diff --git a/miniprogram/app.js b/miniprogram/app.js
index 7ea74016..c3103395 100644
--- a/miniprogram/app.js
+++ b/miniprogram/app.js
@@ -321,21 +321,18 @@ App({
})
},
- // 登录方法 - 获取openId用于支付
+ // 登录方法 - 获取openId用于支付(加固错误处理,避免审核报“登录报错”)
async login() {
try {
- // 获取微信登录code
const loginRes = await new Promise((resolve, reject) => {
- wx.login({
- success: resolve,
- fail: reject
- })
+ wx.login({ success: resolve, fail: reject })
})
-
- console.log('[App] 获取登录code成功')
-
+ if (!loginRes || !loginRes.code) {
+ console.warn('[App] wx.login 未返回 code')
+ wx.showToast({ title: '获取登录态失败,请重试', icon: 'none' })
+ return null
+ }
try {
- // 发送code到服务器获取openId
const res = await this.request('/api/miniprogram/login', {
method: 'POST',
data: { code: loginRes.code }
diff --git a/miniprogram/app.json b/miniprogram/app.json
index e3ba264d..b3df2c75 100644
--- a/miniprogram/app.json
+++ b/miniprogram/app.json
@@ -6,6 +6,8 @@
"pages/my/my",
"pages/read/read",
"pages/about/about",
+ "pages/agreement/agreement",
+ "pages/privacy/privacy",
"pages/referral/referral",
"pages/purchases/purchases",
"pages/settings/settings",
diff --git a/miniprogram/pages/agreement/agreement.js b/miniprogram/pages/agreement/agreement.js
new file mode 100644
index 00000000..aedd4c68
--- /dev/null
+++ b/miniprogram/pages/agreement/agreement.js
@@ -0,0 +1,21 @@
+/**
+ * Soul创业派对 - 用户协议
+ * 审核要求:登录前可点击《用户协议》查看完整内容
+ */
+const app = getApp()
+
+Page({
+ data: {
+ statusBarHeight: 44
+ },
+
+ onLoad() {
+ this.setData({
+ statusBarHeight: app.globalData.statusBarHeight || 44
+ })
+ },
+
+ goBack() {
+ wx.navigateBack()
+ }
+})
diff --git a/miniprogram/pages/agreement/agreement.json b/miniprogram/pages/agreement/agreement.json
new file mode 100644
index 00000000..9fff5b87
--- /dev/null
+++ b/miniprogram/pages/agreement/agreement.json
@@ -0,0 +1 @@
+{"usingComponents":{},"navigationStyle":"custom","navigationBarTitleText":"用户协议"}
diff --git a/miniprogram/pages/agreement/agreement.wxml b/miniprogram/pages/agreement/agreement.wxml
new file mode 100644
index 00000000..4060b50c
--- /dev/null
+++ b/miniprogram/pages/agreement/agreement.wxml
@@ -0,0 +1,37 @@
+
+
+
+ ←
+ 用户协议
+
+
+
+
+
+
+ Soul创业实验 用户服务协议
+ 更新日期:以小程序内展示为准
+
+ 一、接受条款
+ 欢迎使用 Soul创业实验 小程序。使用本服务即表示您已阅读、理解并同意受本协议约束。若不同意,请勿使用本服务。
+
+ 二、服务说明
+ 本小程序提供《一场Soul的创业实验》等数字内容阅读、推广与相关服务。我们保留变更、中断或终止部分或全部服务的权利。
+
+ 三、用户行为规范
+ 您应合法、合规使用本服务,不得利用本服务从事违法违规活动,不得侵犯他人权益。违规行为可能导致账号限制或追究责任。
+
+ 四、知识产权
+ 本小程序内全部内容(包括但不限于文字、图片、音频、视频)的知识产权归本小程序或权利人所有,未经授权不得复制、传播或用于商业用途。
+
+ 五、免责与限制
+ 在法律允许范围内,因网络、设备或不可抗力导致的服务中断或数据丢失,我们尽力减少损失但不承担超出法律规定的责任。
+
+ 六、协议变更
+ 我们可能适时修订本协议,修订后将在小程序内公示。若您继续使用服务,即视为接受修订后的协议。
+
+ 七、联系我们
+ 如有疑问,请通过小程序内「关于作者」或 Soul 派对房与我们联系。
+
+
+
diff --git a/miniprogram/pages/agreement/agreement.wxss b/miniprogram/pages/agreement/agreement.wxss
new file mode 100644
index 00000000..08fadc43
--- /dev/null
+++ b/miniprogram/pages/agreement/agreement.wxss
@@ -0,0 +1,11 @@
+.page { min-height: 100vh; background: #000; }
+.nav-bar { position: fixed; top: 0; left: 0; right: 0; z-index: 100; background: rgba(0,0,0,0.95); display: flex; align-items: center; justify-content: space-between; padding: 0 32rpx; height: 88rpx; }
+.nav-back { width: 72rpx; height: 72rpx; background: #1c1c1e; border-radius: 50%; display: flex; align-items: center; justify-content: center; font-size: 32rpx; color: #fff; }
+.nav-title { font-size: 36rpx; font-weight: 600; color: #00CED1; }
+.nav-placeholder { width: 72rpx; }
+.content { height: calc(100vh - 132rpx); padding: 32rpx; box-sizing: border-box; }
+.doc-card { background: #1c1c1e; border-radius: 24rpx; padding: 40rpx; border: 2rpx solid rgba(0,206,209,0.2); }
+.doc-title { font-size: 34rpx; font-weight: 700; color: #fff; display: block; margin-bottom: 16rpx; }
+.doc-update { font-size: 24rpx; color: rgba(255,255,255,0.5); display: block; margin-bottom: 32rpx; }
+.doc-section { font-size: 28rpx; font-weight: 600; color: #00CED1; display: block; margin: 24rpx 0 12rpx; }
+.doc-p { font-size: 26rpx; color: rgba(255,255,255,0.85); line-height: 1.75; display: block; margin-bottom: 16rpx; }
diff --git a/miniprogram/pages/my/my.js b/miniprogram/pages/my/my.js
index 9f6d9491..d5e9e3ab 100644
--- a/miniprogram/pages/my/my.js
+++ b/miniprogram/pages/my/my.js
@@ -57,6 +57,8 @@ Page({
// 登录弹窗
showLoginModal: false,
isLoggingIn: false,
+ // 用户须主动勾选同意协议(审核要求:不得默认同意)
+ agreeProtocol: false,
// 修改昵称弹窗
showNicknameModal: false,
@@ -453,9 +455,29 @@ Page({
this.setData({ activeTab: tab })
},
- // 显示登录弹窗
