mojiahui/webman-buildadmin
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1.配置新版支付模块-菜单和接口都已重构

Browse Source 
2.优化充值提现页面
3.菜单翻译问题
4.备份数据库
This commit is contained in:
zhenhui
2026-04-30 11:37:46 +08:00
parent e8c2b9d345
commit c7fc754573
23 changed files with 4042 additions and 400 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
.env-example
View File

@@ -46,5 +46,21 @@ AUTH_TOKEN_SECRET = 564d14asdasd113e46542asd6das1a2a
H5_WEBSOCKET_URL = wss://zihua-api.h55555game.top/ws/
# 充值支付渠道在代码注册表之外追加渠道JSON 数组,每项含 code / name / name_en / sort
# 示例DEPOSIT_CHANNELS_REGISTRY_JSON = [{"code":"bank_a","name":"银行转账A","name_en":"Bank A","sort":20}]
# 当前代码注册表仅内置 ddpay一般无需再追加。示例DEPOSIT_CHANNELS_REGISTRY_JSON =
DEPOSIT_CHANNELS_REGISTRY_JSON =
# ========== DDPay Payment Gateway文档docs/DDPay Payment Gateway_v1.1.3_zh.md==========
# 公网 HTTPS 根地址,无尾斜杠;用于拼接入金/出金 callback_url。生产必填不配则从请求 Host 推导(本地可能为 http
DDPAY_PUBLIC_BASE_URL =
# 商户标识(文档 client_ididentifier 为项目对接扩展字段,按 DDPay 分配填写)
DDPAY_CLIENT_ID =
DDPAY_IDENTIFIER =
# API 签名密钥(文档 API Secret勿提交到版本库
DDPAY_API_SECRET =
# 接口 Endpoint由 DDPay 商户支持提供HTTPS POST application/json
DDPAY_DEPOSIT_INIT_URL =
DDPAY_DEPOSIT_STATUS_URL =
DDPAY_PAYOUT_INIT_URL =
DDPAY_PAYOUT_STATUS_URL =

151
app/admin/controller/config/FinanceCashierConfig.php
View File

@@ -6,6 +6,7 @@ namespace app\admin\controller\config;
use app\common\controller\Backend;
use app\common\library\game\DepositChannel as DepositChannelLib;
use app\common\library\game\DepositTier as DepositTierLib;
use app\common\library\game\FinanceCashierConfig as FinanceCashierConfigLib;
use app\common\service\GameHotDataCoordinator;
use app\common\service\GameHotDataLock;
@@ -22,7 +23,7 @@ class FinanceCashierConfig extends Backend
{
protected bool $modelValidate = false;
protected array $noNeedPermission = ['index', 'save'];
protected array $noNeedPermission = ['index', 'save', 'tierList', 'tierSave'];
private function hasNodePermission(WebmanRequest $request, string $action): bool
{
@@ -109,6 +110,21 @@ class FinanceCashierConfig extends Backend
if (!is_array($payload)) {
return $this->error(__('Parameter %s can not be empty', ['']));
}
$pruneTierCurrencies = [];
if (isset($payload['prune_tier_currency_codes']) && is_array($payload['prune_tier_currency_codes'])) {
foreach ($payload['prune_tier_currency_codes'] as $c) {
if (!is_string($c)) {
continue;
}
$s = strtoupper(trim($c));
if ($s !== '') {
$pruneTierCurrencies[] = $s;
}
}
$pruneTierCurrencies = array_values(array_unique($pruneTierCurrencies));
}
unset($payload['prune_tier_currency_codes']);
try {
$json = FinanceCashierConfigLib::encodeForDb($payload);
} catch (InvalidArgumentException $e) {
@@ -162,11 +178,17 @@ class FinanceCashierConfig extends Backend
'update_time' => $now,
]);
}
if ($pruneTierCurrencies !== []) {
$this->pruneDepositTiersByCurrencies($pruneTierCurrencies, $now);
}
} catch (Throwable $e) {
return $this->error($e->getMessage());
}
GameHotDataCoordinator::afterGameConfigKeyCommitted(FinanceCashierConfigLib::CONFIG_KEY);
GameHotDataCoordinator::afterGameConfigKeyCommitted(DepositChannelLib::CONFIG_KEY);
if ($pruneTierCurrencies !== []) {
GameHotDataCoordinator::afterGameConfigKeyCommitted(DepositTierLib::CONFIG_KEY);
}
return $this->success(__('Saved successfully'));
} finally {
@@ -174,6 +196,83 @@ class FinanceCashierConfig extends Backend
}
}
public function tierList(WebmanRequest $request): Response
{
$response = $this->initializeBackend($request);
if ($response !== null) {
return $response;
}
if (!$this->hasNodePermission($request, 'tierList')) {
return $this->error(__('You have no permission'), [], 401);
}
if ($request->method() !== 'GET') {
return $this->error(__('Parameter error'));
}
$list = $this->loadDepositTierItems();
return $this->success('', ['list' => $list]);
}
public function tierSave(WebmanRequest $request): Response
{
$response = $this->initializeBackend($request);
if ($response !== null) {
return $response;
}
if (!$this->hasNodePermission($request, 'tierSave')) {
return $this->error(__('You have no permission'), [], 401);
}
if ($request->method() !== 'POST') {
return $this->error(__('Parameter error'));
}
$payload = $request->post();
if (!is_array($payload)) {
return $this->error(__('Parameter error'));
}
$items = $payload['items'] ?? null;
if (!is_array($items)) {
return $this->error(__('Items must be an array'));
}
try {
$clean = DepositTierLib::prepareItemsForSave(array_values($items));
$json = DepositTierLib::encodeForDb($clean);
} catch (InvalidArgumentException $e) {
return $this->error($e->getMessage());
}
$now = time();
$resourceKey = GameHotDataLock::safeResourceKeyForConfig(DepositTierLib::CONFIG_KEY);
$lock = GameHotDataLock::tryAcquire(GameHotDataLock::TYPE_GAME_CONFIG, $resourceKey);
if (!$lock['acquired']) {
return $this->error(__('This config is locked by another operation, please try again later'));
}
try {
$exists = Db::name('game_config')->where('config_key', DepositTierLib::CONFIG_KEY)->find();
if ($exists) {
Db::name('game_config')->where('config_key', DepositTierLib::CONFIG_KEY)->update([
'config_value' => $json,
'value_type' => 'json',
'update_time' => $now,
]);
} else {
Db::name('game_config')->insert([
'config_key' => DepositTierLib::CONFIG_KEY,
'config_value' => $json,
'value_type' => 'json',
'remark' => '充值档位 JSON 数组financeCashierConfig 统一维护)',
'create_time' => $now,
'update_time' => $now,
]);
}
GameHotDataCoordinator::afterGameConfigKeyCommitted(DepositTierLib::CONFIG_KEY);
return $this->success(__('Saved successfully'));
} catch (Throwable $e) {
return $this->error($e->getMessage());
} finally {
GameHotDataLock::release(GameHotDataLock::TYPE_GAME_CONFIG, $resourceKey, $lock['token'], $lock['redis_lock']);
}
}
/**
* @return array<string, array{name: string, name_en: string, sort: int}>
*/
@@ -194,4 +293,54 @@ class FinanceCashierConfig extends Backend
return $registryOut;
}
/**
* @return list<array<string, mixed>>
*/
private function loadDepositTierItems(): array
{
$row = Db::name('game_config')->where('config_key', DepositTierLib::CONFIG_KEY)->find();
return DepositTierLib::parseFromConfigValue(is_array($row) ? ($row['config_value'] ?? null) : null);
}
/**
* @param list<string> $currencyCodes
*/
private function pruneDepositTiersByCurrencies(array $currencyCodes, int $now): void
{
if ($currencyCodes === []) {
return;
}
$exists = Db::name('game_config')->where('config_key', DepositTierLib::CONFIG_KEY)->find();
$items = $this->loadDepositTierItems();
$filtered = [];
foreach ($items as $row) {
if (!is_array($row)) {
continue;
}
$currency = isset($row['currency']) && is_string($row['currency']) ? strtoupper(trim($row['currency'])) : '';
if ($currency !== '' && in_array($currency, $currencyCodes, true)) {
continue;
}
$filtered[] = $row;
}
$json = DepositTierLib::encodeForDb(DepositTierLib::prepareItemsForSave(array_values($filtered)));
if ($exists) {
Db::name('game_config')->where('config_key', DepositTierLib::CONFIG_KEY)->update([
'config_value' => $json,
'value_type' => 'json',
'update_time' => $now,
]);
} else {
Db::name('game_config')->insert([
'config_key' => DepositTierLib::CONFIG_KEY,
'config_value' => $json,
'value_type' => 'json',
'remark' => '充值档位 JSON 数组financeCashierConfig 统一维护)',
'create_time' => $now,
'update_time' => $now,
]);
}
}
}

259
app/admin/controller/order/WithdrawOrder.php
View File

@@ -3,6 +3,7 @@
namespace app\admin\controller\order;
use app\common\controller\Backend;
use app\common\library\finance\DDPayGateway;
use support\think\Db;
use support\Response;
use Throwable;
@@ -251,6 +252,264 @@ class WithdrawOrder extends Backend
return $this->error($e->getMessage());
}
// 审核通过后自动发起 DDPAY 出金(并在失败时回冲余额)
try {
$fresh = Db::name('withdraw_order')->where('id', $id)->find();
if (!is_array($fresh)) {
// 理论上不会发生:只写失败备注
Db::name('withdraw_order')->where('id', $id)->update([
'remark' => '[ddpay] payout order missing',
'update_time' => time(),
]);
} else {
$orderNo = is_string($fresh['order_no'] ?? null) ? trim($fresh['order_no'] ?? '') : strval($fresh['order_no'] ?? '');
$receiveType = is_string($fresh['receive_type'] ?? null) ? strtolower(trim($fresh['receive_type'] ?? '')) : '';
// 当前仅接入 bank 类型出金(与移动端 withdrawCreate 校验一致)
if ($orderNo !== '' && $receiveType === 'bank') {
$base = \app\common\library\finance\DDPayGateway::publicBaseUrlForCallbacks($request);
if ($base === '') {
$base = 'https://' . strval($request->host());
}
$callbackUrl = rtrim($base, '/') . '/api/finance/ddpayPayoutNotify';
$payoutAmount = is_string($fresh['actual_amount'] ?? null) && $fresh['actual_amount'] !== '' ? trim($fresh['actual_amount']) : $newActual;
$receiverName = is_string($fresh['ddpay_receiver_name'] ?? null) ? trim($fresh['ddpay_receiver_name'] ?? '') : '';
$receiverAccount = is_string($fresh['receive_account'] ?? null) ? trim($fresh['receive_account'] ?? '') : '';
$bankName = is_string($fresh['ddpay_bank_name'] ?? null) ? trim($fresh['ddpay_bank_name'] ?? '') : '';
$bankBranch = is_string($fresh['ddpay_bank_branch'] ?? null) ? trim($fresh['ddpay_bank_branch'] ?? '') : 'N/A';
if ($receiverName === '' || $receiverAccount === '' || $bankName === '') {
// 缺少 DDPAY 出金字段:回冲并置为失败
Db::startTrans();
try {
$amountRefund = bcadd(strval($fresh['amount'] ?? '0'), '0', 2);
$updated = Db::name('withdraw_order')
->where('id', $id)
->where('status', 1)
->update([
'status' => 2,
'remark' => '[ddpay] missing payout fields',
'update_time' => time(),
]);
if ($updated > 0 && bccomp($amountRefund, '0', 2) > 0) {
$userIdRefund = intval(strval($fresh['user_id'] ?? 0));
$userRow = Db::name('user')->where('id', $userIdRefund)->find();
$beforeCoin = bcadd(strval($userRow['coin'] ?? '0'), '0', 2);
$afterCoin = bcadd($beforeCoin, $amountRefund, 2);
Db::name('user')->where('id', $userIdRefund)->update([
'coin' => $afterCoin,
'total_withdraw_coin' => Db::raw('total_withdraw_coin - ' . $amountRefund),
'update_time' => time(),
]);
$idempotencyKey = 'wd_ddpay_failed_' . strval($orderNo);
$exists = Db::name('user_wallet_record')->where('idempotency_key', $idempotencyKey)->find();
if (!$exists) {
$channelId = null;
if (isset($fresh['channel_id']) && is_numeric(strval($fresh['channel_id']))) {
$channelId = intval(strval($fresh['channel_id']));
}
Db::name('user_wallet_record')->insert([
'user_id' => $userIdRefund,
'channel_id' => $channelId,
'biz_type' => 'withdraw_refund',
'direction' => 1,
'amount' => $amountRefund,
'balance_before' => $beforeCoin,
'balance_after' => $afterCoin,
'ref_type' => 'withdraw_order',
'ref_id' => intval(strval($id)),
'idempotency_key' => $idempotencyKey,
'operator_admin_id' => null,
'remark' => '[ddpay] missing payout fields refund',
'create_time' => time(),
]);
}
}
Db::commit();
} catch (Throwable $e2) {
Db::rollback();
}
} else {
$clientId = config('app.ddpay_client_id', '');
$identifier = config('app.ddpay_identifier', '');
$ddReq = [
'client_id' => $clientId,
'identifier' => $identifier,
'bill_number' => $orderNo,
'amount' => $payoutAmount,
'receiver_name' => $receiverName,
'receiver_account' => $receiverAccount,
'bank[name]' => $bankName,
'bank_branch' => $bankBranch,
'callback_url' => $callbackUrl,
];
$ddResp = [];
$ts = '';
try {
$ddResp = DDPayGateway::payoutInitiation($ddReq);
$ts = is_string($ddResp['transaction_status'] ?? null) ? strtolower(trim($ddResp['transaction_status'] ?? '')) : '';
} catch (Throwable $e) {
// initiation 异常同“failed”处理回冲并置失败
$ts = 'failed';
$ddResp = ['error' => (string) $e->getMessage()];
}
if (is_array($ddResp)) {
Db::name('withdraw_order')
->where('id', $id)
->update([
'ddpay_payout_snapshot' => json_encode([
'init_request' => $ddReq,
'init_response' => $ddResp,
], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES),
]);
}
if ($ts === 'completed') {
Db::name('withdraw_order')
->where('id', $id)
->where('status', 1)
->update([
'status' => 3,
'remark' => '[ddpay] payout completed',
'update_time' => time(),
]);
} elseif ($ts === 'failed') {
$amountRefund = bcadd(strval($fresh['amount'] ?? '0'), '0', 2);
Db::startTrans();
try {
$updated = Db::name('withdraw_order')
->where('id', $id)
->where('status', 1)
->update([
'status' => 2,
'remark' => '[ddpay] payout failed',
'update_time' => time(),
]);
if ($updated > 0 && bccomp($amountRefund, '0', 2) > 0) {
$userIdRefund = intval(strval($fresh['user_id'] ?? 0));
$userRow = Db::name('user')->where('id', $userIdRefund)->find();
$beforeCoin = bcadd(strval($userRow['coin'] ?? '0'), '0', 2);
$afterCoin = bcadd($beforeCoin, $amountRefund, 2);
Db::name('user')->where('id', $userIdRefund)->update([
'coin' => $afterCoin,
'total_withdraw_coin' => Db::raw('total_withdraw_coin - ' . $amountRefund),
'update_time' => time(),
]);
$idempotencyKey = 'wd_ddpay_failed_' . strval($orderNo);
$exists = Db::name('user_wallet_record')->where('idempotency_key', $idempotencyKey)->find();
if (!$exists) {
$channelId = null;
if (isset($fresh['channel_id']) && is_numeric(strval($fresh['channel_id']))) {
$channelId = intval(strval($fresh['channel_id']));
}
Db::name('user_wallet_record')->insert([
'user_id' => $userIdRefund,
'channel_id' => $channelId,
'biz_type' => 'withdraw_refund',
'direction' => 1,
'amount' => $amountRefund,
'balance_before' => $beforeCoin,
'balance_after' => $afterCoin,
'ref_type' => 'withdraw_order',
'ref_id' => intval(strval($id)),
'idempotency_key' => $idempotencyKey,
'operator_admin_id' => null,
'remark' => '[ddpay] payout failed refund',
'create_time' => time(),
]);
}
}
Db::commit();
} catch (Throwable $e3) {
Db::rollback();
}
} else {
// pending按文档做一次 status inquiry 兜底Webhook 仍会最终落账)
try {
$inq = DDPayGateway::payoutStatusInquiry([
'client_id' => $clientId,
'bill_number' => $orderNo,
]);
$ts2 = is_string($inq['transaction_status'] ?? null) ? strtolower(trim($inq['transaction_status'] ?? '')) : '';
if ($ts2 === 'completed') {
Db::name('withdraw_order')
->where('id', $id)
->where('status', 1)
->update([
'status' => 3,
'remark' => '[ddpay] payout completed (after status inquiry)',
'update_time' => time(),
]);
} elseif ($ts2 === 'failed') {
$amountRefund = bcadd(strval($fresh['amount'] ?? '0'), '0', 2);
Db::startTrans();
try {
$updated = Db::name('withdraw_order')
->where('id', $id)
->where('status', 1)
->update([
'status' => 2,
'remark' => '[ddpay] payout failed (after status inquiry)',
'update_time' => time(),
]);
if ($updated > 0 && bccomp($amountRefund, '0', 2) > 0) {
$userIdRefund = intval(strval($fresh['user_id'] ?? 0));
$userRow = Db::name('user')->where('id', $userIdRefund)->find();
$beforeCoin = bcadd(strval($userRow['coin'] ?? '0'), '0', 2);
$afterCoin = bcadd($beforeCoin, $amountRefund, 2);
Db::name('user')->where('id', $userIdRefund)->update([
'coin' => $afterCoin,
'total_withdraw_coin' => Db::raw('total_withdraw_coin - ' . $amountRefund),
'update_time' => time(),
]);
$idempotencyKey = 'wd_ddpay_failed_' . strval($orderNo);
$exists = Db::name('user_wallet_record')->where('idempotency_key', $idempotencyKey)->find();
if (!$exists) {
$channelId = null;
if (isset($fresh['channel_id']) && is_numeric(strval($fresh['channel_id']))) {
$channelId = intval(strval($fresh['channel_id']));
}
Db::name('user_wallet_record')->insert([
'user_id' => $userIdRefund,
'channel_id' => $channelId,
'biz_type' => 'withdraw_refund',
'direction' => 1,
'amount' => $amountRefund,
'balance_before' => $beforeCoin,
'balance_after' => $afterCoin,
'ref_type' => 'withdraw_order',
'ref_id' => intval(strval($id)),
'idempotency_key' => $idempotencyKey,
'operator_admin_id' => null,
'remark' => '[ddpay] payout failed refund (after status inquiry)',
'create_time' => time(),
]);
}
}
Db::commit();
} catch (Throwable $e4) {
Db::rollback();
}
}
} catch (Throwable $e5) {
// ignoreWebhook 会兜底
}
}
}
}
}
} catch (Throwable $e) {
// 外部出金调用失败不阻断审核流:只记录 remark避免阻塞用户提现
Db::name('withdraw_order')->where('id', $id)->update([
'remark' => '[ddpay] payout flow exception: ' . substr((string) $e->getMessage(), 0, 200),
'update_time' => time(),
]);
}
return $this->success(__('Approved'), [
'id' => $id,
'amount' => $newAmount,

