@seasonkoh/webaz 0.1.8 → 0.1.9

package/dist/pwa/routes/users-public.js

@@ -0,0 +1,317 @@
+export function registerUsersPublicRoutes(app, deps) {
+    const { db, auth, noteAuthenticityBadges } = deps;
+    // ref → user id（usr_xxx / permanent_code / @handle 三态）
+    const resolveUserId = (ref0) => {
+        const ref = String(ref0 || '').trim();
+        if (/^usr_[A-Za-z0-9_]+$/.test(ref))
+            return ref;
+        if (/^[A-Z0-9]{6,7}$/i.test(ref) && !ref.startsWith('@')) {
+            const r = db.prepare("SELECT id FROM users WHERE permanent_code = ?").get(ref.toUpperCase());
+            if (r)
+                return r.id;
+        }
+        const h = ref.replace(/^@/, '').toLowerCase();
+        const r = db.prepare("SELECT id FROM users WHERE handle = ?").get(h);
+        return r ? r.id : null;
+    };
+    // 公开 reputation — 仅 level
+    app.get('/api/users/:id/reputation', (req, res) => {
+        let userId = req.params.id;
+        if (userId === 'me') {
+            const user = auth(req, res);
+            if (!user)
+                return;
+            userId = user.id;
+        }
+        const row = db.prepare(`
+      SELECT level, MAX(trust_score) as max_score
+      FROM agent_reputation WHERE user_id = ?
+      GROUP BY user_id
+    `).get(userId);
+        if (!row)
+            return void res.json({ user_id: userId, level: 'new' });
+        res.json({ user_id: userId, level: row.level });
+    });
+    // PV 简报：组织图点击节点用
+    app.get('/api/users/:id/pv-summary', (req, res) => {
+        const me = auth(req, res);
+        if (!me)
+            return;
+        const ref = String(req.params.id || '').trim();
+        let targetId = null;
+        if (/^usr_[A-Za-z0-9_]+$/.test(ref))
+            targetId = ref;
+        else if (/^[A-Z0-9]{6,7}$/i.test(ref) && !ref.startsWith('@')) {
+            const r = db.prepare("SELECT id FROM users WHERE permanent_code = ?").get(ref.toUpperCase());
+            if (r)
+                targetId = r.id;
+        }
+        if (!targetId)
+            return void res.json({ error: 'user not found' });
+        const u = db.prepare(`
+      SELECT id, name, permanent_code, handle, total_left_pv, total_right_pv,
+             placement_id, placement_side, placement_depth, left_child_id, right_child_id, created_at
+      FROM users WHERE id = ?
+    `).get(targetId);
+        if (!u)
+            return void res.json({ error: 'user not found' });
+        const placementName = u.placement_id ? db.prepare("SELECT name FROM users WHERE id = ?").get(u.placement_id)?.name : null;
+        const leftChildName = u.left_child_id ? db.prepare("SELECT name FROM users WHERE id = ?").get(u.left_child_id)?.name : null;
+        const rightChildName = u.right_child_id ? db.prepare("SELECT name FROM users WHERE id = ?").get(u.right_child_id)?.name : null;
+        const score = db.prepare(`
+      SELECT
+        COALESCE(SUM(CASE WHEN settled_at IS NULL THEN score ELSE 0 END),0) AS pending_score,
+        COALESCE(SUM(CASE WHEN settled_at IS NOT NULL THEN waz_amount ELSE 0 END),0) AS settled_waz,
+        COUNT(*) AS total_hits
+      FROM binary_score_records WHERE user_id = ?
