@cogito.ai/cli 0.4.3 → 0.4.5

package/dist/templates/web-nextjs/apps/web/src/app/[locale]/(protected)/settings/subscription/page.tsx

@@ -0,0 +1,128 @@
+'use client'
+
+import { useEffect, useState } from 'react'
+import { useRouter } from 'next/navigation'
+import { useTranslations } from 'next-intl'
+import { Button } from '@/components/ui/button'
+import { Card, CardContent, CardHeader, CardTitle } from '@/components/ui/card'
+import { Badge } from '@/components/ui/badge'
+import { Progress } from '@/components/ui/progress'
+import { useUserSubscription, useUserPayments } from '@/features/subscription/hooks'
+import { createBrowserClient } from '@supabase/ssr'
+import type { Payment } from '@/features/subscription/types'
+
+export default function SubscriptionPage() {
+  const t = useTranslations('subscription')
+  const router = useRouter()
+  const [userId, setUserId] = useState<string | null>(null)
+
+  useEffect(() => {
+    const supabase = createBrowserClient(
+      process.env.NEXT_PUBLIC_SUPABASE_URL!,
+      process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
+    )
+    supabase.auth.getUser().then(({ data }) => {
+      if (data.user) {
+        setUserId(data.user.id)
+      }
+    })
+  }, [])
+
+  const { data: subscription } = useUserSubscription(userId || '')
+  const { data: payments } = useUserPayments(userId || '')
+
+  const handleCancel = async () => {
+    if (!userId) return
+    const supabase = createBrowserClient(
+      process.env.NEXT_PUBLIC_SUPABASE_URL!,
+      process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
+    )
+    await supabase
+      .from('user_subscriptions')
+      .update({ cancel_at_period_end: true })
+      .eq('user_id', userId)
+  }
+
+  return (
+    <div className="space-y-6">
+      <div>
+        <h1 className="text-2xl font-bold">{t('title')}</h1>
+        <p className="text-muted-foreground">{t('description')}</p>
+      </div>
+
+      <Card>
+        <CardHeader>
+          <CardTitle>{t('currentPlan')}</CardTitle>
+        </CardHeader>
+        <CardContent className="space-y-4">
+          {subscription ? (
+            <>
+              <div className="flex items-center justify-between">
+                <span className="font-medium">{t('status')}</span>
+                <Badge variant={subscription.status === 'active' ? 'default' : 'secondary'}>
+                  {t(subscription.status)}
+                </Badge>
+              </div>
+              <div className="flex items-center justify-between">
+                <span className="font-medium">{t('billingCycle')}</span>
+                <span>{t(subscription.billing_cycle)}</span>
+              </div>
+              {subscription.current_period_end && (
+                <div className="flex items-center justify-between">
+                  <span className="font-medium">{t('expiresOn')}</span>
+                  <span>{new Date(subscription.current_period_end).toLocaleDateString()}</span>
+                </div>
+              )}
+              {!subscription.cancel_at_period_end && (
+                <Button variant="outline" onClick={handleCancel}>
+                  {t('cancelRenewal')}
+                </Button>
+              )}
+              {subscription.cancel_at_period_end && (
+                <p className="text-sm text-muted-foreground">{t('cancelledAtPeriodEnd')}</p>
+              )}
+            </>
+          ) : (
+            <div className="text-center py-6">
+              <p className="text-muted-foreground mb-4">{t('noActiveSubscription')}</p>
+              <Button onClick={() => router.push('/pricing')}>{t('upgradeNow')}</Button>
+            </div>
+          )}
+        </CardContent>
+      </Card>
+
+      <Card>
+        <CardHeader>
+          <CardTitle>{t('paymentHistory')}</CardTitle>
+        </CardHeader>
+        <CardContent>
+          {payments && payments.length > 0 ? (
+            <div className="space-y-3">
+              {payments.map((payment: Payment) => (
+                <div
+                  key={payment.id}
+                  className="flex items-center justify-between border-b py-3 last:border-0"
+                >
+                  <div>
+                    <p className="font-medium">{payment.order_no}</p>
+                    <p className="text-sm text-muted-foreground">
+                      {new Date(payment.created_at).toLocaleDateString()}
+                    </p>
+                  </div>
+                  <div className="text-right">
+                    <p className="font-medium">¥{(payment.amount / 100).toFixed(2)}</p>
+                    <Badge variant={payment.status === 'paid' ? 'default' : 'secondary'}>
+                      {t(payment.status)}
+                    </Badge>
+                  </div>
+                </div>
+              ))}
+            </div>
+          ) : (
+            <p className="text-muted-foreground text-center py-6">{t('noPayments')}</p>
+          )}
+        </CardContent>
+      </Card>
+    </div>
+  )
+}

