From 5b70ec6af7b3a32b62fd05002f8ed977d8ab2582 Mon Sep 17 00:00:00 2001 From: kdletters Date: Fri, 15 May 2026 06:40:40 +0800 Subject: [PATCH 1/2] =?UTF-8?q?feat:=20=E6=8E=A5=E5=85=A5=E5=BE=AE?= =?UTF-8?q?=E4=BF=A1H5=E4=B8=8ENative=E5=85=85=E5=80=BC=E6=94=AF=E4=BB=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .hermes/shared-memory/decision-log.md | 8 + ...OUNT_RECHARGE_IMPLEMENTATION_2026-04-25.md | 54 ++- package-lock.json | 450 +++++++++++++++++- package.json | 2 + packages/shared/src/contracts/runtime.ts | 17 +- .../crates/api-server/src/runtime_profile.rs | 302 +++++++++++- server-rs/crates/api-server/src/wechat_pay.rs | 430 ++++++++++++++++- .../crates/module-runtime/src/commands.rs | 2 +- server-rs/crates/module-runtime/src/domain.rs | 2 + server-rs/crates/module-runtime/src/errors.rs | 2 + server-rs/crates/module-runtime/src/lib.rs | 13 + .../crates/shared-contracts/src/runtime.rs | 70 +++ .../RpgEntryHomeView.recharge.test.tsx | 289 +++++++++-- src/components/rpg-entry/RpgEntryHomeView.tsx | 210 ++++++-- src/services/payment/paymentPlatform.test.ts | 63 +++ src/services/payment/paymentPlatform.ts | 76 +++ src/services/payment/paymentRedirect.ts | 3 + src/services/rpg-entry/rpgProfileClient.ts | 19 +- 18 files changed, 1890 insertions(+), 122 deletions(-) create mode 100644 src/services/payment/paymentPlatform.test.ts create mode 100644 src/services/payment/paymentPlatform.ts create mode 100644 src/services/payment/paymentRedirect.ts diff --git a/.hermes/shared-memory/decision-log.md b/.hermes/shared-memory/decision-log.md index 3d5493df..7b276d70 100644 --- a/.hermes/shared-memory/decision-log.md +++ b/.hermes/shared-memory/decision-log.md @@ -64,6 +64,14 @@ - 验证方式:执行 `npm run typecheck`、`npm run test -- src/components/rpg-entry/RpgEntryHomeView.recharge.test.tsx`、`cargo test -p module-runtime recharge --manifest-path server-rs/Cargo.toml`、`cargo test -p api-server wechat_pay --manifest-path server-rs/Cargo.toml`,后端联调仍用 `npm run api-server` 和 `/healthz`。 - 关联文档:`docs/technical/MY_TAB_ACCOUNT_RECHARGE_IMPLEMENTATION_2026-04-25.md`、`docs/technical/SPACETIMEDB_TABLE_CATALOG.md`。 +## 2026-05-15 微信充值默认真实渠道与 mock 禁用 + +- 背景:账户充值扩展到普通商户直连 H5 与 Native 支付后,旧的“非小程序默认 mock”会把真实用户充值静默导向测试通道。 +- 决策:默认支付渠道只由设备平台隔离层解析为 `wechat_mp` / `wechat_h5` / `wechat_native`:小程序走 `wechat_mp`,移动网页含微信内 H5 走 `wechat_h5`,桌面网页走 `wechat_native` 二维码。`paymentChannel` 缺失或未知直接 `400`;生产/真实支付配置拒绝 `mock`,只有自动测试或显式 mock 测试配置可手动传 `paymentChannel = "mock"`。真实微信渠道必须在 `WECHAT_PAY_ENABLED=true` 且 `WECHAT_PAY_PROVIDER=real` 下单,禁止由 mock provider 返回 H5/Native/小程序 mock 支付载荷。所有微信渠道仍以后端通知与服务端查单入账。 +- 影响范围:`src/services/payment/paymentPlatform.ts`、`RpgEntryHomeView` 充值弹窗、`api-server` 充值订单接口、`WechatPayClient` H5/Native 下单、共享 recharge contracts。 +- 验证方式:执行 `npm run test -- src/services/payment/paymentPlatform.test.ts src/components/rpg-entry/RpgEntryHomeView.recharge.test.tsx`、`cargo test -p module-runtime recharge --manifest-path server-rs/Cargo.toml`、`cargo test -p api-server wechat_pay --manifest-path server-rs/Cargo.toml`、`npm run typecheck`、`npm run check:encoding`。 +- 关联文档:`docs/technical/MY_TAB_ACCOUNT_RECHARGE_IMPLEMENTATION_2026-04-25.md`。 + ## 2026-05-13 修改密码后全设备强制下线 - 背景:修改密码原本只递增 `token_version`,旧 access token 会失效,但旧 refresh cookie 仍可通过 `/api/auth/refresh` 重新签发新 token,不符合“改密后全设备强制下线”的账号安全预期。 diff --git a/docs/technical/MY_TAB_ACCOUNT_RECHARGE_IMPLEMENTATION_2026-04-25.md b/docs/technical/MY_TAB_ACCOUNT_RECHARGE_IMPLEMENTATION_2026-04-25.md index 7d16625d..83ed3fab 100644 --- a/docs/technical/MY_TAB_ACCOUNT_RECHARGE_IMPLEMENTATION_2026-04-25.md +++ b/docs/technical/MY_TAB_ACCOUNT_RECHARGE_IMPLEMENTATION_2026-04-25.md @@ -9,7 +9,7 @@ 1. `泥点充值` 2. `会员卡充值` -前端只负责展示与发起购买,套餐、价格、赠送规则、会员权益、生效时间、钱包余额与交易流水统一由 `server-rs` 后端返回。普通 H5 / 本地联调继续使用 `mock` 渠道:创建订单后立即写入余额或会员状态,并返回最新账户中心快照。微信小程序 web-view 使用 `wechat_mp` 渠道:创建订单时只写入 `pending` 订单并返回小程序 `wx.requestPayment` 参数,真实到账以后端微信支付通知为准。 +前端只负责展示与发起购买,套餐、价格、赠送规则、会员权益、生效时间、钱包余额与交易流水统一由 `server-rs` 后端返回。支付接入固定为普通商户直连模式:小程序 web-view 使用 `wechat_mp`,移动网页使用 `wechat_h5`,桌面网页使用 `wechat_native` 二维码。生产默认永远不走 `mock`;只有自动测试或显式测试配置手动传 `paymentChannel = "mock"` 时才允许 mock 即时入账。所有真实微信渠道的到账事实以后端微信支付通知和服务端查单为准。 ## 2. 产品规则 @@ -56,22 +56,25 @@ ```json { "productId": "points_300", - "paymentChannel": "mock" + "paymentChannel": "wechat_h5" } ``` 行为: 1. 校验 `productId` -2. `paymentChannel = "mock"` 时后端创建已支付订单 -3. `paymentChannel = "wechat_mp"` 时后端创建待支付订单,并调用微信支付 JSAPI 下单生成小程序支付参数;本地 `orderId` 会作为微信 `out_trade_no` 传递,格式固定为 `rcg` 前缀 + 小写字母数字,长度在 6-32 字符内,满足微信支付 JSAPI 下单文档对商户订单号的限制。商品描述限制为 127 字符内,回调地址限制为 HTTPS、255 字符内且不携带 query/fragment。 +2. 缺少 `paymentChannel` 或传入未知渠道时直接返回 `400`,不得再默认解释为 `mock` +3. 生产/真实支付配置拒绝 `paymentChannel = "mock"`;mock 只服务自动测试或显式 mock 测试配置 + - `wechat_mp` / `wechat_h5` / `wechat_native` 必须在 `WECHAT_PAY_ENABLED=true` 且 `WECHAT_PAY_PROVIDER=real` 时才允许下单;`WECHAT_PAY_PROVIDER=mock` 不能为真实微信渠道返回 mock 支付载荷。 +4. `paymentChannel = "wechat_mp"` 时后端创建待支付订单,并调用微信支付 JSAPI 下单生成小程序支付参数;本地 `orderId` 会作为微信 `out_trade_no` 传递,格式固定为 `rcg` 前缀 + 小写字母数字,长度在 6-32 字符内,满足微信支付 JSAPI 下单文档对商户订单号的限制。商品描述限制为 127 字符内,回调地址限制为 HTTPS、255 字符内且不携带 query/fragment。 - JSAPI 下单请求必须显式携带 `Accept: application/json`、`Content-Type: application/json` 和 `User-Agent: Genarrative-WechatPay/1.0`;微信侧会把缺少 `User-Agent` 的请求返回为“Http头缺少Accept或User-Agent”。 -4. mock 泥点套餐立即写入钱包余额与流水,mock 会员套餐立即写入会员状态 -5. wechat_mp 订单不提前发泥点或会员,只返回待支付订单、账户中心快照与 `wechatMiniProgramPayParams` +5. `paymentChannel = "wechat_h5"` 时调用微信支付 H5 下单,返回 `wechatH5Payment.h5Url`,前端跳转到该地址 +6. `paymentChannel = "wechat_native"` 时调用微信支付 Native 下单,返回 `wechatNativePayment.codeUrl`,前端在充值弹窗内把 `codeUrl` 渲染成二维码 +7. 所有微信真实渠道订单不提前发泥点或会员,只返回待支付订单、账户中心快照与对应支付载荷 兼容路径:`POST /api/runtime/profile/recharge/orders` -响应里的 `wechatMiniProgramPayParams` 只在微信小程序支付渠道返回,字段直接对应 `wx.requestPayment`: +响应里的支付字段只在对应微信支付渠道返回。`wechatMiniProgramPayParams` 字段直接对应 `wx.requestPayment`: ```json { @@ -85,11 +88,24 @@ } ``` +H5 与 Native 响应: + +```json +{ + "wechatH5Payment": { + "h5Url": "https://wx.tenpay.com/cgi-bin/mmpayweb-bin/checkmweb?prepay_id=..." + }, + "wechatNativePayment": { + "codeUrl": "weixin://pay.weixin.qq.com/bizpayurl/up?pr=..." + } +} +``` + ### 3.3 `POST /api/profile/recharge/orders/{order_id}/wechat/confirm` -需要 Bearer JWT。该接口用于小程序支付页返回 web-view 后的主动查单确认,不替代微信支付通知: +需要 Bearer JWT。该接口用于微信支付返回页面或 Native 扫码后的主动查单确认,不替代微信支付通知: -1. 后端读取本地 `profile_recharge_order` 并校验订单归属、支付渠道和当前状态。 +1. 后端读取本地 `profile_recharge_order` 并校验订单归属、支付渠道和当前状态;`wechat_mp` / `wechat_h5` / `wechat_native` 都可确认,`mock` 不能走该接口。 2. 若订单已是 `paid`,直接返回订单与账户中心快照。 3. 若订单仍是 `pending`,后端调用微信支付按商户订单号查单接口。 4. 只有微信查单返回 `trade_state = "SUCCESS"` 时,才调用统一入账 procedure 把订单改为 `paid` 并写入钱包流水或会员状态。 @@ -127,7 +143,7 @@ | 变量 | 说明 | | ---------------------------------------------------------------------------- | ----------------------------------------------------------------- | | `WECHAT_PAY_ENABLED` | 是否启用微信支付客户端 | -| `WECHAT_PAY_PROVIDER` | `mock` 或 `real` | +| `WECHAT_PAY_PROVIDER` | `mock` 或 `real`;真实微信渠道只能使用 `real`,`mock` 只允许显式测试渠道 | | `WECHAT_PAY_MCH_ID` | 微信支付商户号 | | `WECHAT_PAY_MERCHANT_SERIAL_NO` | 商户 API 证书序列号,用于请求微信支付签名头 | | `WECHAT_PAY_PRIVATE_KEY_PEM` / `WECHAT_PAY_PRIVATE_KEY_PATH` | 商户 API 私钥 | @@ -142,19 +158,23 @@ 2. 弹窗顶部标题为 `账户充值`,右上角关闭。 3. 默认打开 `泥点充值`,可切换到 `会员卡充值`。 4. 点击套餐后调用下单接口,按钮进入处理中状态;小程序环境走 native 支付页拉起 `wx.requestPayment`,支付页返回后刷新 `profileDashboard`。 + - 支付渠道由 `src/services/payment/paymentPlatform.ts` 统一判断,业务 UI 不内联区分小程序、手机网页和桌面网页。 - 小程序 web-view 内的 H5 只负责加载微信 JS-SDK 并通过 `wx.miniProgram.navigateTo` 跳转到 `/pages/wechat-pay/index`;实际支付必须在小程序 native 页调用 `wx.requestPayment`,不要切换为 H5 支付产品。 - native 支付页通过 `wx_pay_result=:success|cancel|fail` 回填 web-view;H5 在 `hashchange`、`focus`、`pageshow` 和 `visibilitychange` 中都会尝试消费该结果,避免小程序返回 web-view 时没有触发单一事件导致状态不刷新。 - `success` 只表示微信客户端支付流程返回成功,前端随后调用 `POST /api/profile/recharge/orders/{order_id}/wechat/confirm` 由服务端查单确认;只有通知或服务端查单确认为 `SUCCESS` 才入账。 - 小程序返回后,前端会对确认接口做短轮询,覆盖微信通知/查单结果与 web-view 恢复之间的秒级时间差;只有确认响应里的订单状态变成 `paid` 后,才触发父级 `profileDashboard` 刷新,确保“我的”页泥点卡片读取到最新余额。 - `cancel` 和 `fail` 只复位按钮、刷新账户中心并通过全局支付结果模态展示,不调用入账逻辑。 -5. 支付结果使用页面级全局模态展示,不写回商品卡片或账户充值弹窗内部;充值弹窗只负责套餐选择、加载失败和下单失败。 -6. 弹窗内不写大段说明文案,只保留必要金额、泥点、会员权益和操作状态。 -7. 会员卡充值区以套餐卡片优先展示周期、价格和处理状态;移动端单列,桌面端三列,权益表允许横向滚动,避免小屏挤压。 +5. 移动网页含微信内 H5 首版统一走 `wechat_h5`:拿到 `h5Url` 后跳转;若微信内 H5 调起失败,失败态提示用户改用系统浏览器或小程序。 +6. 桌面网页走 `wechat_native`:充值弹窗展示二维码,用户扫码后点击“我已支付”,前端调用 confirm 接口短轮询确认;确认前不刷新父级余额。 +7. 支付结果使用页面级全局模态展示,不写回商品卡片或账户充值弹窗内部;充值弹窗只负责套餐选择、加载失败和下单失败。 +8. 弹窗内不写大段说明文案,只保留必要金额、泥点、会员权益和操作状态。 +9. 会员卡充值区以套餐卡片优先展示周期、价格和处理状态;移动端单列,桌面端三列,权益表允许横向滚动,避免小屏挤压。 ## 5. 验收 1. 普通用户打开弹窗能看到泥点与会员套餐。 -2. 泥点购买后余额增加,流水来源为 `points_recharge`。 -3. 首充赠送只在首次泥点充值时生效。 -4. 会员购买后会员状态与到期时间立即更新。 -5. 移动端弹窗单列可滚动,桌面端接近参考图卡片网格。 +2. 默认平台通道只会解析到 `wechat_mp` / `wechat_h5` / `wechat_native`,不会解析到 `mock`。 +3. 泥点购买后余额增加,流水来源为 `points_recharge`。 +4. 首充赠送只在首次泥点充值时生效。 +5. 会员购买后会员状态与到期时间立即更新。 +6. 移动端弹窗单列可滚动,桌面端接近参考图卡片网格。 diff --git a/package-lock.json b/package-lock.json index aa3187a3..9008c606 100644 --- a/package-lock.json +++ b/package-lock.json @@ -14,6 +14,7 @@ "dotenv": "^17.2.3", "lucide-react": "^0.546.0", "motion": "^12.23.24", + "qrcode": "^1.5.4", "react": "^19.0.0", "react-dom": "^19.0.0", "three": "^0.184.0", @@ -23,6 +24,7 @@ "@testing-library/react": "^16.3.2", "@testing-library/user-event": "^14.6.1", "@types/node": "^22.14.0", + "@types/qrcode": "^1.5.6", "@types/react": "^19.2.14", "@types/react-dom": "^19.2.3", "@types/three": "^0.184.0", @@ -1679,6 +1681,16 @@ "undici-types": "~6.21.0" } }, + "node_modules/@types/qrcode": { + "version": "1.5.6", + "resolved": "https://registry.npmjs.org/@types/qrcode/-/qrcode-1.5.6.tgz", + "integrity": "sha512-te7NQcV2BOvdj2b1hCAHzAoMNuj65kNBMz0KBaxM6c3VGBOhU0dURQKOtH8CFNI/dsKkwlv32p26qYQTWoB5bw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/node": "*" + } + }, "node_modules/@types/react": { "version": "19.2.14", "resolved": "https://registry.npmjs.org/@types/react/-/react-19.2.14.tgz", @@ -2174,7 +2186,6 @@ "version": "5.0.1", "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", - "dev": true, "engines": { "node": ">=8" } @@ -2183,7 +2194,6 @@ "version": "4.3.0", "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", - "dev": true, "dependencies": { "color-convert": "^2.0.1" }, @@ -2373,6 +2383,15 @@ "node": ">=6" } }, + "node_modules/camelcase": { + "version": "5.3.1", + "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz", + "integrity": "sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, "node_modules/caniuse-lite": { "version": "1.0.30001780", "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001780.tgz", @@ -2444,11 +2463,21 @@ "node": "*" } }, + "node_modules/cliui": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/cliui/-/cliui-6.0.0.tgz", + "integrity": "sha512-t6wbgtoCXvAzst7QgXxJYqPt0usEfbgQdftEPbLL/cvv6HPE5VgvqCuAIDR0NgU52ds6rFwqrgakNLrHEjCbrQ==", + "license": "ISC", + "dependencies": { + "string-width": "^4.2.0", + "strip-ansi": "^6.0.0", + "wrap-ansi": "^6.2.0" + } + }, "node_modules/color-convert": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", - "dev": true, "dependencies": { "color-name": "~1.1.4" }, @@ -2459,8 +2488,7 @@ "node_modules/color-name": { "version": "1.1.4", "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", - "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", - "dev": true + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==" }, "node_modules/combined-stream": { "version": "1.0.8", @@ -2553,6 +2581,15 @@ } } }, + "node_modules/decamelize": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz", + "integrity": "sha512-z2S+W9X73hAUUki+N+9Za2lBlun89zigOyGrsax+KUQ6wKW4ZoWpEYBkGhQjwAjjDCkWxhY0VKEhk8wzY7F5cA==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/decimal.js": { "version": "10.6.0", "resolved": "https://registry.npmjs.org/decimal.js/-/decimal.js-10.6.0.tgz", @@ -2614,6 +2651,12 @@ "node": "^14.15.0 || ^16.10.0 || >=18.0.0" } }, + "node_modules/dijkstrajs": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/dijkstrajs/-/dijkstrajs-1.0.3.tgz", + "integrity": "sha512-qiSlmBq9+BCdCA/L46dw8Uy93mloxsPSbwnm5yrKn2vMPiy8KyAskTF6zuV/j5BMsmOGZDPs7KjU+mjb670kfA==", + "license": "MIT" + }, "node_modules/dir-glob": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz", @@ -2688,6 +2731,12 @@ "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.321.tgz", "integrity": "sha512-L2C7Q279W2D/J4PLZLk7sebOILDSWos7bMsMNN06rK482umHUrh/3lM8G7IlHFOYip2oAg5nha1rCMxr/rs6ZQ==" }, + "node_modules/emoji-regex": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", + "license": "MIT" + }, "node_modules/enhanced-resolve": { "version": "5.20.1", "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.20.1.tgz", @@ -3262,6 +3311,15 @@ "node": ">=6.9.0" } }, + "node_modules/get-caller-file": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", + "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==", + "license": "ISC", + "engines": { + "node": "6.* || 8.* || >= 10.*" + } + }, "node_modules/get-func-name": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.2.tgz", @@ -3558,6 +3616,15 @@ "node": ">=0.10.0" } }, + "node_modules/is-fullwidth-code-point": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, "node_modules/is-glob": { "version": "4.0.3", "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", @@ -4276,6 +4343,15 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/p-try": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", + "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, "node_modules/parent-module": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz", @@ -4304,7 +4380,6 @@ "version": "4.0.0", "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==", - "dev": true, "engines": { "node": ">=8" } @@ -4384,6 +4459,15 @@ "integrity": "sha512-WUjGcAqP1gQacoQe+OBJsFA7Ld4DyXuUIjZ5cc75cLHvJ7dtNsTugphxIADwspS+AraAUePCKrSVtPLFj/F88w==", "dev": true }, + "node_modules/pngjs": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/pngjs/-/pngjs-5.0.0.tgz", + "integrity": "sha512-40QW5YalBNfQo5yRYmiw7Yz6TKKVr3h6970B2YE+3fQpsWcrbj1PzJgxeJ19DRQjhMbKPIuMY8rFaXc8moolVw==", + "license": "MIT", + "engines": { + "node": ">=10.13.0" + } + }, "node_modules/postcss": { "version": "8.5.8", "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.8.tgz", @@ -4488,6 +4572,23 @@ "node": ">=6" } }, + "node_modules/qrcode": { + "version": "1.5.4", + "resolved": "https://registry.npmjs.org/qrcode/-/qrcode-1.5.4.tgz", + "integrity": "sha512-1ca71Zgiu6ORjHqFBDpnSMTR2ReToX4l1Au1VFLyVeBTFavzQnv5JxMFr3ukHVKpSrSA2MCk0lNJSykjUfz7Zg==", + "license": "MIT", + "dependencies": { + "dijkstrajs": "^1.0.1", + "pngjs": "^5.0.0", + "yargs": "^15.3.1" + }, + "bin": { + "qrcode": "bin/qrcode" + }, + "engines": { + "node": ">=10.13.0" + } + }, "node_modules/querystringify": { "version": "2.2.0", "resolved": "https://registry.npmjs.org/querystringify/-/querystringify-2.2.0.tgz", @@ -4547,6 +4648,21 @@ "node": ">=0.10.0" } }, + "node_modules/require-directory": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", + "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/require-main-filename": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/require-main-filename/-/require-main-filename-2.0.0.tgz", + "integrity": "sha512-NKN5kMDylKuldxYLSUfrbo5Tuzh4hd+2E8NPPX02mZtn1VuREQToYe/ZdlJy+J3uCpfaiGF05e7B8W0iXbQHmg==", + "license": "ISC" + }, "node_modules/requires-port": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz", @@ -4700,6 +4816,12 @@ "semver": "bin/semver.js" } }, + "node_modules/set-blocking": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz", + "integrity": "sha512-KiKBS8AnWGEyLzofFfmvKwpdPzqiy16LvQfK3yv/fVH7Bj13/wl3JSR1J+rfgRE9q7xUJK4qvgS8raSOeLUehw==", + "license": "ISC" + }, "node_modules/shebang-command": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", @@ -4756,11 +4878,24 @@ "integrity": "sha512-5GS12FdOZNliM5mAOxFRg7Ir0pWz8MdpYm6AY6VPkGpbA7ZzmbzNcBJQ0GPvvyWgcY7QAhCgf9Uy89I03faLkg==", "dev": true }, + "node_modules/string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "license": "MIT", + "dependencies": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + }, + "engines": { + "node": ">=8" + } + }, "node_modules/strip-ansi": { "version": "6.0.1", "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", - "dev": true, "dependencies": { "ansi-regex": "^5.0.1" }, @@ -6674,6 +6809,12 @@ "node": ">= 8" } }, + "node_modules/which-module": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/which-module/-/which-module-2.0.1.tgz", + "integrity": "sha512-iBdZ57RDvnOR9AGBhML2vFZf7h8vmBjhoaZqODJBFWHVtKkDmKuHai3cx5PgVMrX5YDNp27AofYbAwctSS+vhQ==", + "license": "ISC" + }, "node_modules/why-is-node-running": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/why-is-node-running/-/why-is-node-running-2.3.0.tgz", @@ -6699,6 +6840,20 @@ "node": ">=0.10.0" } }, + "node_modules/wrap-ansi": { + "version": "6.2.