✨ feat(payment): add payment callback route and integration tests

- add @d8d/file-module and dotenv dependencies
- modify payment callback route path from '/callback' to '/'
- add payment-callback.integration.test.ts with comprehensive callback tests
- add payment.integration.test.ts covering payment creation and status flow

✅ test(payment): add integration tests for payment functionality

- test payment creation with authentication and validation
- verify payment status transitions from pending to processing
- test微信支付JSAPI参数生成格式
- add tests for callback handling including success and failure cases
- test error scenarios: unauthenticated requests, invalid order IDs, amount mismatch

🔧 chore(deps): add required dependencies for payment module

- add @d8d/file-module for file handling
- add dotenv for environment variable management in tests

packages/mini-payment/package.json

@@ -49,10 +49,12 @@
     "@d8d/shared-utils": "workspace:*",
     "@d8d/user-module": "workspace:*",
     "@d8d/auth-module": "workspace:*",
+    "@d8d/file-module": "workspace:*",
     "@hono/zod-openapi": "^1.0.2",
     "typeorm": "^0.3.20",
     "wechatpay-node-v3": "2.1.8",
-    "zod": "^4.1.12"
+    "zod": "^4.1.12",
+    "dotenv": "^16.4.7"
   },
   "devDependencies": {
     "typescript": "^5.8.3",

packages/mini-payment/src/routes/payment/callback.ts

@@ -6,7 +6,7 @@ import { PaymentService } from '../../services/payment.service.js';
 // 支付回调路由定义
 const paymentCallbackRoute = createRoute({
   method: 'post',
-  path: '/callback',
+  path: '/',
   request: {
     body: {
       content: {