package/dist/templates/web-nextjs/apps/web/src/app/api/payments/alipay/create/route.ts

@@ -0,0 +1,43 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { createAlipayPagePay, createAlipayWapPay } from '@/features/subscription/alipay/server'
+import { getPaymentById } from '@/features/subscription/payment-service'
+
+export async function POST(req: NextRequest) {
+  try {
+    const { paymentId } = (await req.json()) as { paymentId: number }
+
+    const payment = await getPaymentById(paymentId)
+    if (!payment) {
+      return NextResponse.json({ error: 'Payment not found' }, { status: 404 })
+    }
+
+    const userAgent = req.headers.get('user-agent') || ''
+    const isMobile = /Mobile|Android|iPhone/i.test(userAgent)
+
+    const notifyUrl = `${process.env.NEXT_PUBLIC_APP_URL}/api/payments/alipay/notify`
+    const returnUrl = `${process.env.NEXT_PUBLIC_APP_URL}/payment/${payment.id}`
+
+    if (isMobile) {
+      const result = await createAlipayWapPay({
+        outTradeNo: payment.order_no,
+        totalAmount: String(payment.amount / 100),
+        subject: 'Subscription',
+        returnUrl,
+        notifyUrl,
+      })
+      return NextResponse.json({ redirectUrl: result.redirectUrl })
+    } else {
+      const result = await createAlipayPagePay({
+        outTradeNo: payment.order_no,
+        totalAmount: String(payment.amount / 100),
+        subject: 'Subscription',
+        returnUrl,
+        notifyUrl,
+      })
+      return NextResponse.json({ formHtml: result.formHtml })
+    }
+  } catch (error) {
+    console.error('Alipay create error:', error)
+    return NextResponse.json({ error: 'Failed to create Alipay payment' }, { status: 500 })
+  }
+}

package/dist/templates/web-nextjs/apps/web/src/app/api/payments/alipay/notify/route.ts

