payment-kit 1.20.5 → 1.20.6

package/api/src/routes/vendor.ts

@@ -0,0 +1,526 @@
+import { Router } from 'express';
+import Joi from 'joi';
+
+import { joinURL } from 'ufo';
+import { VendorAuth } from '@blocklet/payment-vendor';
+import { VendorFulfillmentService } from '../libs/vendor-fulfillment';
+import logger from '../libs/logger';
+import { ProductVendor } from '../store/models/product-vendor';
+import { wallet } from '../libs/auth';
+import { CheckoutSession } from '../store/models';
+import { authenticate } from '../libs/security';
+import { formatToShortUrl } from '../libs/url';
+import dayjs from '../libs/dayjs';
+import { MetadataSchema } from '../libs/api';
+
+const authAdmin = authenticate<CheckoutSession>({ component: true, roles: ['owner', 'admin'] });
+
+const createVendorSchema = Joi.object({
+  vendor_key: Joi.string().max(50).required(),
+  name: Joi.string().max(255).required(),
+  description: Joi.string().max(1000).allow('').optional(),
+  app_url: Joi.string().uri().max(512).required(),
+  webhook_path: Joi.string().max(255).allow('').optional(),
+  blocklet_meta_url: Joi.string().uri().max(512).allow('').optional(),
+  default_commission_rate: Joi.number().min(0).max(100).required(),
+  default_commission_type: Joi.string().valid('percentage', 'fixed_amount').required(),
+  order_create_params: Joi.object().default({}),
+  app_pid: Joi.string().max(255).allow('').optional(),
+  app_logo: Joi.string().max(512).allow('').optional(),
+  status: Joi.string().valid('active', 'inactive').default('active'),
+  metadata: MetadataSchema,
+}).unknown(false);
+
+const updateVendorSchema = Joi.object({
+  name: Joi.string().max(255).optional(),
+  description: Joi.string().max(1000).allow('').optional(),
+  app_url: Joi.string().uri().max(512).optional(),
+  webhook_path: Joi.string().max(255).allow('').optional(),
+  blocklet_meta_url: Joi.string().uri().max(512).allow('').optional(),
+  default_commission_rate: Joi.number().min(0).max(100).optional(),
+  default_commission_type: Joi.string().valid('percentage', 'fixed_amount').optional(),
+  order_create_params: Joi.object().optional(),
+  app_pid: Joi.string().max(255).allow('').optional(),
+  app_logo: Joi.string().max(512).allow('').optional(),
+  status: Joi.string().valid('active', 'inactive').optional(),
+  metadata: MetadataSchema,
+}).unknown(true);
+
+const testFulfillmentSchema = Joi.object({
+  productCode: Joi.string().max(100).required(),
+  quantity: Joi.number().integer().min(1).default(1),
+  customParams: Joi.object().optional(),
+}).unknown(true);
+
+const vendorIdParamSchema = Joi.object({
+  id: Joi.string().max(100).required(),
+});
+
+const sessionIdParamSchema = Joi.object({
+  sessionId: Joi.string().max(100).required(),
+});
+
+function validateParams(schema: Joi.ObjectSchema) {
+  return (req: any, res: any, next: any) => {
+    const { error } = schema.validate(req.params);
+    if (error) {
+      logger.error('Invalid parameters', {
+        error: error.message,
+        params: req.params,
+      });
+      return res.status(400).json({
+        error: 'Invalid parameters',
+        message: error.message,
+      });
+    }
+    return next();
+  };
+}
+
+async function getAllVendors(_req: any, res: any) {
+  try {
+    const vendors = await ProductVendor.findAll({
+      order: [['created_at', 'DESC']],
+    });
+
+    return res.json({
+      data: vendors,
+      pk: wallet.publicKey,
+      total: vendors.length,
+    });
+  } catch (error: any) {
+    logger.error('Failed to get vendors', {
+      error: error.message || error.toString() || 'Unknown error',
+      stack: error.stack,
+    });
+    return res.status(500).json({ error: 'Internal server error. Failed to get vendors' });
+  }
+}
+
+async function getVendorById(req: any, res: any) {
+  try {
+    const vendor = await ProductVendor.findByPk(req.params.id);
+    if (!vendor) {
+      return res.status(404).json({ error: 'Vendor not found' });
+    }
+
+    return res.json({ data: vendor });
+  } catch (error: any) {
+    logger.error('Failed to get vendor', {
+      error: error.message || error.toString() || 'Unknown error',
+      id: req.params.id,
+    });
