package service import ( "context" "fmt" "log/slog" "math" "strconv" "strings" "time" dbent "github.com/Wei-Shaw/sub2api/ent" "github.com/Wei-Shaw/sub2api/ent/paymentauditlog" "github.com/Wei-Shaw/sub2api/ent/paymentorder" "github.com/Wei-Shaw/sub2api/internal/payment" "github.com/Wei-Shaw/sub2api/internal/payment/provider" infraerrors "github.com/Wei-Shaw/sub2api/internal/pkg/errors" ) // --- Order Creation --- func (s *PaymentService) CreateOrder(ctx context.Context, req CreateOrderRequest) (*CreateOrderResponse, error) { if req.OrderType == "" { req.OrderType = payment.OrderTypeBalance } cfg, err := s.configService.GetPaymentConfig(ctx) if err != nil { return nil, fmt.Errorf("get payment config: %w", err) } if !cfg.Enabled { return nil, infraerrors.Forbidden("PAYMENT_DISABLED", "payment system is disabled") } plan, err := s.validateOrderInput(ctx, req, cfg) if err != nil { return nil, err } if err := s.checkCancelRateLimit(ctx, req.UserID, cfg); err != nil { return nil, err } user, err := s.userRepo.GetByID(ctx, req.UserID) if err != nil { return nil, fmt.Errorf("get user: %w", err) } if user.Status != payment.EntityStatusActive { return nil, infraerrors.Forbidden("USER_INACTIVE", "user account is disabled") } amount := req.Amount if plan != nil { amount = plan.Price } feeRate := s.getFeeRate(req.PaymentType) payAmountStr := payment.CalculatePayAmount(amount, feeRate) payAmount, _ := strconv.ParseFloat(payAmountStr, 64) order, err := s.createOrderInTx(ctx, req, user, plan, cfg, amount, feeRate, payAmount) if err != nil { return nil, err } resp, err := s.invokeProvider(ctx, order, req, cfg, payAmountStr, payAmount, plan) if err != nil { _, _ = s.entClient.PaymentOrder.UpdateOneID(order.ID). SetStatus(OrderStatusFailed). Save(ctx) return nil, err } return resp, nil } func (s *PaymentService) validateOrderInput(ctx context.Context, req CreateOrderRequest, cfg *PaymentConfig) (*dbent.SubscriptionPlan, error) { if req.OrderType == payment.OrderTypeBalance && cfg.BalanceDisabled { return nil, infraerrors.Forbidden("BALANCE_PAYMENT_DISABLED", "balance recharge has been disabled") } if req.OrderType == payment.OrderTypeSubscription { return s.validateSubOrder(ctx, req) } if math.IsNaN(req.Amount) || math.IsInf(req.Amount, 0) || req.Amount <= 0 { return nil, infraerrors.BadRequest("INVALID_AMOUNT", "amount must be a positive number") } if (cfg.MinAmount > 0 && req.Amount < cfg.MinAmount) || (cfg.MaxAmount > 0 && req.Amount > cfg.MaxAmount) { return nil, infraerrors.BadRequest("INVALID_AMOUNT", "amount out of range"). WithMetadata(map[string]string{"min": fmt.Sprintf("%.2f", cfg.MinAmount), "max": fmt.Sprintf("%.2f", cfg.MaxAmount)}) } return nil, nil } func (s *PaymentService) validateSubOrder(ctx context.Context, req CreateOrderRequest) (*dbent.SubscriptionPlan, error) { if req.PlanID == 0 { return nil, infraerrors.BadRequest("INVALID_INPUT", "subscription order requires a plan") } plan, err := s.configService.GetPlan(ctx, req.PlanID) if err != nil || !plan.ForSale { return nil, infraerrors.NotFound("PLAN_NOT_AVAILABLE", "plan not found or not for sale") } group, err := s.groupRepo.GetByID(ctx, plan.GroupID) if err != nil || group.Status != payment.EntityStatusActive { return nil, infraerrors.NotFound("GROUP_NOT_FOUND", "subscription