+ // 显示登录弹窗(每次打开时协议未勾选,符合审核要求)
showLogin() {
- this.setData({ showLoginModal: true })
+ try {
+ this.setData({ showLoginModal: true, agreeProtocol: false })
+ } catch (e) {
+ console.error('[My] showLogin error:', e)
+ this.setData({ showLoginModal: true })
+ }
+ },
+
+ // 切换协议勾选(用户主动勾选,非默认同意)
+ toggleAgree() {
+ this.setData({ agreeProtocol: !this.data.agreeProtocol })
+ },
+
+ // 打开用户协议页(审核要求:点击《用户协议》需有响应)
+ openUserProtocol() {
+ wx.navigateTo({ url: '/pages/agreement/agreement' })
+ },
+
+ // 打开隐私政策页(审核要求:点击《隐私政策》需有响应)
+ openPrivacy() {
+ wx.navigateTo({ url: '/pages/privacy/privacy' })
},
// 关闭登录弹窗
@@ -464,21 +486,24 @@ Page({
this.setData({ showLoginModal: false })
},
- // 微信登录
+ // 微信登录(须已勾选同意协议,且做好错误处理避免审核报错)
async handleWechatLogin() {
+ if (!this.data.agreeProtocol) {
+ wx.showToast({ title: '请先阅读并同意用户协议和隐私政策', icon: 'none' })
+ return
+ }
this.setData({ isLoggingIn: true })
-
try {
const result = await app.login()
if (result) {
this.initUserStatus()
- this.setData({ showLoginModal: false })
+ this.setData({ showLoginModal: false, agreeProtocol: false })
wx.showToast({ title: '登录成功', icon: 'success' })
} else {
wx.showToast({ title: '登录失败,请重试', icon: 'none' })
}
} catch (e) {
- console.error('微信登录错误:', e)
+ console.error('[My] 微信登录错误:', e)
wx.showToast({ title: '登录失败,请重试', icon: 'none' })
} finally {
this.setData({ isLoggingIn: false })
diff --git a/miniprogram/pages/my/my.wxml b/miniprogram/pages/my/my.wxml
index cd06b6ca..e33dd9ed 100644
--- a/miniprogram/pages/my/my.wxml
+++ b/miniprogram/pages/my/my.wxml
@@ -270,16 +270,22 @@
登录后可购买章节、解锁更多内容
取消
- 登录即表示同意《用户协议》和《隐私政策》
+
+ {{agreeProtocol ? '✓' : ''}}
+ 我已阅读并同意
+ 《用户协议》
+ 和
+ 《隐私政策》
+
diff --git a/miniprogram/pages/my/my.wxss b/miniprogram/pages/my/my.wxss
index 15b44a5b..9c4b0e3e 100644
--- a/miniprogram/pages/my/my.wxss
+++ b/miniprogram/pages/my/my.wxss
@@ -994,12 +994,43 @@
text-align: center;
}
-.login-notice {
- display: block;
+/* 协议勾选行(审核:用户须主动勾选,协议可点击查看) */
+.login-agree-row {
+ display: flex;
+ flex-wrap: wrap;
+ align-items: center;
+ justify-content: center;
margin-top: 32rpx;
font-size: 22rpx;
- color: rgba(255, 255, 255, 0.3);
- text-align: center;
+ color: rgba(255, 255, 255, 0.5);
+}
+.agree-checkbox {
+ width: 32rpx;
+ height: 32rpx;
+ border: 2rpx solid rgba(255, 255, 255, 0.5);
+ border-radius: 6rpx;
+ margin-right: 12rpx;
+ display: flex;
+ align-items: center;
+ justify-content: center;
+ font-size: 22rpx;
+ color: #fff;
+ flex-shrink: 0;
+}
+.agree-checked {
+ background: #00CED1;
+ border-color: #00CED1;
+}
+.agree-text {
+ color: rgba(255, 255, 255, 0.6);
+}
+.agree-link {
+ color: #00CED1;
+ text-decoration: underline;
+ padding: 0 4rpx;
+}
+.btn-wechat-disabled {
+ opacity: 0.6;
}
/* ===== 底部留白 ===== */
diff --git a/miniprogram/pages/privacy/privacy.js b/miniprogram/pages/privacy/privacy.js
new file mode 100644
index 00000000..0cd665db
--- /dev/null
+++ b/miniprogram/pages/privacy/privacy.js
@@ -0,0 +1,21 @@
+/**
+ * Soul创业派对 - 隐私政策
+ * 审核要求:登录前可点击《隐私政策》查看完整内容
+ */
+const app = getApp()
+
+Page({
+ data: {
+ statusBarHeight: 44
+ },
+
+ onLoad() {
+ this.setData({
+ statusBarHeight: app.globalData.statusBarHeight || 44
+ })
+ },
+
+ goBack() {
+ wx.navigateBack()
+ }
+})
diff --git a/miniprogram/pages/privacy/privacy.json b/miniprogram/pages/privacy/privacy.json
new file mode 100644
index 00000000..f567904d
--- /dev/null
+++ b/miniprogram/pages/privacy/privacy.json
@@ -0,0 +1 @@
+{"usingComponents":{},"navigationStyle":"custom","navigationBarTitleText":"隐私政策"}
diff --git a/miniprogram/pages/privacy/privacy.wxml b/miniprogram/pages/privacy/privacy.wxml
new file mode 100644
index 00000000..cf414ad7
--- /dev/null
+++ b/miniprogram/pages/privacy/privacy.wxml
@@ -0,0 +1,40 @@
+
+
+
+ ←
+ 隐私政策
+
+
+
+
+
+
+ Soul创业实验 隐私政策
+ 更新日期:以小程序内展示为准
+
+ 一、信息收集
+ 为向您提供阅读、购买、推广与提现等服务,我们可能收集:微信昵称、头像、openId、手机号(在您授权时)、订单与收益相关数据。我们仅在法律允许及您同意的范围内收集必要信息。
+
+ 二、信息使用
+ 所收集信息用于账号识别、订单与收益结算、客服与纠纷处理、产品优化及法律义务履行,不会用于与上述目的无关的营销或向第三方出售。
+
+ 三、信息存储与安全
+ 数据存储在中华人民共和国境内,我们采取合理技术和管理措施保障数据安全,防止未经授权的访问、泄露或篡改。
+
+ 四、信息共享
+ 未经您同意,我们不会将您的个人信息共享给第三方,法律法规要求或为完成支付、提现等必要合作除外(如微信支付、微信商家转账)。
+
+ 五、您的权利
+ 您有权查询、更正、删除您的个人信息,或撤回授权。部分权限撤回可能影响相关功能使用。您可通过小程序设置或联系我们就隐私问题提出请求。
+
+ 六、未成年人
+ 如您为未成年人,请在监护人同意下使用本服务。我们不会主动收集未成年人个人信息。
+
+ 七、政策更新
+ 我们可能适时更新本政策,更新后将通过小程序内公示等方式通知您。继续使用即视为接受更新后的政策。
+
+ 八、联系我们
+ 如有隐私相关疑问或投诉,请通过小程序内「关于作者」或 Soul 派对房与我们联系。
+
+
+
diff --git a/miniprogram/pages/privacy/privacy.wxss b/miniprogram/pages/privacy/privacy.wxss
new file mode 100644