735
app/api/controller/Finance.php
View File

@@ -4,8 +4,8 @@ declare(strict_types=1);
namespace app\api\controller;
use app\common\library\finance\DepositMockGateway;
use app\common\library\finance\DepositSettlement;
use app\common\library\finance\DDPayGateway;
use app\common\library\finance\WithdrawFlow;
use app\common\library\game\DepositChannel as DepositChannelLib;
use app\common\library\game\DepositTier as DepositTierLib;
@@ -14,23 +14,33 @@ use app\common\model\DepositOrder;
use app\common\model\GameConfig;
use app\common\model\WithdrawOrder;
use app\common\service\DepositOrderExpireService;
use support\Log;
use support\Response;
use support\think\Db;
use Throwable;
use RuntimeException;
use Webman\Http\Request;
use function response;
class Finance extends MobileBase
{
/**
* 模拟第三方收银台页与支付回调,无需 user-token仅 HMAC 防篡改
* DDPay Webhook / 重定向等无需用户登录态
*/
protected array $noNeedLogin = ['depositMockPayPage', 'depositMockNotify'];
protected array $noNeedLogin = [
'ddpayDepositNotify',
'ddpayPayoutNotify',
];
/**
* 允许浏览器直接打开 pay_url 而不带 auth-token。
* DDPay 回调与重定向允许浏览器直接访问(无 auth-token
*/
protected array $noNeedAuthToken = ['depositMockPayPage', 'depositMockNotify'];
protected array $noNeedAuthToken = [
'ddpayDepositNotify',
'ddpayDepositRedirect',
'ddpayPayoutNotify',
'ddpayPayoutRedirect',
];
/**
* 充值档位列表(仅启用档位,按 sort 升序)
@@ -67,7 +77,7 @@ class Finance extends MobileBase
'bonus_amount' => $this->amountNumber($bonus),
'total_amount' => $this->amountNumber($total),
'desc' => $localized['desc'],
'channels' => DepositChannelLib::channelsForTier($tierId, $effectiveChannels, $lang),
'channels' => DepositChannelLib::channelsForTier($tierId, $effectiveChannels, $lang, $currency),
];
}
return $this->mobileSuccess([
@@ -88,22 +98,16 @@ class Finance extends MobileBase
}
/**
* 创建充值订单
* 创建充值订单(仅 DDPay
*
* 当前为 mock 支付网关:本接口仅创建待支付订单并返回 pay_url。
* 未来接入真实第三方支付时,仅需替换 pay_url 生成与回调验签,入账仍在回调中调用 DepositSettlement::settle。
* `channel_code` 必须为 `ddpay`。服务端创建待支付订单后调用 DDPay「入金发起」返回三方 `payment_url` 作为 `pay_url`
* 入账由 `ddpayDepositNotify` Webhook 验签后调用 `DepositSettlement::settle`(或发起响应中 `transaction_status=completed` 时同步结算)
*
* 请求application/json 或 x-www-form-urlencoded
* - tier_id / tier_key: 必填,档位唯一标识(与 depositTierList 中 id、tier_key 一致)
* - channel_code: 必填,支付渠道代码(与 depositTierList 各档位 channels[].code 一致
* - idempotency_key: 必填,客户端幂等键,短时间内重复提交只生成一次订单
* - tier_id / tier_key、channel_code=ddpay、idempotency_key必填
* - payment_type、payer_name、payer_bank_nameDDPay 入金必填(见 DDPay 文档与移动端接口说明
*
* 流程:仅创建 `status=0` 的待支付订单,返回 `pay_url`(含签名的模拟「第三方收银台」页);玩家打开后点确认,
* 由服务端 `depositMockNotify` 模拟网关联调完成入账。未来接入真实三方时,将「打开 pay_url + 等回调」替换为
* 真网关,入账仍走 `DepositSettlement::settle`。
*
* 响应(统一结构,未来接入第三方也保持此形状):
* - order_no / amount / pay_channel / paid / pay_url / status / create_time / pay_time
* 响应:`order_no` / `amount` / `pay_channel` / `paid` / `pay_url` / `status` / `create_time` / `pay_time`
*/
public function depositCreate(Request $request): Response
{
@@ -124,6 +128,9 @@ class Finance extends MobileBase
if (mb_strlen($idempotencyKey) > 64) {
return $this->mobileError(1002, 'Idempotency key is too long');
}
if ($channelCode !== 'ddpay') {
return $this->mobileError(2004, 'Deposit only supports DDPay');
}
$tiers = $this->loadEnabledTiers();
$tier = DepositTierLib::findById($tiers, $tierId);
@@ -167,6 +174,9 @@ class Finance extends MobileBase
if ($curSnap === '') {
$curSnap = 'CNY';
}
if (!DepositChannelLib::assertChannelAllowsCurrency($channelCode, $curSnap, $effectiveChannels)) {
return $this->mobileError(2004, 'Pay channel not available for this currency');
}
$tierSnapshot = [
'id' => $tier['id'],
'title' => is_string($tier['title'] ?? null) ? $tier['title'] : '',
@@ -213,8 +223,138 @@ class Finance extends MobileBase
return $this->mobileError(2000, $msg);
}
// 仅落待支付单;真实入账在模拟网关联调 depositMockNotify 中完成
return $this->mobileSuccess($this->buildDepositResponse($order, $this->publicOriginFromRequest($request)));
$orderId = is_numeric($order->id ?? null) ? intval(strval($order->id)) : 0;
$publicOrigin = $this->publicOriginFromRequest($request);
// DDPay 入金:创建订单后,调用三方「入金发起」拿到 payment_url并在回调里验签结算。
$toString = static function (mixed $v): string {
if (is_string($v)) {
return trim($v);
}
if (is_numeric($v)) {
return trim(strval($v));
}
return '';
};
$paymentType = $toString($request->input('payment_type'));
if ($paymentType === '') {
$paymentType = $toString($request->input('paymentType'));
}
$payerName = $toString($request->input('payer_name'));
if ($payerName === '') {
$payerName = $toString($request->input('payerName'));
}
$payerBankName = $toString($request->input('payer_bank_name'));
if ($payerBankName === '') {
$payerBankName = $toString($request->input('payer_bank[name]'));
}
if ($payerBankName === '') {
$payerBankName = $toString($request->input('payerBankName'));
}
if ($paymentType === '' || $payerName === '' || $payerBankName === '') {
return $this->mobileError(1001, 'Missing DDPay parameters');
}
$callbackUrl = rtrim($publicOrigin, '/') . '/api/finance/ddpayDepositNotify';
$redirectUrl = rtrim($publicOrigin, '/') . '/api/finance/ddpayDepositRedirect?order_no=' . rawurlencode($orderNo);
$ddReq = [
'client_id' => config('app.ddpay_client_id', ''),
'identifier' => config('app.ddpay_identifier', ''),
'order_id' => $orderNo,
'payment_type' => $paymentType,
'transaction_amount' => $tierSnapshot['pay_amount'],
'payer_name' => $payerName,
'payer_bank[name]' => $payerBankName,
'callback_url' => $callbackUrl,
'redirect_url' => $redirectUrl,
];
try {
$ddResp = DDPayGateway::depositInitiation($ddReq);
} catch (Throwable $e) {
Log::error('[depositCreate] ddpay initiation failed: ' . json_encode([
'order_no' => $orderNo,
'user_id' => $userId,
'exception' => get_class($e),
'reason' => $e->getMessage(),
], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
if ($orderId > 0) {
$remark = '[ddpay] ' . $e->getMessage();
$remark = mb_substr($remark, 0, 255);
Db::name('deposit_order')
->where('id', $orderId)
->where('status', 0)
->update([
'status' => 2,
'remark' => $remark,
'update_time' => time(),
]);
}
return $this->mobileError(2000, 'DDPay deposit initiation failed');
}
$ts = '';
if (isset($ddResp['transaction_status']) && is_string($ddResp['transaction_status'])) {
$ts = strtolower(trim($ddResp['transaction_status']));
}
$paymentUrl = '';
if (isset($ddResp['payment_url']) && is_string($ddResp['payment_url'])) {
$paymentUrl = trim($ddResp['payment_url']);
}
if ($orderId > 0) {
$snapUpdate = $tierSnapshot;
if ($paymentUrl !== '') {
$snapUpdate['payment_url'] = $paymentUrl;
}
$snapUpdate['ddpay'] = $ddResp;
Db::name('deposit_order')
->where('id', $orderId)
->update([
'pay_account_snapshot' => json_encode($snapUpdate, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES),
]);
}
if ($ts === 'completed' && $orderId > 0) {
try {
DepositSettlement::settle(
$orderId,
DepositSettlement::SOURCE_THIRD_PARTY,
'ddpay deposit initiation completed',
null,
'transaction_status=' . $ts
);
} catch (Throwable $e) {
// 已有状态不允许 settlement 时忽略,返回当前订单状态即可
}
}
if ($ts === 'failed' && $orderId > 0) {
$statusMsg = is_string($ddResp['status_message'] ?? null) ? trim($ddResp['status_message']) : 'DDPay transaction failed';
$remark = '[ddpay] ' . $statusMsg;
$remark = mb_substr($remark, 0, 255);
Db::name('deposit_order')
->where('id', $orderId)
->where('status', 0)
->update([
'status' => 2,
'remark' => $remark,
'update_time' => time(),
]);
}
$fresh = DepositOrder::where('id', $orderId)->find();
if ($fresh) {
return $this->mobileSuccess($this->buildDepositResponse($fresh, $publicOrigin));
}
return $this->mobileSuccess($this->buildDepositResponse($order, $publicOrigin));
}
/**
@@ -231,8 +371,23 @@ class Finance extends MobileBase
$total = bcadd($amount, $bonus, 2);
$on = is_string($order->order_no) ? $order->order_no : strval($order->order_no);
$payUrl = '';
$payChannel = is_string($order->pay_channel) ? $order->pay_channel : strval($order->pay_channel);
if ($this->intValue($order->status) === 0 && $on !== '') {
$payUrl = DepositMockGateway::payPageUrl($on, $publicOrigin);
if ($payChannel === 'ddpay') {
$snapRaw = $order->pay_account_snapshot ?? null;
$snap = null;
if (is_array($snapRaw)) {
$snap = $snapRaw;
} elseif (is_string($snapRaw) && trim($snapRaw) !== '') {
$decoded = json_decode($snapRaw, true);
if (is_array($decoded)) {
$snap = $decoded;
}
}
if (is_array($snap) && isset($snap['payment_url']) && is_string($snap['payment_url'])) {
$payUrl = trim($snap['payment_url']);
}
}
}
return [
'order_no' => $on,
@@ -241,7 +396,7 @@ class Finance extends MobileBase
'total_amount' => $this->amountNumber($total),
'status' => $status,
'paid' => $paid,
'pay_channel' => is_string($order->pay_channel) ? $order->pay_channel : strval($order->pay_channel),
'pay_channel' => $payChannel,
'pay_url' => $payUrl,
'create_time' => is_numeric(strval($order->create_time)) ? intval(strval($order->create_time)) : 0,
'pay_time' => is_numeric(strval($order->pay_time)) ? intval(strval($order->pay_time)) : 0,
@@ -249,93 +404,154 @@ class Finance extends MobileBase
}
/**
* 根据请求拼出公网 origin用于给客户端直接可用的完整 pay_url
* 公网根 URL优先环境变量 DDPAY_PUBLIC_BASE_URL否则按请求推导见 DDPayGateway::publicBaseUrlForCallbacks
*/
private function publicOriginFromRequest(Request $request): string
{
$proto = strtolower((string) $request->header('x-forwarded-proto', ''));
$https = $proto === 'https' || strtolower((string) $request->header('x-forwarded-ssl', '')) === 'on';
$scheme = $https ? 'https' : 'http';
$host = trim((string) $request->header('host', ''));
if ($host === '') {
$host = trim((string) ($request->header('x-forwarded-host', '')));
}
if ($host === '') {
$host = '127.0.0.1:8787';
}
return $scheme . '://' . $host;
return DDPayGateway::publicBaseUrlForCallbacks($request);
}
/**
* 模拟第三方支付收银台HTML。玩家浏览器打开点击按钮即向 depositMockNotify 发起回调
* DDPay Webhook 回调:验签后把 deposit_order 更新为 paid/failed
*
* 文档要求:返回纯文本 + HTTP 200避免三方重复推送
*/
public function depositMockPayPage(Request $request): Response
public function ddpayDepositNotify(Request $request): Response
{
// Webman Request::input() 需要传 keyWebhook 签名计算只依赖文档列出的固定字段。
$payload = [
'client_id' => $request->input('client_id'),
'order_id' => $request->input('order_id'),
'transaction_status' => $request->input('transaction_status'),
'timestamp' => $request->input('timestamp'),
'transaction_amount' => $request->input('transaction_amount'),
'signature' => $request->input('signature'),
];
$verified = false;
try {
$verified = DDPayGateway::verifyWebhookSignature($payload);
} catch (Throwable $e) {
$verified = false;
}
if (!$verified) {
return response('Invalid signature', 403, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
$orderNoRaw = $payload['order_id'] ?? '';
$orderNo = is_string($orderNoRaw) ? trim($orderNoRaw) : (is_numeric($orderNoRaw) ? strval($orderNoRaw) : '');
if ($orderNo === '') {
return response('Missing order_id', 400, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
$statusRaw = $payload['transaction_status'] ?? '';
$status = is_string($statusRaw) ? strtolower(trim($statusRaw)) : '';
$order = DepositOrder::where('order_no', $orderNo)->find();
if (!$order) {
// 订单不存在通常是传参错误:直接 ack 以避免重复重试轰炸。
return response('{"status":"ok"}', 200, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
// 快照写入(不影响主流程)
try {
$snapRaw = $order->pay_account_snapshot ?? null;
$snap = null;
if (is_array($snapRaw)) {
$snap = $snapRaw;
} elseif (is_string($snapRaw) && trim($snapRaw) !== '') {
$decoded = json_decode($snapRaw, true);
if (is_array($decoded)) {
$snap = $decoded;
}
}
if (!is_array($snap)) {
$snap = [];
}
$snap['ddpay_webhook'] = $payload;
Db::name('deposit_order')
->where('id', intval(strval($order->id)))
->update([
'pay_account_snapshot' => json_encode($snap, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES),
]);
} catch (Throwable $e) {
// ignore
}
if ($this->intValue($order->status) === 0) {
if ($status === 'completed') {
try {
DepositSettlement::settle(
intval(strval($order->id)),
DepositSettlement::SOURCE_THIRD_PARTY,
'ddpay webhook completed',
null,
'transaction_status=' . $status
);
} catch (Throwable $e) {
// settlement 不允许非待支付状态时忽略
}
} elseif ($status === 'failed') {
$amtRaw = $payload['transaction_amount'] ?? null;
$amt = is_string($amtRaw) ? trim($amtRaw) : (is_numeric($amtRaw) ? strval($amtRaw) : '');
$remark = '[ddpay] transaction failed' . ($amt !== '' ? ' amount=' . $amt : '');
$remark = mb_substr($remark, 0, 255);
Db::name('deposit_order')
->where('id', intval(strval($order->id)))
->where('status', 0)
->update([
'status' => 2,
'remark' => $remark,
'update_time' => time(),
]);
}
}
return response('{"status":"ok"}', 200, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
/**
* DDPay redirect_url展示“请返回 APP 查看余额”提示。
*/
public function ddpayDepositRedirect(Request $request): Response
{
$response = $this->initializeMobile($request);
if ($response !== null) {
return $response;
}
$orderNo = $this->stringParam($request->input('order_no'));
$sign = $this->stringParam($request->input('sign'));
if ($orderNo === '' || $sign === '' || !DepositMockGateway::verifyOrderNo($orderNo, $sign)) {
return response('Invalid or expired payment link', 403, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
$order = DepositOrder::where('order_no', $orderNo)->find();
if (!$order) {
return response('Order not found', 404, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
DepositOrderExpireService::expirePendingOrders(null, $orderNo);
$order = DepositOrder::where('order_no', $orderNo)->find();
if (!$order) {
return response('Order not found', 404, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
if ($this->intValue($order->status) !== 0) {
$st = $this->mapDepositStatus($order->status);
$msg = 'Order status: ' . $st;
if ($st === 'paid') {
$msg = 'This order is already paid. You can return to the app.';
}
$msgEsc = htmlspecialchars($msg, ENT_QUOTES, 'UTF-8');
$statusRaw = $request->input('transaction_status');
$status = is_string($statusRaw) ? strtolower(trim($statusRaw)) : '';
$title = htmlspecialchars((string) __('Deposit'), ENT_QUOTES, 'UTF-8');
return response('<!doctype html><html><head><meta charset="utf-8"><title>' . $title . '</title></head><body><p>' . $msgEsc . '</p></body></html>', 200, [
'Content-Type' => 'text/html; charset=utf-8',
]);
$lang = $this->currentLang();
$isZh = str_starts_with($lang, 'zh');
$msg = $isZh ? '已收到支付,请返回 App 查看余额。' : 'Payment received. You can return to the app to check your balance.';
if ($status === 'completed') {
$msg = $isZh ? '支付已完成,建议返回 App 查看结果。' : 'Payment completed. Returning to the app is recommended.';
} elseif ($status === 'failed') {
$msg = $isZh ? '支付失败,请稍后重试。' : 'Payment failed. Please try again.';
}
$amount = $this->amountString($order->amount);
$bonus = $this->amountString($order->bonus_amount);
$noEsc = htmlspecialchars($orderNo, ENT_QUOTES, 'UTF-8');
$signEsc = htmlspecialchars($sign, ENT_QUOTES, 'UTF-8');
$payChannel = is_string($order->pay_channel) ? htmlspecialchars($order->pay_channel, ENT_QUOTES, 'UTF-8') : '';
$tMockPay = htmlspecialchars((string) __('Mock payment'), ENT_QUOTES, 'UTF-8');
$tCashier = htmlspecialchars((string) __('Mock third-party cashier'), ENT_QUOTES, 'UTF-8');
$tOrderNo = htmlspecialchars((string) __('Order No'), ENT_QUOTES, 'UTF-8');
$tPayChannel = htmlspecialchars((string) __('Pay channel'), ENT_QUOTES, 'UTF-8');
$tAmountLabel = htmlspecialchars((string) __('Amount (fiat/pricing)'), ENT_QUOTES, 'UTF-8');
$tBonus = htmlspecialchars((string) __('Bonus'), ENT_QUOTES, 'UTF-8');
$tCoin = htmlspecialchars((string) __('coin'), ENT_QUOTES, 'UTF-8');
$tHint = (string) __('Click the button below to simulate successful third-party payment; the server will callback and settle the deposit.');
$tHintEsc = htmlspecialchars($tHint, ENT_QUOTES, 'UTF-8');
$tConfirm = htmlspecialchars((string) __('Confirm payment (simulate success)'), ENT_QUOTES, 'UTF-8');
$html = '<!doctype html><html><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1"><title>' . $tMockPay . '</title></head><body style="font-family:system-ui;padding:1rem">';
$html .= '<h2>' . $tCashier . '</h2>';
$html .= '<p>' . $tOrderNo . ': ' . $noEsc . '</p>';
$html .= '<p>' . $tPayChannel . ': ' . $payChannel . '</p>';
$html .= '<p>' . $tAmountLabel . ': ' . htmlspecialchars($amount, ENT_QUOTES, 'UTF-8') . ' + ' . $tBonus . ' ' . htmlspecialchars($bonus, ENT_QUOTES, 'UTF-8') . ' (' . $tCoin . ')</p>';
$html .= '<p>' . $tHintEsc . '</p>';
$html .= '<form method="post" action="/api/finance/depositMockNotify" style="margin-top:1rem">';
$html .= '<input type="hidden" name="order_no" value="' . $noEsc . '">';
$html .= '<input type="hidden" name="sign" value="' . $signEsc . '">';
$html .= '<button type="submit" style="padding:0.5rem 1rem">' . $tConfirm . '</button>';
$html .= '</form></body></html>';
$orderNoEsc = htmlspecialchars($orderNo, ENT_QUOTES, 'UTF-8');
$msgEsc = htmlspecialchars($msg, ENT_QUOTES, 'UTF-8');
$html = '<!doctype html><html><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1"><title>DDPay</title></head><body style="font-family:system-ui;padding:1rem">';
$html .= '<h2>DDPay</h2>';
if ($orderNoEsc !== '') {
$html .= '<p>Order: ' . $orderNoEsc . '</p>';
}
$html .= '<p>' . $msgEsc . '</p>';
$html .= '</body></html>';
return response($html, 200, [
'Content-Type' => 'text/html; charset=utf-8',
@@ -343,56 +559,177 @@ class Finance extends MobileBase
}
/**
* 模拟第三方异步通知:验签后调用 DepositSettlement::settle 入账
* DDPay 出金 Webhook 回调:验签后更新 withdraw_order.status并在 failed 时进行返还余额
*
* DDPAY 文档要求:返回纯文本 + HTTP 200。
*/
public function depositMockNotify(Request $request): Response
public function ddpayPayoutNotify(Request $request): Response
{
$response = $this->initializeMobile($request);
if ($response !== null) {
return $response;
}
$orderNo = $this->stringParam($request->input('order_no'));
$sign = $this->stringParam($request->input('sign'));
if ($orderNo === '' || $sign === '') {
return $this->mobileError(1001, 'Missing parameters');
}
if (!DepositMockGateway::verifyOrderNo($orderNo, $sign)) {
return $this->mobileError(1003, 'Invalid parameter value');
}
$order = DepositOrder::where('order_no', $orderNo)->find();
if (!$order) {
return $this->mobileError(2003, 'Order does not exist');
}
DepositOrderExpireService::expirePendingOrders(null, $orderNo);
$order = DepositOrder::where('order_no', $orderNo)->find();
if (!$order) {
return $this->mobileError(2003, 'Order does not exist');
}
if ($this->intValue($order->status) !== 0) {
return $this->mobileSuccess($this->buildDepositResponse($order, null));
}
$orderId = intval(strval($order->id));
if ($orderId <= 0) {
return $this->mobileError(2000, 'Order id invalid');
}
$pc = is_string($order->pay_channel) ? $order->pay_channel : strval($order->pay_channel);
// Webhook 签名计算只依赖文档列出的固定字段
$payload = [
'client_id' => $request->input('client_id'),
'order_id' => $request->input('order_id'),
'transaction_status' => $request->input('transaction_status'),
'timestamp' => $request->input('timestamp'),
'transaction_amount' => $request->input('transaction_amount'),
'signature' => $request->input('signature'),
];
try {
$result = DepositSettlement::settle(
$orderId,
DepositSettlement::SOURCE_THIRD_PARTY,
'mock third party notify',
null,
'channel_code=' . $pc
);
$verified = DDPayGateway::verifyWebhookSignature($payload);
} catch (Throwable $e) {
return $this->mobileError(2000, (string) __($e->getMessage()));
}
$fresh = DepositOrder::where('order_no', $orderNo)->find();
if (!$fresh) {
return $this->mobileError(2000, 'Order not found after settle');
$verified = false;
}
return $this->mobileSuccess($this->buildDepositResponse($fresh, null));
if (!$verified) {
return response('Invalid signature', 403, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
$orderNoRaw = $payload['order_id'] ?? '';
$orderNo = is_string($orderNoRaw) ? trim($orderNoRaw) : (is_numeric($orderNoRaw) ? strval($orderNoRaw) : '');
if ($orderNo === '') {
return response('Missing order_id', 400, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
$statusStr = is_string($payload['transaction_status'] ?? '') ? strtolower(trim((string) $payload['transaction_status'])) : '';
$order = WithdrawOrder::where('order_no', $orderNo)->find();
if (!$order) {
// 避免无效重试轰炸:订单不存在则 ack 200
return response('{"status":"ok"}', 200, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
$now = time();
$currentStatus = $this->intValue($order->status);
if ($currentStatus !== 1) {
// 只处理“已通过待打款”状态,避免重复返还
return response('{"status":"ok"}', 200, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
if ($statusStr === 'completed') {
Db::name('withdraw_order')
->where('id', intval(strval($order->id)))
->where('status', 1)
->update([
'status' => 3,
'remark' => '[ddpay] payout completed',
'update_time' => $now,
]);
return response('{"status":"ok"}', 200, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
if ($statusStr === 'failed') {
$amount = bcadd(strval($order->amount ?? '0'), '0', 2);
if (bccomp($amount, '0', 2) <= 0) {
// 金额异常直接置失败,不做返还
Db::name('withdraw_order')
->where('id', intval(strval($order->id)))
->where('status', 1)
->update([
'status' => 2,
'remark' => '[ddpay] payout failed',
'update_time' => $now,
]);
return response('{"status":"ok"}', 200, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
$userId = intval(strval($order->user_id ?? 0));
$channelId = null;
if (isset($order->channel_id) && is_numeric(strval($order->channel_id))) {
$channelId = intval(strval($order->channel_id));
}
$idempotencyKey = 'wd_ddpay_failed_' . strval($order->order_no);
Db::startTrans();
try {
$walletExists = Db::name('user_wallet_record')
->where('idempotency_key', $idempotencyKey)
->find();
if ($walletExists) {
// 已返还过,只需更新状态
Db::name('withdraw_order')
->where('id', intval(strval($order->id)))
->where('status', 1)
->update([
'status' => 2,
'remark' => '[ddpay] payout failed (already refunded)',
'update_time' => time(),
]);
Db::commit();
return response('{"status":"ok"}', 200, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
$userRow = Db::name('user')->where('id', $userId)->find();
if (!is_array($userRow)) {
throw new RuntimeException('User not found for refund');
}
$beforeCoin = bcadd(strval($userRow['coin'] ?? '0'), '0', 2);
$afterCoin = bcadd($beforeCoin, $amount, 2);
Db::name('user')->where('id', $userId)->update([
'coin' => $afterCoin,
'total_withdraw_coin' => Db::raw('total_withdraw_coin - ' . $amount),
'update_time' => $now,
]);
Db::name('user_wallet_record')->insert([
'user_id' => $userId,
'channel_id' => $channelId,
'biz_type' => 'withdraw_refund',
'direction' => 1,
'amount' => $amount,
'balance_before' => $beforeCoin,
'balance_after' => $afterCoin,
'ref_type' => 'withdraw_order',
'ref_id' => intval(strval($order->id)),
'idempotency_key' => $idempotencyKey,
'operator_admin_id' => null,
'remark' => '[ddpay] payout failed refund',
'create_time' => $now,
]);
Db::name('withdraw_order')
->where('id', intval(strval($order->id)))
->where('status', 1)
->update([
'status' => 2,
'remark' => '[ddpay] payout failed',
'update_time' => $now,
]);
Db::commit();
} catch (Throwable $e) {
Db::rollback();
// 失败不 ack 以便三方重试;但仍需要避免无限循环
return response('Refund failed: ' . (string) $e->getMessage(), 500, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
return response('{"status":"ok"}', 200, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
// pending / other 状态:直接 ack
return response('{"status":"ok"}', 200, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
/**
@@ -491,6 +828,12 @@ class Finance extends MobileBase
$withdrawCoin = is_string($withdrawCoinRaw) ? trim($withdrawCoinRaw) : (is_numeric($withdrawCoinRaw) ? strval($withdrawCoinRaw) : '');
$receiveAccount = trim(is_string($request->post('receive_account', '')) ? $request->post('receive_account', '') : '');
$receiveType = trim(is_string($request->post('receive_type', '')) ? $request->post('receive_type', '') : '');
$receiveType = strtolower($receiveType);
// DDPAY 出金Payout所需扩展字段当前仅支持 receive_type=bank
$receiverName = trim(is_string($request->post('receiver_name', '')) ? $request->post('receiver_name', '') : '');
$bankCode = trim(is_string($request->post('bank_code', '')) ? $request->post('bank_code', '') : '');
$bankBranch = trim(is_string($request->post('bank_branch', '')) ? $request->post('bank_branch', '') : '');
$idempotencyKey = trim(is_string($request->post('idempotency_key', '')) ? $request->post('idempotency_key', '') : '');
if ($withdrawCoin === '' || $receiveAccount === '' || $receiveType === '' || $idempotencyKey === '') {
return $this->mobileError(1001, 'Missing parameters');
@@ -503,6 +846,40 @@ class Finance extends MobileBase
}
$withdrawCoin = bcadd($withdrawCoin, '0', 2);
// 按 DDPAY 文档接入:当前仅支持 bank 类型出金
if ($receiveType !== 'bank') {
return $this->mobileError(2000, 'DDPay payout integration supports receive_type=bank only');
}
if ($receiverName === '' || $bankCode === '') {
return $this->mobileError(1001, 'Missing DDPay bank payout parameters');
}
if ($bankBranch === '') {
$bankBranch = 'N/A';
}
// 映射 bank_code -> DDPAY 所需的完整银行名称(来自 financeCashier.withdraw_banks 配置)
$row = GameConfig::where('config_key', FinanceCashierConfigLib::CONFIG_KEY)->find();
$cfg = FinanceCashierConfigLib::parseFromConfigValue($row?->config_value ?? null);
$banks = is_array($cfg['withdraw_banks'] ?? null) ? $cfg['withdraw_banks'] : [];
$bankCodeNorm = strtolower(trim($bankCode));
$ddpayBankName = '';
foreach ($banks as $b) {
if (!is_array($b)) {
continue;
}
$c = isset($b['code']) && is_string($b['code']) ? strtolower(trim($b['code'])) : '';
if ($c === '' || $c !== $bankCodeNorm) {
continue;
}
$nameEn = isset($b['name_en']) && is_string($b['name_en']) ? trim($b['name_en']) : '';
$nameZh = isset($b['name_zh']) && is_string($b['name_zh']) ? trim($b['name_zh']) : '';
$ddpayBankName = $nameEn !== '' ? $nameEn : $nameZh;
break;
}
if ($ddpayBankName === '') {
return $this->mobileError(1001, 'Bank code not configured for withdrawal');
}
$user = $this->auth->getUser();
$userId = intval(strval($user->id));
@@ -598,6 +975,9 @@ class Finance extends MobileBase
'actual_amount' => $actualArrivalCoin,
'receive_type' => $receiveType,
'receive_account' => $receiveAccount,
'ddpay_receiver_name' => $receiverName,
'ddpay_bank_name' => $ddpayBankName,
'ddpay_bank_branch' => $bankBranch,
'status' => 0,
'review_admin_id' => null,
'review_time' => null,
@@ -788,30 +1168,74 @@ class Finance extends MobileBase
];
}
$banks = [];
$withdrawBanks = [];
if (isset($cfg['withdraw_banks']) && is_array($cfg['withdraw_banks'])) {
$list = $cfg['withdraw_banks'];
usort($list, function (array $a, array $b): int {
$ca = isset($a['currency_code']) && is_string($a['currency_code']) ? $a['currency_code'] : '';
$cb = isset($b['currency_code']) && is_string($b['currency_code']) ? $b['currency_code'] : '';
if ($ca !== $cb) {
return strcmp($ca, $cb);
}
$cmp = $this->sortBySortKeyOnly($a, $b);
if ($cmp !== 0) {
return $cmp;
}
$ca = isset($a['code']) && is_string($a['code']) ? $a['code'] : '';
$cb = isset($b['code']) && is_string($b['code']) ? $b['code'] : '';
$ka = isset($a['code']) && is_string($a['code']) ? $a['code'] : '';
$kb = isset($b['code']) && is_string($b['code']) ? $b['code'] : '';
return strcmp($ca, $cb);
return strcmp($ka, $kb);
});
foreach ($list as $b) {
if (!is_array($b)) {
continue;
}
$currencyCode = isset($b['currency_code']) && is_string($b['currency_code']) ? strtoupper(trim($b['currency_code'])) : '';
$code = isset($b['code']) && is_string($b['code']) ? $b['code'] : '';
if ($code === '') {
if ($currencyCode === '' || $code === '') {
continue;
}
$banks[] = [
'code' => $code,
'name' => $isZh
$withdrawBanks[] = [
'currency_code' => $currencyCode,
'code' => $code,
'name' => $isZh
? (is_string($b['name_zh'] ?? null) ? $b['name_zh'] : '')
: (is_string($b['name_en'] ?? null) ? $b['name_en'] : ''),
];
}
}
$depositBanks = [];
if (isset($cfg['deposit_banks']) && is_array($cfg['deposit_banks'])) {
$list = $cfg['deposit_banks'];
usort($list, function (array $a, array $b): int {
$ca = isset($a['currency_code']) && is_string($a['currency_code']) ? $a['currency_code'] : '';
$cb = isset($b['currency_code']) && is_string($b['currency_code']) ? $b['currency_code'] : '';
if ($ca !== $cb) {
return strcmp($ca, $cb);
}
$cmp = $this->sortBySortKeyOnly($a, $b);
if ($cmp !== 0) {
return $cmp;
}
$ka = isset($a['code']) && is_string($a['code']) ? $a['code'] : '';
$kb = isset($b['code']) && is_string($b['code']) ? $b['code'] : '';
return strcmp($ka, $kb);
});
foreach ($list as $b) {
if (!is_array($b)) {
continue;
}
$currencyCode = isset($b['currency_code']) && is_string($b['currency_code']) ? strtoupper(trim($b['currency_code'])) : '';
$code = isset($b['code']) && is_string($b['code']) ? $b['code'] : '';
if ($currencyCode === '' || $code === '') {
continue;
}
$depositBanks[] = [
'currency_code' => $currencyCode,
'code' => $code,
'name' => $isZh
? (is_string($b['name_zh'] ?? null) ? $b['name_zh'] : '')
: (is_string($b['name_en'] ?? null) ? $b['name_en'] : ''),
];
@@ -825,12 +1249,6 @@ class Finance extends MobileBase
$wc = $cfg['withdraw_copy'] ?? [];
$rateMode = is_array($wc) && isset($wc['rate_mode']) && is_string($wc['rate_mode']) ? $wc['rate_mode'] : 'fixed';
$wf = $cfg['withdraw_fields'] ?? [];
$reqCard = is_array($wf) && !empty($wf['require_cardholder']);
$reqAcct = is_array($wf) && !empty($wf['require_bank_account']);
$reqMail = is_array($wf) && !empty($wf['require_email']);
$reqMob = is_array($wf) && !empty($wf['require_mobile']);
$payChannels = [];
$effectiveCh = DepositChannelLib::effectiveRowsFromDb();
$regCh = DepositChannelLib::codeRegistry();
@@ -874,8 +1292,11 @@ class Finance extends MobileBase
'currencies' => $currencies,
'rates' => $rates,
'pay_channels' => $payChannels,
'deposit' => [
'banks' => $depositBanks,
],
'withdraw' => [
'banks' => $banks,
'banks' => $withdrawBanks,
'min_ewallet' => $minEw,
'min_bank' => $minBk,
'rate_hint' => $isZh
@@ -888,11 +1309,13 @@ class Finance extends MobileBase
? (is_array($wc) && is_string($wc['fee_note_zh'] ?? null) ? $wc['fee_note_zh'] : '')
: (is_array($wc) && is_string($wc['fee_note_en'] ?? null) ? $wc['fee_note_en'] : ''),
'rate_mode' => $rateMode,
// 与 DDPay 出金及 withdrawCreate 一致,不由后台开关配置
'fields' => [
'require_cardholder' => $reqCard,
'require_bank_account' => $reqAcct,
'require_email' => $reqMail,
'require_mobile' => $reqMob,
'receive_type_bank_only' => true,
'require_receiver_name' => true,
'require_receive_account' => true,
'require_bank_code' => true,
'require_bank_branch' => false,
],
],
]);

