feat: 订单来源追踪，保存 src_host / src_url 到订单记录

iframe 嵌入充值页面时 URL 自动附带来源参数，写入数据库用于追踪分析。

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

prisma/migrations/20260302000000_add_order_source_tracking/migration.sql

@@ -0,0 +1,3 @@
+-- AlterTable
+ALTER TABLE "orders" ADD COLUMN "src_host" TEXT,
+ADD COLUMN "src_url" TEXT;

prisma/schema.prisma

@@ -34,6 +34,8 @@ model Order {
   createdAt     DateTime    @default(now()) @map("created_at")
   updatedAt     DateTime    @updatedAt @map("updated_at")
   clientIp      String?     @map("client_ip")
+  srcHost       String?     @map("src_host")
+  srcUrl        String?     @map("src_url")
 
   auditLogs     AuditLog[]
 

src/app/admin/page.tsx

@@ -31,6 +31,8 @@ interface AdminOrderDetail extends AdminOrder {
   failedAt: string | null;
   updatedAt: string;
   clientIp: string | null;
+  srcHost: string | null;
+  srcUrl: string | null;
   paymentSuccess?: boolean;
   rechargeSuccess?: boolean;
   rechargeStatus?: string;

src/app/api/orders/route.ts

@@ -7,6 +7,8 @@ const createOrderSchema = z.object({
   user_id: z.number().int().positive(),
   amount: z.number().positive(),
   payment_type: z.enum(['alipay', 'wxpay', 'stripe']),
+  src_host: z.string().optional(),
+  src_url: z.string().optional(),
 });
 
 export async function POST(request: NextRequest) {
@@ -19,7 +21,7 @@ export async function POST(request: NextRequest) {
       return NextResponse.json({ error: '参数错误', details: parsed.error.flatten().fieldErrors }, { status: 400 });
     }
 
-    const { user_id, amount, payment_type } = parsed.data;
+    const { user_id, amount, payment_type, src_host, src_url } = parsed.data;
 
     // Validate amount range
     if (amount < env.MIN_RECHARGE_AMOUNT || amount > env.MAX_RECHARGE_AMOUNT) {
@@ -42,6 +44,8 @@ export async function POST(request: NextRequest) {
       amount,
       paymentType: payment_type,
       clientIp,
+      srcHost: src_host,
+      srcUrl: src_url,
     });
 
     // 不向客户端暴露 userName / userBalance 等隐私字段

src/app/pay/page.tsx

@@ -38,6 +38,8 @@ function PayContent() {
   const theme = searchParams.get('theme') === 'dark' ? 'dark' : 'light';
   const uiMode = searchParams.get('ui_mode') || 'standalone';
   const tab = searchParams.get('tab');
+  const srcHost = searchParams.get('src_host') || undefined;
+  const srcUrl = searchParams.get('src_url') || undefined;
   const isDark = theme === 'dark';
 
   const [isIframeContext, setIsIframeContext] = useState(true);
@@ -230,6 +232,8 @@ function PayContent() {
           user_id: effectiveUserId,
           amount,
           payment_type: paymentType,
+          src_host: srcHost,
+          src_url: srcUrl,
         }),
       });
 

src/components/admin/OrderDetail.tsx

@@ -31,6 +31,8 @@ interface OrderDetailProps {
     createdAt: string;
     updatedAt: string;
     clientIp: string | null;
+    srcHost: string | null;
+    srcUrl: string | null;
     paymentSuccess?: boolean;
     rechargeSuccess?: boolean;
     rechargeStatus?: string;
@@ -54,6 +56,8 @@ export default function OrderDetail({ order, onClose }: OrderDetailProps) {
     { label: '充值码', value: order.rechargeCode },
     { label: '支付单号', value: order.paymentTradeNo || '-' },
     { label: '客户端IP', value: order.clientIp || '-' },
+    { label: '来源域名', value: order.srcHost || '-' },
+    { label: '来源页面', value: order.srcUrl || '-' },
     { label: '创建时间', value: new Date(order.createdAt).toLocaleString('zh-CN') },
     { label: '过期时间', value: new Date(order.expiresAt).toLocaleString('zh-CN') },
     { label: '支付时间', value: order.paidAt ? new Date(order.paidAt).toLocaleString('zh-CN') : '-' },

src/lib/order/service.ts

@@ -15,6 +15,8 @@ export interface CreateOrderInput {
   amount: number;
   paymentType: PaymentType;
   clientIp: string;
+  srcHost?: string;
+  srcUrl?: string;
 }
 
 export interface CreateOrderResult {
@@ -106,6 +108,8 @@ export async function createOrder(input: CreateOrderInput): Promise<CreateOrderR
       paymentType: input.paymentType,
       expiresAt,
       clientIp: input.clientIp,
+      srcHost: input.srcHost || null,
+      srcUrl: input.srcUrl || null,
     },
   });