group is no longer available") } if !group.IsSubscriptionType() { return nil, infraerrors.BadRequest("GROUP_TYPE_MISMATCH", "group is not a subscription type") } return plan, nil } func (s *PaymentService) createOrderInTx(ctx context.Context, req CreateOrderRequest, user *User, plan *dbent.SubscriptionPlan, cfg *PaymentConfig, amount, feeRate, payAmount float64) (*dbent.PaymentOrder, error) { tx, err := s.entClient.Tx(ctx) if err != nil { return nil, fmt.Errorf("begin transaction: %w", err) } defer func() { _ = tx.Rollback() }() if err := s.checkPendingLimit(ctx, tx, req.UserID, cfg.MaxPendingOrders); err != nil { return nil, err } if err := s.checkDailyLimit(ctx, tx, req.UserID, amount, cfg.DailyLimit); err != nil { return nil, err } tm := cfg.OrderTimeoutMin if tm <= 0 { tm = defaultOrderTimeoutMin } exp := time.Now().Add(time.Duration(tm) * time.Minute) b := tx.PaymentOrder.Create(). SetUserID(req.UserID). SetUserEmail(user.Email). SetUserName(user.Username). SetNillableUserNotes(psNilIfEmpty(user.Notes)). SetAmount(amount). SetPayAmount(payAmount). SetFeeRate(feeRate). SetRechargeCode(""). SetOutTradeNo(generateOutTradeNo()). SetPaymentType(req.PaymentType). SetPaymentTradeNo(""). SetOrderType(req.OrderType). SetStatus(OrderStatusPending). SetExpiresAt(exp). SetClientIP(req.ClientIP). SetSrcHost(req.SrcHost) if req.SrcURL != "" { b.SetSrcURL(req.SrcURL) } if plan != nil { b.SetPlanID(plan.ID).SetSubscriptionGroupID(plan.GroupID).SetSubscriptionDays(psComputeValidityDays(plan.ValidityDays, plan.ValidityUnit)) } order, err := b.Save(ctx) if err != nil { return nil, fmt.Errorf("create order: %w", err) } code := fmt.Sprintf("PAY-%d-%d", order.ID, time.Now().UnixNano()%100000) order, err = tx.PaymentOrder.UpdateOneID(order.ID).SetRechargeCode(code).Save(ctx) if err != nil { return nil, fmt.Errorf("set recharge code: %w", err) } if err := tx.Commit(); err != nil { return nil, fmt.Errorf("commit order transaction: %w", err) } return order, nil } func (s *PaymentService) checkPendingLimit(ctx context.Context, tx *dbent.Tx, userID int64, max int) error { if max <= 0 { max = defaultMaxPendingOrders } c, err := tx.PaymentOrder.Query().Where(paymentorder.UserIDEQ(userID), paymentorder.StatusEQ(OrderStatusPending)).Count(ctx) if err != nil { return fmt.Errorf("count pending orders: %w", err) } if c >= max { return infraerrors.TooManyRequests("TOO_MANY_PENDING", fmt.Sprintf("too many pending orders (max %d)", max)). WithMetadata(map[string]string{"max": strconv.Itoa(max)}) } return nil } func (s *PaymentService) checkCancelRateLimit(ctx context.Context, userID int64, cfg *PaymentConfig) error { if !cfg.CancelRateLimitEnabled || cfg.CancelRateLimitMax <= 0 { return nil } windowStart := cancelRateLimitWindowStart(cfg) operator := fmt.Sprintf("user:%d", userID) count, err := s.entClient.PaymentAuditLog.Query(). Where( paymentauditlog.ActionEQ("ORDER_CANCELLED"), paymentauditlog.OperatorEQ(operator), paymentauditlog.CreatedAtGTE(windowStart), ).Count(ctx) if err != nil { slog.Error("check cancel rate limit failed", "userID", userID, "error", err) return nil // fail open } if count >= cfg.CancelRateLimitMax { return infraerrors.TooManyRequests("CANCEL_RATE_LIMITED", "cancel rate