+    `).get(targetId);
+        const leftPv = Number(u.total_left_pv ?? 0);
+        const rightPv = Number(u.total_right_pv ?? 0);
+        const weak = Math.min(leftPv, rightPv);
+        res.json({
+            id: u.id,
+            name: u.name,
+            permanent_code: u.permanent_code || null,
+            handle: u.handle || null,
+            placement: u.placement_id ? { id: u.placement_id, name: placementName, side: u.placement_side, depth: u.placement_depth } : null,
+            left_child: u.left_child_id ? { id: u.left_child_id, name: leftChildName } : null,
+            right_child: u.right_child_id ? { id: u.right_child_id, name: rightChildName } : null,
+            total_left_pv: leftPv,
+            total_right_pv: rightPv,
+            weak_leg_pv: weak,
+            pending_score: Number(score.pending_score),
+            settled_waz: Number(score.settled_waz),
+            total_hits: Number(score.total_hits),
+            joined_at: u.created_at,
+        });
+    });
+    // 用户公开 shareables
+    app.get('/api/users/:id/shareables', (req, res) => {
+        const ref = String(req.params.id || '').trim();
+        let ownerId = null;
+        if (/^usr_[A-Za-z0-9_]+$/.test(ref))
+            ownerId = ref;
+        else if (/^[A-Z0-9]{6,7}$/i.test(ref) && !ref.startsWith('@')) {
+            const r = db.prepare("SELECT id FROM users WHERE permanent_code = ?").get(ref.toUpperCase());
+            if (r)
+                ownerId = r.id;
+        }
+        if (!ownerId) {
+            const h = ref.replace(/^@/, '').toLowerCase();
+            const r = db.prepare("SELECT id FROM users WHERE handle = ?").get(h);
+            if (r)
+                ownerId = r.id;
+        }
+        if (!ownerId)
+            return void res.status(404).json({ error: 'user not found' });
+        const rows = db.prepare(`
+      SELECT s.id, s.owner_id, s.owner_code, s.type, s.external_url, s.external_platform, s.external_video_id,
+             s.thumbnail_url, s.title, s.description, s.related_product_id, s.related_anchor,
+             s.related_order_id, s.photo_hashes,
+             s.click_count, s.created_at,
+             p.title AS product_title
+      FROM shareables s
+      LEFT JOIN products p ON p.id = s.related_product_id
+      WHERE s.owner_id = ? AND s.status = 'active'
+      ORDER BY s.created_at DESC LIMIT 100
+    `).all(ownerId);
+        for (const r of rows) {
+            r.badges = noteAuthenticityBadges(r);
+        }
+        res.json({ shareables: rows });
+    });
+    // 用户在售二手（公开：available + reserved）
+    app.get('/api/users/:id/secondhand', (req, res) => {
+        const ownerId = resolveUserId(req.params.id);
+        if (!ownerId)
+            return void res.status(404).json({ error: 'user not found' });
+        const items = db.prepare(`
+      SELECT id, title, price, condition_grade, images, status, category, created_at
+      FROM secondhand_items
+      WHERE seller_id = ? AND status IN ('available', 'reserved')
+      ORDER BY created_at DESC LIMIT 50
+    `).all(ownerId);
+        res.json({ items });
+    });
+    // 用户进行中拍卖（公开：open）
+    app.get('/api/users/:id/auctions', (req, res) => {
+        const ownerId = resolveUserId(req.params.id);
+        if (!ownerId)
+            return void res.status(404).json({ error: 'user not found' });
+        const items = db.prepare(`
+      SELECT id, title, current_price, starting_price, status, deadline_at, bid_count, category, created_at
+      FROM auctions
+      WHERE seller_id = ? AND status = 'open' AND deadline_at > datetime('now')
+      ORDER BY deadline_at ASC LIMIT 50
+    `).all(ownerId);
+        res.json({ items });
+    });
+    // 用户写的测评（公开：作为买家给出的评价）
+    app.get('/api/users/:id/reviews', (req, res) => {
+        const ownerId = resolveUserId(req.params.id);
+        if (!ownerId)
+            return void res.status(404).json({ error: 'user not found' });
+        const items = db.prepare(`