index 00000000..08fadc43
--- /dev/null
+++ b/miniprogram/pages/privacy/privacy.wxss
@@ -0,0 +1,11 @@
+.page { min-height: 100vh; background: #000; }
+.nav-bar { position: fixed; top: 0; left: 0; right: 0; z-index: 100; background: rgba(0,0,0,0.95); display: flex; align-items: center; justify-content: space-between; padding: 0 32rpx; height: 88rpx; }
+.nav-back { width: 72rpx; height: 72rpx; background: #1c1c1e; border-radius: 50%; display: flex; align-items: center; justify-content: center; font-size: 32rpx; color: #fff; }
+.nav-title { font-size: 36rpx; font-weight: 600; color: #00CED1; }
+.nav-placeholder { width: 72rpx; }
+.content { height: calc(100vh - 132rpx); padding: 32rpx; box-sizing: border-box; }
+.doc-card { background: #1c1c1e; border-radius: 24rpx; padding: 40rpx; border: 2rpx solid rgba(0,206,209,0.2); }
+.doc-title { font-size: 34rpx; font-weight: 700; color: #fff; display: block; margin-bottom: 16rpx; }
+.doc-update { font-size: 24rpx; color: rgba(255,255,255,0.5); display: block; margin-bottom: 32rpx; }
+.doc-section { font-size: 28rpx; font-weight: 600; color: #00CED1; display: block; margin: 24rpx 0 12rpx; }
+.doc-p { font-size: 26rpx; color: rgba(255,255,255,0.85); line-height: 1.75; display: block; margin-bottom: 16rpx; }
diff --git a/miniprogram/pages/read/read.js b/miniprogram/pages/read/read.js
index 0a015411..daf040a7 100644
--- a/miniprogram/pages/read/read.js
+++ b/miniprogram/pages/read/read.js
@@ -60,6 +60,7 @@ Page({
// 弹窗
showShareModal: false,
showLoginModal: false,
+ agreeProtocol: false,
showPosterModal: false,
isPaying: false,
isGeneratingPoster: false,
@@ -483,29 +484,50 @@ Page({
}
},
- // 显示登录弹窗
+ // 显示登录弹窗(每次打开协议未勾选,符合审核要求)
showLoginModal() {
- this.setData({ showLoginModal: true })
+ try {
+ this.setData({ showLoginModal: true, agreeProtocol: false })
+ } catch (e) {
+ console.error('[Read] showLoginModal error:', e)
+ this.setData({ showLoginModal: true })
+ }
},
closeLoginModal() {
this.setData({ showLoginModal: false })
},
+ toggleAgree() {
+ this.setData({ agreeProtocol: !this.data.agreeProtocol })
+ },
+
+ openUserProtocol() {
+ wx.navigateTo({ url: '/pages/agreement/agreement' })
+ },
+
+ openPrivacy() {
+ wx.navigateTo({ url: '/pages/privacy/privacy' })
+ },
+
// 从服务端刷新购买状态,避免登录后误用旧数据导致误解锁
- // 【重构】微信登录(标准流程)
+ // 【重构】微信登录(须先勾选同意协议,符合审核要求)
async handleWechatLogin() {
+ if (!this.data.agreeProtocol) {
+ wx.showToast({ title: '请先阅读并同意用户协议和隐私政策', icon: 'none' })
+ return
+ }
try {
const result = await app.login()
if (!result) return
- this.setData({ showLoginModal: false })
+ this.setData({ showLoginModal: false, agreeProtocol: false })
await this.onLoginSuccess()
wx.showToast({ title: '登录成功', icon: 'success' })
} catch (e) {
console.error('[Read] 登录失败:', e)
- wx.showToast({ title: '登录失败', icon: 'none' })
+ wx.showToast({ title: '登录失败,请重试', icon: 'none' })
}
},
diff --git a/miniprogram/pages/read/read.wxml b/miniprogram/pages/read/read.wxml
index eb4183a8..a17cc3b3 100644
--- a/miniprogram/pages/read/read.wxml
+++ b/miniprogram/pages/read/read.wxml
@@ -262,7 +262,7 @@
-
+
✕
@@ -270,12 +270,18 @@
登录 Soul创业派对
登录后可购买章节、解锁更多内容
-
diff --git a/miniprogram/pages/read/read.wxss b/miniprogram/pages/read/read.wxss
index e87d8c3e..8b0ecca2 100644
--- a/miniprogram/pages/read/read.wxss
+++ b/miniprogram/pages/read/read.wxss
@@ -830,12 +830,39 @@
font-size: 32rpx;
}
-.login-notice {
- font-size: 22rpx;
- color: rgba(255, 255, 255, 0.3);
+.login-agree-row {
+ display: flex;
+ flex-wrap: wrap;
+ align-items: center;
+ justify-content: center;
margin-top: 32rpx;
- display: block;
+ font-size: 22rpx;
+ color: rgba(255, 255, 255, 0.5);
}
+.agree-checkbox {
+ width: 32rpx;
+ height: 32rpx;
+ border: 2rpx solid rgba(255, 255, 255, 0.5);
+ border-radius: 6rpx;
+ margin-right: 12rpx;
+ display: flex;
+ align-items: center;
+ justify-content: center;
+ font-size: 22rpx;
+ color: #fff;
+ flex-shrink: 0;
+}
+.agree-checked {
+ background: #00CED1;
+ border-color: #00CED1;
+}
+.agree-text { color: rgba(255, 255, 255, 0.6); }
+.agree-link {
+ color: #00CED1;
+ text-decoration: underline;
+ padding: 0 4rpx;
+}
+.btn-wechat-disabled { opacity: 0.6; }
/* ===== 支付中加载 ===== */
.loading-box {
diff --git a/soul-admin/.env.development b/soul-admin/.env.development
index 610a77c7..d4531a6a 100644
--- a/soul-admin/.env.development
+++ b/soul-admin/.env.development
@@ -3,4 +3,5 @@
# VITE_API_BASE_URL=http://localhost:3006
VITE_API_BASE_URL=http://localhost:8080
