mojiahui/webman-buildadmin
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1.配置新版支付模块-菜单和接口都已重构

Browse Source 
2.优化充值提现页面
3.菜单翻译问题
4.备份数据库
This commit is contained in:
zhenhui
2026-04-30 11:37:46 +08:00
parent e8c2b9d345
commit c7fc754573
23 changed files with 4042 additions and 400 deletions
Download Patch File Download Diff File Expand all files Collapse all files

151
app/admin/controller/config/FinanceCashierConfig.php
View File

@@ -6,6 +6,7 @@ namespace app\admin\controller\config;
use app\common\controller\Backend;
use app\common\library\game\DepositChannel as DepositChannelLib;
use app\common\library\game\DepositTier as DepositTierLib;
use app\common\library\game\FinanceCashierConfig as FinanceCashierConfigLib;
use app\common\service\GameHotDataCoordinator;
use app\common\service\GameHotDataLock;
@@ -22,7 +23,7 @@ class FinanceCashierConfig extends Backend
{
protected bool $modelValidate = false;
protected array $noNeedPermission = ['index', 'save'];
protected array $noNeedPermission = ['index', 'save', 'tierList', 'tierSave'];
private function hasNodePermission(WebmanRequest $request, string $action): bool
{
@@ -109,6 +110,21 @@ class FinanceCashierConfig extends Backend
if (!is_array($payload)) {
return $this->error(__('Parameter %s can not be empty', ['']));
}
$pruneTierCurrencies = [];
if (isset($payload['prune_tier_currency_codes']) && is_array($payload['prune_tier_currency_codes'])) {
foreach ($payload['prune_tier_currency_codes'] as $c) {
if (!is_string($c)) {
continue;
}
$s = strtoupper(trim($c));
if ($s !== '') {
$pruneTierCurrencies[] = $s;
}
}
$pruneTierCurrencies = array_values(array_unique($pruneTierCurrencies));
}
unset($payload['prune_tier_currency_codes']);
try {
$json = FinanceCashierConfigLib::encodeForDb($payload);
} catch (InvalidArgumentException $e) {
@@ -162,11 +178,17 @@ class FinanceCashierConfig extends Backend
'update_time' => $now,
]);
}
if ($pruneTierCurrencies !== []) {
$this->pruneDepositTiersByCurrencies($pruneTierCurrencies, $now);
}
} catch (Throwable $e) {
return $this->error($e->getMessage());
}
GameHotDataCoordinator::afterGameConfigKeyCommitted(FinanceCashierConfigLib::CONFIG_KEY);
GameHotDataCoordinator::afterGameConfigKeyCommitted(DepositChannelLib::CONFIG_KEY);
if ($pruneTierCurrencies !== []) {
GameHotDataCoordinator::afterGameConfigKeyCommitted(DepositTierLib::CONFIG_KEY);
}
return $this->success(__('Saved successfully'));
} finally {
@@ -174,6 +196,83 @@ class FinanceCashierConfig extends Backend
}
}
public function tierList(WebmanRequest $request): Response
{
$response = $this->initializeBackend($request);
if ($response !== null) {
return $response;
}
if (!$this->hasNodePermission($request, 'tierList')) {
return $this->error(__('You have no permission'), [], 401);
}
if ($request->method() !== 'GET') {
return $this->error(__('Parameter error'));
}
$list = $this->loadDepositTierItems();
return $this->success('', ['list' => $list]);
}
public function tierSave(WebmanRequest $request): Response
{
$response = $this->initializeBackend($request);
if ($response !== null) {
return $response;
}
if (!$this->hasNodePermission($request, 'tierSave')) {
return $this->error(__('You have no permission'), [], 401);
}
if ($request->method() !== 'POST') {
return $this->error(__('Parameter error'));
}
$payload = $request->post();
if (!is_array($payload)) {
return $this->error(__('Parameter error'));
}
$items = $payload['items'] ?? null;
if (!is_array($items)) {
return $this->error(__('Items must be an array'));
}
try {
$clean = DepositTierLib::prepareItemsForSave(array_values($items));
$json = DepositTierLib::encodeForDb($clean);
} catch (InvalidArgumentException $e) {
return $this->error($e->getMessage());
}
$now = time();
$resourceKey = GameHotDataLock::safeResourceKeyForConfig(DepositTierLib::CONFIG_KEY);
$lock = GameHotDataLock::tryAcquire(GameHotDataLock::TYPE_GAME_CONFIG, $resourceKey);
if (!$lock['acquired']) {
return $this->error(__('This config is locked by another operation, please try again later'));
}
try {
$exists = Db::name('game_config')->where('config_key', DepositTierLib::CONFIG_KEY)->find();
if ($exists) {
Db::name('game_config')->where('config_key', DepositTierLib::CONFIG_KEY)->update([
'config_value' => $json,
'value_type' => 'json',
'update_time' => $now,
]);
} else {
Db::name('game_config')->insert([
'config_key' => DepositTierLib::CONFIG_KEY,
'config_value' => $json,
'value_type' => 'json',
'remark' => '充值档位 JSON 数组financeCashierConfig 统一维护)',
'create_time' => $now,
'update_time' => $now,
]);
}
GameHotDataCoordinator::afterGameConfigKeyCommitted(DepositTierLib::CONFIG_KEY);
return $this->success(__('Saved successfully'));
} catch (Throwable $e) {
return $this->error($e->getMessage());
} finally {
GameHotDataLock::release(GameHotDataLock::TYPE_GAME_CONFIG, $resourceKey, $lock['token'], $lock['redis_lock']);
}
}
/**
* @return array<string, array{name: string, name_en: string, sort: int}>
*/
@@ -194,4 +293,54 @@ class FinanceCashierConfig extends Backend
return $registryOut;
}
/**
* @return list<array<string, mixed>>
*/
private function loadDepositTierItems(): array
{
$row = Db::name('game_config')->where('config_key', DepositTierLib::CONFIG_KEY)->find();
return DepositTierLib::parseFromConfigValue(is_array($row) ? ($row['config_value'] ?? null) : null);
}
/**
* @param list<string> $currencyCodes
*/
private function pruneDepositTiersByCurrencies(array $currencyCodes, int $now): void
{
if ($currencyCodes === []) {
return;
}
$exists = Db::name('game_config')->where('config_key', DepositTierLib::CONFIG_KEY)->find();
$items = $this->loadDepositTierItems();
$filtered = [];
foreach ($items as $row) {
if (!is_array($row)) {
continue;
}
$currency = isset($row['currency']) && is_string($row['currency']) ? strtoupper(trim($row['currency'])) : '';
if ($currency !== '' && in_array($currency, $currencyCodes, true)) {
continue;
}
$filtered[] = $row;
}
$json = DepositTierLib::encodeForDb(DepositTierLib::prepareItemsForSave(array_values($filtered)));
if ($exists) {
Db::name('game_config')->where('config_key', DepositTierLib::CONFIG_KEY)->update([
'config_value' => $json,
'value_type' => 'json',
'update_time' => $now,
]);
} else {
Db::name('game_config')->insert([
'config_key' => DepositTierLib::CONFIG_KEY,
'config_value' => $json,
'value_type' => 'json',
'remark' => '充值档位 JSON 数组financeCashierConfig 统一维护)',
'create_time' => $now,
'update_time' => $now,
]);
}
}
}