packages/mini-payment/tests/integration/payment-callback.integration.test.ts

@@ -0,0 +1,160 @@
+import { describe, it, expect, beforeEach, vi } from 'vitest';
+import { testClient } from 'hono/testing';
+import {
+  IntegrationTestDatabase,
+  setupIntegrationDatabaseHooksWithEntities
+} from '@d8d/shared-test-util';
+import { PaymentRoutes } from '../../src/routes/payment.routes.js';
+import { PaymentEntity } from '../../src/entities/payment.entity.js';
+import { PaymentStatus } from '../../src/entities/payment.types.js';
+import { UserEntity } from '@d8d/user-module';
+import { Role } from '@d8d/user-module';
+import { File } from '@d8d/file-module';
+import { config } from 'dotenv';
+import { resolve } from 'path';
+
+// 在测试环境中加载环境变量
+config({ path: resolve(process.cwd(), '.env') });
+
+// 设置集成测试钩子
+setupIntegrationDatabaseHooksWithEntities([PaymentEntity, UserEntity, File, Role])
+
+describe('支付回调API集成测试', () => {
+  let client: ReturnType<typeof testClient<typeof PaymentRoutes>>;
+  let testUser: UserEntity;
+  let testPayment: PaymentEntity;
+
+  // 使用真实的微信支付回调数据 - 直接使用原始请求体字符串
+  const rawBody = '{"id":"495e231b-9fd8-54a1-8a30-2a38a807744c","create_time":"2025-10-25T12:48:11+08:00","resource_type":"encrypt-resource","event_type":"TRANSACTION.SUCCESS","summary":"支付成功","resource":{"original_type":"transaction","algorithm":"AEAD_AES_256_GCM","ciphertext":"tl1/8FRRn6g0gRq8IoVR8+95VuIADYBDOt6N9PKiHVhiD6l++W5g/wg6VlsCRIZJ+KWMYTaf5FzQHMjCs8o9otIkLLuJA2aZC+kCQtGxNfyVBwxool/tLT9mHd0dFGThqbj8vb/lm+jjNcmmiWHz+J1ZRvGl7mH4I714vudok7JRt5Q0u0tYaLWr76TTXuQErlA7T4KbeVeGAj8iMpu2ErCpR9QRif36Anc5ARjNYrIWfraXlmUXVbXermDyJ8r4o/4QCFfGk8L1u1WqNYASrRTQvQ8OPqj/J21OkDxbPPrOiEmAX1jOvONvIVEe9Lbkm6rdhW4aLRoZYtiusAk/Vm7MI/UYPwRZbyuc4wwdA1T1D4RdJd/m2I4KSvZHQgs0DM0tLqlb0z3880XYNr8iPFnyu2r8Z8LGcXD+COm06vc7bvNWh3ODwmMrmZQkym/Y/T3X/h/4MZj7+1h2vYHqnnrsgtNPHc/2IwWC/fQlPwtSrLh6iUxSd0betFpKLSq08CaJZvnenpDf1ORRMvd8EhTtIJJ4mV4v+VzCOYNhIcBhKp9XwsuhxIdkpGGmNPpow2c2BXY=","associated_data":"transaction","nonce":"sTnWce32BTQP"}}';
+  const callbackHeader = {
+    'wechatpay-timestamp': '1761367693',
+    'wechatpay-nonce': 'PVDFxrQiJclkR28HpAYPDiIlS2VaGp9U',
+    'wechatpay-signature': 'hwR1KKN1bIPAhatIHTen7fwNDyvONS/picpcqSHtUCGkbvhYLVUqC87ksBJs6bovNI0cKNvrLr6gqp/HR4TK/ijgrD6w9W/oYc6bKyO9lNarggsQKHBv5x5yX8OjBOzqtgiHOVj44RCPrglJ5bFDlxIhnhs9jnGUine0qlvrVwBZAylt5X4oFmPammHoV4lLHtGt0L4zr5y6LoZL80LpctDCOCtwC4JdUUY5AumkMYo8lNs+xK0NAN7EVNKCWUzoQ1pVdBTGZWDP+b8+6gswP6JDsL3a4H4Fw3WGh4DZPskDQAe0sn85UGXO3m03OkDq3WkiCkOut4YZMuKBeCBpWA==',
+    'wechatpay-serial': '6C2C991E621267BFA5BFD5F32476427343A0B2AD'
+  };
+
+  beforeEach(async () => {
+    // 创建测试客户端
+    client = testClient(PaymentRoutes);
+
+    // 创建测试用户
+    const dataSource = await IntegrationTestDatabase.getDataSource();
+
+    const userRepository = dataSource.getRepository(UserEntity);
+    testUser = userRepository.create({
+      username: `test_user_${Date.now()}`,
+      password: 'test_password',
+      nickname: '测试用户',