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz", + "integrity": "sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==", + "license": "MIT", + "dependencies": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + }, + "engines": { + "node": ">=8" + } + }, "node_modules/wrappy": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", @@ -6741,11 +6896,104 @@ "integrity": "sha512-JZnDKK8B0RCDw84FNdDAIpZK+JuJw+s7Lz8nksI7SIuU3UXJJslUthsi+uWBUYOwPFwW7W7PRLRfUKpxjtjFCw==", "dev": true }, + "node_modules/y18n": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.3.tgz", + "integrity": "sha512-JKhqTOwSrqNA1NY5lSztJ1GrBiUodLMmIZuLiDaMRJ+itFd+ABVE8XBjOvIWL+rSqNDC74LCSFmlb/U4UZ4hJQ==", + "license": "ISC" + }, "node_modules/yallist": { "version": "3.1.1", "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz", "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==" }, + "node_modules/yargs": { + "version": "15.4.1", + "resolved": "https://registry.npmjs.org/yargs/-/yargs-15.4.1.tgz", + "integrity": "sha512-aePbxDmcYW++PaqBsJ+HYUFwCdv4LVvdnhBy78E57PIor8/OVvhMrADFFEDh8DHDFRv/O9i3lPhsENjO7QX0+A==", + "license": "MIT", + "dependencies": { + "cliui": "^6.0.0", + "decamelize": "^1.2.0", + "find-up": "^4.1.0", + "get-caller-file": "^2.0.1", + "require-directory": "^2.1.1", + "require-main-filename": "^2.0.0", + "set-blocking": "^2.0.0", + "string-width": "^4.2.0", + "which-module": "^2.0.0", + "y18n": "^4.0.0", + "yargs-parser": "^18.1.2" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/yargs-parser": { + "version": "18.1.3", + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-18.1.3.tgz", + "integrity": "sha512-o50j0JeToy/4K6OZcaQmW6lyXXKhq7csREXcDwk2omFPJEwUNOVtJKvmDr9EI1fAJZUyZcRF7kxGBWmRXudrCQ==", + "license": "ISC", + "dependencies": { + "camelcase": "^5.0.0", + "decamelize": "^1.2.0" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/yargs/node_modules/find-up": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", + "license": "MIT", + "dependencies": { + "locate-path": "^5.0.0", + "path-exists": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/yargs/node_modules/locate-path": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", + "license": "MIT", + "dependencies": { + "p-locate": "^4.1.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/yargs/node_modules/p-limit": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", + "license": "MIT", + "dependencies": { + "p-try": "^2.0.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/yargs/node_modules/p-locate": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", + "license": "MIT", + "dependencies": { + "p-limit": "^2.2.0" + }, + "engines": { + "node": ">=8" + } + }, "node_modules/yocto-queue": { "version": "0.1.0", "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", @@ -7716,6 +7964,15 @@ "undici-types": "~6.21.0" } }, + "@types/qrcode": { + "version": "1.5.6", + "resolved": "https://registry.npmjs.org/@types/qrcode/-/qrcode-1.5.6.tgz", + "integrity": "sha512-te7NQcV2BOvdj2b1hCAHzAoMNuj65kNBMz0KBaxM6c3VGBOhU0dURQKOtH8CFNI/dsKkwlv32p26qYQTWoB5bw==", + "dev": true, + "requires": { + "@types/node": "*" + } + }, "@types/react": { "version": "19.2.14", "resolved": "https://registry.npmjs.org/@types/react/-/react-19.2.14.tgz", @@ -8048,14 +8305,12 @@ "ansi-regex": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", - "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", - "dev": true + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==" }, "ansi-styles": { "version": "4.3.0", "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", - "dev": true, "requires": { "color-convert": "^2.0.1" } @@ -8171,6 +8426,11 @@ "integrity": "sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==", "dev": true }, + "camelcase": { + "version": "5.3.1", + "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz", + "integrity": "sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==" + }, "caniuse-lite": { "version": "1.0.30001780", "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001780.tgz", @@ -8215,11 +8475,20 @@ "get-func-name": "^2.0.2" } }, + "cliui": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/cliui/-/cliui-6.0.0.tgz", + "integrity": "sha512-t6wbgtoCXvAzst7QgXxJYqPt0usEfbgQdftEPbLL/cvv6HPE5VgvqCuAIDR0NgU52ds6rFwqrgakNLrHEjCbrQ==", + "requires": { + "string-width": "^4.2.0", + "strip-ansi": "^6.0.0", + "wrap-ansi": "^6.2.0" + } + }, "color-convert": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", - "dev": true, "requires": { "color-name": "~1.1.4" } @@ -8227,8 +8496,7 @@ "color-name": { "version": "1.1.4", "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", - "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", - "dev": true + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==" }, "combined-stream": { "version": "1.0.8", @@ -8301,6 +8569,11 @@ "ms": "^2.1.3" } }, + "decamelize": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz", + "integrity": "sha512-z2S+W9X73hAUUki+N+9Za2lBlun89zigOyGrsax+KUQ6wKW4ZoWpEYBkGhQjwAjjDCkWxhY0VKEhk8wzY7F5cA==" + }, "decimal.js": { "version": "10.6.0", "resolved": "https://registry.npmjs.org/decimal.js/-/decimal.js-10.6.0.tgz", @@ -8346,6 +8619,11 @@ "integrity": "sha512-EjePK1srD3P08o2j4f0ExnylqRs5B9tJjcp9t1krH2qRi8CCdsYfwe9JgSLurFBWwq4uOlipzfk5fHNvwFKr8Q==", "dev": true }, + "dijkstrajs": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/dijkstrajs/-/dijkstrajs-1.0.3.tgz", + "integrity": "sha512-qiSlmBq9+BCdCA/L46dw8Uy93mloxsPSbwnm5yrKn2vMPiy8KyAskTF6zuV/j5BMsmOGZDPs7KjU+mjb670kfA==" + }, "dir-glob": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz", @@ -8401,6 +8679,11 @@ "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.321.tgz", "integrity": "sha512-L2C7Q279W2D/J4PLZLk7sebOILDSWos7bMsMNN06rK482umHUrh/3lM8G7IlHFOYip2oAg5nha1rCMxr/rs6ZQ==" }, + "emoji-regex": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==" + }, "enhanced-resolve": { "version": "5.20.1", "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.20.1.tgz", @@ -8800,6 +9083,11 @@ "resolved": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz", "integrity": "sha512-3hN7NaskYvMDLQY55gnW3NQ+mesEAepTqlg+VEbj7zzqEMBVNhzcGYYeqFo/TlYz6eQiFcp1HcsCZO+nGgS8zg==" }, + "get-caller-file": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", + "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==" + }, "get-func-name": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.2.tgz", @@ -9010,6 +9298,11 @@ "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==", "dev": true }, + "is-fullwidth-code-point": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==" + }, "is-glob": { "version": "4.0.3", "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", @@ -9454,6 +9747,11 @@ "p-limit": "^3.0.2" } }, + "p-try": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", + "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==" + }, "parent-module": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz", @@ -9475,8 +9773,7 @@ "path-exists": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", - "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==", - "dev": true + "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==" }, "path-is-absolute": { "version": "1.0.1", @@ -9537,6 +9834,11 @@ } } }, + "pngjs": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/pngjs/-/pngjs-5.0.0.tgz", + "integrity": "sha512-40QW5YalBNfQo5yRYmiw7Yz6TKKVr3h6970B2YE+3fQpsWcrbj1PzJgxeJ19DRQjhMbKPIuMY8rFaXc8moolVw==" + }, "postcss": { "version": "8.5.8", "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.8.tgz", @@ -9599,6 +9901,16 @@ "integrity": "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==", "dev": true }, + "qrcode": { + "version": "1.5.4", + "resolved": "https://registry.npmjs.org/qrcode/-/qrcode-1.5.4.tgz", + "integrity": "sha512-1ca71Zgiu6ORjHqFBDpnSMTR2ReToX4l1Au1VFLyVeBTFavzQnv5JxMFr3ukHVKpSrSA2MCk0lNJSykjUfz7Zg==", + "requires": { + "dijkstrajs": "^1.0.1", + "pngjs": "^5.0.0", + "yargs": "^15.3.1" + } + }, "querystringify": { "version": "2.2.0", "resolved": "https://registry.npmjs.org/querystringify/-/querystringify-2.2.0.tgz", @@ -9635,6 +9947,16 @@ "resolved": "https://registry.npmjs.org/react-refresh/-/react-refresh-0.18.0.tgz", "integrity": "sha512-QgT5//D3jfjJb6Gsjxv0Slpj23ip+HtOpnNgnb2S5zU3CB26G/IDPGoy4RJB42wzFE46DRsstbW6tKHoKbhAxw==" }, + "require-directory": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", + "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==" + }, + "require-main-filename": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/require-main-filename/-/require-main-filename-2.0.0.tgz", + "integrity": "sha512-NKN5kMDylKuldxYLSUfrbo5Tuzh4hd+2E8NPPX02mZtn1VuREQToYe/ZdlJy+J3uCpfaiGF05e7B8W0iXbQHmg==" + }, "requires-port": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz", @@ -9742,6 +10064,11 @@ "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==" }, + "set-blocking": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz", + "integrity": "sha512-KiKBS8AnWGEyLzofFfmvKwpdPzqiy16LvQfK3yv/fVH7Bj13/wl3JSR1J+rfgRE9q7xUJK4qvgS8raSOeLUehw==" + }, "shebang-command": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", @@ -9786,11 +10113,20 @@ "integrity": "sha512-5GS12FdOZNliM5mAOxFRg7Ir0pWz8MdpYm6AY6VPkGpbA7ZzmbzNcBJQ0GPvvyWgcY7QAhCgf9Uy89I03faLkg==", "dev": true }, + "string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "requires": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + } + }, "strip-ansi": { "version": "6.0.1", "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", - "dev": true, "requires": { "ansi-regex": "^5.0.1" } @@ -10724,6 +11060,11 @@ "isexe": "^2.0.0" } }, + "which-module": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/which-module/-/which-module-2.0.1.tgz", + "integrity": "sha512-iBdZ57RDvnOR9AGBhML2vFZf7h8vmBjhoaZqODJBFWHVtKkDmKuHai3cx5PgVMrX5YDNp27AofYbAwctSS+vhQ==" + }, "why-is-node-running": { "version": "2.3.0", "resolved": "https://registry.npmjs.org/why-is-node-running/-/why-is-node-running-2.3.0.tgz", @@ -10740,6 +11081,16 @@ "integrity": "sha512-BN22B5eaMMI9UMtjrGd5g5eCYPpCPDUy0FJXbYsaT5zYxjFOckS53SQDE3pWkVoWpHXVb3BrYcEN4Twa55B5cA==", "dev": true }, + "wrap-ansi": { + "version": "6.2.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz", + "integrity": "sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==", + "requires": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + } + }, "wrappy": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", @@ -10765,11 +11116,78 @@ "integrity": "sha512-JZnDKK8B0RCDw84FNdDAIpZK+JuJw+s7Lz8nksI7SIuU3UXJJslUthsi+uWBUYOwPFwW7W7PRLRfUKpxjtjFCw==", "dev": true }, + "y18n": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.3.tgz", + "integrity": "sha512-JKhqTOwSrqNA1NY5lSztJ1GrBiUodLMmIZuLiDaMRJ+itFd+ABVE8XBjOvIWL+rSqNDC74LCSFmlb/U4UZ4hJQ==" + }, "yallist": { "version": "3.1.1", "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz", "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==" }, + "yargs": { + "version": "15.4.1", + "resolved": "https://registry.npmjs.org/yargs/-/yargs-15.4.1.tgz", + "integrity": "sha512-aePbxDmcYW++PaqBsJ+HYUFwCdv4LVvdnhBy78E57PIor8/OVvhMrADFFEDh8DHDFRv/O9i3lPhsENjO7QX0+A==", + "requires": { + "cliui": "^6.0.0", + "decamelize": "^1.2.0", + "find-up": "^4.1.0", + "get-caller-file": "^2.0.1", + "require-directory": "^2.1.1", + "require-main-filename": "^2.0.0", + "set-blocking": "^2.0.0", + "string-width": "^4.2.0", + "which-module": "^2.0.0", + "y18n": "^4.0.0", + "yargs-parser": "^18.1.2" + }, + "dependencies": { + "find-up": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", + "requires": { + "locate-path": "^5.0.0", + "path-exists": "^4.0.0" + } + }, + "locate-path": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", + "requires": { + "p-locate": "^4.1.0" + } + }, + "p-limit": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", + "requires": { + "p-try": "^2.0.0" + } + }, + "p-locate": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", + "requires": { + "p-limit": "^2.2.0" + } + } + } + }, + "yargs-parser": { + "version": "18.1.3", + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-18.1.3.tgz", + "integrity": "sha512-o50j0JeToy/4K6OZcaQmW6lyXXKhq7csREXcDwk2omFPJEwUNOVtJKvmDr9EI1fAJZUyZcRF7kxGBWmRXudrCQ==", + "requires": { + "camelcase": "^5.0.0", + "decamelize": "^1.2.0" + } + }, "yocto-queue": { "version": "0.1.0", "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", diff --git a/package.json b/package.json index 0f77d5f0..336544a3 100644 --- a/package.json +++ b/package.json @@ -54,6 +54,7 @@ "dotenv": "^17.2.3", "lucide-react": "^0.546.0", "motion": "^12.23.24", + "qrcode": "^1.5.4", "react": "^19.0.0", "react-dom": "^19.0.0", "three": "^0.184.0", @@ -63,6 +64,7 @@ "@testing-library/react": "^16.3.2", "@testing-library/user-event": "^14.6.1", "@types/node": "^22.14.0", + "@types/qrcode": "^1.5.6", "@types/react": "^19.2.14", "@types/react-dom": "^19.2.3", "@types/three": "^0.184.0", diff --git a/packages/shared/src/contracts/runtime.ts b/packages/shared/src/contracts/runtime.ts index 97a82ada..784728f0 100644 --- a/packages/shared/src/contracts/runtime.ts +++ b/packages/shared/src/contracts/runtime.ts @@ -147,6 +147,14 @@ export type WechatMiniProgramPayParams = { paySign: string; }; +export type WechatH5Payment = { + h5Url: string; +}; + +export type WechatNativePayment = { + codeUrl: string; +}; + export type CreateProfileRechargeOrderRequest = { productId: string; paymentChannel?: string; @@ -156,6 +164,8 @@ export type CreateProfileRechargeOrderResponse = { order: ProfileRechargeOrder; center: ProfileRechargeCenterResponse; wechatMiniProgramPayParams?: WechatMiniProgramPayParams | null; + wechatH5Payment?: WechatH5Payment | null; + wechatNativePayment?: WechatNativePayment | null; }; export type ConfirmWechatProfileRechargeOrderResponse = { @@ -242,7 +252,12 @@ export type RedeemProfileRewardCodeResponse = { export type ProfileTaskCycle = 'daily'; export type TrackingScopeKind = 'site' | 'work' | 'module' | 'user'; -export type AnalyticsGranularity = 'day' | 'week' | 'month' | 'quarter' | 'year'; +export type AnalyticsGranularity = + | 'day' + | 'week' + | 'month' + | 'quarter' + | 'year'; export type ProfileTaskStatus = | 'incomplete' | 'claimable' diff --git a/server-rs/crates/api-server/src/runtime_profile.rs b/server-rs/crates/api-server/src/runtime_profile.rs index 987a8cf1..a0ed8af8 100644 --- a/server-rs/crates/api-server/src/runtime_profile.rs +++ b/server-rs/crates/api-server/src/runtime_profile.rs @@ -1,12 +1,14 @@ use axum::{ Json, extract::{Extension, Path, Query, State}, - http::StatusCode, + http::{HeaderMap, StatusCode}, response::Response, }; use module_runtime::{ AnalyticsGranularity, PROFILE_RECHARGE_PAYMENT_CHANNEL_MOCK, - PROFILE_RECHARGE_PAYMENT_CHANNEL_WECHAT_MINI_PROGRAM, RuntimeProfileFeedbackEvidenceRecord, + PROFILE_RECHARGE_PAYMENT_CHANNEL_WECHAT_H5, + PROFILE_RECHARGE_PAYMENT_CHANNEL_WECHAT_MINI_PROGRAM, + PROFILE_RECHARGE_PAYMENT_CHANNEL_WECHAT_NATIVE, RuntimeProfileFeedbackEvidenceRecord, RuntimeProfileFeedbackEvidenceSnapshot, RuntimeProfileFeedbackSubmissionRecord, RuntimeProfileInviteCodeRecord, RuntimeProfileMembershipBenefitRecord, RuntimeProfileRechargeCenterRecord, RuntimeProfileRechargeOrderRecord, @@ -64,8 +66,8 @@ use crate::{ request_context::RequestContext, state::AppState, wechat_pay::{ - WechatPayNotifyOrder, build_wechat_payment_request, current_unix_micros, - map_wechat_pay_error, + WechatPayNotifyOrder, build_wechat_payment_request, build_wechat_web_payment_request, + current_unix_micros, map_wechat_pay_error, }, }; @@ -189,13 +191,14 @@ pub async fn create_profile_recharge_order( State(state): State, Extension(request_context): Extension, Extension(authenticated): Extension, + headers: HeaderMap, Json(payload): Json, ) -> Result, Response> { let user_id = authenticated.claims().user_id().to_string(); - let payment_channel = payload - .payment_channel - .unwrap_or_else(|| PROFILE_RECHARGE_PAYMENT_CHANNEL_MOCK.to_string()); - let payment_channel = payment_channel.trim().to_string(); + let payment_channel = normalize_recharge_payment_channel(payload.payment_channel) + .map_err(|error| runtime_profile_error_response(&request_context, error))?; + validate_recharge_payment_channel(&state, &payment_channel) + .map_err(|error| runtime_profile_error_response(&request_context, error))?; let created_at_micros = current_unix_micros(); let (center, order) = state .spacetime_client() @@ -236,6 +239,43 @@ pub async fn create_profile_recharge_order( } else { None }; + let wechat_h5_payment = if payment_channel == PROFILE_RECHARGE_PAYMENT_CHANNEL_WECHAT_H5 { + Some( + state + .wechat_pay_client() + .create_h5_order(build_wechat_web_payment_request( + order.order_id.clone(), + order.product_title.clone(), + order.amount_cents, + resolve_wechat_pay_client_ip(&headers), + )) + .await + .map_err(|error| { + runtime_profile_error_response(&request_context, map_wechat_pay_error(error)) + })?, + ) + } else { + None + }; + let wechat_native_payment = if payment_channel == PROFILE_RECHARGE_PAYMENT_CHANNEL_WECHAT_NATIVE + { + Some( + state + .wechat_pay_client() + .create_native_order(build_wechat_web_payment_request( + order.order_id.clone(), + order.product_title.clone(), + order.amount_cents, + resolve_wechat_pay_client_ip(&headers), + )) + .await + .map_err(|error| { + runtime_profile_error_response(&request_context, map_wechat_pay_error(error)) + })?, + ) + } else { + None + }; Ok(json_success_body( Some(&request_context), @@ -243,6 +283,8 @@ pub async fn create_profile_recharge_order( order: build_profile_recharge_order_response(order), center: build_profile_recharge_center_response(center), wechat_mini_program_pay_params, + wechat_h5_payment, + wechat_native_payment, }, )) } @@ -271,11 +313,11 @@ pub async fn confirm_wechat_profile_recharge_order( AppError::from_status(StatusCode::NOT_FOUND).with_message("充值订单不存在"), )); } - if order.payment_channel != PROFILE_RECHARGE_PAYMENT_CHANNEL_WECHAT_MINI_PROGRAM { + if !is_wechat_recharge_payment_channel(&order.payment_channel) { return Err(runtime_profile_error_response( &request_context, AppError::from_status(StatusCode::BAD_REQUEST) - .with_message("该充值订单不是微信小程序支付订单"), + .with_message("该充值订单不是微信支付订单"), )); } if order.status == RuntimeProfileRechargeOrderStatus::Paid { @@ -885,6 +927,93 @@ fn runtime_profile_error_response(request_context: &RequestContext, error: AppEr error.into_response_with_context(Some(request_context)) } +fn normalize_recharge_payment_channel(raw: Option) -> Result { + raw.map(|value| value.trim().to_string()) + .filter(|value| !value.is_empty()) + .ok_or_else(|| { + AppError::from_status(StatusCode::BAD_REQUEST).with_message("充值支付渠道不能为空") + }) +} + +fn validate_recharge_payment_channel( + state: &AppState, + payment_channel: &str, +) -> Result<(), AppError> { + if payment_channel == PROFILE_RECHARGE_PAYMENT_CHANNEL_MOCK { + if is_recharge_mock_channel_allowed(state) { + return Ok(()); + } + + return Err(AppError::from_status(StatusCode::BAD_REQUEST) + .with_message("生产充值不允许使用 mock 支付渠道")); + } + + if is_wechat_recharge_payment_channel(payment_channel) { + validate_real_wechat_recharge_payment_provider(state)?; + return Ok(()); + } + + Err(AppError::from_status(StatusCode::BAD_REQUEST).with_message("充值支付渠道无效")) +} + +fn validate_real_wechat_recharge_payment_provider(state: &AppState) -> Result<(), AppError> { + if !state.config.wechat_pay_enabled { + return Err(AppError::from_status(StatusCode::SERVICE_UNAVAILABLE) + .with_message("微信支付真实渠道暂未启用")); + } + + if state + .config + .wechat_pay_provider + .trim() + .eq_ignore_ascii_case("real") + { + return Ok(()); + } + + Err(AppError::from_status(StatusCode::SERVICE_UNAVAILABLE) + .with_message("真实微信支付渠道不能使用 mock 支付配置")) +} + +fn is_recharge_mock_channel_allowed(state: &AppState) -> bool { + if cfg!(test) { + return state + .config + .wechat_pay_provider + .trim() + .eq_ignore_ascii_case(PROFILE_RECHARGE_PAYMENT_CHANNEL_MOCK); + } + + false +} + +fn is_wechat_recharge_payment_channel(payment_channel: &str) -> bool { + matches!( + payment_channel, + PROFILE_RECHARGE_PAYMENT_CHANNEL_WECHAT_MINI_PROGRAM + | PROFILE_RECHARGE_PAYMENT_CHANNEL_WECHAT_H5 + | PROFILE_RECHARGE_PAYMENT_CHANNEL_WECHAT_NATIVE + ) +} + +fn resolve_wechat_pay_client_ip(headers: &HeaderMap) -> String { + headers + .get("x-forwarded-for") + .and_then(|value| value.to_str().ok()) + .and_then(|value| value.split(',').next()) + .map(str::trim) + .filter(|value| !value.is_empty()) + .or_else(|| { + headers + .get("x-real-ip") + .and_then(|value| value.to_str().ok()) + .map(str::trim) + .filter(|value| !value.is_empty()) + }) + .unwrap_or("127.0.0.1") + .to_string() +} + async fn resolve_wechat_identity_for_payment( state: &AppState, user_id: &str, @@ -1503,6 +1632,153 @@ mod tests { assert_eq!(response.status(), StatusCode::UNAUTHORIZED); } + #[tokio::test] + async fn profile_recharge_order_rejects_missing_payment_channel_before_spacetime() { + let state = seed_authenticated_state().await; + let token = issue_access_token(&state); + let app = build_router(state); + + let response = app + .oneshot( + Request::builder() + .method("POST") + .uri("/api/profile/recharge/orders") + .header("authorization", format!("Bearer {token}")) + .header("content-type", "application/json") + .body(Body::from(r#"{"productId":"points_60"}"#)) + .expect("request should build"), + ) + .await + .expect("request should succeed"); + + assert_eq!(response.status(), StatusCode::BAD_REQUEST); + let body = response + .into_body() + .collect() + .await + .expect("body should collect") + .to_bytes(); + let payload: Value = + serde_json::from_slice(&body).expect("response body should be valid json"); + assert_eq!(payload["error"]["message"], "充值支付渠道不能为空"); + } + + #[tokio::test] + async fn profile_recharge_order_rejects_unknown_payment_channel_before_spacetime() { + let state = seed_authenticated_state().await; + let token = issue_access_token(&state); + let app = build_router(state); + + let response = app + .oneshot( + Request::builder() + .method("POST") + .uri("/api/profile/recharge/orders") + .header("authorization", format!("Bearer {token}")) + .header("content-type", "application/json") + .body(Body::from( + r#"{"productId":"points_60","paymentChannel":"card"}"#, + )) + .expect("request should build"), + ) + .await + .expect("request should succeed"); + + assert_eq!(response.status(), StatusCode::BAD_REQUEST); + let body = response + .into_body() + .collect() + .await + .expect("body should collect") + .to_bytes(); + let payload: Value = + serde_json::from_slice(&body).expect("response body should be valid json"); + assert_eq!(payload["error"]["message"], "充值支付渠道无效"); + } + + #[tokio::test] + async fn profile_recharge_order_rejects_mock_when_pay_provider_is_real() { + let state = seed_authenticated_state_with_config(AppConfig { + wechat_pay_provider: "real".to_string(), + spacetime_procedure_timeout: Duration::from_secs(1), + ..AppConfig::default() + }) + .await; + let token = issue_access_token(&state); + let app = build_router(state); + + let response = app + .oneshot( + Request::builder() + .method("POST") + .uri("/api/profile/recharge/orders") + .header("authorization", format!("Bearer {token}")) + .header("content-type", "application/json") + .body(Body::from( + r#"{"productId":"points_60","paymentChannel":"mock"}"#, + )) + .expect("request should build"), + ) + .await + .expect("request should succeed"); + + assert_eq!(response.status(), StatusCode::BAD_REQUEST); + let body = response + .into_body() + .collect() + .await + .expect("body should collect") + .to_bytes(); + let payload: Value = + serde_json::from_slice(&body).expect("response body should be valid json"); + assert_eq!( + payload["error"]["message"], + "生产充值不允许使用 mock 支付渠道" + ); + } + + #[tokio::test] + async fn profile_recharge_order_rejects_real_wechat_channel_when_pay_provider_is_mock() { + let state = seed_authenticated_state_with_config(AppConfig { + wechat_pay_enabled: true, + wechat_pay_provider: "mock".to_string(), + spacetime_procedure_timeout: Duration::from_secs(1), + ..AppConfig::default() + }) + .await; + let token = issue_access_token(&state); + let app = build_router(state); + + let response = app + .oneshot( + Request::builder() + .method("POST") + .uri("/api/profile/recharge/orders") + .header("authorization", format!("Bearer {token}")) + .header("content-type", "application/json") + .body(Body::from( + r#"{"productId":"points_60","paymentChannel":"wechat_h5"}"#, + )) + .expect("request should build"), + ) + .await + .expect("request should succeed"); + + assert_eq!(response.status(), StatusCode::SERVICE_UNAVAILABLE); + let body = response + .into_body() + .collect() + .await + .expect("body should collect") + .to_bytes(); + let payload: Value = + serde_json::from_slice(&body).expect("response body should be valid json"); + assert_eq!( + payload["error"]["message"], + "真实微信支付渠道不能使用 mock 支付配置" + ); + } + #[tokio::test] async fn profile_feedback_requires_authentication() { let app = build_router(AppState::new(AppConfig::default()).expect("state should build")); @@ -1720,7 +1996,11 @@ mod tests { } async fn seed_authenticated_state() -> AppState { - let state = AppState::new(fast_spacetime_timeout_config()).expect("state should build"); + seed_authenticated_state_with_config(fast_spacetime_timeout_config()).await + } + + async fn seed_authenticated_state_with_config(config: AppConfig) -> AppState { + let state = AppState::new(config).expect("state should build"); state .seed_test_phone_user_with_password("13800138104", "secret123") .await diff --git a/server-rs/crates/api-server/src/wechat_pay.rs b/server-rs/crates/api-server/src/wechat_pay.rs index 63b15b8d..c3b38abd 100644 --- a/server-rs/crates/api-server/src/wechat_pay.rs +++ b/server-rs/crates/api-server/src/wechat_pay.rs @@ -14,7 +14,9 @@ use ring::{ use serde::{Deserialize, Serialize}; use serde_json::{Value, json}; use sha2::{Digest, Sha256}; -use shared_contracts::runtime::WechatMiniProgramPayParamsResponse; +use shared_contracts::runtime::{ + WechatH5PaymentResponse, WechatMiniProgramPayParamsResponse, WechatNativePaymentResponse, +}; use shared_kernel::offset_datetime_to_unix_micros; use time::OffsetDateTime; use tracing::{info, warn}; @@ -37,6 +39,10 @@ const WECHAT_PAY_DESCRIPTION_MAX_CHARS: usize = 127; const WECHAT_PAY_OUT_TRADE_NO_MAX_CHARS: usize = 32; const WECHAT_PAY_NOTIFY_URL_MAX_CHARS: usize = 255; const WECHAT_PAY_OPENID_MAX_CHARS: usize = 128; +const WECHAT_PAY_CLIENT_IP_MAX_CHARS: usize = 45; +const WECHAT_PAY_JSAPI_PATH: &str = "/v3/pay/transactions/jsapi"; +const WECHAT_PAY_H5_PATH: &str = "/v3/pay/transactions/h5"; +const WECHAT_PAY_NATIVE_PATH: &str = "/v3/pay/transactions/native"; #[derive(Clone, Debug)] pub enum WechatPayClient { @@ -57,6 +63,8 @@ pub struct RealWechatPayClient { api_v3_key: String, notify_url: String, jsapi_endpoint: String, + h5_endpoint: String, + native_endpoint: String, query_order_endpoint_base: String, } @@ -68,6 +76,14 @@ pub struct WechatMiniProgramOrderRequest { pub payer_openid: String, } +#[derive(Clone, Debug)] +pub struct WechatWebOrderRequest { + pub order_id: String, + pub description: String, + pub amount_cents: u64, + pub payer_client_ip: String, +} + #[derive(Clone, Debug)] pub struct WechatPayNotifyOrder { pub out_trade_no: String, @@ -110,6 +126,45 @@ struct WechatJsapiPayer<'a> { openid: &'a str, } +#[derive(Serialize)] +struct WechatH5OrderRequest<'a> { + appid: &'a str, + mchid: &'a str, + description: &'a str, + out_trade_no: &'a str, + notify_url: &'a str, + amount: WechatJsapiAmount, + scene_info: WechatH5SceneInfo<'a>, +} + +#[derive(Serialize)] +struct WechatH5SceneInfo<'a> { + payer_client_ip: &'a str, + h5_info: WechatH5Info, +} + +#[derive(Serialize)] +struct WechatH5Info { + #[serde(rename = "type")] + kind: &'static str, +} + +#[derive(Serialize)] +struct WechatNativeOrderRequest<'a> { + appid: &'a str, + mchid: &'a str, + description: &'a str, + out_trade_no: &'a str, + notify_url: &'a str, + amount: WechatJsapiAmount, + scene_info: WechatNativeSceneInfo<'a>, +} + +#[derive(Serialize)] +struct WechatNativeSceneInfo<'a> { + payer_client_ip: &'a str, +} + #[derive(Deserialize)] struct WechatJsapiOrderResponse { prepay_id: Option, @@ -117,6 +172,20 @@ struct WechatJsapiOrderResponse { message: Option, } +#[derive(Deserialize)] +struct WechatH5OrderResponse { + h5_url: Option, + code: Option, + message: Option, +} + +#[derive(Deserialize)] +struct WechatNativeOrderResponse { + code_url: Option, + code: Option, + message: Option, +} + #[derive(Deserialize)] struct WechatPayNotifyBody { #[serde(default)] @@ -222,6 +291,10 @@ impl WechatPayClient { &config.wechat_pay_jsapi_endpoint, "WECHAT_PAY_JSAPI_ENDPOINT", )?; + let h5_endpoint = + resolve_wechat_pay_transaction_endpoint(&jsapi_endpoint, WECHAT_PAY_H5_PATH)?; + let native_endpoint = + resolve_wechat_pay_transaction_endpoint(&jsapi_endpoint, WECHAT_PAY_NATIVE_PATH)?; let query_order_endpoint_base = resolve_query_order_endpoint_base(&jsapi_endpoint)?; Ok(Self::Real(Arc::new(RealWechatPayClient { @@ -235,6 +308,8 @@ impl WechatPayClient { api_v3_key, notify_url, jsapi_endpoint, + h5_endpoint, + native_endpoint, query_order_endpoint_base, }))) } @@ -250,6 +325,28 @@ impl WechatPayClient { } } + pub async fn create_h5_order( + &self, + request: WechatWebOrderRequest, + ) -> Result { + match self { + Self::Disabled => Err(WechatPayError::Disabled), + Self::Mock => Ok(build_mock_h5_payment(&request.order_id)), + Self::Real(client) => client.create_h5_order(request).await, + } + } + + pub async fn create_native_order( + &self, + request: WechatWebOrderRequest, + ) -> Result { + match self { + Self::Disabled => Err(WechatPayError::Disabled), + Self::Mock => Ok(build_mock_native_payment(&request.order_id)), + Self::Real(client) => client.create_native_order(request).await, + } + } + pub fn parse_notify( &self, headers: &HeaderMap, @@ -304,13 +401,8 @@ impl RealWechatPayClient { .map_err(|error| WechatPayError::Deserialize(format!