259
app/admin/controller/order/WithdrawOrder.php
View File

@@ -3,6 +3,7 @@
namespace app\admin\controller\order;
use app\common\controller\Backend;
use app\common\library\finance\DDPayGateway;
use support\think\Db;
use support\Response;
use Throwable;
@@ -251,6 +252,264 @@ class WithdrawOrder extends Backend
return $this->error($e->getMessage());
}
// 审核通过后自动发起 DDPAY 出金(并在失败时回冲余额)
try {
$fresh = Db::name('withdraw_order')->where('id', $id)->find();
if (!is_array($fresh)) {
// 理论上不会发生:只写失败备注
Db::name('withdraw_order')->where('id', $id)->update([
'remark' => '[ddpay] payout order missing',
'update_time' => time(),
]);
} else {
$orderNo = is_string($fresh['order_no'] ?? null) ? trim($fresh['order_no'] ?? '') : strval($fresh['order_no'] ?? '');
$receiveType = is_string($fresh['receive_type'] ?? null) ? strtolower(trim($fresh['receive_type'] ?? '')) : '';
// 当前仅接入 bank 类型出金(与移动端 withdrawCreate 校验一致)
if ($orderNo !== '' && $receiveType === 'bank') {
$base = \app\common\library\finance\DDPayGateway::publicBaseUrlForCallbacks($request);
if ($base === '') {
$base = 'https://' . strval($request->host());
}
$callbackUrl = rtrim($base, '/') . '/api/finance/ddpayPayoutNotify';
$payoutAmount = is_string($fresh['actual_amount'] ?? null) && $fresh['actual_amount'] !== '' ? trim($fresh['actual_amount']) : $newActual;
$receiverName = is_string($fresh['ddpay_receiver_name'] ?? null) ? trim($fresh['ddpay_receiver_name'] ?? '') : '';
$receiverAccount = is_string($fresh['receive_account'] ?? null) ? trim($fresh['receive_account'] ?? '') : '';
$bankName = is_string($fresh['ddpay_bank_name'] ?? null) ? trim($fresh['ddpay_bank_name'] ?? '') : '';
$bankBranch = is_string($fresh['ddpay_bank_branch'] ?? null) ? trim($fresh['ddpay_bank_branch'] ?? '') : 'N/A';
if ($receiverName === '' || $receiverAccount === '' || $bankName === '') {
// 缺少 DDPAY 出金字段:回冲并置为失败
Db::startTrans();
try {
$amountRefund = bcadd(strval($fresh['amount'] ?? '0'), '0', 2);
$updated = Db::name('withdraw_order')
->where('id', $id)
->where('status', 1)
->update([
'status' => 2,
'remark' => '[ddpay] missing payout fields',
'update_time' => time(),
]);
if ($updated > 0 && bccomp($amountRefund, '0', 2) > 0) {
$userIdRefund = intval(strval($fresh['user_id'] ?? 0));
$userRow = Db::name('user')->where('id', $userIdRefund)->find();
$beforeCoin = bcadd(strval($userRow['coin'] ?? '0'), '0', 2);
$afterCoin = bcadd($beforeCoin, $amountRefund, 2);
Db::name('user')->where('id', $userIdRefund)->update([
'coin' => $afterCoin,
'total_withdraw_coin' => Db::raw('total_withdraw_coin - ' . $amountRefund),
'update_time' => time(),
]);
$idempotencyKey = 'wd_ddpay_failed_' . strval($orderNo);
$exists = Db::name('user_wallet_record')->where('idempotency_key', $idempotencyKey)->find();
if (!$exists) {
$channelId = null;
if (isset($fresh['channel_id']) && is_numeric(strval($fresh['channel_id']))) {
$channelId = intval(strval($fresh['channel_id']));
}
Db::name('user_wallet_record')->insert([
'user_id' => $userIdRefund,
'channel_id' => $channelId,
'biz_type' => 'withdraw_refund',
'direction' => 1,
'amount' => $amountRefund,
'balance_before' => $beforeCoin,
'balance_after' => $afterCoin,
'ref_type' => 'withdraw_order',
'ref_id' => intval(strval($id)),
'idempotency_key' => $idempotencyKey,
'operator_admin_id' => null,
'remark' => '[ddpay] missing payout fields refund',
'create_time' => time(),
]);
}
}
Db::commit();
} catch (Throwable $e2) {
Db::rollback();
}
} else {
$clientId = config('app.ddpay_client_id', '');
$identifier = config('app.ddpay_identifier', '');
$ddReq = [
'client_id' => $clientId,
'identifier' => $identifier,
'bill_number' => $orderNo,
'amount' => $payoutAmount,
'receiver_name' => $receiverName,
'receiver_account' => $receiverAccount,
'bank[name]' => $bankName,
'bank_branch' => $bankBranch,
'callback_url' => $callbackUrl,
];
$ddResp = [];
$ts = '';
try {
$ddResp = DDPayGateway::payoutInitiation($ddReq);
$ts = is_string($ddResp['transaction_status'] ?? null) ? strtolower(trim($ddResp['transaction_status'] ?? '')) : '';
} catch (Throwable $e) {
// initiation 异常同“failed”处理回冲并置失败
$ts = 'failed';
$ddResp = ['error' => (string) $e->getMessage()];
}
if (is_array($ddResp)) {
Db::name('withdraw_order')
->where('id', $id)
->update([
'ddpay_payout_snapshot' => json_encode([
'init_request' => $ddReq,
'init_response' => $ddResp,
], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES),
]);
}
if ($ts === 'completed') {
Db::name('withdraw_order')
->where('id', $id)
->where('status', 1)
->update([
'status' => 3,
'remark' => '[ddpay] payout completed',
'update_time' => time(),
]);
} elseif ($ts === 'failed') {
$amountRefund = bcadd(strval($fresh['amount'] ?? '0'), '0', 2);
Db::startTrans();
try {
$updated = Db::name('withdraw_order')
->where('id', $id)
->where('status', 1)
->update([
'status' => 2,
'remark' => '[ddpay] payout failed',
'update_time' => time(),
]);
if ($updated > 0 && bccomp($amountRefund, '0', 2) > 0) {
$userIdRefund = intval(strval($fresh['user_id'] ?? 0));
$userRow = Db::name('user')->where('id', $userIdRefund)->find();
$beforeCoin = bcadd(strval($userRow['coin'] ?? '0'), '0', 2);
$afterCoin = bcadd($beforeCoin, $amountRefund, 2);
Db::name('user')->where('id', $userIdRefund)->update([
'coin' => $afterCoin,
'total_withdraw_coin' => Db::raw('total_withdraw_coin - ' . $amountRefund),
'update_time' => time(),
]);
$idempotencyKey = 'wd_ddpay_failed_' . strval($orderNo);
$exists = Db::name('user_wallet_record')->where('idempotency_key', $idempotencyKey)->find();
if (!$exists) {
$channelId = null;
if (isset($fresh['channel_id']) && is_numeric(strval($fresh['channel_id']))) {
$channelId = intval(strval($fresh['channel_id']));
}
Db::name('user_wallet_record')->insert([
'user_id' => $userIdRefund,
'channel_id' => $channelId,
'biz_type' => 'withdraw_refund',
'direction' => 1,
'amount' => $amountRefund,
'balance_before' => $beforeCoin,
'balance_after' => $afterCoin,
'ref_type' => 'withdraw_order',
'ref_id' => intval(strval($id)),
'idempotency_key' => $idempotencyKey,
'operator_admin_id' => null,
'remark' => '[ddpay] payout failed refund',
'create_time' => time(),
]);
}
}
Db::commit();
} catch (Throwable $e3) {
Db::rollback();
}
} else {
// pending按文档做一次 status inquiry 兜底Webhook 仍会最终落账)
try {
$inq = DDPayGateway::payoutStatusInquiry([
'client_id' => $clientId,
'bill_number' => $orderNo,
]);
$ts2 = is_string($inq['transaction_status'] ?? null) ? strtolower(trim($inq['transaction_status'] ?? '')) : '';
if ($ts2 === 'completed') {
Db::name('withdraw_order')
->where('id', $id)
->where('status', 1)
->update([
'status' => 3,
'remark' => '[ddpay] payout completed (after status inquiry)',
'update_time' => time(),
]);
} elseif ($ts2 === 'failed') {
$amountRefund = bcadd(strval($fresh['amount'] ?? '0'), '0', 2);
Db::startTrans();
try {
$updated = Db::name('withdraw_order')
->where('id', $id)
->where('status', 1)
->update([
'status' => 2,
'remark' => '[ddpay] payout failed (after status inquiry)',
'update_time' => time(),
]);
if ($updated > 0 && bccomp($amountRefund, '0', 2) > 0) {
$userIdRefund = intval(strval($fresh['user_id'] ?? 0));
$userRow = Db::name('user')->where('id', $userIdRefund)->find();
$beforeCoin = bcadd(strval($userRow['coin'] ?? '0'), '0', 2);
$afterCoin = bcadd($beforeCoin, $amountRefund, 2);
Db::name('user')->where('id', $userIdRefund)->update([
'coin' => $afterCoin,
'total_withdraw_coin' => Db::raw('total_withdraw_coin - ' . $amountRefund),
'update_time' => time(),
]);
$idempotencyKey = 'wd_ddpay_failed_' . strval($orderNo);
$exists = Db::name('user_wallet_record')->where('idempotency_key', $idempotencyKey)->find();
if (!$exists) {
$channelId = null;
if (isset($fresh['channel_id']) && is_numeric(strval($fresh['channel_id']))) {
$channelId = intval(strval($fresh['channel_id']));
}
Db::name('user_wallet_record')->insert([
'user_id' => $userIdRefund,
'channel_id' => $channelId,
'biz_type' => 'withdraw_refund',
'direction' => 1,
'amount' => $amountRefund,
'balance_before' => $beforeCoin,
'balance_after' => $afterCoin,
'ref_type' => 'withdraw_order',
'ref_id' => intval(strval($id)),
'idempotency_key' => $idempotencyKey,
'operator_admin_id' => null,
'remark' => '[ddpay] payout failed refund (after status inquiry)',
'create_time' => time(),
]);
}
}
Db::commit();
} catch (Throwable $e4) {
Db::rollback();
}
}
} catch (Throwable $e5) {
// ignoreWebhook 会兜底
}
}
}
}
}
} catch (Throwable $e) {
// 外部出金调用失败不阻断审核流:只记录 remark避免阻塞用户提现
Db::name('withdraw_order')->where('id', $id)->update([
'remark' => '[ddpay] payout flow exception: ' . substr((string) $e->getMessage(), 0, 200),
'update_time' => time(),
]);
}
return $this->success(__('Approved'), [
'id' => $id,
'amount' => $newAmount,