+    return res.status(500).json({ error: 'Internal server error. Failed to get vendor' });
+  }
+}
+
+async function createVendor(req: any, res: any) {
+  try {
+    const { error, value } = createVendorSchema.validate(req.body);
+    if (error) {
+      return res.status(400).json({
+        error: 'Validation failed',
+        message: error.message,
+      });
+    }
+
+    const {
+      vendor_key: vendorKey,
+      name,
+      description,
+      app_url: appUrl,
+      webhook_path: webhookPath,
+      blocklet_meta_url: blockletMetaUrl,
+      default_commission_rate: defaultCommissionRate,
+      default_commission_type: defaultCommissionType,
+      order_create_params: orderCreateParams,
+      metadata,
+      app_pid: appPid,
+      app_logo: appLogo,
+      status,
+    } = value;
+
+    const blockletMetaUrlFromMetadata = metadata?.blockletMetaUrl || blockletMetaUrl;
+    if (!blockletMetaUrlFromMetadata) {
+      return res.status(400).json({
+        error: 'blockletMetaUrl is required in metadata',
+      });
+    }
+
+    const existingVendor = await ProductVendor.findOne({
+      where: { vendor_key: vendorKey },
+    });
+    if (existingVendor) {
+      return res.status(400).json({ error: 'Vendor key already exists' });
+    }
+
+    const vendor = await ProductVendor.create({
+      vendor_key: vendorKey,
+      name,
+      description,
+      app_url: appUrl,
+      webhook_path: webhookPath,
+      default_commission_rate: defaultCommissionRate,
+      default_commission_type: defaultCommissionType,
+      order_create_params: orderCreateParams || {},
+      status: status || 'active',
+      app_pid: appPid,
+      app_logo: appLogo,
+      metadata: {
+        ...(metadata || {}),
+        ...(blockletMetaUrl && { blockletMetaUrl }),
+      },
+      created_by: req.user?.did || 'admin',
+    });
+
+    logger.info('Vendor created', { vendorId: vendor.id, vendorKey: vendor.vendor_key });
+    return res.status(201).json({ data: vendor });
+  } catch (error: any) {
+    logger.error('Failed to create vendor', {
+      error: error.message || error.toString() || 'Unknown error',
+    });
+    return res.status(500).json({ error: 'Internal server error' });
+  }
+}
+
+async function updateVendor(req: any, res: any) {
+  try {
+    const vendor = await ProductVendor.findByPk(req.params.id);
+    if (!vendor) {
+      return res.status(404).json({ error: 'Vendor not found' });
+    }
+
+    const { error, value } = updateVendorSchema.validate(req.body);
+    if (error) {
+      return res.status(400).json({
+        error: 'Validation failed',
+        message: error.message,
+      });
+    }
+
+    const {
+      name,
+      description,
+      app_url: appUrl,
+      webhook_path: webhookPath,
+      blocklet_meta_url: blockletMetaUrl,
+      default_commission_rate: defaultCommissionRate,
+      default_commission_type: defaultCommissionType,
+      order_create_params: orderCreateParams,
+      status,
+      metadata,
+      app_pid: appPid,
+      app_logo: appLogo,
+    } = value;
+
+    if (req.body.vendorKey && req.body.vendorKey !== vendor.vendor_key) {
+      const existingVendor = await ProductVendor.findOne({
+        where: { vendor_key: req.body.vendorKey },
+      });
+      if (existingVendor) {
+        return res.status(400).json({ error: 'Vendor key already exists' });
+      }
+    }
+    const updates = {
+      name,
+      description,
+      app_url: appUrl,
+      webhook_path: webhookPath,
+      default_commission_rate: defaultCommissionRate,
+      default_commission_type: defaultCommissionType,
+      order_create_params: orderCreateParams,
+      status,
+      ...((metadata || blockletMetaUrl !== undefined) && {
+        metadata: {
+          ...(vendor.metadata || {}),
+          ...(metadata || {}),
+          ...(blockletMetaUrl !== undefined && { blockletMetaUrl }),
+        },
+      }),
+      app_pid: appPid,
+      app_logo: appLogo,
+      vendor_key: req.body.vendor_key,
+    };
+
+    await vendor.update(Object.fromEntries(Object.entries(updates).filter(([, v]) => v !== undefined)));
+
+    logger.info('Vendor updated', { vendorId: vendor.id });
+    return res.json({ data: vendor });
+  } catch (error: any) {