limited"). WithMetadata(map[string]string{ "max": strconv.Itoa(cfg.CancelRateLimitMax), "window": strconv.Itoa(cfg.CancelRateLimitWindow), "unit": cfg.CancelRateLimitUnit, }) } return nil } func cancelRateLimitWindowStart(cfg *PaymentConfig) time.Time { now := time.Now() w := cfg.CancelRateLimitWindow if w <= 0 { w = 1 } unit := cfg.CancelRateLimitUnit if unit == "" { unit = "day" } if cfg.CancelRateLimitMode == "fixed" { switch unit { case "minute": t := now.Truncate(time.Minute) return t.Add(-time.Duration(w-1) * time.Minute) case "day": y, m, d := now.Date() t := time.Date(y, m, d, 0, 0, 0, 0, now.Location()) return t.AddDate(0, 0, -(w - 1)) default: // hour t := now.Truncate(time.Hour) return t.Add(-time.Duration(w-1) * time.Hour) } } // rolling window switch unit { case "minute": return now.Add(-time.Duration(w) * time.Minute) case "day": return now.AddDate(0, 0, -w) default: // hour return now.Add(-time.Duration(w) * time.Hour) } } func (s *PaymentService) checkDailyLimit(ctx context.Context, tx *dbent.Tx, userID int64, amount, limit float64) error { if limit <= 0 { return nil } ts := psStartOfDayUTC(time.Now()) orders, err := tx.PaymentOrder.Query().Where(paymentorder.UserIDEQ(userID), paymentorder.StatusIn(OrderStatusPaid, OrderStatusRecharging, OrderStatusCompleted), paymentorder.PaidAtGTE(ts)).All(ctx) if err != nil { return fmt.Errorf("query daily usage: %w", err) } var used float64 for _, o := range orders { used += o.Amount } if used+amount > limit { return infraerrors.TooManyRequests("DAILY_LIMIT_EXCEEDED", fmt.Sprintf("daily recharge limit reached, remaining: %.2f", math.Max(0, limit-used))) } return nil } func (s *PaymentService) invokeProvider(ctx context.Context, order *dbent.PaymentOrder, req CreateOrderRequest, cfg *PaymentConfig, payAmountStr string, payAmount float64, plan *dbent.SubscriptionPlan) (*CreateOrderResponse, error) { s.EnsureProviders(ctx) providerKey := s.registry.GetProviderKey(req.PaymentType) if providerKey == "" { return nil, infraerrors.ServiceUnavailable("PAYMENT_GATEWAY_ERROR", fmt.Sprintf("payment method (%s) is not configured", req.PaymentType)) } sel, err := s.loadBalancer.SelectInstance(ctx, providerKey, req.PaymentType, payment.Strategy(cfg.LoadBalanceStrategy), payAmount) if err != nil { return nil, fmt.Errorf("select provider instance: %w", err) } if sel == nil { return nil, infraerrors.TooManyRequests("NO_AVAILABLE_INSTANCE", "no available payment instance") } prov, err := provider.CreateProvider(providerKey, sel.InstanceID, sel.Config) if err != nil { return nil, infraerrors.ServiceUnavailable("PAYMENT_GATEWAY_ERROR", "payment method is temporarily unavailable") } subject := s.buildPaymentSubject(plan, payAmountStr, cfg) outTradeNo := order.OutTradeNo pr, err := prov.CreatePayment(ctx, payment.CreatePaymentRequest{OrderID: outTradeNo, Amount: payAmountStr, PaymentType: req.PaymentType, Subject: subject, ClientIP: req.ClientIP, IsMobile: req.IsMobile, InstanceSubMethods: sel.SupportedTypes}) if err != nil { slog.Error("[PaymentService] CreatePayment failed", "provider", providerKey, "instance", sel.InstanceID, "error", err) return nil, infraerrors.ServiceUnavailable("PAYMENT_GATEWAY_ERROR", fmt.Sprintf("payment gateway error: %s", err.Error())) } _, err = s.entClient.PaymentOrder.UpdateOneID(order.ID).SetNillablePaymentTradeNo(psNilIfEmpty(pr.TradeNo)).SetNillablePayURL(psNilIfEmpty(pr.PayURL)).SetNillableQrCode(psNilIfEmpty(pr.QRCode)).SetNillableProviderInstanceID(psNilIfEmpty(sel.InstanceID)).Save(ctx) if err != nil { return nil, fmt.Errorf("update order with payment details: %w", err) } s.writeAuditLog(ctx, order.ID, "ORDER_CREATED", fmt.Sprintf("user:%d", req.UserID), map[string]any{"amount": req.Amount, "paymentType": req.PaymentType, "orderType": req.OrderType}) return &CreateOrderResponse{OrderID: order.ID, Amount: order.Amount, PayAmount: payAmount, FeeRate: order.FeeRate, Status: OrderStatusPending, PaymentType: req.PaymentType, PayURL: pr.PayURL, QRCode: pr.QRCode, ClientSecret: pr.ClientSecret, ExpiresAt: order.ExpiresAt, PaymentMode: sel.PaymentMode}, nil } func (s *PaymentService) buildPaymentSubject(plan *dbent.SubscriptionPlan, payAmountStr string, cfg *PaymentConfig) string { if plan != nil { if plan.ProductName != "" { return plan.ProductName } return "Sub2API Subscription " + plan.Name } pf := strings.TrimSpace(cfg.ProductNamePrefix) sf := strings.TrimSpace(cfg.ProductNameSuffix) if pf != "" || sf != "" { return strings.TrimSpace(pf + " " + payAmountStr + " " + sf) } return "Sub2API " + payAmountStr + " CNY" } // --- Order Queries --- func (s *PaymentService) GetOrder(ctx context.Context, orderID, userID int64) (*dbent.PaymentOrder, error) { o, err := s.entClient.PaymentOrder.Get(ctx, orderID) if err != nil { return nil, infraerrors.NotFound("NOT_FOUND", "order not found") } if o.UserID != userID { return nil, infraerrors.Forbidden("FORBIDDEN", "no permission for this order") } return o, nil } func (s *PaymentService) GetOrderByID(ctx context.Context, orderID int64) (*dbent.PaymentOrder, error) { o, err := s.entClient.PaymentOrder.Get(ctx, orderID) if err != nil { return nil, infraerrors.NotFound("NOT_FOUND", "order not found") } return o, nil } func (s *PaymentService) GetUserOrders(ctx context.Context, userID int64, p OrderListParams) ([]*dbent.PaymentOrder, int, error) { q := s.entClient.PaymentOrder.Query().Where(paymentorder.UserIDEQ(userID)) if p.Status != "" { q = q.Where(paymentorder.StatusEQ(p.Status)) } if p.OrderType != "" { q = q.Where(paymentorder.OrderTypeEQ(p.OrderType)) } if p.PaymentType != "" { q = q.Where(paymentorder.PaymentTypeEQ(p.PaymentType)) } total, err := q.Clone().Count(ctx) if err != nil { return nil, 0, fmt.Errorf("count user orders: %w", err) } ps, pg := applyPagination(p.PageSize, p.Page) orders, err := q.Order(dbent.Desc(paymentorder.FieldCreatedAt)).Limit(ps).Offset((pg - 1) * ps).All(ctx) if err != nil { return nil, 0, fmt.Errorf("query user orders: %w", err) } return orders, total, nil } // AdminListOrders returns a paginated list of orders. If userID > 0, filters by user. func (s *PaymentService) AdminListOrders(ctx context.Context, userID int64, p OrderListParams) ([]*dbent.PaymentOrder, int, error) { q := s.entClient.PaymentOrder.Query() if userID > 0 { q = q.Where(paymentorder.UserIDEQ(userID)) } if p.Status != "" { q = q.Where(paymentorder.StatusEQ(p.Status)) } if p.OrderType != "" { q = q.Where(paymentorder.OrderTypeEQ(p.OrderType)) } if p.PaymentType != "" { q = q.Where(paymentorder.PaymentTypeEQ(p.PaymentType)) } if