735
app/api/controller/Finance.php
View File

@@ -4,8 +4,8 @@ declare(strict_types=1);
namespace app\api\controller;
use app\common\library\finance\DepositMockGateway;
use app\common\library\finance\DepositSettlement;
use app\common\library\finance\DDPayGateway;
use app\common\library\finance\WithdrawFlow;
use app\common\library\game\DepositChannel as DepositChannelLib;
use app\common\library\game\DepositTier as DepositTierLib;
@@ -14,23 +14,33 @@ use app\common\model\DepositOrder;
use app\common\model\GameConfig;
use app\common\model\WithdrawOrder;
use app\common\service\DepositOrderExpireService;
use support\Log;
use support\Response;
use support\think\Db;
use Throwable;
use RuntimeException;
use Webman\Http\Request;
use function response;
class Finance extends MobileBase
{
/**
* 模拟第三方收银台页与支付回调,无需 user-token仅 HMAC 防篡改
* DDPay Webhook / 重定向等无需用户登录态
*/
protected array $noNeedLogin = ['depositMockPayPage', 'depositMockNotify'];
protected array $noNeedLogin = [
'ddpayDepositNotify',
'ddpayPayoutNotify',
];
/**
* 允许浏览器直接打开 pay_url 而不带 auth-token。
* DDPay 回调与重定向允许浏览器直接访问(无 auth-token
*/
protected array $noNeedAuthToken = ['depositMockPayPage', 'depositMockNotify'];
protected array $noNeedAuthToken = [
'ddpayDepositNotify',
'ddpayDepositRedirect',
'ddpayPayoutNotify',
'ddpayPayoutRedirect',
];
/**
* 充值档位列表(仅启用档位,按 sort 升序)
@@ -67,7 +77,7 @@ class Finance extends MobileBase
'bonus_amount' => $this->amountNumber($bonus),
'total_amount' => $this->amountNumber($total),
'desc' => $localized['desc'],
'channels' => DepositChannelLib::channelsForTier($tierId, $effectiveChannels, $lang),
'channels' => DepositChannelLib::channelsForTier($tierId, $effectiveChannels, $lang, $currency),
];
}
return $this->mobileSuccess([
@@ -88,22 +98,16 @@ class Finance extends MobileBase
}
/**
* 创建充值订单
* 创建充值订单(仅 DDPay
*
* 当前为 mock 支付网关:本接口仅创建待支付订单并返回 pay_url。
* 未来接入真实第三方支付时,仅需替换 pay_url 生成与回调验签,入账仍在回调中调用 DepositSettlement::settle。
* `channel_code` 必须为 `ddpay`。服务端创建待支付订单后调用 DDPay「入金发起」返回三方 `payment_url` 作为 `pay_url`
* 入账由 `ddpayDepositNotify` Webhook 验签后调用 `DepositSettlement::settle`(或发起响应中 `transaction_status=completed` 时同步结算)
*
* 请求application/json 或 x-www-form-urlencoded
* - tier_id / tier_key: 必填,档位唯一标识(与 depositTierList 中 id、tier_key 一致)
* - channel_code: 必填,支付渠道代码(与 depositTierList 各档位 channels[].code 一致
* - idempotency_key: 必填,客户端幂等键,短时间内重复提交只生成一次订单
* - tier_id / tier_key、channel_code=ddpay、idempotency_key必填
* - payment_type、payer_name、payer_bank_nameDDPay 入金必填(见 DDPay 文档与移动端接口说明
*
* 流程:仅创建 `status=0` 的待支付订单,返回 `pay_url`(含签名的模拟「第三方收银台」页);玩家打开后点确认,
* 由服务端 `depositMockNotify` 模拟网关联调完成入账。未来接入真实三方时,将「打开 pay_url + 等回调」替换为
* 真网关,入账仍走 `DepositSettlement::settle`。
*
* 响应(统一结构,未来接入第三方也保持此形状):
* - order_no / amount / pay_channel / paid / pay_url / status / create_time / pay_time
* 响应:`order_no` / `amount` / `pay_channel` / `paid` / `pay_url` / `status` / `create_time` / `pay_time`
*/
public function depositCreate(Request $request): Response
{
@@ -124,6 +128,9 @@ class Finance extends MobileBase
if (mb_strlen($idempotencyKey) > 64) {
return $this->mobileError(1002, 'Idempotency key is too long');
}
if ($channelCode !== 'ddpay') {
return $this->mobileError(2004, 'Deposit only supports DDPay');
}
$tiers = $this->loadEnabledTiers();
$tier = DepositTierLib::findById($tiers, $tierId);
@@ -167,6 +174,9 @@ class Finance extends MobileBase
if ($curSnap === '') {
$curSnap = 'CNY';
}
if (!DepositChannelLib::assertChannelAllowsCurrency($channelCode, $curSnap, $effectiveChannels)) {
return $this->mobileError(2004, 'Pay channel not available for this currency');
}
$tierSnapshot = [
'id' => $tier['id'],
'title' => is_string($tier['title'] ?? null) ? $tier['title'] : '',
@@ -213,8 +223,138 @@ class Finance extends MobileBase
return $this->mobileError(2000, $msg);
}
// 仅落待支付单;真实入账在模拟网关联调 depositMockNotify 中完成
return $this->mobileSuccess($this->buildDepositResponse($order, $this->publicOriginFromRequest($request)));
$orderId = is_numeric($order->id ?? null) ? intval(strval($order->id)) : 0;
$publicOrigin = $this->publicOriginFromRequest($request);
// DDPay 入金:创建订单后,调用三方「入金发起」拿到 payment_url并在回调里验签结算。
$toString = static function (mixed $v): string {
if (is_string($v)) {
return trim($v);
}
if (is_numeric($v)) {
return trim(strval($v));
}
return '';
};
$paymentType = $toString($request->input('payment_type'));
if ($paymentType === '') {
$paymentType = $toString($request->input('paymentType'));
}
$payerName = $toString($request->input('payer_name'));
if ($payerName === '') {
$payerName = $toString($request->input('payerName'));
}
$payerBankName = $toString($request->input('payer_bank_name'));
if ($payerBankName === '') {
$payerBankName = $toString($request->input('payer_bank[name]'));
}
if ($payerBankName === '') {
$payerBankName = $toString($request->input('payerBankName'));
}
if ($paymentType === '' || $payerName === '' || $payerBankName === '') {
return $this->mobileError(1001, 'Missing DDPay parameters');
}
$callbackUrl = rtrim($publicOrigin, '/') . '/api/finance/ddpayDepositNotify';
$redirectUrl = rtrim($publicOrigin, '/') . '/api/finance/ddpayDepositRedirect?order_no=' . rawurlencode($orderNo);
$ddReq = [
'client_id' => config('app.ddpay_client_id', ''),
'identifier' => config('app.ddpay_identifier', ''),
'order_id' => $orderNo,
'payment_type' => $paymentType,
'transaction_amount' => $tierSnapshot['pay_amount'],
'payer_name' => $payerName,
'payer_bank[name]' => $payerBankName,
'callback_url' => $callbackUrl,
'redirect_url' => $redirectUrl,
];
try {
$ddResp = DDPayGateway::depositInitiation($ddReq);
} catch (Throwable $e) {
Log::error('[depositCreate] ddpay initiation failed: ' . json_encode([
'order_no' => $orderNo,
'user_id' => $userId,
'exception' => get_class($e),
'reason' => $e->getMessage(),
], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
if ($orderId > 0) {
$remark = '[ddpay] ' . $e->getMessage();
$remark = mb_substr($remark, 0, 255);
Db::name('deposit_order')
->where('id', $orderId)
->where('status', 0)
->update([
'status' => 2,
'remark' => $remark,
'update_time' => time(),
]);
}
return $this->mobileError(2000, 'DDPay deposit initiation failed');
}
$ts = '';
if (isset($ddResp['transaction_status']) && is_string($ddResp['transaction_status'])) {
$ts = strtolower(trim($ddResp['transaction_status']));
}
$paymentUrl = '';
if (isset($ddResp['payment_url']) && is_string($ddResp['payment_url'])) {
$paymentUrl = trim($ddResp['payment_url']);
}
if ($orderId > 0) {
$snapUpdate = $tierSnapshot;
if ($paymentUrl !== '') {
$snapUpdate['payment_url'] = $paymentUrl;
}
$snapUpdate['ddpay'] = $ddResp;
Db::name('deposit_order')
->where('id', $orderId)
->update([
'pay_account_snapshot' => json_encode($snapUpdate, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES),
]);
}
if ($ts === 'completed' && $orderId > 0) {
try {
DepositSettlement::settle(
$orderId,
DepositSettlement::SOURCE_THIRD_PARTY,
'ddpay deposit initiation completed',
null,
'transaction_status=' . $ts
);
} catch (Throwable $e) {
// 已有状态不允许 settlement 时忽略,返回当前订单状态即可
}
}
if ($ts === 'failed' && $orderId > 0) {
$statusMsg = is_string($ddResp['status_message'] ?? null) ? trim($ddResp['status_message']) : 'DDPay transaction failed';
$remark = '[ddpay] ' . $statusMsg;
$remark = mb_substr($remark, 0, 255);
Db::name('deposit_order')
->where('id', $orderId)
->where('status', 0)
->update([
'status' => 2,
'remark' => $remark,
'update_time' => time(),
]);
}
$fresh = DepositOrder::where('id', $orderId)->find();
if ($fresh) {
return $this->mobileSuccess($this->buildDepositResponse($fresh, $publicOrigin));
}
return $this->mobileSuccess($this->buildDepositResponse($order, $publicOrigin));
}
/**
@@ -231,8 +371,23 @@ class Finance extends MobileBase
$total = bcadd($amount, $bonus, 2);
$on = is_string($order->order_no) ? $order->order_no : strval($order->order_no);
$payUrl = '';
$payChannel = is_string($order->pay_channel) ? $order->pay_channel : strval($order->pay_channel);
if ($this->intValue($order->status) === 0 && $on !== '') {
$payUrl = DepositMockGateway::payPageUrl($on, $publicOrigin);
if ($payChannel === 'ddpay') {
$snapRaw = $order->pay_account_snapshot ?? null;
$snap = null;
if (is_array($snapRaw)) {
$snap = $snapRaw;
} elseif (is_string($snapRaw) && trim($snapRaw) !== '') {
$decoded = json_decode($snapRaw, true);
if (is_array($decoded)) {
$snap = $decoded;
}
}
if (is_array($snap) && isset($snap['payment_url']) && is_string($snap['payment_url'])) {
$payUrl = trim($snap['payment_url']);
}
}
}
return [
'order_no' => $on,
@@ -241,7 +396,7 @@ class Finance extends MobileBase
'total_amount' => $this->amountNumber($total),
'status' => $status,
'paid' => $paid,
'pay_channel' => is_string($order->pay_channel) ? $order->pay_channel : strval($order->pay_channel),
'pay_channel' => $payChannel,
'pay_url' => $payUrl,
'create_time' => is_numeric(strval($order->create_time)) ? intval(strval($order->create_time)) : 0,
'pay_time' => is_numeric(strval($order->pay_time)) ? intval(strval($order->pay_time)) : 0,
@@ -249,93 +404,154 @@ class Finance extends MobileBase
}
/**
* 根据请求拼出公网 origin用于给客户端直接可用的完整 pay_url
* 公网根 URL优先环境变量 DDPAY_PUBLIC_BASE_URL否则按请求推导见 DDPayGateway::publicBaseUrlForCallbacks
*/
private function publicOriginFromRequest(Request $request): string
{
$proto = strtolower((string) $request->header('x-forwarded-proto', ''));
$https = $proto === 'https' || strtolower((string) $request->header('x-forwarded-ssl', '')) === 'on';
$scheme = $https ? 'https' : 'http';
$host = trim((string) $request->header('host', ''));
if ($host === '') {
$host = trim((string) ($request->header('x-forwarded-host', '')));
}
if ($host === '') {
$host = '127.0.0.1:8787';
}
return $scheme . '://' . $host;
return DDPayGateway::publicBaseUrlForCallbacks($request);
}
/**
* 模拟第三方支付收银台HTML。玩家浏览器打开点击按钮即向 depositMockNotify 发起回调
* DDPay Webhook 回调:验签后把 deposit_order 更新为 paid/failed
*
* 文档要求:返回纯文本 + HTTP 200避免三方重复推送
*/
public function depositMockPayPage(Request $request): Response
public function ddpayDepositNotify(Request $request): Response
{
// Webman Request::input() 需要传 keyWebhook 签名计算只依赖文档列出的固定字段。
$payload = [
'client_id' => $request->input('client_id'),
'order_id' => $request->input('order_id'),
'transaction_status' => $request->input('transaction_status'),
'timestamp' => $request->input('timestamp'),
'transaction_amount' => $request->input('transaction_amount'),
'signature' => $request->input('signature'),
];
$verified = false;
try {
$verified = DDPayGateway::verifyWebhookSignature($payload);
} catch (Throwable $e) {
$verified = false;
}
if (!$verified) {
return response('Invalid signature', 403, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
$orderNoRaw = $payload['order_id'] ?? '';
$orderNo = is_string($orderNoRaw) ? trim($orderNoRaw) : (is_numeric($orderNoRaw) ? strval($orderNoRaw) : '');
if ($orderNo === '') {
return response('Missing order_id', 400, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
$statusRaw = $payload['transaction_status'] ?? '';
$status = is_string($statusRaw) ? strtolower(trim($statusRaw)) : '';
$order = DepositOrder::where('order_no', $orderNo)->find();
if (!$order) {
// 订单不存在通常是传参错误:直接 ack 以避免重复重试轰炸。
return response('{"status":"ok"}', 200, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
// 快照写入(不影响主流程)
try {
$snapRaw = $order->pay_account_snapshot ?? null;
$snap = null;
if (is_array($snapRaw)) {
$snap = $snapRaw;
} elseif (is_string($snapRaw) && trim($snapRaw) !== '') {
$decoded = json_decode($snapRaw, true);
if (is_array($decoded)) {
$snap = $decoded;
}
}
if (!is_array($snap)) {
$snap = [];
}
$snap['ddpay_webhook'] = $payload;
Db::name('deposit_order')
->where('id', intval(strval($order->id)))
->update([
'pay_account_snapshot' => json_encode($snap, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES),
]);
} catch (Throwable $e) {
// ignore
}
if ($this->intValue($order->status) === 0) {
if ($status === 'completed') {
try {
DepositSettlement::settle(
intval(strval($order->id)),
DepositSettlement::SOURCE_THIRD_PARTY,
'ddpay webhook completed',
null,
'transaction_status=' . $status
);
} catch (Throwable $e) {
// settlement 不允许非待支付状态时忽略
}
} elseif ($status === 'failed') {
$amtRaw = $payload['transaction_amount'] ?? null;
$amt = is_string($amtRaw) ? trim($amtRaw) : (is_numeric($amtRaw) ? strval($amtRaw) : '');
$remark = '[ddpay] transaction failed' . ($amt !== '' ? ' amount=' . $amt : '');
$remark = mb_substr($remark, 0, 255);
Db::name('deposit_order')
->where('id', intval(strval($order->id)))
->where('status', 0)
->update([
'status' => 2,
'remark' => $remark,
'update_time' => time(),
]);
}
}
return response('{"status":"ok"}', 200, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
/**
* DDPay redirect_url展示“请返回 APP 查看余额”提示。
*/
public function ddpayDepositRedirect(Request $request): Response
{
$response = $this->initializeMobile($request);
if ($response !== null) {
return $response;
}
$orderNo = $this->stringParam($request->input('order_no'));
$sign = $this->stringParam($request->input('sign'));
if ($orderNo === '' || $sign === '' || !DepositMockGateway::verifyOrderNo($orderNo, $sign)) {
return response('Invalid or expired payment link', 403, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
$order = DepositOrder::where('order_no', $orderNo)->find();
if (!$order) {
return response('Order not found', 404, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
DepositOrderExpireService::expirePendingOrders(null, $orderNo);
$order = DepositOrder::where('order_no', $orderNo)->find();
if (!$order) {
return response('Order not found', 404, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
if ($this->intValue($order->status) !== 0) {
$st = $this->mapDepositStatus($order->status);
$msg = 'Order status: ' . $st;
if ($st === 'paid') {
$msg = 'This order is already paid. You can return to the app.';
}
$msgEsc = htmlspecialchars($msg, ENT_QUOTES, 'UTF-8');
$statusRaw = $request->input('transaction_status');
$status = is_string($statusRaw) ? strtolower(trim($statusRaw)) : '';
$title = htmlspecialchars((string) __('Deposit'), ENT_QUOTES, 'UTF-8');
return response('<!doctype html><html><head><meta charset="utf-8"><title>' . $title . '</title></head><body><p>' . $msgEsc . '</p></body></html>', 200, [
'Content-Type' => 'text/html; charset=utf-8',
]);
$lang = $this->currentLang();
$isZh = str_starts_with($lang, 'zh');
$msg = $isZh ? '已收到支付,请返回 App 查看余额。' : 'Payment received. You can return to the app to check your balance.';
if ($status === 'completed') {
$msg = $isZh ? '支付已完成,建议返回 App 查看结果。' : 'Payment completed. Returning to the app is recommended.';
} elseif ($status === 'failed') {
$msg = $isZh ? '支付失败,请稍后重试。' : 'Payment failed. Please try again.';
}
$amount = $this->amountString($order->amount);
$bonus = $this->amountString($order->bonus_amount);
$noEsc = htmlspecialchars($orderNo, ENT_QUOTES, 'UTF-8');
$signEsc = htmlspecialchars($sign, ENT_QUOTES, 'UTF-8');
$payChannel = is_string($order->pay_channel) ? htmlspecialchars($order->pay_channel, ENT_QUOTES, 'UTF-8') : '';
$tMockPay = htmlspecialchars((string) __('Mock payment'), ENT_QUOTES, 'UTF-8');
$tCashier = htmlspecialchars((string) __('Mock third-party cashier'), ENT_QUOTES, 'UTF-8');
$tOrderNo = htmlspecialchars((string) __('Order No'), ENT_QUOTES, 'UTF-8');