# VITE_API_BASE_URL=https://soulapi.quwanzhi.com
+# VITE_API_BASE_URL=https://soul.quwanzhi.com
diff --git a/soul-admin/src/api/auth.ts b/soul-admin/src/api/auth.ts
new file mode 100644
index 00000000..c89169bf
--- /dev/null
+++ b/soul-admin/src/api/auth.ts
@@ -0,0 +1,28 @@
+/**
+ * 管理端 JWT 本地存储(localStorage),与 soul-api JWT 鉴权配合
+ */
+const ADMIN_TOKEN_KEY = 'admin_token'
+
+export function getAdminToken(): string | null {
+ try {
+ return localStorage.getItem(ADMIN_TOKEN_KEY)
+ } catch {
+ return null
+ }
+}
+
+export function setAdminToken(token: string): void {
+ try {
+ localStorage.setItem(ADMIN_TOKEN_KEY, token)
+ } catch {
+ // ignore
+ }
+}
+
+export function clearAdminToken(): void {
+ try {
+ localStorage.removeItem(ADMIN_TOKEN_KEY)
+ } catch {
+ // ignore
+ }
+}
diff --git a/soul-admin/src/api/client.ts b/soul-admin/src/api/client.ts
index 46becbaa..d28af2fd 100644
--- a/soul-admin/src/api/client.ts
+++ b/soul-admin/src/api/client.ts
@@ -1,9 +1,11 @@
/**
* 统一 API 请求封装
* 规则:API 路径与现网完全一致,仅通过 baseUrl 区分环境(Next 或未来 Gin)
- * 无缝切换:仅修改 VITE_API_BASE_URL 即可切换后端
+ * 鉴权:管理端使用 JWT,自动带 Authorization: Bearer (token 存 localStorage)
*/
+import { getAdminToken } from './auth'
+
/** 未设置环境变量时使用的默认 API 地址(零配置部署) */
const DEFAULT_API_BASE = 'https://soulapi.quwanzhi.com'
@@ -24,7 +26,7 @@ export type RequestInitWithBody = RequestInit & { data?: unknown }
/**
* 发起请求。path 为与现网一致的 API 路径(如 /api/admin、/api/orders)。
- * 自动带上 credentials: 'include' 以支持 Cookie 鉴权(与现有 Next 一致)。
+ * 若有 admin_token(JWT)则自动带 Authorization: Bearer;credentials: 'include' 保留以兼容需 Cookie 的接口。
*/
export async function request(
path: string,
@@ -33,6 +35,10 @@ export async function request(
const { data, ...init } = options
const url = apiUrl(path)
const headers = new Headers(init.headers as HeadersInit)
+ const token = getAdminToken()
+ if (token) {
+ headers.set('Authorization', `Bearer ${token}`)
+ }
if (data !== undefined && data !== null && !headers.has('Content-Type')) {
headers.set('Content-Type', 'application/json')
}
diff --git a/soul-admin/src/layouts/AdminLayout.tsx b/soul-admin/src/layouts/AdminLayout.tsx
index 908eff31..e74f1631 100644
--- a/soul-admin/src/layouts/AdminLayout.tsx
+++ b/soul-admin/src/layouts/AdminLayout.tsx
@@ -10,6 +10,7 @@ import {
BookOpen,
} from 'lucide-react'
import { get, post } from '@/api/client'
+import { clearAdminToken } from '@/api/auth'
const menuItems = [
{ icon: LayoutDashboard, label: '数据概览', href: '/dashboard' },
@@ -52,7 +53,12 @@ export function AdminLayout() {
}, [mounted, navigate])
const handleLogout = async () => {
- await post('/api/admin/logout', {})
+ clearAdminToken()
+ try {
+ await post('/api/admin/logout', {})
+ } catch {
+ // 忽略登出接口失败,本地已清 token
+ }
navigate('/login', { replace: true })
}
diff --git a/soul-admin/src/pages/login/LoginPage.tsx b/soul-admin/src/pages/login/LoginPage.tsx
index 33f3d11d..8a35e741 100644
--- a/soul-admin/src/pages/login/LoginPage.tsx
+++ b/soul-admin/src/pages/login/LoginPage.tsx
@@ -4,6 +4,7 @@ import { Lock, User, ShieldCheck } from 'lucide-react'
import { Button } from '@/components/ui/button'
import { Input } from '@/components/ui/input'
import { post } from '@/api/client'
+import { setAdminToken } from '@/api/auth'
export function LoginPage() {
const navigate = useNavigate()
@@ -16,11 +17,16 @@ export function LoginPage() {
setError('')
setLoading(true)
try {
- const data = await post<{ success?: boolean; error?: string }>('/api/admin', {
+ const data = await post<{
+ success?: boolean
+ error?: string
+ token?: string
+ }>('/api/admin', {
username: username.trim(),
password,
})
- if (data?.success !== false) {
+ if (data?.success !== false && data?.token) {
+ setAdminToken(data.token)
navigate('/dashboard', { replace: true })
return
}
diff --git a/soul-api/go.mod b/soul-api/go.mod
index a6b1db88..bb000653 100644
--- a/soul-api/go.mod
+++ b/soul-api/go.mod
@@ -29,6 +29,7 @@ require (
github.com/go-playground/validator/v10 v10.20.0 // indirect
github.com/go-sql-driver/mysql v1.7.0 // indirect
github.com/goccy/go-json v0.10.2 // indirect
+ github.com/golang-jwt/jwt/v5 v5.3.1 // indirect
github.com/jinzhu/inflection v1.0.0 // indirect
github.com/jinzhu/now v1.1.5 // indirect
github.com/json-iterator/go v1.1.12 // indirect
diff --git a/soul-api/go.sum b/soul-api/go.sum
index 63d6cc20..51573120 100644
--- a/soul-api/go.sum
+++ b/soul-api/go.sum
@@ -47,6 +47,8 @@ github.com/go-sql-driver/mysql v1.7.0 h1:ueSltNNllEqE3qcWBTD0iQd3IpL/6U+mJxLkazJ
