ac0772b0f4
- /api/user 添加 token 认证,防止用户枚举 - Admin token 支持 Authorization header - /api/orders/my 区分认证失败和服务端错误 - Admin orders userId/date 参数校验 - Decimal 字段统一 Number() 转换 - 抽取 handleApiError/extractHeaders 工具函数 - Webhook 路由改用 Registry 获取 Provider - PaymentRegistry lazy init 自动初始化 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
30 lines
1.1 KiB
TypeScript
30 lines
1.1 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server';
|
|
import { paymentRegistry } from '@/lib/payment';
|
|
import type { PaymentType } from '@/lib/payment';
|
|
import { handlePaymentNotify } from '@/lib/order/service';
|
|
import { extractHeaders } from '@/lib/utils/api';
|
|
|
|
// Stripe needs raw body - ensure Next.js doesn't parse it
|
|
export const dynamic = 'force-dynamic';
|
|
|
|
export async function POST(request: NextRequest): Promise<NextResponse> {
|
|
try {
|
|
const provider = paymentRegistry.getProvider('stripe' as PaymentType);
|
|
|
|
const rawBody = Buffer.from(await request.arrayBuffer());
|
|
const headers = extractHeaders(request);
|
|
|
|
const notification = await provider.verifyNotification(rawBody, headers);
|
|
if (!notification) {
|
|
// Unknown event type — acknowledge receipt
|
|
return NextResponse.json({ received: true });
|
|
}
|
|
await handlePaymentNotify(notification, provider.name);
|
|
|
|
return NextResponse.json({ received: true });
|
|
} catch (error) {
|
|
console.error('Stripe webhook error:', error);
|
|
return NextResponse.json({ error: 'Webhook processing failed' }, { status: 400 });
|
|
}
|
|
}
|