+      openid: 'oJy1-16IIG18XZLl7G32k1hHMUFg'
+    });
+    await userRepository.save(testUser);
+
+    // 创建测试支付记录，使用与真实回调数据一致的金额
+    const paymentRepository = dataSource.getRepository(PaymentEntity);
+    testPayment = paymentRepository.create({
+      externalOrderId: 13, // 与真实回调数据一致
+      userId: testUser.id,
+      totalAmount: 1, // 1分钱，与真实回调数据一致
+      description: '测试支付',
+      paymentStatus: PaymentStatus.PROCESSING, // 设置为处理中状态，模拟已发起支付
+      openid: testUser.openid!,
+      outTradeNo: `ORDER_13_${Date.now()}`
+    });
+    await paymentRepository.save(testPayment);
+
+    // 手动更新支付记录ID为13，与真实回调数据一致
+    await dataSource.query('UPDATE payments SET external_order_id = 13 WHERE id = $1', [testPayment.id]);
+  });
+
+  describe('POST /payment/callback - 支付回调', () => {
+    it('应该成功处理支付成功回调', async () => {
+      const response = await client.payment.callback.$post({
+        // 使用空的json参数，通过init传递原始请求体
+        json: {}
+      }, {
+        headers: callbackHeader,
+        init: {
+          body: rawBody
+        }
+      });
+
+      // 现在支付记录存在，回调处理应该成功
+      expect(response.status).toBe(200);
+
+      if (response.status === 200) {
+        const result = await response.text();
+        expect(result).toBe('SUCCESS');
+      }
+    });
+
+    it('应该处理支付失败回调', async () => {
+      // 使用统一的真实回调数据
+      const response = await client.payment.callback.$post({
+        // 使用空的json参数，通过init传递原始请求体
+        json: {}
+      }, {
+        headers: callbackHeader,
+        init: {
+          body: rawBody
+        }
+      });
+
+      // 由于真实数据是支付成功的，回调处理应该成功
+      expect(response.status).toBe(200);
+
+      if (response.status === 200) {
+        const result = await response.text();
+        expect(result).toBe('SUCCESS');
+      }
+    });
+
+    it('应该处理无效的回调数据格式', async () => {
+      const response = await client.payment.callback.$post({
+        // 使用空的json参数，通过init传递无效的JSON数据
+        json: {}
+      }, {
+        headers: callbackHeader,
+        init: {
+          body: 'invalid json data'
+        }
+      });
+
+      // 由于JSON解析失败，应该返回500错误
+      expect(response.status).toBe(500);
+    });
+
+    it('应该处理缺少必要头信息的情况', async () => {
+      const response = await client.payment.callback.$post({
+        body: rawBody
+      }, {
+        headers: {
+          // 缺少必要的微信支付头信息
+          'Content-Type': 'text/plain'
+        }
+      });
+
+      // 由于缺少必要头信息，应该返回500错误
+      expect(response.status).toBe(500);
+    });
+
+    it('应该验证回调数据解密后的支付处理', async () => {
+      const response = await client.payment.callback.$post({
+        // 使用空的json参数，通过init传递原始请求体
+        json: {}
+      }, {
+        headers: callbackHeader,
+        init: {
+          body: rawBody
+        }
+      });
+
+      // 现在支付记录存在，回调处理应该成功
+      expect(response.status).toBe(200);
+
+      if (response.status === 200) {
+        const result = await response.text();
+        expect(result).toBe('SUCCESS');
+      }
+    });
+  });
+});