("微信支付请求序列化失败:{error}")))?; let timestamp = OffsetDateTime::now_utc().unix_timestamp().to_string(); let nonce = create_nonce()?; - let authorization = self.build_authorization( - "POST", - "/v3/pay/transactions/jsapi", - ×tamp, - &nonce, - &body, - )?; + let authorization = + self.build_authorization("POST", WECHAT_PAY_JSAPI_PATH, ×tamp, &nonce, &body)?; let response = with_wechat_pay_jsapi_headers( self.client .post(&self.jsapi_endpoint) @@ -350,6 +442,147 @@ impl RealWechatPayClient { self.build_pay_params(&prepay_id) } + async fn create_h5_order( + &self, + request: WechatWebOrderRequest, + ) -> Result { + validate_web_order_request(self, &request)?; + let amount_total = i64::try_from(request.amount_cents) + .map_err(|_| WechatPayError::InvalidRequest("微信支付金额超出 i64 范围".to_string()))?; + let body = serde_json::to_string(&WechatH5OrderRequest { + appid: &self.app_id, + mchid: &self.mch_id, + description: &request.description, + out_trade_no: &request.order_id, + notify_url: &self.notify_url, + amount: WechatJsapiAmount { + total: amount_total, + currency: "CNY", + }, + scene_info: WechatH5SceneInfo { + payer_client_ip: &request.payer_client_ip, + h5_info: WechatH5Info { kind: "Wap" }, + }, + }) + .map_err(|error| { + WechatPayError::Deserialize(format!("微信支付 H5 请求序列化失败:{error}")) + })?; + let response_text = self + .post_wechat_json( + &self.h5_endpoint, + WECHAT_PAY_H5_PATH, + body, + "微信支付 H5 下单请求失败", + ) + .await?; + let payload = + serde_json::from_str::(&response_text).map_err(|error| { + WechatPayError::Deserialize(format!("微信支付 H5 下单响应解析失败:{error}")) + })?; + let h5_url = payload + .h5_url + .map(|value| value.trim().to_string()) + .filter(|value| !value.is_empty()) + .ok_or_else(|| { + WechatPayError::Upstream( + payload + .message + .or(payload.code) + .unwrap_or_else(|| "微信支付未返回 h5_url".to_string()), + ) + })?; + + Ok(WechatH5PaymentResponse { h5_url }) + } + + async fn create_native_order( + &self, + request: WechatWebOrderRequest, + ) -> Result { + validate_web_order_request(self, &request)?; + let amount_total = i64::try_from(request.amount_cents) + .map_err(|_| WechatPayError::InvalidRequest("微信支付金额超出 i64 范围".to_string()))?; + let body = serde_json::to_string(&WechatNativeOrderRequest { + appid: &self.app_id, + mchid: &self.mch_id, + description: &request.description, + out_trade_no: &request.order_id, + notify_url: &self.notify_url, + amount: WechatJsapiAmount { + total: amount_total, + currency: "CNY", + }, + scene_info: WechatNativeSceneInfo { + payer_client_ip: &request.payer_client_ip, + }, + }) + .map_err(|error| { + WechatPayError::Deserialize(format!("微信支付 Native 请求序列化失败:{error}")) + })?; + let response_text = self + .post_wechat_json( + &self.native_endpoint, + WECHAT_PAY_NATIVE_PATH, + body, + "微信支付 Native 下单请求失败", + ) + .await?; + let payload = + serde_json::from_str::(&response_text).map_err(|error| { + WechatPayError::Deserialize(format!("微信支付 Native 下单响应解析失败:{error}")) + })?; + let code_url = payload + .code_url + .map(|value| value.trim().to_string()) + .filter(|value| !value.is_empty()) + .ok_or_else(|| { + WechatPayError::Upstream( + payload + .message + .or(payload.code) + .unwrap_or_else(|| "微信支付未返回 code_url".to_string()), + ) + })?; + + Ok(WechatNativePaymentResponse { code_url }) + } + + async fn post_wechat_json( + &self, + endpoint: &str, + canonical_path: &str, + body: String, + request_error_prefix: &str, + ) -> Result { + let timestamp = OffsetDateTime::now_utc().unix_timestamp().to_string(); + let nonce = create_nonce()?; + let authorization = + self.build_authorization("POST", canonical_path, ×tamp, &nonce, &body)?; + let response = with_wechat_pay_json_headers( + self.client + .post(endpoint) + .header("Authorization", authorization), + &self.platform_serial_no, + ) + .body(body) + .send() + .await + .map_err(|error| { + WechatPayError::RequestFailed(format!("{request_error_prefix}:{error}")) + })?; + let status = response.status(); + let response_text = response.text().await.map_err(|error| { + WechatPayError::Deserialize(format!("微信支付响应读取失败:{error}")) + })?; + if !status.is_success() { + return Err(WechatPayError::Upstream(format!( + "微信支付下单失败:HTTP {status},{response_text}" + ))); + } + + Ok(response_text) + } + fn build_authorization( &self, method: &str, @@ -618,6 +851,20 @@ pub fn build_wechat_payment_request( } } +pub fn build_wechat_web_payment_request( + order_id: String, + product_title: String, + amount_cents: u64, + payer_client_ip: String, +) -> WechatWebOrderRequest { + WechatWebOrderRequest { + order_id, + description: format!("陶泥儿 - {product_title}"), + amount_cents, + payer_client_ip, + } +} + pub fn current_unix_micros() -> i64 { let value = OffsetDateTime::now_utc().unix_timestamp_nanos() / 1_000; i64::try_from(value).unwrap_or(i64::MAX) @@ -664,6 +911,24 @@ fn build_mock_pay_params(order_id: &str) -> WechatMiniProgramPayParamsResponse { } } +fn build_mock_h5_payment(order_id: &str) -> WechatH5PaymentResponse { + WechatH5PaymentResponse { + h5_url: format!( + "https://mock.wechat-pay.local/h5?out_trade_no={}", + urlencoding::encode(order_id) + ), + } +} + +fn build_mock_native_payment(order_id: &str) -> WechatNativePaymentResponse { + WechatNativePaymentResponse { + code_url: format!( + "weixin://pay.weixin.qq.com/bizpayurl/up?pr=mock-{}", + hex_sha256(order_id.as_bytes()) + ), + } +} + fn parse_mock_notify(body: &[u8]) -> Result { let value = serde_json::from_slice::(body).map_err(|error| { WechatPayError::Deserialize(format!("mock 微信支付通知解析失败:{error}")) @@ -744,6 +1009,20 @@ fn resolve_query_order_endpoint_base(jsapi_endpoint: &str) -> Result Result { + let url = Url::parse(jsapi_endpoint) + .map_err(|_| WechatPayError::InvalidConfig("WECHAT_PAY_JSAPI_ENDPOINT 无效".to_string()))?; + let origin = url + .origin() + .ascii_serialization() + .trim_end_matches('/') + .to_string(); + Ok(format!("{origin}{transaction_path}")) +} + fn normalize_out_trade_no(value: &str) -> Result { let value = value.trim(); validate_out_trade_no(value)?; @@ -794,6 +1073,49 @@ fn validate_jsapi_order_request( Ok(()) } +fn validate_web_order_request( + client: &RealWechatPayClient, + request: &WechatWebOrderRequest, +) -> Result<(), WechatPayError> { + validate_non_empty_max_chars( + &client.app_id, + WECHAT_PAY_APP_ID_MAX_CHARS, + "微信支付 appid", + )?; + if !client.app_id.starts_with("wx") { + return Err(WechatPayError::InvalidConfig( + "微信支付 appid 必须使用已绑定的微信 AppID".to_string(), + )); + } + validate_non_empty_max_chars( + &client.mch_id, + WECHAT_PAY_MCH_ID_MAX_CHARS, + "微信支付 mchid", + )?; + if !client.mch_id.chars().all(|ch| ch.is_ascii_digit()) { + return Err(WechatPayError::InvalidConfig( + "微信支付 mchid 必须是数字字符串".to_string(), + )); + } + validate_non_empty_max_chars( + &request.description, + WECHAT_PAY_DESCRIPTION_MAX_CHARS, + "微信支付商品描述", + )?; + validate_out_trade_no(&request.order_id)?; + if request.amount_cents == 0 { + return Err(WechatPayError::InvalidRequest( + "微信支付金额必须大于 0 分".to_string(), + )); + } + validate_non_empty_max_chars( + &request.payer_client_ip, + WECHAT_PAY_CLIENT_IP_MAX_CHARS, + "微信支付 payer_client_ip", + )?; + Ok(()) +} + fn validate_non_empty_max_chars( value: &str, max_chars: usize, @@ -1046,6 +1368,84 @@ mod tests { assert!(body.get("notifyUrl").is_none()); } + #[test] + fn h5_order_request_uses_wechat_required_scene_info() { + let body = serde_json::to_value(WechatH5OrderRequest { + appid: "wx-test-app", + mchid: "1900000001", + description: "陶泥儿 - 60泥点", + out_trade_no: "rcgtest001", + notify_url: "https://api.example.com/api/profile/recharge/wechat/notify", + amount: WechatJsapiAmount { + total: 600, + currency: "CNY", + }, + scene_info: WechatH5SceneInfo { + payer_client_ip: "203.0.113.10", + h5_info: WechatH5Info { kind: "Wap" }, + }, + }) + .expect("H5 order request should serialize"); + + assert_eq!(body["scene_info"]["payer_client_ip"], "203.0.113.10"); + assert_eq!(body["scene_info"]["h5_info"]["type"], "Wap"); + assert_eq!(body["amount"]["currency"], "CNY"); + assert!(body.get("sceneInfo").is_none()); + assert!(body["scene_info"].get("payerClientIp").is_none()); + } + + #[test] + fn native_order_request_uses_code_url_response_shape() { + let body = serde_json::to_value(WechatNativeOrderRequest { + appid: "wx-test-app", + mchid: "1900000001", + description: "陶泥儿 - 60泥点", + out_trade_no: "rcgtest001", + notify_url: "https://api.example.com/api/profile/recharge/wechat/notify", + amount: WechatJsapiAmount { + total: 600, + currency: "CNY", + }, + scene_info: WechatNativeSceneInfo { + payer_client_ip: "203.0.113.10", + }, + }) + .expect("Native order request should serialize"); + let response = serde_json::from_value::(json!({ + "code_url": "weixin://pay.weixin.qq.com/bizpayurl/up?pr=test" + })) + .expect("Native order response should deserialize"); + + assert_eq!(body["scene_info"]["payer_client_ip"], "203.0.113.10"); + assert_eq!( + response.code_url.as_deref(), + Some("weixin://pay.weixin.qq.com/bizpayurl/up?pr=test") + ); + } + + #[test] + fn transaction_endpoints_reuse_configured_wechat_pay_origin() { + let h5_endpoint = resolve_wechat_pay_transaction_endpoint( + "https://pay-gateway.example.com/v3/pay/transactions/jsapi", + WECHAT_PAY_H5_PATH, + ) + .expect("H5 endpoint should resolve"); + let native_endpoint = resolve_wechat_pay_transaction_endpoint( + "https://pay-gateway.example.com/v3/pay/transactions/jsapi", + WECHAT_PAY_NATIVE_PATH, + ) + .expect("Native endpoint should resolve"); + + assert_eq!( + h5_endpoint, + "https://pay-gateway.example.com/v3/pay/transactions/h5" + ); + assert_eq!( + native_endpoint, + "https://pay-gateway.example.com/v3/pay/transactions/native" + ); + } + #[test] fn jsapi_order_request_rejects_provider_field_limit_violations() { assert!(validate_out_trade_no("abc12").is_err()); @@ -1074,6 +1474,20 @@ mod tests { validate_non_empty_max_chars(&"o".repeat(129), WECHAT_PAY_OPENID_MAX_CHARS, "openid") .is_err() ); + validate_non_empty_max_chars( + "203.0.113.10", + WECHAT_PAY_CLIENT_IP_MAX_CHARS, + "payer_client_ip", + ) + .expect("short client ip should pass"); + assert!( + validate_non_empty_max_chars( + &"1".repeat(46), + WECHAT_PAY_CLIENT_IP_MAX_CHARS, + "payer_client_ip", + ) + .is_err() + ); } #[test] diff --git a/server-rs/crates/module-runtime/src/commands.rs b/server-rs/crates/module-runtime/src/commands.rs index e3249e64..4f763b5f 100644 --- a/server-rs/crates/module-runtime/src/commands.rs +++ b/server-rs/crates/module-runtime/src/commands.rs @@ -263,7 +263,7 @@ pub fn build_runtime_profile_recharge_order_create_input( return Err(RuntimeProfileFieldError::UnknownRechargeProduct); } let payment_channel = normalize_required_string(payment_channel) - .unwrap_or_else(|| PROFILE_RECHARGE_PAYMENT_CHANNEL_MOCK.to_string()); + .ok_or(RuntimeProfileFieldError::MissingPaymentChannel)?; Ok(RuntimeProfileRechargeOrderCreateInput { user_id, diff --git a/server-rs/crates/module-runtime/src/domain.rs b/server-rs/crates/module-runtime/src/domain.rs index e327f28d..7d386182 100644 --- a/server-rs/crates/module-runtime/src/domain.rs +++ b/server-rs/crates/module-runtime/src/domain.rs @@ -34,6 +34,8 @@ pub const SAVE_SNAPSHOT_VERSION: u32 = 2; pub const DEFAULT_SAVE_ARCHIVE_SUMMARY_TEXT: &str = "继续推进上一次保存的故事。"; pub const PROFILE_RECHARGE_PAYMENT_CHANNEL_MOCK: &str = "mock"; pub const PROFILE_RECHARGE_PAYMENT_CHANNEL_WECHAT_MINI_PROGRAM: &str = "wechat_mp"; +pub const PROFILE_RECHARGE_PAYMENT_CHANNEL_WECHAT_H5: &str = "wechat_h5"; +pub const PROFILE_RECHARGE_PAYMENT_CHANNEL_WECHAT_NATIVE: &str = "wechat_native"; pub const PROFILE_FEEDBACK_DESCRIPTION_MIN_CHARS: usize = 10; pub const PROFILE_FEEDBACK_DESCRIPTION_MAX_CHARS: usize = 200; pub const PROFILE_FEEDBACK_CONTACT_PHONE_MAX_CHARS: usize = 40; diff --git a/server-rs/crates/module-runtime/src/errors.rs b/server-rs/crates/module-runtime/src/errors.rs index 59efc6d0..1745a51a 100644 --- a/server-rs/crates/module-runtime/src/errors.rs +++ b/server-rs/crates/module-runtime/src/errors.rs @@ -74,6 +74,7 @@ pub enum RuntimeProfileFieldError { TaskAlreadyClaimed, MissingOrderId, MissingProductId, + MissingPaymentChannel, MissingWorldKey, MissingBottomTab, MissingCheckpointSessionId, @@ -136,6 +137,7 @@ impl std::fmt::Display for RuntimeProfileFieldError { Self::TaskAlreadyClaimed => f.write_str("任务奖励已领取"), Self::MissingOrderId => f.write_str("recharge.order_id 不能为空"), Self::MissingProductId => f.write_str("recharge.product_id 不能为空"), + Self::MissingPaymentChannel => f.write_str("recharge.payment_channel 不能为空"), Self::MissingWorldKey => f.write_str("profile.world_key 不能为空"), Self::MissingBottomTab => f.write_str("runtime_snapshot.bottom_tab 不能为空"), Self::MissingCheckpointSessionId => f.write_str("checkpoint.session_id 不能为空"), diff --git a/server-rs/crates/module-runtime/src/lib.rs b/server-rs/crates/module-runtime/src/lib.rs index f9da30bf..7c2d21a0 100644 --- a/server-rs/crates/module-runtime/src/lib.rs +++ b/server-rs/crates/module-runtime/src/lib.rs @@ -702,6 +702,19 @@ mod tests { assert_eq!(error, RuntimeProfileFieldError::UnknownRechargeProduct); } + #[test] + fn build_recharge_order_input_rejects_missing_payment_channel() { + let error = build_runtime_profile_recharge_order_create_input( + "user-1".to_string(), + "points_60".to_string(), + " ".to_string(), + 1, + ) + .expect_err("missing payment channel should fail"); + + assert_eq!(error, RuntimeProfileFieldError::MissingPaymentChannel); + } + #[test] fn runtime_profile_identity_helpers_keep_existing_key_shape() { assert_eq!( diff --git a/server-rs/crates/shared-contracts/src/runtime.rs b/server-rs/crates/shared-contracts/src/runtime.rs index e36ac817..8586af2c 100644 --- a/server-rs/crates/shared-contracts/src/runtime.rs +++ b/server-rs/crates/shared-contracts/src/runtime.rs @@ -239,6 +239,18 @@ pub struct WechatMiniProgramPayParamsResponse { pub pay_sign: String, } +#[derive(Clone, Debug, Serialize, Deserialize, PartialEq)] +#[serde(rename_all = "camelCase")] +pub struct WechatH5PaymentResponse { + pub h5_url: String, +} + +#[derive(Clone, Debug, Serialize, Deserialize, PartialEq)] +#[serde(rename_all = "camelCase")] +pub struct WechatNativePaymentResponse { + pub code_url: String, +} + #[derive(Clone, Debug, Serialize, Deserialize, PartialEq)] #[serde(rename_all = "camelCase")] pub struct ProfileRechargeCenterResponse { @@ -266,6 +278,10 @@ pub struct CreateProfileRechargeOrderResponse { pub center: ProfileRechargeCenterResponse, #[serde(default)] pub wechat_mini_program_pay_params: Option, + #[serde(default)] + pub wechat_h5_payment: Option, + #[serde(default)] + pub wechat_native_payment: Option, } #[derive(Clone, Debug, Serialize, Deserialize, PartialEq)] @@ -1327,6 +1343,60 @@ mod tests { assert_eq!(payload.payment_channel, None); } + #[test] + fn create_profile_recharge_order_response_serializes_web_wechat_payloads() { + let order = ProfileRechargeOrderResponse { + order_id: "rcgtest001".to_string(), + product_id: "points_60".to_string(), + product_title: "60泥点".to_string(), + kind: "points".to_string(), + amount_cents: 600, + status: "pending".to_string(), + payment_channel: "wechat_native".to_string(), + paid_at: None, + provider_transaction_id: None, + created_at: "2026-05-15T10:00:00Z".to_string(), + points_delta: 0, + membership_expires_at: None, + }; + let center = ProfileRechargeCenterResponse { + wallet_balance: 0, + membership: ProfileMembershipResponse { + status: "normal".to_string(), + tier: "normal".to_string(), + started_at: None, + expires_at: None, + updated_at: None, + }, + point_products: vec![], + membership_products: vec![], + benefits: vec![], + latest_order: None, + has_points_recharged: false, + }; + let payload = serde_json::to_value(CreateProfileRechargeOrderResponse { + order, + center, + wechat_mini_program_pay_params: None, + wechat_h5_payment: Some(WechatH5PaymentResponse { + h5_url: "https://wx.tenpay.com/cgi-bin/mmpayweb-bin/checkmweb".to_string(), + }), + wechat_native_payment: Some(WechatNativePaymentResponse { + code_url: "weixin://pay.weixin.qq.com/bizpayurl/up?pr=test".to_string(), + }), + }) + .expect("payload should serialize"); + + assert_eq!