$tPayChannel = htmlspecialchars((string) __('Pay channel'), ENT_QUOTES, 'UTF-8');
$tAmountLabel = htmlspecialchars((string) __('Amount (fiat/pricing)'), ENT_QUOTES, 'UTF-8');
$tBonus = htmlspecialchars((string) __('Bonus'), ENT_QUOTES, 'UTF-8');
$tCoin = htmlspecialchars((string) __('coin'), ENT_QUOTES, 'UTF-8');
$tHint = (string) __('Click the button below to simulate successful third-party payment; the server will callback and settle the deposit.');
$tHintEsc = htmlspecialchars($tHint, ENT_QUOTES, 'UTF-8');
$tConfirm = htmlspecialchars((string) __('Confirm payment (simulate success)'), ENT_QUOTES, 'UTF-8');
$html = '<!doctype html><html><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1"><title>' . $tMockPay . '</title></head><body style="font-family:system-ui;padding:1rem">';
$html .= '<h2>' . $tCashier . '</h2>';
$html .= '<p>' . $tOrderNo . ': ' . $noEsc . '</p>';
$html .= '<p>' . $tPayChannel . ': ' . $payChannel . '</p>';
$html .= '<p>' . $tAmountLabel . ': ' . htmlspecialchars($amount, ENT_QUOTES, 'UTF-8') . ' + ' . $tBonus . ' ' . htmlspecialchars($bonus, ENT_QUOTES, 'UTF-8') . ' (' . $tCoin . ')</p>';
$html .= '<p>' . $tHintEsc . '</p>';
$html .= '<form method="post" action="/api/finance/depositMockNotify" style="margin-top:1rem">';
$html .= '<input type="hidden" name="order_no" value="' . $noEsc . '">';
$html .= '<input type="hidden" name="sign" value="' . $signEsc . '">';
$html .= '<button type="submit" style="padding:0.5rem 1rem">' . $tConfirm . '</button>';
$html .= '</form></body></html>';
$orderNoEsc = htmlspecialchars($orderNo, ENT_QUOTES, 'UTF-8');
$msgEsc = htmlspecialchars($msg, ENT_QUOTES, 'UTF-8');
$html = '<!doctype html><html><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1"><title>DDPay</title></head><body style="font-family:system-ui;padding:1rem">';
$html .= '<h2>DDPay</h2>';
if ($orderNoEsc !== '') {
$html .= '<p>Order: ' . $orderNoEsc . '</p>';
}
$html .= '<p>' . $msgEsc . '</p>';
$html .= '</body></html>';
return response($html, 200, [
'Content-Type' => 'text/html; charset=utf-8',
@@ -343,56 +559,177 @@ class Finance extends MobileBase
}
/**
* 模拟第三方异步通知:验签后调用 DepositSettlement::settle 入账
* DDPay 出金 Webhook 回调:验签后更新 withdraw_order.status并在 failed 时进行返还余额
*
* DDPAY 文档要求:返回纯文本 + HTTP 200。
*/
public function depositMockNotify(Request $request): Response
public function ddpayPayoutNotify(Request $request): Response
{
$response = $this->initializeMobile($request);
if ($response !== null) {
return $response;
}
$orderNo = $this->stringParam($request->input('order_no'));
$sign = $this->stringParam($request->input('sign'));
if ($orderNo === '' || $sign === '') {
return $this->mobileError(1001, 'Missing parameters');
}
if (!DepositMockGateway::verifyOrderNo($orderNo, $sign)) {
return $this->mobileError(1003, 'Invalid parameter value');
}
$order = DepositOrder::where('order_no', $orderNo)->find();
if (!$order) {
return $this->mobileError(2003, 'Order does not exist');
}
DepositOrderExpireService::expirePendingOrders(null, $orderNo);
$order = DepositOrder::where('order_no', $orderNo)->find();
if (!$order) {
return $this->mobileError(2003, 'Order does not exist');
}
if ($this->intValue($order->status) !== 0) {
return $this->mobileSuccess($this->buildDepositResponse($order, null));
}
$orderId = intval(strval($order->id));
if ($orderId <= 0) {
return $this->mobileError(2000, 'Order id invalid');
}
$pc = is_string($order->pay_channel) ? $order->pay_channel : strval($order->pay_channel);
// Webhook 签名计算只依赖文档列出的固定字段
$payload = [
'client_id' => $request->input('client_id'),
'order_id' => $request->input('order_id'),
'transaction_status' => $request->input('transaction_status'),
'timestamp' => $request->input('timestamp'),
'transaction_amount' => $request->input('transaction_amount'),
'signature' => $request->input('signature'),
];
try {
$result = DepositSettlement::settle(
$orderId,
DepositSettlement::SOURCE_THIRD_PARTY,
'mock third party notify',
null,
'channel_code=' . $pc
);
$verified = DDPayGateway::verifyWebhookSignature($payload);
} catch (Throwable $e) {
return $this->mobileError(2000, (string) __($e->getMessage()));
}
$fresh = DepositOrder::where('order_no', $orderNo)->find();
if (!$fresh) {
return $this->mobileError(2000, 'Order not found after settle');
$verified = false;
}
return $this->mobileSuccess($this->buildDepositResponse($fresh, null));
if (!$verified) {
return response('Invalid signature', 403, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
$orderNoRaw = $payload['order_id'] ?? '';
$orderNo = is_string($orderNoRaw) ? trim($orderNoRaw) : (is_numeric($orderNoRaw) ? strval($orderNoRaw) : '');
if ($orderNo === '') {
return response('Missing order_id', 400, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
$statusStr = is_string($payload['transaction_status'] ?? '') ? strtolower(trim((string) $payload['transaction_status'])) : '';
$order = WithdrawOrder::where('order_no', $orderNo)->find();
if (!$order) {
// 避免无效重试轰炸:订单不存在则 ack 200
return response('{"status":"ok"}', 200, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
$now = time();
$currentStatus = $this->intValue($order->status);
if ($currentStatus !== 1) {
// 只处理“已通过待打款”状态,避免重复返还
return response('{"status":"ok"}', 200, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
if ($statusStr === 'completed') {
Db::name('withdraw_order')
->where('id', intval(strval($order->id)))
->where('status', 1)
->update([
'status' => 3,
'remark' => '[ddpay] payout completed',
'update_time' => $now,
]);
return response('{"status":"ok"}', 200, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
if ($statusStr === 'failed') {
$amount = bcadd(strval($order->amount ?? '0'), '0', 2);
if (bccomp($amount, '0', 2) <= 0) {
// 金额异常直接置失败,不做返还
Db::name('withdraw_order')
->where('id', intval(strval($order->id)))
->where('status', 1)
->update([
'status' => 2,
'remark' => '[ddpay] payout failed',
'update_time' => $now,
]);
return response('{"status":"ok"}', 200, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
$userId = intval(strval($order->user_id ?? 0));
$channelId = null;
if (isset($order->channel_id) && is_numeric(strval($order->channel_id))) {
$channelId = intval(strval($order->channel_id));
}
$idempotencyKey = 'wd_ddpay_failed_' . strval($order->order_no);
Db::startTrans();
try {
$walletExists = Db::name('user_wallet_record')
->where('idempotency_key', $idempotencyKey)
->find();
if ($walletExists) {
// 已返还过,只需更新状态
Db::name('withdraw_order')
->where('id', intval(strval($order->id)))
->where('status', 1)
->update([
'status' => 2,
'remark' => '[ddpay] payout failed (already refunded)',
'update_time' => time(),
]);
Db::commit();
return response('{"status":"ok"}', 200, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
$userRow = Db::name('user')->where('id', $userId)->find();
if (!is_array($userRow)) {
throw new RuntimeException('User not found for refund');
}
$beforeCoin = bcadd(strval($userRow['coin'] ?? '0'), '0', 2);
$afterCoin = bcadd($beforeCoin, $amount, 2);
Db::name('user')->where('id', $userId)->update([
'coin' => $afterCoin,
'total_withdraw_coin' => Db::raw('total_withdraw_coin - ' . $amount),
'update_time' => $now,
]);
Db::name('user_wallet_record')->insert([
'user_id' => $userId,
'channel_id' => $channelId,
'biz_type' => 'withdraw_refund',
'direction' => 1,
'amount' => $amount,
'balance_before' => $beforeCoin,
'balance_after' => $afterCoin,
'ref_type' => 'withdraw_order',
'ref_id' => intval(strval($order->id)),
'idempotency_key' => $idempotencyKey,
'operator_admin_id' => null,
'remark' => '[ddpay] payout failed refund',
'create_time' => $now,
]);
Db::name('withdraw_order')
->where('id', intval(strval($order->id)))
->where('status', 1)
->update([
'status' => 2,
'remark' => '[ddpay] payout failed',
'update_time' => $now,
]);
Db::commit();
} catch (Throwable $e) {
Db::rollback();
// 失败不 ack 以便三方重试;但仍需要避免无限循环
return response('Refund failed: ' . (string) $e->getMessage(), 500, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
return response('{"status":"ok"}', 200, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
// pending / other 状态:直接 ack
return response('{"status":"ok"}', 200, [
'Content-Type' => 'text/plain; charset=utf-8',
]);
}
/**
@@ -491,6 +828,12 @@ class Finance extends MobileBase
$withdrawCoin = is_string($withdrawCoinRaw) ? trim($withdrawCoinRaw) : (is_numeric($withdrawCoinRaw) ? strval($withdrawCoinRaw) : '');
$receiveAccount = trim(is_string($request->post('receive_account', '')) ? $request->post('receive_account', '') : '');
$receiveType = trim(is_string($request->post('receive_type', '')) ? $request->post('receive_type', '') : '');
$receiveType = strtolower($receiveType);
// DDPAY 出金Payout所需扩展字段当前仅支持 receive_type=bank
$receiverName = trim(is_string($request->post('receiver_name', '')) ? $request->post('receiver_name', '') : '');
$bankCode = trim(is_string($request->post('bank_code', '')) ? $request->post('bank_code', '') : '');
$bankBranch = trim(is_string($request->post('bank_branch', '')) ? $request->post('bank_branch', '') : '');
$idempotencyKey = trim(is_string($request->post('idempotency_key', '')) ? $request->post('idempotency_key', '') : '');
if ($withdrawCoin === '' || $receiveAccount === '' || $receiveType === '' || $idempotencyKey === '') {
return $this->mobileError(1001, 'Missing parameters');
@@ -503,6 +846,40 @@ class Finance extends MobileBase
}
$withdrawCoin = bcadd($withdrawCoin, '0', 2);
// 按 DDPAY 文档接入:当前仅支持 bank 类型出金
if ($receiveType !== 'bank') {
return $this->mobileError(2000, 'DDPay payout integration supports receive_type=bank only');
}
if ($receiverName === '' || $bankCode === '') {
return $this->mobileError(1001, 'Missing DDPay bank payout parameters');
}
if ($bankBranch === '') {
$bankBranch = 'N/A';
}
// 映射 bank_code -> DDPAY 所需的完整银行名称(来自 financeCashier.withdraw_banks 配置)
$row = GameConfig::where('config_key', FinanceCashierConfigLib::CONFIG_KEY)->find();
$cfg = FinanceCashierConfigLib::parseFromConfigValue($row?->config_value ?? null);
$banks = is_array($cfg['withdraw_banks'] ?? null) ? $cfg['withdraw_banks'] : [];
$bankCodeNorm = strtolower(trim($bankCode));
$ddpayBankName = '';
foreach ($banks as $b) {
if (!is_array($b)) {
continue;
}
$c = isset($b['code']) && is_string($b['code']) ? strtolower(trim($b['code'])) : '';
if ($c === '' || $c !== $bankCodeNorm) {
continue;
}
$nameEn = isset($b['name_en']) && is_string($b['name_en']) ? trim($b['name_en']) : '';
$nameZh = isset($b['name_zh']) && is_string($b['name_zh']) ? trim($b['name_zh']) : '';
$ddpayBankName = $nameEn !== '' ? $nameEn : $nameZh;
break;
}
if ($ddpayBankName === '') {
return $this->mobileError(1001, 'Bank code not configured for withdrawal');
}
$user = $this->auth->getUser();
$userId = intval(strval($user->id));
@@ -598,6 +975,9 @@ class Finance extends MobileBase
'actual_amount' => $actualArrivalCoin,
'receive_type' => $receiveType,
'receive_account' => $receiveAccount,
'ddpay_receiver_name' => $receiverName,
'ddpay_bank_name' => $ddpayBankName,
'ddpay_bank_branch' => $bankBranch,
'status' => 0,
'review_admin_id' => null,
'review_time' => null,
@@ -788,30 +1168,74 @@ class Finance extends MobileBase
];
}
$banks = [];
$withdrawBanks = [];
if (isset($cfg['withdraw_banks']) && is_array($cfg['withdraw_banks'])) {
$list = $cfg['withdraw_banks'];
usort($list, function (array $a, array $b): int {
$ca = isset($a['currency_code']) && is_string($a['currency_code']) ? $a['currency_code'] : '';
$cb = isset($b['currency_code']) && is_string($b['currency_code']) ? $b['currency_code'] : '';
if ($ca !== $cb) {
return strcmp($ca, $cb);
}
$cmp = $this->sortBySortKeyOnly($a, $b);
if ($cmp !== 0) {
return $cmp;
}
$ca = isset($a['code']) && is_string($a['code']) ? $a['code'] : '';
$cb = isset($b['code']) && is_string($b['code']) ? $b['code'] : '';
$ka = isset($a['code']) && is_string($a['code']) ? $a['code'] : '';
$kb = isset($b['code']) && is_string($b['code']) ? $b['code'] : '';
return strcmp($ca, $cb);
return strcmp($ka, $kb);
});
foreach ($list as $b) {
if (!is_array($b)) {
continue;
}
$currencyCode = isset($b['currency_code']) && is_string($b['currency_code']) ? strtoupper(trim($b['currency_code'])) : '';
$code = isset($b['code']) && is_string($b['code']) ? $b['code'] : '';
if ($code === '') {
if ($currencyCode === '' || $code === '') {
continue;
}
$banks[] = [
'code' => $code,
'name' => $isZh
$withdrawBanks[] = [
'currency_code' => $currencyCode,
'code' => $code,
'name' => $isZh
? (is_string($b['name_zh'] ?? null) ? $b['name_zh'] : '')
: (is_string($b['name_en'] ?? null) ? $b['name_en'] : ''),
];
}
}
$depositBanks = [];
if (isset($cfg['deposit_banks']) && is_array($cfg['deposit_banks'])) {
$list = $cfg['deposit_banks'];
usort($list, function (array $a, array $b): int {
$ca = isset($a['currency_code']) && is_string($a['currency_code']) ? $a['currency_code'] : '';
$cb = isset($b['currency_code']) && is_string($b['currency_code']) ? $b['currency_code'] : '';
if ($ca !== $cb) {
return strcmp($ca, $cb);
}
$cmp = $this->sortBySortKeyOnly($a, $b);
if ($cmp !== 0) {
return $cmp;
}
$ka = isset($a['code']) && is_string($a['code']) ? $a['code'] : '';
$kb = isset($b['code']) && is_string($b['code']) ? $b['code'] : '';
return strcmp($ka, $kb);
});
foreach ($list as $b) {
if (!is_array($b)) {
continue;
}
$currencyCode = isset($b['currency_code']) && is_string($b['currency_code']) ? strtoupper(trim($b['currency_code'])) : '';
$code = isset($b['code']) && is_string($b['code']) ? $b['code'] : '';
if ($currencyCode === '' || $code === '') {
continue;
}
$depositBanks[] = [
'currency_code' => $currencyCode,
'code' => $code,
'name' => $isZh
? (is_string($b['name_zh'] ?? null) ? $b['name_zh'] : '')
: (is_string($b['name_en'] ?? null) ? $b['name_en'] : ''),
];
@@ -825,12 +1249,6 @@ class Finance extends MobileBase
$wc = $cfg['withdraw_copy'] ?? [];
$rateMode = is_array($wc) && isset($wc['rate_mode']) && is_string($wc['rate_mode']) ? $wc['rate_mode'] : 'fixed';
$wf = $cfg['withdraw_fields'] ?? [];
$reqCard = is_array($wf) && !empty($wf['require_cardholder']);
$reqAcct = is_array($wf) && !empty($wf['require_bank_account']);
$reqMail = is_array($wf) && !empty($wf['require_email']);
$reqMob = is_array($wf) && !empty($wf['require_mobile']);
$payChannels = [];
$effectiveCh = DepositChannelLib::effectiveRowsFromDb();
$regCh = DepositChannelLib::codeRegistry();
@@ -874,8 +1292,11 @@ class Finance extends MobileBase
'currencies' => $currencies,
'rates' => $rates,
'pay_channels' => $payChannels,
'deposit' => [
'banks' => $depositBanks,
],
'withdraw' => [
'banks' => $banks,
'banks' => $withdrawBanks,
'min_ewallet' => $minEw,
'min_bank' => $minBk,
'rate_hint' => $isZh
@@ -888,11 +1309,13 @@ class Finance extends MobileBase
? (is_array($wc) && is_string($wc['fee_note_zh'] ?? null) ? $wc['fee_note_zh'] : '')
: (is_array($wc) && is_string($wc['fee_note_en'] ?? null) ? $wc['fee_note_en'] : ''),
'rate_mode' => $rateMode,
// 与 DDPay 出金及 withdrawCreate 一致,不由后台开关配置
'fields' => [
'require_cardholder' => $reqCard,
'require_bank_account' => $reqAcct,
'require_email' => $reqMail,
'require_mobile' => $reqMob,
'receive_type_bank_only' => true,
'require_receiver_name' => true,
'require_receive_account' => true,
'require_bank_code' => true,
'require_bank_branch' => false,
],
],
]);