@@ -0,0 +1,105 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { verifyAlipayNotify } from '@/features/subscription/alipay/server'
+import { createAdminClient } from '@/lib/supabase/admin'
+import { getPaymentByOrderNo } from '@/features/subscription/payment-service'
+
+export async function POST(req: NextRequest) {
+  try {
+    const formData = await req.formData()
+    const data: Record<string, unknown> = {}
+    formData.forEach((value, key) => {
+      data[key] = value
+    })
+
+    const isValid = await verifyAlipayNotify(data)
+    if (!isValid) {
+      return new NextResponse('fail', { status: 400 })
+    }
+
+    const outTradeNo = data.out_trade_no as string
+    const tradeStatus = data.trade_status as string
+    const tradeNo = data.trade_no as string
+    const totalAmount = data.total_amount as string
+    const appId = data.app_id as string
+    const sellerId = data.seller_id as string
+
+    // Validate critical business fields against the local order
+    const payment = await getPaymentByOrderNo(outTradeNo)
+    if (!payment) {
+      console.warn(`Alipay notify: payment not found for order ${outTradeNo}`)
+      return new NextResponse('success', { status: 200 })
+    }
+
+    // Verify app_id matches our configured app
+    if (appId !== process.env.ALIPAY_APP_ID) {
+      console.warn(
+        `Alipay notify: app_id mismatch. received=${appId}, expected=${process.env.ALIPAY_APP_ID}`,
+      )
+      return new NextResponse('fail', { status: 400 })
+    }
+
+    // Verify amount matches the local order (convert to cents for comparison)
+    const notifyAmountCents = Math.round(parseFloat(totalAmount) * 100)
+    if (notifyAmountCents !== payment.amount) {
+      console.warn(
+        `Alipay notify: amount mismatch. order=${outTradeNo}, expected=${payment.amount}, received=${notifyAmountCents}`,
+      )
+      return new NextResponse('fail', { status: 400 })
+    }
+
+    // Verify seller_id if configured
+    if (process.env.ALIPAY_SELLER_ID && sellerId !== process.env.ALIPAY_SELLER_ID) {
+      console.warn(`Alipay notify: seller_id mismatch. received=${sellerId}`)
+      return new NextResponse('fail', { status: 400 })
+    }
+
+    if (tradeStatus !== 'TRADE_SUCCESS') {
+      return new NextResponse('success', { status: 200 })
+    }
+
+    // Idempotency: already paid
+    if (payment.status === 'paid') {
+      return new NextResponse('success', { status: 200 })
+    }
+
+    const supabase = createAdminClient()
+
+    // Update payment with provider_trade_no unique constraint check
+    const { error: updateError } = await supabase
+      .from('payments')
+      .update({
+        status: 'paid',
+        provider_trade_no: tradeNo,
+        paid_at: new Date().toISOString(),
+        provider_response: data as Record<string, unknown>,
+      })
+      .eq('order_no', outTradeNo)
+      .eq('status', 'pending')
+
+    if (updateError) {
+      console.error('Alipay notify: failed to update payment', updateError)
+      return new NextResponse('fail', { status: 500 })
+    }
+
+    // Update subscription
+    if (payment.subscription_id) {
+      const now = new Date()
+      const nextMonth = new Date(now)
+      nextMonth.setMonth(nextMonth.getMonth() + 1)
+
+      await supabase
+        .from('user_subscriptions')
+        .update({
+          status: 'active',
+          current_period_start: now.toISOString(),
+          current_period_end: nextMonth.toISOString(),
+        })
+        .eq('id', payment.subscription_id)
+    }
+
+    return new NextResponse('success', { status: 200 })
+  } catch (error) {
+    console.error('Alipay notify error:', error)
+    return new NextResponse('fail', { status: 500 })
+  }
+}

package/dist/templates/web-nextjs/apps/web/src/app/api/payments/alipay/query/route.ts

@@ -0,0 +1,54 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { queryAlipayOrder } from '@/features/subscription/alipay/server'
+import { getPaymentByOrderNo } from '@/features/subscription/payment-service'
+import { getServerClient } from '@/infra/db/client'
+
+function normalizeAlipayStatus(tradeStatus: string): string {
+  switch (tradeStatus) {
+    case 'TRADE_SUCCESS':
+    case 'TRADE_FINISHED':
+      return 'paid'
+    case 'TRADE_CLOSED':
+      return 'failed'
+    case 'WAIT_BUYER_PAY':
+    default:
+      return 'pending'
+  }
+}
+
+export async function POST(req: NextRequest) {
+  try {
+    const supabase = await getServerClient()
+    const {
+      data: { user },
+    } = await supabase.auth.getUser()
+
+    if (!user) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const { outTradeNo } = (await req.json()) as { outTradeNo: string }
+
+    // Verify order ownership
+    const payment = await getPaymentByOrderNo(outTradeNo)
+    if (!payment) {
+      return NextResponse.json({ error: 'Payment not found' }, { status: 404 })
+    }
+
+    if (payment.user_id !== user.id) {
+      return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
+    }
+
+    const result = await queryAlipayOrder(outTradeNo)
+    const normalizedStatus = normalizeAlipayStatus(result.tradeStatus)
+
+    return NextResponse.json({
+      status: normalizedStatus,
+      tradeStatus: result.tradeStatus,
+      code: result.code,
+    })
+  } catch (error) {
+    console.error('Alipay query error:', error)
+    return NextResponse.json({ error: 'Failed to query Alipay order' }, { status: 500 })
+  }
+}

package/dist/templates/web-nextjs/apps/web/src/app/api/payments/alipay/return/route.ts

