llmapi-v2 2.1.0

package/src/routes/payment.ts

@@ -0,0 +1,189 @@
+import { Router } from 'express';
+import type { Request, Response } from 'express';
+import { v4 as uuidv4 } from 'uuid';
+import { getPool } from '../services/database';
+import { sessionAuth } from '../middleware/session-auth';
+import { createQrPayment, queryAlipayOrder, verifyNotifySign } from '../services/alipay';
+import { logger } from '../utils/logger';
+
+export const paymentRouter = Router();
+
+const PLAN_PRICES: Record<string, number> = {
+  starter: 9,
+  pro: 29,
+  unlimited: 99,
+};
+
+/**
+ * POST /api/payment/create-order
+ * Create an order and generate Alipay QR code.
+ */
+paymentRouter.post('/create-order', sessionAuth, async (req: Request, res: Response) => {
+  try {
+    const { plan } = req.body;
+    const price = PLAN_PRICES[plan];
+    if (!price) {
+      res.status(400).json({ success: false, error: 'Invalid plan' });
+      return;
+    }
+
+    const pool = getPool();
+
+    // Get plan ID
+    const [plans] = await pool.execute('SELECT id, display_name FROM plans WHERE name = ?', [plan]);
+    const planRow = (plans as any[])[0];
+    if (!planRow) {
+      res.status(400).json({ success: false, error: 'Plan not found' });
+      return;
+    }
+
+    // Create order
+    const orderNo = `LLM${Date.now()}${Math.random().toString(36).slice(2, 6).toUpperCase()}`;
+    await pool.execute(
+      'INSERT INTO orders (order_no, user_id, plan_id, amount) VALUES (?, ?, ?, ?)',
+      [orderNo, req.userId, planRow.id, price],
+    );
+
+    // Generate Alipay QR code
+    const qrUrl = await createQrPayment(orderNo, String(price), `LLM API ${planRow.display_name} Monthly`);
+    if (!qrUrl) {
+      res.status(500).json({ success: false, error: 'Failed to create payment' });
+      return;
+    }
+
+    // Convert QR URL to data URL for frontend display
+    const QRCode = require('qrcode');
+    const qrDataUrl = await QRCode.toDataURL(qrUrl, { width: 256 });
+
+    res.json({ success: true, orderNo, qrCode: qrDataUrl, amount: price });
+  } catch (err) {
+    logger.error({ err }, 'create order error');
+    res.status(500).json({ success: false, error: 'Internal error' });
+  }
+});
+
+/**
+ * POST /api/payment/notify
+ * Alipay async callback (no auth required).
+ */
+paymentRouter.post('/notify', async (req: Request, res: Response) => {
+  try {
+    const params = req.body;
+
+    // Verify signature
+    if (!verifyNotifySign(params)) {
+      res.status(400).send('fail');
+      return;
+    }
+
+    const orderNo = params.out_trade_no;
+    const tradeNo = params.trade_no;
+    const tradeStatus = params.trade_status;
+
+    if (tradeStatus !== 'TRADE_SUCCESS' && tradeStatus !== 'TRADE_FINISHED') {
+      res.send('success');
+      return;
+    }
+
+    const pool = getPool();
+
+    // Get order
+    const [orders] = await pool.execute('SELECT * FROM orders WHERE order_no = ?', [orderNo]);
+    const order = (orders as any[])[0];
+    if (!order || order.status === 'paid') {
+      res.send('success');
+      return;
+    }
+
+    // Mark order as paid
+    await pool.execute(
+      'UPDATE orders SET status = ?, trade_no = ?, paid_at = NOW() WHERE order_no = ?',
+      ['paid', tradeNo, orderNo],
+    );
+
+    // Upgrade user subscription
+    const [existingSub] = await pool.execute(
+      'SELECT id FROM subscriptions WHERE user_id = ?',
+      [order.user_id],
+    );
+
+    if ((existingSub as any[]).length > 0) {
+      await pool.execute(
+        "UPDATE subscriptions SET plan_id = ?, tokens_used = 0, period_start = NOW(), period_end = NOW() + INTERVAL '30 days' WHERE user_id = ?",
+        [order.plan_id, order.user_id],
+      );
+    } else {
+      await pool.execute(
+        "INSERT INTO subscriptions (user_id, plan_id, period_end) VALUES (?, ?, NOW() + INTERVAL '30 days')",
+        [order.user_id, order.plan_id],
+      );
+    }
+
+    logger.info({ orderNo, userId: order.user_id, planId: order.plan_id }, 'Payment confirmed');
+    res.send('success');
+  } catch (err) {
+    logger.error({ err }, 'payment notify error');
+    res.status(500).send('fail');
+  }
+});
+
+/**
+ * GET /api/payment/check/:orderNo
+ * Poll for payment status.