8
app/api/lang/en.php
View File

@@ -47,6 +47,14 @@ return [
'Withdraw exceeds available bet flow' => 'The withdraw amount exceeds the available bet-flow quota',
'Too many pending deposit orders' => 'You already have multiple pending deposit orders, please complete payment first or wait for timeout',
'Too many pending withdraw orders' => 'You already have withdraw orders under review, please wait for them to be processed',
'Missing DDPay parameters' => 'Missing DDPay parameters',
'DDPay payout integration supports receive_type=bank only' => 'DDPay payout integration currently supports receive_type=bank only',
'Missing DDPay bank payout parameters' => 'Missing DDPay bank payout parameters',
'Bank code not configured for withdrawal' => 'The bank code is not configured for withdrawal',
'Pay channel not available' => 'The payment channel is not available',
'Pay channel not available for this currency' => 'The payment channel is not available for this currency',
'DDPay deposit initiation failed' => 'DDPay deposit initiation failed',
'Deposit only supports DDPay' => 'Only DDPay deposits are supported (channel_code must be ddpay)',
// Member center account
'Data updated successfully~' => 'Data updated successfully~',
'Password has been changed~' => 'Password has been changed~',

8
app/api/lang/zh-cn.php
View File

@@ -79,6 +79,14 @@ return [
'Withdraw exceeds available bet flow' => '提现金额超出可提现额度',
'Too many pending deposit orders' => '存在多笔待支付充值订单,请先完成支付或等待超时',
'Too many pending withdraw orders' => '用户当前存在多笔提现订单,请等待审核',
'Missing DDPay parameters' => '缺少 DDPay 支付参数',
'DDPay payout integration supports receive_type=bank only' => 'DDPay 出金当前仅支持 bank 收款类型',
'Missing DDPay bank payout parameters' => '缺少 DDPay 银行出金参数',
'Bank code not configured for withdrawal' => '提现银行代码未在系统配置中维护',
'Pay channel not available' => '该支付渠道不可用',
'Pay channel not available for this currency' => '当前币种不支持该支付渠道',
'DDPay deposit initiation failed' => 'DDPay 充值发起失败',
'Deposit only supports DDPay' => '仅支持 DDPay 充值channel_code 须为 ddpay',
// 会员中心 account
'Data updated successfully~' => '资料更新成功~',
'Password has been changed~' => '密码已修改~',

15
app/common/lang/en/admin_rule_title.php
View File

@@ -62,6 +62,7 @@ return [
'游戏对局' => 'Game rounds',
'游戏对局记录' => 'Game records',
'游戏实时对局' => 'Game live',
'游玩记录' => 'Play records',
'压注订单' => 'Bet orders',
'充值订单' => 'Deposit orders',
'提现订单' => 'Withdraw orders',
@@ -91,6 +92,20 @@ return [
'管理员钱包流水' => 'Admin wallet records',
'一键批量结算待结算渠道' => 'Batch settle pending channels',
'渠道结算统计' => 'Channel settlement statistics',
'推送配置' => 'Push configuration',
'连接服务器websocket' => 'Connect WebSocket server',
'连接配置' => 'Connection settings',
'数据快照' => 'Data snapshot',
'运行开关' => 'Runtime switch',
'预约开奖' => 'Schedule draw',
'作废本局' => 'Void round',
'计算盈亏' => 'Calculate P/L',
'档位查看' => 'View tiers',
'档位保存' => 'Save tiers',
'详情' => 'Detail',
'审核' => 'Review',
'通过' => 'Approve',
'拒绝' => 'Reject',
// 演示/运营公告标题(若入库为菜单展示)
'系统维护通知(演示)' => 'Maintenance notice (demo)',