+      SELECT r.order_id, r.product_id, r.stars, r.comment, r.reply, r.created_at,
+             p.title AS product_title, p.images AS product_images
+      FROM order_ratings r
+      LEFT JOIN products p ON p.id = r.product_id
+      WHERE r.buyer_id = ? AND (r.hidden_until IS NULL OR r.hidden_until <= datetime('now'))
+      ORDER BY r.created_at DESC LIMIT 50
+    `).all(ownerId);
+        res.json({ items });
+    });
+    // 用户在售商品（公开：卖家 active 商品）
+    app.get('/api/users/:id/products', (req, res) => {
+        const ownerId = resolveUserId(req.params.id);
+        if (!ownerId)
+            return void res.status(404).json({ error: 'user not found' });
+        const items = db.prepare(`
+      SELECT id, title, price, images, category, completion_count, total_likes, created_at
+      FROM products
+      WHERE seller_id = ? AND status = 'active' AND stock > 0
+      ORDER BY completion_count DESC, created_at DESC LIMIT 50
+    `).all(ownerId);
+        res.json({ items });
+    });
+    // 用户赞过的 shareables（仅 owner 可见）
+    app.get('/api/users/:id/liked-shareables', (req, res) => {
+        const me = auth(req, res);
+        if (!me)
+            return;
+        const ref = String(req.params.id || '').trim();
+        let ownerId = null;
+        if (ref === 'me' || ref === me.id)
+            ownerId = me.id;
+        if (!ownerId)
+            return void res.status(403).json({ error: 'only owner can view liked list' });
+        const rows = db.prepare(`
+      SELECT s.id, s.owner_id, s.owner_code, s.type, s.external_url, s.external_platform,
+             s.thumbnail_url, s.title, s.description, s.photo_hashes, s.related_product_id, s.related_anchor,
+             s.click_count, s.like_count, s.created_at,
+             p.title AS product_title,
+             l.created_at as liked_at
+      FROM shareable_likes l
+      JOIN shareables s ON s.id = l.shareable_id
+      LEFT JOIN products p ON p.id = s.related_product_id
+      WHERE l.user_id = ? AND s.status = 'active'
+      ORDER BY l.created_at DESC LIMIT 100
+    `).all(ownerId);
+        for (const r of rows) {
+            if (typeof r.photo_hashes === 'string') {
+                try {
+                    r.photo_hashes = JSON.parse(r.photo_hashes);
+                }
+                catch {
+                    r.photo_hashes = [];
+                }
+            }
+        }
+        res.json({ shareables: rows });
+    });
+    // 公开卡（未登录可调，分享 banner 用）
+    app.get('/api/users/:id/public-card', (req, res) => {
+        const ref = String(req.params.id || '').trim();
+        const cols = "id, name, bio, search_anchor, created_at, permanent_code, handle";
+        const filter = " AND id != 'sys_protocol'";
+        let row;
+        if (/^usr_[A-Za-z0-9_]+$/.test(ref)) {
+            row = db.prepare(`SELECT ${cols} FROM users WHERE id = ?${filter}`).get(ref);
+        }
+        if (!row && /^[A-Z0-9]{6,7}$/.test(ref.toUpperCase()) && !ref.startsWith('@')) {
+            row = db.prepare(`SELECT ${cols} FROM users WHERE permanent_code = ?${filter}`).get(ref.toUpperCase());
+        }
+        if (!row) {
+            const h = ref.replace(/^@/, '').toLowerCase();
+            row = db.prepare(`SELECT ${cols} FROM users WHERE handle = ?${filter}`).get(h);
+        }
+        if (!row)
+            return void res.status(404).json({ error: 'not_found' });
+        const created = String(row.created_at || '');
+        const days = created ? Math.floor((Date.now() - new Date(created).getTime()) / 86400_000) : null;
+        res.json({
+            id: row.id,
+            permanent_code: row.permanent_code || null,
+            handle: row.handle || null,
+            name: row.name,
+            bio: row.bio || null,
+            search_anchor: row.search_anchor || null,
+            joined_days_ago: days,
+        });
+    });
+    // 公开用户主页 + D2 信誉徽章墙
+    app.get('/api/users/:user_id', (req, res) => {
