ca03a501f2
安全加固: - 系统配置 API 增加写入 key 白名单,防止任意配置注入 - ADMIN_TOKEN 最小长度要求 16 字符 - 补充安全响应头(X-Content-Type-Options, X-Frame-Options, Referrer-Policy) - /api/users/[id] 和 /api/limits 增加 token 鉴权 - console.error 敏感信息脱敏(config route) - 敏感值 mask 修复短值完全隐藏 输入校验: - admin 渠道接口校验 rate_multiplier > 0、sort_order >= 0、name 非空 - admin 订阅套餐接口校验 price > 0、validity_days > 0、sort_order >= 0 金额精度: - feeRate 字段精度从 Decimal(5,2) 提升到 Decimal(5,4) - calculatePayAmount 返回 string 避免 Number 中间转换精度丢失 - 支付宝查询订单增加金额有效性校验(isFinite && > 0) UI 统一: - 订阅管理「售卖」列改为 toggle switch 开关(与渠道管理一致) - 表单中 checkbox 改为 toggle switch - 列名统一为「启用售卖」,支持直接点击切换
141 lines
4.3 KiB
Plaintext
141 lines
4.3 KiB
Plaintext
generator client {
|
|
provider = "prisma-client-js"
|
|
}
|
|
|
|
datasource db {
|
|
provider = "postgresql"
|
|
}
|
|
|
|
model Order {
|
|
id String @id @default(cuid())
|
|
userId Int @map("user_id")
|
|
userEmail String? @map("user_email")
|
|
userName String? @map("user_name")
|
|
userNotes String? @map("user_notes")
|
|
amount Decimal @db.Decimal(10, 2)
|
|
payAmount Decimal? @db.Decimal(10, 2) @map("pay_amount")
|
|
feeRate Decimal? @db.Decimal(5, 4) @map("fee_rate")
|
|
rechargeCode String @unique @map("recharge_code")
|
|
status OrderStatus @default(PENDING)
|
|
paymentType String @map("payment_type")
|
|
|
|
paymentTradeNo String? @map("payment_trade_no")
|
|
payUrl String? @map("pay_url")
|
|
qrCode String? @map("qr_code")
|
|
qrCodeImg String? @map("qr_code_img")
|
|
|
|
refundAmount Decimal? @db.Decimal(10, 2) @map("refund_amount")
|
|
refundReason String? @map("refund_reason")
|
|
refundAt DateTime? @map("refund_at")
|
|
forceRefund Boolean @default(false) @map("force_refund")
|
|
|
|
expiresAt DateTime @map("expires_at")
|
|
paidAt DateTime? @map("paid_at")
|
|
completedAt DateTime? @map("completed_at")
|
|
failedAt DateTime? @map("failed_at")
|
|
failedReason String? @map("failed_reason")
|
|
createdAt DateTime @default(now()) @map("created_at")
|
|
updatedAt DateTime @updatedAt @map("updated_at")
|
|
clientIp String? @map("client_ip")
|
|
srcHost String? @map("src_host")
|
|
srcUrl String? @map("src_url")
|
|
|
|
// ── 订单类型 & 订阅相关 ──
|
|
orderType String @default("balance") @map("order_type")
|
|
planId String? @map("plan_id")
|
|
plan SubscriptionPlan? @relation(fields: [planId], references: [id])
|
|
subscriptionGroupId Int? @map("subscription_group_id")
|
|
subscriptionDays Int? @map("subscription_days")
|
|
|
|
auditLogs AuditLog[]
|
|
|
|
@@index([userId])
|
|
@@index([status])
|
|
@@index([expiresAt])
|
|
@@index([createdAt])
|
|
@@index([paidAt])
|
|
@@index([paymentType, paidAt])
|
|
@@index([orderType])
|
|
@@map("orders")
|
|
}
|
|
|
|
enum OrderStatus {
|
|
PENDING
|
|
PAID
|
|
RECHARGING
|
|
COMPLETED
|
|
EXPIRED
|
|
CANCELLED
|
|
FAILED
|
|
REFUNDING
|
|
REFUNDED
|
|
REFUND_FAILED
|
|
}
|
|
|
|
model AuditLog {
|
|
id String @id @default(cuid())
|
|
orderId String @map("order_id")
|
|
order Order @relation(fields: [orderId], references: [id])
|
|
action String
|
|
detail String? @db.Text
|
|
operator String?
|
|
createdAt DateTime @default(now()) @map("created_at")
|
|
|
|
@@index([orderId])
|
|
@@index([createdAt])
|
|
@@map("audit_logs")
|
|
}
|
|
|
|
// ── 渠道展示配置 ──
|
|
model Channel {
|
|
id String @id @default(cuid())
|
|
groupId Int @unique @map("group_id")
|
|
name String
|
|
platform String @default("claude")
|
|
rateMultiplier Decimal @db.Decimal(10, 4) @map("rate_multiplier")
|
|
description String? @db.Text
|
|
models String? @db.Text
|
|
features String? @db.Text
|
|
sortOrder Int @default(0) @map("sort_order")
|
|
enabled Boolean @default(true)
|
|
createdAt DateTime @default(now()) @map("created_at")
|
|
updatedAt DateTime @updatedAt @map("updated_at")
|
|
|
|
@@index([sortOrder])
|
|
@@map("channels")
|
|
}
|
|
|
|
// ── 订阅套餐配置 ──
|
|
model SubscriptionPlan {
|
|
id String @id @default(cuid())
|
|
groupId Int @unique @map("group_id")
|
|
name String
|
|
description String? @db.Text
|
|
price Decimal @db.Decimal(10, 2)
|
|
originalPrice Decimal? @db.Decimal(10, 2) @map("original_price")
|
|
validityDays Int @default(30) @map("validity_days")
|
|
validityUnit String @default("day") @map("validity_unit") // day | week | month
|
|
features String? @db.Text
|
|
forSale Boolean @default(false) @map("for_sale")
|
|
sortOrder Int @default(0) @map("sort_order")
|
|
createdAt DateTime @default(now()) @map("created_at")
|
|
updatedAt DateTime @updatedAt @map("updated_at")
|
|
|
|
orders Order[]
|
|
|
|
@@index([forSale, sortOrder])
|
|
@@map("subscription_plans")
|
|
}
|
|
|
|
// ── 系统配置 ──
|
|
model SystemConfig {
|
|
key String @id
|
|
value String @db.Text
|
|
group String @default("general")
|
|
label String?
|
|
updatedAt DateTime @updatedAt @map("updated_at")
|
|
|
|
@@index([group])
|
|
@@map("system_configs")
|
|
}
|