wanwu/sub2apipay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: integrate Stripe payment with bugfixes and active timeout cancellation

Browse Source 
- Add Stripe payment provider with Checkout Session flow
- Payment provider abstraction layer (EasyPay + Stripe unified interface)
- Stripe webhook with proper raw body handling and signature verification
- Frontend: Stripe button with URL validation, anti-duplicate click, noopener
- Active timeout cancellation: query platform before expiring, recover paid orders
- Singleton Stripe client, idempotency keys, Math.round for amounts
- Handle async_payment events, return null for unknown webhook events
- Set Checkout Session expires_at aligned with order timeout
- Add cancelPayment to provider interface (Stripe: sessions.expire, EasyPay: no-op)
- Enable stripe in frontend payment type list
This commit is contained in:
erio
2026-03-01 17:58:08 +08:00
parent 2f45044073
commit d9ab65ecf2
59 changed files with 1571 additions and 432 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/app/api/admin/orders/[id]/cancel/route.ts
View File

@@ -2,10 +2,7 @@ import { NextRequest, NextResponse } from 'next/server';
import { verifyAdminToken, unauthorizedResponse } from '@/lib/admin-auth';
import { adminCancelOrder, OrderError } from '@/lib/order/service';
export async function POST(
request: NextRequest,
{ params }: { params: Promise<{ id: string }> },
) {
export async function POST(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
if (!verifyAdminToken(request)) return unauthorizedResponse();
try {
@@ -14,10 +11,7 @@ export async function POST(
return NextResponse.json({ success: true });
} catch (error) {
if (error instanceof OrderError) {
return NextResponse.json(
{ error: error.message, code: error.code },
{ status: error.statusCode },
);
return NextResponse.json({ error: error.message, code: error.code }, { status: error.statusCode });
}
console.error('Admin cancel order error:', error);
return NextResponse.json({ error: '取消订单失败' }, { status: 500 });

10
src/app/api/admin/orders/[id]/retry/route.ts
View File

@@ -2,10 +2,7 @@ import { NextRequest, NextResponse } from 'next/server';
import { verifyAdminToken, unauthorizedResponse } from '@/lib/admin-auth';
import { retryRecharge, OrderError } from '@/lib/order/service';
export async function POST(
request: NextRequest,
{ params }: { params: Promise<{ id: string }> },
) {
export async function POST(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
if (!verifyAdminToken(request)) return unauthorizedResponse();
try {
@@ -14,10 +11,7 @@ export async function POST(
return NextResponse.json({ success: true });
} catch (error) {
if (error instanceof OrderError) {
return NextResponse.json(
{ error: error.message, code: error.code },
{ status: error.statusCode },
);
return NextResponse.json({ error: error.message, code: error.code }, { status: error.statusCode });
}
console.error('Retry recharge error:', error);
return NextResponse.json({ error: '重试充值失败' }, { status: 500 });

5
src/app/api/admin/orders/[id]/route.ts
View File

@@ -2,10 +2,7 @@ import { NextRequest, NextResponse } from 'next/server';
import { prisma } from '@/lib/db';
import { verifyAdminToken, unauthorizedResponse } from '@/lib/admin-auth';
export async function GET(
request: NextRequest,
{ params }: { params: Promise<{ id: string }> },
) {
export async function GET(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
if (!verifyAdminToken(request)) return unauthorizedResponse();
const { id } = await params;

6
src/app/api/admin/orders/route.ts
View File

@@ -1,7 +1,7 @@
import { NextRequest, NextResponse } from 'next/server';
import { prisma } from '@/lib/db';
import { verifyAdminToken, unauthorizedResponse } from '@/lib/admin-auth';
import { Prisma } from '@prisma/client';
import { Prisma, OrderStatus } from '@prisma/client';
export async function GET(request: NextRequest) {
if (!verifyAdminToken(request)) return unauthorizedResponse();
@@ -15,7 +15,7 @@ export async function GET(request: NextRequest) {
const dateTo = searchParams.get('date_to');
const where: Prisma.OrderWhereInput = {};
if (status) where.status = status as any;
if (status && status in OrderStatus) where.status = status as OrderStatus;
if (userId) where.userId = Number(userId);
if (dateFrom || dateTo) {
where.createdAt = {};
@@ -48,7 +48,7 @@ export async function GET(request: NextRequest) {
]);
return NextResponse.json({
orders: orders.map(o => ({
orders: orders.map((o) => ({
...o,
amount: Number(o.amount),
})),