+ */
+paymentRouter.get('/check/:orderNo', sessionAuth, async (req: Request, res: Response) => {
+  try {
+    const pool = getPool();
+    const [orders] = await pool.execute(
+      'SELECT status, trade_no FROM orders WHERE order_no = ? AND user_id = ?',
+      [req.params.orderNo, req.userId!],
+    );
+    const order = (orders as any[])[0];
+    if (!order) {
+      res.status(404).json({ success: false, error: 'Order not found' });
+      return;
+    }
+
+    if (order.status === 'paid') {
+      res.json({ success: true, status: 'paid' });
+      return;
+    }
+
+    // Check with Alipay
+    const result = await queryAlipayOrder(req.params.orderNo);
+    if (result?.status === 'paid') {
+      // Update locally
+      await pool.execute(
+        'UPDATE orders SET status = ?, trade_no = ?, paid_at = NOW() WHERE order_no = ?',
+        ['paid', result.tradeNo || '', req.params.orderNo],
+      );
+      res.json({ success: true, status: 'paid' });
+      return;
+    }
+
+    res.json({ success: true, status: 'pending' });
+  } catch (err) {
+    logger.error({ err }, 'check order error');
+    res.status(500).json({ success: false, error: 'Internal error' });
+  }
+});
+
+/**
+ * GET /api/payment/orders
+ * User's order history.
+ */
+paymentRouter.get('/orders', sessionAuth, async (req: Request, res: Response) => {
+  try {
+    const pool = getPool();
+    const [rows] = await pool.execute(`
+      SELECT o.*, p.display_name as plan_name
+      FROM orders o JOIN plans p ON o.plan_id = p.id
+      WHERE o.user_id = ? ORDER BY o.created_at DESC LIMIT 20
+    `, [req.userId!]);
+
+    res.json({ success: true, orders: rows });
+  } catch (err) {
+    logger.error({ err }, 'list orders error');
+    res.status(500).json({ success: false, error: 'Internal error' });
+  }
+});

package/src/routes/sitemap.ts

@@ -0,0 +1,40 @@
+import { Router } from 'express';
+import { getRecentPosts } from '../data/posts';
+
+export const sitemapRouter = Router();
+
+sitemapRouter.get('/sitemap.xml', (_req, res) => {
+  const baseUrl = process.env.SITE_URL || 'https://llmapi.pro';
+  const posts = getRecentPosts(100);
+
+  const staticPages = [
+    { url: '/', priority: '1.0', changefreq: 'weekly' },
+    { url: '/pricing', priority: '0.9', changefreq: 'weekly' },
+    { url: '/docs', priority: '0.9', changefreq: 'weekly' },
+    { url: '/blog', priority: '0.8', changefreq: 'daily' },
+    { url: '/login', priority: '0.3', changefreq: 'monthly' },
+    { url: '/register', priority: '0.5', changefreq: 'monthly' },
+  ];
+
+  const urls = staticPages.map(p => `
+  <url>
+    <loc>${baseUrl}${p.url}</loc>
+    <changefreq>${p.changefreq}</changefreq>
+    <priority>${p.priority}</priority>
+  </url>`).join('');
+
+  const postUrls = posts.map(p => `
+  <url>
+    <loc>${baseUrl}/blog/${p.slug}</loc>
+    <lastmod>${p.date}</lastmod>
+    <changefreq>monthly</changefreq>
+    <priority>0.7</priority>
+  </url>`).join('');
+
+  res.setHeader('Content-Type', 'application/xml');
+  res.send(`<?xml version="1.0" encoding="UTF-8"?>
+<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
+${urls}
+${postUrls}
+</urlset>`);
+});

package/src/services/alipay.ts

@@ -0,0 +1,116 @@
+import { logger } from '../utils/logger';
+
+// Alipay configuration loaded from env
+let alipayConfig = {
+  appId: '',
+  privateKey: '',
+  alipayPublicKey: '',
+  gateway: 'https://openapi.alipay.com/gateway.do',
+  notifyUrl: '',
+};
+
+export function setAlipayConfig(config: {
+  appId: string;
+  privateKey: string;
+  alipayPublicKey: string;
+  gateway?: string;
+  notifyUrl: string;
+}): void {
+  alipayConfig = { ...alipayConfig, ...config };
+}
+
+/**
+ * Create QR code payment order via Alipay trade.precreate.