p.Keyword != "" { q = q.Where(paymentorder.Or( paymentorder.OutTradeNoContainsFold(p.Keyword), paymentorder.UserEmailContainsFold(p.Keyword), paymentorder.UserNameContainsFold(p.Keyword), )) } total, err := q.Clone().Count(ctx) if err != nil { return nil, 0, fmt.Errorf("count admin orders: %w", err) } ps, pg := applyPagination(p.PageSize, p.Page) orders, err := q.Order(dbent.Desc(paymentorder.FieldCreatedAt)).Limit(ps).Offset((pg - 1) * ps).All(ctx) if err != nil { return nil, 0, fmt.Errorf("query admin orders: %w", err) } return orders, total, nil } // --- Cancel & Expire --- func (s *PaymentService) CancelOrder(ctx context.Context, orderID, userID int64) (string, error) { o, err := s.entClient.PaymentOrder.Get(ctx, orderID) if err != nil { return "", infraerrors.NotFound("NOT_FOUND", "order not found") } if o.UserID != userID { return "", infraerrors.Forbidden("FORBIDDEN", "no permission for this order") } if o.Status != OrderStatusPending { return "", infraerrors.BadRequest("INVALID_STATUS", "order cannot be cancelled in current status") } return s.cancelCore(ctx, o, OrderStatusCancelled, fmt.Sprintf("user:%d", userID), "user cancelled order") } func (s *PaymentService) AdminCancelOrder(ctx context.Context, orderID int64) (string, error) { o, err := s.entClient.PaymentOrder.Get(ctx, orderID) if err != nil { return "", infraerrors.NotFound("NOT_FOUND", "order not found") } if o.Status != OrderStatusPending { return "", infraerrors.BadRequest("INVALID_STATUS", "order cannot be cancelled in current status") } return s.cancelCore(ctx, o, OrderStatusCancelled, "admin", "admin cancelled order") } func (s *PaymentService) cancelCore(ctx context.Context, o *dbent.PaymentOrder, fs, op, ad string) (string, error) { if o.PaymentTradeNo != "" || o.PaymentType != "" { if s.checkPaid(ctx, o) == "already_paid" { return "already_paid", nil } } c, err := s.entClient.PaymentOrder.Update().Where(paymentorder.IDEQ(o.ID), paymentorder.StatusEQ(OrderStatusPending)).SetStatus(fs).Save(ctx) if err != nil { return "", fmt.Errorf("update order status: %w", err) } if c > 0 { auditAction := "ORDER_CANCELLED" if fs == OrderStatusExpired { auditAction = "ORDER_EXPIRED" } s.writeAuditLog(ctx, o.ID, auditAction, op, map[string]any{"detail": ad}) } return "cancelled", nil } func (s *PaymentService) checkPaid(ctx context.Context, o *dbent.PaymentOrder) string { prov, err := s.getOrderProvider(ctx, o) if err != nil { return "" } // Use OutTradeNo as fallback when PaymentTradeNo is empty // (e.g. EasyPay popup mode where trade_no arrives only via notify callback) tradeNo := o.PaymentTradeNo if tradeNo == "" { tradeNo = o.OutTradeNo } resp, err := prov.QueryOrder(ctx, tradeNo) if err != nil { slog.Warn("query upstream failed", "orderID", o.ID, "error", err) return "" } if resp.Status == payment.ProviderStatusPaid { if err := s.HandlePaymentNotification(ctx, &payment.PaymentNotification{TradeNo: o.PaymentTradeNo, OrderID: o.OutTradeNo, Amount: resp.Amount, Status: payment.ProviderStatusSuccess}, prov.ProviderKey()); err != nil { slog.Error("fulfillment failed during checkPaid", "orderID", o.ID, "error", err) // Still return already_paid — order was paid, fulfillment can be retried } return "already_paid" } if cp, ok := prov.