feat: integrate Stripe payment with bugfixes and active timeout cancellation

- Add Stripe payment provider with Checkout Session flow - Payment provider abstraction layer (EasyPay + Stripe unified interface) - Stripe webhook with proper raw body handling and signature verification - Frontend: Stripe button with URL validation, anti-duplicate click, noopener - Active timeout cancellation: query platform before expiring, recover paid orders - Singleton Stripe client, idempotency keys, Math.round for amounts - Handle async_payment events, return null for unknown webhook events - Set Checkout Session expires_at aligned with order timeout - Add cancelPayment to provider interface (Stripe: sessions.expire, EasyPay: no-op) - Enable stripe in frontend payment type list
2026-03-01 17:58:08 +08:00
parent 2f45044073
commit d9ab65ecf2
59 changed files with 1571 additions and 432 deletions
--- a/src/app/api/admin/orders/[id]/cancel/route.ts
+++ b/src/app/api/admin/orders/[id]/cancel/route.ts
@@ -2,10 +2,7 @@ import { NextRequest, NextResponse } from 'next/server';
 import { verifyAdminToken, unauthorizedResponse } from '@/lib/admin-auth';
 import { adminCancelOrder, OrderError } from '@/lib/order/service';

-export async function POST(
-  request: NextRequest,
-  { params }: { params: Promise<{ id: string }> },
-) {
+export async function POST(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
  if (!verifyAdminToken(request)) return unauthorizedResponse();

  try {
@@ -14,10 +11,7 @@ export async function POST(
    return NextResponse.json({ success: true });
  } catch (error) {
    if (error instanceof OrderError) {
-      return NextResponse.json(
-        { error: error.message, code: error.code },
-        { status: error.statusCode },
-      );
+      return NextResponse.json({ error: error.message, code: error.code }, { status: error.statusCode });
    }
    console.error('Admin cancel order error:', error);
    return NextResponse.json({ error: '取消订单失败' }, { status: 500 });
--- a/src/app/api/admin/orders/[id]/retry/route.ts
+++ b/src/app/api/admin/orders/[id]/retry/route.ts
@@ -2,10 +2,7 @@ import { NextRequest, NextResponse } from 'next/server';
 import { verifyAdminToken, unauthorizedResponse } from '@/lib/admin-auth';
 import { retryRecharge, OrderError } from '@/lib/order/service';

-export async function POST(
-  request: NextRequest,
-  { params }: { params: Promise<{ id: string }> },
-) {
+export async function POST(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
  if (!verifyAdminToken(request)) return unauthorizedResponse();

  try {
@@ -14,10 +11,7 @@ export async function POST(
    return NextResponse.json({ success: true });
  } catch (error) {
    if (error instanceof OrderError) {
-      return NextResponse.json(
-        { error: error.message, code: error.code },
-        { status: error.statusCode },
-      );
+      return NextResponse.json({ error: error.message, code: error.code }, { status: error.statusCode });
    }
    console.error('Retry recharge error:', error);
    return NextResponse.json({ error: '重试充值失败' }, { status: 500 });
--- a/src/app/api/admin/orders/[id]/route.ts
+++ b/src/app/api/admin/orders/[id]/route.ts
@@ -2,10 +2,7 @@ import { NextRequest, NextResponse } from 'next/server';
 import { prisma } from '@/lib/db';
 import { verifyAdminToken, unauthorizedResponse } from '@/lib/admin-auth';

-export async function GET(
-  request: NextRequest,
-  { params }: { params: Promise<{ id: string }> },
-) {
+export async function GET(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
  if (!verifyAdminToken(request)) return unauthorizedResponse();

  const { id } = await params;
--- a/src/app/api/admin/orders/route.ts
+++ b/src/app/api/admin/orders/route.ts
@@ -1,7 +1,7 @@
 import { NextRequest, NextResponse } from 'next/server';
 import { prisma } from '@/lib/db';
 import { verifyAdminToken, unauthorizedResponse } from '@/lib/admin-auth';
-import { Prisma } from '@prisma/client';
+import { Prisma, OrderStatus } from '@prisma/client';

 export async function GET(request: NextRequest) {
  if (!verifyAdminToken(request)) return unauthorizedResponse();
@@ -15,7 +15,7 @@ export async function GET(request: NextRequest) {
  const dateTo = searchParams.get('date_to');

  const where: Prisma.OrderWhereInput = {};
-  if (status) where.status = status as any;
+  if (status && status in OrderStatus) where.status = status as OrderStatus;
  if (userId) where.userId = Number(userId);
  if (dateFrom || dateTo) {
    where.createdAt = {};
@@ -48,7 +48,7 @@ export async function GET(request: NextRequest) {
  ]);

  return NextResponse.json({
-    orders: orders.map(o => ({
+    orders: orders.map((o) => ({
      ...o,
      amount: Number(o.amount),
    })),
--- a/src/app/api/admin/refund/route.ts
+++ b/src/app/api/admin/refund/route.ts
@@ -17,10 +17,7 @@ export async function POST(request: NextRequest) {
    const parsed = refundSchema.safeParse(body);

    if (!parsed.success) {
-      return NextResponse.json(
-        { error: '参数错误', details: parsed.error.flatten().fieldErrors },
-        { status: 400 },
-      );
+      return NextResponse.json({ error: '参数错误', details: parsed.error.flatten().fieldErrors }, { status: 400 });
    }

    const result = await processRefund({
@@ -32,10 +29,7 @@ export async function POST(request: NextRequest) {
    return NextResponse.json(result);
  } catch (error) {
    if (error instanceof OrderError) {
-      return NextResponse.json(
-        { error: error.message, code: error.code },
-        { status: error.statusCode },
-      );
+      return NextResponse.json({ error: error.message, code: error.code }, { status: error.statusCode });
    }
    console.error('Refund error:', error);
    return NextResponse.json({ error: '退款失败' }, { status: 500 });