348
app/common/library/finance/DDPayGateway.php Normal file
View File

@@ -0,0 +1,348 @@
<?php
declare(strict_types=1);
namespace app\common\library\finance;
use InvalidArgumentException;
use RuntimeException;
use Webman\Http\Request;
/**
* DDPay 支付网关接入(基于文档 v1.1.3/1.1.x
* - MD5 签名key-value 按 ASCII 升序拼接 + 追加 &key=API_SECRET
* - 发送 HTTPS POSTapplication/json
* - 支持入金Deposit与回调通知Webhook
*
* 注意:生产环境需在 config/app.php 或环境变量中配置 DDPAY_*。
*/
final class DDPayGateway
{
private const SIGNATURE_FIELD = 'signature';
private const SECRET_KEY_PARAM = 'key';
/**
* 入金/出金回调 URL 使用的公网根地址(无尾部斜杠)。
* 优先 `DDPAY_PUBLIC_BASE_URL`(见 config/app.php未配置时按请求头推导生产务必配置 HTTPS 公网地址,与 DDPay 文档一致)。
*/
public static function publicBaseUrlForCallbacks(?Request $request = null): string
{
$cfg = config('app.ddpay_public_base_url', '');
if (is_string($cfg) && trim($cfg) !== '') {
return rtrim(trim($cfg), '/');
}
if ($request === null) {
return '';
}
$proto = strtolower((string) $request->header('x-forwarded-proto', ''));
$https = $proto === 'https' || strtolower((string) $request->header('x-forwarded-ssl', '')) === 'on';
$scheme = $https ? 'https' : 'http';
$host = trim((string) $request->header('host', ''));
if ($host === '') {
$host = trim((string) ($request->header('x-forwarded-host', '')));
}
if ($host === '') {
$host = '127.0.0.1:8787';
}
return $scheme . '://' . $host;
}
/**
* @return array<string, mixed>
*/
public static function depositInitiation(array $params): array
{
$endpoint = self::requireConfig('ddpay_deposit_init_url');
$apiSecret = self::requireConfig('ddpay_api_secret');
$req = $params;
if (isset($req[self::SIGNATURE_FIELD])) {
unset($req[self::SIGNATURE_FIELD]);
}
$req[self::SIGNATURE_FIELD] = self::computeSignature($req, $apiSecret);
$resp = self::postJson($endpoint, $req);
// 按文档:响应签名需使用同方法校验(字段名 signature
if (array_key_exists(self::SIGNATURE_FIELD, $resp)) {
$sig = is_string($resp[self::SIGNATURE_FIELD]) ? $resp[self::SIGNATURE_FIELD] : '';
if ($sig !== '') {
$respForSign = $resp;
unset($respForSign[self::SIGNATURE_FIELD]);
$expected = self::computeSignature($respForSign, $apiSecret);
if (!hash_equals($expected, $sig)) {
throw new RuntimeException('DDPay response signature mismatch');
}
}
}
$statusCode = self::intValue($resp['status_code'] ?? 0);
if ($statusCode !== 0) {
$msg = is_string($resp['status_message'] ?? null) ? $resp['status_message'] : 'DDPay deposit initiation failed';
throw new RuntimeException($msg);
}
return $resp;
}
/**
* 出金发起Payout Initiation
*
* @param array<string, mixed> $params
* @return array<string, mixed>
*/
public static function payoutInitiation(array $params): array
{
$endpoint = self::requireConfig('ddpay_payout_init_url');
$apiSecret = self::requireConfig('ddpay_api_secret');
$req = $params;
if (isset($req[self::SIGNATURE_FIELD])) {
unset($req[self::SIGNATURE_FIELD]);
}
$req[self::SIGNATURE_FIELD] = self::computeSignature($req, $apiSecret);
$resp = self::postJson($endpoint, $req);
// 按文档:响应签名需使用同方法校验(字段名 signature
if (array_key_exists(self::SIGNATURE_FIELD, $resp)) {
$sig = is_string($resp[self::SIGNATURE_FIELD]) ? $resp[self::SIGNATURE_FIELD] : '';
if ($sig !== '') {
$respForSign = $resp;
unset($respForSign[self::SIGNATURE_FIELD]);
$expected = self::computeSignature($respForSign, $apiSecret);
if (!hash_equals($expected, $sig)) {
throw new RuntimeException('DDPay response signature mismatch');
}
}
}
$statusCode = self::intValue($resp['status_code'] ?? 0);
if ($statusCode !== 0) {
$msg = is_string($resp['status_message'] ?? null) ? $resp['status_message'] : 'DDPay payout initiation failed';
throw new RuntimeException($msg);
}
return $resp;
}
/**
* 出金状态查询Payout Status Inquiry
*
* @param array<string, mixed> $params
* @return array<string, mixed>
*/
public static function payoutStatusInquiry(array $params): array
{
$endpoint = self::requireConfig('ddpay_payout_status_url');
$apiSecret = self::requireConfig('ddpay_api_secret');
$req = $params;
if (isset($req[self::SIGNATURE_FIELD])) {
unset($req[self::SIGNATURE_FIELD]);
}
$req[self::SIGNATURE_FIELD] = self::computeSignature($req, $apiSecret);
$resp = self::postJson($endpoint, $req);
if (array_key_exists(self::SIGNATURE_FIELD, $resp)) {
$sig = is_string($resp[self::SIGNATURE_FIELD]) ? $resp[self::SIGNATURE_FIELD] : '';
if ($sig !== '') {
$respForSign = $resp;
unset($respForSign[self::SIGNATURE_FIELD]);
$expected = self::computeSignature($respForSign, $apiSecret);
if (!hash_equals($expected, $sig)) {
throw new RuntimeException('DDPay response signature mismatch');
}
}
}
$statusCode = self::intValue($resp['status_code'] ?? 0);
if ($statusCode !== 0) {
$msg = is_string($resp['status_message'] ?? null) ? $resp['status_message'] : 'DDPay payout status inquiry failed';
throw new RuntimeException($msg);
}
return $resp;
}
/**
* 校验 DDPay Webhook 通知签名。
*
* @param array<string, mixed> $payload
*/
public static function verifyWebhookSignature(array $payload): bool
{
$apiSecret = self::requireConfig('ddpay_api_secret');
$sigRaw = $payload[self::SIGNATURE_FIELD] ?? '';
$sig = is_string($sigRaw) ? trim($sigRaw) : '';
if ($sig === '') {
return false;
}
$payloadForSign = $payload;
unset($payloadForSign[self::SIGNATURE_FIELD]);
$expected = self::computeSignature($payloadForSign, $apiSecret);
return hash_equals($expected, $sig);
}
/**
* @param array<string, mixed> $params
*/
private static function computeSignature(array $params, string $apiSecret): string
{
// 1) 排除 signature & 空值/null
$filtered = [];
foreach ($params as $k => $v) {
if (!is_string($k) || $k === '') {
continue;
}
if ($k === self::SIGNATURE_FIELD) {
continue;
}
if ($v === null) {
continue;
}
if (is_string($v) && trim($v) === '') {
continue;
}
if (is_bool($v)) {
$filtered[$k] = $v ? 'true' : 'false';
continue;
}
if (is_int($v) || is_float($v) || is_numeric($v)) {
$filtered[$k] = strval($v);
continue;
}
if (is_string($v)) {
$filtered[$k] = trim($v);
continue;
}
// 数组/对象等不应参与签名;忽略它们
if (is_array($v) || is_object($v)) {
continue;
}
$filtered[$k] = strval($v);
}
// 2) 按 ASCII 升序排序 key
ksort($filtered, SORT_STRING);
// 3) 拼接 key=value用 & 连接
$pairs = [];
foreach ($filtered as $k => $v) {
$pairs[] = $k . '=' . $v;
}
// 4) 追加 &key=API_SECRET
$base = implode('&', $pairs);
$signStr = $base . '&' . self::SECRET_KEY_PARAM . '=' . $apiSecret;
// 5) MD5 小写
$hash = md5($signStr);
return is_string($hash) ? strtolower($hash) : '';
}
/**
* @param array<string, mixed> $payload
* @return array<string, mixed>
*/
private static function postJson(string $url, array $payload): array
{
if (!function_exists('curl_init')) {
throw new RuntimeException('curl extension is required for DDPayGateway');
}
$body = json_encode($payload, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
if (!is_string($body) || $body === '') {
throw new RuntimeException('DDPay request body encode failed');
}
$ch = curl_init($url);
if ($ch === false) {
throw new RuntimeException('DDPay curl_init failed');
}
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'Content-Type: application/json; charset=utf-8',
'Accept: application/json',
]);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
$respBody = curl_exec($ch);
$errno = curl_errno($ch);
$httpCode = curl_getinfo($ch, CURLINFO_RESPONSE_CODE);
curl_close($ch);
if ($respBody === false) {
throw new RuntimeException('DDPay request failed: ' . ($errno > 0 ? 'curl_' . strval($errno) : 'unknown'));
}
if (!is_numeric($httpCode)) {
throw new RuntimeException('DDPay request http code invalid');
}
$httpCodeInt = intval(strval($httpCode));
if ($httpCodeInt < 200 || $httpCodeInt >= 300) {
$snippet = '';
if (is_string($respBody)) {
$snippet = trim($respBody);
if (mb_strlen($snippet) > 400) {
$snippet = mb_substr($snippet, 0, 400) . '...';
}
}
$suffix = $snippet !== '' ? (' body=' . $snippet) : '';
throw new RuntimeException('DDPay request http failed, http_code=' . strval($httpCodeInt) . $suffix);
}
$decoded = json_decode(is_string($respBody) ? $respBody : '', true);
if (!is_array($decoded)) {
throw new RuntimeException('DDPay response decode failed');
}
return $decoded;
}
/**
* @return mixed
*/
private static function requireConfig(string $key): mixed
{
$v = config('app.' . $key, '');
if (!is_string($v)) {
return '';
}
$s = trim($v);
if ($s === '') {
throw new InvalidArgumentException('Missing config: app.' . $key);
}
return $s;
}
/**
* @param mixed $v
*/
private static function intValue(mixed $v): int
{
if (is_int($v)) {
return $v;
}
if (is_string($v) && $v !== '') {
$n = filter_var($v, FILTER_VALIDATE_INT);
return $n === false ? 0 : intval(strval($n));
}
if (is_numeric($v)) {
$n = filter_var($v, FILTER_VALIDATE_INT);
return $n === false ? 0 : intval(strval($n));
}
return 0;
}
}

71
app/common/library/finance/DepositMockGateway.php
View File

@@ -1,71 +0,0 @@
<?php
declare(strict_types=1);
namespace app\common\library\finance;
/**
* 模拟第三方支付HMAC 签名的收银台地址 + 回调验签,便于未来替换为真实网关仅改 URL/验签实现。
*/
final class DepositMockGateway
{
/**
* 优先读取环境变量 DEPOSIT_MOCK_HMAC_KEY其次 config('app.deposit_mock_hmac_key'),再使用开发默认值(生产环境务必设置 env
*/
public static function hmacKey(): string
{
$raw = getenv('DEPOSIT_MOCK_HMAC_KEY');
if (is_string($raw) && trim($raw) !== '') {
return trim($raw);
}
$cfg = config('app.deposit_mock_hmac_key', '');
if (is_string($cfg) && $cfg !== '') {
return $cfg;
}
return 'webman-dfw-deposit-mock-dev-key-set-DEPOSIT_MOCK_HMAC_KEY-in-prod';
}
public static function signOrderNo(string $orderNo): string
{
if ($orderNo === '') {
return '';
}
return hash_hmac('sha256', $orderNo, self::hmacKey());
}
public static function verifyOrderNo(string $orderNo, string $sign): bool
{
if ($orderNo === '' || $sign === '') {
return false;
}
$e = self::signOrderNo($orderNo);
if ($e === '') {
return false;
}
return hash_equals($e, $sign);
}
/**
* 玩家浏览器打开的「第三方收银台」地址(本项目中为简单 HTML 模拟页,点击后向 notify 发起 POST 完成入账)。
*
* @param string|null $publicOrigin 如 https://api.example.com为 null 时只返回以 / 开头的 path+query由客户端与 API 域名拼接
*/
public static function payPageUrl(string $orderNo, ?string $publicOrigin = null): string
{
$sign = self::signOrderNo($orderNo);
$q = http_build_query([
'order_no' => $orderNo,
'sign' => $sign,
]);
$path = '/api/finance/depositMockPayPage?' . $q;
if ($publicOrigin === null) {
return $path;
}
$base = rtrim($publicOrigin, '/');
return $base . $path;
}
}