10
src/app/api/admin/refund/route.ts
View File

@@ -17,10 +17,7 @@ export async function POST(request: NextRequest) {
const parsed = refundSchema.safeParse(body);
if (!parsed.success) {
return NextResponse.json(
{ error: '参数错误', details: parsed.error.flatten().fieldErrors },
{ status: 400 },
);
return NextResponse.json({ error: '参数错误', details: parsed.error.flatten().fieldErrors }, { status: 400 });
}
const result = await processRefund({
@@ -32,10 +29,7 @@ export async function POST(request: NextRequest) {
return NextResponse.json(result);
} catch (error) {
if (error instanceof OrderError) {
return NextResponse.json(
{ error: error.message, code: error.code },
{ status: error.statusCode },
);
return NextResponse.json({ error: error.message, code: error.code }, { status: error.statusCode });
}
console.error('Refund error:', error);
return NextResponse.json({ error: '退款失败' }, { status: 500 });

26
src/app/api/easy-pay/notify/route.ts
View File

@@ -1,25 +1,19 @@
import { NextRequest } from 'next/server';
import { handlePaymentNotify } from '@/lib/order/service';
import type { EasyPayNotifyParams } from '@/lib/easy-pay/types';
import { EasyPayProvider } from '@/lib/easy-pay/provider';
const easyPayProvider = new EasyPayProvider();
export async function GET(request: NextRequest) {
try {
const searchParams = request.nextUrl.searchParams;
const rawBody = request.nextUrl.searchParams.toString();
const headers: Record<string, string> = {};
request.headers.forEach((value, key) => {
headers[key] = value;
});
const params: EasyPayNotifyParams = {
pid: searchParams.get('pid') || '',
name: searchParams.get('name') || '',
money: searchParams.get('money') || '',
out_trade_no: searchParams.get('out_trade_no') || '',
trade_no: searchParams.get('trade_no') || '',
param: searchParams.get('param') || '',
trade_status: searchParams.get('trade_status') || '',
type: searchParams.get('type') || '',
sign: searchParams.get('sign') || '',
sign_type: searchParams.get('sign_type') || '',
};
const success = await handlePaymentNotify(params);
const notification = await easyPayProvider.verifyNotification(rawBody, headers);
const success = await handlePaymentNotify(notification, easyPayProvider.name);
return new Response(success ? 'success' : 'fail', {
headers: { 'Content-Type': 'text/plain' },
});

15
src/app/api/orders/[id]/cancel/route.ts
View File

@@ -6,30 +6,21 @@ const cancelSchema = z.object({
user_id: z.number().int().positive(),
});
export async function POST(
request: NextRequest,
{ params }: { params: Promise<{ id: string }> },
) {
export async function POST(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
try {
const { id } = await params;
const body = await request.json();
const parsed = cancelSchema.safeParse(body);
if (!parsed.success) {
return NextResponse.json(
{ error: '参数错误', details: parsed.error.flatten().fieldErrors },
{ status: 400 },
);
return NextResponse.json({ error: '参数错误', details: parsed.error.flatten().fieldErrors }, { status: 400 });
}
await cancelOrder(id, parsed.data.user_id);
return NextResponse.json({ success: true });
} catch (error) {
if (error instanceof OrderError) {
return NextResponse.json(
{ error: error.message, code: error.code },
{ status: error.statusCode },
);
return NextResponse.json({ error: error.message, code: error.code }, { status: error.statusCode });
}
console.error('Cancel order error:', error);
return NextResponse.json({ error: '取消订单失败' }, { status: 500 });

5
src/app/api/orders/[id]/route.ts
View File

@@ -1,10 +1,7 @@
import { NextRequest, NextResponse } from 'next/server';
import { prisma } from '@/lib/db';
export async function GET(
request: NextRequest,
{ params }: { params: Promise<{ id: string }> },
) {
export async function GET(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const { id } = await params;
const order = await prisma.order.findUnique({