@@ -0,0 +1,20 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { getPaymentByOrderNo } from '@/features/subscription/payment-service'
+
+export async function GET(req: NextRequest) {
+  const url = new URL(req.url)
+  const outTradeNo = url.searchParams.get('out_trade_no')
+
+  if (!outTradeNo) {
+    return NextResponse.redirect(new URL('/pricing', req.url))
+  }
+
+  // Lookup payment by order_no to get the numeric ID for the status page
+  const payment = await getPaymentByOrderNo(outTradeNo)
+  if (!payment) {
+    return NextResponse.redirect(new URL('/pricing', req.url))
+  }
+
+  // Redirect to payment status page using the numeric payment ID
+  return NextResponse.redirect(new URL(`/payment/${payment.id}`, req.url))
+}

package/dist/templates/web-nextjs/apps/web/src/app/api/payments/create/route.ts

@@ -0,0 +1,52 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { createPaymentRecord, getPaymentByOrderNo } from '@/features/subscription/payment-service'
+import { getServerClient } from '@/infra/db/client'
+import { generateOrderNumber } from '@/features/subscription/payment-helpers'
+
+export async function POST(req: NextRequest) {
+  try {
+    const supabase = await getServerClient()
+    const {
+      data: { user },
+    } = await supabase.auth.getUser()
+
+    if (!user) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const body = (await req.json()) as {
+      planId: number
+      amount: number
+      paymentMethod: string
+      billingCycle: string
+    }
+
+    if (!body.planId || !body.amount || !body.paymentMethod || !body.billingCycle) {
+      return NextResponse.json({ error: 'Missing required fields' }, { status: 400 })
+    }
+
+    const orderNo = generateOrderNumber()
+
+    const payment = await createPaymentRecord({
+      user_id: user.id,
+      order_no: orderNo,
+      amount: body.amount,
+      currency: 'CNY',
+      payment_method: body.paymentMethod as 'alipay' | 'wechat',
+      metadata: {
+        plan_id: body.planId,
+        billing_cycle: body.billingCycle,
+      },
+    })
+
+    return NextResponse.json({
+      id: payment.id,
+      orderNo: payment.order_no,
+      amount: payment.amount,
+      status: payment.status,
+    })
+  } catch (error) {
+    console.error('Payment creation error:', error)
+    return NextResponse.json({ error: 'Failed to create payment' }, { status: 500 })
+  }
+}

package/dist/templates/web-nextjs/apps/web/src/app/api/payments/wechat/create/route.ts

@@ -0,0 +1,58 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { createWechatNativePay, createWechatH5Pay } from '@/features/subscription/wechat/server'
+import { getPaymentById } from '@/features/subscription/payment-service'
+
+export async function POST(req: NextRequest) {
+  try {
+    const { paymentId } = (await req.json()) as { paymentId: number }
+
+    const payment = await getPaymentById(paymentId)
+    if (!payment) {
+      return NextResponse.json({ error: 'Payment not found' }, { status: 404 })
+    }
+
+    const userAgent = req.headers.get('user-agent') || ''
+    const isMobile = /Mobile|Android|iPhone/i.test(userAgent)
+
+    // In development, always use native (qrcode) even on mobile (D3)
+    const forceNative = process.env.NODE_ENV === 'development' && isMobile
+
+    const notifyUrl = `${process.env.NEXT_PUBLIC_APP_URL}/api/payments/wechat/notify`
+
+    if (!isMobile || forceNative) {
+      // Native (PC) - return QR code URL
+      const result = await createWechatNativePay({
+        description: 'Subscription',
+        outTradeNo: payment.order_no,
+        notifyUrl,
+        amount: { total: payment.amount, currency: 'CNY' },
+      })
+
+      if (forceNative) {
+        return NextResponse.json({
+          type: 'qrcode',
+          codeUrl: result.code_url,
+          warning: 'H5 disabled in dev',
+        })
+      }
+
+      return NextResponse.json({ type: 'qrcode', codeUrl: result.code_url })
+    } else {
+      // H5 (mobile)
+      const result = await createWechatH5Pay({
+        description: 'Subscription',
+        outTradeNo: payment.order_no,
+        notifyUrl,
+        amount: { total: payment.amount, currency: 'CNY' },
+        sceneInfo: {
+          payer_client_ip: req.headers.get('x-forwarded-for')?.split(',')[0]?.trim() || '127.0.0.1',
+        },
+      })
+
+      return NextResponse.json({ type: 'redirect', h5Url: result.h5_url })
+    }
+  } catch (error) {
+    console.error('WeChat create error:', error)
+    return NextResponse.json({ error: 'Failed to create WeChat payment' }, { status: 500 })
+  }
+}

