jurong_circle_black/routes/wechatPay.js

const express = require('express');
const router = express.Router();
const WechatPayService = require('../services/wechatPayService');
const { getDB } = require('../database');
const { auth, paymentAuth } = require('../middleware/auth');

// 创建微信支付服务实例
const wechatPayService = new WechatPayService();

/**
 * 创建注册支付订单 (API v3 - H5支付)
 * POST /api/wechat-pay/create-registration-order
 */
router.post('/create-registration-order', paymentAuth, async (req, res) => {
  try {
    const userId = req.user.id;
    const username = req.user.username;
    const phone = req.user.phone;
    
    // 获取客户端IP
    const clientIp = req.headers['x-forwarded-for'] || 
                    req.headers['x-real-ip'] || 
                    req.connection.remoteAddress || 
                    req.socket.remoteAddress ||
                    (req.connection.socket ? req.connection.socket.remoteAddress : null) ||
                    '127.0.0.1';

    // 检查用户是否已经支付过
    const db = getDB();
    const [existingOrders] = await db.execute(
      'SELECT id FROM payment_orders WHERE user_id = ? AND status = "paid"',
      [userId]
    );

    if (existingOrders.length > 0) {
      return res.status(400).json({
        success: false,
        message: '用户已完成支付，无需重复支付'
      });
    }

    console.log('创建H5支付订单:', {
      userId,
      username,
      phone,
      clientIp
    });

    // 创建H5支付订单
    const result = await wechatPayService.createRegistrationPayOrder({
      userId,
      username,
      phone,
      clientIp
    });

    if (result.success) {
      res.json({
        success: true,
        data: {
          outTradeNo: result.data.outTradeNo,
          h5Url: result.data.h5Url,
          paymentType: result.data.paymentType
        }
      });
    } else {
      res.status(500).json({
        success: false,
        message: '创建支付订单失败'
      });
    }
  } catch (error) {
    console.error('创建H5支付订单异常:', error);
    res.status(500).json({
      success: false,
      message: error.message || '服务器内部错误'
    });
  }
});

// H5支付不需要获取openid，移除相关接口

/**
 * 微信支付回调接口 (API v3)
 * POST /api/wechat-pay/notify
 */
router.post('/notify', async (req, res) => {
  try {
    // API v3 回调是JSON格式
    const notifyData = req.body;
    
    // 获取请求头中的签名信息
    const signature = req.headers['wechatpay-signature'];
    const timestamp = req.headers['wechatpay-timestamp'];
    const nonce = req.headers['wechatpay-nonce'];
    const serial = req.headers['wechatpay-serial'];
    
    console.log('收到API v3支付回调:', {
      signature,
      timestamp,
      nonce,
      serial,
      body: notifyData
    });
    
    // 验证签名和处理回调
    const result = await wechatPayService.handleV3PaymentNotify({
      signature,
      timestamp,
      nonce,
      serial,
      body: JSON.stringify(notifyData)
    });
    
    if (result.success) {
      // API v3 成功响应
      res.status(200).json({ code: 'SUCCESS', message: '成功' });
    } else {
      // API v3 失败响应
      res.status(400).json({ code: 'FAIL', message: result.message || '处理失败' });
    }
  } catch (error) {
    console.error('支付回调处理异常:', error);
    res.status(500).json({ code: 'ERROR', message: '服务器内部错误' });
  }
});

/**
 * 查询支付状态
 * GET /api/wechat-pay/query-status/:outTradeNo
 */
router.get('/query-status/:outTradeNo', paymentAuth, async (req, res) => {
  try {
    const { outTradeNo } = req.params;
    const userId = req.user.id;

    // 验证订单是否属于当前用户
    const db = getDB();
    const [orders] = await db.execute(
      'SELECT id FROM payment_orders WHERE out_trade_no = ? AND user_id = ?',
      [outTradeNo, userId]
    );

    if (orders.length === 0) {
      return res.status(404).json({
        success: false,
        message: '订单不存在或无权限访问'
      });
    }

    const result = await wechatPayService.queryPaymentStatus(outTradeNo);
    res.json(result);
  } catch (error) {
    console.error('查询支付状态失败:', error);
    res.status(500).json({
      success: false,
      message: error.message || '查询支付状态失败'
    });
  }
});

/**
 * 检查用户支付状态
 * GET /api/wechat-pay/check-user-payment
 */
router.get('/check-user-payment', auth, async (req, res) => {
  try {
    const userId = req.user.id;
    const db = getDB();

    // 查询用户支付状态
    const [users] = await db.execute(
      'SELECT payment_status FROM users WHERE id = ?',
      [userId]
    );

    if (users.length === 0) {
      return res.status(404).json({
        success: false,
        message: '用户不存在'
      });
    }

    const paymentStatus = users[0].payment_status;

    res.json({
      success: true,
      data: {
        paymentStatus,
        isPaid: paymentStatus === 'paid'
      }
    });
  } catch (error) {
    console.error('检查用户支付状态失败:', error);
    res.status(500).json({
      success: false,
      message: '检查支付状态失败'
    });
  }
});

module.exports = router;