Pchen0
/
ic-ctbu-backend


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153
							const API = require("../../lib/API.js")
const db = require("../../plugin/DataBase/db.js")
const Redis = require('../../plugin/DataBase/Redis')
const { BaseStdResponse } = require("../../BaseStdResponse.js")
const AccessControl = require("../../lib/AccessControl.js")
const crypto = require('crypto')
const axios = require('axios')
const config = require('../../config.json')

function generateOrderId() {
    const now = new Date()
    const pad = (n, w = 2) => n.toString().padStart(w, '0')
    return `${now.getFullYear()}${pad(now.getMonth() + 1)}${pad(now.getDate())}` +
        `${pad(now.getHours())}${pad(now.getMinutes())}${pad(now.getSeconds())}` +
        `${pad(now.getMilliseconds(), 3)}`
}

function generatePaymentSign(params, key) {
    const sorted = Object.keys(params).sort()
    const query = sorted.map(k => `${k}=${params[k]}`).join('&') + key
    
    return crypto.createHash('md5').update(query, 'utf8').digest('hex')
}

// async function getPayStatus(order_no) {
//     const endpoint = config.pay.url + '/api/findorder'
//     try {
//         const res = await axios.post(endpoint, {order_no, type: 1})

//     } catch (error) {
        
//     }
// }

class CreateOrder extends API {
    constructor() {
        super()
        this.setPath('/Order/CreateOrder')
        this.setMethod('POST')
    }

    async onRequest(req, res) {
        const { uuid, session, goods_id, pay_type } = req.body

        if ([uuid, session, goods_id, pay_type].some(v => v === '' || v === null || v === undefined)) {
            return res.json({
                ...BaseStdResponse.MISSING_PARAMETER,
                endpoint: 1513126
            })
        }

        const sessionValid = await AccessControl.checkSession(uuid, session)
        if (!sessionValid) {
            return res.status(401).json({
                ...BaseStdResponse.ACCESS_DENIED
            })
        }

        try {
            const goodsSql = 'SELECT name, price, num, state FROM goods WHERE id = ?'
            const goodsRows = await db.query(goodsSql, [goods_id])

            if (!goodsRows || goodsRows.length !== 1) {
                return res.json({
                    ...BaseStdResponse.ERR,
                    msg: '商品不存在',
                    endpoint: 1513126
                })
            }

            const goods = goodsRows[0]
            if (goods.num < 1 || goods.state !== 1) {
                return res.json({
                    ...BaseStdResponse.ERR,
                    msg: '商品已下架或库存不足',
                    endpoint: 1513126
                })
            }

            const createTime = Date.now()
            const orderId = generateOrderId()

            const insertSql = `
                INSERT INTO orders (orderId, create_user, create_time, goods_id, price, pay_type)
                VALUES (?, ?, ?, ?, ?, ?)
            `
            const result = await db.query(insertSql, [
                orderId, uuid, createTime, goods_id, goods.price, pay_type
            ])

            const updateSql = 'UPDATE goods SET num = num - 1 WHERE id = ?'
            await db.query(updateSql, [goods_id])

            if (result && result.affectedRows > 0) {
                const paymentConfig = config.pay || {}

                if (!paymentConfig.pid || !paymentConfig.url || !paymentConfig.key || !paymentConfig.return_url) {
                    return res.json({
                        ...BaseStdResponse.ERR,
                        msg: '支付配置错误，请联系管理员'
                    })
                }

                let notify_url = config.url + '/Order/CallBack'
                const payParams = {
                    pid: paymentConfig.pid,
                    type: pay_type,
                    out_trade_no: orderId,
                    notify_url,
                    return_url: paymentConfig.return_url + orderId,
                    name: goods.name,
                    money: goods.price
                }

                const sign = generatePaymentSign(payParams, paymentConfig.key)
                payParams.sign = sign
                payParams.sign_type = 'MD5'

                await Redis.set(`payData:${orderId}`, JSON.stringify(payParams), {
                    EX: 300
                })

                let payUrl = paymentConfig.url + '/submit.php'

                return res.json({
                    ...BaseStdResponse.OK,
                    id: orderId,
                    pay: {
                        payUrl,
                        payData: payParams
                    }
                })

                // 定时器轮询订单状态

            } else {
                return res.json({
                    ...BaseStdResponse.ERR,
                    msg: '创建订单失败',
                    endpoint: 7894378
                })
            }
        } catch (err) {
            this.logger.error(`创建订单失败！${err.stack}`)
            return res.json({
                ...BaseStdResponse.ERR,
                msg: "创建订单异常，请联系管理员"
            })
        }
    }
}

module.exports.CreateOrder = CreateOrder