8
app/api/lang/en.php
View File

@@ -47,6 +47,14 @@ return [
'Withdraw exceeds available bet flow' => 'The withdraw amount exceeds the available bet-flow quota',
'Too many pending deposit orders' => 'You already have multiple pending deposit orders, please complete payment first or wait for timeout',
'Too many pending withdraw orders' => 'You already have withdraw orders under review, please wait for them to be processed',
'Missing DDPay parameters' => 'Missing DDPay parameters',
'DDPay payout integration supports receive_type=bank only' => 'DDPay payout integration currently supports receive_type=bank only',
'Missing DDPay bank payout parameters' => 'Missing DDPay bank payout parameters',
'Bank code not configured for withdrawal' => 'The bank code is not configured for withdrawal',
'Pay channel not available' => 'The payment channel is not available',
'Pay channel not available for this currency' => 'The payment channel is not available for this currency',
'DDPay deposit initiation failed' => 'DDPay deposit initiation failed',
'Deposit only supports DDPay' => 'Only DDPay deposits are supported (channel_code must be ddpay)',
// Member center account
'Data updated successfully~' => 'Data updated successfully~',
'Password has been changed~' => 'Password has been changed~',

8
app/api/lang/zh-cn.php
View File

@@ -79,6 +79,14 @@ return [
'Withdraw exceeds available bet flow' => '提现金额超出可提现额度',
'Too many pending deposit orders' => '存在多笔待支付充值订单,请先完成支付或等待超时',
'Too many pending withdraw orders' => '用户当前存在多笔提现订单,请等待审核',
'Missing DDPay parameters' => '缺少 DDPay 支付参数',
'DDPay payout integration supports receive_type=bank only' => 'DDPay 出金当前仅支持 bank 收款类型',
'Missing DDPay bank payout parameters' => '缺少 DDPay 银行出金参数',
'Bank code not configured for withdrawal' => '提现银行代码未在系统配置中维护',
'Pay channel not available' => '该支付渠道不可用',
'Pay channel not available for this currency' => '当前币种不支持该支付渠道',
'DDPay deposit initiation failed' => 'DDPay 充值发起失败',
'Deposit only supports DDPay' => '仅支持 DDPay 充值channel_code 须为 ddpay',
// 会员中心 account
'Data updated successfully~' => '资料更新成功~',
'Password has been changed~' => '密码已修改~',

15
app/common/lang/en/admin_rule_title.php
View File

@@ -62,6 +62,7 @@ return [
'游戏对局' => 'Game rounds',
'游戏对局记录' => 'Game records',
'游戏实时对局' => 'Game live',
'游玩记录' => 'Play records',
'压注订单' => 'Bet orders',
'充值订单' => 'Deposit orders',
'提现订单' => 'Withdraw orders',
@@ -91,6 +92,20 @@ return [
'管理员钱包流水' => 'Admin wallet records',
'一键批量结算待结算渠道' => 'Batch settle pending channels',
'渠道结算统计' => 'Channel settlement statistics',
'推送配置' => 'Push configuration',
'连接服务器websocket' => 'Connect WebSocket server',
'连接配置' => 'Connection settings',
'数据快照' => 'Data snapshot',
'运行开关' => 'Runtime switch',
'预约开奖' => 'Schedule draw',
'作废本局' => 'Void round',
'计算盈亏' => 'Calculate P/L',
'档位查看' => 'View tiers',
'档位保存' => 'Save tiers',
'详情' => 'Detail',
'审核' => 'Review',
'通过' => 'Approve',
'拒绝' => 'Reject',
// 演示/运营公告标题(若入库为菜单展示)
'系统维护通知(演示)' => 'Maintenance notice (demo)',

348
app/common/library/finance/DDPayGateway.php Normal file
View File

@@ -0,0 +1,348 @@
<?php
declare(strict_types=1);
namespace app\common\library\finance;
use InvalidArgumentException;
use RuntimeException;
use Webman\Http\Request;
/**
* DDPay 支付网关接入(基于文档 v1.1.3/1.1.x
* - MD5 签名key-value 按 ASCII 升序拼接 + 追加 &key=API_SECRET
* - 发送 HTTPS POSTapplication/json
* - 支持入金Deposit与回调通知Webhook
*
* 注意:生产环境需在 config/app.php 或环境变量中配置 DDPAY_*。
*/
final class DDPayGateway
{
private const SIGNATURE_FIELD = 'signature';
private const SECRET_KEY_PARAM = 'key';
/**
* 入金/出金回调 URL 使用的公网根地址(无尾部斜杠)。
* 优先 `DDPAY_PUBLIC_BASE_URL`(见 config/app.php未配置时按请求头推导生产务必配置 HTTPS 公网地址,与 DDPay 文档一致)。
*/
public static function publicBaseUrlForCallbacks(?Request $request = null): string
{
$cfg = config('app.ddpay_public_base_url', '');
if (is_string($cfg) && trim($cfg) !== '') {
return rtrim(trim($cfg), '/');
}
if ($request === null) {
return '';
}
$proto = strtolower((string) $request->header('x-forwarded-proto', ''));
$https = $proto === 'https' || strtolower((string) $request->header('x-forwarded-ssl', '')) === 'on';
$scheme = $https ? 'https' : 'http';
$host = trim((string) $request->header('host', ''));
if ($host === '') {
$host = trim((string) ($request->header('x-forwarded-host', '')));
}
if ($host === '') {
$host = '127.0.0.1:8787';
}
return $scheme . '://' . $host;
}
/**
* @return array<string, mixed>
*/
public static function depositInitiation(array $params): array
{
$endpoint = self::requireConfig('ddpay_deposit_init_url');
$apiSecret = self::requireConfig('ddpay_api_secret');
$req = $params;
if (isset($req[self::SIGNATURE_FIELD])) {
unset($req[self::SIGNATURE_FIELD]);
}
$req[self::SIGNATURE_FIELD] = self::computeSignature($req, $apiSecret);
$resp = self::postJson($endpoint, $req);
// 按文档:响应签名需使用同方法校验(字段名 signature
if (array_key_exists(self::SIGNATURE_FIELD, $resp)) {
$sig = is_string($resp[self::SIGNATURE_FIELD]) ? $resp[self::SIGNATURE_FIELD] : '';
if ($sig !== '') {
$respForSign = $resp;
unset($respForSign[self::SIGNATURE_FIELD]);
$expected = self::computeSignature($respForSign, $apiSecret);
if (!hash_equals($expected, $sig)) {
throw new RuntimeException('DDPay response signature mismatch');
}
}
}
$statusCode = self::intValue($resp['status_code'] ?? 0);
if ($statusCode !== 0) {
$msg = is_string($resp['status_message'] ?? null) ? $resp['status_message'] : 'DDPay deposit initiation failed';
throw new RuntimeException($msg);
}
return $resp;
}
/**
* 出金发起Payout Initiation
*
* @param array<string, mixed> $params
* @return array<string, mixed>
*/
public static function payoutInitiation(array $params): array
{
$endpoint = self::requireConfig('ddpay_payout_init_url');
$apiSecret = self::requireConfig('ddpay_api_secret');
$req = $params;
if (isset($req[self::SIGNATURE_FIELD])) {
unset($req[self::SIGNATURE_FIELD]);
}
$req[self::SIGNATURE_FIELD] = self::computeSignature($req, $apiSecret);
$resp = self::postJson($endpoint, $req);
// 按文档:响应签名需使用同方法校验(字段名 signature
if (array_key_exists(self::SIGNATURE_FIELD, $resp)) {
$sig = is_string($resp[self::SIGNATURE_FIELD]) ? $resp[self::SIGNATURE_FIELD] : '';
if ($sig !== '') {
$respForSign = $resp;
unset($respForSign[self::SIGNATURE_FIELD]);
$expected = self::computeSignature($respForSign, $apiSecret);
if (!hash_equals($expected, $sig)) {
throw new RuntimeException('DDPay response signature mismatch');
}
}
}
$statusCode = self::intValue($resp['status_code'] ?? 0);
if ($statusCode !== 0) {
$msg = is_string($resp['status_message'] ?? null) ? $resp['status_message'] : 'DDPay payout initiation failed';
throw new RuntimeException($msg);
}
return $resp;
}
/**
* 出金状态查询Payout Status Inquiry
*
* @param array<string, mixed> $params
* @return array<string, mixed>
*/
public static function payoutStatusInquiry(array $params): array
{
$endpoint = self::requireConfig('ddpay_payout_status_url');
$apiSecret = self::requireConfig('ddpay_api_secret');
$req = $params;
if (isset($req[self::SIGNATURE_FIELD])) {
unset($req[self::SIGNATURE_FIELD]);
}
$req[self::SIGNATURE_FIELD] = self::computeSignature($req, $apiSecret);
$resp = self::postJson($endpoint, $req);
if (array_key_exists(self::SIGNATURE_FIELD, $resp)) {
$sig = is_string($resp[self::SIGNATURE_FIELD]) ? $resp[self::SIGNATURE_FIELD] : '';
if ($sig !== '') {
$respForSign = $resp;
unset($respForSign[self::SIGNATURE_FIELD]);
$expected = self::computeSignature($respForSign, $apiSecret);
if (!hash_equals($expected, $sig)) {
throw new RuntimeException('DDPay response signature mismatch');
}
}
}
$statusCode = self::intValue($resp['status_code'] ?? 0);
if ($statusCode !== 0) {
$msg = is_string($resp['status_message'] ?? null) ? $resp['status_message'] : 'DDPay payout status inquiry failed';
throw new RuntimeException($msg);
}
return $resp;
}
/**
* 校验 DDPay Webhook 通知签名。
*
* @param array<string, mixed> $payload
*/
public static function verifyWebhookSignature(array $payload): bool
{
$apiSecret = self::requireConfig('ddpay_api_secret');
$sigRaw = $payload[self::SIGNATURE_FIELD] ?? '';
$sig = is_string($sigRaw) ? trim($sigRaw) : '';
if ($sig === '') {
return false;
}
$payloadForSign = $payload;
unset($payloadForSign[self::SIGNATURE_FIELD]);
$expected = self::computeSignature($payloadForSign, $apiSecret);
return hash_equals($expected, $sig);
}
/**
* @param array<string, mixed> $params
*/
private static function computeSignature(array $params, string $apiSecret): string
{
// 1) 排除 signature & 空值/null
$filtered = [];
foreach ($params as $k => $v) {
if (!is_string($k) || $k === '') {
continue;
}
if ($k === self::SIGNATURE_FIELD) {
continue;
}
if ($v === null) {
continue;
}
if (is_string($v) && trim($v) === '') {
continue;
}
if (is_bool($v)) {
$filtered[$k] = $v ? 'true' : 'false';
continue;
}
if (is_int($v) || is_float($v) || is_numeric($v)) {
$filtered[$k] = strval($v);
continue;
}
if (is_string($v)) {
$filtered[$k] = trim($v);
continue;
}
// 数组/对象等不应参与签名;忽略它们
if (is_array($v) || is_object($v)) {
continue;
}
$filtered[$k] = strval($v);
}
// 2) 按 ASCII 升序排序 key
ksort($filtered, SORT_STRING);
// 3) 拼接 key=value用 & 连接
$pairs = [];
foreach ($filtered as $k => $v) {
$pairs[] = $k . '=' . $v;
}
// 4) 追加 &key=API_SECRET
$base = implode('&', $pairs);
$signStr = $base . '&' . self::SECRET_KEY_PARAM . '=' . $apiSecret;
// 5) MD5 小写
$hash = md5($signStr);
return is_string($hash) ? strtolower($hash) : '';
}
/**
* @param array<string, mixed> $payload
* @return array<string, mixed>
*/
private static function postJson(string $url, array $payload): array
{
if (!function_exists('curl_init')) {
throw new RuntimeException('curl extension is required for DDPayGateway');
}
$body = json_encode($payload, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
if (!is_string($body) || $body === '') {
throw new RuntimeException('DDPay request body encode failed');
}
$ch = curl_init($url);
if ($ch === false) {
throw new RuntimeException('DDPay curl_init failed');
}
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'Content-Type: application/json; charset=utf-8',
'Accept: application/json',
]);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
$respBody = curl_exec($ch);
$errno = curl_errno($ch);
$httpCode = curl_getinfo($ch, CURLINFO_RESPONSE_CODE);
curl_close($ch);
if ($respBody === false) {
throw new RuntimeException('DDPay request failed: ' . ($errno > 0 ? 'curl_' . strval($errno) : 'unknown'));
}
if (!is_numeric($httpCode)) {
throw new RuntimeException('DDPay request http code invalid');
}
$httpCodeInt = intval(strval($httpCode));
if ($httpCodeInt < 200 || $httpCodeInt >= 300) {
$snippet = '';
if (is_string($respBody)) {
$snippet = trim($respBody);
if (mb_strlen($snippet) > 400) {
$snippet = mb_substr($snippet, 0, 400) . '...';
}
}
$suffix = $snippet !== '' ? (' body=' . $snippet) : '';
throw new RuntimeException('DDPay request http failed, http_code=' . strval($httpCodeInt) . $suffix);
}
$decoded = json_decode(is_string($respBody) ? $respBody : '', true);
if (!is_array($decoded)) {
throw new RuntimeException('DDPay response decode failed');
}
return $decoded;
}
/**
* @return mixed
*/
private static function requireConfig(string $key): mixed
{
$v = config('app.' . $key, '');
if (!is_string($v)) {
return '';
}
$s = trim($v);
if ($s === '') {
throw new InvalidArgumentException('Missing config: app.' . $key);
}
return $s;
}
/**
* @param mixed $v
*/
private static function intValue(mixed $v): int
{
if (is_int($v)) {
return $v;
}
if (is_string($v) && $v !== '') {
$n = filter_var($v, FILTER_VALIDATE_INT);
return $n === false ? 0 : intval(strval($n));
}
if (is_numeric($v)) {
$n = filter_var($v, FILTER_VALIDATE_INT);
return $n === false ? 0 : intval(strval($n));
}
return 0;
}
}