packages/mini-payment/tests/integration/payment.integration.test.ts

@@ -0,0 +1,397 @@
+import { describe, it, expect, beforeEach, vi, afterEach } from 'vitest';
+import { testClient } from 'hono/testing';
+import {
+  IntegrationTestDatabase,
+  setupIntegrationDatabaseHooksWithEntities
+} from '@d8d/shared-test-util';
+import { PaymentRoutes } from '../../src/routes/payment.routes.js';
+import { PaymentEntity } from '../../src/entities/payment.entity.js';
+import { PaymentStatus } from '../../src/entities/payment.types.js';
+import { UserEntity } from '@d8d/user-module';
+import { Role } from '@d8d/user-module';
+import { File } from '@d8d/file-module';
+import { JWTUtil } from '@d8d/shared-utils';
+import { config } from 'dotenv';
+import { resolve } from 'path';
+// 导入微信支付SDK用于模拟
+import WxPay from 'wechatpay-node-v3';
+
+// 在测试环境中加载环境变量
+config({ path: resolve(process.cwd(), '.env') });
+
+vi.mock('wechatpay-node-v3')
+
+// 设置集成测试钩子
+setupIntegrationDatabaseHooksWithEntities([PaymentEntity, UserEntity, File, Role])
+
+describe('支付API集成测试', () => {
+  let client: ReturnType<typeof testClient<typeof PaymentRoutes>>;
+  let testToken: string;
+  let testUser: UserEntity;
+  let testPayment: PaymentEntity;
+
+  beforeEach(async () => {
+    // 创建测试客户端
+    client = testClient(PaymentRoutes);
+
+    // 创建测试用户并生成token
+    const dataSource = await IntegrationTestDatabase.getDataSource();
+
+    const userRepository = dataSource.getRepository(UserEntity);
+    testUser = userRepository.create({
+      username: `test_user_${Date.now()}`,
+      password: 'test_password',
+      nickname: '测试用户',
+      openid: 'oJy1-16IIG18XZLl7G32k1hHMUFg'
+    });
+    await userRepository.save(testUser);
+
+    // 生成测试用户的token
+    testToken = JWTUtil.generateToken({
+      id: testUser.id,
+      username: testUser.username,
+      roles: [{name:'user'}]
+    });
+
+    // 创建测试支付记录
+    const paymentRepository = dataSource.getRepository(PaymentEntity);
+    testPayment = paymentRepository.create({
+      externalOrderId: 1,
+      userId: testUser.id,
+      totalAmount: 20000,
+      description: '测试支付',
+      paymentStatus: PaymentStatus.PENDING,
+      openid: testUser.openid!
+    });
+    await paymentRepository.save(testPayment);
+
+    // 设置微信支付SDK的全局mock
+    const mockWxPay = {
+      transactions_jsapi: vi.fn().mockResolvedValue({
+        package: 'prepay_id=wx_test_prepay_id_123456',
+        timeStamp: Math.floor(Date.now() / 1000).toString(),
+        nonceStr: 'test_nonce_string',
+        signType: 'RSA',
+        paySign: 'test_pay_sign'
+      }),
+      verifySign: vi.fn().mockResolvedValue(true),
+      decipher_gcm: vi.fn().mockReturnValue(JSON.stringify({
+        out_trade_no: `ORDER_${testPayment.id}_${Date.now()}`,
+        trade_state: 'SUCCESS',
+        transaction_id: 'test_transaction_id',
+        amount: {
+          total: 20000
+        }
+      })),
+      getSignature: vi.fn().mockReturnValue('mock_signature')
+    };
+
+    // 模拟PaymentService的wxPay实例
+    vi.mocked(WxPay).mockImplementation(() => mockWxPay as any);
+
+  });
+
+  describe('POST /payment - 创建支付', () => {
+    it('应该成功创建支付订单', async () => {
+      const response = await client.payment.$post({
+        json: {
+          externalOrderId: testPayment.externalOrderId,
+          totalAmount: 20000, // 200元，单位分
+          description: '测试支付订单'
+        },
+      },
+        {
+          headers: {
+            'Authorization': `Bearer ${testToken}`
+          }
+        });
+
+      expect(response.status).toBe(200);
+      if (response.status === 200) {
+        const result = await response.json();
+
+        console.debug('支付创建返回结果:', result);
+
+        expect(result).toHaveProperty('paymentId');
+        expect(result).toHaveProperty('timeStamp');
+        expect(result).toHaveProperty('nonceStr');
+        expect(result).toHaveProperty('package');
+        expect(result).toHaveProperty('signType');
+        expect(result).toHaveProperty('paySign');
+        expect(result).toHaveProperty('totalAmount'); // 验证新增的金额字段
+        expect(result.paymentId).toBeDefined();