( + payload["wechatH5Payment"]["h5Url"], + json!("https://wx.tenpay.com/cgi-bin/mmpayweb-bin/checkmweb") + ); + assert_eq!( + payload["wechatNativePayment"]["codeUrl"], + json!("weixin://pay.weixin.qq.com/bizpayurl/up?pr=test") + ); + } + #[test] fn profile_feedback_response_uses_camel_case_fields() { let payload = serde_json::to_value(SubmitProfileFeedbackResponse { diff --git a/src/components/rpg-entry/RpgEntryHomeView.recharge.test.tsx b/src/components/rpg-entry/RpgEntryHomeView.recharge.test.tsx index 7a45adee..a361e871 100644 --- a/src/components/rpg-entry/RpgEntryHomeView.recharge.test.tsx +++ b/src/components/rpg-entry/RpgEntryHomeView.recharge.test.tsx @@ -37,6 +37,8 @@ import { } from './rpgEntryWorldPresentation'; const { + mockQrCodeToDataUrl, + mockRedirectToPaymentUrl, mockBuildReferralCenter, mockBuildTaskCenter, mockClaimRpgProfileTaskReward, @@ -48,6 +50,8 @@ const { mockGetRpgProfileWalletLedger, mockRedeemRpgProfileReferralInviteCode, } = vi.hoisted(() => { + const qrCodeToDataUrl = vi.fn(async () => 'data:image/png;base64,QR'); + const redirectToPaymentUrl = vi.fn(); const buildReferralCenter = ( overrides: Partial = {}, ): ProfileReferralInviteCenterResponse => ({ @@ -119,6 +123,8 @@ const { }); return { + mockQrCodeToDataUrl: qrCodeToDataUrl, + mockRedirectToPaymentUrl: redirectToPaymentUrl, mockBuildReferralCenter: buildReferralCenter, mockBuildTaskCenter: buildTaskCenter, mockGetRpgProfileReferralInviteCenter: vi.fn(async () => @@ -343,6 +349,16 @@ vi.mock('../../services/authService', () => ({ updateAuthProfile: mockUpdateAuthProfile, })); +vi.mock('qrcode', () => ({ + default: { + toDataURL: mockQrCodeToDataUrl, + }, +})); + +vi.mock('../../services/payment/paymentRedirect', () => ({ + redirectToPaymentUrl: mockRedirectToPaymentUrl, +})); + mockUpdateAuthProfile.mockResolvedValue({ id: 'user-1', publicUserCode: '100001', @@ -584,19 +600,32 @@ function buildBabyObjectMatchEntry( } function mockDesktopLayout() { + Object.defineProperty(navigator, 'userAgent', { + configurable: true, + value: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)', + }); + Object.defineProperty(navigator, 'maxTouchPoints', { + configurable: true, + value: 0, + }); Object.defineProperty(window, 'matchMedia', { configurable: true, writable: true, - value: vi.fn().mockImplementation(() => ({ - matches: true, - media: '(min-width: 1024px)', - onchange: null, - addEventListener: vi.fn(), - removeEventListener: vi.fn(), - addListener: vi.fn(), - removeListener: vi.fn(), - dispatchEvent: vi.fn(), - })), + value: vi.fn().mockImplementation((query: string) => { + const normalizedQuery = query.replace(/\s/g, ''); + return { + matches: + normalizedQuery.includes('min-width:1024px') || + normalizedQuery.includes('min-width:1024'), + media: query, + onchange: null, + addEventListener: vi.fn(), + removeEventListener: vi.fn(), + addListener: vi.fn(), + removeListener: vi.fn(), + dispatchEvent: vi.fn(), + }; + }), }); } @@ -924,7 +953,9 @@ afterEach(() => { vi.unstubAllGlobals(); window.wx = undefined; document - .querySelectorAll('script[src="https://res.wx.qq.com/open/js/jweixin-1.6.0.js"]') + .querySelectorAll( + 'script[src="https://res.wx.qq.com/open/js/jweixin-1.6.0.js"]', + ) .forEach((script) => script.remove()); mockGetRpgProfileReferralInviteCenter.mockResolvedValue( mockBuildReferralCenter(), @@ -975,6 +1006,8 @@ afterEach(() => { wechatBound: false, createdAt: new Date().toISOString(), }); + mockQrCodeToDataUrl.mockResolvedValue('data:image/png;base64,QR'); + mockRedirectToPaymentUrl.mockReset(); Object.defineProperty(window, 'matchMedia', { configurable: true, writable: true, @@ -1011,11 +1044,45 @@ test('opens wallet ledger modal from narrative coin card', async () => { expect(screen.getByText('+30')).toBeTruthy(); }); -test('profile recharge modal buys points through mock channel outside mini program', async () => { +test('profile recharge modal shows native qr code on desktop web by default', async () => { const user = userEvent.setup(); - const onRechargeSuccess = vi.fn(); + mockDesktopLayout(); + mockCreateRpgProfileRechargeOrder.mockResolvedValueOnce({ + order: { + orderId: 'order-native-1', + productId: 'points_60', + productTitle: '60泥点', + kind: 'points', + amountCents: 600, + status: 'pending' as const, + paymentChannel: 'wechat_native', + paidAt: null, + providerTransactionId: null, + createdAt: '2026-04-25T10:00:00Z', + pointsDelta: 0, + membershipExpiresAt: null, + }, + center: { + walletBalance: 0, + membership: { + status: 'normal', + tier: 'normal', + startedAt: null, + expiresAt: null, + updatedAt: null, + }, + pointProducts: [], + membershipProducts: [], + benefits: [], + latestOrder: null, + hasPointsRecharged: false, + }, + wechatNativePayment: { + codeUrl: 'weixin://pay.weixin.qq.com/bizpayurl/up?pr=native-test', + }, + }); - renderProfileView(onRechargeSuccess); + renderProfileView(); const shortcutRegion = screen.getByRole('region', { name: '常用功能' }); await user.click( within(shortcutRegion).getByRole('button', { name: /充值/u }), @@ -1028,14 +1095,96 @@ test('profile recharge modal buys points through mock channel outside mini progr await waitFor(() => { expect(mockCreateRpgProfileRechargeOrder).toHaveBeenCalledWith( 'points_60', - 'mock', + 'wechat_native', ); }); + expect(await screen.findByText('微信扫码支付')).toBeTruthy(); + await waitFor(() => { + expect(screen.getByAltText('微信 Native 支付二维码')).toBeTruthy(); + }); + expect(mockQrCodeToDataUrl).toHaveBeenCalledWith( + 'weixin://pay.weixin.qq.com/bizpayurl/up?pr=native-test', + expect.objectContaining({ width: 180 }), + ); + expect(screen.queryByRole('dialog', { name: '支付成功' })).toBeNull(); +}); + +test('profile recharge modal jumps to h5 payment on mobile web by default', async () => { + const user = userEvent.setup(); + Object.defineProperty(navigator, 'userAgent', { + configurable: true, + value: 'Mozilla/5.0 (iPhone; CPU iPhone OS 17_0 like Mac OS X) Mobile', + }); + Object.defineProperty(window, 'matchMedia', { + configurable: true, + writable: true, + value: vi.fn().mockImplementation(() => ({ + matches: true, + media: '(max-width: 767px)', + onchange: null, + addEventListener: vi.fn(), + removeEventListener: vi.fn(), + addListener: vi.fn(), + removeListener: vi.fn(), + dispatchEvent: vi.fn(), + })), + }); + mockCreateRpgProfileRechargeOrder.mockResolvedValueOnce({ + order: { + orderId: 'order-h5-1', + productId: 'points_60', + productTitle: '60泥点', + kind: 'points', + amountCents: 600, + status: 'pending' as const, + paymentChannel: 'wechat_h5', + paidAt: null, + providerTransactionId: null, + createdAt: '2026-04-25T10:00:00Z', + pointsDelta: 0, + membershipExpiresAt: null, + }, + center: { + walletBalance: 0, + membership: { + status: 'normal', + tier: 'normal', + startedAt: null, + expiresAt: null, + updatedAt: null, + }, + pointProducts: [], + membershipProducts: [], + benefits: [], + latestOrder: null, + hasPointsRecharged: false, + }, + wechatH5Payment: { + h5Url: + 'https://wx.tenpay.com/cgi-bin/mmpayweb-bin/checkmweb?prepay_id=wx-h5', + }, + }); + + renderProfileView(); + const shortcutRegion = screen.getByRole('region', { name: '常用功能' }); + await user.click( + within(shortcutRegion).getByRole('button', { name: /充值/u }), + ); + await user.click(await screen.findByRole('button', { name: /60泥点/u })); + + await waitFor(() => { + expect(mockCreateRpgProfileRechargeOrder).toHaveBeenCalledWith( + 'points_60', + 'wechat_h5', + ); + }); + expect(mockRedirectToPaymentUrl).toHaveBeenCalledWith( + 'https://wx.tenpay.com/cgi-bin/mmpayweb-bin/checkmweb?prepay_id=wx-h5', + ); expect( - await screen.findByRole('dialog', { name: '支付成功' }), + await screen.findByRole('dialog', { name: '正在打开微信支付' }), ).toBeTruthy(); - expect(screen.getByText('已到账,账户状态已刷新。')).toBeTruthy(); - expect(onRechargeSuccess).toHaveBeenCalledTimes(1); + expect(screen.queryByRole('dialog', { name: '支付成功' })).toBeNull(); }); test('profile recharge modal posts requestPayment params in mini program web-view', async () => { @@ -1118,9 +1267,12 @@ test('profile recharge modal posts requestPayment params in mini program web-vie }); expect(navigateUrl).toContain('order-wechat-1'); expect(decodeURIComponent(navigateUrl)).toContain('prepay_id=wx-prepay'); - expect( - await screen.findByRole('dialog', { name: '支付成功' }), - ).toBeTruthy(); + expect(await screen.findByRole('dialog', { name: '支付成功' })).toBeTruthy(); + expect(mockCreateRpgProfileRechargeOrder).not.toHaveBeenCalledWith( + 'points_60', + 'mock', + ); + expect(mockRedirectToPaymentUrl).not.toHaveBeenCalled(); expect(screen.getByText('已到账,账户状态已刷新。')).toBeTruthy(); expect(mockConfirmWechatRpgProfileRechargeOrder).toHaveBeenCalledWith( 'order-wechat-1', @@ -1266,9 +1418,7 @@ test('profile recharge modal waits for paid confirmation before refreshing dashb expect(mockConfirmWechatRpgProfileRechargeOrder).toHaveBeenCalledTimes(2); }); - expect( - await screen.findByRole('dialog', { name: '支付成功' }), - ).toBeTruthy(); + expect(await screen.findByRole('dialog', { name: '支付成功' })).toBeTruthy(); expect(onRechargeSuccess).toHaveBeenCalledTimes(1); }); @@ -1354,9 +1504,7 @@ test('profile recharge modal loads wechat js sdk before mini program payment bri window.location.hash = `wx_pay_result=${requestId}:success`; window.dispatchEvent(new HashChangeEvent('hashchange')); }); - expect( - await screen.findByRole('dialog', { name: '支付成功' }), - ).toBeTruthy(); + expect(await screen.findByRole('dialog', { name: '支付成功' })).toBeTruthy(); }); test('profile recharge modal releases submitting state after cancelled wechat pay result', async () => { @@ -1452,6 +1600,93 @@ test('profile recharge modal releases submitting state after cancelled wechat pa expect(mockConfirmWechatRpgProfileRechargeOrder).not.toHaveBeenCalled(); }); +test('profile native qr confirmation refreshes only after server reports paid', async () => { + const user = userEvent.setup(); + const onRechargeSuccess = vi.fn(); + mockDesktopLayout(); + mockCreateRpgProfileRechargeOrder.mockResolvedValueOnce({ + order: { + orderId: 'order-native-paid', + productId: 'points_60', + productTitle: '60泥点', + kind: 'points', + amountCents: 600, + status: 'pending' as const, + paymentChannel: 'wechat_native', + paidAt: null, + providerTransactionId: null, + createdAt: '2026-04-25T10:00:00Z', + pointsDelta: 0, + membershipExpiresAt: null, + }, + center: { + walletBalance: 0, + membership: { + status: 'normal', + tier: 'normal', + startedAt: null, + expiresAt: null, + updatedAt: null, + }, + pointProducts: [], + membershipProducts: [], + benefits: [], + latestOrder: null, + hasPointsRecharged: false, + }, + wechatNativePayment: { + codeUrl: 'weixin://pay.weixin.qq.com/bizpayurl/up?pr=native-paid', + }, + }); + mockConfirmWechatRpgProfileRechargeOrder.mockResolvedValueOnce({ + order: { + orderId: 'order-native-paid', + productId: 'points_60', + productTitle: '60泥点', + kind: 'points', + amountCents: 600, + status: 'paid' as const, + paymentChannel: 'wechat_native', + paidAt: '2026-04-25T10:01:00Z', + providerTransactionId: 'wx-native-1', + createdAt: '2026-04-25T10:00:00Z', + pointsDelta: 120, + membershipExpiresAt: null, + }, + center: { + walletBalance: 120, + membership: { + status: 'normal', + tier: 'normal', + startedAt: null, + expiresAt: null, + updatedAt: null, + }, + pointProducts: [], + membershipProducts: [], + benefits: [], + latestOrder: null, + hasPointsRecharged: true, + }, + }); + + renderProfileView(onRechargeSuccess); + const shortcutRegion = screen.getByRole('region', { name: '常用功能' }); + await user.click( + within(shortcutRegion).getByRole('button', { name: /充值/u }), + ); + await user.click(await screen.findByRole('button', { name: /60泥点/u })); + await user.click(await screen.findByRole('button', { name: '我已支付' })); + + await waitFor(() => { + expect(mockConfirmWechatRpgProfileRechargeOrder).toHaveBeenCalledWith( + 'order-native-paid', + ); + }); + expect(await screen.findByRole('dialog', { name: '支付成功' })).toBeTruthy(); + expect(onRechargeSuccess).toHaveBeenCalledTimes(1); +}); + test('profile daily task shortcut opens task center and claims reward', async () => { const user = userEvent.setup(); const onRechargeSuccess = vi.fn(); diff --git a/src/components/rpg-entry/RpgEntryHomeView.tsx b/src/components/rpg-entry/RpgEntryHomeView.tsx index f48429df..7ae68662 100644 --- a/src/components/rpg-entry/RpgEntryHomeView.tsx +++ b/src/components/rpg-entry/RpgEntryHomeView.tsx @@ -42,6 +42,7 @@ import { useRef, useState, } from 'react'; +import QRCode from 'qrcode'; import communityQqQrImage from '../../../media/social-media-group/qq.png'; import communityWechatQrImage from '../../../media/social-media-group/wechat.png'; @@ -57,6 +58,7 @@ import type { ProfileReferralInviteCenterResponse, ProfileRechargeCenterResponse, ProfileRechargeProduct, + WechatNativePayment, WechatMiniProgramPayParams, ProfileSaveArchiveSummary, ProfileTaskCenterResponse, @@ -73,6 +75,13 @@ import { updateAuthProfile, } from '../../services/authService'; import { copyTextToClipboard } from '../../services/clipboard'; +import { + resolveProfileRechargePaymentChannel, + WECHAT_H5_PAYMENT_CHANNEL, + WECHAT_MINI_PROGRAM_PAYMENT_CHANNEL, + WECHAT_NATIVE_PAYMENT_CHANNEL, +} from '../../services/payment/paymentPlatform'; +import { redirectToPaymentUrl } from '../../services/payment/paymentRedirect'; import { claimRpgProfileTaskReward, confirmWechatRpgProfileRechargeOrder, @@ -217,9 +226,9 @@ const PROFILE_INVITE_QUERY_KEYS = ['inviteCode', 'invite_code'] as const; const RECOMMEND_ENTRY_SWIPE_THRESHOLD_PX = 36; const RECOMMEND_ENTRY_COMMIT_ANIMATION_MS = 180; const RECOMMEND_ENTRY_DRAG_LIMIT_PX = 160; -const WECHAT_MINI_PROGRAM_PAYMENT_CHANNEL = 'wechat_mp'; const WECHAT_JS_SDK_URL = 'https://res.wx.qq.com/open/js/jweixin-1.6.0.js'; const WECHAT_PAY_CONFIRM_RETRY_DELAYS_MS = [800, 1600, 3000] as const; +const WECHAT_NATIVE_PAY_QR_IMAGE_SIZE = 180; type ProfilePopupPanel = 'invite' | 'redeem' | 'community'; type RechargeTab = 'points' | 'membership'; @@ -235,6 +244,10 @@ type RechargePaymentResult = { title: string; message: string; }; +type NativeWechatPaymentState = WechatNativePayment & { + orderId: string; + isConfirming: boolean; +}; type DiscoverChannel = | 'recommend' | 'today' @@ -2338,18 +2351,6 @@ function formatRechargePrice(priceCents: number) { return `¥${Number.isInteger(yuan) ? yuan.toFixed(0) : yuan.toFixed(2)}`; } -function isWechatMiniProgramWebView() { - if (typeof window === 'undefined') { - return false; - } - - const params = new URLSearchParams(window.location.search); - return ( - params.get('clientRuntime') === 'wechat_mini_program' || - params.get('clientType') === 'mini_program' - ); -} - function clearWechatPayResultHash() { if (typeof window === 'undefined') { return; @@ -2496,6 +2497,36 @@ async function confirmWechatRechargeOrderUntilSettled( return latestResponse; } +function useWechatNativeQrCode(codeUrl: string | null) { + const [qrImageUrl, setQrImageUrl] = useState(null); + + useEffect(() => { + let cancelled = false; + setQrImageUrl(null); + if (!codeUrl) { + return () => { + cancelled = true; + }; + } + + void QRCode.toDataURL(codeUrl, { + errorCorrectionLevel: 'M', + margin: 1, + width: WECHAT_NATIVE_PAY_QR_IMAGE_SIZE, + }).then((dataUrl) => { + if (!cancelled) { + setQrImageUrl(dataUrl); + } + }); + + return () => { + cancelled = true; + }; + }, [codeUrl]); + + return qrImageUrl; +} + function RechargeProductCard({ product, submittingProductId, @@ -2546,22 +2577,29 @@ function ProfileRechargeModal({ isLoading, error, submittingProductId, + nativePayment, activeTab, onTabChange, onClose, onRetry, onBuy, + onConfirmNativePayment, }: { center: ProfileRechargeCenterResponse | null; isLoading: boolean; error: string | null; submittingProductId: string | null; + nativePayment: NativeWechatPaymentState | null; activeTab: RechargeTab; onTabChange: (tab: RechargeTab) => void; onClose: () => void; onRetry: () => void; onBuy: (product: ProfileRechargeProduct) => void; + onConfirmNativePayment: () => void; }) { + const nativeQrImageUrl = useWechatNativeQrCode( + nativePayment?.codeUrl ?? null, + ); const products = activeTab === 'points' ? (center?.pointProducts ?? []) @@ -2650,6 +2688,33 @@ function ProfileRechargeModal({ 暂无可购买套餐 )} + + {nativePayment ? ( +
