@cogito.ai/cli 0.4.3 → 0.4.4

package/dist/templates/web-nextjs/apps/web/src/app/api/payments/alipay/return/route.ts

@@ -0,0 +1,20 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { getPaymentByOrderNo } from '@/features/subscription/payment-service'
+
+export async function GET(req: NextRequest) {
+  const url = new URL(req.url)
+  const outTradeNo = url.searchParams.get('out_trade_no')
+
+  if (!outTradeNo) {
+    return NextResponse.redirect(new URL('/pricing', req.url))
+  }
+
+  // Lookup payment by order_no to get the numeric ID for the status page
+  const payment = await getPaymentByOrderNo(outTradeNo)
+  if (!payment) {
+    return NextResponse.redirect(new URL('/pricing', req.url))
+  }
+
+  // Redirect to payment status page using the numeric payment ID
+  return NextResponse.redirect(new URL(`/payment/${payment.id}`, req.url))
+}

package/dist/templates/web-nextjs/apps/web/src/app/api/payments/create/route.ts

@@ -0,0 +1,52 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { createPaymentRecord, getPaymentByOrderNo } from '@/features/subscription/payment-service'
+import { getServerClient } from '@/infra/db/client'
+import { generateOrderNumber } from '@/features/subscription/payment-helpers'
+
+export async function POST(req: NextRequest) {
+  try {
+    const supabase = await getServerClient()
+    const {
+      data: { user },
+    } = await supabase.auth.getUser()
+
+    if (!user) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const body = (await req.json()) as {
+      planId: number
+      amount: number
+      paymentMethod: string
+      billingCycle: string
+    }
+
+    if (!body.planId || !body.amount || !body.paymentMethod || !body.billingCycle) {
+      return NextResponse.json({ error: 'Missing required fields' }, { status: 400 })
+    }
+
+    const orderNo = generateOrderNumber()
+
+    const payment = await createPaymentRecord({
+      user_id: user.id,
+      order_no: orderNo,
+      amount: body.amount,
+      currency: 'CNY',
+      payment_method: body.paymentMethod as 'alipay' | 'wechat',
+      metadata: {
+        plan_id: body.planId,
+        billing_cycle: body.billingCycle,
+      },
+    })
+
+    return NextResponse.json({
+      id: payment.id,
+      orderNo: payment.order_no,
+      amount: payment.amount,
+      status: payment.status,
+    })
+  } catch (error) {
+    console.error('Payment creation error:', error)
+    return NextResponse.json({ error: 'Failed to create payment' }, { status: 500 })
+  }
+}

package/dist/templates/web-nextjs/apps/web/src/app/api/payments/wechat/create/route.ts

@@ -0,0 +1,58 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { createWechatNativePay, createWechatH5Pay } from '@/features/subscription/wechat/server'
+import { getPaymentById } from '@/features/subscription/payment-service'
+
+export async function POST(req: NextRequest) {
+  try {
+    const { paymentId } = (await req.json()) as { paymentId: number }
+
+    const payment = await getPaymentById(paymentId)
+    if (!payment) {
+      return NextResponse.json({ error: 'Payment not found' }, { status: 404 })
+    }
+
+    const userAgent = req.headers.get('user-agent') || ''
+    const isMobile = /Mobile|Android|iPhone/i.test(userAgent)
+
+    // In development, always use native (qrcode) even on mobile (D3)
+    const forceNative = process.env.NODE_ENV === 'development' && isMobile
+
+    const notifyUrl = `${process.env.NEXT_PUBLIC_APP_URL}/api/payments/wechat/notify`
+
+    if (!isMobile || forceNative) {
+      // Native (PC) - return QR code URL
+      const result = await createWechatNativePay({
+        description: 'Subscription',
+        outTradeNo: payment.order_no,
+        notifyUrl,
+        amount: { total: payment.amount, currency: 'CNY' },
+      })
+
+      if (forceNative) {
+        return NextResponse.json({
+          type: 'qrcode',
+          codeUrl: result.code_url,
+          warning: 'H5 disabled in dev',
+        })
+      }
+
+      return NextResponse.json({ type: 'qrcode', codeUrl: result.code_url })
+    } else {
+      // H5 (mobile)
+      const result = await createWechatH5Pay({
+        description: 'Subscription',
+        outTradeNo: payment.order_no,
+        notifyUrl,
+        amount: { total: payment.amount, currency: 'CNY' },
+        sceneInfo: {
+          payer_client_ip: req.headers.get('x-forwarded-for')?.split(',')[0]?.trim() || '127.0.0.1',
+        },
+      })
+
+      return NextResponse.json({ type: 'redirect', h5Url: result.h5_url })
+    }
+  } catch (error) {
+    console.error('WeChat create error:', error)
+    return NextResponse.json({ error: 'Failed to create WeChat payment' }, { status: 500 })
+  }
+}

