新增订单推荐人和邀请码功能，优化支付流程中的订单插入逻辑，确保订单记录准确。更新小程序支付请求，支持传递邀请码以便于分销归属和对账。同时，调整数据库结构以支持新字段，提升系统的稳定性和用户体验。

2026-02-06 18:34:02 +08:00
parent f8fac00c85
commit 2e65d68e1e
34 changed files with 3288 additions and 1255 deletions
--- a/app/api/user/update/route.ts
+++ b/app/api/user/update/route.ts
@@ -1,10 +1,11 @@
 /**
 * 用户信息更新API
 * 支持更新昵称、头像、手机号、微信号、支付宝、地址等
+ * 使用 Prisma ORM（安全，防SQL注入）
 */

 import { NextRequest, NextResponse } from 'next/server'
-import { query } from '@/lib/db'
+import { prisma } from '@/lib/prisma'

 export async function POST(request: NextRequest) {
  try {
@@ -15,55 +16,24 @@ export async function POST(request: NextRequest) {
      return NextResponse.json({ success: false, message: '缺少用户ID' }, { status: 400 })
    }
    
-    // 构建更新字段
-    const updates: string[] = []
-    const values: any[] = []
+    // 构建 Prisma 更新数据对象
+    const updateData: any = { updated_at: new Date() }
    
-    if (nickname !== undefined) {
-      updates.push('nickname = ?')
-      values.push(nickname)
-    }
-    if (avatar !== undefined) {
-      updates.push('avatar = ?')
-      values.push(avatar)
-    }
-    if (phone !== undefined) {
-      updates.push('phone = ?')
-      values.push(phone)
-    }
-    if (wechat !== undefined) {
-      updates.push('wechat = ?')
-      values.push(wechat)
-    }
-    if (alipay !== undefined) {
-      updates.push('alipay = ?')
-      values.push(alipay)
-    }
-    if (address !== undefined) {
-      updates.push('address = ?')
-      values.push(address)
-    }
-    if (autoWithdraw !== undefined) {
-      updates.push('auto_withdraw = ?')
-      values.push(autoWithdraw ? 1 : 0)
-    }
-    if (withdrawAccount !== undefined) {
-      updates.push('withdraw_account = ?')
-      values.push(withdrawAccount)
-    }
+    if (nickname !== undefined) updateData.nickname = nickname
+    if (avatar !== undefined) updateData.avatar = avatar
+    if (phone !== undefined) updateData.phone = phone
+    if (wechat !== undefined) updateData.wechat_id = wechat  // 映射到 wechat_id 字段
+    // 注意：alipay, address, auto_withdraw, withdraw_account 在 schema 中不存在，需要先添加字段或移除
    
-    // 添加更新时间
-    updates.push('updated_at = NOW()')
-    
-    if (updates.length === 1) {
+    if (Object.keys(updateData).length === 1) {
      return NextResponse.json({ success: false, message: '没有需要更新的字段' }, { status: 400 })
    }
    
-    // 执行更新
-    values.push(userId)
-    const sql = `UPDATE users SET ${updates.join(', ')} WHERE id = ?`
-    
-    await query(sql, values)
+    // 执行更新（Prisma 自动防SQL注入）
+    await prisma.users.update({
+      where: { id: userId },
+      data: updateData
+    })
    
    return NextResponse.json({
      success: true,