q-koa 13.4.0 → 13.4.1

package/core/app.js

@@ -159,6 +159,14 @@ class APP {
       ) {
         return ctx.ERROR('error')
       }
+
+      if (
+        ctx.request.header['user-agent'] &&
+        ctx.request.header['user-agent'].includes('Apache-HttpClient')
+      ) {
+        throw new Error(`error`)
+      }
+
       if (this.config.blackList.includes(ip)) {
         return ctx.ERROR('error')
       }
@@ -483,9 +491,12 @@ class APP {
         if (initFileConfig) {
           this.initFile(appName)
         }
-
         await this.initPlugin(appName)
-        this.app[appName].event = new EventEmitter()
+
+        const initEvent = _.get(this.app[appName], 'appConfig.initEvent', false)
+        if (initEvent) {
+          this.app[appName].event = new EventEmitter()
+        }
 
         const cacheConfig = _.get(this.app[appName], 'appConfig.cache', {
           max: 100,
@@ -592,7 +603,7 @@ class APP {
         const folderResult = await fsPromise.readdir(
           path.resolve(pluginDir, folder)
         )
-        folderResult.forEach((filename) => {
+        for (const filename of folderResult) {
           const extname = path.extname(filename)
           if (extname === '.js') {
             const n = path.basename(filename, extname)
@@ -807,7 +818,7 @@ class APP {
               }
             }
           }
-        })
+        }
       }
     }
     const start = moment().valueOf()
@@ -836,19 +847,33 @@ class APP {
   }
 
   initModel(appName) {
+    const modelList = Object.keys(this.app[appName].model)
+
+    const include = modelList.reduce((a, b) => {
+      return {
+        ...a,
+        [b]: [],
+      }
+    }, {})
+    this.app[appName] = _.defaultsDeep(
+      {
+        include,
+      },
+      this.app[appName]
+    )
     for (let i = 0; i < Object.keys(this.app[appName].model).length; i++) {
       const model = Object.keys(this.app[appName].model)[i]
 
-      if (!this.app[appName].include || !this.app[appName].include[model]) {
-        this.app[appName] = _.defaultsDeep(
-          {
-            include: {
-              [model]: [],
-            },
-          },
-          this.app[appName]
-        )
-      }
+      // if (!this.app[appName].include || !this.app[appName].include[model]) {
+      //   this.app[appName] = _.defaultsDeep(
+      //     {
+      //       include: {
+      //         [model]: [],
+      //       },
+      //     },
+      //     this.app[appName]
+      //   )
+      // }
       const db = this.app[appName].attributes[model]
 
       const list = Object.keys(db)
@@ -1374,6 +1399,11 @@ class APP {
                         app[appName].cache.get(modelName)
                           ? app[appName].cache.get(modelName)
                           : await model.findAll({
+                              ...(myInclude[j].attributes
+                                ? {
+                                    attributes: myInclude[j].attributes,
+                                  }
+                                : {}),
                               where: {
                                 id: idList,
                                 ...myInclude[j].where,
@@ -1394,6 +1424,11 @@ class APP {
                     const idList = rows.map((r) => r.id).filter((item) => item)
                     if (idList.length) {
                       const list = await model.findAll({
+                        ...(myInclude[j].attributes
+                          ? {
+                              attributes: myInclude[j].attributes,
+                            }
+                          : {}),
                         where: {
                           [controller + '_id']: idList,
                           ...myInclude[j].where,

package/core/config.js

@@ -66,6 +66,7 @@ module.exports = {
         'weixin/mp_login',
         'log/create',
         'log/upsert',
+        'auto/minute',
       ].every((item) => {
         return !ctx.request.url.includes(item)
       })

package/core/file/plugins/administrator/controller.js

@@ -214,8 +214,8 @@ exports.scan = async (ctx) => {
       })
     }
 
-    app.event.removeAllListeners()
-    app.event.on('scan', sendMessage)
+    app.event && app.event.removeAllListeners()
+    app.event && app.event.on('scan', sendMessage)
   } else {
     throw new Error('这是一个websocket url')
   }