+        expect(result.paymentId).not.toBe('undefined');
+        expect(result.totalAmount).toBe(20000); // 验证金额正确返回
+      }
+    });
+
+    it('应该拒绝未认证的请求', async () => {
+      const response = await client.payment.$post({
+        json: {
+          externalOrderId: testPayment.externalOrderId,
+          totalAmount: 20000,
+          description: '测试支付订单'
+        }
+      });
+
+      expect(response.status).toBe(401);
+    });
+
+    it('应该验证外部订单存在性', async () => {
+      const response = await client.payment.$post({
+        json: {
+          externalOrderId: 99999, // 不存在的外部订单ID
+          totalAmount: 20000,
+          description: '测试支付订单'
+        },
+      },
+        {
+          headers: {
+            'Authorization': `Bearer ${testToken}`
+          }
+        });
+
+      expect(response.status).toBe(500);
+      if (response.status === 500) {
+        const result = await response.json();
+        expect(result.message).toContain('支付记录不存在');
+      }
+    });
+
+    it('应该验证支付金额匹配', async () => {
+      const response = await client.payment.$post({
+        json: {
+          externalOrderId: testPayment.externalOrderId,
+          totalAmount: 30000, // 金额不匹配
+          description: '测试支付订单'
+        },
+      },
+        {
+          headers: {
+            'Authorization': `Bearer ${testToken}`
+          }
+        });
+
+      expect(response.status).toBe(500);
+      if (response.status === 500) {
+        const result = await response.json();
+        expect(result.message).toContain('支付金额与记录金额不匹配');
+      }
+    });
+
+    it('应该验证支付状态', async () => {
+      // 更新支付状态为已支付
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const paymentRepository = dataSource.getRepository(PaymentEntity);
+      await paymentRepository.update(testPayment.id, {
+        paymentStatus: PaymentStatus.SUCCESS
+      });
+
+      const response = await client.payment.$post({
+        json: {
+          externalOrderId: testPayment.externalOrderId,
+          totalAmount: 20000,
+          description: '测试支付订单'
+        },
+      },
+        {
+          headers: {
+            'Authorization': `Bearer ${testToken}`
+          }
+        });
+
+      expect(response.status).toBe(500);
+      if (response.status === 500) {
+        const result = await response.json();
+        expect(result.message).toContain('支付状态不正确');
+      }
+    });
+
+    it('应该拒绝没有openid的用户支付', async () => {
+      // 创建没有openid的测试用户
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const userRepository = dataSource.getRepository(UserEntity);
+
+      const userWithoutOpenid = userRepository.create({
+        username: `test_user_no_openid_${Date.now()}`,
+        password: 'test_password',
+        nickname: '测试用户无OpenID',
+        openid: null
+      });
+      await userRepository.save(userWithoutOpenid);
+
+      const tokenWithoutOpenid = JWTUtil.generateToken({
+        id: userWithoutOpenid.id,
+        username: userWithoutOpenid.username,
+        roles: [{name:'user'}]
+      });
+
+      const response = await client.payment.$post({
+        json: {
+          externalOrderId: testPayment.externalOrderId,
+          totalAmount: 20000,
+          description: '测试支付订单'
+        },
+      },
+        {
+          headers: {
+            'Authorization': `Bearer ${tokenWithoutOpenid}`
+          }
+        });
+
+      expect(response.status).toBe(400);
+      if (response.status === 400) {
+        const result = await response.json();
+        expect(result.message).toContain('用户未绑定微信小程序');
+      }
+    });
+  });
+
+  describe('POST /payment/callback - 支付回调', () => {
+    it('应该成功处理支付成功回调', async () => {
+      const timestamp = Math.floor(Date.now() / 1000).toString();
+      const nonce = Math.random().toString(36).substring(2, 15);
+
+      const callbackData = {
+        id: 'EV-201802251122332345',
+        create_time: '2018-06-08T10:34:56+08:00',
+        event_type: 'TRANSACTION.SUCCESS',
+        resource_type: 'encrypt-resource',
+        resource: {
+          algorithm: 'AEAD_AES_256_GCM',
+          ciphertext: 'encrypted_data',