71
app/common/library/finance/DepositMockGateway.php
View File

@@ -1,71 +0,0 @@
<?php
declare(strict_types=1);
namespace app\common\library\finance;
/**
* 模拟第三方支付HMAC 签名的收银台地址 + 回调验签,便于未来替换为真实网关仅改 URL/验签实现。
*/
final class DepositMockGateway
{
/**
* 优先读取环境变量 DEPOSIT_MOCK_HMAC_KEY其次 config('app.deposit_mock_hmac_key'),再使用开发默认值(生产环境务必设置 env
*/
public static function hmacKey(): string
{
$raw = getenv('DEPOSIT_MOCK_HMAC_KEY');
if (is_string($raw) && trim($raw) !== '') {
return trim($raw);
}
$cfg = config('app.deposit_mock_hmac_key', '');
if (is_string($cfg) && $cfg !== '') {
return $cfg;
}
return 'webman-dfw-deposit-mock-dev-key-set-DEPOSIT_MOCK_HMAC_KEY-in-prod';
}
public static function signOrderNo(string $orderNo): string
{
if ($orderNo === '') {
return '';
}
return hash_hmac('sha256', $orderNo, self::hmacKey());
}
public static function verifyOrderNo(string $orderNo, string $sign): bool
{
if ($orderNo === '' || $sign === '') {
return false;
}
$e = self::signOrderNo($orderNo);
if ($e === '') {
return false;
}
return hash_equals($e, $sign);
}
/**
* 玩家浏览器打开的「第三方收银台」地址(本项目中为简单 HTML 模拟页,点击后向 notify 发起 POST 完成入账)。
*
* @param string|null $publicOrigin 如 https://api.example.com为 null 时只返回以 / 开头的 path+query由客户端与 API 域名拼接
*/
public static function payPageUrl(string $orderNo, ?string $publicOrigin = null): string
{
$sign = self::signOrderNo($orderNo);
$q = http_build_query([
'order_no' => $orderNo,
'sign' => $sign,
]);
$path = '/api/finance/depositMockPayPage?' . $q;
if ($publicOrigin === null) {
return $path;
}
$base = rtrim($publicOrigin, '/');
return $base . $path;
}
}

89
app/common/library/game/DepositChannel.php
View File

@@ -10,9 +10,9 @@ use support\think\Db;
/**
* 充值支付渠道:优先读取 game_config.finance_cashier.channels无此键时回退 game_config.deposit_channel迁移期镜像
*
* 每项code须在代码/环境注册表内、sort、status(0/1)。
* 每项code须在代码/环境注册表内、sort、status(0/1)。**代码注册表当前仅内置 `ddpay`**DDPay 网关)。
*
* 渠道展示名以代码注册表为准;运营只配置开关排序,默认兼容全部充值档位。
* 渠道展示名以代码注册表为准;运营只配置开关排序与支持币种,默认兼容全部充值档位。
*/
final class DepositChannel
{
@@ -23,8 +23,9 @@ final class DepositChannel
*/
public static function codeRegistry(): array
{
// 仅保留 DDPay充值/回调只走网关文档约定,不再提供模拟或其它渠道码
$base = [
'directpay' => ['name' => 'DirectPay', 'name_en' => 'DirectPay', 'sort' => 10],
'ddpay' => ['name' => 'DDPay', 'name_en' => 'DDPay', 'sort' => 10],
];
$extra = self::registryFromEnv();
foreach ($extra as $code => $meta) {
@@ -150,17 +151,55 @@ final class DepositChannel
$sort = isset($row['sort']) && is_numeric($row['sort']) ? intval($row['sort']) : 0;
$status = isset($row['status']) && is_numeric($row['status']) ? intval($row['status']) : 1;
$status = $status === 1 ? 1 : 0;
$currencyCodes = null;
if (array_key_exists('currency_codes', $row)) {
if (is_array($row['currency_codes'])) {
$currencyCodes = self::normalizeCurrencyCodes($row['currency_codes']);
} else {
$currencyCodes = null;
}
}
$out[] = [
'code' => $code,
'sort' => $sort,
'status' => $status,
'tier_ids' => [],
// null 表示“兼容全部充值币种”(历史配置默认行为)
// 空数组 [] 表示“不支持任何充值币种”(运营可用作显式禁用某币种)
'currency_codes' => $currencyCodes,
];
}
return $out;
}
/**
* 归一化为小写/去空并返回大写币种码列表(允许为空数组)。
*
* @param mixed $raw
* @return list<string>
*/
private static function normalizeCurrencyCodes(mixed $raw): array
{
if (!is_array($raw)) {
return [];
}
$out = [];
foreach ($raw as $c) {
if (!is_string($c) && !is_numeric($c)) {
continue;
}
$s = is_string($c) ? trim($c) : strval($c);
$s = strtoupper($s);
if (!preg_match('/^[A-Z0-9]{2,12}$/', $s)) {
continue;
}
$out[] = $s;
}
$out = array_values(array_unique($out));
return $out;
}
/**
* 合并注册表与运营覆盖;若库中无覆盖则对注册表内全部渠道启用默认行
*
@@ -187,6 +226,7 @@ final class DepositChannel
'sort' => $sortVal,
'status' => 1,
'tier_ids' => [],
'currency_codes' => null, // 默认兼容全部币种(历史行为)
];
}
}
@@ -235,7 +275,7 @@ final class DepositChannel
*
* @return list<array{code: string, name: string, sort: int}>
*/
public static function channelsForTier(string $tierId, array $overrideRows, string $lang): array
public static function channelsForTier(string $tierId, array $overrideRows, string $lang, string $fiatCurrencyCode = ''): array
{
$registry = self::codeRegistry();
$out = [];
@@ -247,6 +287,9 @@ final class DepositChannel
if (!isset($registry[$code])) {
continue;
}
if ($fiatCurrencyCode !== '' && !self::isCurrencyAllowedForRow($row, $fiatCurrencyCode)) {
continue;
}
$meta = $registry[$code];
$name = self::pickLangName($meta, $lang);
$sortRaw = $row['sort'] ?? 0;
@@ -268,6 +311,27 @@ final class DepositChannel
return $out;
}
private static function isCurrencyAllowedForRow(array $row, string $fiatCurrencyCode): bool
{
$normCurrency = strtoupper(trim($fiatCurrencyCode));
if ($normCurrency === '') {
return true;
}
$cc = $row['currency_codes'] ?? null;
if ($cc === null) {
// 历史/默认配置:不填则表示兼容全部币种
return true;
}
if (!is_array($cc)) {
return true;
}
// 显式空数组:不支持任何币种
if ($cc === []) {
return false;
}
return in_array($normCurrency, $cc, true);
}
/**
* @param array<string, string> $meta
*/
@@ -300,6 +364,22 @@ final class DepositChannel
return self::isTierAllowed($row, $tierId);
}
/**
* @param array<array{code: string, sort: int, status: int, tier_ids: list<string>, currency_codes: (list<string>|null)}> $effectiveRows
*/
public static function assertChannelAllowsCurrency(string $channelCode, string $fiatCurrencyCode, array $effectiveRows): bool
{
$row = self::findMergedByCode($effectiveRows, $channelCode);
if ($row === null) {
return false;
}
if (($row['status'] ?? 0) !== 1) {
return false;
}
return self::isCurrencyAllowedForRow($row, $fiatCurrencyCode);
}
/**
* @param list<array{code: string, sort: int, status: int, tier_ids: list<string>}> $effectiveRows
*
@@ -399,6 +479,7 @@ final class DepositChannel
'sort' => $sortDefault,
'status' => 1,
'tier_ids' => [],
'currency_codes' => null,
];
}
usort($items, static function (array $a, array $b): int {

176
app/common/library/game/FinanceCashierConfig.php
View File

@@ -37,24 +37,23 @@ final class FinanceCashierConfig
'withdraw_coins_per_fiat' => '100',
],
[
'code' => 'VND',
'label_zh' => '越南盾',
'label_en' => 'Vietnamese Dong',
'code' => 'THB',
'label_zh' => '泰铢',
'label_en' => 'Thai Baht',
'sort' => 20,
'deposit_coins_per_fiat' => '10',
'withdraw_coins_per_fiat' => '10',
],
[
'code' => 'USDT',
'label_zh' => 'USDT',
'label_en' => 'USDT',
'sort' => 30,
'deposit_coins_per_fiat' => '1',
'withdraw_coins_per_fiat' => '1',
'deposit_coins_per_fiat' => '100',
'withdraw_coins_per_fiat' => '100',
],
],
'deposit_banks' => [
['currency_code' => 'MYR', 'code' => 'pbb', 'name_zh' => 'Public Bank', 'name_en' => 'Public Bank', 'sort' => 10],
['currency_code' => 'MYR', 'code' => 'mbb', 'name_zh' => 'Maybank2U', 'name_en' => 'Maybank2U', 'sort' => 20],
['currency_code' => 'THB', 'code' => '106', 'name_zh' => 'BANGKOK BANK PUBLIC COMPANY LTD.', 'name_en' => 'BANGKOK BANK PUBLIC COMPANY LTD.', 'sort' => 10],
['currency_code' => 'THB', 'code' => '107', 'name_zh' => 'KASIKORNBANK PUBLIC COMPANY LIMITED', 'name_en' => 'KASIKORNBANK PUBLIC COMPANY LIMITED', 'sort' => 20],
],
'withdraw_banks' => [
['code' => 'agrobank', 'name_zh' => 'Agrobank', 'name_en' => 'Agrobank', 'sort' => 10],
['currency_code' => 'MYR', 'code' => 'pbb', 'name_zh' => 'Public Bank', 'name_en' => 'Public Bank', 'sort' => 10],
['currency_code' => 'MYR', 'code' => 'mbb', 'name_zh' => 'Maybank2U', 'name_en' => 'Maybank2U', 'sort' => 20],
],
'withdraw_limits' => [
'min_ewallet' => '10',
@@ -69,12 +68,6 @@ final class FinanceCashierConfig
'fee_note_en' => 'A minimum RM 1 handling fee may apply for withdrawals between RM 10 and RM 99.99.',
'rate_mode' => 'fixed',
],
'withdraw_fields' => [
'require_cardholder' => true,
'require_bank_account' => true,
'require_email' => true,
'require_mobile' => true,
],
'channels' => [],
];
}
@@ -99,7 +92,7 @@ final class FinanceCashierConfig
if (isset($decoded['rates']) && is_array($decoded['rates'])) {
$legacyRates = array_values($decoded['rates']);
}
foreach (['currencies', 'withdraw_banks', 'channels'] as $listKey) {
foreach (['currencies', 'deposit_banks', 'withdraw_banks', 'channels'] as $listKey) {
if (isset($decoded[$listKey]) && is_array($decoded[$listKey])) {
$out[$listKey] = array_values($decoded[$listKey]);
}
@@ -110,9 +103,6 @@ final class FinanceCashierConfig
if (isset($decoded['withdraw_copy']) && is_array($decoded['withdraw_copy'])) {
$out['withdraw_copy'] = array_replace($out['withdraw_copy'], array_intersect_key($decoded['withdraw_copy'], $out['withdraw_copy']));
}
if (isset($decoded['withdraw_fields']) && is_array($decoded['withdraw_fields'])) {
$out['withdraw_fields'] = array_replace($out['withdraw_fields'], array_intersect_key($decoded['withdraw_fields'], $out['withdraw_fields']));
}
return self::normalizePayload($out, $legacyRates);
}
@@ -208,33 +198,12 @@ final class FinanceCashierConfig
return strcmp($ca, $cb);
});
if (isset($out['withdraw_banks']) && is_array($out['withdraw_banks'])) {
foreach ($out['withdraw_banks'] as $i => $row) {
if (!is_array($row)) {
unset($out['withdraw_banks'][$i]);
continue;
}
$code = isset($row['code']) && is_string($row['code']) ? strtolower(trim($row['code'])) : '';
$out['withdraw_banks'][$i] = [
'code' => $code,
'name_zh' => isset($row['name_zh']) && is_string($row['name_zh']) ? trim($row['name_zh']) : '',
'name_en' => isset($row['name_en']) && is_string($row['name_en']) ? trim($row['name_en']) : '',
'sort' => self::normalizeSort($row['sort'] ?? 0),
];
}
$out['withdraw_banks'] = array_values(array_filter($out['withdraw_banks'], static fn ($r) => is_array($r) && $r['code'] !== ''));
usort($out['withdraw_banks'], static function (array $a, array $b): int {
$sa = $a['sort'] ?? 0;
$sb = $b['sort'] ?? 0;
if ($sa !== $sb) {
return $sa <=> $sb;
}
$ca = $a['code'] ?? '';
$cb = $b['code'] ?? '';
return strcmp($ca, $cb);
});
}
$out['deposit_banks'] = self::normalizeBanksByCurrency(
isset($out['deposit_banks']) && is_array($out['deposit_banks']) ? $out['deposit_banks'] : []
);
$out['withdraw_banks'] = self::normalizeBanksByCurrency(
isset($out['withdraw_banks']) && is_array($out['withdraw_banks']) ? $out['withdraw_banks'] : []
);
if (isset($out['withdraw_limits']) && is_array($out['withdraw_limits'])) {
$wl = array_replace($defaults['withdraw_limits'], $out['withdraw_limits']);
foreach (['min_ewallet', 'min_bank'] as $k) {
@@ -257,13 +226,6 @@ final class FinanceCashierConfig
}
$out['withdraw_copy']['rate_mode'] = $mode;
}
if (isset($out['withdraw_fields']) && is_array($out['withdraw_fields'])) {
$wf = array_replace($defaults['withdraw_fields'], array_intersect_key($out['withdraw_fields'], $defaults['withdraw_fields']));
foreach (array_keys($defaults['withdraw_fields']) as $fk) {
$wf[$fk] = !empty($wf[$fk]);
}
$out['withdraw_fields'] = $wf;
}
if (isset($out['channels']) && is_array($out['channels'])) {
$out['channels'] = DepositChannel::normalizeOverrides(array_values($out['channels']));
} else {
@@ -280,6 +242,8 @@ final class FinanceCashierConfig
});
unset($out['fx_pairs']);
// 历史 JSON 可能含 withdraw_fields已废弃不再落库与返回给后台表单
unset($out['withdraw_fields']);
return $out;
}
@@ -322,6 +286,57 @@ final class FinanceCashierConfig
return 0;
}
/**
* @param list<mixed> $rows
* @return list<array{currency_code: string, code: string, name_zh: string, name_en: string, sort: int}>
*/
private static function normalizeBanksByCurrency(array $rows): array
{
$out = [];
foreach ($rows as $row) {
if (!is_array($row)) {
continue;
}
$currencyCode = isset($row['currency_code']) && is_string($row['currency_code']) ? strtoupper(trim($row['currency_code'])) : '';
if ($currencyCode === '') {
$currencyCode = 'MYR';
}
$codeRaw = $row['code'] ?? '';
$code = '';
if (is_string($codeRaw)) {
$code = strtolower(trim($codeRaw));
} elseif (is_numeric($codeRaw)) {
$code = strtolower(trim(strval($codeRaw)));
}
$out[] = [
'currency_code' => $currencyCode,
'code' => $code,
'name_zh' => isset($row['name_zh']) && is_string($row['name_zh']) ? trim($row['name_zh']) : '',
'name_en' => isset($row['name_en']) && is_string($row['name_en']) ? trim($row['name_en']) : '',
'sort' => self::normalizeSort($row['sort'] ?? 0),
];
}
$out = array_values(array_filter($out, static fn ($r) => is_array($r) && $r['currency_code'] !== '' && $r['code'] !== ''));
usort($out, static function (array $a, array $b): int {
$ca = isset($a['currency_code']) && is_string($a['currency_code']) ? $a['currency_code'] : '';
$cb = isset($b['currency_code']) && is_string($b['currency_code']) ? $b['currency_code'] : '';
if ($ca !== $cb) {
return strcmp($ca, $cb);
}
$sa = isset($a['sort']) && is_numeric($a['sort']) ? intval(strval($a['sort'])) : 0;
$sb = isset($b['sort']) && is_numeric($b['sort']) ? intval(strval($b['sort'])) : 0;
if ($sa !== $sb) {
return $sa <=> $sb;
}
$ka = isset($a['code']) && is_string($a['code']) ? $a['code'] : '';
$kb = isset($b['code']) && is_string($b['code']) ? $b['code'] : '';
return strcmp($ka, $kb);
});
return $out;
}
/**
* @param array<string, mixed> $p
*/
@@ -360,20 +375,57 @@ final class FinanceCashierConfig
throw new InvalidArgumentException('Withdraw rate must be a number greater than 0');
}
}
if (isset($p['withdraw_banks']) && is_array($p['withdraw_banks'])) {
// 校验 deposit channels 的币种白名单currency_codes 仅允许来自 currencies
if (isset($p['channels']) && is_array($p['channels'])) {
foreach ($p['channels'] as $row) {
if (!is_array($row)) {
continue;
}
$status = isset($row['status']) && is_numeric($row['status']) ? intval($row['status']) : 0;
$cc = array_key_exists('currency_codes', $row) ? ($row['currency_codes'] ?? null) : null;
if ($cc === null) {
continue; // null => 兼容全部币种(历史配置默认行为)
}
if (!is_array($cc)) {
throw new InvalidArgumentException('Channel currency_codes format error');
}
if ($status === 1 && $cc === []) {
throw new InvalidArgumentException('Enabled channel currency_codes can not be empty');
}
foreach ($cc as $c) {
if (!is_string($c) || !preg_match('/^[A-Z0-9]{2,12}$/', $c)) {
throw new InvalidArgumentException('Channel currency_codes contains invalid currency code');
}
if (!isset($seenCodes[$c])) {
throw new InvalidArgumentException('Channel currency_codes contains currency not configured');
}
}
}
}
foreach (['deposit_banks', 'withdraw_banks'] as $bankKey) {
if (!isset($p[$bankKey]) || !is_array($p[$bankKey])) {
continue;
}
$seen = [];
foreach ($p['withdraw_banks'] as $idx => $row) {
foreach ($p[$bankKey] as $row) {
if (!is_array($row)) {
throw new InvalidArgumentException('Bank row format error');
}
$currencyCode = $row['currency_code'] ?? '';
if (!is_string($currencyCode) || !isset($seenCodes[$currencyCode])) {
throw new InvalidArgumentException('Bank currency_code is invalid');
}
$code = $row['code'] ?? '';
if (!is_string($code) || !preg_match('/^[a-z0-9][a-z0-9_\-]{0,31}$/', $code)) {
throw new InvalidArgumentException('Bank code is invalid');
}
if (isset($seen[$code])) {
$uniq = $currencyCode . '|' . $code;
if (isset($seen[$uniq])) {
throw new InvalidArgumentException('Duplicate bank code');
}
$seen[$code] = true;
$seen[$uniq] = true;
}
}
if (isset($p['withdraw_limits']) && is_array($p['withdraw_limits'])) {