package/core/file/plugins/common/controller.js

@@ -224,8 +224,8 @@ exports.channel = async (ctx) => {
       })
     }
 
-    app.event.removeAllListeners()
-    app.event.on(channelId, sendMessage)
+    app.event && app.event.removeAllListeners()
+    app.event && app.event.on(channelId, sendMessage)
   } else {
     throw new Error('这是一个websocket url')
   }
@@ -442,6 +442,7 @@ exports.verify = async (ctx) => {
 const expressFn = async ({ app, express_number: _express_number }) => {
   const appConfig = getConfig(app)
   const { app_code, express_mobile } = await appConfig.getObject('express')
+
   const express_number = _express_number.replace(/\t/, '').trim()
 
   const lastFour = express_mobile

package/core/file/plugins/system/controller.js

@@ -3,7 +3,6 @@ const path = require('path')
 const fsPromise = require('fs/promises')
 const { VM } = require('vm2')
 const axios = require('axios')
-const cheerio = require('cheerio')
 const { lodash, getAppByCtx, getConfig, Sequelize, moment } = require('q-koa')
 const LRU = require('lru-cache')
 const cache = new LRU({
@@ -584,7 +583,6 @@ exports.sandbox = async (ctx) => {
   const vm = new VM({
     sandbox: {
       axios,
-      cheerio,
       module,
       setTimeout,
       sleep: (time) =>
@@ -603,7 +601,6 @@ exports.onlineChat = async (ctx) => {
         sandbox: {
           send: (data) => ws.send(JSON.stringify(data)),
           axios,
-          cheerio,
         },
       })
       vm.run(code)

package/core/file/plugins/system/service.js

@@ -1,5 +1,5 @@
 const { getConfig, lodash, Sequelize } = require('q-koa')
-const { formatLiteralObj } = require('../../utils')
+const { formatLiteralObj, filterFunction } = require('../../utils')
 const formatPostFunction = (str) => `eval(${str})`
 const nodeVm = require('vm')
 const axios = require('axios')
@@ -84,9 +84,7 @@ exports.initData = async ({ includes, excludes, app, ctx }) => {
               .map((i) => (i.toJSON ? i.toJSON() : i))
               .filter((c) => {
                 const target = data && data.where ? data.where : {}
-                return Object.keys(target).every((key) => {
-                  return c[key] === target[key]
-                })
+                return filterFunction(target, c)
               })
               .map((c) => {
                 return pick.length > 0

package/core/file/plugins/weixin/controller.js

@@ -4,6 +4,7 @@ const {
   getConfig,
   moment,
   ServiceError,
+  getUserByCtx,
 } = require('q-koa')
 
 const axios = require('axios')
@@ -93,6 +94,7 @@ exports.mp_getPhone = async (ctx) => {
     (!exist.mp_user.appid || exist.mp_user.appid === app_id)
 
   if (mobileExist) {
+    app.service.log.push({ app, message: `系统已存在该手机号${phoneNumber}` })
     return ctx.ERROR('系统已存在该手机号')
   }
 
@@ -1144,6 +1146,50 @@ exports.mp_pay = async (ctx) => {
   })
 }
 
+exports.b2b_pay = async (ctx) => {
+  const { app, appName } = getAppByCtx(ctx)
+  const appConfig = getConfig(app)
+  const { is_dev } = await appConfig.getObject('base')
+  const { name, _out_trade_no, order_id, price, prefix, code, type, is_admin } =
+    ctx.request.body
+
+  const { app_id, app_secrect } = await appConfig.getObject('weixin_mp')
+  const {
+    mchId: mchid,
+    app_key,
+    key,
+    pay_key: _pay_key,
+  } = await appConfig.getObject('weixin_pay')
+
+  const pay_key = _pay_key || key || appName
+
+  const weixinMp = new WeixinMp({
+    appid: app_id,
+    secrect: app_secrect,
+  })
+  weixinMp.init()
+  const out_trade_no = _out_trade_no
+    ? _out_trade_no
+    : prefix
+    ? `${pay_key}_${prefix}-${order_id}_${type}`
+    : `${pay_key}_${order_id}_${type}`
+
+  const res = await weixinMp.b2bPay({
+    mchid,
+    app_key,
+    code,
+    data: {
+      out_trade_no,
+      description: name,
+      amount: {
+        order_amount: is_admin || is_dev ? 1 : Math.round(price * 100),
+      },
+    },
+  })
+
+  ctx.SUCCESS(res)
+}
+
 exports.mp_pay_new = async (ctx) => {
   const { app, appName } = getAppByCtx(ctx)
   const {