+        const me = auth(req, res);
+        if (!me)
+            return;
+        const ref = String(req.params.user_id || '').trim();
+        const cols = "id, name, role, region, bio, search_anchor, created_at, reputation, COALESCE(feed_visible, 1) as feed_visible";
+        let target;
+        if (/^usr_[A-Za-z0-9_]+$/.test(ref)) {
+            target = db.prepare(`SELECT ${cols} FROM users WHERE id = ? AND id != 'sys_protocol'`).get(ref);
+        }
+        else if (/^[A-Z0-9]{6,7}$/.test(ref) && !ref.startsWith('@')) {
+            target = db.prepare(`SELECT ${cols} FROM users WHERE permanent_code = ? AND id != 'sys_protocol'`).get(ref.toUpperCase());
+        }
+        if (!target) {
+            const h = ref.replace(/^@/, '').toLowerCase();
+            target = db.prepare(`SELECT ${cols} FROM users WHERE handle = ? AND id != 'sys_protocol'`).get(h);
+        }
+        if (!target)
+            return void res.status(404).json({ error: '用户不存在' });
+        const followers = db.prepare("SELECT COUNT(*) as n FROM follows WHERE followee_id = ?").get(target.id).n;
+        const following = db.prepare("SELECT COUNT(*) as n FROM follows WHERE follower_id = ?").get(target.id).n;
+        const isFollowing = !!db.prepare("SELECT 1 FROM follows WHERE follower_id = ? AND followee_id = ?").get(me.id, target.id);
+        const purchaseCount = db.prepare("SELECT COUNT(*) as n FROM orders WHERE buyer_id = ? AND status = 'completed'").get(target.id).n;
+        const salesCount = db.prepare("SELECT COUNT(*) as n FROM orders WHERE seller_id = ? AND status = 'completed'").get(target.id).n;
+        const likesReceived = db.prepare("SELECT COALESCE(SUM(like_count), 0) as n FROM shareables WHERE owner_id = ? AND status = 'active'").get(target.id).n;
+        // 主人视角加私有统计
+        const isOwner = me.id === target.id;
+        let privateStats = null;
+        if (isOwner) {
+            const w = db.prepare('SELECT balance, earned FROM wallets WHERE user_id = ?').get(me.id);
+            const pv = db.prepare("SELECT total_left_pv, total_right_pv FROM users WHERE id = ?").get(me.id);
+            const score = db.prepare("SELECT COALESCE(SUM(score),0) as s FROM binary_score_records WHERE user_id = ? AND settled_at IS NULL").get(me.id).s;
+            privateStats = {
+                wallet_balance: Number(w?.balance ?? 0),
+                wallet_earned: Number(w?.earned ?? 0),
+                total_left_pv: Number(pv?.total_left_pv ?? 0),
+                total_right_pv: Number(pv?.total_right_pv ?? 0),
+                pending_score: Number(score),
+            };
+        }
+        // D2 信誉徽章墙
+        const rep = Number(target.reputation ?? 0);
+        const commercialLevel = rep >= 400 ? { tier: 5, label: '传奇', emoji: '🌟', color: '#dc2626' } :
+            rep >= 200 ? { tier: 4, label: '专家', emoji: '👑', color: '#9333ea' } :
+                rep >= 100 ? { tier: 3, label: '资深', emoji: '⭐', color: '#4f46e5' } :
+                    rep >= 30 ? { tier: 2, label: '可靠', emoji: '✓', color: '#16a34a' } :
+                        { tier: 1, label: '新手', emoji: '🌱', color: '#9ca3af' };
+        // Agent trust band（P1.2 隐私：trust_score 仅 owner 看，他人仅 level）
+        const agentRow = db.prepare(`SELECT level, MAX(trust_score) as score FROM agent_reputation WHERE user_id = ? GROUP BY user_id`).get(target.id);
+        const agentBand = agentRow ? (isOwner
+            ? { level: agentRow.level, score: Math.round(agentRow.score || 0) }
+            : { level: agentRow.level }) : null;
+        const charity = db.prepare(`SELECT prestige_score, badge_tier, wishes_fulfilled, wishes_made FROM charity_reputation WHERE user_id = ?`).get(target.id);
+        let verifier;
+        try {
+            verifier = db.prepare(`SELECT tier FROM verifier_whitelist WHERE user_id = ?`).get(target.id);
+        }
+        catch { }
+        res.json({
+            id: target.id, name: target.name, role: target.role, region: target.region,