package/dist/templates/web-nextjs/apps/web/src/app/api/payments/wechat/notify/route.ts

@@ -0,0 +1,92 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { verifyAndDecryptNotify } from '@/features/subscription/wechat/server'
+import { createAdminClient } from '@/lib/supabase/admin'
+import { getPaymentByOrderNo } from '@/features/subscription/payment-service'
+
+export async function POST(req: NextRequest) {
+  try {
+    const rawBody = await req.text()
+    const headers: Record<string, string | undefined> = {
+      'wechatpay-timestamp': req.headers.get('wechatpay-timestamp') || undefined,
+      'wechatpay-nonce': req.headers.get('wechatpay-nonce') || undefined,
+      'wechatpay-signature': req.headers.get('wechatpay-signature') || undefined,
+      'wechatpay-serial': req.headers.get('wechatpay-serial') || undefined,
+    }
+
+    const result = await verifyAndDecryptNotify(headers, rawBody)
+
+    if (result.tradeState !== 'SUCCESS') {
+      return NextResponse.json({ code: 'SUCCESS', message: '成功' })
+    }
+
+    const payment = await getPaymentByOrderNo(result.outTradeNo)
+    if (!payment) {
+      console.warn(`WeChat notify: payment not found for order ${result.outTradeNo}`)
+      return NextResponse.json({ code: 'SUCCESS', message: '成功' })
+    }
+
+    // Validate mch_id matches our configured merchant
+    if (result.mchId !== process.env.WECHAT_PAY_MCH_ID) {
+      console.warn(`WeChat notify: mch_id mismatch. received=${result.mchId}`)
+      return NextResponse.json({ code: 'FAIL', message: 'mch_id mismatch' }, { status: 400 })
+    }
+
+    // Validate appid matches our configured app
+    if (result.appId !== process.env.WECHAT_PAY_APP_ID) {
+      console.warn(`WeChat notify: appid mismatch. received=${result.appId}`)
+      return NextResponse.json({ code: 'FAIL', message: 'appid mismatch' }, { status: 400 })
+    }
+
+    // Validate amount matches the local order
+    if (result.amount !== payment.amount) {
+      console.warn(
+        `WeChat notify: amount mismatch. order=${result.outTradeNo}, expected=${payment.amount}, received=${result.amount}`,
+      )
+      return NextResponse.json({ code: 'FAIL', message: 'amount mismatch' }, { status: 400 })
+    }
+
+    // Idempotency
+    if (payment.status === 'paid') {
+      return NextResponse.json({ code: 'SUCCESS', message: '成功' })
+    }
+
+    const supabase = createAdminClient()
+
+    // Update payment with provider_trade_no and conditional update
+    const { error: updateError } = await supabase
+      .from('payments')
+      .update({
+        status: 'paid',
+        provider_trade_no: result.transactionId,
+        paid_at: new Date().toISOString(),
+      })
+      .eq('order_no', result.outTradeNo)
+      .eq('status', 'pending')
+
+    if (updateError) {
+      console.error('WeChat notify: failed to update payment', updateError)
+      return NextResponse.json({ code: 'FAIL', message: 'update failed' }, { status: 500 })
+    }
+
+    // Update subscription
+    if (payment.subscription_id) {
+      const now = new Date()
+      const nextMonth = new Date(now)
+      nextMonth.setMonth(nextMonth.getMonth() + 1)
+
+      await supabase
+        .from('user_subscriptions')
+        .update({
+          status: 'active',
+          current_period_start: now.toISOString(),
+          current_period_end: nextMonth.toISOString(),
+        })
+        .eq('id', payment.subscription_id)
+    }
+
+    return NextResponse.json({ code: 'SUCCESS', message: '成功' })
+  } catch (error) {
+    console.error('WeChat notify error:', error)
+    return NextResponse.json({ code: 'FAIL', message: (error as Error).message }, { status: 500 })
+  }
+}