232
app/common/middleware/InterfaceRequestLog.php Normal file
View File

@@ -0,0 +1,232 @@
<?php
declare(strict_types=1);
namespace app\common\middleware;
use support\Log;
use Throwable;
use Webman\Http\Request;
use Webman\Http\Response;
use Webman\MiddlewareInterface;
/**
* 接口调用日志中间件
*
* 目标:
* - 统一记录接口调用(请求 + 响应)
* - 成功记录返回参数
* - 失败记录失败原因
*/
class InterfaceRequestLog implements MiddlewareInterface
{
/**
* 仅记录接口路由(避免静态资源噪音)
*/
private const API_PATH_PREFIXES = ['api/', 'admin/'];
/**
* 需要脱敏的字段名(不区分大小写)
*/
private const SENSITIVE_KEYS = [
'password',
'oldpassword',
'newpassword',
'token',
'user-token',
'user_token',
'auth-token',
'auth_token',
'refresh_token',
'secret',
'signature',
'sign',
];
public function process(Request $request, callable $handler): Response
{
$path = trim($request->path(), '/');
if (!$this->shouldLogPath($path)) {
return $handler($request);
}
$start = microtime(true);
$requestPayload = $this->buildRequestPayload($request);
try {
$response = $handler($request);
} catch (Throwable $e) {
$costMs = $this->costMs($start);
Log::error('[InterfaceRequestLog] ' . $this->encodeJson([
'path' => '/' . $path,
'method' => strtoupper($request->method()),
'ip' => $request->getRealIp(),
'cost_ms' => $costMs,
'request' => $requestPayload,
'success' => false,
'fail_reason' => $e->getMessage(),
'exception_class' => get_class($e),
'exception_trace' => $this->truncateText($e->getTraceAsString(), 3000),
]));
throw $e;
}
$costMs = $this->costMs($start);
$statusCode = method_exists($response, 'getStatusCode') ? intval($response->getStatusCode()) : 200;
$responseBodyRaw = $this->extractResponseBody($response);
$responseDecoded = $this->decodeJsonArray($responseBodyRaw);
$success = false;
$failReason = '';
$responseData = null;
if (is_array($responseDecoded)) {
if (array_key_exists('code', $responseDecoded)) {
$success = intval($responseDecoded['code']) === 1;
} else {
$success = $statusCode >= 200 && $statusCode < 400;
}
$responseData = $responseDecoded['data'] ?? $responseDecoded;
if (!$success) {
$failReasonRaw = $responseDecoded['message'] ?? ($responseDecoded['msg'] ?? '');
$failReason = is_string($failReasonRaw) ? $failReasonRaw : strval($failReasonRaw);
}
} else {
$success = $statusCode >= 200 && $statusCode < 400;
if ($success) {
$responseData = $this->truncateText($responseBodyRaw, 2000);
} else {
$failReason = $this->truncateText($responseBodyRaw, 2000);
}
}
$logPayload = [
'path' => '/' . $path,
'method' => strtoupper($request->method()),
'ip' => $request->getRealIp(),
'status_code' => $statusCode,
'cost_ms' => $costMs,
'request' => $requestPayload,
'success' => $success,
];
if ($success) {
$logPayload['response_data'] = $this->maskMixed($responseData);
Log::info('[InterfaceRequestLog] ' . $this->encodeJson($logPayload));
} else {
$logPayload['fail_reason'] = $failReason !== '' ? $failReason : 'Unknown error';
if (is_array($responseDecoded)) {
$logPayload['api_response'] = $this->maskMixed($responseDecoded);
}
Log::error('[InterfaceRequestLog] ' . $this->encodeJson($logPayload));
}
return $response;
}
private function shouldLogPath(string $path): bool
{
foreach (self::API_PATH_PREFIXES as $prefix) {
if (str_starts_with($path, $prefix)) {
return true;
}
}
return false;
}
private function buildRequestPayload(Request $request): array
{
$query = $request->get();
$post = $request->post();
if (!is_array($query)) {
$query = [];
}
if (!is_array($post)) {
$post = [];
}
$rawBody = method_exists($request, 'rawBody') ? strval($request->rawBody()) : '';
$jsonBody = [];
if ($rawBody !== '') {
$jsonDecoded = json_decode($rawBody, true);
if (is_array($jsonDecoded)) {
$jsonBody = $jsonDecoded;
}
}
return [
'query' => $this->maskMixed($query),
'post' => $this->maskMixed($post),
'json' => $this->maskMixed($jsonBody),
];
}
private function extractResponseBody(Response $response): string
{
if (method_exists($response, 'rawBody')) {
return strval($response->rawBody());
}
return '';
}
private function decodeJsonArray(string $content): ?array
{
if ($content === '') {
return null;
}
$decoded = json_decode($content, true);
return is_array($decoded) ? $decoded : null;
}
private function maskMixed($value, ?string $parentKey = null)
{
if (is_array($value)) {
$result = [];
foreach ($value as $k => $v) {
$keyName = is_string($k) ? $k : $parentKey;
$result[$k] = $this->maskMixed($v, $keyName);
}
return $result;
}
if ($parentKey !== null && $this->isSensitiveKey($parentKey)) {
return '***';
}
return $value;
}
private function isSensitiveKey(string $key): bool
{
$normalized = strtolower(trim($key));
foreach (self::SENSITIVE_KEYS as $sensitive) {
if ($normalized === $sensitive) {
return true;
}
if (str_contains($normalized, $sensitive)) {
return true;
}
}
return false;
}
private function truncateText(string $text, int $maxLen): string
{
if ($maxLen <= 0) {
return '';
}
if (mb_strlen($text) <= $maxLen) {
return $text;
}
return mb_substr($text, 0, $maxLen) . '...';
}
private function encodeJson(array $payload): string
{
return json_encode($payload, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
}
private function costMs(float $start): int
{
return intval((microtime(true) - $start) * 1000);
}
}

7
app/common/middleware/LoadLangPack.php
View File

@@ -26,7 +26,7 @@ class LoadLangPack implements MiddlewareInterface
/**
* 解析当前请求语言。
* - 后台 admin优先请求头 think-langzh-cn / en其次 lang 头,再次查询/表单参数 lang支持 zh→zh-cn
* - 对外 api优先查询/表单参数 langzh / en其次 lang 头,再次 think-lang。
* - 对外 api优先查询/表单参数 langzh / en其次 lang 头,再次 think-lang;未显式指定时固定 zh-cn不使用 Accept-Language
*/
protected function resolveLangSet(Request $request): string
{
@@ -86,6 +86,11 @@ class LoadLangPack implements MiddlewareInterface
}
}
// 对外 api无显式 lang / think-lang 时默认中文,避免浏览器 Accept-Language: en 覆盖产品默认
if ($app === 'api') {
return 'zh-cn';
}
$acceptRaw = $request->header('accept-language');
$acceptLang = is_string($acceptRaw) ? $acceptRaw : '';
if (preg_match('/^zh[-_]?cn|^zh/i', $acceptLang)) {

23
config/app.php
View File

@@ -16,12 +16,25 @@ use support\Request;
return [
/**
* 模拟充值网关 HMAC 密钥;生产环境请设置环境变量 DEPOSIT_MOCK_HMAC_KEY 覆盖
* 与 app\common\library\finance\DepositMockGateway 使用。
* DDPayPayment Gateway全量配置来自环境变量见仓库根目录 `.env-example` 中 DDPAY_* 说明
*
* - DDPAY_PUBLIC_BASE_URL站点对外的 HTTPS 根地址(无尾斜杠),用于拼接入金/出金 callback_url不配置则从请求头推导本地可能为 http生产务必配置
* - DDPAY_CLIENT_ID / DDPAY_IDENTIFIER / DDPAY_API_SECRET商户标识与签名密钥文档 Authentication
* - DDPAY_DEPOSIT_INIT_URL / DDPAY_DEPOSIT_STATUS_URL入金发起、入金状态查询文档 §3.1 / §3.3)。
* - DDPAY_PAYOUT_INIT_URL / DDPAY_PAYOUT_STATUS_URL出金发起、出金状态查询文档 §3.2 / §3.4)。
*/
'deposit_mock_hmac_key' => is_string(getenv('DEPOSIT_MOCK_HMAC_KEY')) && trim((string) getenv('DEPOSIT_MOCK_HMAC_KEY')) !== ''
? trim((string) getenv('DEPOSIT_MOCK_HMAC_KEY'))
: '',
'ddpay_public_base_url' => is_string(getenv('DDPAY_PUBLIC_BASE_URL')) ? trim(getenv('DDPAY_PUBLIC_BASE_URL')) : '',
'ddpay_client_id' => is_string(getenv('DDPAY_CLIENT_ID')) ? trim(getenv('DDPAY_CLIENT_ID')) : '',
'ddpay_identifier' => is_string(getenv('DDPAY_IDENTIFIER')) ? trim(getenv('DDPAY_IDENTIFIER')) : '',
'ddpay_api_secret' => is_string(getenv('DDPAY_API_SECRET')) ? trim(getenv('DDPAY_API_SECRET')) : '',
'ddpay_deposit_init_url' => is_string(getenv('DDPAY_DEPOSIT_INIT_URL')) ? trim(getenv('DDPAY_DEPOSIT_INIT_URL')) : '',
'ddpay_deposit_status_url' => is_string(getenv('DDPAY_DEPOSIT_STATUS_URL')) ? trim(getenv('DDPAY_DEPOSIT_STATUS_URL')) : '',
'ddpay_payout_init_url' => is_string(getenv('DDPAY_PAYOUT_INIT_URL')) ? trim(getenv('DDPAY_PAYOUT_INIT_URL')) : '',
'ddpay_payout_status_url' => is_string(getenv('DDPAY_PAYOUT_STATUS_URL')) ? trim(getenv('DDPAY_PAYOUT_STATUS_URL')) : '',
'debug' => true,
'error_reporting' => E_ALL,
'default_timezone' => 'Asia/Shanghai',

1
config/middleware.php
View File

@@ -22,5 +22,6 @@ return [
\app\common\middleware\AllowCrossDomain::class,
\app\common\middleware\LoadLangPack::class,
\app\common\middleware\AdminLog::class,
\app\common\middleware\InterfaceRequestLog::class,
],
];

5
config/route.php
View File

@@ -137,8 +137,9 @@ Route::add(['GET', 'POST'], '/api/wallet/recordList', [\app\api\controller\Walle
Route::add(['GET', 'POST'], '/api/finance/depositTierList', [\app\api\controller\Finance::class, 'depositTierList']);
Route::post('/api/finance/depositCreate', [\app\api\controller\Finance::class, 'depositCreate']);
Route::get('/api/finance/depositMockPayPage', [\app\api\controller\Finance::class, 'depositMockPayPage']);
Route::post('/api/finance/depositMockNotify', [\app\api\controller\Finance::class, 'depositMockNotify']);
Route::post('/api/finance/ddpayDepositNotify', [\app\api\controller\Finance::class, 'ddpayDepositNotify']);
Route::add(['GET', 'POST'], '/api/finance/ddpayDepositRedirect', [\app\api\controller\Finance::class, 'ddpayDepositRedirect']);
Route::post('/api/finance/ddpayPayoutNotify', [\app\api\controller\Finance::class, 'ddpayPayoutNotify']);
Route::add(['GET', 'POST'], '/api/finance/depositDetail', [\app\api\controller\Finance::class, 'depositDetail']);
Route::add(['GET', 'POST'], '/api/finance/depositList', [\app\api\controller\Finance::class, 'depositList']);
Route::add(['GET', 'POST'], '/api/finance/cashierConfig', [\app\api\controller\Finance::class, 'cashierConfig']);

1283
database/MySQL_backup/buildadmin-webman-game-number_20260430113141_backup.sql Normal file
View File