+    logger.error('Failed to update vendor', { error: error.message, id: req.params.id });
+    return res.status(500).json({ error: 'Internal server error' });
+  }
+}
+
+async function deleteVendor(req: any, res: any) {
+  try {
+    const vendor = await ProductVendor.findByPk(req.params.id);
+    if (!vendor) {
+      return res.status(404).json({ error: 'Vendor not found' });
+    }
+
+    await vendor.destroy();
+
+    logger.info('Vendor deleted', { vendorId: vendor.id });
+    return res.json({ success: true });
+  } catch (error: any) {
+    logger.error('Failed to delete vendor', { error: error.message, id: req.params.id });
+    return res.status(500).json({ error: 'Internal server error' });
+  }
+}
+
+async function testVendorConnection(req: any, res: any) {
+  try {
+    const vendor = await ProductVendor.findByPk(req.params.id);
+    if (!vendor) {
+      return res.status(404).json({ error: 'Vendor not found' });
+    }
+
+    return res.json({
+      success: true,
+      message: 'Connection test completed',
+      vendor: {
+        id: vendor.id,
+        name: vendor.name,
+        app_url: vendor.app_url,
+      },
+    });
+  } catch (error: any) {
+    logger.error('Failed to test vendor connection', { error: error.message, id: req.params.id });
+    return res.status(500).json({ error: 'Internal server error' });
+  }
+}
+
+async function testVendorFulfillment(req: any, res: any) {
+  try {
+    const vendor = await ProductVendor.findByPk(req.params.id);
+    if (!vendor) {
+      return res.status(404).json({ error: 'Vendor not found' });
+    }
+
+    const { error, value } = testFulfillmentSchema.validate(req.body);
+    if (error) {
+      return res.status(400).json({
+        error: 'Validation failed',
+        message: error.message,
+      });
+    }
+
+    const { productCode, quantity, customParams } = value;
+
+    const testCheckoutSession = {
+      id: `test_checkout_${Date.now()}`,
+      payment_intent_id: `test_payment_intent_${Date.now()}`,
+      customer_id: 'test_customer',
+      customer_did: 'z1XGnwJiV3Hnz36kCTJaDe6iiv2kF6DJokt',
+      amount: 1000,
+      currency: 'USD',
+      amount_total: 1000,
+      currency_id: 'USD',
+      status: 'paid',
+      line_items: [
+        {
+          vendor_id: productCode,
+          quantity,
+          amount: 1000,
+          custom_params: {
+            email: customParams?.email || 'test@example.com',
+            testMode: true,
+            ...customParams,
+          },
+        },
+      ],
+      vendor_info: [
+        {
+          vendor_key: vendor.vendor_key,
+          status: 'pending',
+          attempts: 0,
+        },
+      ],
+    };
+
+    const testVendorConfig = {
+      vendor_id: vendor.id,
+      vendor_key: vendor.vendor_key,
+      app_url: vendor.app_url,
+      commission_rate: vendor.default_commission_rate,
+      commission_type: vendor.default_commission_type,
+      order_create_params: vendor.order_create_params || {},
+      custom_params: {
+        email: customParams?.email || 'test@example.com',
+        userDid: 'z1XGnwJiV3Hnz36kCTJaDe6iiv2kF6DJokt',
+      },
+    };
+
+    logger.info('Starting test fulfillment', {
+      vendorId: vendor.id,
+      vendorKey: vendor.vendor_key,
+      testData: {
+        checkoutSessionId: testCheckoutSession.id,
+        productCode: req.body.productCode || 'test_product',
+        amount: testCheckoutSession.amount,
+        currency: testCheckoutSession.currency,
+      },
+    });
+
+    const orderInfo = {
+      amount_total: testCheckoutSession.amount_total.toString(),
+      customer_id: testCheckoutSession.customer_id,
+      payment_intent_id: testCheckoutSession.payment_intent_id,
+      currency_id: testCheckoutSession.currency_id,
+      customer_did: testCheckoutSession.customer_did,
+    };
+    const fulfillmentResult = await VendorFulfillmentService.fulfillSingleVendorOrder(orderInfo, testVendorConfig);
+
+    logger.info('Test fulfillment completed', {
+      vendorId: vendor.id,
+      orderId: fulfillmentResult.orderId,
+      status: fulfillmentResult.status,
+      serviceUrl: fulfillmentResult.serviceUrl,
+    });
+
+    return res.json({
+      success: true,