+
微信扫码支付
+
+ {nativeQrImageUrl ? ( + 微信 Native 支付二维码 + ) : ( + + 生成中 + + )} +
+ +
+ ) : null} @@ -3420,6 +3485,8 @@ export function RpgEntryHomeView({ const [rechargeError, setRechargeError] = useState(null); const [rechargePaymentResult, setRechargePaymentResult] = useState(null); + const [nativeWechatPayment, setNativeWechatPayment] = + useState(null); const [activeRechargeTab, setActiveRechargeTab] = useState('points'); const [submittingRechargeProductId, setSubmittingRechargeProductId] = @@ -3941,14 +4008,12 @@ export function RpgEntryHomeView({ }) .finally(() => setIsLoadingRechargeCenter(false)); }; - const refreshRechargeState = useCallback( - () => { - loadRechargeCenter(); - setSubmittingRechargeProductId(null); - pendingWechatRechargeOrderIdRef.current = null; - }, - [loadRechargeCenter], - ); + const refreshRechargeState = useCallback(() => { + loadRechargeCenter(); + setSubmittingRechargeProductId(null); + pendingWechatRechargeOrderIdRef.current = null; + setNativeWechatPayment(null); + }, [loadRechargeCenter]); const handleWechatPayResult = useCallback(() => { const payResult = readWechatPayResultFromHash(); if (!payResult) { @@ -4036,11 +4101,11 @@ export function RpgEntryHomeView({ return; } - const paymentChannel = isWechatMiniProgramWebView() - ? WECHAT_MINI_PROGRAM_PAYMENT_CHANNEL - : 'mock'; + const paymentChannel = resolveProfileRechargePaymentChannel(); setSubmittingRechargeProductId(product.productId); setRechargeError(null); + setRechargePaymentResult(null); + setNativeWechatPayment(null); void createRpgProfileRechargeOrder(product.productId, paymentChannel) .then(async (response) => { if (paymentChannel === WECHAT_MINI_PROGRAM_PAYMENT_CHANNEL) { @@ -4051,24 +4116,105 @@ export function RpgEntryHomeView({ ); setRechargeCenter(response.center); return; - } else { + } + if (paymentChannel === WECHAT_H5_PAYMENT_CHANNEL) { + const h5Url = response.wechatH5Payment?.h5Url?.trim(); + if (!h5Url) { + throw new Error('微信 H5 支付链接生成失败'); + } + pendingWechatRechargeOrderIdRef.current = response.order.orderId; setRechargeCenter(response.center); setRechargePaymentResult({ - kind: 'success', - title: '支付成功', - message: '已到账,账户状态已刷新。', + kind: 'pending', + title: '正在打开微信支付', + message: '完成支付后返回页面确认到账状态。', }); - pendingWechatRechargeOrderIdRef.current = null; - setSubmittingRechargeProductId(null); + redirectToPaymentUrl(h5Url); + return; } - void onRechargeSuccess?.(); + if (paymentChannel === WECHAT_NATIVE_PAYMENT_CHANNEL) { + const codeUrl = response.wechatNativePayment?.codeUrl?.trim(); + if (!codeUrl) { + throw new Error('微信 Native 支付二维码生成失败'); + } + pendingWechatRechargeOrderIdRef.current = response.order.orderId; + setRechargeCenter(response.center); + setNativeWechatPayment({ + orderId: response.order.orderId, + codeUrl, + isConfirming: false, + }); + setSubmittingRechargeProductId(null); + return; + } + + throw new Error('充值支付渠道无效'); }) .catch((error: unknown) => { pendingWechatRechargeOrderIdRef.current = null; + setNativeWechatPayment(null); setRechargeError(error instanceof Error ? error.message : '充值失败'); setSubmittingRechargeProductId(null); }); }; + const confirmNativeWechatPayment = useCallback(() => { + if (!nativeWechatPayment || nativeWechatPayment.isConfirming) { + return; + } + + setNativeWechatPayment((current) => + current && current.orderId === nativeWechatPayment.orderId + ? { ...current, isConfirming: true } + : current, + ); + setRechargePaymentResult({ + kind: 'pending', + title: '正在确认支付', + message: '正在查询微信支付到账状态。', + }); + void confirmWechatRechargeOrderUntilSettled(nativeWechatPayment.orderId) + .then((response) => { + const isPaid = response.order.status === 'paid'; + setRechargeCenter(response.center); + setRechargePaymentResult( + isPaid + ? { + kind: 'success', + title: '支付成功', + message: '已到账,账户状态已刷新。', + } + : { + kind: 'pending', + title: '等待微信确认', + message: '暂时没能确认到账状态,请稍后再试。', + }, + ); + if (isPaid) { + setNativeWechatPayment(null); + pendingWechatRechargeOrderIdRef.current = null; + void onRechargeSuccess?.(); + } else { + setNativeWechatPayment((current) => + current && current.orderId === nativeWechatPayment.orderId + ? { ...current, isConfirming: false } + : current, + ); + } + }) + .catch(() => { + setRechargePaymentResult({ + kind: 'pending', + title: '等待微信确认', + message: '暂时没能确认到账状态,请稍后再试。', + }); + setNativeWechatPayment((current) => + current && current.orderId === nativeWechatPayment.orderId + ? { ...current, isConfirming: false } + : current, + ); + }) + .finally(() => setSubmittingRechargeProductId(null)); + }, [nativeWechatPayment, onRechargeSuccess]); useEffect(() => { const handleResume = () => { handleWechatPayResult(); @@ -5878,11 +6024,13 @@ export function RpgEntryHomeView({ isLoading={isLoadingRechargeCenter} error={rechargeError} submittingProductId={submittingRechargeProductId} + nativePayment={nativeWechatPayment} activeTab={activeRechargeTab} onTabChange={setActiveRechargeTab} onClose={() => setIsRechargeOpen(false)} onRetry={loadRechargeCenter} onBuy={buyRechargeProduct} + onConfirmNativePayment={confirmNativeWechatPayment} /> ) : null; const rechargePaymentResultModal: ReactNode = rechargePaymentResult ? ( diff --git a/src/services/payment/paymentPlatform.test.ts b/src/services/payment/paymentPlatform.test.ts new file mode 100644 index 00000000..7debab5f --- /dev/null +++ b/src/services/payment/paymentPlatform.test.ts @@ -0,0 +1,63 @@ +import { describe, expect, test } from 'vitest'; + +import { + resolveProfileRechargePaymentChannel, + WECHAT_H5_PAYMENT_CHANNEL, + WECHAT_MINI_PROGRAM_PAYMENT_CHANNEL, + WECHAT_NATIVE_PAYMENT_CHANNEL, +} from './paymentPlatform'; + +describe('resolveProfileRechargePaymentChannel', () => { + test('小程序运行态选择 wechat_mp', () => { + expect( + resolveProfileRechargePaymentChannel({ + location: { search: '?clientRuntime=wechat_mini_program' }, + navigator: { userAgent: 'Mozilla/5.0 (iPhone)' }, + }), + ).toBe(WECHAT_MINI_PROGRAM_PAYMENT_CHANNEL); + }); + + test('移动网页选择 wechat_h5', () => { + expect( + resolveProfileRechargePaymentChannel({ + location: { search: '' }, + navigator: { + userAgent: + 'Mozilla/5.0 (iPhone; CPU iPhone OS 17_0 like Mac OS X) Mobile', + }, + }), + ).toBe(WECHAT_H5_PAYMENT_CHANNEL); + }); + + test('微信内 H5 首版仍选择 wechat_h5', () => { + expect( + resolveProfileRechargePaymentChannel({ + location: { search: '' }, + navigator: { + userAgent: + 'Mozilla/5.0 (Linux; Android 14) AppleWebKit MicroMessenger/8.0 Mobile', + }, + }), + ).toBe(WECHAT_H5_PAYMENT_CHANNEL); + }); + + test('桌面网页选择 wechat_native', () => { + expect( + resolveProfileRechargePaymentChannel({ + location: { search: '' }, + navigator: { userAgent: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)' }, + matchMedia: () => ({ matches: false }) as unknown as MediaQueryList, + }), + ).toBe(WECHAT_NATIVE_PAYMENT_CHANNEL); + }); + + test('默认路径永远不会解析成 mock', () => { + expect( + resolveProfileRechargePaymentChannel({ + location: { search: '' }, + navigator: { userAgent: '' }, + matchMedia: () => ({ matches: false }) as unknown as MediaQueryList, + }), + ).not.toBe('mock'); + }); +}); diff --git a/src/services/payment/paymentPlatform.ts b/src/services/payment/paymentPlatform.ts new file mode 100644 index 00000000..3c4e21f3 --- /dev/null +++ b/src/services/payment/paymentPlatform.ts @@ -0,0 +1,76 @@ +export const WECHAT_MINI_PROGRAM_PAYMENT_CHANNEL = 'wechat_mp'; +export const WECHAT_H5_PAYMENT_CHANNEL = 'wechat_h5'; +export const WECHAT_NATIVE_PAYMENT_CHANNEL = 'wechat_native'; +export const MOCK_PAYMENT_CHANNEL = 'mock'; + +export type ProfileRechargeWechatPaymentChannel = + | typeof WECHAT_MINI_PROGRAM_PAYMENT_CHANNEL + | typeof WECHAT_H5_PAYMENT_CHANNEL + | typeof WECHAT_NATIVE_PAYMENT_CHANNEL; + +type PaymentPlatformNavigator = Pick; + +export type PaymentPlatformContext = { + location?: Pick | null; + navigator?: Partial | null; + matchMedia?: Window['matchMedia'] | null; +}; + +export function resolveProfileRechargePaymentChannel( + context: PaymentPlatformContext = {}, +): ProfileRechargeWechatPaymentChannel { + const location = + context.location ?? + (typeof window !== 'undefined' ? window.location : null); + const navigatorLike = + context.navigator ?? (typeof navigator !== 'undefined' ? navigator : null); + const matchMedia = + context.matchMedia ?? + (typeof window !== 'undefined' && typeof window.matchMedia === 'function' + ? window.matchMedia.bind(window) + : null); + + if (isWechatMiniProgramRuntime(location)) { + return WECHAT_MINI_PROGRAM_PAYMENT_CHANNEL; + } + + if (isMobileWebRuntime(navigatorLike, matchMedia)) { + return WECHAT_H5_PAYMENT_CHANNEL; + } + + return WECHAT_NATIVE_PAYMENT_CHANNEL; +} + +export function isManualMockPaymentChannel(paymentChannel: string) { + return paymentChannel.trim() === MOCK_PAYMENT_CHANNEL; +} + +function isWechatMiniProgramRuntime( + location: Pick | null | undefined, +) { + const params = new URLSearchParams(location?.search ?? ''); + return ( + params.get('clientRuntime') === 'wechat_mini_program' || + params.get('clientType') === 'mini_program' + ); +} + +function isMobileWebRuntime( + navigatorLike: Partial | null | undefined, + matchMedia: Window['matchMedia'] | null | undefined, +) { + const userAgent = navigatorLike?.userAgent?.toLowerCase() ?? ''; + if ( + /android|iphone|ipad|ipod|mobile|micromessenger|windows phone/u.test( + userAgent, + ) + ) { + return true; + } + + if ((navigatorLike?.maxTouchPoints ?? 0) > 1) { + return true; + } + + return Boolean(matchMedia?.('(max-width: 767px)').matches); +} diff --git a/src/services/payment/paymentRedirect.ts b/src/services/payment/paymentRedirect.ts new file mode 100644 index 00000000..923e1c54 --- /dev/null +++ b/src/services/payment/paymentRedirect.ts @@ -0,0 +1,3 @@ +export function redirectToPaymentUrl(url: string) { + window.location.assign(url); +} diff --git a/src/services/rpg-entry/rpgProfileClient.ts b/src/services/rpg-entry/rpgProfileClient.ts index a0b9a479..f5942c80 100644 --- a/src/services/rpg-entry/rpgProfileClient.ts +++ b/src/services/rpg-entry/rpgProfileClient.ts @@ -67,9 +67,7 @@ export function getRpgProfileDashboard(options: RuntimeRequestOptions = {}) { ); } -export function getRpgProfileWalletLedger( - options: RuntimeRequestOptions = {}, -) { +export function getRpgProfileWalletLedger(options: RuntimeRequestOptions = {}) { return requestRpgRuntimeJson( '/profile/wallet-ledger', { method: 'GET' }, @@ -91,7 +89,7 @@ export function getRpgProfileRechargeCenter( export function createRpgProfileRechargeOrder( productId: string, - paymentChannel = 'mock', + paymentChannel: string, options: RuntimeRequestOptions = {}, ) { return requestRpgRuntimeJson( @@ -227,12 +225,13 @@ export async function resumeRpgProfileSaveArchive( worldKey: string, options: RuntimeRequestOptions = {}, ) { - const response = await requestRpgRuntimeJson( - `/profile/save-archives/${encodeURIComponent(worldKey)}`, - { method: 'POST' }, - '恢复存档失败', - options, - ); + const response = + await requestRpgRuntimeJson( + `/profile/save-archives/${encodeURIComponent(worldKey)}`, + { method: 'POST' }, + '恢复存档失败', + options, + ); return { entry: response.entry, From c94f22e26c696a7c52b51d853118843e24820dc0 Mon Sep 17 00:00:00 2001 From: kdletters Date: Fri, 15 May 2026 08:43:21 +0800 Subject: [PATCH 2/2] feat: gate recharge payment by login device --- .hermes/shared-memory/decision-log.md | 8 + ...OUNT_RECHARGE_IMPLEMENTATION_2026-04-25.md | 21 +- .../OIDC_JWT_CLAIMS_DESIGN_2026-04-21.md | 16 +- .../crates/api-server/src/auth_session.rs | 25 ++- .../crates/api-server/src/refresh_session.rs | 1 + .../crates/api-server/src/runtime_profile.rs | 189 +++++++++++++++++- server-rs/crates/platform-auth/README.md | 19 +- server-rs/crates/platform-auth/src/lib.rs | 102 +++++++++- .../RpgEntryHomeView.recharge.test.tsx | 86 ++++++-- src/components/rpg-entry/RpgEntryHomeView.tsx | 48 +++-- src/services/payment/paymentPlatform.test.ts | 55 +++++ src/services/payment/paymentPlatform.ts | 29 ++- 12 files changed, 527 insertions(+), 72 deletions(-) diff --git a/.hermes/shared-memory/decision-log.md b/.hermes/shared-memory/decision-log.md index 7b276d70..43cc51a3 100644 --- a/.hermes/shared-memory/decision-log.md +++ b/.hermes/shared-memory/decision-log.md @@ -16,6 +16,14 @@ --- +## 2026-05-15 微信充值支付路径以后端 JWT 设备快照为准 + +- 背景:前端隐藏非微信环境充值入口只能改善体验,不能阻止用户手动调用 `/api/profile/recharge/orders` 并伪造 `paymentChannel`。 +- 决策:access JWT 只新增最小设备快照 `device.client_type/client_runtime/client_platform`,来源为登录或 refresh session 中的 `client_info`;不把完整 session、IP、UA 或设备列表塞进 JWT。真实微信充值下单必须由后端按 JWT 设备快照拦截:小程序 `wechat_mp` 只允许 `mini_program`,手机微信内网页 `wechat_h5` 只允许 `wechat_h5 + ios/android`,桌面微信内网页 `wechat_native` 只允许 `wechat_h5 + windows/macos/linux`。非微信环境前端不显示充值入口,改显示兑换码入口。 +- 影响范围:`platform-auth` JWT claims、`api-server` auth session/refresh session 签发、`runtime_profile` 充值订单接口、前端支付平台隔离层和“我的”页常用功能区。 +- 验证方式:执行 `npm run test -- src/services/payment/paymentPlatform.test.ts src/components/rpg-entry/RpgEntryHomeView.recharge.test.tsx`、`cargo test -p api-server profile_recharge_order --manifest-path server-rs/Cargo.toml`、`npm run typecheck`、`npm run check:encoding`。 +- 关联文档:`docs/technical/OIDC_JWT_CLAIMS_DESIGN_2026-04-21.md`、`docs/technical/MY_TAB_ACCOUNT_RECHARGE_IMPLEMENTATION_2026-04-25.md`。 + ## 2026-05-14 抓大鹅物品素材批量重新生成复用 item-assets 替换模式 - 背景:抓大鹅结果页 `素材配置 > 物品` 需要在不改变玩法物品映射的前提下,批量重新生成已存在物品的 2D 五视角图片。 diff --git a/docs/technical/MY_TAB_ACCOUNT_RECHARGE_IMPLEMENTATION_2026-04-25.md b/docs/technical/MY_TAB_ACCOUNT_RECHARGE_IMPLEMENTATION_2026-04-25.md index 83ed3fab..8d6eab64 100644 --- a/docs/technical/MY_TAB_ACCOUNT_RECHARGE_IMPLEMENTATION_2026-04-25.md +++ b/docs/technical/MY_TAB_ACCOUNT_RECHARGE_IMPLEMENTATION_2026-04-25.md @@ -9,7 +9,7 @@ 1. `泥点充值` 2. `会员卡充值` -前端只负责展示与发起购买,套餐、价格、赠送规则、会员权益、生效时间、钱包余额与交易流水统一由 `server-rs` 后端返回。支付接入固定为普通商户直连模式:小程序 web-view 使用 `wechat_mp`,移动网页使用 `wechat_h5`,桌面网页使用 `wechat_native` 二维码。生产默认永远不走 `mock`;只有自动测试或显式测试配置手动传 `paymentChannel = "mock"` 时才允许 mock 即时入账。所有真实微信渠道的到账事实以后端微信支付通知和服务端查单为准。 +前端只负责展示与发起购买,套餐、价格、赠送规则、会员权益、生效时间、钱包余额与交易流水统一由 `server-rs` 后端返回。支付接入固定为普通商户直连模式:小程序 web-view 使用 `wechat_mp`,手机微信内网页使用 `wechat_h5`,桌面微信内网页使用 `wechat_native` 二维码。生产默认永远不走 `mock`;只有自动测试或显式测试配置手动传 `paymentChannel = "mock"` 时才允许 mock 即时入账。所有真实微信渠道的到账事实以后端微信支付通知和服务端查单为准。 ## 2. 产品规则 @@ -64,13 +64,18 @@ 1. 校验 `productId` 2. 缺少 `paymentChannel` 或传入未知渠道时直接返回 `400`,不得再默认解释为 `mock` -3. 生产/真实支付配置拒绝 `paymentChannel = "mock"`;mock 只服务自动测试或显式 mock 测试配置 +3. 