Начало Каталог Помощ
Регистрация Вход
186-template-175
/
mini-starter
разклонено от 155-template-138/mini-starter
2
0
Разклонения 0
Файлове
Преглед на файлове

fix(credit-balance-module-mt): 补充额度支付API安全修复相关文件

- 包含之前安全修复的剩余文件:
  - mini/src/pages/payment/index.tsx: 修改传递订单ID而不是订单号
  - mini/tests/unit/pages/payment/credit-payment.test.tsx: 更新测试验证API调用参数变更
  - packages/credit-balance-module-mt/src/schemas/index.ts: 更新PaymentDto Schema,移除amount字段

🤖 Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)

Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
yourname преди 3 дни
родител
2ad6aa2b18
ревизия
9e28924460
променени са 3 файла, в които са добавени 8 реда и са изтрити 15 реда
Разделен изглед Покажи статистика за разликите
  1. 3 3
      mini/src/pages/payment/index.tsx
  2. 1 2
      mini/tests/unit/pages/payment/credit-payment.test.tsx
  3. 4 10
      packages/credit-balance-module-mt/src/schemas/index.ts

+ 3 - 3
mini/src/pages/payment/index.tsx
Целия файл 

@@ -139,7 +139,7 @@ const PaymentPage = () => {
 
 
   // 处理额度支付
 
   const handleCreditPayment = async () => {
 
-    if (!orderId || !amount) {
 
+    if (!orderId) {
 
       setErrorMessage('订单信息不完整')
 
       return
 
     }
 
@@ -149,6 +149,7 @@ const PaymentPage = () => {
 
       return
 
     }
 
 
+    // 检查额度是否足够(使用订单金额检查)
 
     if (creditBalance.availableAmount < amount) {
 
       setErrorMessage(`额度不足,可用额度: ¥${creditBalance.availableAmount.toFixed(2)}`)
 
       return
 
@@ -161,8 +162,7 @@ const PaymentPage = () => {
 
     try {
 
       const response = await creditBalanceClient.payment.$post({
 
         json: {
 
-          amount: amount,
 
-          referenceId: orderNo || `ORD${orderId}`,
 
+          referenceId: orderId.toString(), // 传递订单ID而不是订单号
 
           remark: `订单支付 - ${orderNo || `ORD${orderId}`}`
 
         }
 
       })

+ 1 - 2
mini/tests/unit/pages/payment/credit-payment.test.tsx
Целия файл 

@@ -329,8 +329,7 @@ describe('支付页面额度支付功能测试', () => {
 
     await waitFor(() => {
 
       expect(creditBalanceClient.payment.$post).toHaveBeenCalledWith({
 
         json: {
 
-          amount: 100,
 
-          referenceId: 'ORD123456',
 
+          referenceId: '123', // 现在传递订单ID而不是订单号
 
           remark: '订单支付 - ORD123456',
 
         },
 
       })

+ 4 - 10
packages/credit-balance-module-mt/src/schemas/index.ts
Целия файл 

@@ -140,17 +140,11 @@ export const AdjustLimitDto = z.object({
 
 
 // 额度支付DTO(用户操作)
 
 export const PaymentDto = z.object({
 
-  amount: z.number().positive({
 
-    message: '支付金额必须大于0'
 
-  }).openapi({
 
-    description: '支付金额',
 
-    example: 500.00
 
-  }),
 
   referenceId: z.string().max(100, {
 
-    message: '关联ID不能超过100个字符'
 
-  }).optional().openapi({
 
-    description: '关联ID(订单号等)',
 
-    example: 'ORD202412010001'
 
+    message: '订单ID不能超过100个字符'
 
+  }).openapi({
 
+    description: '订单ID',
 
+    example: '123'
 
   }),
 
   operatorId: z.number().int().positive().optional().openapi({
 
     description: '操作人ID',