github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/golang-jwt/jwt/v5 v5.3.1 h1:kYf81DTWFe7t+1VvL7eS+jKFVWaUnK9cB1qbwn63YCY=
+github.com/golang-jwt/jwt/v5 v5.3.1/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
diff --git a/soul-api/internal/auth/adminjwt.go b/soul-api/internal/auth/adminjwt.go
new file mode 100644
index 00000000..650dc852
--- /dev/null
+++ b/soul-api/internal/auth/adminjwt.go
@@ -0,0 +1,68 @@
+// Package auth 管理端 JWT:签发与校验,使用 Authorization: Bearer
+package auth
+
+import (
+ "net/http"
+ "strings"
+ "time"
+
+ "github.com/golang-jwt/jwt/v5"
+)
+
+const adminJWTExpire = 7 * 24 * time.Hour // 7 天
+
+// AdminClaims 管理端 JWT 载荷
+type AdminClaims struct {
+ jwt.RegisteredClaims
+ Username string `json:"username"`
+ Role string `json:"role"`
+}
+
+// IssueAdminJWT 签发管理端 JWT,使用 ADMIN_SESSION_SECRET 签名
+func IssueAdminJWT(secret, username string) (string, error) {
+ now := time.Now()
+ claims := AdminClaims{
+ RegisteredClaims: jwt.RegisteredClaims{
+ ExpiresAt: jwt.NewNumericDate(now.Add(adminJWTExpire)),
+ IssuedAt: jwt.NewNumericDate(now),
+ Subject: "admin",
+ },
+ Username: username,
+ Role: "admin",
+ }
+ tok := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+ return tok.SignedString([]byte(secret))
+}
+
+// ParseAdminJWT 校验并解析 JWT,返回 claims;无效或过期返回 nil, false
+func ParseAdminJWT(tokenString, secret string) (*AdminClaims, bool) {
+ if tokenString == "" || secret == "" {
+ return nil, false
+ }
+ tok, err := jwt.ParseWithClaims(tokenString, &AdminClaims{}, func(t *jwt.Token) (interface{}, error) {
+ return []byte(secret), nil
+ }, jwt.WithValidMethods([]string{"HS256"}))
+ if err != nil || !tok.Valid {
+ return nil, false
+ }
+ claims, ok := tok.Claims.(*AdminClaims)
+ if !ok || claims.Username == "" {
+ return nil, false
+ }
+ return claims, true
+}
+
+// GetAdminJWTFromRequest 从请求中读取 JWT:优先 Authorization: Bearer ,其次 Cookie admin_session(兼容旧端)
+func GetAdminJWTFromRequest(r *http.Request) string {
+ // 1. Authorization: Bearer
+ ah := r.Header.Get("Authorization")
+ if strings.HasPrefix(ah, "Bearer ") {
+ return strings.TrimSpace(ah[7:])
+ }
+ // 2. Cookie(兼容:若值为 JWT 格式则可用)
+ c, err := r.Cookie(adminCookieName)
+ if err != nil || c == nil {
+ return ""
+ }
+ return strings.TrimSpace(c.Value)
+}
diff --git a/soul-api/internal/auth/adminsession.go b/soul-api/internal/auth/adminsession.go
index 1f366d96..6dcb6583 100644
--- a/soul-api/internal/auth/adminsession.go
+++ b/soul-api/internal/auth/adminsession.go
@@ -53,6 +53,14 @@ func AdminCookieName() string { return adminCookieName }
// MaxAgeSec 返回 session 有效秒数
func MaxAgeSec() int { return maxAgeSec }
+// SetCookieHeaderValue 返回完整的 Set-Cookie 头内容(含 SameSite=None; Secure,供跨站时携带 Cookie)
+func SetCookieHeaderValue(token string, maxAge int) string {
+ if maxAge <= 0 {
+ return adminCookieName + "=; Path=/; Max-Age=0; HttpOnly; SameSite=None; Secure"
+ }
+ return adminCookieName + "=" + token + "; Path=/; Max-Age=" + strconv.Itoa(maxAge) + "; HttpOnly; SameSite=None; Secure"
+}
+
// GetAdminTokenFromRequest 从请求 Cookie 中读取 admin_session
func GetAdminTokenFromRequest(r *http.Request) string {
c, err := r.Cookie(adminCookieName)
diff --git a/soul-api/internal/handler/admin.go b/soul-api/internal/handler/admin.go
index 1ab493c2..e1fee345 100644
--- a/soul-api/internal/handler/admin.go
+++ b/soul-api/internal/handler/admin.go
@@ -9,19 +9,18 @@ import (
"github.com/gin-gonic/gin"
)
-// AdminCheck GET /api/admin 鉴权检查(与 next-project 一致:校验 admin_session cookie,已登录返回 success 或概览占位)
+// AdminCheck GET /api/admin 鉴权检查(JWT:Authorization Bearer 或 Cookie),已登录返回 success 或概览占位
func AdminCheck(c *gin.Context) {
cfg := config.Get()
if cfg == nil {
c.JSON(http.StatusOK, gin.H{"success": true})
return
}
- token := auth.GetAdminTokenFromRequest(c.Request)
- if !auth.VerifyAdminToken(token, cfg.AdminSessionSecret) {
+ token := auth.GetAdminJWTFromRequest(c.Request)
+ if _, ok := auth.ParseAdminJWT(token, cfg.AdminSessionSecret); !ok {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"success": false, "error": "未授权访问,请先登录"})
return
}
- // 与 next 一致:返回 success,可选带概览占位供前端扩展
c.JSON(http.StatusOK, gin.H{
"success": true,
"content": gin.H{
@@ -40,7 +39,7 @@ func AdminCheck(c *gin.Context) {
})
}
-// AdminLogin POST /api/admin 登录(与 next-project 一致:校验 ADMIN_USERNAME/PASSWORD,写 admin_session cookie)
+// AdminLogin POST /api/admin 登录(校验 ADMIN_USERNAME/PASSWORD,返回 JWT,前端存 token 并带 Authorization: Bearer)
func AdminLogin(c *gin.Context) {
cfg := config.Get()
if cfg == nil {