后端根据 Bearer JWT 中的 `device` 快照拦截真实微信渠道,不能只信任前端隐藏入口或请求体传入的 `paymentChannel` + - `wechat_mp` 只允许 `device.client_type = "mini_program"` + - `wechat_h5` 只允许 `device.client_type = "wechat_h5"` 且 `device.client_platform` 为 `ios` 或 `android` + - `wechat_native` 只允许 `device.client_type = "wechat_h5"` 且 `device.client_platform` 为 `windows`、`macos` 或 `linux` + - 缺少设备快照、普通浏览器设备、手机微信手动传 Native、桌面微信手动传 H5 都返回 `403` +4. 生产/真实支付配置拒绝 `paymentChannel = "mock"`;mock 只服务自动测试或显式 mock 测试配置 - `wechat_mp` / `wechat_h5` / `wechat_native` 必须在 `WECHAT_PAY_ENABLED=true` 且 `WECHAT_PAY_PROVIDER=real` 时才允许下单;`WECHAT_PAY_PROVIDER=mock` 不能为真实微信渠道返回 mock 支付载荷。 -4. `paymentChannel = "wechat_mp"` 时后端创建待支付订单,并调用微信支付 JSAPI 下单生成小程序支付参数;本地 `orderId` 会作为微信 `out_trade_no` 传递,格式固定为 `rcg` 前缀 + 小写字母数字,长度在 6-32 字符内,满足微信支付 JSAPI 下单文档对商户订单号的限制。商品描述限制为 127 字符内,回调地址限制为 HTTPS、255 字符内且不携带 query/fragment。 +5. `paymentChannel = "wechat_mp"` 时后端创建待支付订单,并调用微信支付 JSAPI 下单生成小程序支付参数;本地 `orderId` 会作为微信 `out_trade_no` 传递,格式固定为 `rcg` 前缀 + 小写字母数字,长度在 6-32 字符内,满足微信支付 JSAPI 下单文档对商户订单号的限制。商品描述限制为 127 字符内,回调地址限制为 HTTPS、255 字符内且不携带 query/fragment。 - JSAPI 下单请求必须显式携带 `Accept: application/json`、`Content-Type: application/json` 和 `User-Agent: Genarrative-WechatPay/1.0`;微信侧会把缺少 `User-Agent` 的请求返回为“Http头缺少Accept或User-Agent”。 -5. `paymentChannel = "wechat_h5"` 时调用微信支付 H5 下单,返回 `wechatH5Payment.h5Url`,前端跳转到该地址 -6. `paymentChannel = "wechat_native"` 时调用微信支付 Native 下单,返回 `wechatNativePayment.codeUrl`,前端在充值弹窗内把 `codeUrl` 渲染成二维码 -7. 所有微信真实渠道订单不提前发泥点或会员,只返回待支付订单、账户中心快照与对应支付载荷 +6. `paymentChannel = "wechat_h5"` 时调用微信支付 H5 下单,返回 `wechatH5Payment.h5Url`,前端跳转到该地址 +7. `paymentChannel = "wechat_native"` 时调用微信支付 Native 下单,返回 `wechatNativePayment.codeUrl`,前端在充值弹窗内把 `codeUrl` 渲染成二维码;该渠道只面向桌面微信内网页 +8. 所有微信真实渠道订单不提前发泥点或会员,只返回待支付订单、账户中心快照与对应支付载荷 兼容路径:`POST /api/runtime/profile/recharge/orders` @@ -164,8 +169,8 @@ H5 与 Native 响应: - `success` 只表示微信客户端支付流程返回成功,前端随后调用 `POST /api/profile/recharge/orders/{order_id}/wechat/confirm` 由服务端查单确认;只有通知或服务端查单确认为 `SUCCESS` 才入账。 - 小程序返回后,前端会对确认接口做短轮询,覆盖微信通知/查单结果与 web-view 恢复之间的秒级时间差;只有确认响应里的订单状态变成 `paid` 后,才触发父级 `profileDashboard` 刷新,确保“我的”页泥点卡片读取到最新余额。 - `cancel` 和 `fail` 只复位按钮、刷新账户中心并通过全局支付结果模态展示,不调用入账逻辑。 -5. 移动网页含微信内 H5 首版统一走 `wechat_h5`:拿到 `h5Url` 后跳转;若微信内 H5 调起失败,失败态提示用户改用系统浏览器或小程序。 -6. 桌面网页走 `wechat_native`:充值弹窗展示二维码,用户扫码后点击“我已支付”,前端调用 confirm 接口短轮询确认;确认前不刷新父级余额。 +5. 手机微信内 H5 首版统一走 `wechat_h5`:拿到 `h5Url` 后跳转;若微信内 H5 调起失败,失败态提示用户改用系统浏览器或小程序。 +6. 桌面微信内网页走 `wechat_native`:充值弹窗展示二维码,用户扫码后点击“我已支付”,前端调用 confirm 接口短轮询确认;确认前不刷新父级余额。 7. 支付结果使用页面级全局模态展示,不写回商品卡片或账户充值弹窗内部;充值弹窗只负责套餐选择、加载失败和下单失败。 8. 弹窗内不写大段说明文案,只保留必要金额、泥点、会员权益和操作状态。 9. 会员卡充值区以套餐卡片优先展示周期、价格和处理状态;移动端单列,桌面端三列,权益表允许横向滚动,避免小屏挤压。 diff --git a/docs/technical/OIDC_JWT_CLAIMS_DESIGN_2026-04-21.md b/docs/technical/OIDC_JWT_CLAIMS_DESIGN_2026-04-21.md index 6a81f721..49642eab 100644 --- a/docs/technical/OIDC_JWT_CLAIMS_DESIGN_2026-04-21.md +++ b/docs/technical/OIDC_JWT_CLAIMS_DESIGN_2026-04-21.md @@ -116,6 +116,7 @@ | `phone_verified` | 是 | 是否已完成手机号验证。 | | `binding_status` | 是 | 账号绑定状态,固定为 `active`、`pending_bind_phone`。 | | `display_name` | 否 | 当前展示名快照,用于少量上游日志/观测;不是授权依据。 | +| `device` | 否 | 登录时采集到的最小设备快照,仅保留 `client_type`、`client_runtime`、`client_platform`,用于后端按设备拦截真实微信支付路径。 | ## 6. 关键字段定义 @@ -264,7 +265,7 @@ 4. refresh token hash 5. 风控状态、captcha 状态、封禁剩余时间 6. 完整用户资料对象 -7. 审计日志、设备列表、IP、UA +7. 审计日志、完整设备对象或列表、IP、UA 原因: @@ -284,6 +285,11 @@ "phone_verified": false, "binding_status": "pending_bind_phone", "display_name": "微信旅人", + "device": { + "client_type": "wechat_h5", + "client_runtime": "wechat_embedded_browser", + "client_platform": "ios" + }, "iat": 1713657600, "exp": 1713664800 } @@ -302,7 +308,8 @@ 1. 签发 access token 2. 校验 `iss/exp/sub/sid/provider/roles/ver` -3. 解析 claims 为统一 Rust 结构 +3. 规范化并透传 `device` 最小设备快照 +4. 解析 claims 为统一 Rust 结构 ### 9.2 `module-auth` @@ -344,6 +351,7 @@ | 无 | `phone_verified` | 新增,表达手机号验证状态。 | | 无 | `binding_status` | 新增,表达待绑手机/已激活状态。 | | 无 | `display_name` | 可选新增。 | +| 无 | `device` | 可选新增,承载最小设备快照,不包含完整 session 或敏感原始环境。 | ## 11. Express / Axum 请求上下文映射 @@ -361,6 +369,7 @@ Rust 侧建议升级为统一 claims 结构,例如: 5. `token_version` 6. `phone_verified` 7. `binding_status` +8. `device` 说明: @@ -384,7 +393,8 @@ Rust 侧建议升级为统一 claims 结构,例如: 1. `iss/sub/sid/provider/roles` 已明确冻结 2. access token 与 refresh session 的职责边界已切开 3. Axum、`platform-auth`、`module-auth`、`SpacetimeDB` 的使用边界已明确 -4. 后续可以直接按这份文档实现签发、校验与身份透传 +4. 登录设备快照的最小字段已明确,且可用于支付路径拦截 +5. 后续可以直接按这份文档实现签发、校验与身份透传 ## 14. 依据文件 diff --git a/server-rs/crates/api-server/src/auth_session.rs b/server-rs/crates/api-server/src/auth_session.rs index e06c27f3..90b1325e 100644 --- a/server-rs/crates/api-server/src/auth_session.rs +++ b/server-rs/crates/api-server/src/auth_session.rs @@ -1,19 +1,19 @@ use axum::http::{HeaderMap, HeaderValue, StatusCode, header::SET_COOKIE}; use module_auth::{ - AuthLoginMethod, AuthUser, CreateRefreshSessionInput, LogoutError, RefreshSessionError, + AuthLoginMethod, AuthUser, CreateRefreshSessionInput, LogoutError, RefreshSessionClientInfo, + RefreshSessionError, }; use platform_auth::{ - AccessTokenClaims, AccessTokenClaimsInput, AuthProvider, BindingStatus, + AccessTokenClaims, AccessTokenClaimsInput, AccessTokenDeviceInfo, AuthProvider, BindingStatus, build_refresh_session_clear_cookie, build_refresh_session_set_cookie, create_refresh_session_token, hash_refresh_session_token, sign_access_token, }; use time::OffsetDateTime; use crate::session_client::SessionClientContext; -use crate::{ - http_error::AppError, request_context::RequestContext, state::AppState, - tracking::record_daily_login_tracking_event_after_success as record_daily_login_tracking_event_via_unified_path, -}; +#[cfg(not(test))] +use crate::tracking::record_daily_login_tracking_event_after_success as record_daily_login_tracking_event_via_unified_path; +use crate::{http_error::AppError, request_context::RequestContext, state::AppState}; #[derive(Debug, Clone)] pub struct SignedAuthSession { @@ -81,6 +81,7 @@ pub fn create_auth_session( user, &session.session.session_id, Some(&session_provider), + Some(&session.session.client_info), )?; Ok(SignedAuthSession { @@ -94,8 +95,9 @@ pub fn sign_access_token_for_user( user: &AuthUser, session_id: &str, session_provider_override: Option<&AuthLoginMethod>, + client_info: Option<&RefreshSessionClientInfo>, ) -> Result { - let access_claims = AccessTokenClaims::from_input( + let access_claims = AccessTokenClaims::from_input_with_device( AccessTokenClaimsInput { user_id: user.id.clone(), session_id: session_id.to_string(), @@ -106,6 +108,7 @@ pub fn sign_access_token_for_user( binding_status: map_binding_status(&user.binding_status), display_name: Some(user.display_name.clone()), }, + client_info.map(map_access_token_device_info), state.auth_jwt_config(), OffsetDateTime::now_utc(), ) @@ -182,3 +185,11 @@ fn map_binding_status(binding_status: &module_auth::AuthBindingStatus) -> Bindin module_auth::AuthBindingStatus::PendingBindPhone => BindingStatus::PendingBindPhone, } } + +fn map_access_token_device_info(client_info: &RefreshSessionClientInfo) -> AccessTokenDeviceInfo { + AccessTokenDeviceInfo { + client_type: client_info.client_type.clone(), + client_runtime: client_info.client_runtime.clone(), + client_platform: client_info.client_platform.clone(), + } +} diff --git a/server-rs/crates/api-server/src/refresh_session.rs b/server-rs/crates/api-server/src/refresh_session.rs index 28d0432c..9276ce1b 100644 --- a/server-rs/crates/api-server/src/refresh_session.rs +++ b/server-rs/crates/api-server/src/refresh_session.rs @@ -54,6 +54,7 @@ pub async fn refresh_session( &rotated.user, &rotated.session.session_id, Some(&rotated.session.issued_by_provider), + Some(&rotated.session.client_info), )?; record_daily_login_tracking_event_after_auth_success( &state, diff --git a/server-rs/crates/api-server/src/runtime_profile.rs b/server-rs/crates/api-server/src/runtime_profile.rs index a0ed8af8..8374c9ce 100644 --- a/server-rs/crates/api-server/src/runtime_profile.rs +++ b/server-rs/crates/api-server/src/runtime_profile.rs @@ -197,6 +197,8 @@ pub async fn create_profile_recharge_order( let user_id = authenticated.claims().user_id().to_string(); let payment_channel = normalize_recharge_payment_channel(payload.payment_channel) .map_err(|error| runtime_profile_error_response(&request_context, error))?; + validate_recharge_device_for_payment_channel(authenticated.claims(), &payment_channel) + .map_err(|error| runtime_profile_error_response(&request_context, error))?; validate_recharge_payment_channel(&state, &payment_channel) .map_err(|error| runtime_profile_error_response(&request_context, error))?; let created_at_micros = current_unix_micros(); @@ -956,6 +958,34 @@ fn validate_recharge_payment_channel( Err(AppError::from_status(StatusCode::BAD_REQUEST).with_message("充值支付渠道无效")) } +fn validate_recharge_device_for_payment_channel( + claims: &platform_auth::AccessTokenClaims, + payment_channel: &str, +) -> Result<(), AppError> { + if payment_channel == PROFILE_RECHARGE_PAYMENT_CHANNEL_MOCK { + return Ok(()); + } + + if !is_wechat_recharge_payment_channel(payment_channel) { + return Ok(()); + } + + let is_supported_device = match payment_channel { + PROFILE_RECHARGE_PAYMENT_CHANNEL_WECHAT_MINI_PROGRAM => { + claims.is_wechat_mini_program_device() + } + PROFILE_RECHARGE_PAYMENT_CHANNEL_WECHAT_H5 => claims.is_mobile_wechat_browser_device(), + PROFILE_RECHARGE_PAYMENT_CHANNEL_WECHAT_NATIVE => claims.is_desktop_wechat_browser_device(), + _ => false, + }; + if is_supported_device { + return Ok(()); + } + + Err(AppError::from_status(StatusCode::FORBIDDEN) + .with_message("当前登录设备不支持充值,请在微信环境内登录后重试")) +} + fn validate_real_wechat_recharge_payment_provider(state: &AppState) -> Result<(), AppError> { if !state.config.wechat_pay_enabled { return Err(AppError::from_status(StatusCode::SERVICE_UNAVAILABLE) @@ -1738,7 +1768,7 @@ mod tests { } #[tokio::test] - async fn profile_recharge_order_rejects_real_wechat_channel_when_pay_provider_is_mock() { + async fn profile_recharge_order_rejects_non_wechat_device_before_spacetime() { let state = seed_authenticated_state_with_config(AppConfig { wechat_pay_enabled: true, wechat_pay_provider: "mock".to_string(), @@ -1749,6 +1779,133 @@ mod tests { let token = issue_access_token(&state); let app = build_router(state); + let response = app + .oneshot( + Request::builder() + .method("POST") + .uri("/api/profile/recharge/orders") + .header("authorization", format!("Bearer {token}")) + .header("content-type", "application/json") + .body(Body::from( + r#"{"productId":"points_60","paymentChannel":"wechat_h5"}"#, + )) + .expect("request should build"), + ) + .await + .expect("request should succeed"); + + assert_eq!(response.status(), StatusCode::FORBIDDEN); + let body = response + .into_body() + .collect() + .await + .expect("body should collect") + .to_bytes(); + let payload: Value = + serde_json::from_slice(&body).expect("response body should be valid json"); + assert_eq!( + payload["error"]["message"], + "当前登录设备不支持充值,请在微信环境内登录后重试" + ); + } + + #[tokio::test] + async fn profile_recharge_order_rejects_mismatched_wechat_channel_before_spacetime() { + let state = seed_authenticated_state_with_config(AppConfig { + wechat_pay_enabled: true, + wechat_pay_provider: "mock".to_string(), + spacetime_procedure_timeout: Duration::from_secs(1), + ..AppConfig::default() + }) + .await; + let token = issue_wechat_h5_access_token(&state, "ios", "sess_runtime_profile_mobile_h5"); + let app = build_router(state); + + let response = app + .oneshot( + Request::builder() + .method("POST") + .uri("/api/profile/recharge/orders") + .header("authorization", format!("Bearer {token}")) + .header("content-type", "application/json") + .body(Body::from( + r#"{"productId":"points_60","paymentChannel":"wechat_native"}"#, + )) + .expect("request should build"), + ) + .await + .expect("request should succeed"); + + assert_eq!(response.status(), StatusCode::FORBIDDEN); + let body = response + .into_body() + .collect() + .await + .expect("body should collect") + .to_bytes(); + let payload: Value = + serde_json::from_slice(&body).expect("response body should be valid json"); + assert_eq!( + payload["error"]["message"], + "当前登录设备不支持充值,请在微信环境内登录后重试" + ); + } + + #[tokio::test] + async fn profile_recharge_order_allows_desktop_wechat_native_channel_before_provider_check() { + let state = seed_authenticated_state_with_config(AppConfig { + wechat_pay_enabled: true, + wechat_pay_provider: "mock".to_string(), + spacetime_procedure_timeout: Duration::from_secs(1), + ..AppConfig::default() + }) + .await; + let token = + issue_wechat_h5_access_token(&state, "windows", "sess_runtime_profile_desktop_wechat"); + let app = build_router(state); + + let response = app + .oneshot( + Request::builder() + .method("POST") + .uri("/api/profile/recharge/orders") + .header("authorization", format!("Bearer {token}")) + .header("content-type", "application/json") + .body(Body::from( + r#"{"productId":"points_60","paymentChannel":"wechat_native"}"#, + )) + .expect("request should build"), + ) + .await + .expect("request should succeed"); + + assert_eq!(response.status(), StatusCode::SERVICE_UNAVAILABLE); + let body = response + .into_body() + .collect() + .await + .expect("body should collect") + .to_bytes(); + let payload: Value = + serde_json::from_slice(&body).expect("response body should be valid json"); + assert_eq!( + payload["error"]["message"], + "真实微信支付渠道不能使用 mock 支付配置" + ); + } + + #[tokio::test] + async fn profile_recharge_order_rejects_real_wechat_channel_when_pay_provider_is_mock() { + let state = seed_authenticated_state_with_config(AppConfig { + wechat_pay_enabled: true, + wechat_pay_provider: "mock".to_string(), + spacetime_procedure_timeout: Duration::from_secs(1), + ..AppConfig::default() + }) + .await; + let token = issue_wechat_h5_access_token(&state, "ios", "sess_runtime_profile_wechat_h5"); + let app = build_router(state); + let response = app .oneshot( Request::builder() @@ -2043,4 +2200,34 @@ mod tests { sign_access_token(&claims, state.auth_jwt_config()).expect("token should sign") } + + fn issue_wechat_h5_access_token( + state: &AppState, + client_platform: &str, + session_id: &str, + ) -> String { + let claims = AccessTokenClaims::from_input_with_device( + AccessTokenClaimsInput { + user_id: "user_00000001".to_string(), + session_id: state + .seed_test_refresh_session_for_user_id("user_00000001", session_id), + provider: AuthProvider::Wechat, + roles: vec!["user".to_string()], + token_version: 2, + phone_verified: true, + binding_status: BindingStatus::Active, + display_name: Some("微信资料页用户".to_string()), + }, + Some(platform_auth::AccessTokenDeviceInfo { + client_type: "wechat_h5".to_string(), + client_runtime: "wechat_embedded_browser".to_string(), + client_platform: client_platform.to_string(), + }), + state.auth_jwt_config(), + OffsetDateTime::now_utc(), + ) + .expect("claims should build"); + + sign_access_token(&claims, state.auth_jwt_config()).expect("token should sign") + } } diff --git a/server-rs/crates/platform-auth/README.md b/server-rs/crates/platform-auth/README.md index eff1d349..5853fb63 100644 --- a/server-rs/crates/platform-auth/README.md +++ b/server-rs/crates/platform-auth/README.md @@ -17,7 +17,7 @@ 本阶段已经完成 JWT 基础能力首版落地: 1. 新增 `JwtConfig`,统一管理 `issuer`、`secret` 与 access token TTL。 -2. 新增 `AccessTokenClaimsInput` 与 `AccessTokenClaims`,把文档中冻结的 `iss/sub/sid/provider/roles/ver/phone_verified/binding_status/display_name` 映射到 Rust 结构。 +2. 新增 `AccessTokenClaimsInput` 与 `AccessTokenClaims`,把文档中冻结的 `iss/sub/sid/provider/roles/ver/phone_verified/binding_status/display_name/device` 映射到 Rust 结构。 