+            bio: target.bio, search_anchor: target.search_anchor, created_at: target.created_at,
+            feed_visible: Number(target.feed_visible),
+            followers, following, is_following: isFollowing,
+            purchase_count: purchaseCount, sales_count: salesCount, likes_received: likesReceived,
+            is_owner: isOwner,
+            private_stats: privateStats,
+            badges: {
+                commercial: { ...commercialLevel, score: rep },
+                agent: agentBand,
+                charity: charity ? { prestige: Math.round(charity.prestige_score || 0), badge: charity.badge_tier, fulfilled: charity.wishes_fulfilled || 0, made: charity.wishes_made || 0 } : null,
+                verifier: verifier ? { tier: verifier.tier } : null,
+            },
+        });
+    });
+}

package/dist/pwa/routes/variants.js

@@ -0,0 +1,156 @@
+/** options → canonical key（sort + join）— 防同规格组合两次入库 */
+function canonicalOptionsKey(options) {
+    return Object.keys(options).sort().map(k => `${k}=${String(options[k])}`).join('|');
+}
+export function registerVariantsRoutes(app, deps) {
+    const { db, generateId, auth } = deps;
+    // 公开列出（含 buyer 下单页查可选项）
+    app.get('/api/products/:product_id/variants', (req, res) => {
+        const rows = db.prepare(`
+      SELECT id, sku, options_json, price_override, stock, images_json, is_active, created_at
+      FROM product_variants
+      WHERE product_id = ? AND is_active = 1
+      ORDER BY created_at ASC LIMIT 100
+    `).all(req.params.product_id);
+        const items = rows.map(r => {
+            let options = {};
+            let images = [];
+            try {
+                options = JSON.parse(r.options_json);
+            }
+            catch { }
+            try {
+                if (r.images_json)
+                    images = JSON.parse(r.images_json);
+            }
+            catch { }
+            return { ...r, options, images, options_json: undefined, images_json: undefined };
+        });
+        res.json({ items });
+    });
+    app.post('/api/products/:product_id/variants', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const p = db.prepare('SELECT id, seller_id FROM products WHERE id = ?').get(req.params.product_id);
+        if (!p)
+            return void res.status(404).json({ error: '商品不存在' });
+        if (p.seller_id !== user.id)
+            return void res.status(403).json({ error: '仅自己商品可加 variant' });
+        const { sku, options, price_override, stock, images } = req.body || {};
+        if (!options || typeof options !== 'object' || Object.keys(options).length === 0) {
+            return void res.status(400).json({ error: 'options 必填 (e.g. {"颜色":"红","尺寸":"L"})' });
+        }
+        const stockN = Number.isFinite(Number(stock)) ? Math.max(0, Number(stock)) : 0;
+        const priceN = price_override != null ? Number(price_override) : null;
+        if (priceN != null && (priceN <= 0 || priceN > 1_000_000))
+            return void res.status(400).json({ error: 'price_override 无效' });
+        const optKey = canonicalOptionsKey(options);
+        const dup = db.prepare(`SELECT id FROM product_variants WHERE product_id = ? AND options_key = ? AND is_active = 1`)
+            .get(req.params.product_id, optKey);
+        if (dup)
+            return void res.status(409).json({ error: '该规格组合已存在', existing_id: dup.id });
+        const id = generateId('pv');
+        db.transaction(() => {
+            db.prepare(`INSERT INTO product_variants (id, product_id, sku, options_json, options_key, price_override, stock, images_json) VALUES (?,?,?,?,?,?,?,?)`)
+                .run(id, req.params.product_id, sku || null, JSON.stringify(options), optKey, priceN, stockN, images ? JSON.stringify(images) : null);
+            // P1-1: 首次添加 variant 时，把 product.stock 重置为该 variant 的 stock；
+            // 后续添加直接累加 — 让 product.stock 等于 sum(variant.stock)
