ac0772b0f4
- /api/user 添加 token 认证,防止用户枚举 - Admin token 支持 Authorization header - /api/orders/my 区分认证失败和服务端错误 - Admin orders userId/date 参数校验 - Decimal 字段统一 Number() 转换 - 抽取 handleApiError/extractHeaders 工具函数 - Webhook 路由改用 Registry 获取 Provider - PaymentRegistry lazy init 自动初始化 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
38 lines
1.2 KiB
TypeScript
38 lines
1.2 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server';
|
|
import { z } from 'zod';
|
|
import { cancelOrder } from '@/lib/order/service';
|
|
import { getCurrentUserByToken } from '@/lib/sub2api/client';
|
|
import { handleApiError } from '@/lib/utils/api';
|
|
|
|
const cancelSchema = z.object({
|
|
token: z.string().min(1),
|
|
});
|
|
|
|
export async function POST(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
|
|
try {
|
|
const { id } = await params;
|
|
const body = await request.json();
|
|
const parsed = cancelSchema.safeParse(body);
|
|
|
|
if (!parsed.success) {
|
|
return NextResponse.json({ error: '缺少 token 参数' }, { status: 400 });
|
|
}
|
|
|
|
let userId: number;
|
|
try {
|
|
const user = await getCurrentUserByToken(parsed.data.token);
|
|
userId = user.id;
|
|
} catch {
|
|
return NextResponse.json({ error: '登录态已失效,无法取消订单' }, { status: 401 });
|
|
}
|
|
|
|
const outcome = await cancelOrder(id, userId);
|
|
if (outcome === 'already_paid') {
|
|
return NextResponse.json({ success: true, status: 'PAID', message: '订单已支付完成' });
|
|
}
|
|
return NextResponse.json({ success: true });
|
|
} catch (error) {
|
|
return handleApiError(error, '取消订单失败');
|
|
}
|
|
}
|