fix: 提取 resolveEnabledPaymentTypes 共享函数，下单接口同步校验 + 恢复并发

- 将 resolveEnabledPaymentTypes 提取到 src/lib/payment/resolve-enabled-types.ts - /api/orders 下单时也校验 ENABLED_PAYMENT_TYPES 配置，防止绕过前端直接调用 - /api/user 恢复 queryMethodLimits 与 getUser 并发执行，避免性能退化
2026-03-15 02:56:28 +08:00
parent 0a94cecad8
commit 33e4a811f3
3 changed files with 47 additions and 20 deletions
--- a/src/app/api/orders/route.ts
+++ b/src/app/api/orders/route.ts
@@ -3,6 +3,7 @@ import { z } from 'zod';
 import { createOrder } from '@/lib/order/service';
 import { getEnv } from '@/lib/config';
 import { paymentRegistry } from '@/lib/payment';
+import { getEnabledPaymentTypes } from '@/lib/payment/resolve-enabled-types';
 import { getCurrentUserByToken } from '@/lib/sub2api/client';
 import { handleApiError } from '@/lib/utils/api';

@@ -59,8 +60,9 @@ export async function POST(request: NextRequest) {
      }
    }

-    // Validate payment type is enabled
-    if (!paymentRegistry.getSupportedTypes().includes(payment_type)) {
+    // Validate payment type is enabled (registry + ENABLED_PAYMENT_TYPES config)
+    const enabledTypes = await getEnabledPaymentTypes();
+    if (!enabledTypes.includes(payment_type)) {
      return NextResponse.json({ error: `不支持的支付方式: ${payment_type}` }, { status: 400 });
    }