feat: migrate payment provider to easy-pay, add order history and refund support

- Replace zpay with easy-pay payment provider (new lib/easy-pay/ module) - Add order history page for users (pay/orders) - Add GET /api/orders/my endpoint to list user's own orders - Add GET /api/users/[id] endpoint for sub2api user lookup - Add order status tracking module (lib/order/status.ts) - Update config to support easy-pay credentials (merchant ID, key, gateway) - Update PaymentForm and PaymentQRCode components for easy-pay flow - Update pay page and admin page with new order management UI - Update order service to support easy-pay, cancellation, and refund
2026-03-01 03:04:24 +08:00
commit d5719bf213
73 changed files with 10616 additions and 0 deletions
--- a/src/app/api/admin/orders/[id]/cancel/route.ts
+++ b/src/app/api/admin/orders/[id]/cancel/route.ts
@@ -0,0 +1,25 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { verifyAdminToken, unauthorizedResponse } from '@/lib/admin-auth';
+import { adminCancelOrder, OrderError } from '@/lib/order/service';
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> },
+) {
+  if (!verifyAdminToken(request)) return unauthorizedResponse();
+
+  try {
+    const { id } = await params;
+    await adminCancelOrder(id);
+    return NextResponse.json({ success: true });
+  } catch (error) {
+    if (error instanceof OrderError) {
+      return NextResponse.json(
+        { error: error.message, code: error.code },
+        { status: error.statusCode },
+      );
+    }
+    console.error('Admin cancel order error:', error);
+    return NextResponse.json({ error: '取消订单失败' }, { status: 500 });
+  }
+}
--- a/src/app/api/admin/orders/[id]/retry/route.ts
+++ b/src/app/api/admin/orders/[id]/retry/route.ts
@@ -0,0 +1,25 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { verifyAdminToken, unauthorizedResponse } from '@/lib/admin-auth';
+import { retryRecharge, OrderError } from '@/lib/order/service';
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> },
+) {
+  if (!verifyAdminToken(request)) return unauthorizedResponse();
+
+  try {
+    const { id } = await params;
+    await retryRecharge(id);
+    return NextResponse.json({ success: true });
+  } catch (error) {
+    if (error instanceof OrderError) {
+      return NextResponse.json(
+        { error: error.message, code: error.code },
+        { status: error.statusCode },
+      );
+    }
+    console.error('Retry recharge error:', error);
+    return NextResponse.json({ error: '重试充值失败' }, { status: 500 });
+  }
+}
--- a/src/app/api/admin/orders/[id]/route.ts
+++ b/src/app/api/admin/orders/[id]/route.ts
@@ -0,0 +1,31 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { prisma } from '@/lib/db';
+import { verifyAdminToken, unauthorizedResponse } from '@/lib/admin-auth';
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> },
+) {
+  if (!verifyAdminToken(request)) return unauthorizedResponse();
+
+  const { id } = await params;
+
+  const order = await prisma.order.findUnique({
+    where: { id },
+    include: {
+      auditLogs: {
+        orderBy: { createdAt: 'desc' },
+      },
+    },
+  });
+
+  if (!order) {
+    return NextResponse.json({ error: '订单不存在' }, { status: 404 });
+  }
+
+  return NextResponse.json({
+    ...order,
+    amount: Number(order.amount),
+    refundAmount: order.refundAmount ? Number(order.refundAmount) : null,
+  });
+}
--- a/src/app/api/admin/orders/route.ts
+++ b/src/app/api/admin/orders/route.ts
@@ -0,0 +1,60 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { prisma } from '@/lib/db';
+import { verifyAdminToken, unauthorizedResponse } from '@/lib/admin-auth';
+import { Prisma } from '@prisma/client';
+
+export async function GET(request: NextRequest) {
+  if (!verifyAdminToken(request)) return unauthorizedResponse();
+
+  const searchParams = request.nextUrl.searchParams;
+  const page = Math.max(1, Number(searchParams.get('page') || '1'));
+  const pageSize = Math.min(100, Math.max(1, Number(searchParams.get('page_size') || '20')));
+  const status = searchParams.get('status');
+  const userId = searchParams.get('user_id');
+  const dateFrom = searchParams.get('date_from');
+  const dateTo = searchParams.get('date_to');
+
+  const where: Prisma.OrderWhereInput = {};
+  if (status) where.status = status as any;
+  if (userId) where.userId = Number(userId);
+  if (dateFrom || dateTo) {
+    where.createdAt = {};
+    if (dateFrom) where.createdAt.gte = new Date(dateFrom);