package/core/file/plugins/weixin/service.js

@@ -13,6 +13,76 @@ const fsPromise = require('fs/promises')
 const WeixinMp = require('../../services/weixinMP')
 const OSS = require('ali-oss')
 
+exports.b2b_refund = async ({
+  ctx,
+  id,
+  prefix = '',
+  total_fee,
+  refund_fee,
+  price,
+  pay_type = 'B2B-WEIXIN',
+  type = '',
+  config = 'weixin_mp',
+  pay_config = 'weixin_pay',
+  out_trade_no: _out_trade_no,
+  out_refund_no: _out_refund_no,
+  refund_from = 1,
+  ...rest
+}) => {
+  if (!ctx) throw new Error('?ctx')
+  const { app, appName } = getAppByCtx(ctx)
+  const appConfig = getConfig(app)
+  const { app_id, app_secrect } = await appConfig.getObject(config)
+  const { mchId: mchid, key, app_key } = await appConfig.getObject(pay_config)
+
+  const weixinMp = new WeixinMp({
+    appid: app_id,
+    secrect: app_secrect,
+  })
+  weixinMp.init()
+
+  const orderModel = prefix ? `${prefix}_order` : 'order'
+  const out_trade_no =
+    _out_trade_no ||
+    (prefix ? `${key}_${prefix}-${id}_${pay_type}` : `${key}_${id}_${pay_type}`)
+  const orderDetail = await app.model[orderModel].findOne({
+    where: {
+      id,
+    },
+    include: app.model.order_refund_record,
+  })
+
+  if (!orderDetail) throw new Error('不存在该订单')
+
+  const refundRecords = lodash.get(orderDetail, 'order_refund_records', [])
+  const refundNumber = refundRecords.length + 1
+  const out_refund_no =
+    _out_refund_no || [`${prefix}-${id}`, type, refundNumber].join('_')
+
+  console.log({
+    mchid,
+    app_key,
+    data: {
+      out_trade_no: out_trade_no,
+      out_refund_no,
+      refund_amount: Math.round((refund_fee || price) * 100),
+      refund_from,
+    },
+  })
+  const res = await weixinMp.b2bRefund({
+    mchid,
+    app_key,
+    data: {
+      out_trade_no: out_trade_no,
+      out_refund_no,
+      refund_amount: Math.round((refund_fee || price) * 100),
+      refund_from,
+    },
+  })
+
+  return res
+}
+
 exports.refund = async ({
   ctx,
   id,

package/core/file/services/weixinMP.js

@@ -1,6 +1,6 @@
 const util = require('util')
 const axios = require('axios')
-
+const crypto = require('crypto')
 const { lodash, ServiceError } = require('q-koa')
 const getAccessTokenUrl =
   'https://api.weixin.qq.com/cgi-bin/token?grant_type=%s&appid=%s&secret=%s'
@@ -82,6 +82,14 @@ const createActivityUrl =
 const setUpdatableMsgUrl =
   'https://api.weixin.qq.com/cgi-bin/message/wxopen/updatablemsg/send?access_token=%s'
 
+const b2bRefundUrl =
+  'https://api.weixin.qq.com/retail/B2b/refund?access_token=%s&pay_sig=%s'
+
+const b2bCheckRefundUrl =
+  'https://api.weixin.qq.com/retail/B2b/getrefund?access_token=%s&pay_sig=%s'
+
+const b2bCheckOrderUrl =
+  'https://api.weixin.qq.com/retail/B2b/getorder?access_token=%s&pay_sig=%s'
 const fsPromise = require('fs/promises')
 const LRU = require('lru-cache')
 const request = require('request')
@@ -90,7 +98,9 @@ const cache = new LRU({
   maxAge: 1000 * 60 * 60,
 })
 const uuid = require('node-uuid')
-
+const hmacSha256 = (data, secret) => {
+  return crypto.createHmac('sha256', secret).update(data).digest('hex')
+}
 const uploadPromise = (options) => {
   return new Promise((resolve, reject) => {
     request.post(
@@ -998,6 +1008,115 @@ module.exports = class Singleton {
     return result
   }
 