File diff suppressed because one or more lines are too long

140
docs/36字花-移动端接口设计草案.md
View File

@@ -13,7 +13,7 @@
- **请求方法**:所有移动端业务接口(`/api/*`,不含 `/api/v1/authToken`)一律使用 `POST` 调用;查询类接口同时兼容 `GET`(便于浏览器/调试工具直接访问),客户端统一走 `POST`
- `POST` 时请求头 `Content-Type: application/json`,参数放在 JSON body
- `GET` 兼容模式下,参数走 URL query string
- **例外**:公告模块 `/api/notice/noticeList``/api/notice/noticeDetail``/api/notice/noticeConfirm` 与模拟收银台页 `/api/finance/depositMockPayPage` **仅支持 `GET`**,参数一律走 URL query string
- **例外**:公告模块 `/api/notice/noticeList``/api/notice/noticeDetail``/api/notice/noticeConfirm` **仅支持 `GET`**,参数一律走 URL query string
- 鉴权类接口 `/api/v1/authToken` 仍为 `GET`
- 时间UTC 时间戳(秒) + 服务端时区配置
- 金额:数字传输(如 `"100.00"`),客户端展示统一保留两位小数(存储仍为 `decimal(18,2)`
@@ -426,28 +426,66 @@
- `processing_note`string到账提示文案
- `fee_note`string手续费提示文案
- `rate_mode`string`fixed` / `live`
- `fields`object提现表单必填项开关
- `fields`object**与 DDPay / `withdrawCreate` 一致**,不由后台「支付/收款配置」开关维护;用于客户端展示必填项)
- `receive_type_bank_only`bool当前固定 `true`,仅支持银行卡出金)
- `require_receiver_name`bool固定 `true`,对应 `receiver_name`
- `require_receive_account`bool固定 `true`,对应 `receive_account`
- `require_bank_code`bool固定 `true`,对应 `bank_code`
- `require_bank_branch`bool固定 `false``bank_branch` 选填,不传时服务端按 `N/A` 提交 DDPay
### 5.4 创建充值订单
- **POST** `/api/finance/depositCreate`
- `Content-Type: application/json`(推荐)、`application/x-www-form-urlencoded`**`multipart/form-data`**(如 Apifox 的 form-data字段名与下表一致即可服务端通过统一参数名读取**不限制**为某一种 body 类型。
说明(与真实「创建订单 → 调起三方 → 异步回调」一致)
- **创建单**`depositCreate` 仅写入 **待支付** 订单(`status=pending`**不在此请求内入账**。返回体中 `paid=false``pay_url`**模拟第三方收银台** 完整 URLHMAC 防篡改,见下 §5.4.1
- **客户端**:在 WebView/系统浏览器中打开 `pay_url`;用户完成支付后(模拟页为「确认支付」按钮),由服务端 `depositMockNotify` 验签后调用 `DepositSettlement::settle` 入账,并推送 `wallet.changed`;客户端可轮询 `depositDetail` 或依赖推送更新余额
- **未来接入真实第三方支付**:将 `pay_url` 与回调 URL 替换为真网关,入账仍**仅**在回调/验签成功路径中调用 `DepositSettlement::settle`(与当前模拟回调一致)
- 档位与渠道取自 `depositTierList`创建订单时须选择返回 `channels`某一渠道的 `code` 作为 `channel_code` 传入;服务端会校验档位存在、启用且渠道已启用
- **HMAC 密钥**:模拟链路与签名校验使用环境变量 **`DEPOSIT_MOCK_HMAC_KEY`**(或 `config('app.deposit_mock_hmac_key')`);生产环境务必配置,与代码中默认值区分
- **并发上限**:同一用户最多同时存在 **3 笔待支付充值单**`status=0`);超过后创建接口返回 `code=2005`
- **超时失效**:充值单创建后 **60 秒内未支付**将自动置为失败(`status=failed`),并在订单备注记录失败原因(`[timeout] unpaid over 60s`)。
- **定时任务兜底**:服务端进程 `depositOrderExpireTicker` 每 **10 秒**主动扫描超时待支付单,保证即使用户不访问任何充值接口也会准时失效。
说明:
- **仅支持 DDPay**`channel_code` 必须为 **`ddpay`**,否则返回 `code=2004`
- `depositCreate` 先创建 `status=pending` 的充值单,再调用 DDPay「入金发起」若成功返回 `payment_url`,则 `pay_url=payment_url`
- 入账由 **`POST /api/finance/ddpayDepositNotify`** 验签后结算,或网关同步返回 `transaction_status=completed` 时结算
- 档位与渠道取自 `depositTierList``channels`仅会出现 `ddpay`(与后台「支付/收款配置」一致)
- 同一用户最多 3 笔待支付充值单;创建后 60 秒未支付会超时失败
请求参数**三者缺一不可**,任一为空或空白即 `code=1001` 参数缺失)
- `tier_id`string必填含义玩家选择的充值档位 ID取自 `depositTierList``id`;也可用同义字段名 `tier_key`
- `channel_code`string必填含义支付渠道代码**小写**;须与所选档位在 `depositTierList` 返回的 `channels[].code` 之一一致,例如默认内置渠道常为 `directpay`
- `idempotency_key`string必填≤64含义客户端生成的唯一键短时间内同 `idempotency_key` 不会重复下单;建议 UUID。**调试工具中若使用变量,请确保解析后非空**
请求参数:
> **常见 1001 原因**:只传了 `tier_id` + `idempotency_key`**漏传 `channel_code`**。请先调 `depositTierList`,用对应档位下 `channels` 中某项的 `code` 作为 `channel_code`。
**A. 通用必填参数**
- `tier_id`string必填充值档位 ID同义字段`tier_key`
- `channel_code`string必填固定传 **`ddpay`**
- `idempotency_key`string必填≤64客户端幂等键建议 UUID
**B. DDPay 渠道必填参数(`channel_code=ddpay`**
> **依据**DDPay 官方《Payment Gateway》接口说明与仓库内 `docs/DDPay Payment Gateway_v1.1.3_zh.md` / `docs/DDPay Payment Gateway_v1.1.3.pdf` 一致;以下「官方」均指该文档)。
- `payment_type`string必填DDPay 字段 **`payment_type`,支付方式选择**
- **取值须为官方枚举字符串**(文档 §3.1**`01`** = FPX**`02`** = duitnow**`03`** = ewallet**其他取值须向 DDPay 商户支持另行确认**,勿自行臆造。
- 兼容字段:`paymentType`
- **注意**:若传入 `FPX``duitnow` 等**非官方编码**,网关可能直接拒绝;移动端应传 **`01` / `02` / `03`**。
- `payer_name`string必填**付款账户持有人姓名**,须与银行登记信息一致)
- 兼容字段:`payerName`
- `payer_bank_name`string必填对应官方字段 **`payer_bank[name]`,付款银行名称**
- 须使用 **DDPay 银行列表中的银行全称**(与官方附录一致):**MYR** 参考官方附录「入金银行列表MYR」中 **英文全称**(如 `Public Bank``Maybank2U`**THB** 参考「入金银行列表THB」中 **英文全称**(如 `BANGKOK BANK PUBLIC COMPANY LTD.`)。勿使用简称或与列表不一致的拼写,否则可能被网关拒单。
- 兼容字段:`payer_bank[name]``payerBankName`
**B.1 服务端代传、客户端无需传的 DDPay 字段(供联调对照)**
以下由服务端在调用 DDPay「入金发起」时自动组装来自环境/配置),移动端**不要**也无法通过本接口覆盖:
- `client_id``identifier`(若项目环境已配置 `DDPAY_IDENTIFIER`)、`order_id`(即本系统 `order_no`
- `transaction_amount`:取自所选档位的 **`pay_amount`**(法币应付额,类型为 Decimal币种以商户在 DDPay **onboarding 时约定币种**为准;官方示例表写 **MYR**,若贵司为 THB 等,以 DDPay 后台为准。
- `callback_url``redirect_url`:由服务端拼接,根地址优先读取环境变量 **`DDPAY_PUBLIC_BASE_URL`**(见 `.env-example`),未配置时按请求 `Host` 推导;官方要求 **HTTPS**(生产务必配置公网 HTTPS 根地址)。
> **常见 1001 原因DDPay**:只传了通用参数,漏传 `payment_type / payer_name / payer_bank_name` 之一;或 `payment_type` 未使用官方 `01/02/03`。
推荐请求示例DDPayMYR + FPX
```json
{
"tier_id": "t_xxxxxxxx",
"channel_code": "ddpay",
"idempotency_key": "dp_20260429_xxx",
"payment_type": "01",
"payer_name": "ZHANG SAN",
"payer_bank_name": "Public Bank"
}
```
返回参数:
- `order_no`string含义充值订单号
@@ -456,31 +494,38 @@
- `total_amount`string2 位小数,含义:实际入账总额 = amount + bonus_amount
- `pay_channel`string含义支付通道标识与请求中选择的 `channel_code` 一致,落库在订单上)
- `paid`bool含义当前单据是否已到账`true` 表示钱包已入账、`status=paid``false` 表示待玩家在第三方支付页面完成支付)
- `pay_url`string含义第三方支付收银台地址;**`paid=false`(待支付)** 时返回**完整 URL**(如 `https://你的域名/api/finance/depositMockPayPage?order_no=...&sign=...``paid=true` 时为空串)
- `pay_url`string含义DDPay 返回的收银台地址;**`paid=false`(待支付)** 时为三方 **`payment_url`(完整 URL**`paid=true` 时为空串)
- `status`string`pending`/`paid`/`failed`,含义:本接口创建成功时为 `pending`,入账完成后为 `paid`
- `create_time`int含义订单创建时间秒级时间戳
- `pay_time`int含义订单到账时间未到账为 0
#### 5.4.1 模拟第三方:收银台页与「异步通知」回调(开发/无真网关时使用
#### 5.4.1 DDPay 回调与状态说明(当前实现
- **GET** `/api/finance/depositMockPayPage`
- **Query**`order_no`(与 `depositCreate` 返回一致)、`sign`HMAC`pay_url` 中一致;**不要自行拼接,须完整使用 `depositCreate` 返回的 `pay_url` 或同接口再次查询到的地址**
- 无需 `auth-token` / `user-token`(外跳浏览器使用)。
- 返回HTML 页面,用户点击 **「确认支付(模拟成功)」** 即提交到下方 `depositMockNotify`
- 回调地址:`POST /api/finance/ddpayDepositNotify`(由服务端在 DDPay 发起请求时作为 **`callback_url`** 传给三方;须 **HTTPS**)。
- 官方 Webhook 负载字段(文档 §3.5,处理前**必须先验签**
- **POST** `/api/finance/depositMockNotify`
- **Body**`application/x-www-form-urlencoded` 或 JSON 均可,字段名一致即可):`order_no``sign`(与上页/支付链接一致)
- 无需 `user-token``auth-token` 可选(当前实现不校验)。
- 验签成功后:对 `status=0` 的订单执行入账(`DepositSettlement::settle``source=third_party` 语义),并推送 `wallet.changed`。已入账订单**幂等**再调返回当前订单信息。
- 成功响应:与 `depositCreate` 成功体相同结构(`code=1` + `data` 为统一充值订单结构)。
| 参数 | 说明 |
|---|---|
| `client_id` | 商户标识 |
| `order_id` | 交易引用号(与本系统充值 `order_no` 对应) |
| `transaction_status` | 最终状态:`pending` / `completed` / `failed`(含义见官方 §4.1 |
| `timestamp` | 通知时间 |
| `transaction_amount` | 支付金额(配置币种下) |
| `signature` | 通知校验签名 |
- 我方验签通过后:
- `transaction_status=completed`:执行入账结算,订单转 `paid`
- `transaction_status=failed`:订单转 `failed`
- 官方要求:收到通知后应尽快返回 HTTP **200**,响应体为纯文本 **`{"status":"ok"}`**;未收到确认时平台最多重试 **6** 次(以官方文档为准)。
- 若三方暂未提供/未打通回调,`pending` 订单将保持待处理;官方另提供「**入金状态查询**」接口(请求需含 `query_time`,格式 **`YYYY-MM-DD HH:MM:SS`**),当前移动端未单独暴露,由服务端按需扩展。
错误码约定:
- `1001`:缺少必填参数(`tier_id`(或 `tier_key`)、`channel_code``idempotency_key` 任一未传或为空字符串)
- `1001`DDPay缺少 `payment_type` / `payer_name` / `payer_bank_name`,或 `payment_type` 非官方允许取值
- `1002``idempotency_key` 过长,或与其他玩家的订单冲突
- `1003`模拟回调/链接参数非法(如 `sign``order_no` 不匹配)——`depositMockNotify` 与无效支付链接
- `2000`:订单落库或入账失败(事务回滚后返回原始错误描述)
- `2000`**通用**:订单落库或入账失败(事务回滚等,可能带原始错误描述);**DDPay**:调用「入金发起」失败(网络/HTTP/JSON/验签/`status_code≠0`对外文案为「DDPay 充值发起失败」,**具体原因可查看该笔 `deposit_order.remark`(前缀 `[ddpay]`)或服务端日志**
- `2003`:所选 `tier_id` 不存在、已停用或不在启用列表中
- `2004``channel_code` 未配置或已禁用
- `2004``channel_code` `ddpay`;或 `ddpay` 未启用;或当前档位币种与该渠道不允许的组合
- `2005`:待支付充值单超过上限(`data.max_pending``data.pending_count``data.expire_seconds`
### 5.5 查看充值订单详情
@@ -526,13 +571,32 @@
请求参数:
- `withdraw_coin`string含义申请提现金额必须 > 0
- `receive_account`string含义收款账号
- `receive_type`string`bank`/`ewallet`/`crypto`含义:收款类型)
- `receive_account`string含义收款账号;对接 DDPay 出金时对应官方字段 **`receiver_account`**,为收款账户号/手机号,须与银行登记一致
- `receive_type`string含义收款类型;当前版本仅支持 `bank`
- `idempotency_key`string含义防重复提交提现
- `receiver_name`string含义收款账户持有人姓名`receive_type=bank` 必填,对应官方 **`receiver_name`**,须与银行登记一致)
- `bank_code`string含义银行代码`receive_type=bank` 必填。取值来自收银台配置 `withdraw_banks[].code`;服务端会映射为 DDPay 所需的 **`bank[name]`** 银行全称发起出金)
- `bank_branch`string含义银行支行名称`receive_type=bank` 可选。官方 **`bank_branch`** 为必填项,若客户端不传则服务端按 **`N/A`** 提交,与 DDPay 文档「若缺失则默认值为 `N/A`」一致)
**DDPay 出金Payout官方请求字段对照文档 §3.2,由服务端在审核通过后组装)**
| 官方参数 | 说明 |
|---|---|
| `client_id` | 商户账号标识 |
| `bill_number` | 出金唯一引用号(与本系统提现 `order_no` 对应) |
| `amount` | 出金金额Decimal配置币种下 |
| `receiver_name` | 收款账户持有人姓名 |
| `receiver_account` | 收款账户号/手机号 |
| `bank[name]` | 银行全称(须参考官方附录「出金银行列表」) |
| `bank_branch` | 支行名称;缺失为 `N/A` |
| `callback_url` | 异步通知地址,须 **HTTPS** |
| `signature` | MD5 签名(小写) |
出金成功响应中,官方还可能返回 `transaction_fee``transaction_total``transaction_status``remark` 等;最终以 DDPay 文档为准。
返回参数:
- `order_no`string含义提现订单号
- `status`string`pending_review`/`processing`,含义:提现状态
- `status`string`pending_review`/`approved`/`rejected`,含义:提现状态;已打款合并到 `approved`
- `fee_coin`string含义手续费
- `actual_arrival_coin`string含义实到账金额
- `risk_review_required`bool含义是否命中人工审核
@@ -548,7 +612,7 @@
- `coin_balance``bet_flow_coin``total_withdraw_coin``ratio`
- `max_withdraw_by_flow`:仅按打码量折算的上限(= `max(0, bet_flow_coin / ratio - total_withdraw_coin)``ratio=0` 时为 `null`
5. 以上全通过后在同一事务内:
- `withdraw_order` 写入:`amount` / `fee`(默认 0.5% / `actual_amount = amount - fee` / `status=0`(待审核) / `channel_id` 取自用户归属渠道快照。
- `withdraw_order` 写入:`amount` / `fee`(默认 0.5% / `actual_amount = amount - fee` / `status=0`(待审核) / `channel_id` 取自用户归属渠道快照;同时写入收款字段(`receive_type/receive_account/receiver_name/bank_code/bank_branch`
- `user` 表原子更新:`coin -= withdraw_coin``total_withdraw_coin += withdraw_coin`WHERE `coin >= withdraw_coin` 防止并发超额扣减)。
- `user_wallet_record` 写入 `biz_type=withdraw``direction=2``amount=withdraw_coin``ref_type=withdraw_order``idempotency_key=wd_apply_{order_no}`,代表"冻结"动作。
@@ -556,7 +620,8 @@
- 单笔最大可提现 `max_withdrawable = min(coin_balance, max_withdraw_by_flow)`;每笔提现按 `withdraw_coin × ratio` 消耗打码配额,已消耗部分累积在 `total_withdraw_coin`
- `ratio = 0` 时视为"不限打码",单笔上限仅受 `coin_balance` 约束。
- 采用"申请即冻结"语义:提现在移动端提交后立即从 `user.coin` 中扣减并写出金流水;后台审核 **拒绝** 时由管理端在同一事务中回冲余额、`total_withdraw_coin` 与流水,不出现"等待审核期间用户还能把这笔钱再下注"的漏洞。
- 后台审核 **通过**不再额外触碰余额;若管理员调整了 `amount``fee`,按新旧差额再生成一条 `withdraw` / `withdraw_refund` 流水以保持账务平衡,并同步修正 `total_withdraw_coin`
- 后台审核 **通过**会触发三方出金DDPay Payout出金 **失败** 会自动回冲余额、`total_withdraw_coin` 与流水(`withdraw_refund`),并将订单标记为 `rejected`(内部 `status=2`
- 后台审核 **通过** 且出金完成后,订单内部 `status=3`(已打款),移动端对外仍合并展示为 `approved`
- `withdraw_bet_flow_ratio` 由后台「游戏配置」维护,默认 `1.00`,修改后对新请求立即生效。
### 5.8 查看提现订单详情
@@ -728,9 +793,8 @@
## 8.2 充值到下注到提现闭环
1. 拉取档位:`POST /api/finance/depositTierList`(玩家选择一档,并记下该档 `channels[].code`
2. 创建订单:`POST /api/finance/depositCreate``tier_id` + `channel_code` + `idempotency_key`,三者为必填;可用 JSON / form-data / x-www-form-urlencoded
- 返回 `paid=false``status=pending`、**非空 `pay_url`**:客户端在 WebView/浏览器中打开 `pay_url``GET /api/finance/depositMockPayPage`);用户在模拟页点击确认后,由 `POST /api/finance/depositMockNotify` 完成入账,或轮询 `depositDetail` / 等 `wallet.changed` 刷新余额
- 未来接真实第三方:将 `pay_url` 换为真网关,入账仅在支付平台 **异步通知** 中调用 `DepositSettlement::settle`(与当前 `depositMockNotify` 路径一致)
2. 创建订单:`POST /api/finance/depositCreate``tier_id` + **`channel_code=ddpay`** + `idempotency_key` + DDPay 入金必填字段;可用 JSON / form-data / x-www-form-urlencoded
- 返回 `paid=false``status=pending`、**非空 `pay_url`**:客户端在 WebView/浏览器中打开 **`pay_url`DDPay `payment_url`** 完成支付;入账由 **`ddpayDepositNotify`** Webhook 驱动,可轮询 `depositDetail` 或等待 `wallet.changed` 刷新余额
3. 客户端可选轮询 `POST /api/finance/depositDetail` 兜底确认状态;入账成功后会收到 `wallet.changed`
4. 下注:`POST /api/game/placeBet`
5. 监听余额:`wallet.changed`(或按订单详情接口核对)

BIN
docs/DDPay Payment Gateway_v1.1.3.pdf Normal file
View File

Binary file not shown.

319
docs/DDPay Payment Gateway_v1.1.3_zh.md Normal file
View File

@@ -0,0 +1,319 @@
## DDPay 支付网关接口对接文档
> 文档名称DDPay Payment Gateway
> 版本1.1.0文末“Document Version”标注为 1.1.2;文件命名为 v1.1.3
> 最后更新2026-03-20
> 版权:© 2025 DDPay
## 目录
- 1. 概述Overview
- 2. 认证与安全Authentication & Security
- 3. API 接口API Endpoints
- 3.1 入金发起Deposit Initiation
- 3.2 出金发起Payout Initiation
- 3.3 入金状态查询Deposit Status Inquiry
- 3.4 出金状态查询Payout Status Inquiry
- 3.5 Webhook 回调Webhook Notifications
- 4. 返回码Response Codes
- 5. 附录
- 5.1 入金银行列表MYR
- 5.2 出金银行列表MYR
- 5.3 入金银行列表THB
## 1. 概述Overview
### 1.1 目的
本文件提供与 DDPay Payment Gateway API 集成的完整技术规范,涵盖:
- 请求/响应字段结构
- 认证机制
- 集成协议(包括签名与回调处理)
### 1.2 术语Terminology
| 术语 | 定义 |
|---|---|
| Merchant Account | 允许通过 DDPay 处理交易的已注册商户主体 |
| Client ID | 每个商户在平台注册时分配的唯一标识 |
| API Secret | 用于请求认证与签名校验的保密密钥 |
## 2. 认证与安全Authentication & Security
### 2.1 通信协议Communication Protocol
- 传输方式:`HTTPS POST` 请求
- Content-Type`application/json`
- 字符编码:`UTF-8`
- 响应格式:`JSON`
要求:
- 所有 API 通信必须使用安全 HTTPS。
- 发起交易接口由平台提供同步响应最终交易状态需要通过“状态查询接口”或“状态回调Webhook”确认。
### 2.2 请求签名Request Signing
DDPay 使用加密签名以保证请求的真实性与数据完整性。签名算法为 **MD5**,流程如下:
1. 收集请求参数(**不包含**签名字段本身)
2. 按参数 key 名进行字典序排序ASCII 顺序)
3. 将所有 `key=value` 使用字符 `&` 连接(中间用 `&` 分隔)
4. 在末尾追加:`&key=YOUR_API_SECRET`
5. 对得到的字符串执行 `MD5`
6. 将 MD5 哈希结果转为小写
7. 将该哈希值填入签名字段
重要注意:
- **空值或 null 参数值应排除在签名计算之外**。
## 3. API 接口API Endpoints
> 生产环境的 Endpoint URL请联系商户支持获取。
### 3.1 入金发起Deposit Initiation
目的:提交一笔新的支付入金请求
- HTTP Method`POST`
- Endpoint URL联系商户支持获取生产地址
#### 请求参数Request Parameters
| 参数 | 描述 | 类型 | 必填 | 备注 |
|---|---|---|---|---|
| `client_id` | 商户账号标识 | String | 是 | onboarding 提供 |
| `order_id` | 交易唯一引用号 | String | 是 | 每笔交易必须唯一 |
| `payment_type` | 支付方式选择 | String | 是 | `01`=FPX`02`=duitnow`03`=ewallet其他请咨询获取 |
| `transaction_amount` | 支付金额 | Decimal | 是 | 币种MYR |
| `payer_name` | 付款账户持有人姓名 | String | 是 | 按银行登记信息 |
| `payer_bank[name]` | 付款银行名称 | String | 是 | 请参考银行列表获取全称 |
| `callback_url` | 异步通知地址 | String | 是 | 必须使用 HTTPS 协议 |
| `redirect_url` | 用户返回地址 | String | 是 | 必须使用 HTTPS 协议 |
| `signature` | 请求认证签名哈希 | String | 是 | 小写字母数字 MD5 |
#### 响应参数Response Parameters
| 参数 | 描述 | 类型 | 条件/备注 |
|---|---|---|---|
| `status_code` | 操作结果指示 | Integer | 非 0 表示失败 |
| `status_message` | 可读状态说明 | String | 永远返回 |
| `details` | 失败细节(如适用) | String | 仅失败时适用 |
| `client_id` | 商户标识回显 | String | 成功时回显 |
| `order_id` | 入金订单号回显 | String | 成功时回显,用于关联 |
| `transaction_amount` | 支付金额确认 | Decimal | 成功时在配置币种下返回 |
| `transaction_status` | 当前处理状态 | String | 成功时返回;参考“状态码” |
| `payment_url` | 支付界面 URL | String | 成功时返回,跳转到该 URL 完成支付 |
| `timestamp` | 响应生成时间 | DateTime | ISO 8601 |
| `signature` | 响应校验签名哈希 | String | 成功时返回(使用同方法校验) |
### 3.2 出金发起Payout Initiation
目的:提交一笔新的出金请求
- HTTP Method`POST`
- Endpoint URL联系商户支持获取生产地址
#### 请求参数Request Parameters
| 参数 | 描述 | 类型 | 必填 | 备注 |
|---|---|---|---|---|
| `client_id` | 商户账号标识 | String | 是 | onboarding 提供 |
| `bill_number` | 交易唯一引用号 | String | 是 | 每笔出金请求必须唯一 |
| `amount` | 出金金额 | Decimal | 是 | 币种:配置币种 |
| `receiver_name` | 收款账户持有人姓名 | String | 是 | 按银行登记信息 |
| `receiver_account` | 收款账户号/手机号 | String | 是 | 按银行登记信息 |
| `bank[name]` | 银行名称 | String | 是 | 请参考银行列表获取全称 |
| `bank_branch` | 银行支行名称 | String | 是 | 若缺失则默认值为 `N/A` |
| `callback_url` | 异步通知地址 | String | 是 | 必须使用 HTTPS 协议 |
| `signature` | 请求认证签名哈希 | String | 是 | 小写字母数字 MD5 |
#### 响应参数Response Parameters
| 参数 | 描述 | 类型 | 条件/备注 |
|---|---|---|---|
| `status_code` | 操作结果指示 | Integer | 非 0 表示失败 |
| `status_message` | 可读状态说明 | String | 永远返回 |
| `details` | 失败细节(如适用) | String | 仅失败时适用 |
| `client_id` | 商户标识回显 | String | 成功时回显 |
| `bill_number` | 出金订单号回显 | String | 成功时回显,用于关联 |
| `transaction_amount` | 出金金额确认 | Decimal | 成功时在配置币种下返回 |
| `transaction_fee` | 出金手续费 | Decimal | 成功时在配置币种下返回 |
| `transaction_total` | 出金总金额 | Decimal | 成功时在配置币种下返回 |
| `transaction_status` | 当前处理状态 | String | 成功时返回;参考“状态码” |
| `timestamp` | 响应生成时间 | DateTime | ISO 8601 |
| `signature` | 响应校验签名哈希 | String | 成功时返回(使用同方法校验) |
| `remark` | 出金备注 | String | 成功时回显(文档描述为 OK 状态下返回) |
### 3.3 入金状态查询Deposit Status Inquiry
目的:查询已提交入金的当前状态
- HTTP Method`POST`
#### 请求参数Request Parameters
| 参数 | 描述 | 类型 | 必填 | 备注 |
|---|---|---|---|---|
| `client_id` | 商户账号标识 | String | 是 | |
| `order_id` | 入金订单号/交易引用 | String | 是 | 原始订单标识 |
| `query_time` | 请求时间戳 | DateTime | 是 | 格式:`YYYY-MM-DD HH:MM:SS` |
| `signature` | 请求认证签名哈希 | String | 是 | |
#### 响应参数Response Parameters
| 参数 | 描述 | 类型 | 条件/备注 |
|---|---|---|---|
| `status_code` | 查询结果指示 | Integer | 永远返回 |
| `status_message` | 查询结果说明 | String | 永远返回 |
| `client_id` | 商户标识回显 | String | 成功时回显 |
| `order_id` | 订单号回显 | String | 成功时回显 |
| `transaction_amount` | 支付金额 | Decimal | 成功时在配置币种下返回 |
| `transaction_status` | 当前处理状态 | String | 参考“状态码” |
| `timestamp` | 响应时间 | DateTime | 仅返回 ISO 8601 |
| `signature` | 响应校验签名哈希 | String | 成功时返回(使用同方法校验) |
### 3.4 出金状态查询Payout Status Inquiry
目的:查询已提交出金的当前状态
- HTTP Method`POST`
#### 请求参数Request Parameters
| 参数 | 描述 | 类型 | 必填 | 备注 |
|---|---|---|---|---|
| `client_id` | 商户账号标识 | String | 是 | |
| `bill_number` | 出金引用号 | String | 是 | 原始出金标识 |
| `signature` | 请求认证签名哈希 | String | 是 | |
#### 响应参数Response Parameters
| 参数 | 描述 | 类型 | 条件/备注 |
|---|---|---|---|
| `status_code` | 查询结果指示 | Integer | 永远返回 |
| `status_message` | 查询结果说明 | String | 永远返回 |
| `client_id` | 商户标识回显 | String | 成功时回显 |
| `bill_number` | 出金引用号回显 | String | 成功时回显 |
| `transaction_amount` | 出金金额 | Decimal | 成功时在配置币种下返回 |
| `transaction_fee` | 出金手续费 | Decimal | 成功时在配置币种下返回 |
| `transaction_total` | 出金总金额 | Decimal | 成功时在配置币种下返回 |
| `transaction_status` | 当前处理状态 | String | 参考“状态码” |
| `remark` | 出金备注 | String | 成功时回显 |
| `timestamp` | 响应时间 | DateTime | ISO 8601 |
| `signature` | 响应校验签名哈希 | String | 成功时返回(使用同方法校验) |
### 3.5 Webhook 回调Webhook Notifications
目的:接收异步交易状态更新
说明:
- 平台通过 `callback_url` 在交易状态变化时向你系统发送 `POST` 通知
- 通知发送范围:成功与失败交易都会发送
- 格式:通过 `HTTPS POST` 发送 `JSON`
- 重试机制:如果未收到确认,最多重试 6 次
- 你需要的响应:返回纯文本 `{"status":"ok"}` 并确保 HTTP 状态码为 `200`
#### 通知负载Notification Payload
| 参数 | 描述 | 类型 | 必填 | 备注 |
|---|---|---|---|---|
| `client_id` | 商户标识 | String | 是 | |
| `order_id` | 交易引用号 | String | 是 | |
| `transaction_status` | 最终状态 | String | 是 | 参考状态码 |
| `timestamp` | 通知时间 | DateTime | 是 | |
| `transaction_amount` | 支付金额 | Decimal | 是 | 配置币种下返回 |
| `signature` | 通知校验签名哈希 | String | 是 | 处理前必须校验签名 |
#### 集成要求Implementation Requirements
- 在处理 webhook 之前先验证签名
- 收到后应立刻响应纯文本 `{"status":"ok"}`HTTP 200
- 使用 HTTPS endpoint并确保 SSL 证书有效
## 4. 返回码Response Codes
### 4.1 入金状态值Deposit Status Values
| 状态码 | 描述 | 最终状态 | 是否需要操作 | 处理建议 |
|---|---|---|---|---|
| `pending` | 交易正在处理中 | 否 | 否 | 无需调用轮询接口或等待通知 |
| `completed` | 交易成功 | 是 | 是 | 履约订单/服务fulfill order/service |
| `failed` | 交易失败 | 是 | 是 | 通知客户可选允许重试allow retry |
> 文档中 `transaction_status` 建议参考本节状态码定义。
## 5. 附录Appendices
### 5.1 入金银行列表MYR
- `pbb` : Public Bank
- `br` : Bank Rakyat
- `alb` : Alliance Bank
- `mbb` : Maybank2U
- `bi` : Bank Islam
- `bm` : Bank Muamalat
- `afb` : Affin Bank
- `rhb` : RHB Bank
- `ocbc` : OCBC Bank
- `scb` : Standard Chartered
- `hlb` : Hong Leong Bank
- `uob` : UOB Bank
- `cimb` : CIMB Clicks
- `amb` : AmBank
- `bsn` : Bank Simpanan Nasional
- `hsbc` : HSBC Bank
- `cob` : Bank of China
### 5.2 出金银行列表MYR
> 与入金 MYR 银行列表一致
- `pbb` : Public Bank
- `br` : Bank Rakyat
- `alb` : Alliance Bank
- `mbb` : Maybank2U
- `bi` : Bank Islam
- `bm` : Bank Muamalat
- `afb` : Affin Bank
- `rhb` : RHB Bank
- `ocbc` : OCBC Bank
- `scb` : Standard Chartered
- `hlb` : Hong Leong Bank
- `uob` : UOB Bank
- `cimb` : CIMB Clicks
- `amb` : AmBank
- `bsn` : Bank Simpanan Nasional
- `hsbc` : HSBC Bank
- `cob` : Bank of China
- `tng` : Touch & Go
### 5.3 入金银行列表THB
- `105` : BANK OF THAILAND
- `106` : BANGKOK BANK PUBLIC COMPANY LTD.
- `107` : KASIKORNBANK PUBLIC COMPANY LIMITED
- `108` : KRUNG THAI BANK PUBLIC COMPANY LTD.
- `109` : TMB THANACHART BANK PUBLIC COMPANY LIMITED
- `110` : SIAM COMMERCIAL BANK PUBLIC COMPANY LTD.
- `111` : CITIBANK, N.A.
- `112` : STANDARD CHARTERED BANK (THAI) PUBLIC COMPANY LIMITED
- `113` : CIMB THAI BANK PUBLIC COMPANY LIMITED
- `114` : UNITED OVERSEAS BANK (THAI) PUBLIC COMPANY LIMITED
- `115` : BANK OF AYUDHYA PUBLIC COMPANY LTD.
- `116` : GOVERNMENT SAVINGS BANK
- `117` : THE GOVERNMENT HOUSING BANK
- `118` : BANK FOR AGRICULTURE AND AGRICULTURAL COOPERATIVES
- `119` : BANK OF CHINA (THAI) PUBLIC COMPANY LIMITED
- `120` : ISLAMIC BANK OF THAILAND
- `121` : KIATNAKIN PHATRA BANK PUBLIC COMPANY LIMITED
- `122` : INDUSTRIAL AND COMMERCIAL BANK OF CHINA (THAI) PUBLIC COMPANY LIMITED
- `123` : LAND AND HOUSES BANK PUBLIC COMPANY LIMITED
- `158` : TISCO BANK PUBLIC COMPANY LIMITED
- `357` : RHB BANK BERHAD
- `358` : INDIAN OVERSEA BANK
- `359` : ANZ BANK (THAI) PUBLIC COMPANY LIMITED