+ * Returns the QR code URL string.
+ *
+ * Note: Full Alipay SDK integration requires the 'alipay-sdk' package.
+ * This is a placeholder structure - the actual signing and API call
+ * should use the SDK for proper RSA2 signature handling.
+ */
+export async function createQrPayment(
+  orderNo: string,
+  amount: string,
+  subject: string,
+): Promise<string | null> {
+  try {
+    // Dynamic import to avoid hard dependency when alipay is not configured
+    const AlipaySdk = require('alipay-sdk').default;
+    const sdk = new AlipaySdk({
+      appId: alipayConfig.appId,
+      privateKey: alipayConfig.privateKey,
+      alipayPublicKey: alipayConfig.alipayPublicKey,
+      gateway: alipayConfig.gateway,
+      signType: 'RSA2',
+    });
+
+    const result = await sdk.exec('alipay.trade.precreate', {
+      notify_url: alipayConfig.notifyUrl,
+      bizContent: {
+        out_trade_no: orderNo,
+        total_amount: amount,
+        subject,
+        timeout_express: '30m',
+      },
+    });
+
+    if (result.code === '10000' && result.qrCode) {
+      return result.qrCode;
+    }
+
+    logger.error({ result }, 'Alipay precreate failed');
+    return null;
+  } catch (err) {
+    logger.error({ err }, 'Alipay SDK error');
+    return null;
+  }
+}
+
+/**
+ * Query order status from Alipay.
+ */
+export async function queryAlipayOrder(orderNo: string): Promise<{ status: string; tradeNo?: string } | null> {
+  try {
+    const AlipaySdk = require('alipay-sdk').default;
+    const sdk = new AlipaySdk({
+      appId: alipayConfig.appId,
+      privateKey: alipayConfig.privateKey,
+      alipayPublicKey: alipayConfig.alipayPublicKey,
+      gateway: alipayConfig.gateway,
+      signType: 'RSA2',
+    });
+
+    const result = await sdk.exec('alipay.trade.query', {
+      bizContent: { out_trade_no: orderNo },
+    });
+
+    if (result.code === '10000') {
+      return {
+        status: result.tradeStatus === 'TRADE_SUCCESS' ? 'paid' : 'pending',
+        tradeNo: result.tradeNo,
+      };
+    }
+    return null;
+  } catch (err) {
+    logger.error({ err }, 'Alipay query error');
+    return null;
+  }
+}
+
+/**
+ * Verify Alipay notification signature.