+      message: 'Test fulfillment completed successfully!',
+      vendor: {
+        id: vendor.id,
+        name: vendor.name,
+        vendor_key: vendor.vendor_key,
+        app_url: vendor.app_url,
+      },
+      testData: {
+        checkoutSessionId: testCheckoutSession.id,
+        paymentIntentId: testCheckoutSession.payment_intent_id,
+        productCode: req.body.productCode || 'test_product',
+        amount: testCheckoutSession.amount,
+        currency: testCheckoutSession.currency,
+      },
+      fulfillmentResult,
+    });
+  } catch (error: any) {
+    logger.error('Test fulfillment failed', {
+      error: error.message,
+      stack: error.stack,
+      vendorId: req.params.id,
+      requestBody: req.body,
+    });
+    return res.status(500).json({
+      error: 'Test fulfillment failed',
+      details: error.message,
+      vendor: req.params.id,
+    });
+  }
+}
+
+async function getVendorStatus(sessionId: string, isDetail = false) {
+  const doc = await CheckoutSession.findByPk(sessionId);
+
+  if (!doc) {
+    return {
+      code: 404,
+      error: 'CheckoutSession not found',
+      vendors: [],
+    };
+  }
+
+  if (doc.status !== 'complete') {
+    return {
+      payment_status: doc.payment_status,
+      session_status: doc.status,
+      error: 'CheckoutSession not complete',
+      vendors: [],
+    };
+  }
+  if (!doc.vendor_info) {
+    return {
+      payment_status: doc.payment_status,
+      session_status: doc.status,
+      error: 'Vendor info not found',
+      vendors: [],
+    };
+  }
+
+  const vendors = doc.vendor_info.map(async (item) => {
+    const vendor = await ProductVendor.findByPk(item.vendor_id);
+    const url = vendor?.app_url
+      ? joinURL(vendor.app_url, '/api/vendor/', isDetail ? 'orders' : 'status', item.order_id)
+      : null;
+
+    const { headers } = VendorAuth.signRequestWithHeaders({});
+
+    return url
+      ? fetch(url, { headers })
+          .then(async (r) => {
+            const data = await r.json();
+
+            if (!data.dashboardUrl) {
+              return data;
+            }
+            const validUntil = dayjs().add(20, 'minutes').format('YYYY-MM-DDTHH:mm:ss+00:00');
+            const maxVisits = 5;
+
+            const homeUrl = await formatToShortUrl({ url: data.homeUrl, maxVisits, validUntil });
+            const dashboardUrl = await formatToShortUrl({ url: data.dashboardUrl, maxVisits, validUntil });
+
+            return {
+              ...data,
+              homeUrl,
+              dashboardUrl,
+            };
+          })
+          .catch((e) => ({ error: e.message }))
+      : null;
+  });
+
+  return {
+    payment_status: doc.payment_status,
+    session_status: doc.status,
+    vendors: await Promise.all(vendors),
+    error: null,
+  };
+}
+
+async function getVendorFulfillmentStatus(req: any, res: any) {
+  const { sessionId } = req.params;
+
+  try {
+    const status = await getVendorStatus(sessionId);
+
+    if (status.code) {
+      return res.status(status.code).json({ error: status.error });
+    }
+    return res.json(status);
+  } catch (error: any) {
+    return res.status(500).json({ error: error.message });
+  }
+}
+
+async function getVendorFulfillmentDetail(req: any, res: any) {
+  const { sessionId } = req.params;
+
+  try {
+    const detail = await getVendorStatus(sessionId, true);
+    if (detail.code) {
+      return res.status(detail.code).json({ error: detail.error });
+    }
+    return res.json(detail);
+  } catch (error: any) {
+    return res.status(500).json({ error: error.message });
+  }
+}
+
+const router = Router();
+
+router.get('/order/:sessionId/status', validateParams(sessionIdParamSchema), getVendorFulfillmentStatus);
+router.get('/order/:sessionId/detail', validateParams(sessionIdParamSchema), getVendorFulfillmentDetail);
+
+router.get('/', getAllVendors);
+router.get('/:id', authAdmin, validateParams(vendorIdParamSchema), getVendorById);
+router.post('/', authAdmin, createVendor);
+router.put('/:id', authAdmin, validateParams(vendorIdParamSchema), updateVendor);
+router.delete('/:id', authAdmin, validateParams(vendorIdParamSchema), deleteVendor);
+
+router.post('/:id/test-connection', authAdmin, validateParams(vendorIdParamSchema), testVendorConnection);