45
web/src/lang/backend/en/config/financeCashierConfig.ts
View File

@@ -1,16 +1,27 @@
export default {
desc: 'Mobile pay & receipt settings: platform coin labels, currencies and rates, deposit pay channels (on/off and sort; all tiers are supported automatically), withdraw banks, limits, copy, and required withdraw fields.',
desc: 'Mobile pay & receipt settings: platform coin labels, currencies and rates, deposit pay channels (on/off and sort; supported currencies per channel), withdraw banks, limits and copy. DDPay-required fields follow the gateway doc and API contracts—not toggles on this page.',
btn_save: 'Save',
btn_add_row: 'Add row',
sec_platform: 'Platform coin labels',
tab_cashier: 'Deposit/Withdraw config',
tab_tiers: 'Deposit tiers',
tab_deposit_banks: 'Deposit banks',
tab_withdraw_banks: 'Withdraw banks',
platform_label_zh: 'Label (Chinese)',
platform_label_en: 'Label (English)',
sec_currencies: 'Currencies (deposit/withdraw selectors)',
sec_deposit_channels: 'Deposit pay channels',
deposit_channels_hint: 'Display names come from the registry; here you only set enabled state and sort order. All enabled channels automatically support all deposit tiers.',
deposit_channels_hint: 'Only the DDPay channel is built-in. Set enabled state, sort and supported fiat currencies per row.',
currency_rates_hint: 'Deposit rate: platform coins credited per 1 fiat paid. Withdraw rate: platform coins needed per 1 fiat redeemed (e.g. 100 ⇒ 100 coins = 1 fiat unit).',
err_dup_code: 'Duplicate currency codes are not allowed.',
sec_banks: 'Withdraw bank codes',
sec_deposit_banks: 'Deposit banks by currency',
deposit_banks_hint: 'Used for DDPay deposit bank options and client display, maintained by currency_code.',
sec_withdraw_banks: 'Withdraw banks by currency',
withdraw_banks_hint: 'Used for withdrawCreate bank_code mapping and client display, maintained by currency_code.',
sec_deposit_tiers: 'Deposit tiers (embedded)',
sec_tabbed_config: 'Banks & deposit tiers (tabs)',
deposit_tiers_hint: 'Moved into this page. When deleting currencies, related tiers will be previewed and removed together after confirmation.',
btn_save_tiers: 'Save tiers',
sec_limits: 'Minimum withdraw (fiat amount; match your copy currency)',
min_ewallet: 'E-wallet minimum',
min_bank: 'Bank minimum',
@@ -24,11 +35,17 @@ export default {
processing_en: 'Processing note (EN)',
fee_note_zh: 'Fee note (ZH)',
fee_note_en: 'Fee note (EN)',
sec_fields: 'Withdraw form (required)',
field_cardholder: 'Cardholder name',
field_bank_account: 'Bank account',
field_email: 'Payee email',
field_mobile: 'Payee mobile',
sec_ddpay_spec: 'DDPay integration (read-only)',
ddpay_spec_intro:
'Withdrawals use DDPay Payout (mobile: withdrawCreate). Deposits with channel ddpay use depositCreate. Below is a short field summary; see the DDPay doc and the mobile API draft in the repo for details.',
ddpay_spec_li_withdraw:
'Withdraw (required): withdraw_coin, receive_type=bank, receive_account, receiver_name (as registered with the bank), bank_code (must match a code from “Withdraw banks by currency” on this page), idempotency_key; bank_branch optional (server sends N/A if omitted).',
ddpay_spec_li_bank_table:
'English bank name maps to DDPay bank[name] and must match the official full bank names, or payout may be rejected.',
ddpay_spec_li_deposit:
'Deposit (ddpay): payment_type (01=FPX, 02=duitnow, 03=ewallet), payer_name, payer_bank_name (full name per official deposit bank list).',
ddpay_spec_li_doc:
'Gateway doc: docs/DDPay Payment Gateway_v1.1.3_zh.md (and PDF); HTTPS and callback rules follow the vendor spec.',
col_code: 'Code',
col_label_zh: 'Name (ZH)',
col_label_en: 'Name (EN)',
@@ -36,6 +53,17 @@ export default {
col_deposit_rate: 'Deposit rate',
col_withdraw_rate: 'Withdraw rate',
col_bank_code: 'Bank code',
col_currency_code: 'Currency',
col_tier_id: 'Tier ID',
col_title_zh: 'Title (ZH)',
col_title_en: 'Title (EN)',
col_pay_amount: 'Pay amount',
col_amount: 'Platform amount',
col_bonus_amount: 'Bonus',
col_tier_sort: 'Sort',
col_tier_status: 'Enabled',
msg_delete_currency_prune_tiers: 'Deleting currency {currency} will also remove {count} related deposit tier(s). Continue?',
msg_affected_tier_ids: 'Affected tiers',
col_name_zh: 'Bank (ZH)',
col_name_en: 'Bank (EN)',
ph_ratio: 'e.g. 100',
@@ -45,4 +73,5 @@ export default {
ch_display_name: 'Display name',
ch_sort: 'Sort',
ch_status: 'Enabled',
ch_currency_codes: 'Supported currencies',
}

45
web/src/lang/backend/zh-cn/config/financeCashierConfig.ts
View File

@@ -1,16 +1,27 @@
export default {
desc: '配置移动端支付与收款展示:平台币名称、货币与汇率、充值支付渠道(开关/排序,自动兼容全部档位)、提现银行、最低限额文案提现表单字段。',
desc: '配置移动端支付与收款展示:平台币名称、货币与汇率、充值支付渠道(开关/排序,以及按渠道配置支持币种)、提现银行、最低限额文案提现/充值与 DDPay 对接的必填字段由网关文档与接口约定,不在此页配置。',
btn_save: '保存',
btn_add_row: '新增一行',
sec_platform: '平台币展示名',
tab_cashier: '充值/提现配置',
tab_tiers: '充值档位配置',
tab_deposit_banks: '充值银行配置',
tab_withdraw_banks: '提现银行配置',
platform_label_zh: '名称(中文)',
platform_label_en: '名称(英文)',
sec_currencies: '货币列表(充值/提现货币下拉)',
sec_deposit_channels: '充值支付渠道',
deposit_channels_hint: '展示名由环境注册表决定此处维护启用状态排序;所有启用渠道自动兼容全部充值档位。',
deposit_channels_hint: '当前仅 DDPay 渠道。展示名由注册表决定此处维护启用状态排序与各渠道支持的法币币种。',
currency_rates_hint: '充值汇率:每支付 1 单位该货币到账的平台币;提现汇率:每兑换 1 单位该货币所需平台币(例 100 表示 100 平台币 = 1 单位)。',
err_dup_code: '货币代码不能重复,请检查后再保存。',
sec_banks: '提现支持银行代码',
sec_deposit_banks: '充值支持银行(按币种)',
deposit_banks_hint: '用于 DDPay 入金参数辅助与客户端展示,按 currency_code 维护可选银行。',
sec_withdraw_banks: '提现支持银行(按币种)',
withdraw_banks_hint: '用于 withdrawCreate 的 bank_code 映射与客户端展示,按 currency_code 维护。',
sec_deposit_tiers: '充值档位(内嵌维护)',
sec_tabbed_config: '银行与充值档位(标签页)',
deposit_tiers_hint: '已并入当前页面。删除币种时若存在关联档位,将提示并同步删除对应档位。',
btn_save_tiers: '保存档位',
sec_limits: '提现最低限额(法币金额,与文案中币种一致)',
min_ewallet: '电子钱包最低',
min_bank: '银行最低',
@@ -24,11 +35,17 @@ export default {
processing_en: '到账说明(英文)',
fee_note_zh: '手续费说明(中文)',
fee_note_en: '手续费说明(英文)',
sec_fields: '提现表单字段(必填',
field_cardholder: '持卡人姓名',
field_bank_account: '银行账号',
field_email: '收款邮箱',
field_mobile: '收款手机',
sec_ddpay_spec: 'DDPay 对接说明(只读',
ddpay_spec_intro:
'当前提现走 DDPay 出金Payout移动端调用 withdrawCreate充值渠道为 ddpay 时调用 depositCreate。下列为字段约定摘要详细以仓库内 DDPay 文档与《36字花-移动端接口设计草案》为准。',
ddpay_spec_li_withdraw:
'提现必填withdraw_coin、receive_type=bank、receive_account收款账号、receiver_name与银行登记一致、bank_code须与本页「提现支持银行按币种」中 code 一致、idempotency_keybank_branch 选填,不传则服务端按 N/A 提交。',
ddpay_spec_li_bank_table:
'「银行名(英文)」将映射为 DDPay 的 bank[name],请与 DDPay 官方银行全称列表一致,否则出金可能被拒。',
ddpay_spec_li_deposit:
'充值channel_code=ddpay必填payment_type官方取值 01=FPX、02=duitnow、03=ewallet、payer_name、payer_bank_name须与官方入金银行列表全称一致。',
ddpay_spec_li_doc:
'官方文档docs/DDPay Payment Gateway_v1.1.3_zh.md回调与 HTTPS 要求以文档为准。',
col_code: '代码',
col_label_zh: '中文名',
col_label_en: '英文名',
@@ -36,6 +53,17 @@ export default {
col_deposit_rate: '充值汇率',
col_withdraw_rate: '提现汇率',
col_bank_code: '银行代码',
col_currency_code: '币种',
col_tier_id: '档位ID',
col_title_zh: '标题(中文)',
col_title_en: '标题(英文)',
col_pay_amount: '支付金额',
col_amount: '平台币',
col_bonus_amount: '赠送',
col_tier_sort: '排序',
col_tier_status: '启用',
msg_delete_currency_prune_tiers: '将删除币种 {currency},并删除关联充值档位 {count} 条,是否继续?',
msg_affected_tier_ids: '影响档位',
col_name_zh: '银行名(中文)',
col_name_en: '银行名(英文)',
ph_ratio: '如 100',
@@ -46,4 +74,5 @@ export default {
ch_display_name: '展示名称',
ch_sort: '排序',
ch_status: '启用',
ch_currency_codes: '支持币种',
}