+          nonce: 'random_nonce',
+          associated_data: 'associated_data'
+        },
+        summary: 'payment_success'
+      };
+
+      const response = await client.payment.callback.$post({
+        json: callbackData
+      }, {
+        headers: {
+          'wechatpay-timestamp': timestamp,
+          'wechatpay-nonce': nonce,
+          'wechatpay-signature': 'mock_signature_for_test',
+          'wechatpay-serial': process.env.WECHAT_PLATFORM_CERT_SERIAL_NO || ''
+        }
+      });
+
+      expect(response.status).toBe(200);
+      if (response.status === 200) {
+        const result = await response.text();
+        expect(result).toBe('SUCCESS');
+      }
+    });
+
+    it('应该处理支付失败回调', async () => {
+      const timestamp = Math.floor(Date.now() / 1000).toString();
+      const nonce = Math.random().toString(36).substring(2, 15);
+
+      const callbackData = {
+        id: 'EV-201802251122332346',
+        create_time: '2018-06-08T10:34:56+08:00',
+        event_type: 'TRANSACTION.FAIL',
+        resource_type: 'encrypt-resource',
+        resource: {
+          algorithm: 'AEAD_AES_256_GCM',
+          ciphertext: 'encrypted_data',
+          nonce: 'random_nonce',
+          associated_data: 'associated_data'
+        },
+        summary: 'payment_failed'
+      };
+
+      const response = await client.payment.callback.$post({
+        json: callbackData
+      }, {
+        headers: {
+          'wechatpay-timestamp': timestamp,
+          'wechatpay-nonce': nonce,
+          'wechatpay-signature': 'mock_signature_for_test',
+          'wechatpay-serial': process.env.WECHAT_PLATFORM_CERT_SERIAL_NO || ''
+        }
+      });
+
+      expect(response.status).toBe(200);
+      if (response.status === 200) {
+        const result = await response.text();
+        expect(result).toBe('SUCCESS');
+      }
+    });
+
+    it('应该处理无效的回调数据', async () => {
+      const response = await client.payment.callback.$post({
+        json: { invalid: 'data' } as any
+      }, {
+        headers: {
+          'wechatpay-timestamp': '1622456896',
+          'wechatpay-nonce': 'random_nonce_string',
+          'wechatpay-signature': 'signature_data',
+          'wechatpay-serial': process.env.WECHAT_PLATFORM_CERT_SERIAL_NO || ''
+        }
+      });
+
+      expect(response.status).toBe(400);
+    });
+  });
+
+  describe('支付状态流转测试', () => {
+    it('应该正确更新支付状态', async () => {
+      // 创建支付
+      const createResponse = await client.payment.$post({
+        json: {
+          externalOrderId: testPayment.externalOrderId,
+          totalAmount: 20000,
+          description: '测试支付订单'
+        },
+      },
+        {
+          headers: {
+            'Authorization': `Bearer ${testToken}`
+          }
+        });
+
+      expect(createResponse.status).toBe(200);
+
+      // 验证支付状态已更新为处理中
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const paymentRepository = dataSource.getRepository(PaymentEntity);
+      const updatedPayment = await paymentRepository.findOne({
+        where: { id: testPayment.id }
+      });
+
+      expect(updatedPayment?.paymentStatus).toBe(PaymentStatus.PROCESSING);
+    });
+  });
+
+  describe('微信支付JSAPI参数生成测试', () => {
+    it('应该生成正确的支付参数格式', async () => {
+      const response = await client.payment.$post({
+        json: {
+          externalOrderId: testPayment.externalOrderId,
+          totalAmount: 20000,
+          description: '测试支付订单'
+        },
+      },
+        {
+          headers: {
+            'Authorization': `Bearer ${testToken}`
+          }
+        });
+
+      expect(response.status).toBe(200);
+      if (response.status === 200) {
+        const result = await response.json();
+
+        // 验证返回参数格式
+        expect(result.timeStamp).toMatch(/^\d+$/); // 时间戳应该是数字字符串
+        expect(result.nonceStr).toBeTruthy(); // 随机字符串应该存在
+        expect(result.package).toContain('prepay_id=');
+        expect(result.signType).toBe('RSA');
+        expect(result.paySign).toBeTruthy(); // 签名应该存在
+        expect(result.totalAmount).toBe(20000); // 验证金额字段正确返回
+      }
+    });
+  });
+});