+router.post('/:id/test-fulfillment', authAdmin, validateParams(vendorIdParamSchema), testVendorFulfillment);
+
+export default router;

package/api/src/store/migrations/20250820-add-product-vendor.ts

@@ -0,0 +1,102 @@
+import { createIndexIfNotExists, type Migration } from '../migrate';
+
+export const up: Migration = async ({ context }) => {
+  await context.createTable('product_vendors', {
+    id: {
+      type: 'STRING',
+      primaryKey: true,
+      allowNull: false,
+      field: 'id',
+    },
+    vendor_key: {
+      type: 'STRING',
+      allowNull: false,
+      unique: true,
+      field: 'vendor_key',
+    },
+    name: {
+      type: 'STRING',
+      allowNull: false,
+      field: 'name',
+    },
+    description: {
+      type: 'TEXT',
+      allowNull: true,
+      field: 'description',
+    },
+    app_url: {
+      type: 'STRING',
+      allowNull: false,
+      field: 'app_url',
+    },
+    app_pid: {
+      type: 'STRING',
+      allowNull: false,
+      field: 'app_pid',
+    },
+    app_logo: {
+      type: 'STRING',
+      allowNull: true,
+      field: 'app_logo',
+    },
+    webhook_path: {
+      type: 'STRING',
+      allowNull: true,
+      field: 'webhook_path',
+    },
+    default_commission_rate: {
+      type: 'DECIMAL',
+      allowNull: false,
+      field: 'default_commission_rate',
+    },
+    default_commission_type: {
+      type: 'STRING',
+      allowNull: false,
+      field: 'default_commission_type',
+    },
+    order_create_params: {
+      type: 'JSON',
+      allowNull: true,
+      defaultValue: '{}',
+      field: 'order_create_params',
+    },
+    status: {
+      type: 'STRING',
+      allowNull: false,
+      defaultValue: 'active',
+      field: 'status',
+    },
+    metadata: {
+      type: 'JSON',
+      allowNull: true,
+      defaultValue: '{}',
+      field: 'metadata',
+    },
+    created_by: {
+      type: 'STRING',
+      allowNull: true,
+      field: 'created_by',
+    },
+    created_at: {
+      type: 'DATE',
+      defaultValue: 'CURRENT_TIMESTAMP',
+      allowNull: false,
+      field: 'created_at',
+    },
+    updated_at: {
+      type: 'DATE',
+      defaultValue: 'CURRENT_TIMESTAMP',
+      allowNull: false,
+      field: 'updated_at',
+    },
+  });
+
+  // 添加索引
+  await createIndexIfNotExists(context, 'product_vendors', ['vendor_key'], 'idx_product_vendors_vendor_key');
+  await createIndexIfNotExists(context, 'product_vendors', ['status'], 'idx_product_vendors_status');
+  await createIndexIfNotExists(context, 'product_vendors', ['created_at'], 'idx_product_vendors_created_at');
+};
+
+export const down: Migration = async ({ context }) => {
+  await context.dropTable('product_vendors');
+};

package/api/src/store/migrations/20250822-add-vendor-config-to-products.ts

@@ -0,0 +1,56 @@
+import { DataTypes } from 'sequelize';
+import { createIndexIfNotExists, safeApplyColumnChanges, type Migration } from '../migrate';
+
+export const up: Migration = async ({ context }) => {
+  await safeApplyColumnChanges(context, {
+    products: [
+      {
+        name: 'vendor_config',
+        field: {
+          type: DataTypes.JSON,
+          allowNull: true,
+        },
+      },
+    ],
+    checkout_sessions: [
+      {
+        name: 'fulfillment_status',
+        field: {
+          type: DataTypes.STRING,
+          allowNull: true,
+        },
+      },
+      {
+        name: 'vendor_info',
+        field: {
+          type: DataTypes.JSON,
+          allowNull: true,
+        },
+      },
+    ],
+    payouts: [
+      {
+        name: 'vendor_info',
+        field: {
+          type: DataTypes.JSON,
+          allowNull: true,
+        },
+      },
+    ],
+  });
+
+  await createIndexIfNotExists(
+    context,
+    'checkout_sessions',
+    ['fulfillment_status'],
+    'idx_checkout_sessions_fulfillment_status'
+  );
+};
+
+export const down: Migration = async ({ context }) => {
+  // 移除所有供应商相关字段
+  await context.removeColumn('products', 'vendor_config');
+  await context.removeColumn('checkout_sessions', 'vendor_info');
+  await context.removeColumn('checkout_sessions', 'fulfillment_status');
+  await context.removeColumn('payouts', 'vendor_info');
+};