refactor: 更新权限管理与请求验证逻辑

- 在多个控制器中将权限检查从 hasAdminPermission 更新为 hasPermissionCode，以增强权限管理的灵活性。 - 引入 AdminScopePolicy，优化基于代理节点的权限和数据过滤逻辑，确保管理员能够更精确地控制访问权限。 - 在请求验证中添加 agent_node_id 字段，确保 API 接口支持代理节点的相关操作。 - 更新 AdminUser 模型，新增 hasPermissionCode 方法，以支持更细粒度的权限检查。 - 优化审计日志记录逻辑，确保在处理请求时能够准确记录管理员的操作。
2026-06-03 10:07:38 +08:00
parent 0841fbed32
commit 1dcd4716c5
64 changed files with 2054 additions and 344 deletions
--- a/app/Services/Wallet/HttpMainSiteWalletGateway.php
+++ b/app/Services/Wallet/HttpMainSiteWalletGateway.php
@@ -53,6 +53,24 @@ final class HttpMainSiteWalletGateway implements MainSiteWalletGateway
        );
    }

+    public function refundMainForFailedLotteryDeposit(
+        Player $player,
+        string $currencyCode,
+        int $amountMinor,
+        string $idempotentKey,
+    ): MainSiteWalletResult {
+        $config = $this->partnerSiteConfigResolver->resolveForPlayer($player);
+
+        return $this->post(
+            $config->walletCreditPath,
+            $player,
+            $currencyCode,
+            $amountMinor,
+            $idempotentKey,
+            $config,
+        );
+    }
+
    private function post(
        string $path,
        Player $player,
@@ -108,10 +126,6 @@ final class HttpMainSiteWalletGateway implements MainSiteWalletGateway
            );
        }

-        $url = $base.'/'.ltrim($path, '/');
-        $timeout = $config->walletTimeoutSeconds;
-        $apiKey = $config->walletApiKey;
-
        $requestBody = [
            'site_code' => $player->site_code,
            'site_player_id' => $player->site_player_id,
@@ -128,6 +142,22 @@ final class HttpMainSiteWalletGateway implements MainSiteWalletGateway
            ],
        ]);

+        $url = $base.'/'.ltrim($path, '/');
+        $timeout = $config->walletTimeoutSeconds;
+        $apiKey = $config->walletApiKey;
+
+        if (app()->environment(['production'])
+            && $config->source === \App\Services\Integration\PartnerSiteConfig::SOURCE_LEGACY_ENV
+            && (! is_string($apiKey) || trim($apiKey) === '')
+        ) {
+            return MainSiteWalletResult::failure(
+                'main_site_wallet_api_key_required',
+                ['reason' => 'missing_main_site_wallet_api_key'],
+                false,
+                $requestSnapshot,
+            );
+        }
+
        $headers = [];
        if (is_string($apiKey) && $apiKey !== '') {
            $headers['Authorization'] = 'Bearer '.$apiKey;