(payment.CancelableProvider); ok { _ = cp.CancelPayment(ctx, tradeNo) } return "" } // VerifyOrderByOutTradeNo actively queries the upstream provider to check // if a payment was made, and processes it if so. This handles the case where // the provider's notify callback was missed (e.g. EasyPay popup mode). func (s *PaymentService) VerifyOrderByOutTradeNo(ctx context.Context, outTradeNo string, userID int64) (*dbent.PaymentOrder, error) { o, err := s.entClient.PaymentOrder.Query(). Where(paymentorder.OutTradeNo(outTradeNo)). Only(ctx) if err != nil { return nil, infraerrors.NotFound("NOT_FOUND", "order not found") } if o.UserID != userID { return nil, infraerrors.Forbidden("FORBIDDEN", "no permission for this order") } // Only verify orders that are still pending or recently expired if o.Status == OrderStatusPending || o.Status == OrderStatusExpired { result := s.checkPaid(ctx, o) if result == "already_paid" { // Reload order to get updated status o, err = s.entClient.PaymentOrder.Get(ctx, o.ID) if err != nil { return nil, fmt.Errorf("reload order: %w", err) } } } return o, nil } // VerifyOrderPublic verifies payment status without user authentication. // Used by the payment result page when the user's session has expired. func (s *PaymentService) VerifyOrderPublic(ctx context.Context, outTradeNo string) (*dbent.PaymentOrder, error) { o, err := s.entClient.PaymentOrder.Query(). Where(paymentorder.OutTradeNo(outTradeNo)). Only(ctx) if err != nil { return nil, infraerrors.NotFound("NOT_FOUND", "order not found") } if o.Status == OrderStatusPending || o.Status == OrderStatusExpired { result := s.checkPaid(ctx, o) if result == "already_paid" { o, err = s.entClient.PaymentOrder.Get(ctx, o.ID) if err != nil { return nil, fmt.Errorf("reload order: %w", err) } } } return o, nil } func (s *PaymentService) ExpireTimedOutOrders(ctx context.Context) (int, error) { now := time.Now() orders, err := s.entClient.PaymentOrder.Query().Where(paymentorder.StatusEQ(OrderStatusPending), paymentorder.ExpiresAtLTE(now)).All(ctx) if err != nil { return 0, fmt.Errorf("query expired: %w", err) } n := 0 for _, o := range orders { // Check upstream payment status before expiring — the user may have // paid just before timeout and the webhook hasn't arrived yet. outcome, _ := s.cancelCore(ctx, o, OrderStatusExpired, "system", "order expired") if outcome == "already_paid" { slog.Info("order was paid during expiry", "orderID", o.ID) continue } if outcome != "" { n++ } } return n, nil } // getOrderProvider creates a provider using the order's original instance config. // Falls back to registry lookup if instance ID is missing (legacy orders). func (s *PaymentService) getOrderProvider(ctx context.Context, o *dbent.PaymentOrder) (payment.Provider, error) { if o.ProviderInstanceID != nil && *o.ProviderInstanceID != "" { instID, err := strconv.ParseInt(*o.ProviderInstanceID, 10, 64) if err == nil { cfg, err := s.loadBalancer.GetInstanceConfig(ctx, instID) if err == nil { providerKey := s.registry.GetProviderKey(o.PaymentType) if providerKey == "" { providerKey = o.PaymentType } p, err := provider.CreateProvider(providerKey, *o.ProviderInstanceID, cfg) if err == nil { return p, nil } } } } s.EnsureProviders(ctx) return s.registry.GetProvider(o.PaymentType) }