@cogito.ai/cli 0.4.3 → 0.4.4

package/dist/templates/web-nextjs/apps/web/src/features/subscription/hooks.ts

@@ -0,0 +1,141 @@
+'use client'
+
+import { useQuery, useMutation, useQueryClient } from '@tanstack/react-query'
+import type { Payment, SubscriptionPlan, UserSubscription } from './types'
+
+function createSupabaseClient() {
+  return import('@supabase/ssr').then(({ createBrowserClient }) =>
+    createBrowserClient(
+      process.env.NEXT_PUBLIC_SUPABASE_URL!,
+      process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
+    ),
+  )
+}
+
+export function useSubscriptionPlans() {
+  return useQuery({
+    queryKey: ['subscription-plans'],
+    queryFn: async (): Promise<SubscriptionPlan[]> => {
+      const supabase = await createSupabaseClient()
+      const { data, error } = await supabase
+        .from('subscription_plans')
+        .select('*')
+        .eq('is_active', true)
+        .order('display_order', { ascending: true })
+
+      if (error) throw error
+      return (data as SubscriptionPlan[]) ?? []
+    },
+  })
+}
+
+export function useSubscriptionPlan(planCode: string) {
+  return useQuery({
+    queryKey: ['subscription-plan', planCode],
+    queryFn: async (): Promise<SubscriptionPlan | null> => {
+      const supabase = await createSupabaseClient()
+      const { data, error } = await supabase
+        .from('subscription_plans')
+        .select('*')
+        .eq('plan_code', planCode)
+        .single()
+
+      if (error && error.code !== 'PGRST116') throw error
+      return (data as SubscriptionPlan) ?? null
+    },
+  })
+}
+
+export function useUserSubscription(userId: string) {
+  return useQuery({
+    queryKey: ['user-subscription', userId],
+    queryFn: async (): Promise<UserSubscription | null> => {
+      const supabase = await createSupabaseClient()
+      const { data, error } = await supabase
+        .from('user_subscriptions')
+        .select('*')
+        .eq('user_id', userId)
+        .in('status', ['trial', 'active'])
+        .order('created_at', { ascending: false })
+        .limit(1)
+        .single()
+
+      if (error && error.code !== 'PGRST116') throw error
+      return (data as UserSubscription) ?? null
+    },
+    staleTime: 2 * 60 * 1000, // 2 minutes
+    enabled: !!userId,
+  })
+}
+
+export function useUserPayments(userId: string) {
+  return useQuery({
+    queryKey: ['user-payments', userId],
+    queryFn: async (): Promise<Payment[]> => {
+      const supabase = await createSupabaseClient()
+      const { data, error } = await supabase
+        .from('payments')
+        .select('*')
+        .eq('user_id', userId)
+        .order('created_at', { ascending: false })
+
+      if (error) throw error
+      return (data as Payment[]) ?? []
+    },
+    enabled: !!userId,
+  })
+}
+
+interface PaymentStatusResult {
+  status: string
+}
+
+export function usePaymentStatus(
+  orderNo: string,
+  paymentMethod: string,
+  options?: { enabled?: boolean },
+) {
+  return useQuery({
+    queryKey: ['payment-status', orderNo],
+    queryFn: async (): Promise<PaymentStatusResult> => {
+      const endpoint =
+        paymentMethod === 'alipay' ? '/api/payments/alipay/query' : '/api/payments/wechat/query'
+      const res = await fetch(endpoint, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ outTradeNo: orderNo }),
+      })
+      if (!res.ok) throw new Error('Failed to query payment status')
+      return res.json() as Promise<PaymentStatusResult>
+    },
+    refetchInterval: 3000,
+    enabled: options?.enabled ?? !!orderNo,
+  })
+}
+
+interface CreatePaymentParams {
+  userId: string
+  planId: number
+  amount: number
+  paymentMethod: string
+  billingCycle: string
+}
+
+export function useCreatePayment() {
+  const queryClient = useQueryClient()
+
+  return useMutation({
+    mutationFn: async (params: CreatePaymentParams) => {
+      const res = await fetch('/api/payments/create', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify(params),
+      })
+      if (!res.ok) throw new Error('Failed to create payment')
+      return res.json()
+    },
+    onSuccess: () => {
+      queryClient.invalidateQueries({ queryKey: ['user-payments'] })
+    },
+  })
+}

package/dist/templates/web-nextjs/apps/web/src/features/subscription/payment-helpers.ts