27
src/app/api/orders/route.ts
View File

@@ -6,7 +6,7 @@ import { getEnv } from '@/lib/config';
const createOrderSchema = z.object({
user_id: z.number().int().positive(),
amount: z.number().positive(),
payment_type: z.enum(['alipay', 'wxpay']),
payment_type: z.enum(['alipay', 'wxpay', 'stripe']),
});
export async function POST(request: NextRequest) {
@@ -16,10 +16,7 @@ export async function POST(request: NextRequest) {
const parsed = createOrderSchema.safeParse(body);
if (!parsed.success) {
return NextResponse.json(
{ error: '参数错误', details: parsed.error.flatten().fieldErrors },
{ status: 400 },
);
return NextResponse.json({ error: '参数错误', details: parsed.error.flatten().fieldErrors }, { status: 400 });
}
const { user_id, amount, payment_type } = parsed.data;
@@ -34,15 +31,11 @@ export async function POST(request: NextRequest) {
// Validate payment type is enabled
if (!env.ENABLED_PAYMENT_TYPES.includes(payment_type)) {
return NextResponse.json(
{ error: `不支持的支付方式: ${payment_type}` },
{ status: 400 },
);
return NextResponse.json({ error: `不支持的支付方式: ${payment_type}` }, { status: 400 });
}
const clientIp = request.headers.get('x-forwarded-for')?.split(',')[0]?.trim()
|| request.headers.get('x-real-ip')
|| '127.0.0.1';
const clientIp =
request.headers.get('x-forwarded-for')?.split(',')[0]?.trim() || request.headers.get('x-real-ip') || '127.0.0.1';
const result = await createOrder({
userId: user_id,
@@ -54,15 +47,9 @@ export async function POST(request: NextRequest) {
return NextResponse.json(result);
} catch (error) {
if (error instanceof OrderError) {
return NextResponse.json(
{ error: error.message, code: error.code },
{ status: error.statusCode },
);
return NextResponse.json({ error: error.message, code: error.code }, { status: error.statusCode });
}
console.error('Create order error:', error);
return NextResponse.json(
{ error: '创建订单失败,请稍后重试' },
{ status: 500 },
);
return NextResponse.json({ error: '创建订单失败,请稍后重试' }, { status: 500 });
}
}

35
src/app/api/stripe/webhook/route.ts Normal file
View File

@@ -0,0 +1,35 @@
import { NextRequest, NextResponse } from 'next/server';
import { initPaymentProviders, paymentRegistry } from '@/lib/payment';
import type { PaymentType } from '@/lib/payment';
import { handlePaymentNotify } from '@/lib/order/service';
// Stripe needs raw body - ensure Next.js doesn't parse it
export const dynamic = 'force-dynamic';
export async function POST(request: NextRequest): Promise<NextResponse> {
try {
initPaymentProviders();
const provider = paymentRegistry.getProvider('stripe' as PaymentType);
const rawBody = Buffer.from(await request.arrayBuffer());
const headers: Record<string, string> = {};
request.headers.forEach((value, key) => {
headers[key.toLowerCase()] = value;
});
const notification = await provider.verifyNotification(rawBody, headers);
if (!notification) {
// Unknown event type — acknowledge receipt
return NextResponse.json({ received: true });
}
await handlePaymentNotify(notification, provider.name);
return NextResponse.json({ received: true });
} catch (error) {
console.error('Stripe webhook error:', error);
return NextResponse.json(
{ error: 'Webhook processing failed' },
{ status: 400 },
);
}
}

5
src/app/api/users/[id]/route.ts
View File

@@ -1,10 +1,7 @@
import { NextResponse } from 'next/server';
import { getUser } from '@/lib/sub2api/client';
export async function GET(
_request: Request,
{ params }: { params: Promise<{ id: string }> },
) {
export async function GET(_request: Request, { params }: { params: Promise<{ id: string }> }) {
const { id } = await params;
const userId = Number(id);