package/dist/templates/web-nextjs/apps/web/src/app/api/payments/wechat/query/route.ts

@@ -0,0 +1,54 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { queryWechatOrder } from '@/features/subscription/wechat/server'
+import { getPaymentByOrderNo } from '@/features/subscription/payment-service'
+import { getServerClient } from '@/infra/db/client'
+
+function normalizeWechatStatus(tradeState: string): string {
+  switch (tradeState) {
+    case 'SUCCESS':
+      return 'paid'
+    case 'CLOSED':
+    case 'REVOKED':
+      return 'failed'
+    case 'NOTPAY':
+    case 'USERPAYING':
+    default:
+      return 'pending'
+  }
+}
+
+export async function POST(req: NextRequest) {
+  try {
+    const supabase = await getServerClient()
+    const {
+      data: { user },
+    } = await supabase.auth.getUser()
+
+    if (!user) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const { outTradeNo } = (await req.json()) as { outTradeNo: string }
+
+    // Verify order ownership
+    const payment = await getPaymentByOrderNo(outTradeNo)
+    if (!payment) {
+      return NextResponse.json({ error: 'Payment not found' }, { status: 404 })
+    }
+
+    if (payment.user_id !== user.id) {
+      return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
+    }
+
+    const result = await queryWechatOrder(outTradeNo)
+    const normalizedStatus = normalizeWechatStatus(result.trade_state)
+
+    return NextResponse.json({
+      status: normalizedStatus,
+      tradeState: result.trade_state,
+    })
+  } catch (error) {
+    console.error('WeChat query error:', error)
+    return NextResponse.json({ error: 'Failed to query WeChat order' }, { status: 500 })
+  }
+}

package/dist/templates/web-nextjs/apps/web/src/app/docs/page.tsx

@@ -0,0 +1,5 @@
+import { redirect } from 'next/navigation'
+
+export default function DocsPage() {
+  redirect('http://localhost:3001/docs')
+}

package/dist/templates/web-nextjs/apps/web/src/features/subscription/alipay/client.ts

@@ -0,0 +1,36 @@
+'use client'
+
+interface InitiateAlipayPaymentResult {
+  formHtml?: string
+  redirectUrl?: string
+}
+
+export async function initiateAlipayPayment(paymentId: number, userId: string): Promise<void> {
+  const res = await fetch('/api/payments/alipay/create', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ paymentId, userId }),
+  })
+
+  if (!res.ok) {
+    throw new Error('Failed to initiate Alipay payment')
+  }
+
+  const data: InitiateAlipayPaymentResult = await res.json()
+
+  if (data.formHtml) {
+    // PC page pay: inject form HTML and auto-submit
+    const div = document.createElement('div')
+    div.innerHTML = data.formHtml
+    document.body.appendChild(div)
+    const form = div.querySelector('form')
+    if (form) {
+      form.submit()
+    }
+  } else if (data.redirectUrl) {
+    // H5 wap pay: redirect
+    window.location.href = data.redirectUrl
+  } else {
+    throw new Error('Unexpected Alipay response')
+  }
+}