@@ -0,0 +1,27 @@
+import crypto from 'crypto'
+
+/**
+ * Generates a unique order number in the format WN{timestamp}{4-digit-random}
+ * WN = WebNextjs prefix to avoid conflicts with other projects
+ */
+export function generateOrderNumber(): string {
+  const timestamp = Date.now()
+  const random = Math.floor(Math.random() * 10000)
+    .toString()
+    .padStart(4, '0')
+  return `WN${timestamp}${random}`
+}
+
+/**
+ * Formats a price in cents to a human-readable currency string (CNY)
+ */
+export function formatPriceInCents(cents: number): string {
+  return `¥${(cents / 100).toFixed(2)}`
+}
+
+/**
+ * Checks if a subscription is currently active
+ */
+export function isSubscriptionActive(status: string): boolean {
+  return status === 'trial' || status === 'active'
+}

package/dist/templates/web-nextjs/apps/web/src/features/subscription/payment-service.ts

@@ -0,0 +1,56 @@
+import { getServerClient } from '@/infra/db/client'
+import type { Payment, CreatePaymentParams } from './types'
+
+export async function createPaymentRecord(params: CreatePaymentParams): Promise<Payment> {
+  const supabase = await getServerClient()
+  const { data, error } = await supabase
+    .from('payments')
+    .insert({
+      user_id: params.user_id,
+      subscription_id: params.subscription_id ?? null,
+      order_no: params.order_no,
+      amount: params.amount,
+      currency: params.currency ?? 'CNY',
+      payment_method: params.payment_method,
+      payment_channel: params.payment_channel ?? null,
+      status: 'pending',
+      metadata: params.metadata ?? {},
+    })
+    .select()
+    .single()
+
+  if (error) throw error
+  return data as Payment
+}
+
+export async function getPaymentByOrderNo(orderNo: string): Promise<Payment | null> {
+  const supabase = await getServerClient()
+  const { data, error } = await supabase
+    .from('payments')
+    .select('*')
+    .eq('order_no', orderNo)
+    .single()
+
+  if (error && error.code !== 'PGRST116') throw error
+  return (data as Payment) ?? null
+}
+
+export async function getPaymentById(id: number): Promise<Payment | null> {
+  const supabase = await getServerClient()
+  const { data, error } = await supabase.from('payments').select('*').eq('id', id).single()
+
+  if (error && error.code !== 'PGRST116') throw error
+  return (data as Payment) ?? null
+}
+
+export async function getUserPayments(userId: string): Promise<Payment[]> {
+  const supabase = await getServerClient()
+  const { data, error } = await supabase
+    .from('payments')
+    .select('*')
+    .eq('user_id', userId)
+    .order('created_at', { ascending: false })
+
+  if (error) throw error
+  return (data as Payment[]) ?? []
+}

package/dist/templates/web-nextjs/apps/web/src/features/subscription/service.ts

@@ -0,0 +1,55 @@
+import { getBrowserClient, getServerClient } from '@/infra/db/client'
+import type { SubscriptionPlan, UserSubscription } from './types'
+
+export async function getActiveSubscriptionPlans(): Promise<SubscriptionPlan[]> {
+  const supabase = await getServerClient()
+  const { data, error } = await supabase
+    .from('subscription_plans')
+    .select('*')
+    .eq('is_active', true)
+    .order('display_order', { ascending: true })
+
+  if (error) throw error
+  return (data as SubscriptionPlan[]) ?? []
+}
+
+export async function getSubscriptionPlanByCode(
+  planCode: string,
+): Promise<SubscriptionPlan | null> {
+  const supabase = await getServerClient()
+  const { data, error } = await supabase
+    .from('subscription_plans')
+    .select('*')
+    .eq('plan_code', planCode)
+    .single()
+
+  if (error && error.code !== 'PGRST116') throw error
+  return (data as SubscriptionPlan) ?? null
+}
+
+export async function getUserActiveSubscription(userId: string): Promise<UserSubscription | null> {
+  const supabase = await getServerClient()
+  const { data, error } = await supabase
+    .from('user_subscriptions')
+    .select('*')
+    .eq('user_id', userId)
+    .in('status', ['trial', 'active'])
+    .order('created_at', { ascending: false })
+    .limit(1)
+    .single()
+
+  if (error && error.code !== 'PGRST116') throw error
+  return (data as UserSubscription) ?? null
+}
+
+export async function getUserSubscriptionHistory(userId: string): Promise<UserSubscription[]> {
+  const supabase = await getServerClient()
+  const { data, error } = await supabase
+    .from('user_subscriptions')
+    .select('*')
+    .eq('user_id', userId)
+    .order('created_at', { ascending: false })
+
+  if (error) throw error
+  return (data as UserSubscription[]) ?? []
+}

