@cogito.ai/cli 0.4.2 → 0.4.4

package/dist/templates/web-nextjs/apps/web/src/app/api/payments/alipay/query/route.ts

@@ -0,0 +1,54 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { queryAlipayOrder } from '@/features/subscription/alipay/server'
+import { getPaymentByOrderNo } from '@/features/subscription/payment-service'
+import { getServerClient } from '@/infra/db/client'
+
+function normalizeAlipayStatus(tradeStatus: string): string {
+  switch (tradeStatus) {
+    case 'TRADE_SUCCESS':
+    case 'TRADE_FINISHED':
+      return 'paid'
+    case 'TRADE_CLOSED':
+      return 'failed'
+    case 'WAIT_BUYER_PAY':
+    default:
+      return 'pending'
+  }
+}
+
+export async function POST(req: NextRequest) {
+  try {
+    const supabase = await getServerClient()
+    const {
+      data: { user },
+    } = await supabase.auth.getUser()
+
+    if (!user) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const { outTradeNo } = (await req.json()) as { outTradeNo: string }
+
+    // Verify order ownership
+    const payment = await getPaymentByOrderNo(outTradeNo)
+    if (!payment) {
+      return NextResponse.json({ error: 'Payment not found' }, { status: 404 })
+    }
+
+    if (payment.user_id !== user.id) {
+      return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
+    }
+
+    const result = await queryAlipayOrder(outTradeNo)
+    const normalizedStatus = normalizeAlipayStatus(result.tradeStatus)
+
+    return NextResponse.json({
+      status: normalizedStatus,
+      tradeStatus: result.tradeStatus,
+      code: result.code,
+    })
+  } catch (error) {
+    console.error('Alipay query error:', error)
+    return NextResponse.json({ error: 'Failed to query Alipay order' }, { status: 500 })
+  }
+}

package/dist/templates/web-nextjs/apps/web/src/app/api/payments/alipay/return/route.ts

@@ -0,0 +1,20 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { getPaymentByOrderNo } from '@/features/subscription/payment-service'
+
+export async function GET(req: NextRequest) {
+  const url = new URL(req.url)
+  const outTradeNo = url.searchParams.get('out_trade_no')
+
+  if (!outTradeNo) {
+    return NextResponse.redirect(new URL('/pricing', req.url))
+  }
+
+  // Lookup payment by order_no to get the numeric ID for the status page
+  const payment = await getPaymentByOrderNo(outTradeNo)
+  if (!payment) {
+    return NextResponse.redirect(new URL('/pricing', req.url))
+  }
+
+  // Redirect to payment status page using the numeric payment ID
+  return NextResponse.redirect(new URL(`/payment/${payment.id}`, req.url))
+}

package/dist/templates/web-nextjs/apps/web/src/app/api/payments/create/route.ts

@@ -0,0 +1,52 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { createPaymentRecord, getPaymentByOrderNo } from '@/features/subscription/payment-service'
+import { getServerClient } from '@/infra/db/client'
+import { generateOrderNumber } from '@/features/subscription/payment-helpers'
+
+export async function POST(req: NextRequest) {
+  try {
+    const supabase = await getServerClient()
+    const {
+      data: { user },
+    } = await supabase.auth.getUser()
+
+    if (!user) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const body = (await req.json()) as {
+      planId: number
+      amount: number
+      paymentMethod: string
+      billingCycle: string
+    }
+
+    if (!body.planId || !body.amount || !body.paymentMethod || !body.billingCycle) {
+      return NextResponse.json({ error: 'Missing required fields' }, { status: 400 })
+    }
+
+    const orderNo = generateOrderNumber()
+
+    const payment = await createPaymentRecord({
+      user_id: user.id,
+      order_no: orderNo,
+      amount: body.amount,
+      currency: 'CNY',
+      payment_method: body.paymentMethod as 'alipay' | 'wechat',
+      metadata: {
+        plan_id: body.planId,
+        billing_cycle: body.billingCycle,
+      },
+    })
+
+    return NextResponse.json({
+      id: payment.id,
+      orderNo: payment.order_no,
+      amount: payment.amount,
+      status: payment.status,
+    })
+  } catch (error) {
+    console.error('Payment creation error:', error)
+    return NextResponse.json({ error: 'Failed to create payment' }, { status: 500 })
+  }
+}

package/dist/templates/web-nextjs/apps/web/src/app/api/payments/wechat/create/route.ts

