feat: integrate Stripe payment with bugfixes and active timeout cancellation

- Add Stripe payment provider with Checkout Session flow
- Payment provider abstraction layer (EasyPay + Stripe unified interface)
- Stripe webhook with proper raw body handling and signature verification
- Frontend: Stripe button with URL validation, anti-duplicate click, noopener
- Active timeout cancellation: query platform before expiring, recover paid orders
- Singleton Stripe client, idempotency keys, Math.round for amounts
- Handle async_payment events, return null for unknown webhook events
- Set Checkout Session expires_at aligned with order timeout
- Add cancelPayment to provider interface (Stripe: sessions.expire, EasyPay: no-op)
- Enable stripe in frontend payment type list

src/middleware.ts

@@ -7,7 +7,10 @@ export function middleware(request: NextRequest) {
   // IFRAME_ALLOW_ORIGINS: 允许嵌入 iframe 的外部域名（逗号分隔）
   const allowOrigins = process.env.IFRAME_ALLOW_ORIGINS || '';
 
-  const origins = allowOrigins.split(',').map(s => s.trim()).filter(Boolean);
+  const origins = allowOrigins
+    .split(',')
+    .map((s) => s.trim())
+    .filter(Boolean);
 
   if (origins.length > 0) {
     response.headers.set('Content-Security-Policy', `frame-ancestors 'self' ${origins.join(' ')}`);