+            const isFirst = db.prepare(`SELECT COUNT(*) as n FROM product_variants WHERE product_id = ?`).get(req.params.product_id).n === 1;
+            if (isFirst) {
+                db.prepare(`UPDATE products SET has_variants = 1, stock = ?, updated_at = datetime('now') WHERE id = ?`).run(stockN, req.params.product_id);
+            }
+            else {
+                db.prepare(`UPDATE products SET stock = stock + ?, updated_at = datetime('now') WHERE id = ?`).run(stockN, req.params.product_id);
+            }
+        })();
+        res.json({ success: true, id });
+    });
+    app.patch('/api/products/:product_id/variants/:variant_id', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const v = db.prepare(`SELECT v.*, p.seller_id FROM product_variants v JOIN products p ON p.id = v.product_id WHERE v.id = ? AND v.product_id = ?`).get(req.params.variant_id, req.params.product_id);
+        if (!v)
+            return void res.status(404).json({ error: 'variant 不存在' });
+        if (v.seller_id !== user.id)
+            return void res.status(403).json({ error: '无权限' });
+        const { sku, options, price_override, stock, images, is_active } = req.body || {};
+        const sets = [];
+        const args = [];
+        if (sku !== undefined) {
+            sets.push('sku = ?');
+            args.push(sku || null);
+        }
+        if (options !== undefined) {
+            if (!options || typeof options !== 'object' || Object.keys(options).length === 0) {
+                return void res.status(400).json({ error: 'options 不能为空' });
+            }
+            const newKey = canonicalOptionsKey(options);
+            const dup = db.prepare(`SELECT id FROM product_variants WHERE product_id = ? AND options_key = ? AND id != ? AND is_active = 1`)
+                .get(req.params.product_id, newKey, req.params.variant_id);
+            if (dup)
+                return void res.status(409).json({ error: '该规格组合已存在', existing_id: dup.id });
+            sets.push('options_json = ?');
+            args.push(JSON.stringify(options));
+            sets.push('options_key = ?');
+            args.push(newKey);
+        }
+        if (price_override !== undefined) {
+            sets.push('price_override = ?');
+            args.push(price_override == null ? null : Number(price_override));
+        }
+        let stockDelta = 0;
+        if (stock !== undefined) {
+            const newStock = Math.max(0, Number(stock) || 0);
+            const oldStock = Number(v.stock || 0);
+            stockDelta = newStock - oldStock;
+            sets.push('stock = ?');
+            args.push(newStock);
+        }
+        if (images !== undefined) {
+            sets.push('images_json = ?');
+            args.push(images ? JSON.stringify(images) : null);
+        }
+        if (is_active !== undefined) {
+            sets.push('is_active = ?');
+            args.push(is_active ? 1 : 0);
+        }
+        if (sets.length === 0)
+            return void res.status(400).json({ error: '无可更新字段' });
+        sets.push(`updated_at = datetime('now')`);
+        args.push(req.params.variant_id);
+        db.transaction(() => {
+            db.prepare(`UPDATE product_variants SET ${sets.join(', ')} WHERE id = ?`).run(...args);
+            if (stockDelta !== 0) {
+                db.prepare(`UPDATE products SET stock = MAX(0, stock + ?), updated_at = datetime('now') WHERE id = ?`)
+                    .run(stockDelta, req.params.product_id);
+            }
+        })();
+        res.json({ success: true });
+    });
+    app.delete('/api/products/:product_id/variants/:variant_id', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const v = db.prepare(`SELECT v.id, v.stock, p.seller_id FROM product_variants v JOIN products p ON p.id = v.product_id WHERE v.id = ? AND v.product_id = ?`).get(req.params.variant_id, req.params.product_id);
+        if (!v)
+            return void res.status(404).json({ error: 'variant 不存在' });
+        if (v.seller_id !== user.id)