package/dist/templates/web-nextjs/apps/web/src/app/api/payments/wechat/notify/route.ts

@@ -0,0 +1,92 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { verifyAndDecryptNotify } from '@/features/subscription/wechat/server'
+import { createAdminClient } from '@/lib/supabase/admin'
+import { getPaymentByOrderNo } from '@/features/subscription/payment-service'
+
+export async function POST(req: NextRequest) {
+  try {
+    const rawBody = await req.text()
+    const headers: Record<string, string | undefined> = {
+      'wechatpay-timestamp': req.headers.get('wechatpay-timestamp') || undefined,
+      'wechatpay-nonce': req.headers.get('wechatpay-nonce') || undefined,
+      'wechatpay-signature': req.headers.get('wechatpay-signature') || undefined,
+      'wechatpay-serial': req.headers.get('wechatpay-serial') || undefined,
+    }
+
+    const result = await verifyAndDecryptNotify(headers, rawBody)
+
+    if (result.tradeState !== 'SUCCESS') {
+      return NextResponse.json({ code: 'SUCCESS', message: '成功' })
+    }
+
+    const payment = await getPaymentByOrderNo(result.outTradeNo)
+    if (!payment) {
+      console.warn(`WeChat notify: payment not found for order ${result.outTradeNo}`)
+      return NextResponse.json({ code: 'SUCCESS', message: '成功' })
+    }
+
+    // Validate mch_id matches our configured merchant
+    if (result.mchId !== process.env.WECHAT_PAY_MCH_ID) {
+      console.warn(`WeChat notify: mch_id mismatch. received=${result.mchId}`)
+      return NextResponse.json({ code: 'FAIL', message: 'mch_id mismatch' }, { status: 400 })
+    }
+
+    // Validate appid matches our configured app
+    if (result.appId !== process.env.WECHAT_PAY_APP_ID) {
+      console.warn(`WeChat notify: appid mismatch. received=${result.appId}`)
+      return NextResponse.json({ code: 'FAIL', message: 'appid mismatch' }, { status: 400 })
+    }
+
+    // Validate amount matches the local order
+    if (result.amount !== payment.amount) {
+      console.warn(
+        `WeChat notify: amount mismatch. order=${result.outTradeNo}, expected=${payment.amount}, received=${result.amount}`,
+      )
+      return NextResponse.json({ code: 'FAIL', message: 'amount mismatch' }, { status: 400 })
+    }
+
+    // Idempotency
+    if (payment.status === 'paid') {
+      return NextResponse.json({ code: 'SUCCESS', message: '成功' })
+    }
+
+    const supabase = createAdminClient()
+
+    // Update payment with provider_trade_no and conditional update
+    const { error: updateError } = await supabase
+      .from('payments')
+      .update({
+        status: 'paid',
+        provider_trade_no: result.transactionId,
+        paid_at: new Date().toISOString(),
+      })
+      .eq('order_no', result.outTradeNo)
+      .eq('status', 'pending')
+
+    if (updateError) {
+      console.error('WeChat notify: failed to update payment', updateError)
+      return NextResponse.json({ code: 'FAIL', message: 'update failed' }, { status: 500 })
+    }
+
+    // Update subscription
+    if (payment.subscription_id) {
+      const now = new Date()
+      const nextMonth = new Date(now)
+      nextMonth.setMonth(nextMonth.getMonth() + 1)
+
+      await supabase
+        .from('user_subscriptions')
+        .update({
+          status: 'active',
+          current_period_start: now.toISOString(),
+          current_period_end: nextMonth.toISOString(),
+        })
+        .eq('id', payment.subscription_id)
+    }
+
+    return NextResponse.json({ code: 'SUCCESS', message: '成功' })
+  } catch (error) {
+    console.error('WeChat notify error:', error)
+    return NextResponse.json({ code: 'FAIL', message: (error as Error).message }, { status: 500 })
+  }
+}

package/dist/templates/web-nextjs/apps/web/src/app/api/payments/wechat/query/route.ts