@@ -61,19 +60,22 @@ func AdminLogin(c *gin.Context) {
c.JSON(http.StatusUnauthorized, gin.H{"success": false, "error": "用户名或密码错误"})
return
}
- token := auth.CreateAdminToken(cfg.AdminSessionSecret)
- c.SetCookie(auth.AdminCookieName(), token, auth.MaxAgeSec(), "/", "", false, true)
+ token, err := auth.IssueAdminJWT(cfg.AdminSessionSecret, username)
+ if err != nil {
+ c.JSON(http.StatusInternalServerError, gin.H{"success": false, "error": "签发失败"})
+ return
+ }
c.JSON(http.StatusOK, gin.H{
"success": true,
+ "token": token,
"user": gin.H{
"id": "admin", "username": cfg.AdminUsername, "role": "admin", "name": "卡若",
},
})
}
-// AdminLogout POST /api/admin/logout 清除 admin_session cookie
+// AdminLogout POST /api/admin/logout 服务端无状态,仅返回成功;前端需清除本地 token
func AdminLogout(c *gin.Context) {
- c.SetCookie(auth.AdminCookieName(), "", -1, "/", "", false, true)
c.JSON(http.StatusOK, gin.H{"success": true})
}
diff --git a/soul-api/internal/handler/admin_withdrawals.go b/soul-api/internal/handler/admin_withdrawals.go
index 40520b6c..e93517db 100644
--- a/soul-api/internal/handler/admin_withdrawals.go
+++ b/soul-api/internal/handler/admin_withdrawals.go
@@ -149,9 +149,7 @@ func AdminWithdrawalsAction(c *gin.Context) {
return
}
- // 调用微信转账接口;未初始化时仅标记为已打款(线下打款)
- outBatchNo := wechat.GenerateTransferBatchNo()
- outDetailNo := wechat.GenerateTransferDetailNo()
+ // 调用微信转账接口(FundApp 单笔发起转账,与 商家转账.md 示例一致)
remark := "提现"
if w.Remark != nil && *w.Remark != "" {
remark = *w.Remark
@@ -161,26 +159,21 @@ func AdminWithdrawalsAction(c *gin.Context) {
c.JSON(http.StatusOK, gin.H{"success": false, "error": "提现金额异常"})
return
}
- // 微信批次备注最多 32 字符,用简短文案避免超长
- batchRemark := fmt.Sprintf("提现 %.2f 元", w.Amount)
- if len([]rune(batchRemark)) > 32 {
- batchRemark = "用户提现"
- }
- params := wechat.TransferParams{
- OutBatchNo: outBatchNo,
- OutDetailNo: outDetailNo,
- OpenID: openID,
- Amount: amountFen,
- Remark: remark,
- BatchName: "用户提现",
- BatchRemark: batchRemark,
+ outBillNo := w.ID // 商户单号,回调时 out_bill_no 即此值,用于更新该条提现
+ params := wechat.FundAppTransferParams{
+ OutBillNo: outBillNo,
+ OpenID: openID,
+ Amount: amountFen,
+ Remark: remark,
+ NotifyURL: "", // 由 wechat 包从配置读取 WechatTransferURL
+ TransferSceneId: "1005",
}
- result, err := wechat.InitiateTransfer(params)
+ result, err := wechat.InitiateTransferByFundApp(params)
if err != nil {
errMsg := err.Error()
- fmt.Printf("[AdminWithdrawals] 发起转账失败 id=%s: %s(微信侧不会产生批次记录)\n", body.ID, errMsg)
- // 未初始化或未配置转账:仅标记为已打款并提示线下处理(与 transfer 包返回文案一致)
+ fmt.Printf("[AdminWithdrawals] 发起转账失败 id=%s: %s\n", body.ID, errMsg)
+ // 未初始化或未配置转账:仅标记为已打款并提示线下处理
if errMsg == "支付/转账未初始化,请先调用 wechat.Init" || errMsg == "转账客户端未初始化" {
_ = db.Model(&w).Updates(map[string]interface{}{
"status": "success",
@@ -192,7 +185,7 @@ func AdminWithdrawalsAction(c *gin.Context) {
})
return
}
- // 其他打款失败(含调用腾讯接口失败):记失败原因
+ // 微信接口报错或其它失败:把微信/具体原因返回给管理端展示,不返回「微信处理中」
failMsg := errMsg
_ = db.Model(&w).Updates(map[string]interface{}{
"status": "failed",
@@ -200,6 +193,23 @@ func AdminWithdrawalsAction(c *gin.Context) {
"error_message": failMsg,
"processed_at": now,
}).Error
+ c.JSON(http.StatusOK, gin.H{
+ "success": false,
+ "error": "发起打款失败",
+ "message": failMsg, // 管理端直接展示微信报错信息(如 IP 白名单、参数错误等)
+ })
+ return
+ }
+
+ // 防护:微信未返回商户单号时也按失败返回,避免管理端显示「已发起打款」却无单号
+ if result.OutBillNo == "" {
+ failMsg := "微信未返回商户单号,请检查商户平台(如 IP 白名单)或查看服务端日志"
+ _ = db.Model(&w).Updates(map[string]interface{}{
+ "status": "failed",
+ "fail_reason": failMsg,
+ "error_message": failMsg,
+ "processed_at": now,
+ }).Error
c.JSON(http.StatusOK, gin.H{
"success": false,
"error": "发起打款失败",
@@ -208,28 +218,26 @@ func AdminWithdrawalsAction(c *gin.Context) {
return
}
- // 打款已受理,更新为处理中并保存商家批次/明细单号及微信批次号
- fmt.Printf("[AdminWithdrawals] 微信已受理 id=%s out_batch_no=%s batch_id=%s(商户后台「商家转账到零钱」可凭商家批次单号查询)\n", body.ID, result.OutBatchNo, result.BatchID)
+ // 打款已受理(FundApp 单笔),更新为处理中并保存商户单号、微信转账单号
+ fmt.Printf("[AdminWithdrawals] 微信已受理 id=%s out_bill_no=%s transfer_bill_no=%s\n", body.ID, result.OutBillNo, result.TransferBillNo)
processingStatus := "processing"
- batchID := result.BatchID
if err := db.Model(&w).Updates(map[string]interface{}{
"status": processingStatus,
- "batch_no": outBatchNo,
- "detail_no": outDetailNo,
- "batch_id": batchID,
+ "detail_no": result.OutBillNo, // 回调用 out_bill_no 匹配此字段
+ "batch_no": result.OutBillNo, // 单笔无批次,存同一单号便于查询
+ "batch_id": result.TransferBillNo,
"processed_at": now,
}).Error; err != nil {