package/dist/templates/web-nextjs/apps/web/src/features/subscription/types.ts

@@ -0,0 +1,73 @@
+export type PlanCode = 'free' | 'pro' | 'enterprise'
+
+export type BillingCycle = 'monthly' | 'yearly'
+
+export type PaymentMethod = 'alipay' | 'wechat' | 'stripe'
+
+export type PaymentStatus = 'pending' | 'paid' | 'failed' | 'refunded' | 'cancelled'
+
+export type SubscriptionStatus = 'trial' | 'active' | 'expired' | 'cancelled' | 'pending'
+
+export type PaymentChannel = 'alipay_page' | 'alipay_wap' | 'wechat_native' | 'wechat_h5'
+
+export interface SubscriptionPlan {
+  id: number
+  plan_code: PlanCode
+  plan_name: string
+  description: string | null
+  price_monthly: number
+  price_yearly: number
+  features: Record<string, unknown>
+  display_order: number
+  is_active: boolean
+  is_featured: boolean
+  created_at: string
+  updated_at: string
+}
+
+export interface UserSubscription {
+  id: number
+  user_id: string
+  plan_id: number
+  status: SubscriptionStatus
+  billing_cycle: BillingCycle
+  current_period_start: string | null
+  current_period_end: string | null
+  cancelled_at: string | null
+  cancel_at_period_end: boolean
+  last_payment_id: number | null
+  next_billing_date: string | null
+  metadata: Record<string, unknown> | null
+  created_at: string
+  updated_at: string
+}
+
+export interface Payment {
+  id: number
+  user_id: string
+  subscription_id: number | null
+  order_no: string
+  amount: number
+  currency: string
+  payment_method: PaymentMethod
+  payment_channel: PaymentChannel | null
+  status: PaymentStatus
+  provider_trade_no: string | null
+  provider_response: Record<string, unknown> | null
+  paid_at: string | null
+  refunded_at: string | null
+  metadata: Record<string, unknown> | null
+  created_at: string
+  updated_at: string
+}
+
+export interface CreatePaymentParams {
+  user_id: string
+  subscription_id?: number
+  order_no: string
+  amount: number
+  currency?: string
+  payment_method: PaymentMethod
+  payment_channel?: PaymentChannel
+  metadata?: Record<string, unknown>
+}

package/dist/templates/web-nextjs/apps/web/src/features/subscription/wechat/client.ts

@@ -0,0 +1,33 @@
+'use client'
+
+interface WechatPayResult {
+  type: 'qrcode' | 'redirect'
+  codeUrl?: string
+  h5Url?: string
+}
+
+export async function initiateWechatPayment(
+  paymentId: number,
+  userId: string,
+): Promise<WechatPayResult> {
+  const res = await fetch('/api/payments/wechat/create', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ paymentId, userId }),
+  })
+
+  if (!res.ok) {
+    throw new Error('Failed to initiate WeChat payment')
+  }
+
+  const data = (await res.json()) as WechatPayResult
+
+  if (data.type === 'qrcode' && data.codeUrl) {
+    return { type: 'qrcode', codeUrl: data.codeUrl }
+  } else if (data.type === 'redirect' && data.h5Url) {
+    window.location.href = data.h5Url
+    return { type: 'redirect', h5Url: data.h5Url }
+  }
+
+  throw new Error('Unexpected WeChat payment response')
+}

package/dist/templates/web-nextjs/apps/web/src/features/subscription/wechat/server.ts