+            return void res.status(403).json({ error: '无权限' });
+        db.transaction(() => {
+            db.prepare('DELETE FROM product_variants WHERE id = ?').run(req.params.variant_id);
+            // P1-1: 从 product.stock aggregate 中扣除该 variant 的 stock
+            const variantStock = Number(v.stock || 0);
+            if (variantStock > 0) {
+                db.prepare(`UPDATE products SET stock = MAX(0, stock - ?), updated_at = datetime('now') WHERE id = ?`)
+                    .run(variantStock, req.params.product_id);
+            }
+            const remaining = db.prepare('SELECT COUNT(*) as n FROM product_variants WHERE product_id = ?').get(req.params.product_id).n;
+            if (remaining === 0) {
+                db.prepare(`UPDATE products SET has_variants = 0, updated_at = datetime('now') WHERE id = ?`).run(req.params.product_id);
+            }
+        })();
+        res.json({ success: true });
+    });
+}

package/dist/pwa/routes/verifier-user.js

@@ -0,0 +1,107 @@
+export function registerVerifierUserRoutes(app, deps) {
+    const { db, generateId, auth, errorRes, checkVerifierEligibility, getVerifierState, resetDailyQuotaIfNeeded, TIER_QUOTAS, VERIFIER_STAKE_REQUIRED, APP_REJECT_COOLDOWN_DAYS, } = deps;
+    app.get('/api/verifier/eligibility', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        res.json(checkVerifierEligibility(user.id));
+    });
+    app.get('/api/verifier/status', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        if (user.id)
+            resetDailyQuotaIfNeeded(user.id);
+        const state = getVerifierState(user.id);
+        const wl = state.whitelist;
+        const tier = wl?.tier;
+        const quota = tier ? TIER_QUOTAS[tier] : 0;
+        res.json({
+            ...state,
+            tier: tier ?? null,
+            daily_quota: quota,
+            tasks_today: wl?.tasks_today ?? 0,
+            remaining: quota > 0 ? Math.max(0, quota - Number(wl?.tasks_today ?? 0)) : 0,
+            is_system: wl?.is_system === 1,
+            stake_amount: Number(wl?.stake_amount ?? 0),
+        });
+    });
+    app.post('/api/verifier/apply', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const userId = user.id;
+        // 外部审核员仅 buyer 角色（内部审核员由 admin 创建）
+        if (user.role !== 'buyer') {
+            return void errorRes(res, 403, 'ROLE_NOT_BUYER', '外部审核员仅 buyer 角色可申请（卖家 / 受信角色请联系管理员）');
+        }
+        const wl = db.prepare("SELECT 1 FROM verifier_whitelist WHERE user_id = ?").get(userId);
+        if (wl)
+            return void res.json({ error: '你已经是审核员，无需重新申请' });
+        const pending = db.prepare("SELECT 1 FROM verifier_applications WHERE user_id = ? AND status = 'pending'").get(userId);
+        if (pending)
+            return void res.json({ error: '你已有待审申请' });
+        // 30d 拒绝冷却
+        const lastReject = db.prepare("SELECT reviewed_at FROM verifier_applications WHERE user_id = ? AND status = 'rejected' ORDER BY reviewed_at DESC LIMIT 1").get(userId);
+        if (lastReject?.reviewed_at) {
+            const cooldownEnd = new Date(new Date(lastReject.reviewed_at).getTime() + APP_REJECT_COOLDOWN_DAYS * 86400_000);
+            if (cooldownEnd > new Date()) {
+                return void res.json({ error: `申请冷却期未结束，可在 ${cooldownEnd.toISOString().slice(0, 10)} 后重新申请` });
+            }
+        }
+        const elig = checkVerifierEligibility(userId);
+        if (!elig.eligible) {
+            return void res.json({ error: '信誉指标未达标', eligibility: elig });
+        }
+        if (VERIFIER_STAKE_REQUIRED > 0) {
+            const wallet = db.prepare("SELECT balance, staked FROM wallets WHERE user_id = ?").get(userId);
+            if (!wallet || wallet.balance < VERIFIER_STAKE_REQUIRED) {
+                return void res.json({ error: `质押需 ${VERIFIER_STAKE_REQUIRED} WAZ，钱包余额不足` });
+            }
+            db.prepare("UPDATE wallets SET balance = balance - ?, staked = staked + ? WHERE user_id = ?")
