Pchen0
/
ic-ctbu-backend


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140
							const API = require("../../lib/API.js")
const db = require("../../plugin/DataBase/db.js")
const { BaseStdResponse } = require("../../BaseStdResponse.js")
const config = require('../../config.json')
const crypto = require("crypto")
const { insertLedgerRecord } = require('../../lib/Lepao/CountLedger')
const { releaseUsageForOrder } = require('../../lib/CouponService')

const PAYMENT_KEY = config.pay.key

async function writePurchaseLedger(orderId, userUuid, addCount, logger) {
    const delta = Number(addCount || 0)
    if (!orderId || !userUuid || delta === 0) return
    try {
        const userRows = await db.query('SELECT lepao_count FROM users WHERE uuid = ?', [userUuid])
        if (!userRows || userRows.length !== 1) return
        const afterCount = Number(userRows[0].lepao_count || 0)
        const beforeCount = afterCount - delta
        await insertLedgerRecord({
            userUuid,
            delta,
            balanceBefore: beforeCount,
            balanceAfter: afterCount,
            bizType: 'purchase',
            bizId: orderId,
            remark: `订单号：${orderId}`
        })
    } catch (error) {
        logger?.error?.(`写入购买次数流水失败 ${orderId}: ${error.stack || error}`)
    }
}

class CallBack extends API {
    constructor() {
        super()

        this.noEncrypt()
        this.setPath('/Order/CallBack')
        this.setMethod('GET')
    }

    async onRequest(req, res) {
        const {
            pid, trade_no, out_trade_no, type, name, money,
            trade_status, sign, sign_type
        } = req.query

        // 参数校验
        if ([pid, trade_no, out_trade_no, type, name, money, trade_status, sign, sign_type].some(v => v === undefined)) {
            return res.json({
                ...BaseStdResponse.MISSING_PARAMETER
            })
        }

        this.logger.info(`收到支付回调。订单号：${out_trade_no}`)

        // 签名校验
        const rawParams = {
            money, name, out_trade_no, pid, trade_no, trade_status, type
        }
        const sortedKeys = Object.keys(rawParams).sort()
        const preSignStr = sortedKeys.map(key => `${key}=${rawParams[key]}`).join('&') + PAYMENT_KEY
        const localSign = crypto.createHash('md5').update(preSignStr, 'utf8').digest('hex')

        if (localSign.toLowerCase() !== sign.toLowerCase()) {
            this.logger.error(`签名校验失败，订单号：${out_trade_no}`)
            return res.send('签名验证失败')
        }

        // 支付未成功，标记为失败
        if (trade_status !== 'TRADE_SUCCESS') {
            const sql = 'UPDATE orders SET state = 3, pay_id = ? WHERE orderId = ? AND state = 0'
            const updateRes = await db.query(sql, [trade_no, out_trade_no])
            if (updateRes?.affectedRows > 0) {
                await releaseUsageForOrder(out_trade_no)
            }
            this.logger.info(`支付未成功。订单号：${out_trade_no}`)
            return res.send('success')
        }

        try {
            // 更新订单状态为已支付（state=1）
            const time = new Date().getTime()
            let sql = 'UPDATE orders SET state = 1, pay_type = ?, pay_id = ?, pay_time = ? WHERE orderId = ? AND state = 0'
            const result = await db.query(sql, [type, trade_no, time, out_trade_no])

            if (result.affectedRows > 0) {
                // 查询订单与商品信息
                sql = `
                    SELECT 
                        g.lepao_count,
                        g.ic_count,
                        g.vip,
                        a.create_user
                    FROM 
                        orders a
                    LEFT JOIN 
                        goods g 
                    ON 
                        a.goods_id = g.id
                    WHERE 
                        a.orderId = ?
                `
                const rows = await db.query(sql, [out_trade_no])
                if (!rows || rows.length !== 1) {
                    this.logger.error(`订单商品信息异常，订单号：${out_trade_no}`)
                    await db.query('UPDATE orders SET state = 4 WHERE orderId = ?', [out_trade_no])
                    return res.send('fail')
                }

                const { lepao_count, ic_count, vip, create_user } = rows[0]

                // 更新用户剩余次数
                sql = 'UPDATE users SET lepao_count = lepao_count + ?, ic_count = ic_count + ?, vip = ? WHERE uuid = ?'
                const updateUser = await db.query(sql, [lepao_count, ic_count, vip, create_user])
                if (!updateUser || updateUser.affectedRows !== 1) {
                    this.logger.error(`更新用户失败，UUID: ${create_user}`)
                    await db.query('UPDATE orders SET state = 4 WHERE orderId = ?', [out_trade_no])
                    return res.send('fail')
                }

                sql = 'UPDATE orders SET state = 2 WHERE orderId = ?'
                await db.query(sql, [out_trade_no])
                await writePurchaseLedger(out_trade_no, create_user, lepao_count, this.logger)

                this.logger.info(`支付成功，订单处理完毕。订单号：${out_trade_no}`)

                return res.send('success')
            } else {
                this.logger.warn(`订单不存在或已处理，订单号：${out_trade_no}`)
                return res.send('订单不存在或已处理')
            }
        } catch (err) {
            this.logger.error(`支付回调处理异常：${err.stack}`)
            return res.send('服务器错误')
        }
    }
}

module.exports.CallBack = CallBack