from fastapi import APIRouter, Depends, Response, Request from sqlalchemy.orm import Session from app.models.database import get_db from app.models.user import UserInfo,UserDB, PhoneLoginRequest, generate_user_code from app.models.order import ShippingOrderDB, OrderStatus from app.core.response import success_response, error_response, ResponseModel from app.core.wechat import WeChatClient from app.core.security import create_access_token, set_jwt_cookie from pydantic import BaseModel import json import time from datetime import datetime, timezone from app.api.deps import get_current_user from app.core.config import settings import random import string router = APIRouter() class PhoneNumberRequest(BaseModel): code: str # 登录凭证 referral_code: str = None # 推荐码(可选) @router.post("/phone-login", response_model=ResponseModel) async def wechat_phone_login( request: PhoneNumberRequest, db: Session = Depends(get_db), response: Response = None ): """通过微信手机号登录/注册""" try: # 初始化微信客户端 wechat = WeChatClient() # 获取用户 openid session_info = await wechat.code2session(request.code) openid = session_info["openid"] # 获取用户手机号 phone_info = await wechat.get_phone_number(request.code) if not phone_info or not phone_info.get('phone_number'): return error_response(code=400, message="获取手机号失败") phone = phone_info['phone_number'] # 查找或创建用户 user = db.query(UserDB).filter(UserDB.phone == phone).first() if not user: # 生成用户编码 user_code = generate_user_code(db) user = UserDB( username=f"user_{phone[-4:]}", phone=phone, user_code=user_code, referral_code=request.referral_code, openid=openid # 保存 openid ) db.add(user) db.flush() # 发放优惠券 from app.api.endpoints.user import issue_register_coupons issue_register_coupons(db, user.userid) db.commit() db.refresh(user) else: # 更新现有用户的 openid user.openid = openid db.commit() # 创建访问令牌 access_token = create_access_token( data={"phone": user.phone, "userid": user.userid} ) # 设置JWT cookie if response: set_jwt_cookie(response, access_token) return success_response( message="登录成功", data={ "user": UserInfo.model_validate(user), "access_token": access_token, "token_type": "bearer" } ) except Exception as e: db.rollback() return error_response(code=500, message=f"登录失败: {str(e)}") @router.post("/pay/order", response_model=ResponseModel) async def create_wechat_pay_order( orderid: str, db: Session = Depends(get_db), current_user: UserDB = Depends(get_current_user) ): """创建微信支付订单""" # 查询订单 order = db.query(ShippingOrderDB).filter( ShippingOrderDB.orderid == orderid, ShippingOrderDB.userid == current_user.userid, ShippingOrderDB.status == OrderStatus.UNPAID # 只能支付新创建的订单 ).first() if not order: return error_response(code=404, message="订单不存在或状态不正确") # 检查是否已经支付 if order.pay_status: return error_response(code=400, message="订单已支付") try: # 获取微信支付客户端 wx_pay_client = WeChatClient() # 创建支付订单 resp_data = wx_pay_client.create_jsapi_payment( orderid=orderid, amount=int(order.final_amount * 100), openid=current_user.openid, description=f"蜂快到家-配送订单{orderid}" ) # 更新订单支付信息 order.prepay_id = resp_data.get("prepay_id") db.commit() # 生成支付参数 timestamp = str(int(time.time())) nonce_str = generate_random_string() package = f"prepay_id={resp_data.get('prepay_id')}" # 构建签名数据 sign_data = f"{settings.WECHAT_APPID}\n{timestamp}\n{nonce_str}\n{package}\n" signature = wx_pay_client.sign(sign_data.encode()) return success_response(data={ "orderid": orderid, "payment_params": { "appId": settings.WECHAT_APPID, "timeStamp": timestamp, "nonceStr": nonce_str, "package": package, "signType": "RSA", "paySign": signature } }) except Exception as e: db.rollback() return error_response(code=500, message=f"创建支付订单失败: {str(e)}") @router.post("/pay/notify") async def wechat_pay_notify(request: Request): """微信支付回调通知""" try: # 获取微信支付客户端 wx_pay_client = WeChatClient() # 读取原始请求数据 body = await request.body() # 验证签名 headers = request.headers signature = headers.get("Wechatpay-Signature") timestamp = headers.get("Wechatpay-Timestamp") nonce = headers.get("Wechatpay-Nonce") serial_no = headers.get("Wechatpay-Serial") if not all([signature, timestamp, nonce, serial_no]): return error_response(code=400, message="缺少必要的请求头") # 验证签名 sign_str = f"{timestamp}\n{nonce}\n{body.decode()}\n" if not wx_pay_client.verify_signature( sign_str.encode(), signature, serial_no ): return error_response(code=401, message="签名验证失败") # 解密数据 data = json.loads(body) resource = data.get("resource") if not resource: return error_response(code=400, message="缺少资源数据") # 解密回调数据 decrypted_data = wx_pay_client.decrypt_callback( resource.get("associated_data", ""), resource.get("nonce", ""), resource.get("ciphertext", "") ) # 解析解密后的数据 notify_data = json.loads(decrypted_data) # 获取订单信息 trade_state = notify_data.get("trade_state") orderid = notify_data.get("out_trade_no") transaction_id = notify_data.get("transaction_id") # 处理支付结果 if trade_state == "SUCCESS": # 获取数据库会话 db = next(get_db()) try: # 查询并更新订单 order = db.query(ShippingOrderDB).filter( ShippingOrderDB.orderid == orderid, ShippingOrderDB.pay_status == False # 避免重复处理 ).first() if order: # 更新订单支付状态 order.pay_status = True order.pay_time = datetime.now(timezone.utc) order.transaction_id = transaction_id db.commit() return success_response(message="支付成功") except Exception as e: db.rollback() # 记录错误日志 print(f"处理支付回调失败: {str(e)}") return error_response(code=500, message=f"处理失败: {str(e)}") finally: db.close() return success_response(message="回调处理成功") except Exception as e: # 记录错误日志 print(f"支付回调异常: {str(e)}") return error_response(code=500, message=f"回调处理异常: {str(e)}")