+ */
+export function verifyNotifySign(params: Record<string, string>): boolean {
+  try {
+    const AlipaySdk = require('alipay-sdk').default;
+    const sdk = new AlipaySdk({
+      appId: alipayConfig.appId,
+      privateKey: alipayConfig.privateKey,
+      alipayPublicKey: alipayConfig.alipayPublicKey,
+      signType: 'RSA2',
+    });
+    return sdk.checkNotifySign(params);
+  } catch (err) {
+    logger.error({ err }, 'Alipay verify error');
+    return false;
+  }
+}

package/src/services/database.ts

@@ -0,0 +1,187 @@
+import { Pool } from 'pg';
+import bcrypt from 'bcryptjs';
+import { logger } from '../utils/logger';
+
+let pool: Pool;
+
+export function getPool() {
+  return {
+    execute: async (sql: string, params?: any[]) => {
+      // Convert ? placeholders to $1, $2, etc for pg
+      let idx = 0;
+      const pgSql = sql.replace(/\?/g, () => `$${++idx}`);
+      const result = await pool.query(pgSql, params);
+      return [result.rows, result.fields] as [any[], any];
+    },
+  };
+}
+
+export async function initDatabase(databaseUrl: string): Promise<void> {
+  pool = new Pool({
+    connectionString: databaseUrl,
+    max: 10,
+  });
+
+  // Test connection
+  const client = await pool.connect();
+  await client.query('SELECT 1');
+  client.release();
+  logger.info('PostgreSQL connected');
+
+  await createTables();
+  await createIndexes();
+  await seedPlans();
+  await seedAdmin();
+}
+
+async function createTables(): Promise<void> {
+  await pool.query(`
+    CREATE TABLE IF NOT EXISTS users (
+      id SERIAL PRIMARY KEY,
+      email VARCHAR(255) UNIQUE NOT NULL,
+      password_hash VARCHAR(255) NOT NULL,
+      name VARCHAR(100),
+      role VARCHAR(10) DEFAULT 'user',
+      status VARCHAR(20) DEFAULT 'active',
+      verified SMALLINT DEFAULT 0,
+      created_at TIMESTAMPTZ DEFAULT NOW(),
+      updated_at TIMESTAMPTZ DEFAULT NOW()
+    )
+  `);
+
+  await pool.query(`
+    CREATE TABLE IF NOT EXISTS api_keys (
+      id SERIAL PRIMARY KEY,
+      user_id INT REFERENCES users(id) ON DELETE CASCADE,
+      key_prefix VARCHAR(12),
+      key_hash VARCHAR(64),
+      name VARCHAR(100) DEFAULT 'Default',
+      status VARCHAR(10) DEFAULT 'active',
+      rate_limit INT DEFAULT 60,
+      last_used_at TIMESTAMPTZ,
+      created_at TIMESTAMPTZ DEFAULT NOW()
+    )
+  `);
+
+  await pool.query(`
+    CREATE TABLE IF NOT EXISTS plans (
+      id SERIAL PRIMARY KEY,
+      name VARCHAR(50) UNIQUE NOT NULL,
+      display_name VARCHAR(100) NOT NULL,
+      price_monthly DECIMAL(10,2) DEFAULT 0,
+      token_limit_monthly BIGINT DEFAULT 100000,
+      rate_limit_rpm INT DEFAULT 10,
+      max_api_keys INT DEFAULT 1,
+      max_input_tokens INT DEFAULT 131072,
+      created_at TIMESTAMPTZ DEFAULT NOW()
+    )
+  `);
+
+  await pool.query(`
+    CREATE TABLE IF NOT EXISTS subscriptions (
+      id SERIAL PRIMARY KEY,
+      user_id INT REFERENCES users(id) ON DELETE CASCADE,
+      plan_id INT REFERENCES plans(id),
+      tokens_used BIGINT DEFAULT 0,
+      period_start TIMESTAMPTZ DEFAULT NOW(),
+      period_end TIMESTAMPTZ,
+      created_at TIMESTAMPTZ DEFAULT NOW()
+    )
+  `);
+
+  await pool.query(`
+    CREATE TABLE IF NOT EXISTS usage_logs (
+      id BIGSERIAL PRIMARY KEY,
+      user_id INT NOT NULL,
+      api_key_id INT,
+      model VARCHAR(100),
+      provider_name VARCHAR(50),
+      input_tokens INT DEFAULT 0,
+      output_tokens INT DEFAULT 0,
+      thinking_tokens INT DEFAULT 0,
