feat: custom menu pages with iframe embedding and CSP injection

Add configurable custom menu items that appear in sidebar, each rendering an iframe-embedded external page. Includes shared URL builder with src_host/src_url tracking, CSP frame-src multi-origin deduplication, admin settings UI, and i18n support. chore: bump version to 0.1.87.19 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-02 19:37:40 +08:00
parent 7abec1888f
commit 067810fa98
27 changed files with 1071 additions and 54 deletions
--- a/tmp_api_admin_orders/[id]/cancel/route.ts
+++ b/tmp_api_admin_orders/[id]/cancel/route.ts
@@ -0,0 +1,25 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { verifyAdminToken, unauthorizedResponse } from '@/lib/admin-auth';
+import { adminCancelOrder, OrderError } from '@/lib/order/service';
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> },
+) {
+  if (!verifyAdminToken(request)) return unauthorizedResponse();
+
+  try {
+    const { id } = await params;
+    await adminCancelOrder(id);
+    return NextResponse.json({ success: true });
+  } catch (error) {
+    if (error instanceof OrderError) {
+      return NextResponse.json(
+        { error: error.message, code: error.code },
+        { status: error.statusCode },
+      );
+    }
+    console.error('Admin cancel order error:', error);
+    return NextResponse.json({ error: '取消订单失败' }, { status: 500 });
+  }
+}
--- a/tmp_api_admin_orders/[id]/retry/route.ts
+++ b/tmp_api_admin_orders/[id]/retry/route.ts
@@ -0,0 +1,25 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { verifyAdminToken, unauthorizedResponse } from '@/lib/admin-auth';
+import { retryRecharge, OrderError } from '@/lib/order/service';
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> },
+) {
+  if (!verifyAdminToken(request)) return unauthorizedResponse();
+
+  try {
+    const { id } = await params;
+    await retryRecharge(id);
+    return NextResponse.json({ success: true });
+  } catch (error) {
+    if (error instanceof OrderError) {
+      return NextResponse.json(
+        { error: error.message, code: error.code },
+        { status: error.statusCode },
+      );
+    }
+    console.error('Retry recharge error:', error);
+    return NextResponse.json({ error: '重试充值失败' }, { status: 500 });
+  }
+}
--- a/tmp_api_admin_orders/[id]/route.ts
+++ b/tmp_api_admin_orders/[id]/route.ts
@@ -0,0 +1,31 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { prisma } from '@/lib/db';
+import { verifyAdminToken, unauthorizedResponse } from '@/lib/admin-auth';
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> },
+) {
+  if (!verifyAdminToken(request)) return unauthorizedResponse();
+
+  const { id } = await params;
+
+  const order = await prisma.order.findUnique({
+    where: { id },
+    include: {
+      auditLogs: {
+        orderBy: { createdAt: 'desc' },
+      },
+    },
+  });
+
+  if (!order) {
+    return NextResponse.json({ error: '订单不存在' }, { status: 404 });
+  }
+
+  return NextResponse.json({
+    ...order,
+    amount: Number(order.amount),
+    refundAmount: order.refundAmount ? Number(order.refundAmount) : null,
+  });
+}
--- a/tmp_api_admin_orders/route.ts
+++ b/tmp_api_admin_orders/route.ts
@@ -0,0 +1,60 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { prisma } from '@/lib/db';
+import { verifyAdminToken, unauthorizedResponse } from '@/lib/admin-auth';
+import { Prisma } from '@prisma/client';
+
+export async function GET(request: NextRequest) {
+  if (!verifyAdminToken(request)) return unauthorizedResponse();
+
+  const searchParams = request.nextUrl.searchParams;
+  const page = Math.max(1, Number(searchParams.get('page') || '1'));
+  const pageSize = Math.min(100, Math.max(1, Number(searchParams.get('page_size') || '20')));
+  const status = searchParams.get('status');
+  const userId = searchParams.get('user_id');
+  const dateFrom = searchParams.get('date_from');
+  const dateTo = searchParams.get('date_to');
+
+  const where: Prisma.OrderWhereInput = {};
+  if (status) where.status = status as any;
+  if (userId) where.userId = Number(userId);
+  if (dateFrom || dateTo) {
+    where.createdAt = {};
+    if (dateFrom) where.createdAt.gte = new Date(dateFrom);
+    if (dateTo) where.createdAt.lte = new Date(dateTo);
+  }
+
+  const [orders, total] = await Promise.all([
+    prisma.order.findMany({
+      where,
+      orderBy: { createdAt: 'desc' },
+      skip: (page - 1) * pageSize,
+      take: pageSize,
+      select: {
+        id: true,
+        userId: true,
+        userName: true,
+        userEmail: true,
+        amount: true,
+        status: true,
+        paymentType: true,
+        createdAt: true,
+        paidAt: true,
+        completedAt: true,
+        failedReason: true,
+        expiresAt: true,
+      },
+    }),
+    prisma.order.count({ where }),
+  ]);
+
+  return NextResponse.json({
+    orders: orders.map(o => ({
+      ...o,
+      amount: Number(o.amount),
+    })),
+    total,
+    page,
+    page_size: pageSize,
+    total_pages: Math.ceil(total / pageSize),
+  });
+}