fmt.Printf("[AdminWithdrawals] 更新提现状态失败 id=%s: %v\n", body.ID, err)
c.JSON(http.StatusOK, gin.H{"success": false, "error": "更新状态失败: " + err.Error()})
return
}
- // 始终返回 out_batch_no 便于追踪;batch_id 为微信返回,可能为空
c.JSON(http.StatusOK, gin.H{
"success": true,
"message": "已发起打款,微信处理中",
"data": gin.H{
- "batch_id": batchID,
- "out_batch_no": outBatchNo,
+ "out_bill_no": result.OutBillNo,
+ "transfer_bill_no": result.TransferBillNo,
},
})
return
@@ -275,20 +283,29 @@ func AdminWithdrawalsSync(c *gin.Context) {
if w.DetailNo != nil {
detailNo = *w.DetailNo
}
- if batchNo == "" || detailNo == "" {
+ if detailNo == "" {
continue
}
- res, err := wechat.QueryTransfer(batchNo, detailNo)
- if err != nil {
- continue
- }
- status := ""
- if s, ok := res["detail_status"].(string); ok {
- status = s
- }
- failReason := ""
- if s, ok := res["fail_reason"].(string); ok {
- failReason = s
+ var status, failReason string
+ // FundApp 单笔:batch_no == detail_no 时用商户单号查询
+ if batchNo == detailNo {
+ state, _, fail, err := wechat.QueryTransferByOutBill(detailNo)
+ if err != nil {
+ continue
+ }
+ status = state
+ failReason = fail
+ } else {
+ res, err := wechat.QueryTransfer(batchNo, detailNo)
+ if err != nil {
+ continue
+ }
+ if s, ok := res["detail_status"].(string); ok {
+ status = s
+ }
+ if s, ok := res["fail_reason"].(string); ok {
+ failReason = s
+ }
}
up := map[string]interface{}{"processed_at": now}
switch status {
diff --git a/soul-api/internal/middleware/admin_auth.go b/soul-api/internal/middleware/admin_auth.go
index 23899547..387fd7e0 100644
--- a/soul-api/internal/middleware/admin_auth.go
+++ b/soul-api/internal/middleware/admin_auth.go
@@ -9,7 +9,7 @@ import (
"github.com/gin-gonic/gin"
)
-// AdminAuth 管理端鉴权:校验 admin_session cookie 签名与过期(与 next-project 一致),未登录返回 401
+// AdminAuth 管理端鉴权:校验 JWT(Authorization: Bearer 或 Cookie admin_session),未登录返回 401
func AdminAuth() gin.HandlerFunc {
return func(c *gin.Context) {
cfg := config.Get()
@@ -17,8 +17,8 @@ func AdminAuth() gin.HandlerFunc {
c.Next()
return
}
- token := auth.GetAdminTokenFromRequest(c.Request)
- if !auth.VerifyAdminToken(token, cfg.AdminSessionSecret) {
+ token := auth.GetAdminJWTFromRequest(c.Request)
+ if _, ok := auth.ParseAdminJWT(token, cfg.AdminSessionSecret); !ok {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"success": false, "error": "未授权访问,请先登录"})
return
}
diff --git a/soul-api/internal/wechat/transfer.go b/soul-api/internal/wechat/transfer.go
index d7c6fc8d..e2b72356 100644
--- a/soul-api/internal/wechat/transfer.go
+++ b/soul-api/internal/wechat/transfer.go
@@ -8,6 +8,7 @@ import (
"soul-api/internal/config"
"github.com/ArtisanCloud/PowerLibs/v3/object"
+ fundAppRequest "github.com/ArtisanCloud/PowerWeChat/v3/src/payment/fundApp/request"
"github.com/ArtisanCloud/PowerWeChat/v3/src/payment/transfer/request"
)
@@ -136,3 +137,83 @@ func GenerateTransferDetailNo() string {
random := now.UnixNano() % 1000000
return fmt.Sprintf("WDD%s%06d", timestamp, random)
}
+
+// FundAppTransferParams 单笔转账(FundApp 发起转账)参数
+type FundAppTransferParams struct {
+ OutBillNo string // 商户单号(唯一,回调时 out_bill_no 即此值,建议存到 withdrawal.detail_no)
+ OpenID string
+ UserName string // 可选
+ Amount int // 分
+ Remark string
+ NotifyURL string
+ TransferSceneId string // 可选,如 "1005"
+}
+
+// FundAppTransferResult 单笔转账结果
+type FundAppTransferResult struct {
+ OutBillNo string
+ TransferBillNo string
+ State string
+}
+
+// InitiateTransferByFundApp 发起商家转账到零钱(PowerWeChat FundApp.TransferBills 单笔接口)
+// 与 TransferBatch 不同,此为 /v3/fund-app/mch-transfer/transfer-bills 单笔发起,回调仍为 MCHTRANSFER.BILL.FINISHED,解密后 out_bill_no 即本接口传入的 OutBillNo
+func InitiateTransferByFundApp(params FundAppTransferParams) (*FundAppTransferResult, error) {
+ if paymentApp == nil || paymentApp.FundApp == nil {
+ return nil, fmt.Errorf("支付/转账未初始化,请先调用 wechat.Init")
+ }
+ req := &fundAppRequest.RequestTransferBills{
+ Appid: cfg.WechatAppID,
+ OutBillNo: params.OutBillNo,
+ TransferSceneId: params.TransferSceneId,
+ Openid: params.OpenID,
+ UserName: params.UserName,
+ TransferAmount: params.Amount,
+ TransferRemark: params.Remark,
+ NotifyUrl: params.NotifyURL,
+ }
+ if req.NotifyUrl == "" && cfg.WechatTransferURL != "" {
+ req.NotifyUrl = cfg.WechatTransferURL
+ }
+ ctx := context.Background()
+ resp, err := paymentApp.FundApp.TransferBills(ctx, req)
+ if err != nil {
+ return nil, fmt.Errorf("发起转账失败: %w", err)
+ }
+ if resp == nil {
+ return nil, fmt.Errorf("转账返回为空")
+ }
+ // 微信返回 4xx 时 body 可能被解析到 resp,需根据 code 或 out_bill_no 判断是否成功