+    if (dateTo) where.createdAt.lte = new Date(dateTo);
+  }
+
+  const [orders, total] = await Promise.all([
+    prisma.order.findMany({
+      where,
+      orderBy: { createdAt: 'desc' },
+      skip: (page - 1) * pageSize,
+      take: pageSize,
+      select: {
+        id: true,
+        userId: true,
+        userName: true,
+        userEmail: true,
+        amount: true,
+        status: true,
+        paymentType: true,
+        createdAt: true,
+        paidAt: true,
+        completedAt: true,
+        failedReason: true,
+        expiresAt: true,
+      },
+    }),
+    prisma.order.count({ where }),
+  ]);
+
+  return NextResponse.json({
+    orders: orders.map(o => ({
+      ...o,
+      amount: Number(o.amount),
+    })),
+    total,
+    page,
+    page_size: pageSize,
+    total_pages: Math.ceil(total / pageSize),
+  });
+}
--- a/src/app/api/admin/refund/route.ts
+++ b/src/app/api/admin/refund/route.ts
@@ -0,0 +1,43 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { z } from 'zod';
+import { verifyAdminToken, unauthorizedResponse } from '@/lib/admin-auth';
+import { processRefund, OrderError } from '@/lib/order/service';
+
+const refundSchema = z.object({
+  order_id: z.string().min(1),
+  reason: z.string().optional(),
+  force: z.boolean().optional().default(false),
+});
+
+export async function POST(request: NextRequest) {
+  if (!verifyAdminToken(request)) return unauthorizedResponse();
+
+  try {
+    const body = await request.json();
+    const parsed = refundSchema.safeParse(body);
+
+    if (!parsed.success) {
+      return NextResponse.json(
+        { error: '参数错误', details: parsed.error.flatten().fieldErrors },
+        { status: 400 },
+      );
+    }
+
+    const result = await processRefund({
+      orderId: parsed.data.order_id,
+      reason: parsed.data.reason,
+      force: parsed.data.force,
+    });
+
+    return NextResponse.json(result);
+  } catch (error) {
+    if (error instanceof OrderError) {
+      return NextResponse.json(
+        { error: error.message, code: error.code },
+        { status: error.statusCode },
+      );
+    }
+    console.error('Refund error:', error);
+    return NextResponse.json({ error: '退款失败' }, { status: 500 });
+  }
+}
--- a/src/app/api/easy-pay/notify/route.ts
+++ b/src/app/api/easy-pay/notify/route.ts
@@ -0,0 +1,32 @@
+import { NextRequest } from 'next/server';
+import { handlePaymentNotify } from '@/lib/order/service';
+import type { EasyPayNotifyParams } from '@/lib/easy-pay/types';
+
+export async function GET(request: NextRequest) {
+  try {
+    const searchParams = request.nextUrl.searchParams;
+
+    const params: EasyPayNotifyParams = {
+      pid: searchParams.get('pid') || '',
+      name: searchParams.get('name') || '',
+      money: searchParams.get('money') || '',
+      out_trade_no: searchParams.get('out_trade_no') || '',
+      trade_no: searchParams.get('trade_no') || '',
+      param: searchParams.get('param') || '',
+      trade_status: searchParams.get('trade_status') || '',
+      type: searchParams.get('type') || '',
+      sign: searchParams.get('sign') || '',
+      sign_type: searchParams.get('sign_type') || '',
+    };
+
+    const success = await handlePaymentNotify(params);
+    return new Response(success ? 'success' : 'fail', {
+      headers: { 'Content-Type': 'text/plain' },
+    });
+  } catch (error) {
+    console.error('EasyPay notify error:', error);
+    return new Response('fail', {
+      headers: { 'Content-Type': 'text/plain' },
+    });
+  }
+}
--- a/src/app/api/orders/[id]/cancel/route.ts
+++ b/src/app/api/orders/[id]/cancel/route.ts
@@ -0,0 +1,37 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { z } from 'zod';
+import { cancelOrder, OrderError } from '@/lib/order/service';
+
+const cancelSchema = z.object({
+  user_id: z.number().int().positive(),
+});
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> },
+) {
+  try {
+    const { id } = await params;
+    const body = await request.json();
+    const parsed = cancelSchema.safeParse(body);
+
+    if (!parsed.success) {
+      return NextResponse.json(
+        { error: '参数错误', details: parsed.error.flatten().fieldErrors },
+        { status: 400 },
+      );
+    }
+
+    await cancelOrder(id, parsed.data.user_id);
+    return NextResponse.json({ success: true });
+  } catch (error) {
+    if (error instanceof OrderError) {
+      return NextResponse.json(
+        { error: error.message, code: error.code },
+        { status: error.statusCode },
+      );
+    }