89
app/common/library/game/DepositChannel.php
View File

@@ -10,9 +10,9 @@ use support\think\Db;
/**
* 充值支付渠道:优先读取 game_config.finance_cashier.channels无此键时回退 game_config.deposit_channel迁移期镜像
*
* 每项code须在代码/环境注册表内、sort、status(0/1)。
* 每项code须在代码/环境注册表内、sort、status(0/1)。**代码注册表当前仅内置 `ddpay`**DDPay 网关)。
*
* 渠道展示名以代码注册表为准;运营只配置开关排序,默认兼容全部充值档位。
* 渠道展示名以代码注册表为准;运营只配置开关排序与支持币种,默认兼容全部充值档位。
*/
final class DepositChannel
{
@@ -23,8 +23,9 @@ final class DepositChannel
*/
public static function codeRegistry(): array
{
// 仅保留 DDPay充值/回调只走网关文档约定,不再提供模拟或其它渠道码
$base = [
'directpay' => ['name' => 'DirectPay', 'name_en' => 'DirectPay', 'sort' => 10],
'ddpay' => ['name' => 'DDPay', 'name_en' => 'DDPay', 'sort' => 10],
];
$extra = self::registryFromEnv();
foreach ($extra as $code => $meta) {
@@ -150,17 +151,55 @@ final class DepositChannel
$sort = isset($row['sort']) && is_numeric($row['sort']) ? intval($row['sort']) : 0;
$status = isset($row['status']) && is_numeric($row['status']) ? intval($row['status']) : 1;
$status = $status === 1 ? 1 : 0;
$currencyCodes = null;
if (array_key_exists('currency_codes', $row)) {
if (is_array($row['currency_codes'])) {
$currencyCodes = self::normalizeCurrencyCodes($row['currency_codes']);
} else {
$currencyCodes = null;
}
}
$out[] = [
'code' => $code,
'sort' => $sort,
'status' => $status,
'tier_ids' => [],
// null 表示“兼容全部充值币种”(历史配置默认行为)
// 空数组 [] 表示“不支持任何充值币种”(运营可用作显式禁用某币种)
'currency_codes' => $currencyCodes,
];
}
return $out;
}
/**
* 归一化为小写/去空并返回大写币种码列表(允许为空数组)。
*
* @param mixed $raw
* @return list<string>
*/
private static function normalizeCurrencyCodes(mixed $raw): array
{
if (!is_array($raw)) {
return [];
}
$out = [];
foreach ($raw as $c) {
if (!is_string($c) && !is_numeric($c)) {
continue;
}
$s = is_string($c) ? trim($c) : strval($c);
$s = strtoupper($s);
if (!preg_match('/^[A-Z0-9]{2,12}$/', $s)) {
continue;
}
$out[] = $s;
}
$out = array_values(array_unique($out));
return $out;
}
/**
* 合并注册表与运营覆盖;若库中无覆盖则对注册表内全部渠道启用默认行
*
@@ -187,6 +226,7 @@ final class DepositChannel
'sort' => $sortVal,
'status' => 1,
'tier_ids' => [],
'currency_codes' => null, // 默认兼容全部币种(历史行为)
];
}
}
@@ -235,7 +275,7 @@ final class DepositChannel
*
* @return list<array{code: string, name: string, sort: int}>
*/
public static function channelsForTier(string $tierId, array $overrideRows, string $lang): array
public static function channelsForTier(string $tierId, array $overrideRows, string $lang, string $fiatCurrencyCode = ''): array
{
$registry = self::codeRegistry();
$out = [];
@@ -247,6 +287,9 @@ final class DepositChannel
if (!isset($registry[$code])) {
continue;
}
if ($fiatCurrencyCode !== '' && !self::isCurrencyAllowedForRow($row, $fiatCurrencyCode)) {
continue;
}
$meta = $registry[$code];
$name = self::pickLangName($meta, $lang);
$sortRaw = $row['sort'] ?? 0;
@@ -268,6 +311,27 @@ final class DepositChannel
return $out;
}
private static function isCurrencyAllowedForRow(array $row, string $fiatCurrencyCode): bool
{
$normCurrency = strtoupper(trim($fiatCurrencyCode));
if ($normCurrency === '') {
return true;
}
$cc = $row['currency_codes'] ?? null;
if ($cc === null) {
// 历史/默认配置:不填则表示兼容全部币种
return true;
}
if (!is_array($cc)) {
return true;
}
// 显式空数组:不支持任何币种
if ($cc === []) {
return false;
}
return in_array($normCurrency, $cc, true);
}
/**
* @param array<string, string> $meta
*/
@@ -300,6 +364,22 @@ final class DepositChannel
return self::isTierAllowed($row, $tierId);
}
/**
* @param array<array{code: string, sort: int, status: int, tier_ids: list<string>, currency_codes: (list<string>|null)}> $effectiveRows
*/
public static function assertChannelAllowsCurrency(string $channelCode, string $fiatCurrencyCode, array $effectiveRows): bool
{
$row = self::findMergedByCode($effectiveRows, $channelCode);
if ($row === null) {
return false;
}
if (($row['status'] ?? 0) !== 1) {
return false;
}
return self::isCurrencyAllowedForRow($row, $fiatCurrencyCode);
}
/**
* @param list<array{code: string, sort: int, status: int, tier_ids: list<string>}> $effectiveRows
*
@@ -399,6 +479,7 @@ final class DepositChannel
'sort' => $sortDefault,
'status' => 1,
'tier_ids' => [],
'currency_codes' => null,
];
}
usort($items, static function (array $a, array $b): int {

176
app/common/library/game/FinanceCashierConfig.php
View File

@@ -37,24 +37,23 @@ final class FinanceCashierConfig
'withdraw_coins_per_fiat' => '100',
],
[
'code' => 'VND',
'label_zh' => '越南盾',
'label_en' => 'Vietnamese Dong',
'code' => 'THB',
'label_zh' => '泰铢',
'label_en' => 'Thai Baht',
'sort' => 20,
'deposit_coins_per_fiat' => '10',
'withdraw_coins_per_fiat' => '10',
],
[
'code' => 'USDT',
'label_zh' => 'USDT',
'label_en' => 'USDT',
'sort' => 30,
'deposit_coins_per_fiat' => '1',
'withdraw_coins_per_fiat' => '1',
'deposit_coins_per_fiat' => '100',
'withdraw_coins_per_fiat' => '100',
],
],
'deposit_banks' => [
['currency_code' => 'MYR', 'code' => 'pbb', 'name_zh' => 'Public Bank', 'name_en' => 'Public Bank', 'sort' => 10],
['currency_code' => 'MYR', 'code' => 'mbb', 'name_zh' => 'Maybank2U', 'name_en' => 'Maybank2U', 'sort' => 20],
['currency_code' => 'THB', 'code' => '106', 'name_zh' => 'BANGKOK BANK PUBLIC COMPANY LTD.', 'name_en' => 'BANGKOK BANK PUBLIC COMPANY LTD.', 'sort' => 10],
['currency_code' => 'THB', 'code' => '107', 'name_zh' => 'KASIKORNBANK PUBLIC COMPANY LIMITED', 'name_en' => 'KASIKORNBANK PUBLIC COMPANY LIMITED', 'sort' => 20],
],
'withdraw_banks' => [
['code' => 'agrobank', 'name_zh' => 'Agrobank', 'name_en' => 'Agrobank', 'sort' => 10],
['currency_code' => 'MYR', 'code' => 'pbb', 'name_zh' => 'Public Bank', 'name_en' => 'Public Bank', 'sort' => 10],
['currency_code' => 'MYR', 'code' => 'mbb', 'name_zh' => 'Maybank2U', 'name_en' => 'Maybank2U', 'sort' => 20],
],
'withdraw_limits' => [
'min_ewallet' => '10',
@@ -69,12 +68,6 @@ final class FinanceCashierConfig
'fee_note_en' => 'A minimum RM 1 handling fee may apply for withdrawals between RM 10 and RM 99.99.',
'rate_mode' => 'fixed',
],
'withdraw_fields' => [
'require_cardholder' => true,
'require_bank_account' => true,
'require_email' => true,
'require_mobile' => true,
],
'channels' => [],
];
}
@@ -99,7 +92,7 @@ final class FinanceCashierConfig
if (isset($decoded['rates']) && is_array($decoded['rates'])) {
$legacyRates = array_values($decoded['rates']);
}
foreach (['currencies', 'withdraw_banks', 'channels'] as $listKey) {
foreach (['currencies', 'deposit_banks', 'withdraw_banks', 'channels'] as $listKey) {
if (isset($decoded[$listKey]) && is_array($decoded[$listKey])) {
$out[$listKey] = array_values($decoded[$listKey]);
}
@@ -110,9 +103,6 @@ final class FinanceCashierConfig
if (isset($decoded['withdraw_copy']) && is_array($decoded['withdraw_copy'])) {
$out['withdraw_copy'] = array_replace($out['withdraw_copy'], array_intersect_key($decoded['withdraw_copy'], $out['withdraw_copy']));
}
if (isset($decoded['withdraw_fields']) && is_array($decoded['withdraw_fields'])) {
$out['withdraw_fields'] = array_replace($out['withdraw_fields'], array_intersect_key($decoded['withdraw_fields'], $out['withdraw_fields']));
}
return self::normalizePayload($out, $legacyRates);
}
@@ -208,33 +198,12 @@ final class FinanceCashierConfig
return strcmp($ca, $cb);
});
if (isset($out['withdraw_banks']) && is_array($out['withdraw_banks'])) {
foreach ($out['withdraw_banks'] as $i => $row) {
if (!is_array($row)) {
unset($out['withdraw_banks'][$i]);
continue;
}
$code = isset($row['code']) && is_string($row['code']) ? strtolower(trim($row['code'])) : '';
$out['withdraw_banks'][$i] = [
'code' => $code,
'name_zh' => isset($row['name_zh']) && is_string($row['name_zh']) ? trim($row['name_zh']) : '',
'name_en' => isset($row['name_en']) && is_string($row['name_en']) ? trim($row['name_en']) : '',
'sort' => self::normalizeSort($row['sort'] ?? 0),
];
}
$out['withdraw_banks'] = array_values(array_filter($out['withdraw_banks'], static fn ($r) => is_array($r) && $r['code'] !== ''));
usort($out['withdraw_banks'], static function (array $a, array $b): int {
$sa = $a['sort'] ?? 0;
$sb = $b['sort'] ?? 0;
if ($sa !== $sb) {
return $sa <=> $sb;
}
$ca = $a['code'] ?? '';
$cb = $b['code'] ?? '';
return strcmp($ca, $cb);
});
}
$out['deposit_banks'] = self::normalizeBanksByCurrency(
isset($out['deposit_banks']) && is_array($out['deposit_banks']) ? $out['deposit_banks'] : []
);
$out['withdraw_banks'] = self::normalizeBanksByCurrency(
isset($out['withdraw_banks']) && is_array($out['withdraw_banks']) ? $out['withdraw_banks'] : []
);
if (isset($out['withdraw_limits']) && is_array($out['withdraw_limits'])) {
$wl = array_replace($defaults['withdraw_limits'], $out['withdraw_limits']);
foreach (['min_ewallet', 'min_bank'] as $k) {
@@ -257,13 +226,6 @@ final class FinanceCashierConfig
}
$out['withdraw_copy']['rate_mode'] = $mode;
}
if (isset($out['withdraw_fields']) && is_array($out['withdraw_fields'])) {
$wf = array_replace($defaults['withdraw_fields'], array_intersect_key($out['withdraw_fields'], $defaults['withdraw_fields']));
foreach (array_keys($defaults['withdraw_fields']) as $fk) {
$wf[$fk] = !empty($wf[$fk]);
}
$out['withdraw_fields'] = $wf;
}
if (isset($out['channels']) && is_array($out['channels'])) {
$out['channels'] = DepositChannel::normalizeOverrides(array_values($out['channels']));
} else {
@@ -280,6 +242,8 @@ final class FinanceCashierConfig
});
unset($out['fx_pairs']);
// 历史 JSON 可能含 withdraw_fields已废弃不再落库与返回给后台表单
unset($out['withdraw_fields']);
return $out;
}
@@ -322,6 +286,57 @@ final class FinanceCashierConfig
return 0;
}
/**
* @param list<mixed> $rows
* @return list<array{currency_code: string, code: string, name_zh: string, name_en: string, sort: int}>
*/
private static function normalizeBanksByCurrency(array $rows): array
{
$out = [];
foreach ($rows as $row) {
if (!is_array($row)) {
continue;
}
$currencyCode = isset($row['currency_code']) && is_string($row['currency_code']) ? strtoupper(trim($row['currency_code'])) : '';
if ($currencyCode === '') {
$currencyCode = 'MYR';
}
$codeRaw = $row['code'] ?? '';
$code = '';
if (is_string($codeRaw)) {
$code = strtolower(trim($codeRaw));
} elseif (is_numeric($codeRaw)) {
$code = strtolower(trim(strval($codeRaw)));
}
$out[] = [
'currency_code' => $currencyCode,
'code' => $code,
'name_zh' => isset($row['name_zh']) && is_string($row['name_zh']) ? trim($row['name_zh']) : '',
'name_en' => isset($row['name_en']) && is_string($row['name_en']) ? trim($row['name_en']) : '',
'sort' => self::normalizeSort($row['sort'] ?? 0),
];
}
$out = array_values(array_filter($out, static fn ($r) => is_array($r) && $r['currency_code'] !== '' && $r['code'] !== ''));
usort($out, static function (array $a, array $b): int {
$ca = isset($a['currency_code']) && is_string($a['currency_code']) ? $a['currency_code'] : '';
$cb = isset($b['currency_code']) && is_string($b['currency_code']) ? $b['currency_code'] : '';
if ($ca !== $cb) {
return strcmp($ca, $cb);
}
$sa = isset($a['sort']) && is_numeric($a['sort']) ? intval(strval($a['sort'])) : 0;
$sb = isset($b['sort']) && is_numeric($b['sort']) ? intval(strval($b['sort'])) : 0;
if ($sa !== $sb) {
return $sa <=> $sb;
}
$ka = isset($a['code']) && is_string($a['code']) ? $a['code'] : '';
$kb = isset($b['code']) && is_string($b['code']) ? $b['code'] : '';
return strcmp($ka, $kb);
});
return $out;
}
/**
* @param array<string, mixed> $p
*/
@@ -360,20 +375,57 @@ final class FinanceCashierConfig
throw new InvalidArgumentException('Withdraw rate must be a number greater than 0');
}
}
if (isset($p['withdraw_banks']) && is_array($p['withdraw_banks'])) {
// 校验 deposit channels 的币种白名单currency_codes 仅允许来自 currencies
if (isset($p['channels']) && is_array($p['channels'])) {
foreach ($p['channels'] as $row) {
if (!is_array($row)) {
continue;
}
$status = isset($row['status']) && is_numeric($row['status']) ? intval($row['status']) : 0;
$cc = array_key_exists('currency_codes', $row) ? ($row['currency_codes'] ?? null) : null;
if ($cc === null) {
continue; // null => 兼容全部币种(历史配置默认行为)
}
if (!is_array($cc)) {
throw new InvalidArgumentException('Channel currency_codes format error');
}
if ($status === 1 && $cc === []) {
throw new InvalidArgumentException('Enabled channel currency_codes can not be empty');
}
foreach ($cc as $c) {
if (!is_string($c) || !preg_match('/^[A-Z0-9]{2,12}$/', $c)) {
throw new InvalidArgumentException('Channel currency_codes contains invalid currency code');
}
if (!isset($seenCodes[$c])) {
throw new InvalidArgumentException('Channel currency_codes contains currency not configured');
}
}
}
}
foreach (['deposit_banks', 'withdraw_banks'] as $bankKey) {
if (!isset($p[$bankKey]) || !is_array($p[$bankKey])) {
continue;
}
$seen = [];
foreach ($p['withdraw_banks'] as $idx => $row) {
foreach ($p[$bankKey] as $row) {
if (!is_array($row)) {
throw new InvalidArgumentException('Bank row format error');
}
$currencyCode = $row['currency_code'] ?? '';
if (!is_string($currencyCode) || !isset($seenCodes[$currencyCode])) {
throw new InvalidArgumentException('Bank currency_code is invalid');
}
$code = $row['code'] ?? '';
if (!is_string($code) || !preg_match('/^[a-z0-9][a-z0-9_\-]{0,31}$/', $code)) {
throw new InvalidArgumentException('Bank code is invalid');
}
if (isset($seen[$code])) {
$uniq = $currencyCode . '|' . $code;
if (isset($seen[$uniq])) {
throw new InvalidArgumentException('Duplicate bank code');
}
$seen[$code] = true;
$seen[$uniq] = true;
}
}
if (isset($p['withdraw_limits']) && is_array($p['withdraw_limits'])) {