3. 新增 `sign_access_token(...)`,按 `HS256` 签发 access token。 4. 新增 `verify_access_token(...)`,统一校验 `iss/sub/exp/iat` 与 JWT 签名。 5. 新增 `RefreshCookieConfig`、`RefreshCookieSameSite` 与 `read_refresh_session_token(...)`,统一 refresh cookie 读取口径。 @@ -36,13 +36,14 @@ 1. `JwtConfig::new(...)` 2. `AccessTokenClaims::from_input(...)` -3. `sign_access_token(...)` -4. `verify_access_token(...)` -5. `RefreshCookieConfig::new(...)` -6. `read_refresh_session_token(...)` -7. `AuthProvider` -8. `BindingStatus` -9. `RefreshCookieSameSite` +3. `AccessTokenClaims::from_input_with_device(...)` +4. `sign_access_token(...)` +5. `verify_access_token(...)` +6. `RefreshCookieConfig::new(...)` +7. `read_refresh_session_token(...)` +8. `AuthProvider` +9. `BindingStatus` +10. `RefreshCookieSameSite` ## 4. 配置口径 @@ -67,7 +68,7 @@ 1. `platform-auth` 只承接平台适配,不承接 `module-auth` 的业务规则和状态真相。 2. `sub` 必须是稳定 `user_id`,`sid` 必须是会话 ID,不能退化为一次 token 的随机 ID。 -3. 不允许把手机号、openid、refresh token hash、风控状态等敏感或高频变化字段塞进 JWT。 +3. 不允许把手机号、openid、refresh token hash、风控状态、完整设备对象、IP、UA 等敏感或高频变化字段塞进 JWT;`device` 只允许保存支付拦截需要的最小设备快照。 4. 鉴权状态最终由 `module-auth` 与 `crates/spacetime-module` 管理,前端接口由 `crates/api-server` 暴露。 5. 不允许把短信、微信、Cookie、JWT 等外部细节重新散落到多个业务模块中各自实现。 diff --git a/server-rs/crates/platform-auth/src/lib.rs b/server-rs/crates/platform-auth/src/lib.rs index ffa21519..c0efd58a 100644 --- a/server-rs/crates/platform-auth/src/lib.rs +++ b/server-rs/crates/platform-auth/src/lib.rs @@ -66,6 +66,15 @@ pub enum BindingStatus { PendingBindPhone, } +// JWT 里只保留一份规范化后的设备快照,用于后端按登录设备拦截充值路径。 +#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)] +#[serde(rename_all = "snake_case")] +pub struct AccessTokenDeviceInfo { + pub client_type: String, + pub client_runtime: String, + pub client_platform: String, +} + // 用于签发 access token 的领域输入,和最终 JWT claims 解耦,避免业务层手动拼 iat/exp/iss。 #[derive(Clone, Debug, PartialEq, Eq)] pub struct AccessTokenClaimsInput { @@ -92,6 +101,8 @@ pub struct AccessTokenClaims { pub binding_status: BindingStatus, #[serde(skip_serializing_if = "Option::is_none")] pub display_name: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub device: Option, pub iat: u64, pub exp: u64, } @@ -1481,11 +1492,21 @@ impl AccessTokenClaims { input: AccessTokenClaimsInput, config: &JwtConfig, issued_at: OffsetDateTime, + ) -> Result { + Self::from_input_with_device(input, None, config, issued_at) + } + + pub fn from_input_with_device( + input: AccessTokenClaimsInput, + device: Option, + config: &JwtConfig, + issued_at: OffsetDateTime, ) -> Result { let user_id = normalize_required_field(input.user_id, "JWT sub 不能为空")?; let session_id = normalize_required_field(input.session_id, "JWT sid 不能为空")?; let roles = normalize_roles(input.roles)?; let display_name = normalize_optional_field(input.display_name); + let device = device.map(|device| device.normalize()).transpose()?; let issued_at_unix = issued_at.unix_timestamp(); if issued_at_unix < 0 { @@ -1515,6 +1536,7 @@ impl AccessTokenClaims { phone_verified: input.phone_verified, binding_status: input.binding_status, display_name, + device, iat: issued_at_unix as u64, exp: expires_at_unix as u64, }; @@ -1535,6 +1557,46 @@ impl AccessTokenClaims { self.ver } + pub fn client_type(&self) -> Option<&str> { + self.device + .as_ref() + .map(|device| device.client_type.as_str()) + } + + pub fn client_platform(&self) -> Option<&str> { + self.device + .as_ref() + .map(|device| device.client_platform.as_str()) + } + + pub fn is_wechat_mini_program_device(&self) -> bool { + matches!(self.client_type(), Some("mini_program")) + } + + pub fn is_wechat_h5_device(&self) -> bool { + matches!(self.client_type(), Some("wechat_h5")) + } + + pub fn is_wechat_payment_device(&self) -> bool { + self.is_wechat_mini_program_device() || self.is_wechat_h5_device() + } + + pub fn is_mobile_device(&self) -> bool { + matches!(self.client_platform(), Some("ios" | "android")) + } + + pub fn is_desktop_device(&self) -> bool { + matches!(self.client_platform(), Some("windows" | "macos" | "linux")) + } + + pub fn is_mobile_wechat_browser_device(&self) -> bool { + self.is_wechat_h5_device() && self.is_mobile_device() + } + + pub fn is_desktop_wechat_browser_device(&self) -> bool { + self.is_wechat_h5_device() && self.is_desktop_device() + } + pub fn validate_for_config(&self, config: &JwtConfig) -> Result<(), JwtError> { if self.iss.trim() != config.issuer() { return Err(JwtError::InvalidClaims("JWT iss 与当前配置不一致")); @@ -1543,6 +1605,9 @@ impl AccessTokenClaims { normalize_required_field(self.sub.clone(), "JWT sub 不能为空")?; normalize_required_field(self.sid.clone(), "JWT sid 不能为空")?; normalize_roles(self.roles.clone())?; + if let Some(device) = &self.device { + device.validate()?; + } if self.exp <= self.iat { return Err(JwtError::InvalidClaims("JWT exp 必须晚于 iat")); @@ -1552,6 +1617,38 @@ impl AccessTokenClaims { } } +impl AccessTokenDeviceInfo { + pub fn normalize(self) -> Result { + Ok(Self { + client_type: normalize_required_field( + self.client_type, + "JWT device.client_type 不能为空", + )?, + client_runtime: normalize_required_field( + self.client_runtime, + "JWT device.client_runtime 不能为空", + )?, + client_platform: normalize_required_field( + self.client_platform, + "JWT device.client_platform 不能为空", + )?, + }) + } + + pub fn validate(&self) -> Result<(), JwtError> { + normalize_required_field(self.client_type.clone(), "JWT device.client_type 不能为空")?; + normalize_required_field( + self.client_runtime.clone(), + "JWT device.client_runtime 不能为空", + )?; + normalize_required_field( + self.client_platform.clone(), + "JWT device.client_platform 不能为空", + )?; + Ok(()) + } +} + pub fn sign_access_token( claims: &AccessTokenClaims, config: &JwtConfig, @@ -2129,10 +2226,7 @@ mod tests { let phone_info = payload.phone_info.expect("phone info should exist"); assert_eq!(phone_info.phone_number.as_deref(), Some("+8613800138000")); - assert_eq!( - phone_info.pure_phone_number.as_deref(), - Some("13800138000") - ); + assert_eq!(phone_info.pure_phone_number.as_deref(), Some("13800138000")); assert_eq!(phone_info.country_code.as_deref(), Some("86")); } diff --git a/src/components/rpg-entry/RpgEntryHomeView.recharge.test.tsx b/src/components/rpg-entry/RpgEntryHomeView.recharge.test.tsx index a361e871..875055f2 100644 --- a/src/components/rpg-entry/RpgEntryHomeView.recharge.test.tsx +++ b/src/components/rpg-entry/RpgEntryHomeView.recharge.test.tsx @@ -401,6 +401,8 @@ vi.mock('../ResolvedAssetImage', () => ({ })); const originalMatchMedia = window.matchMedia; +const originalUserAgent = navigator.userAgent; +const originalMaxTouchPoints = navigator.maxTouchPoints; const originalRequestAnimationFrame = window.requestAnimationFrame; const originalCancelAnimationFrame = window.cancelAnimationFrame; @@ -629,6 +631,37 @@ function mockDesktopLayout() { }); } +function mockWechatDesktopLayout() { + mockDesktopLayout(); + Object.defineProperty(navigator, 'userAgent', { + configurable: true, + value: + 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 MicroMessenger/8.0', + }); +} + +function mockWechatMobileLayout() { + Object.defineProperty(navigator, 'userAgent', { + configurable: true, + value: + 'Mozilla/5.0 (iPhone; CPU iPhone OS 17_0 like Mac OS X) AppleWebKit MicroMessenger/8.0 Mobile', + }); + Object.defineProperty(window, 'matchMedia', { + configurable: true, + writable: true, + value: vi.fn().mockImplementation(() => ({ + matches: true, + media: '(max-width: 767px)', + onchange: null, + addEventListener: vi.fn(), + removeEventListener: vi.fn(), + addListener: vi.fn(), + removeListener: vi.fn(), + dispatchEvent: vi.fn(), + })), + }); +} + function renderProfileView( onRechargeSuccess = vi.fn(), profileDashboardOverrides: Partial< @@ -1013,6 +1046,14 @@ afterEach(() => { writable: true, value: originalMatchMedia, }); + Object.defineProperty(navigator, 'userAgent', { + configurable: true, + value: originalUserAgent, + }); + Object.defineProperty(navigator, 'maxTouchPoints', { + configurable: true, + value: originalMaxTouchPoints, + }); Object.defineProperty(window, 'requestAnimationFrame', { configurable: true, writable: true, @@ -1046,7 +1087,7 @@ test('opens wallet ledger modal from narrative coin card', async () => { test('profile recharge modal shows native qr code on desktop web by default', async () => { const user = userEvent.setup(); - mockDesktopLayout(); + mockWechatDesktopLayout(); mockCreateRpgProfileRechargeOrder.mockResolvedValueOnce({ order: { orderId: 'order-native-1', @@ -1111,24 +1152,7 @@ test('profile recharge modal shows native qr code on desktop web by default', as test('profile recharge modal jumps to h5 payment on mobile web by default', async () => { const user = userEvent.setup(); - Object.defineProperty(navigator, 'userAgent', { - configurable: true, - value: 'Mozilla/5.0 (iPhone; CPU iPhone OS 17_0 like Mac OS X) Mobile', - }); - Object.defineProperty(window, 'matchMedia', { - configurable: true, - writable: true, - value: vi.fn().mockImplementation(() => ({ - matches: true, - media: '(max-width: 767px)', - onchange: null, - addEventListener: vi.fn(), - removeEventListener: vi.fn(), - addListener: vi.fn(), - removeListener: vi.fn(), - dispatchEvent: vi.fn(), - })), - }); + mockWechatMobileLayout(); mockCreateRpgProfileRechargeOrder.mockResolvedValueOnce({ order: { orderId: 'order-h5-1', @@ -1603,7 +1627,7 @@ test('profile recharge modal releases submitting state after cancelled wechat pa test('profile native qr confirmation refreshes only after server reports paid', async () => { const user = userEvent.setup(); const onRechargeSuccess = vi.fn(); - mockDesktopLayout(); + mockWechatDesktopLayout(); mockCreateRpgProfileRechargeOrder.mockResolvedValueOnce({ order: { orderId: 'order-native-paid', @@ -1687,6 +1711,23 @@ test('profile native qr confirmation refreshes only after server reports paid', expect(onRechargeSuccess).toHaveBeenCalledTimes(1); }); +test('non-wechat profile shows reward code instead of recharge entry', async () => { + const user = userEvent.setup(); + + renderProfileView(); + + const shortcutRegion = screen.getByRole('region', { name: '常用功能' }); + expect( + within(shortcutRegion).queryByRole('button', { name: /充值/u }), + ).toBeNull(); + expect( + within(shortcutRegion).getByRole('button', { name: /兑换码/u }), + ).toBeTruthy(); + await user.click(within(shortcutRegion).getByRole('button', { name: /兑换码/u })); + expect(await screen.findByPlaceholderText('输入兑换码')).toBeTruthy(); + expect(mockGetRpgProfileRechargeCenter).not.toHaveBeenCalled(); +}); + test('profile daily task shortcut opens task center and claims reward', async () => { const user = userEvent.setup(); const onRechargeSuccess = vi.fn(); @@ -1925,7 +1966,10 @@ test('opens reward code modal from profile action on mobile', async () => { const user = userEvent.setup(); renderProfileView(); - await user.click(screen.getByRole('button', { name: /兑换码/u })); + const shortcutRegion = screen.getByRole('region', { name: '常用功能' }); + await user.click( + within(shortcutRegion).getByRole('button', { name: /兑换码/u }), + ); const modal = await screen.findByPlaceholderText('输入兑换码'); expect(modal).toBeTruthy(); diff --git a/src/components/rpg-entry/RpgEntryHomeView.tsx b/src/components/rpg-entry/RpgEntryHomeView.tsx index 7ae68662..5247051e 100644 --- a/src/components/rpg-entry/RpgEntryHomeView.tsx +++ b/src/components/rpg-entry/RpgEntryHomeView.tsx @@ -77,6 +77,7 @@ import { import { copyTextToClipboard } from '../../services/clipboard'; import { resolveProfileRechargePaymentChannel, + shouldShowRechargeEntry, WECHAT_H5_PAYMENT_CHANNEL, WECHAT_MINI_PROGRAM_PAYMENT_CHANNEL, WECHAT_NATIVE_PAYMENT_CHANNEL, @@ -3468,6 +3469,7 @@ export function RpgEntryHomeView({ hasUnreadDraftUpdate = false, }: RpgEntryHomeViewProps) { const authUi = useAuthUi(); + const showRechargeEntry = shouldShowRechargeEntry(); const [desktopSearchKeyword, setDesktopSearchKeyword] = useState(''); const [mobileSearchKeyword, setMobileSearchKeyword] = useState(''); const [activeWorkSearchKeyword, setActiveWorkSearchKeyword] = useState(''); @@ -4096,6 +4098,14 @@ export function RpgEntryHomeView({ setIsRechargeOpen(true); loadRechargeCenter(); }; + const openRechargeOrRewardCodeModal = () => { + if (showRechargeEntry) { + openRechargeModal(); + return; + } + + openRewardCodeModal(); + }; const buyRechargeProduct = (product: ProfileRechargeProduct) => { if (submittingRechargeProductId) { return; @@ -5463,13 +5473,21 @@ export function RpgEntryHomeView({ @@ -5558,17 +5576,19 @@ export function RpgEntryHomeView({ onClick={openTaskCenterPanel} /> - + {showRechargeEntry ? ( + + ) : null} { ).toBe(WECHAT_NATIVE_PAYMENT_CHANNEL); }); + test('桌面微信内网页选择 wechat_native', () => { + expect( + resolveProfileRechargePaymentChannel({ + location: { search: '' }, + navigator: { + userAgent: + 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit MicroMessenger/8.0', + }, + matchMedia: () => ({ matches: false }) as unknown as MediaQueryList, + }), + ).toBe(WECHAT_NATIVE_PAYMENT_CHANNEL); + }); + test('默认路径永远不会解析成 mock', () => { expect( resolveProfileRechargePaymentChannel({ @@ -61,3 +75,44 @@ describe('resolveProfileRechargePaymentChannel', () => { ).not.toBe('mock'); }); }); + +describe('shouldShowRechargeEntry', () => { + test('小程序运行态显示充值入口', () => { + expect( + shouldShowRechargeEntry({ + location: { search: '?clientRuntime=wechat_mini_program' }, + navigator: { userAgent: 'Mozilla/5.0 (iPhone)' }, + }), + ).toBe(true); + }); + + test('微信内网页显示充值入口', () => { + expect( + shouldShowRechargeEntry({ + location: { search: '' }, + navigator: { + userAgent: + 'Mozilla/5.0 (Linux; Android 14) AppleWebKit MicroMessenger/8.0 Mobile', + }, + }), + ).toBe(true); + }); + + test('普通浏览器不显示充值入口', () => { + expect( + shouldShowRechargeEntry({ + location: { search: '' }, + navigator: { + userAgent: + 'Mozilla/5.0 (iPhone; CPU iPhone OS 17_0 like Mac OS X) Mobile', + }, + }), + ).toBe(false); + expect( + shouldShowRechargeEntry({ + location: { search: '' }, + navigator: { userAgent: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)' }, + }), + ).toBe(false); + }); +}); diff --git a/src/services/payment/paymentPlatform.ts b/src/services/payment/paymentPlatform.ts index 3c4e21f3..93b26b8a 100644 --- a/src/services/payment/paymentPlatform.ts +++ b/src/services/payment/paymentPlatform.ts @@ -16,6 +16,20 @@ export type PaymentPlatformContext = { matchMedia?: Window['matchMedia'] | null; }; +export function shouldShowRechargeEntry( + context: PaymentPlatformContext = {}, +) { + const location = + context.location ?? (typeof window !== 'undefined' ? window.location : null); + const navigatorLike = + context.navigator ?? (typeof navigator !== 'undefined' ? navigator : null); + + return ( + isWechatMiniProgramRuntime(location) || + isWechatBrowserRuntime(navigatorLike) + ); +} + export function resolveProfileRechargePaymentChannel( context: PaymentPlatformContext = {}, ): ProfileRechargeWechatPaymentChannel { @@ -55,16 +69,21 @@ function isWechatMiniProgramRuntime( ); } +function isWechatBrowserRuntime( + navigatorLike: Partial | null | undefined, +) { + return ( + navigatorLike?.userAgent?.toLowerCase().includes('micromessenger') ?? + false + ); +} + function isMobileWebRuntime( navigatorLike: Partial | null | undefined, matchMedia: Window['matchMedia'] | null | undefined, ) { const userAgent = navigatorLike?.userAgent?.toLowerCase() ?? ''; - if ( - /android|iphone|ipad|ipod|mobile|micromessenger|windows phone/u.test( - userAgent, - ) - ) { + if (/android|iphone|ipad|ipod|mobile|windows phone/u.test(userAgent)) { return true; }