@@ -0,0 +1,54 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { queryWechatOrder } from '@/features/subscription/wechat/server'
+import { getPaymentByOrderNo } from '@/features/subscription/payment-service'
+import { getServerClient } from '@/infra/db/client'
+
+function normalizeWechatStatus(tradeState: string): string {
+  switch (tradeState) {
+    case 'SUCCESS':
+      return 'paid'
+    case 'CLOSED':
+    case 'REVOKED':
+      return 'failed'
+    case 'NOTPAY':
+    case 'USERPAYING':
+    default:
+      return 'pending'
+  }
+}
+
+export async function POST(req: NextRequest) {
+  try {
+    const supabase = await getServerClient()
+    const {
+      data: { user },
+    } = await supabase.auth.getUser()
+
+    if (!user) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const { outTradeNo } = (await req.json()) as { outTradeNo: string }
+
+    // Verify order ownership
+    const payment = await getPaymentByOrderNo(outTradeNo)
+    if (!payment) {
+      return NextResponse.json({ error: 'Payment not found' }, { status: 404 })
+    }
+
+    if (payment.user_id !== user.id) {
+      return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
+    }
+
+    const result = await queryWechatOrder(outTradeNo)
+    const normalizedStatus = normalizeWechatStatus(result.trade_state)
+
+    return NextResponse.json({
+      status: normalizedStatus,
+      tradeState: result.trade_state,
+    })
+  } catch (error) {
+    console.error('WeChat query error:', error)
+    return NextResponse.json({ error: 'Failed to query WeChat order' }, { status: 500 })
+  }
+}

package/dist/templates/web-nextjs/apps/web/src/features/subscription/alipay/client.ts

@@ -0,0 +1,36 @@
+'use client'
+
+interface InitiateAlipayPaymentResult {
+  formHtml?: string
+  redirectUrl?: string
+}
+
+export async function initiateAlipayPayment(paymentId: number, userId: string): Promise<void> {
+  const res = await fetch('/api/payments/alipay/create', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ paymentId, userId }),
+  })
+
+  if (!res.ok) {
+    throw new Error('Failed to initiate Alipay payment')
+  }
+
+  const data: InitiateAlipayPaymentResult = await res.json()
+
+  if (data.formHtml) {
+    // PC page pay: inject form HTML and auto-submit
+    const div = document.createElement('div')
+    div.innerHTML = data.formHtml
+    document.body.appendChild(div)
+    const form = div.querySelector('form')
+    if (form) {
+      form.submit()
+    }
+  } else if (data.redirectUrl) {
+    // H5 wap pay: redirect
+    window.location.href = data.redirectUrl
+  } else {
+    throw new Error('Unexpected Alipay response')
+  }
+}

package/dist/templates/web-nextjs/apps/web/src/features/subscription/alipay/server.ts