@@ -0,0 +1,147 @@
+import { wxpayRequest } from '@/lib/wechat-pay/client'
+import type { WechatPayConfig } from '@/lib/wechat-pay/types'
+import { decryptResource, verifySignature } from '@/lib/wechat-pay/crypto'
+
+export function getWechatPayConfig(): WechatPayConfig {
+  const appId = process.env.WECHAT_PAY_APP_ID
+  const mchId = process.env.WECHAT_PAY_MCH_ID
+  const privateKey = process.env.WECHAT_PAY_PRIVATE_KEY
+  const serialNo = process.env.WECHAT_PAY_SERIAL_NO
+  const apiV3Key = process.env.WECHAT_PAY_API_V3_KEY
+  const platformPublicKey = process.env.WECHAT_PAY_PLATFORM_PUBLIC_KEY
+  const baseUrl = process.env.WECHAT_PAY_BASE_URL || 'https://api.mch.weixin.qq.com'
+  const notifyUrl = process.env.WECHAT_PAY_NOTIFY_URL
+
+  if (
+    !appId ||
+    !mchId ||
+    !privateKey ||
+    !serialNo ||
+    !apiV3Key ||
+    !platformPublicKey ||
+    !notifyUrl
+  ) {
+    throw new Error(
+      'Missing WeChat Pay credentials. Ensure all WECHAT_PAY_* environment variables are set.',
+    )
+  }
+
+  return {
+    appId,
+    mchId,
+    privateKey,
+    serialNo,
+    apiV3Key,
+    platformPublicKey,
+    baseUrl,
+    notifyUrl,
+  }
+}
+
+interface CreateWechatPayParams {
+  description: string
+  outTradeNo: string
+  notifyUrl: string
+  amount: { total: number; currency?: string }
+  sceneInfo?: object
+}
+
+export async function createWechatNativePay(params: CreateWechatPayParams) {
+  const config = getWechatPayConfig()
+  const body = {
+    appid: config.appId,
+    mchid: config.mchId,
+    description: params.description,
+    out_trade_no: params.outTradeNo,
+    notify_url: params.notifyUrl,
+    amount: params.amount,
+  }
+
+  return wxpayRequest<{ code_url: string }>({
+    config,
+    method: 'post',
+    url: '/v3/pay/transactions/native',
+    body,
+  })
+}
+
+export async function createWechatH5Pay(params: CreateWechatPayParams) {
+  const config = getWechatPayConfig()
+  const body = {
+    appid: config.appId,
+    mchid: config.mchId,
+    description: params.description,
+    out_trade_no: params.outTradeNo,
+    notify_url: params.notifyUrl,
+    amount: params.amount,
+    scene_info: params.sceneInfo,
+  }
+
+  return wxpayRequest<{ h5_url: string }>({
+    config,
+    method: 'post',
+    url: '/v3/pay/transactions/h5',
+    body,
+  })
+}
+
+export async function queryWechatOrder(outTradeNo: string) {
+  const config = getWechatPayConfig()
+  return wxpayRequest<{ trade_state: string }>({
+    config,
+    method: 'get',
+    url: `/v3/pay/transactions/out-trade-no/${outTradeNo}`,
+  })
+}
+
+export interface VerifyAndDecryptNotifyResult {
+  outTradeNo: string
+  tradeState: string
+  transactionId: string
+  amount: number
+  currency: string
+  appId: string
+  mchId: string
+}
+
+export async function verifyAndDecryptNotify(
+  headers: Record<string, string | undefined>,
+  rawBody: string,
+): Promise<VerifyAndDecryptNotifyResult> {
+  const config = getWechatPayConfig()
+  const timestamp = headers['wechatpay-timestamp'] || headers['Wechatpay-Timestamp'] || ''
+  const nonce = headers['wechatpay-nonce'] || headers['Wechatpay-Nonce'] || ''
+  const signature = headers['wechatpay-signature'] || headers['Wechatpay-Signature'] || ''
+
+  const isValid = verifySignature({
+    timestamp,
+    nonce,
+    body: rawBody,
+    signature,
+    platformPublicKey: config.platformPublicKey,
+  })
+
+  if (!isValid) {
+    throw new Error('Invalid WeChat Pay signature')
+  }
+
+  const bodyData = JSON.parse(rawBody)
+  const resource = bodyData.resource
+  const decrypted = decryptResource({
+    ciphertext: resource.ciphertext,
+    associatedData: resource.associated_data,
+    nonce: resource.nonce,
+    apiV3Key: config.apiV3Key,
+  })
+
+  const transaction = JSON.parse(decrypted)
+  return {
+    outTradeNo: transaction.out_trade_no,
+    tradeState: transaction.trade_state,
+    transactionId: transaction.transaction_id,
+    amount: transaction.amount?.total,
+    currency: transaction.amount?.currency,
+    appId: transaction.appid,
+    mchId: transaction.mchid,
+  }
+}