@@ -0,0 +1,58 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { createWechatNativePay, createWechatH5Pay } from '@/features/subscription/wechat/server'
+import { getPaymentById } from '@/features/subscription/payment-service'
+
+export async function POST(req: NextRequest) {
+  try {
+    const { paymentId } = (await req.json()) as { paymentId: number }
+
+    const payment = await getPaymentById(paymentId)
+    if (!payment) {
+      return NextResponse.json({ error: 'Payment not found' }, { status: 404 })
+    }
+
+    const userAgent = req.headers.get('user-agent') || ''
+    const isMobile = /Mobile|Android|iPhone/i.test(userAgent)
+
+    // In development, always use native (qrcode) even on mobile (D3)
+    const forceNative = process.env.NODE_ENV === 'development' && isMobile
+
+    const notifyUrl = `${process.env.NEXT_PUBLIC_APP_URL}/api/payments/wechat/notify`
+
+    if (!isMobile || forceNative) {
+      // Native (PC) - return QR code URL
+      const result = await createWechatNativePay({
+        description: 'Subscription',
+        outTradeNo: payment.order_no,
+        notifyUrl,
+        amount: { total: payment.amount, currency: 'CNY' },
+      })
+
+      if (forceNative) {
+        return NextResponse.json({
+          type: 'qrcode',
+          codeUrl: result.code_url,
+          warning: 'H5 disabled in dev',
+        })
+      }
+
+      return NextResponse.json({ type: 'qrcode', codeUrl: result.code_url })
+    } else {
+      // H5 (mobile)
+      const result = await createWechatH5Pay({
+        description: 'Subscription',
+        outTradeNo: payment.order_no,
+        notifyUrl,
+        amount: { total: payment.amount, currency: 'CNY' },
+        sceneInfo: {
+          payer_client_ip: req.headers.get('x-forwarded-for')?.split(',')[0]?.trim() || '127.0.0.1',
+        },
+      })
+
+      return NextResponse.json({ type: 'redirect', h5Url: result.h5_url })
+    }
+  } catch (error) {
+    console.error('WeChat create error:', error)
+    return NextResponse.json({ error: 'Failed to create WeChat payment' }, { status: 500 })
+  }
+}

package/dist/templates/web-nextjs/apps/web/src/app/api/payments/wechat/notify/route.ts

@@ -0,0 +1,92 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { verifyAndDecryptNotify } from '@/features/subscription/wechat/server'
+import { createAdminClient } from '@/lib/supabase/admin'
+import { getPaymentByOrderNo } from '@/features/subscription/payment-service'
+
+export async function POST(req: NextRequest) {
+  try {
+    const rawBody = await req.text()
+    const headers: Record<string, string | undefined> = {
+      'wechatpay-timestamp': req.headers.get('wechatpay-timestamp') || undefined,
+      'wechatpay-nonce': req.headers.get('wechatpay-nonce') || undefined,
+      'wechatpay-signature': req.headers.get('wechatpay-signature') || undefined,
+      'wechatpay-serial': req.headers.get('wechatpay-serial') || undefined,
+    }
+
+    const result = await verifyAndDecryptNotify(headers, rawBody)
+
+    if (result.tradeState !== 'SUCCESS') {
+      return NextResponse.json({ code: 'SUCCESS', message: '成功' })
+    }
+
+    const payment = await getPaymentByOrderNo(result.outTradeNo)
+    if (!payment) {
+      console.warn(`WeChat notify: payment not found for order ${result.outTradeNo}`)
+      return NextResponse.json({ code: 'SUCCESS', message: '成功' })
+    }
+
+    // Validate mch_id matches our configured merchant
+    if (result.mchId !== process.env.WECHAT_PAY_MCH_ID) {
+      console.warn(`WeChat notify: mch_id mismatch. received=${result.mchId}`)
+      return NextResponse.json({ code: 'FAIL', message: 'mch_id mismatch' }, { status: 400 })
+    }
+
+    // Validate appid matches our configured app
+    if (result.appId !== process.env.WECHAT_PAY_APP_ID) {
+      console.warn(`WeChat notify: appid mismatch. received=${result.appId}`)
+      return NextResponse.json({ code: 'FAIL', message: 'appid mismatch' }, { status: 400 })
+    }
+
+    // Validate amount matches the local order
+    if (result.amount !== payment.amount) {
+      console.warn(
+        `WeChat notify: amount mismatch. order=${result.outTradeNo}, expected=${payment.amount}, received=${result.amount}`,
+      )
+      return NextResponse.json({ code: 'FAIL', message: 'amount mismatch' }, { status: 400 })
+    }
+
+    // Idempotency
+    if (payment.status === 'paid') {
+      return NextResponse.json({ code: 'SUCCESS', message: '成功' })
+    }
+
+    const supabase = createAdminClient()
+
+    // Update payment with provider_trade_no and conditional update
+    const { error: updateError } = await supabase
+      .from('payments')
+      .update({
+        status: 'paid',
+        provider_trade_no: result.transactionId,
+        paid_at: new Date().toISOString(),
+      })
+      .eq('order_no', result.outTradeNo)
+      .eq('status', 'pending')
+
+    if (updateError) {
+      console.error('WeChat notify: failed to update payment', updateError)
+      return NextResponse.json({ code: 'FAIL', message: 'update failed' }, { status: 500 })
+    }
+
+    // Update subscription
+    if (payment.subscription_id) {
+      const now = new Date()
+      const nextMonth = new Date(now)
+      nextMonth.setMonth(nextMonth.getMonth() + 1)
+
+      await supabase
+        .from('user_subscriptions')
+        .update({
+          status: 'active',
+          current_period_start: now.toISOString(),
+          current_period_end: nextMonth.toISOString(),
+        })
+        .eq('id', payment.subscription_id)
+    }
+
+    return NextResponse.json({ code: 'SUCCESS', message: '成功' })
+  } catch (error) {
+    console.error('WeChat notify error:', error)
+    return NextResponse.json({ code: 'FAIL', message: (error as Error).message }, { status: 500 })
+  }
+}

package/dist/templates/web-nextjs/apps/web/src/app/api/payments/wechat/query/route.ts