@@ -0,0 +1,83 @@
+import { AlipaySdk } from 'alipay-sdk'
+
+const ALIPAY_APP_ID = process.env.ALIPAY_APP_ID
+const ALIPAY_PRIVATE_KEY = process.env.ALIPAY_PRIVATE_KEY
+const ALIPAY_PUBLIC_KEY = process.env.ALIPAY_PUBLIC_KEY
+const ALIPAY_GATEWAY = process.env.ALIPAY_GATEWAY || 'https://openapi.alipay.com/gateway.do'
+
+export interface AlipayPayParams {
+  outTradeNo: string
+  totalAmount: string
+  subject: string
+  body?: string
+  returnUrl: string
+  notifyUrl: string
+}
+
+export function getAlipaySDK(): AlipaySdk {
+  if (!ALIPAY_APP_ID || !ALIPAY_PRIVATE_KEY || !ALIPAY_PUBLIC_KEY) {
+    throw new Error(
+      'Missing Alipay credentials. Ensure ALIPAY_APP_ID, ALIPAY_PRIVATE_KEY, and ALIPAY_PUBLIC_KEY are set.',
+    )
+  }
+
+  return new AlipaySdk({
+    appId: ALIPAY_APP_ID,
+    privateKey: ALIPAY_PRIVATE_KEY,
+    signType: 'RSA2',
+    alipayPublicKey: ALIPAY_PUBLIC_KEY,
+    gateway: ALIPAY_GATEWAY,
+    camelcase: true,
+  })
+}
+
+export async function createAlipayPagePay(params: AlipayPayParams) {
+  const alipay = getAlipaySDK()
+  const result = await alipay.exec('alipay.trade.page.pay', {
+    notify_url: params.notifyUrl,
+    return_url: params.returnUrl,
+    bizContent: {
+      out_trade_no: params.outTradeNo,
+      total_amount: params.totalAmount,
+      subject: params.subject,
+      body: params.body,
+      product_code: 'FAST_INSTANT_TRADE_PAY',
+    },
+  })
+
+  return { formHtml: result }
+}
+
+export async function createAlipayWapPay(params: AlipayPayParams) {
+  const alipay = getAlipaySDK()
+  const result = await alipay.exec('alipay.trade.wap.pay', {
+    notify_url: params.notifyUrl,
+    return_url: params.returnUrl,
+    bizContent: {
+      out_trade_no: params.outTradeNo,
+      total_amount: params.totalAmount,
+      subject: params.subject,
+      body: params.body,
+      product_code: 'QUICK_WAP_WAY',
+    },
+  })
+
+  return { redirectUrl: (result as unknown as { url: string }).url }
+}
+
+export async function queryAlipayOrder(outTradeNo: string) {
+  const alipay = getAlipaySDK()
+  const result = await alipay.exec('alipay.trade.query', {
+    bizContent: { out_trade_no: outTradeNo },
+  })
+
+  return result as unknown as {
+    tradeStatus: string
+    code: string
+  }
+}
+
+export async function verifyAlipayNotify(formData: Record<string, unknown>) {
+  const alipay = getAlipaySDK()
+  return alipay.checkNotifySign(formData)
+}

package/dist/templates/web-nextjs/apps/web/src/features/subscription/components/index.ts

@@ -0,0 +1,4 @@
+export { UpgradeButton } from './upgrade-button'
+export { ProBadge } from './pro-badge'
+export { ProFeatureComparison } from './pro-feature-comparison'
+export { QuotaWarningBanner } from './quota-warning-banner'

package/dist/templates/web-nextjs/apps/web/src/features/subscription/components/pro-badge.tsx

@@ -0,0 +1,9 @@
+import { Badge } from '@/components/ui/badge'
+
+export function ProBadge() {
+  return (
+    <Badge variant="default" className="bg-gradient-to-r from-amber-500 to-orange-500 text-white">
+      PRO
+    </Badge>
+  )
+}

package/dist/templates/web-nextjs/apps/web/src/features/subscription/components/pro-feature-comparison.tsx