464
web/src/views/backend/config/financeCashierConfig/index.vue
View File

@@ -10,9 +10,16 @@
</el-button>
</div>
<el-tabs v-model="activeMainTab" class="main-tabs">
<el-tab-pane :label="t('config.financeCashierConfig.tab_cashier')" name="cashier"></el-tab-pane>
<el-tab-pane :label="t('config.financeCashierConfig.tab_tiers')" name="tiers"></el-tab-pane>
<el-tab-pane :label="t('config.financeCashierConfig.tab_deposit_banks')" name="depositBanks"></el-tab-pane>
<el-tab-pane :label="t('config.financeCashierConfig.tab_withdraw_banks')" name="withdrawBanks"></el-tab-pane>
</el-tabs>
<el-scrollbar max-height="calc(100vh - 220px)">
<el-form v-loading="loading" label-width="160px" class="finance-cashier-form">
<el-card shadow="never" class="section-card">
<el-card v-if="activeMainTab === 'cashier'" shadow="never" class="section-card">
<template #header>{{ t('config.financeCashierConfig.sec_platform') }}</template>
<el-form-item :label="t('config.financeCashierConfig.platform_label_zh')">
<el-input v-model="form.platform_coin.label_zh" maxlength="32" class="w400" />
@@ -22,7 +29,7 @@
</el-form-item>
</el-card>
<el-card shadow="never" class="section-card">
<el-card v-if="activeMainTab === 'cashier'" shadow="never" class="section-card">
<template #header>
<span>{{ t('config.financeCashierConfig.sec_currencies') }}</span>
<el-button v-if="canSave" type="primary" link class="ml-2" @click="addCurrency">{{ t('config.financeCashierConfig.btn_add_row') }}</el-button>
@@ -66,13 +73,13 @@
</el-table-column>
<el-table-column :label="t('Operate')" width="90" align="center">
<template #default="{ $index }">
<el-button v-if="canSave" type="danger" link @click="removeRow(form.currencies, $index)">{{ t('Delete') }}</el-button>
<el-button v-if="canSave" type="danger" link @click="removeCurrencyRow($index)">{{ t('Delete') }}</el-button>
</template>
</el-table-column>
</el-table>
</el-card>
<el-card shadow="never" class="section-card">
<el-card v-if="activeMainTab === 'cashier'" shadow="never" class="section-card">
<template #header>{{ t('config.financeCashierConfig.sec_deposit_channels') }}</template>
<p class="hint">{{ t('config.financeCashierConfig.deposit_channels_hint') }}</p>
<el-table :data="form.channels" border stripe size="small">
@@ -103,15 +110,101 @@
<el-switch v-model="row.status" :active-value="1" :inactive-value="0" />
</template>
</el-table-column>
<el-table-column :label="t('config.financeCashierConfig.ch_currency_codes')" min-width="260">
<template #default="{ row }">
<div class="currency-codes-cell">
<el-checkbox-group v-model="row.currency_codes" size="small">
<el-checkbox
v-for="c in form.currencies"
:key="c.code"
:label="c.code"
>
{{ currencyLabel(c.code) }}
</el-checkbox>
</el-checkbox-group>
</div>
</template>
</el-table-column>
</el-table>
</el-card>
<el-card shadow="never" class="section-card">
<el-card v-if="activeMainTab === 'tiers'" shadow="never" class="section-card">
<template #header>
<span>{{ t('config.financeCashierConfig.sec_banks') }}</span>
<el-button v-if="canSave" type="primary" link class="ml-2" @click="addBank">{{ t('config.financeCashierConfig.btn_add_row') }}</el-button>
<span>{{ t('config.financeCashierConfig.sec_deposit_tiers') }}</span>
<el-button v-if="canSave" type="primary" link class="ml-2" @click="addTier">{{ t('config.financeCashierConfig.btn_add_row') }}</el-button>
<el-button v-if="canSave" type="success" link class="ml-2" :loading="tiersSaving" @click="saveTiers">{{ t('config.financeCashierConfig.btn_save_tiers') }}</el-button>
</template>
<el-table :data="form.withdraw_banks" border stripe size="small">
<p class="hint">{{ t('config.financeCashierConfig.deposit_tiers_hint') }}</p>
<el-table :data="tiers" border stripe size="small">
<el-table-column :label="t('config.financeCashierConfig.col_tier_id')" min-width="130">
<template #default="{ row }">
<el-input v-model="row.id" maxlength="32" />
</template>
</el-table-column>
<el-table-column :label="t('config.financeCashierConfig.col_title_zh')" min-width="140">
<template #default="{ row }">
<el-input v-model="row.title" maxlength="64" />
</template>
</el-table-column>
<el-table-column :label="t('config.financeCashierConfig.col_title_en')" min-width="140">
<template #default="{ row }">
<el-input v-model="row.title_en" maxlength="64" />
</template>
</el-table-column>
<el-table-column :label="t('config.financeCashierConfig.col_currency_code')" width="120">
<template #default="{ row }">
<el-select v-model="row.currency" class="w100p" filterable>
<el-option v-for="c in form.currencies" :key="c.code" :label="currencyLabel(c.code)" :value="c.code" />
</el-select>
</template>
</el-table-column>
<el-table-column :label="t('config.financeCashierConfig.col_pay_amount')" width="120">
<template #default="{ row }">
<el-input v-model="row.pay_amount" />
</template>
</el-table-column>
<el-table-column :label="t('config.financeCashierConfig.col_amount')" width="120">
<template #default="{ row }">
<el-input v-model="row.amount" />
</template>
</el-table-column>
<el-table-column :label="t('config.financeCashierConfig.col_bonus_amount')" width="120">
<template #default="{ row }">
<el-input v-model="row.bonus_amount" />
</template>
</el-table-column>
<el-table-column :label="t('config.financeCashierConfig.col_tier_sort')" width="120">
<template #default="{ row }">
<el-input-number v-model="row.sort" :min="0" :max="99999" :controls="false" class="w100p" />
</template>
</el-table-column>
<el-table-column :label="t('config.financeCashierConfig.col_tier_status')" width="90" align="center">
<template #default="{ row }">
<el-switch v-model="row.status" :active-value="1" :inactive-value="0" />
</template>
</el-table-column>
<el-table-column :label="t('Operate')" width="90" align="center">
<template #default="{ $index }">
<el-button v-if="canSave" type="danger" link @click="removeRow(tiers, $index)">{{ t('Delete') }}</el-button>
</template>
</el-table-column>
</el-table>
</el-card>
<el-card v-if="activeMainTab === 'depositBanks'" shadow="never" class="section-card">
<template #header>
<span>{{ t('config.financeCashierConfig.sec_deposit_banks') }}</span>
<el-button v-if="canSave" type="primary" link class="ml-2" @click="addDepositBank">{{ t('config.financeCashierConfig.btn_add_row') }}</el-button>
</template>
<p class="hint">{{ t('config.financeCashierConfig.deposit_banks_hint') }}</p>
<el-table :data="form.deposit_banks" border stripe size="small">
<el-table-column :label="t('config.financeCashierConfig.col_currency_code')" width="140">
<template #default="{ row }">
<el-select v-model="row.currency_code" class="w100p" filterable>
<el-option v-for="c in form.currencies" :key="c.code" :label="currencyLabel(c.code)" :value="c.code" />
</el-select>
</template>
</el-table-column>
<el-table-column :label="t('config.financeCashierConfig.col_bank_code')" width="140">
<template #default="{ row }">
<el-input v-model="row.code" maxlength="32" :placeholder="t('config.financeCashierConfig.ph_bank_code')" />
@@ -129,7 +222,49 @@
</el-table-column>
<el-table-column :label="t('config.financeCashierConfig.col_sort')" width="108">
<template #default="{ row }">
<el-input-number v-model="row.sort" :min="0" :max="99999" :controls="true" class="w100p" @change="resortBanksInPlace" />
<el-input-number v-model="row.sort" :min="0" :max="99999" :controls="true" class="w100p" @change="resortDepositBanksInPlace" />
</template>
</el-table-column>
<el-table-column :label="t('Operate')" width="90" align="center">
<template #default="{ $index }">
<el-button v-if="canSave" type="danger" link @click="removeRow(form.deposit_banks, $index)">{{ t('Delete') }}</el-button>
</template>
</el-table-column>
</el-table>
</el-card>
<el-card v-if="activeMainTab === 'withdrawBanks'" shadow="never" class="section-card">
<template #header>
<span>{{ t('config.financeCashierConfig.sec_withdraw_banks') }}</span>
<el-button v-if="canSave" type="primary" link class="ml-2" @click="addWithdrawBank">{{ t('config.financeCashierConfig.btn_add_row') }}</el-button>
</template>
<p class="hint">{{ t('config.financeCashierConfig.withdraw_banks_hint') }}</p>
<el-table :data="form.withdraw_banks" border stripe size="small">
<el-table-column :label="t('config.financeCashierConfig.col_currency_code')" width="140">
<template #default="{ row }">
<el-select v-model="row.currency_code" class="w100p" filterable>
<el-option v-for="c in form.currencies" :key="c.code" :label="currencyLabel(c.code)" :value="c.code" />
</el-select>
</template>
</el-table-column>
<el-table-column :label="t('config.financeCashierConfig.col_bank_code')" width="140">
<template #default="{ row }">
<el-input v-model="row.code" maxlength="32" :placeholder="t('config.financeCashierConfig.ph_bank_code')" />
</template>
</el-table-column>
<el-table-column :label="t('config.financeCashierConfig.col_name_zh')" min-width="140">
<template #default="{ row }">
<el-input v-model="row.name_zh" maxlength="64" />
</template>
</el-table-column>
<el-table-column :label="t('config.financeCashierConfig.col_name_en')" min-width="140">
<template #default="{ row }">
<el-input v-model="row.name_en" maxlength="64" />
</template>
</el-table-column>
<el-table-column :label="t('config.financeCashierConfig.col_sort')" width="108">
<template #default="{ row }">
<el-input-number v-model="row.sort" :min="0" :max="99999" :controls="true" class="w100p" @change="resortWithdrawBanksInPlace" />
</template>
</el-table-column>
<el-table-column :label="t('Operate')" width="90" align="center">
@@ -140,7 +275,7 @@
</el-table>
</el-card>
<el-card shadow="never" class="section-card">
<el-card v-if="activeMainTab === 'cashier'" shadow="never" class="section-card">
<template #header>{{ t('config.financeCashierConfig.sec_limits') }}</template>
<el-form-item :label="t('config.financeCashierConfig.min_ewallet')">
<el-input v-model="form.withdraw_limits.min_ewallet" class="w240" />
@@ -150,7 +285,7 @@
</el-form-item>
</el-card>
<el-card shadow="never" class="section-card">
<el-card v-if="activeMainTab === 'cashier'" shadow="never" class="section-card">
<template #header>{{ t('config.financeCashierConfig.sec_copy') }}</template>
<el-form-item :label="t('config.financeCashierConfig.rate_mode')">
<el-select v-model="form.withdraw_copy.rate_mode" class="w240">
@@ -178,20 +313,17 @@
</el-form-item>
</el-card>
<el-card shadow="never" class="section-card">
<template #header>{{ t('config.financeCashierConfig.sec_fields') }}</template>
<el-form-item :label="t('config.financeCashierConfig.field_cardholder')">
<el-switch v-model="form.withdraw_fields.require_cardholder" />
</el-form-item>
<el-form-item :label="t('config.financeCashierConfig.field_bank_account')">
<el-switch v-model="form.withdraw_fields.require_bank_account" />
</el-form-item>
<el-form-item :label="t('config.financeCashierConfig.field_email')">
<el-switch v-model="form.withdraw_fields.require_email" />
</el-form-item>
<el-form-item :label="t('config.financeCashierConfig.field_mobile')">
<el-switch v-model="form.withdraw_fields.require_mobile" />
</el-form-item>
<el-card v-if="activeMainTab === 'cashier'" shadow="never" class="section-card">
<template #header>{{ t('config.financeCashierConfig.sec_ddpay_spec') }}</template>
<el-alert type="info" :closable="false" show-icon class="mb-2">
{{ t('config.financeCashierConfig.ddpay_spec_intro') }}
</el-alert>
<ul class="ddpay-spec-list">
<li>{{ t('config.financeCashierConfig.ddpay_spec_li_withdraw') }}</li>
<li>{{ t('config.financeCashierConfig.ddpay_spec_li_bank_table') }}</li>
<li>{{ t('config.financeCashierConfig.ddpay_spec_li_deposit') }}</li>
<li>{{ t('config.financeCashierConfig.ddpay_spec_li_doc') }}</li>
</ul>
</el-card>
</el-form>
</el-scrollbar>
@@ -201,7 +333,7 @@
<script setup lang="ts">
import { onMounted, reactive, ref } from 'vue'
import { useI18n } from 'vue-i18n'
import { ElMessage } from 'element-plus'
import { ElMessage, ElMessageBox } from 'element-plus'
import createAxios from '/@/utils/axios'
import { auth } from '/@/utils/common'
@@ -220,17 +352,35 @@ type CurrencyRow = {
deposit_coins_per_fiat: string
withdraw_coins_per_fiat: string
}
type BankRow = { code: string; name_zh: string; name_en: string; sort: number }
type ChannelRow = { code: string; sort: number; status: number; tier_ids: string[] }
type BankRow = { currency_code: string; code: string; name_zh: string; name_en: string; sort: number }
type ChannelRow = { code: string; sort: number; status: number; tier_ids: string[]; currency_codes: string[] }
type TierRow = {
id: string
title: string
title_en: string
currency: string
pay_amount: string
amount: string
bonus_amount: string
desc: string
desc_en: string
sort: number
status: number
}
type RegistryMeta = { name?: string; name_en?: string; sort?: number }
const loading = ref(false)
const saving = ref(false)
const registry = ref<Record<string, RegistryMeta>>({})
const activeMainTab = ref('cashier')
const originalCurrencyCodes = ref<string[]>([])
const tiers = ref<TierRow[]>([])
const tiersSaving = ref(false)
const form = reactive({
platform_coin: { label_zh: '', label_en: '' },
currencies: [] as CurrencyRow[],
deposit_banks: [] as BankRow[],
withdraw_banks: [] as BankRow[],
withdraw_limits: { min_ewallet: '0', min_bank: '0' },
withdraw_copy: {
@@ -242,12 +392,6 @@ const form = reactive({
fee_note_en: '',
rate_mode: 'fixed',
},
withdraw_fields: {
require_cardholder: true,
require_bank_account: true,
require_email: true,
require_mobile: true,
},
channels: [] as ChannelRow[],
})
@@ -301,8 +445,26 @@ function resortCurrenciesInPlace() {
})
}
function resortBanksInPlace() {
function resortDepositBanksInPlace() {
form.deposit_banks.sort((a, b) => {
const cc = String(a.currency_code || '').localeCompare(String(b.currency_code || ''))
if (cc !== 0) {
return cc
}
const ds = rowSortValue(a) - rowSortValue(b)
if (ds !== 0) {
return ds
}
return String(a.code || '').localeCompare(String(b.code || ''))
})
}
function resortWithdrawBanksInPlace() {
form.withdraw_banks.sort((a, b) => {
const cc = String(a.currency_code || '').localeCompare(String(b.currency_code || ''))
if (cc !== 0) {
return cc
}
const ds = rowSortValue(a) - rowSortValue(b)
if (ds !== 0) {
return ds
@@ -345,25 +507,92 @@ function channelDisplayName(code: string): string {
return code
}
function normalizeChannelRow(c: Record<string, unknown>): ChannelRow {
function currencyLabel(code: string): string {
const cur = form.currencies.find((x) => x.code === code)
if (!cur) {
return code
}
const loc = String(locale.value ?? '').toLowerCase().replaceAll('_', '-')
const preferEn = loc === 'en' || loc.startsWith('en-')
if (preferEn) {
if (typeof cur.label_en === 'string' && cur.label_en !== '') {
return cur.label_en
}
}
if (typeof cur.label_zh === 'string' && cur.label_zh !== '') {
return cur.label_zh
}
return cur.label_en
}
function normalizeChannelRow(c: Record<string, unknown>, defaultCurrencyCodes: string[]): ChannelRow {
const st = c.status
const statusOn = st === 1 || st === true || st === '1'
const rawCodes = c.currency_codes
const isArray = Array.isArray(rawCodes)
// null/undefined 表示“兼容全部币种”(历史配置默认行为)
const codesCandidate = isArray ? (rawCodes as unknown[]) : null
const all = new Set(defaultCurrencyCodes)
let cc: string[]
if (codesCandidate === null) {
cc = defaultCurrencyCodes
} else {
cc = codesCandidate
.map((x) => (typeof x === 'string' ? x.trim().toUpperCase() : ''))
.filter((x) => x !== '')
.filter((x) => all.has(x))
}
return {
code: typeof c.code === 'string' ? c.code : '',
sort: rowSortValue({ sort: c.sort }),
status: statusOn ? 1 : 0,
tier_ids: [],
currency_codes: cc,
}
}
function addBank() {
form.withdraw_banks.push({ code: '', name_zh: '', name_en: '', sort: nextSort(form.withdraw_banks) })
function addDepositBank() {
form.deposit_banks.push({ currency_code: '', code: '', name_zh: '', name_en: '', sort: nextSort(form.deposit_banks) })
}
function addWithdrawBank() {
form.withdraw_banks.push({ currency_code: '', code: '', name_zh: '', name_en: '', sort: nextSort(form.withdraw_banks) })
}
function removeRow<T>(arr: T[], index: number) {
arr.splice(index, 1)
}
async function removeCurrencyRow(index: number) {
const row = form.currencies[index]
if (!row) {
return
}
const code = String(row.code || '').trim().toUpperCase()
if (code === '') {
form.currencies.splice(index, 1)
return
}
const affected = tiers.value.filter((x) => String(x.currency || '').trim().toUpperCase() === code)
if (affected.length === 0) {
form.currencies.splice(index, 1)
return
}
const sample = affected.slice(0, 10).map((x) => x.id).join(',')
const confirmed = await ElMessageBox.confirm(
t('config.financeCashierConfig.msg_delete_currency_prune_tiers', { currency: code, count: affected.length }) +
(sample !== '' ? `\n${t('config.financeCashierConfig.msg_affected_tier_ids')}: ${sample}` : ''),
t('Warning'),
{ type: 'warning', confirmButtonText: t('OK'), cancelButtonText: t('Cancel') }
).then(() => true).catch(() => false)
if (!confirmed) {
return
}
form.currencies.splice(index, 1)
}
async function load() {
loading.value = true
try {
@@ -399,29 +628,100 @@ async function load() {
: '100',
}))
form.currencies.splice(0, form.currencies.length, ...normalized)
originalCurrencyCodes.value = normalized.map((x) => x.code)
resortCurrenciesInPlace()
const defaultCurrencyCodes = normalized.map((x) => String(x.code || '')).filter((x) => x !== '')
const depositBankList = Array.isArray(f.deposit_banks) ? f.deposit_banks : []
const depositBanksNorm: BankRow[] = depositBankList.map((b: Record<string, unknown>) => ({
currency_code: typeof b.currency_code === 'string' ? b.currency_code : '',
code: typeof b.code === 'string' ? b.code : '',
name_zh: typeof b.name_zh === 'string' ? b.name_zh : '',
name_en: typeof b.name_en === 'string' ? b.name_en : '',
sort: rowSortValue({ sort: b.sort }),
}))
form.deposit_banks.splice(0, form.deposit_banks.length, ...depositBanksNorm)
resortDepositBanksInPlace()
const bankList = Array.isArray(f.withdraw_banks) ? f.withdraw_banks : []
const banksNorm: BankRow[] = bankList.map((b: Record<string, unknown>) => ({
currency_code: typeof b.currency_code === 'string' ? b.currency_code : '',
code: typeof b.code === 'string' ? b.code : '',
name_zh: typeof b.name_zh === 'string' ? b.name_zh : '',
name_en: typeof b.name_en === 'string' ? b.name_en : '',
sort: rowSortValue({ sort: b.sort }),
}))
form.withdraw_banks.splice(0, form.withdraw_banks.length, ...banksNorm)
resortBanksInPlace()
resortWithdrawBanksInPlace()
const chList = Array.isArray(f.channels) ? f.channels : []
const channelsNorm: ChannelRow[] = chList.map((c) => normalizeChannelRow(c as Record<string, unknown>))
const channelsNorm: ChannelRow[] = chList.map((c) => normalizeChannelRow(c as Record<string, unknown>, defaultCurrencyCodes))
form.channels.splice(0, form.channels.length, ...channelsNorm)
resortChannelsInPlace()
Object.assign(form.withdraw_limits, f.withdraw_limits || {})
Object.assign(form.withdraw_copy, f.withdraw_copy || {})
Object.assign(form.withdraw_fields, f.withdraw_fields || {})
await loadTiers()
}
} finally {
loading.value = false
}
}
async function loadTiers() {
const res = await createAxios({
url: '/admin/config.FinanceCashierConfig/tierList',
method: 'get',
})
const listRaw = res.code === 1 && Array.isArray(res.data?.list) ? res.data.list : []
tiers.value = listRaw.map((row: Record<string, unknown>) => ({
id: typeof row.id === 'string' ? row.id : '',
title: typeof row.title === 'string' ? row.title : '',
title_en: typeof row.title_en === 'string' ? row.title_en : '',
currency: typeof row.currency === 'string' ? row.currency : '',
pay_amount: typeof row.pay_amount === 'string' ? row.pay_amount : String(row.pay_amount ?? ''),
amount: typeof row.amount === 'string' ? row.amount : String(row.amount ?? ''),
bonus_amount: typeof row.bonus_amount === 'string' ? row.bonus_amount : String(row.bonus_amount ?? '0'),
desc: typeof row.desc === 'string' ? row.desc : '',
desc_en: typeof row.desc_en === 'string' ? row.desc_en : '',
sort: rowSortValue({ sort: row.sort }),
status: row.status === 1 || row.status === true || row.status === '1' ? 1 : 0,
}))
}
function addTier() {
const currency = form.currencies.length > 0 ? form.currencies[0].code : ''
tiers.value.push({
id: `t_${Date.now()}_${Math.floor(Math.random() * 1000)}`,
title: '',
title_en: '',
currency,
pay_amount: '',
amount: '',
bonus_amount: '0',
desc: '',
desc_en: '',
sort: 10,
status: 1,
})
}
async function saveTiers() {
if (!canSave) {
return
}
tiersSaving.value = true
try {
await createAxios({
url: '/admin/config.FinanceCashierConfig/tierSave',
method: 'post',
data: {
items: JSON.parse(JSON.stringify(tiers.value)),
},
showSuccessMessage: true,
})
await loadTiers()
} finally {
tiersSaving.value = false
}
}
async function onSave() {
if (!auth('save')) {
return
@@ -435,14 +735,67 @@ async function onSave() {
return
}
resortCurrenciesInPlace()
resortBanksInPlace()
const allowed = new Set(form.currencies.map((c) => String(c.code || '').trim().toUpperCase()).filter((x) => x !== ''))
for (const b of form.deposit_banks) {
b.currency_code = String(b.currency_code || '').trim().toUpperCase()
b.code = String(b.code || '').trim().toLowerCase()
if (!allowed.has(b.currency_code)) {
b.currency_code = ''
}
}
for (const b of form.withdraw_banks) {
b.currency_code = String(b.currency_code || '').trim().toUpperCase()
b.code = String(b.code || '').trim().toLowerCase()
if (!allowed.has(b.currency_code)) {
b.currency_code = ''
}
}
resortDepositBanksInPlace()
resortWithdrawBanksInPlace()
resortChannelsInPlace()
const removedCurrencyCodes = originalCurrencyCodes.value.filter((x) => !allowed.has(x))
let pruneTierCurrencies: string[] = []
if (removedCurrencyCodes.length > 0) {
const affected = tiers.value.filter((x) => removedCurrencyCodes.includes(String(x.currency || '').toUpperCase()))
if (affected.length > 0) {
const sample = affected.slice(0, 10).map((x) => x.id).join(', ')
const detail = sample !== '' ? `\n${t('config.financeCashierConfig.msg_affected_tier_ids')}: ${sample}` : ''
const confirmed = await ElMessageBox.confirm(
t('config.financeCashierConfig.msg_delete_currency_prune_tiers', {
currency: removedCurrencyCodes.join(','),
count: affected.length,
}) + detail,
t('Warning'),
{
type: 'warning',
confirmButtonText: t('OK'),
cancelButtonText: t('Cancel'),
}
).then(() => true).catch(() => false)
if (!confirmed) {
return
}
pruneTierCurrencies = removedCurrencyCodes
}
}
// 仅保留配置了的币种码(后端还会校验)
for (const ch of form.channels) {
const raw = Array.isArray(ch.currency_codes) ? ch.currency_codes : []
const normalized = raw
.map((x) => (typeof x === 'string' ? x.trim().toUpperCase() : ''))
.filter((x) => x !== '')
.filter((x) => allowed.has(x))
ch.currency_codes = Array.from(new Set(normalized))
}
saving.value = true
try {
await createAxios({
url: '/admin/config.FinanceCashierConfig/save',
method: 'post',
data: JSON.parse(JSON.stringify(form)),
data: {
...JSON.parse(JSON.stringify(form)),
prune_tier_currency_codes: pruneTierCurrencies,
},
showSuccessMessage: true,
})
await load()
@@ -484,5 +837,30 @@ onMounted(() => {
.ml-2 {
margin-left: 8px;
}
.mb-2 {
margin-bottom: 10px;
}
.main-tabs {
margin-bottom: 8px;
}
}
.ddpay-spec-list {
margin: 0;
padding-left: 1.25rem;
color: var(--el-text-color-regular);
font-size: 13px;
line-height: 1.65;
}
.ddpay-spec-list li {
margin-bottom: 6px;
}
.currency-codes-cell {
display: flex;
flex-wrap: wrap;
gap: 8px 12px;
align-items: center;
padding-right: 6px;
}
</style>