@@ -0,0 +1,54 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { queryWechatOrder } from '@/features/subscription/wechat/server'
+import { getPaymentByOrderNo } from '@/features/subscription/payment-service'
+import { getServerClient } from '@/infra/db/client'
+
+function normalizeWechatStatus(tradeState: string): string {
+  switch (tradeState) {
+    case 'SUCCESS':
+      return 'paid'
+    case 'CLOSED':
+    case 'REVOKED':
+      return 'failed'
+    case 'NOTPAY':
+    case 'USERPAYING':
+    default:
+      return 'pending'
+  }
+}
+
+export async function POST(req: NextRequest) {
+  try {
+    const supabase = await getServerClient()
+    const {
+      data: { user },
+    } = await supabase.auth.getUser()
+
+    if (!user) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const { outTradeNo } = (await req.json()) as { outTradeNo: string }
+
+    // Verify order ownership
+    const payment = await getPaymentByOrderNo(outTradeNo)
+    if (!payment) {
+      return NextResponse.json({ error: 'Payment not found' }, { status: 404 })
+    }
+
+    if (payment.user_id !== user.id) {
+      return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
+    }
+
+    const result = await queryWechatOrder(outTradeNo)
+    const normalizedStatus = normalizeWechatStatus(result.trade_state)
+
+    return NextResponse.json({
+      status: normalizedStatus,
+      tradeState: result.trade_state,
+    })
+  } catch (error) {
+    console.error('WeChat query error:', error)
+    return NextResponse.json({ error: 'Failed to query WeChat order' }, { status: 500 })
+  }
+}

package/dist/templates/web-nextjs/apps/web/src/app/auth/callback/route.ts

@@ -10,9 +10,8 @@ export async function GET(request: NextRequest) {
   const nextParam = searchParams.get('next')
 
   // Whitelist check to prevent open redirect attacks
-  const safePath = nextParam && ALLOWED_NEXT.includes(nextParam)
-    ? nextParam
-    : `/${defaultLocale}/dashboard`
+  const safePath =
+    nextParam && ALLOWED_NEXT.includes(nextParam) ? nextParam : `/${defaultLocale}/dashboard`
 
   if (code) {
     const supabase = await getServerClient()

package/dist/templates/web-nextjs/apps/web/src/components/dashboard/app-sidebar.tsx

@@ -1,6 +1,6 @@
-"use client"
+'use client'
 
-import * as React from "react"
+import * as React from 'react'
 import {
   IconDashboard,
   IconHelp,
@@ -8,11 +8,11 @@ import {
   IconInnerShadowTop,
   IconSettings,
   IconShield,
-} from "@tabler/icons-react"
+} from '@tabler/icons-react'
 
-import { NavMain } from "@/components/dashboard/nav-main"
-import { NavSecondary } from "@/components/dashboard/nav-secondary"
-import { NavUser } from "@/components/dashboard/nav-user"
+import { NavMain } from '@/components/dashboard/nav-main'
+import { NavSecondary } from '@/components/dashboard/nav-secondary'
+import { NavUser } from '@/components/dashboard/nav-user'
 import {
   Sidebar,
   SidebarContent,
@@ -21,7 +21,7 @@ import {
   SidebarMenu,
   SidebarMenuButton,
   SidebarMenuItem,
-} from "@/components/ui/sidebar"
+} from '@/components/ui/sidebar'
 
 export function AppSidebar({
   user,
@@ -33,12 +33,12 @@ export function AppSidebar({
 }) {
   const navMain = [
     {
-      title: "Dashboard",
+      title: 'Dashboard',
       url: `/${locale}/dashboard`,
       icon: IconDashboard,
     },
     {
-      title: "Settings",
+      title: 'Settings',
       url: `/${locale}/settings/profile`,
       icon: IconSettings,
     },
@@ -46,17 +46,17 @@ export function AppSidebar({
 
   const navSecondary = [
     {
-      title: "Help",
+      title: 'Help',
       url: `/${locale}/help`,
       icon: IconHelp,
     },
     {
-      title: "Privacy Policy",
+      title: 'Privacy Policy',
       url: `/${locale}/privacy`,
       icon: IconShield,
     },
     {
-      title: "About",
+      title: 'About',
       url: `/${locale}/about`,
       icon: IconInfoCircle,
     },
@@ -67,10 +67,7 @@ export function AppSidebar({
       <SidebarHeader>
         <SidebarMenu>
           <SidebarMenuItem>
-            <SidebarMenuButton
-              asChild
-              className="data-[slot=sidebar-menu-button]:p-1.5!"
-            >
+            <SidebarMenuButton asChild className="data-[slot=sidebar-menu-button]:p-1.5!">
               <a href={`/${locale}/dashboard`}>
                 <IconInnerShadowTop className="size-5!" />
                 <span className="text-base font-semibold">AgentDock</span>