@@ -0,0 +1,70 @@
+'use client'
+
+import { useTranslations } from 'next-intl'
+import { Check, X } from 'lucide-react'
+
+interface Feature {
+  name: string
+  free: boolean | string
+  pro: boolean | string
+}
+
+interface ProFeatureComparisonProps {
+  features?: Feature[]
+}
+
+export function ProFeatureComparison({ features }: ProFeatureComparisonProps) {
+  const t = useTranslations('subscription')
+
+  const defaultFeatures: Feature[] = [
+    { name: t('featureProjects'), free: '3', pro: '50' },
+    { name: t('featureApiCalls'), free: '1,000', pro: '100,000' },
+    { name: t('featureSupport'), free: false, pro: true },
+    { name: t('featureAnalytics'), free: false, pro: true },
+  ]
+
+  const displayFeatures = features || defaultFeatures
+
+  return (
+    <div className="w-full overflow-hidden rounded-lg border">
+      <table className="w-full text-sm">
+        <thead>
+          <tr className="border-b bg-muted/50">
+            <th className="px-4 py-3 text-left font-medium">{t('feature')}</th>
+            <th className="px-4 py-3 text-center font-medium">{t('free')}</th>
+            <th className="px-4 py-3 text-center font-medium">{t('pro')}</th>
+          </tr>
+        </thead>
+        <tbody>
+          {displayFeatures.map((feat, index) => (
+            <tr key={index} className="border-b last:border-0">
+              <td className="px-4 py-3 font-medium">{feat.name}</td>
+              <td className="px-4 py-3 text-center">
+                {typeof feat.free === 'boolean' ? (
+                  feat.free ? (
+                    <Check className="mx-auto h-4 w-4 text-green-500" />
+                  ) : (
+                    <X className="mx-auto h-4 w-4 text-muted-foreground" />
+                  )
+                ) : (
+                  <span>{feat.free}</span>
+                )}
+              </td>
+              <td className="px-4 py-3 text-center">
+                {typeof feat.pro === 'boolean' ? (
+                  feat.pro ? (
+                    <Check className="mx-auto h-4 w-4 text-green-500" />
+                  ) : (
+                    <X className="mx-auto h-4 w-4 text-muted-foreground" />
+                  )
+                ) : (
+                  <span className="font-medium">{feat.pro}</span>
+                )}
+              </td>
+            </tr>
+          ))}
+        </tbody>
+      </table>
+    </div>
+  )
+}

package/dist/templates/web-nextjs/apps/web/src/features/subscription/components/quota-warning-banner.tsx

@@ -0,0 +1,37 @@
+'use client'
+
+import { useRouter } from 'next/navigation'
+import { AlertTriangle } from 'lucide-react'
+import { Button } from '@/components/ui/button'
+
+interface QuotaWarningBannerProps {
+  quotaName?: string
+  currentUsage?: number
+  maxQuota?: number
+}
+
+export function QuotaWarningBanner({
+  quotaName = 'API calls',
+  currentUsage = 0,
+  maxQuota = 1000,
+}: QuotaWarningBannerProps) {
+  const router = useRouter()
+  const percentage = (currentUsage / maxQuota) * 100
+  const isNearLimit = percentage >= 80
+
+  if (!isNearLimit) return null
+
+  return (
+    <div className="flex items-center gap-3 rounded-lg border border-amber-200 bg-amber-50 p-4 dark:border-amber-900 dark:bg-amber-950">
+      <AlertTriangle className="h-5 w-5 flex-shrink-0 text-amber-600 dark:text-amber-400" />
+      <div className="flex-1">
+        <p className="text-sm font-medium text-amber-900 dark:text-amber-200">
+          You are using {currentUsage} of {maxQuota} {quotaName} ({percentage.toFixed(0)}%)
+        </p>
+      </div>
+      <Button variant="outline" size="sm" onClick={() => router.push('/pricing')}>
+        Upgrade
+      </Button>
+    </div>
+  )
+}

package/dist/templates/web-nextjs/apps/web/src/features/subscription/components/upgrade-button.tsx

@@ -0,0 +1,42 @@
+'use client'
+
+import { useRouter } from 'next/navigation'
+import { Button } from '@/components/ui/button'
+import { Zap } from 'lucide-react'
+
+interface UpgradeButtonProps {
+  source?: string
+  feature?: string
+  trigger?: string
+  icon?: boolean
+  text?: string
+  highlight?: boolean
+}
+
+export function UpgradeButton({
+  source = 'default',
+  feature,
+  trigger,
+  icon = true,
+  text = 'Upgrade',
+  highlight = false,
+}: UpgradeButtonProps) {
+  const router = useRouter()
+
+  const handleClick = () => {
+    const params = new URLSearchParams()
+    if (source) params.set('source', source)
+    if (feature) params.set('feature', feature)
+    if (trigger) params.set('trigger', trigger)
+
+    const queryString = params.toString()
+    router.push(`/pricing${queryString ? `?${queryString}` : ''}`)
+  }
+
+  return (
+    <Button onClick={handleClick} variant={highlight ? 'default' : 'outline'} size="sm">
+      {icon && <Zap className="mr-1 h-4 w-4" />}
+      {text}
+    </Button>
+  )
+}