponse.json({ error: `不支持的支付方式: ${payment_type}` }, { status: 400 });
    }

--- a/src/app/api/user/route.ts
+++ b/src/app/api/user/route.ts
@@ -6,20 +6,8 @@ import { initPaymentProviders, paymentRegistry } from '@/lib/payment';
 import { getPaymentDisplayInfo } from '@/lib/pay-utils';
 import { resolveLocale } from '@/lib/locale';
 import { getSystemConfig } from '@/lib/system-config';
+import { resolveEnabledPaymentTypes } from '@/lib/payment/resolve-enabled-types';

-function resolveEnabledPaymentTypes(supportedTypes: string[], configuredTypes: string | undefined): string[] {
-  if (configuredTypes === undefined) return supportedTypes;
-
-  const configuredTypeSet = new Set(
-    configuredTypes
-      .split(',')
-      .map((type) => type.trim())
-      .filter(Boolean),
-  );
-  if (configuredTypeSet.size === 0) return supportedTypes;
-
-  return supportedTypes.filter((type) => configuredTypeSet.has(type));
-}

 export async function GET(request: NextRequest) {
  const locale = resolveLocale(request.nextUrl.searchParams.get('lang'));
@@ -55,14 +43,21 @@ export async function GET(request: NextRequest) {
    const env = getEnv();
    initPaymentProviders();
    const supportedTypes = paymentRegistry.getSupportedTypes();
-    const [user, configuredPaymentTypesRaw, balanceDisabledVal] = await Promise.all([
-      getUser(userId),
+
+    // getUser 与 config 查询并行；config 完成后立即启动 queryMethodLimits
+    const configPromise = Promise.all([
      getSystemConfig('ENABLED_PAYMENT_TYPES'),
      getSystemConfig('BALANCE_PAYMENT_DISABLED'),
+    ]).then(async ([configuredPaymentTypesRaw, balanceDisabledVal]) => {
+      const enabledTypes = resolveEnabledPaymentTypes(supportedTypes, configuredPaymentTypesRaw);
+      const methodLimits = await queryMethodLimits(enabledTypes);
+      return { enabledTypes, methodLimits, balanceDisabled: balanceDisabledVal === 'true' };
+    });
+
+    const [user, { enabledTypes, methodLimits, balanceDisabled }] = await Promise.all([
+      getUser(userId),
+      configPromise,
    ]);
-    const enabledTypes = resolveEnabledPaymentTypes(supportedTypes, configuredPaymentTypesRaw);
-    const methodLimits = await queryMethodLimits(enabledTypes);
-    const balanceDisabled = balanceDisabledVal === 'true';

    // 收集 sublabel 覆盖
    const sublabelOverrides: Record<string, string> = {};
--- a/src/lib/payment/resolve-enabled-types.ts
+++ b/src/lib/payment/resolve-enabled-types.ts
@@ -0,0 +1,30 @@
+import { getSystemConfig } from '@/lib/system-config';
+import { initPaymentProviders, paymentRegistry } from '@/lib/payment';
+
+/**
+ * 根据 ENABLED_PAYMENT_TYPES 配置过滤支持的支付类型。
+ * configuredTypes 为 undefined 或空字符串时回退到全部支持类型。
+ */
+export function resolveEnabledPaymentTypes(supportedTypes: string[], configuredTypes: string | undefined): string[] {
+  if (configuredTypes === undefined) return supportedTypes;
+
+  const configuredTypeSet = new Set(
+    configuredTypes
+      .split(',')
+      .map((type) => type.trim())
+      .filter(Boolean),
+  );
+  if (configuredTypeSet.size === 0) return supportedTypes;
+
+  return supportedTypes.filter((type) => configuredTypeSet.has(type));
+}
+
+/**
+ * 获取当前启用的支付类型（结合 registry 支持类型 + 数据库 ENABLED_PAYMENT_TYPES 配置）。
+ */
+export async function getEnabledPaymentTypes(): Promise<string[]> {
+  initPaymentProviders();
+  const supportedTypes = paymentRegistry.getSupportedTypes();
+  const configuredTypes = await getSystemConfig('ENABLED_PAYMENT_TYPES');
+  return resolveEnabledPaymentTypes(supportedTypes, configuredTypes);
+}