+                .run(VERIFIER_STAKE_REQUIRED, VERIFIER_STAKE_REQUIRED, userId);
+        }
+        db.prepare(`INSERT INTO verifier_applications (id, user_id, status, snapshot) VALUES (?,?,?,?)`)
+            .run(generateId('vapp'), userId, 'pending', JSON.stringify(elig.items));
+        res.json({ success: true, stake_locked: VERIFIER_STAKE_REQUIRED });
+    });
+    app.post('/api/verifier/withdraw-application', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const userId = user.id;
+        const pending = db.prepare("SELECT id FROM verifier_applications WHERE user_id = ? AND status = 'pending' LIMIT 1").get(userId);
+        if (!pending)
+            return void res.json({ error: '没有待审申请' });
+        db.prepare("UPDATE verifier_applications SET status = 'withdrawn', reviewed_at = datetime('now') WHERE id = ?").run(pending.id);
+        if (VERIFIER_STAKE_REQUIRED > 0) {
+            db.prepare("UPDATE wallets SET balance = balance + ?, staked = staked - ? WHERE user_id = ?")
+                .run(VERIFIER_STAKE_REQUIRED, VERIFIER_STAKE_REQUIRED, userId);
+        }
+        res.json({ success: true });
+    });
+    app.post('/api/verifier/appeal', (req, res) => {
+        const user = auth(req, res);
+        if (!user)
+            return;
+        const { task_id, submission_id, reason, evidence_urls } = req.body;
+        if (!reason?.trim())
+            return void res.json({ error: '请填写申诉理由' });
+        if (reason.length > 500)
+            return void res.json({ error: '申诉理由过长（>500 字）' });
+        // 必须当前 suspended
+        const stats = db.prepare("SELECT suspended_until FROM verifier_stats WHERE user_id = ?").get(user.id);
+        if (!stats?.suspended_until || new Date(stats.suspended_until).getTime() <= Date.now()) {
+            return void res.json({ error: '当前未处于暂停状态，无需申诉' });
+        }
+        // 近 30 天有申诉过即重复
+        const recent = db.prepare(`SELECT 1 FROM verifier_appeals WHERE user_id = ? AND created_at > datetime('now','-30 day')`).get(user.id);
+        if (recent)
+            return void res.json({ error: '近期已申诉过，每次处罚只能申诉一次' });
+        const evidenceArr = Array.isArray(evidence_urls) ? evidence_urls.slice(0, 3) : [];
+        db.prepare(`INSERT INTO verifier_appeals (id, user_id, task_id, submission_id, reason, evidence_urls)
+                VALUES (?,?,?,?,?,?)`)
+            .run(generateId('vapl'), user.id, task_id || null, submission_id || null, reason.trim(), JSON.stringify(evidenceArr));
+        res.json({ success: true });
+    });
+}