232
app/common/middleware/InterfaceRequestLog.php Normal file
View File

@@ -0,0 +1,232 @@
<?php
declare(strict_types=1);
namespace app\common\middleware;
use support\Log;
use Throwable;
use Webman\Http\Request;
use Webman\Http\Response;
use Webman\MiddlewareInterface;
/**
* 接口调用日志中间件
*
* 目标:
* - 统一记录接口调用(请求 + 响应)
* - 成功记录返回参数
* - 失败记录失败原因
*/
class InterfaceRequestLog implements MiddlewareInterface
{
/**
* 仅记录接口路由(避免静态资源噪音)
*/
private const API_PATH_PREFIXES = ['api/', 'admin/'];
/**
* 需要脱敏的字段名(不区分大小写)
*/
private const SENSITIVE_KEYS = [
'password',
'oldpassword',
'newpassword',
'token',
'user-token',
'user_token',
'auth-token',
'auth_token',
'refresh_token',
'secret',
'signature',
'sign',
];
public function process(Request $request, callable $handler): Response
{
$path = trim($request->path(), '/');
if (!$this->shouldLogPath($path)) {
return $handler($request);
}
$start = microtime(true);
$requestPayload = $this->buildRequestPayload($request);
try {
$response = $handler($request);
} catch (Throwable $e) {
$costMs = $this->costMs($start);
Log::error('[InterfaceRequestLog] ' . $this->encodeJson([
'path' => '/' . $path,
'method' => strtoupper($request->method()),
'ip' => $request->getRealIp(),
'cost_ms' => $costMs,
'request' => $requestPayload,
'success' => false,
'fail_reason' => $e->getMessage(),
'exception_class' => get_class($e),
'exception_trace' => $this->truncateText($e->getTraceAsString(), 3000),
]));
throw $e;
}
$costMs = $this->costMs($start);
$statusCode = method_exists($response, 'getStatusCode') ? intval($response->getStatusCode()) : 200;
$responseBodyRaw = $this->extractResponseBody($response);
$responseDecoded = $this->decodeJsonArray($responseBodyRaw);
$success = false;
$failReason = '';
$responseData = null;
if (is_array($responseDecoded)) {
if (array_key_exists('code', $responseDecoded)) {
$success = intval($responseDecoded['code']) === 1;
} else {
$success = $statusCode >= 200 && $statusCode < 400;
}
$responseData = $responseDecoded['data'] ?? $responseDecoded;
if (!$success) {
$failReasonRaw = $responseDecoded['message'] ?? ($responseDecoded['msg'] ?? '');
$failReason = is_string($failReasonRaw) ? $failReasonRaw : strval($failReasonRaw);
}
} else {
$success = $statusCode >= 200 && $statusCode < 400;
if ($success) {
$responseData = $this->truncateText($responseBodyRaw, 2000);
} else {
$failReason = $this->truncateText($responseBodyRaw, 2000);
}
}
$logPayload = [
'path' => '/' . $path,
'method' => strtoupper($request->method()),
'ip' => $request->getRealIp(),
'status_code' => $statusCode,
'cost_ms' => $costMs,
'request' => $requestPayload,
'success' => $success,
];
if ($success) {
$logPayload['response_data'] = $this->maskMixed($responseData);
Log::info('[InterfaceRequestLog] ' . $this->encodeJson($logPayload));
} else {
$logPayload['fail_reason'] = $failReason !== '' ? $failReason : 'Unknown error';
if (is_array($responseDecoded)) {
$logPayload['api_response'] = $this->maskMixed($responseDecoded);
}
Log::error('[InterfaceRequestLog] ' . $this->encodeJson($logPayload));
}
return $response;
}
private function shouldLogPath(string $path): bool
{
foreach (self::API_PATH_PREFIXES as $prefix) {
if (str_starts_with($path, $prefix)) {
return true;
}
}
return false;
}
private function buildRequestPayload(Request $request): array
{
$query = $request->get();
$post = $request->post();
if (!is_array($query)) {
$query = [];
}
if (!is_array($post)) {
$post = [];
}
$rawBody = method_exists($request, 'rawBody') ? strval($request->rawBody()) : '';
$jsonBody = [];
if ($rawBody !== '') {
$jsonDecoded = json_decode($rawBody, true);
if (is_array($jsonDecoded)) {
$jsonBody = $jsonDecoded;
}
}
return [
'query' => $this->maskMixed($query),
'post' => $this->maskMixed($post),
'json' => $this->maskMixed($jsonBody),
];
}
private function extractResponseBody(Response $response): string
{
if (method_exists($response, 'rawBody')) {
return strval($response->rawBody());
}
return '';
}
private function decodeJsonArray(string $content): ?array
{
if ($content === '') {
return null;
}
$decoded = json_decode($content, true);
return is_array($decoded) ? $decoded : null;
}
private function maskMixed($value, ?string $parentKey = null)
{
if (is_array($value)) {
$result = [];
foreach ($value as $k => $v) {
$keyName = is_string($k) ? $k : $parentKey;
$result[$k] = $this->maskMixed($v, $keyName);
}
return $result;
}
if ($parentKey !== null && $this->isSensitiveKey($parentKey)) {
return '***';
}
return $value;
}
private function isSensitiveKey(string $key): bool
{
$normalized = strtolower(trim($key));
foreach (self::SENSITIVE_KEYS as $sensitive) {
if ($normalized === $sensitive) {
return true;
}
if (str_contains($normalized, $sensitive)) {
return true;
}
}
return false;
}
private function truncateText(string $text, int $maxLen): string
{
if ($maxLen <= 0) {
return '';
}
if (mb_strlen($text) <= $maxLen) {
return $text;
}
return mb_substr($text, 0, $maxLen) . '...';
}
private function encodeJson(array $payload): string
{
return json_encode($payload, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
}
private function costMs(float $start): int
{
return intval((microtime(true) - $start) * 1000);
}
}

7
app/common/middleware/LoadLangPack.php
View File

@@ -26,7 +26,7 @@ class LoadLangPack implements MiddlewareInterface
/**
* 解析当前请求语言。
* - 后台 admin优先请求头 think-langzh-cn / en其次 lang 头,再次查询/表单参数 lang支持 zh→zh-cn
* - 对外 api优先查询/表单参数 langzh / en其次 lang 头,再次 think-lang。
* - 对外 api优先查询/表单参数 langzh / en其次 lang 头,再次 think-lang;未显式指定时固定 zh-cn不使用 Accept-Language
*/
protected function resolveLangSet(Request $request): string
{
@@ -86,6 +86,11 @@ class LoadLangPack implements MiddlewareInterface
}
}
// 对外 api无显式 lang / think-lang 时默认中文,避免浏览器 Accept-Language: en 覆盖产品默认
if ($app === 'api') {
return 'zh-cn';
}
$acceptRaw = $request->header('accept-language');
$acceptLang = is_string($acceptRaw) ? $acceptRaw : '';
if (preg_match('/^zh[-_]?cn|^zh/i', $acceptLang)) {