+    console.error('Cancel order error:', error);
+    return NextResponse.json({ error: '取消订单失败' }, { status: 500 });
+  }
+}
--- a/src/app/api/orders/[id]/route.ts
+++ b/src/app/api/orders/[id]/route.ts
@@ -0,0 +1,50 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { prisma } from '@/lib/db';
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> },
+) {
+  const { id } = await params;
+
+  const order = await prisma.order.findUnique({
+    where: { id },
+    select: {
+      id: true,
+      userId: true,
+      userName: true,
+      amount: true,
+      status: true,
+      paymentType: true,
+      payUrl: true,
+      qrCode: true,
+      qrCodeImg: true,
+      expiresAt: true,
+      paidAt: true,
+      completedAt: true,
+      failedReason: true,
+      createdAt: true,
+    },
+  });
+
+  if (!order) {
+    return NextResponse.json({ error: '订单不存在' }, { status: 404 });
+  }
+
+  return NextResponse.json({
+    order_id: order.id,
+    user_id: order.userId,
+    user_name: order.userName,
+    amount: Number(order.amount),
+    status: order.status,
+    payment_type: order.paymentType,
+    pay_url: order.payUrl,
+    qr_code: order.qrCode,
+    qr_code_img: order.qrCodeImg,
+    expires_at: order.expiresAt,
+    paid_at: order.paidAt,
+    completed_at: order.completedAt,
+    failed_reason: order.failedReason,
+    created_at: order.createdAt,
+  });
+}
--- a/src/app/api/orders/my/route.ts
+++ b/src/app/api/orders/my/route.ts
@@ -0,0 +1,56 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { prisma } from '@/lib/db';
+import { getCurrentUserByToken } from '@/lib/sub2api/client';
+import { deriveOrderState, isRechargeRetryable } from '@/lib/order/status';
+
+export async function GET(request: NextRequest) {
+  const token = request.nextUrl.searchParams.get('token')?.trim();
+  if (!token) {
+    return NextResponse.json({ error: 'token is required' }, { status: 400 });
+  }
+
+  try {
+    const user = await getCurrentUserByToken(token);
+    const orders = await prisma.order.findMany({
+      where: { userId: user.id },
+      orderBy: { createdAt: 'desc' },
+      take: 20,
+      select: {
+        id: true,
+        amount: true,
+        status: true,
+        paymentType: true,
+        createdAt: true,
+        paidAt: true,
+        completedAt: true,
+      },
+    });
+
+    return NextResponse.json({
+      user: {
+        id: user.id,
+        username: user.username,
+        email: user.email,
+        displayName: user.username || user.email || `User #${user.id}`,
+        balance: user.balance,
+      },
+      orders: orders.map((item) => {
+        const derived = deriveOrderState(item);
+        return {
+          id: item.id,
+          amount: Number(item.amount),
+          status: item.status,
+          paymentType: item.paymentType,
+          createdAt: item.createdAt,
+          paymentSuccess: derived.paymentSuccess,
+          rechargeSuccess: derived.rechargeSuccess,
+          rechargeStatus: derived.rechargeStatus,
+          rechargeRetryable: isRechargeRetryable(item),
+        };
+      }),
+    });
+  } catch (error) {
+    console.error('Get my orders error:', error);
+    return NextResponse.json({ error: 'unauthorized' }, { status: 401 });
+  }
+}
--- a/src/app/api/orders/route.ts
+++ b/src/app/api/orders/route.ts
@@ -0,0 +1,68 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { z } from 'zod';
+import { createOrder, OrderError } from '@/lib/order/service';
+import { getEnv } from '@/lib/config';
+
+const createOrderSchema = z.object({
+  user_id: z.number().int().positive(),
+  amount: z.number().positive(),
+  payment_type: z.enum(['alipay', 'wxpay']),
+});
+
+export async function POST(request: NextRequest) {
+  try {
+    const env = getEnv();
+    const body = await request.json();
+    const parsed = createOrderSchema.safeParse(body);
+
+    if (!parsed.success) {
+      return NextResponse.json(
+        { error: '参数错误', details: parsed.error.flatten().fieldErrors },
+        { status: 400 },
+      );
+    }
+
+    const { user_id, amount, payment_type } = parsed.data;
+
+    // Validate amount range
+    if (amount < env.MIN_RECHARGE_AMOUNT || amount > env.MAX_RECHARGE_AMOUNT) {
+      return NextResponse.json(
+        { error: `充值金额需在 ${env.MIN_RECHARGE_AMOUNT} - ${env.MAX_RECHARGE_AMOUNT} 之间` },
+        { status: 400 },
+      );
+    }
+
+    // Validate payment type is enabled
+    if (!env.ENABLED_PAYMENT_TYPES.includes(payment_type)) {