package/dist/templates/web-nextjs/apps/web/src/lib/supabase/admin.ts

@@ -0,0 +1,23 @@
+import { createClient } from '@supabase/supabase-js'
+
+/**
+ * Creates a Supabase admin client using the service role key.
+ *
+ * ⚠️ WARNING: This client bypasses Row Level Security (RLS).
+ * Use ONLY in server-side contexts (Route Handlers, Server Actions).
+ * NEVER expose this client to the browser.
+ */
+export function createAdminClient() {
+  const url = process.env.NEXT_PUBLIC_SUPABASE_URL
+  const key = process.env.SUPABASE_SERVICE_ROLE_KEY
+
+  if (!url || !key) {
+    throw new Error(
+      'Missing Supabase admin credentials. Ensure NEXT_PUBLIC_SUPABASE_URL and SUPABASE_SERVICE_ROLE_KEY are set.',
+    )
+  }
+
+  return createClient(url, key, {
+    auth: { autoRefreshToken: false, persistSession: false },
+  })
+}

package/dist/templates/web-nextjs/apps/web/src/lib/wechat-pay/client.ts

@@ -0,0 +1,66 @@
+import { buildAuthorizationHeader, generateNonce, signRequest } from './crypto'
+import type { WechatPayConfig } from './types'
+
+interface WxpayRequestParams<T = unknown> {
+  config: WechatPayConfig
+  method: string
+  url: string
+  body?: object
+}
+
+export async function wxpayRequest<T>(params: WxpayRequestParams): Promise<T> {
+  const { config, method, url, body } = params
+  const timestamp = Math.floor(Date.now() / 1000).toString()
+  const nonce = generateNonce()
+  const bodyStr = body ? JSON.stringify(body) : ''
+
+  const signature = signRequest({
+    method,
+    url,
+    timestamp,
+    nonce,
+    body: bodyStr,
+    privateKey: config.privateKey,
+  })
+
+  const authorization = buildAuthorizationHeader({
+    mchId: config.mchId,
+    serialNo: config.serialNo,
+    timestamp,
+    nonce,
+    signature,
+  })
+
+  const headers: Record<string, string> = {
+    Accept: 'application/json',
+    Authorization: authorization,
+    'Content-Type': 'application/json',
+    'User-Agent': 'Mozilla/5.0 (compatible; WebNextjs/1.0)',
+  }
+
+  const res = await fetch(`${config.baseUrl}${url}`, {
+    method: method.toUpperCase(),
+    headers,
+    body: bodyStr || null,
+  })
+
+  const data = (await res.json()) as T
+
+  // Check for WeChat Pay API errors
+  if (!res.ok) {
+    const errorData = data as Record<string, unknown>
+    const errorMessage =
+      typeof errorData.message === 'string'
+        ? errorData.message
+        : `WeChat Pay API error: ${res.status}`
+    const error = new Error(errorMessage)
+    ;(error as Error & { code?: string; status?: number; raw?: unknown }).code = String(
+      errorData.code || '',
+    )
+    ;(error as Error & { code?: string; status?: number; raw?: unknown }).status = res.status
+    ;(error as Error & { code?: string; status?: number; raw?: unknown }).raw = errorData
+    throw error
+  }
+
+  return data
+}