+  async b2bPay({
+    uri = 'requestCommonPayment',
+    data,
+    app_key,
+    code,
+    env = 0,
+    mchid,
+  }) {
+    const weixinLoginUrl = `https://api.weixin.qq.com/sns/jscode2session?appid=${this.config.appid}&secret=${this.config.secrect}&js_code=${code}&grant_type=authorization_code`
+
+    const weixinResult = await axios.get(weixinLoginUrl).then((res) => res.data)
+
+    const { session_key } = weixinResult
+
+    const signData = {
+      mchid,
+      env,
+      ...data,
+    }
+
+    const signature = hmacSha256(JSON.stringify(signData), session_key)
+    const paySig = hmacSha256(`${uri}&${JSON.stringify(signData)}`, app_key)
+
+    return {
+      signData: JSON.stringify(signData),
+      mode: 'retail_pay_goods',
+      signature,
+      paySig,
+    }
+  }
+
+  async b2bRefund({ mchid, app_key, data }) {
+    const requestUrl = b2bRefundUrl
+
+    const access_token = await this.getAccessToken()
+
+    const uri = requestUrl.split('api.weixin.qq.com')[1].split('?')[0]
+
+    const signData = {
+      mchid,
+      ...data,
+    }
+
+    const pay_sig = hmacSha256(`${uri}&${JSON.stringify(signData)}`, app_key)
+
+    const url = util.format(requestUrl, access_token, pay_sig)
+    const result = await axios.post(url, signData).then((res) => res.data)
+    if (result.errcode) {
+      if (result.errcode === 40001) {
+        cache.reset()
+        return await this.b2bRefund({ mchid, app_key, data })
+      }
+      throw new Error(`${result.errcode};${result.errmsg}`)
+    }
+    return result
+  }
+
+  async b2bCheckRefund({ mchid, app_key, data }) {
+    const requestUrl = b2bCheckRefundUrl
+
+    const access_token = await this.getAccessToken()
+
+    const uri = requestUrl.split('api.weixin.qq.com')[1].split('?')[0]
+
+    const signData = {
+      mchid,
+      ...data,
+    }
+
+    const pay_sig = hmacSha256(`${uri}&${JSON.stringify(signData)}`, app_key)
+
+    const url = util.format(requestUrl, access_token, pay_sig)
+    const result = await axios.post(url, signData).then((res) => res.data)
+    if (result.errcode) {
+      if (result.errcode === 40001) {
+        cache.reset()
+        return await this.b2bCheckRefund({ mchid, app_key, data })
+      }
+      throw new Error(`${result.errcode};${result.errmsg}`)
+    }
+    return result
+  }
+
+  async b2bCheckOrder({ mchid, app_key, data }) {
+    const requestUrl = b2bCheckOrderUrl
+
+    const access_token = await this.getAccessToken()
+
+    const uri = requestUrl.split('api.weixin.qq.com')[1].split('?')[0]
+
+    const signData = {
+      mchid,
+      ...data,
+    }
+
+    const pay_sig = hmacSha256(`${uri}&${JSON.stringify(signData)}`, app_key)
+
+    const url = util.format(requestUrl, access_token, pay_sig)
+    const result = await axios.post(url, signData).then((res) => res.data)
+    if (result.errcode) {
+      if (result.errcode === 40001) {
+        cache.reset()
+        return await this.b2bCheckOrder({ mchid, app_key, data })
+      }
+      throw new Error(`${result.errcode};${result.errmsg}`)
+    }
+    return result
+  }
+
   getConfig() {
     return this.config
   }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "q-koa",
-  "version": "13.4.0",
+  "version": "13.4.1",
   "description": "",
   "main": "index.js",
   "scripts": {