+      provider_cost DECIMAL(10,6) DEFAULT 0,
+      ttft_ms INT DEFAULT 0,
+      tokens_per_sec REAL DEFAULT 0,
+      duration_ms INT DEFAULT 0,
+      endpoint VARCHAR(100) DEFAULT '/v1/messages',
+      status VARCHAR(10) DEFAULT 'success',
+      created_at TIMESTAMPTZ DEFAULT NOW()
+    )
+  `);
+
+  await pool.query(`
+    CREATE TABLE IF NOT EXISTS orders (
+      id SERIAL PRIMARY KEY,
+      order_no VARCHAR(50) UNIQUE NOT NULL,
+      user_id INT REFERENCES users(id) ON DELETE CASCADE,
+      plan_id INT REFERENCES plans(id),
+      amount DECIMAL(10,2) NOT NULL,
+      status VARCHAR(20) DEFAULT 'pending',
+      payment_method VARCHAR(20) DEFAULT 'alipay',
+      trade_no VARCHAR(100),
+      paid_at TIMESTAMPTZ,
+      created_at TIMESTAMPTZ DEFAULT NOW()
+    )
+  `);
+
+  await pool.query(`
+    CREATE TABLE IF NOT EXISTS remote_sessions (
+      id SERIAL PRIMARY KEY,
+      session_id VARCHAR(64) UNIQUE NOT NULL,
+      user_id INT REFERENCES users(id) ON DELETE CASCADE,
+      status VARCHAR(20) DEFAULT 'active',
+      encrypted_key TEXT,
+      created_at TIMESTAMPTZ DEFAULT NOW(),
+      closed_at TIMESTAMPTZ
+    )
+  `);
+
+  logger.info('Database tables ensured');
+}
+
+async function createIndexes(): Promise<void> {
+  await pool.query(`CREATE INDEX IF NOT EXISTS idx_key_lookup ON api_keys (key_prefix, key_hash, status)`);
+  await pool.query(`CREATE INDEX IF NOT EXISTS idx_user_period ON subscriptions (user_id, period_start)`);
+  await pool.query(`CREATE INDEX IF NOT EXISTS idx_user_created ON usage_logs (user_id, created_at)`);
+  await pool.query(`CREATE INDEX IF NOT EXISTS idx_provider ON usage_logs (provider_name, created_at)`);
+  await pool.query(`CREATE INDEX IF NOT EXISTS idx_remote_session ON remote_sessions (session_id, status)`);
+  await pool.query(`CREATE INDEX IF NOT EXISTS idx_remote_user ON remote_sessions (user_id, status)`);
+
+  logger.info('Database indexes ensured');
+}
+
+async function seedPlans(): Promise<void> {
+  await pool.query(`
+    INSERT INTO plans (name, display_name, price_monthly, token_limit_monthly, rate_limit_rpm, max_api_keys, max_input_tokens) VALUES
+    ('free',      'Free',      0,     50000,      10,  1,  65536),
+    ('starter',   'Starter',   9,     2000000,    30,  3,  131072),
+    ('pro',       'Pro',       29,    10000000,   60,  5,  131072),
+    ('unlimited', 'Team',      99,    50000000,   120, 10, 131072)
+    ON CONFLICT (name) DO NOTHING
+  `);
+  logger.info('Default plans seeded');
+}
+
+async function seedAdmin(): Promise<void> {
+  const { rows } = await pool.query('SELECT id FROM users WHERE role = $1', ['admin']);
+  if (rows.length > 0) return;
+
+  const hash = await bcrypt.hash('admin123', 10);
+  const { rows: insertedRows } = await pool.query(
+    'INSERT INTO users (email, password_hash, name, role, verified, status) VALUES ($1, $2, $3, $4, 1, $5) RETURNING id',
+    ['admin@llmapi.pro', hash, 'Admin', 'admin', 'active'],
+  );
+  const adminId = insertedRows[0].id;
+
+  // Give admin the unlimited plan
+  const { rows: planRows } = await pool.query('SELECT id FROM plans WHERE name = $1', ['unlimited']);
+  const planId = planRows[0]?.id;
+  if (planId) {
+    await pool.query(
+      `INSERT INTO subscriptions (user_id, plan_id, period_end) VALUES ($1, $2, NOW() + INTERVAL '100 years')`,
+      [adminId, planId],
+    );
+  }
+
+  logger.info('Default admin created (admin@llmapi.pro / admin123)');
+}

package/src/services/health-checker.ts

@@ -0,0 +1,115 @@