+      return NextResponse.json(
+        { error: `不支持的支付方式: ${payment_type}` },
+        { status: 400 },
+      );
+    }
+
+    const clientIp = request.headers.get('x-forwarded-for')?.split(',')[0]?.trim()
+      || request.headers.get('x-real-ip')
+      || '127.0.0.1';
+
+    const result = await createOrder({
+      userId: user_id,
+      amount,
+      paymentType: payment_type,
+      clientIp,
+    });
+
+    return NextResponse.json(result);
+  } catch (error) {
+    if (error instanceof OrderError) {
+      return NextResponse.json(
+        { error: error.message, code: error.code },
+        { status: error.statusCode },
+      );
+    }
+    console.error('Create order error:', error);
+    return NextResponse.json(
+      { error: '创建订单失败，请稍后重试' },
+      { status: 500 },
+    );
+  }
+}
--- a/src/app/api/user/route.ts
+++ b/src/app/api/user/route.ts
@@ -0,0 +1,37 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { getUser } from '@/lib/sub2api/client';
+import { getEnv } from '@/lib/config';
+
+export async function GET(request: NextRequest) {
+  const userId = Number(request.nextUrl.searchParams.get('user_id'));
+  if (!userId || isNaN(userId) || userId <= 0) {
+    return NextResponse.json({ error: '无效的用户 ID' }, { status: 400 });
+  }
+
+  try {
+    const env = getEnv();
+    const user = await getUser(userId);
+
+    return NextResponse.json({
+      user: {
+        id: user.id,
+        username: user.username,
+        email: user.email,
+        status: user.status,
+        balance: user.balance,
+      },
+      config: {
+        enabledPaymentTypes: env.ENABLED_PAYMENT_TYPES,
+        minAmount: env.MIN_RECHARGE_AMOUNT,
+        maxAmount: env.MAX_RECHARGE_AMOUNT,
+      },
+    });
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error);
+    if (message === 'USER_NOT_FOUND') {
+      return NextResponse.json({ error: '用户不存在' }, { status: 404 });
+    }
+    console.error('Get user error:', error);
+    return NextResponse.json({ error: '获取用户信息失败' }, { status: 500 });
+  }
+}
--- a/src/app/api/users/[id]/route.ts
+++ b/src/app/api/users/[id]/route.ts
@@ -0,0 +1,34 @@
+import { NextResponse } from 'next/server';
+import { getUser } from '@/lib/sub2api/client';
+
+export async function GET(
+  _request: Request,
+  { params }: { params: Promise<{ id: string }> },
+) {
+  const { id } = await params;
+  const userId = Number(id);
+
+  if (!Number.isInteger(userId) || userId <= 0) {
+    return NextResponse.json({ error: 'Invalid user id' }, { status: 400 });
+  }
+
+  try {
+    const user = await getUser(userId);
+    const displayName = user.username || user.email || `User #${user.id}`;
+
+    return NextResponse.json({
+      id: user.id,
+      username: user.username,
+      email: user.email,
+      displayName,
+      balance: user.balance,
+      status: user.status,
+    });
+  } catch (error) {
+    if (error instanceof Error && error.message === 'USER_NOT_FOUND') {
+      return NextResponse.json({ error: 'User not found' }, { status: 404 });
+    }
+    console.error('Get user info error:', error);
+    return NextResponse.json({ error: 'Get user info failed' }, { status: 500 });
+  }
+}
--- a/src/app/api/zpay/notify/route.ts
+++ b/src/app/api/zpay/notify/route.ts
@@ -0,0 +1,34 @@
+import { NextRequest } from 'next/server';
+import { handlePaymentNotify } from '@/lib/order/service';
+import type { ZPayNotifyParams } from '@/lib/zpay/types';
+
+export async function GET(request: NextRequest) {
+  try {
+    const searchParams = request.nextUrl.searchParams;
+
+    const params: ZPayNotifyParams = {
+      pid: searchParams.get('pid') || '',
+      name: searchParams.get('name') || '',
+      money: searchParams.get('money') || '',
+      out_trade_no: searchParams.get('out_trade_no') || '',
+      trade_no: searchParams.get('trade_no') || '',
+      param: searchParams.get('param') || '',
+      trade_status: searchParams.get('trade_status') || '',
+      type: searchParams.get('type') || '',
+      sign: searchParams.get('sign') || '',
+      sign_type: searchParams.get('sign_type') || '',
+    };
+
+    const success = await handlePaymentNotify(params);
+
+    // ZPAY requires plain text response
+    return new Response(success ? 'success' : 'fail', {
+      headers: { 'Content-Type': 'text/plain' },
+    });
+  } catch (error) {
+    console.error('ZPAY notify error:', error);
+    return new Response('fail', {
+      headers: { 'Content-Type': 'text/plain' },
+    });
+  }
+}