+import { getProviders } from '../providers/registry';
+import type { LLMProvider } from '../providers/types';
+import { logger } from '../utils/logger';
+
+interface ProviderHealth {
+  name: string;
+  healthy: boolean;
+  lastCheckAt: number;
+  lastLatencyMs: number;
+  lastError: string | null;
+  consecutiveSuccesses: number;
+  consecutiveFailures: number;
+}
+
+const healthStatus = new Map<string, ProviderHealth>();
+let intervalId: ReturnType<typeof setInterval> | null = null;
+
+export function startHealthChecker(intervalMs = 60_000): void {
+  if (intervalId) return;
+  checkAll();
+  intervalId = setInterval(checkAll, intervalMs);
+  logger.info({ intervalMs }, 'Health checker started');
+}
+
+export function stopHealthChecker(): void {
+  if (intervalId) {
+    clearInterval(intervalId);
+    intervalId = null;
+  }
+}
+
+async function checkAll(): Promise<void> {
+  const providers = getProviders();
+  const checks = Array.from(providers.values()).map(checkProvider);
+  await Promise.allSettled(checks);
+}
+
+async function checkProvider(provider: LLMProvider): Promise<void> {
+  const start = Date.now();
+  let status = healthStatus.get(provider.name) || {
+    name: provider.name,
+    healthy: true,
+    lastCheckAt: 0,
+    lastLatencyMs: 0,
+    lastError: null,
+    consecutiveSuccesses: 0,
+    consecutiveFailures: 0,
+  };
+
+  try {
+    // Health check: send an invalid model name to test if the endpoint is reachable
+    // This returns 400 (bad request) but costs ZERO tokens — we only care if the
+    // endpoint responds, not if the request succeeds.
+    const testBody = JSON.stringify({
+      model: '_health_check_',
+      messages: [{ role: 'user', content: 'ping' }],
+      max_tokens: 1,
+    });
+
+    const res = await provider.proxy('/v1/messages', testBody, {
+      'anthropic-version': '2023-06-01',
+    }, false);
+
+    // Read and discard response
+    await new Promise<void>((resolve) => {
+      res.on('data', () => {});
+      res.on('end', resolve);
+      res.on('error', resolve);
+    });
+
+    const latency = Date.now() - start;
+
+    // 400 = endpoint reachable but invalid model (expected, zero cost)
+    // 200 = somehow worked
+    // 500+ = server error = unhealthy
+    const isUp = res.statusCode !== undefined && res.statusCode < 500;
+
+    if (isUp) {
+      status.healthy = true;
+      status.lastCheckAt = Date.now();
+      status.lastLatencyMs = latency;
+      status.lastError = null;
+      status.consecutiveSuccesses++;
+      status.consecutiveFailures = 0;
+      provider.markHealthy();
+    } else {
+      throw new Error(`HTTP ${res.statusCode}`);
+    }
+
+    logger.debug({ provider: provider.name, latencyMs: latency, status: res.statusCode }, 'Health check passed');
+  } catch (err) {
+    const latency = Date.now() - start;
+    const message = err instanceof Error ? err.message : String(err);
+
+    status.lastCheckAt = Date.now();
+    status.lastLatencyMs = latency;
+    status.lastError = message;
+    status.consecutiveSuccesses = 0;
+    status.consecutiveFailures++;
+
+    if (status.consecutiveFailures >= 3) {
+      status.healthy = false;
+      provider.markUnhealthy(message);
+    }
+
+    logger.warn({ provider: provider.name, err: message, failures: status.consecutiveFailures },
+      'Health check failed');
+  }
+
+  healthStatus.set(provider.name, status);
+}
+
+export function getHealthStatus(): ProviderHealth[] {
+  return Array.from(healthStatus.values());
+}