+ if resp.Code != "" {
+ msg := resp.Message
+ if msg == "" {
+ msg = resp.Code
+ }
+ return nil, fmt.Errorf("微信接口报错: %s", msg)
+ }
+ if resp.OutBillNo == "" {
+ return nil, fmt.Errorf("微信未返回商户单号,可能请求被拒绝(如IP未加入白名单)")
+ }
+ result := &FundAppTransferResult{
+ OutBillNo: resp.OutBillNo,
+ TransferBillNo: resp.TransferBillNo,
+ State: resp.State,
+ }
+ return result, nil
+}
+
+// QueryTransferByOutBill 按商户单号查询单笔转账结果(FundApp 接口,用于 sync)
+func QueryTransferByOutBill(outBillNo string) (state, transferBillNo, failReason string, err error) {
+ if paymentApp == nil || paymentApp.FundApp == nil {
+ return "", "", "", fmt.Errorf("支付/转账未初始化")
+ }
+ ctx := context.Background()
+ resp, err := paymentApp.FundApp.QueryOutBill(ctx, outBillNo)
+ if err != nil {
+ return "", "", "", err
+ }
+ if resp == nil {
+ return "", "", "", nil
+ }
+ return resp.State, resp.TransferBillNo, resp.FailReason, nil
+}
diff --git a/soul-api/soul-api b/soul-api/soul-api
index 701e1544..4e8bb4e6 100644
Binary files a/soul-api/soul-api and b/soul-api/soul-api differ
diff --git a/soul-api/tmp/build-errors.log b/soul-api/tmp/build-errors.log
deleted file mode 100644
index 05e59854..00000000
--- a/soul-api/tmp/build-errors.log
+++ /dev/null
@@ -1 +0,0 @@
-exit status 1
\ No newline at end of file
diff --git a/soul-api/tmp/main.exe b/soul-api/tmp/main.exe
index dc08943d..fb0eb91f 100644
Binary files a/soul-api/tmp/main.exe and b/soul-api/tmp/main.exe differ
diff --git a/soul-api/wechat/info.log b/soul-api/wechat/info.log
index f4cd31f9..3ef83fe7 100644
--- a/soul-api/wechat/info.log
+++ b/soul-api/wechat/info.log
@@ -74,3 +74,5 @@
{"level":"debug","timestamp":"2026-02-10T12:08:29+08:00","caller":"kernel/baseClient.go:459","content":"------------------response content:HTTP/1.1 403 Forbidden\r\nContent-Length: 171\r\nCache-Control: no-cache, must-revalidate\r\nConnection: keep-alive\r\nContent-Language: zh-CN\r\nContent-Type: application/json; charset=utf-8\r\nDate: Tue, 10 Feb 2026 04:08:29 GMT\r\nKeep-Alive: timeout=8\r\nRequest-Id: 08BDDEAACC06109D0518FFD6BCA80120833328B353-268561072\r\nServer: nginx\r\nWechatpay-Nonce: 0c9b955af9117d9b1af03144d0447beb\r\nWechatpay-Serial: 5F2543BF58239A4EB68FA4433DF1438A88B34B16\r\nWechatpay-Signature: kNG2ssMabq8glay+pAo+RW1dX/ehzRBF38SeqoPTNUaEHJZ5R0mOg3FixQiKs8oihZUJr3fRrhIEPObZvNSLsZiCJpTXwFUtW4GJDrHOjXX+/ds/sW84n5EkWgDPkkqZkwdFlB/GDXfcxYRLudneIkshu7pNLXgQKphd6TvNg4duyjtfdhmNb5AtTaWHeryAqTgyY8wuNpVy5eIk3TN04wDQ2Ze0YfbkpTdco14uP56If/tMu8l7U7NVffx2QKPt36+CmO247sLrQv7dvXgUtrNerMdKK79+OhWlR0Pi7Cbzbtz4ZSMSPYT5qUw6D9nvcBLNIGp7q/hRaY6FL5rghQ==\r\nWechatpay-Signature-Type: WECHATPAY2-SHA256-RSA2048\r\nWechatpay-Timestamp: 1770696509\r\nX-Content-Type-Options: nosniff\r\n\r\n{\"code\":\"NO_AUTH\",\"message\":\"当前商户号接入升级版本功能,暂不支持使用升级前功能,请在产品中心-商家转账-前往功能查看接口文档\"}"}
{"level":"debug","timestamp":"2026-02-10T12:08:49+08:00","caller":"kernel/baseClient.go:457","content":"POST https://api.mch.weixin.qq.com/v3/transfer/batches request header: { Content-Type:application/jsonAuthorization:WECHATPAY2-SHA256-RSA2048 mchid=\"1318592501\",nonce_str=\"njxELaEQZjek7jnMN7D9vrPUnJSfgyMw\",timestamp=\"1770696527\",serial_no=\"4A1DB62CD5C9BE0B6FC51C30621D6F99686E75C5\",signature=\"EXsdVY0hMIES02Q4tEAh0RESMgHU7jQVcvTmEh7E0vvSZqXXL5h0eko+lShUViCKF4bucVIcYxv6oc5wxy0J46ibDMejmXgst3nJTNfBy0YT7OkD4menLuEIuy/gb8KzLaFqkXfdIzJZn8v/hdPYxBFQIdzkVU/hGzq4GUbrc2Nz8ePjo75vGBHTeY0mZiuOA5MkLSQu23BT1NCaktgfF8/8HRTPeYqkTmjBNPeBjgRJKgB0WnzSwOV3QnWa5pBcdNM31LaO60aP6cXvXdAfEagKyMpNEy2ts9ELcrc5TOao6uhqo4woG/FCslMErpq8V7rc+wl8gaE6lCY8X02xaA==\"Accept:*/*} request body:"}
{"level":"debug","timestamp":"2026-02-10T12:08:49+08:00","caller":"kernel/baseClient.go:459","content":"------------------response content:HTTP/1.1 403 Forbidden\r\nContent-Length: 171\r\nCache-Control: no-cache, must-revalidate\r\nConnection: keep-alive\r\nContent-Language: zh-CN\r\nContent-Type: application/json; charset=utf-8\r\nDate: Tue, 10 Feb 2026 04:08:49 GMT\r\nKeep-Alive: timeout=8\r\nRequest-Id: 08D1DEAACC06102B18FFD6BCA80120AA1928EBB404-268561072\r\nServer: nginx\r\nWechatpay-Nonce: 6c965e3c5aca952b9666dbccc6881923\r\nWechatpay-Serial: 5F2543BF58239A4EB68FA4433DF1438A88B34B16\r\nWechatpay-Signature: KKjTWimPKOSVdM/MzuPt3oAxtq3Cy2lr3ZqFXByMmgs3lovRianNEmtwmOi5EGtyo4TbdbUVpzObLUepZGfTIG7Cz8U1cnGLmqxfZxgSyRIatf5OVGYIh5RIwYrkqFdJaN/zcdjYOc73N8FWYn5+bgY51D6aD27AWbPwA7nYNJB4rKmH2QRR9ZuI1kuwDob2ezKWgzV8pkU3DxRSPP/G+BM/HINzurl04/bjAfAtst9JynlPfO61EmEEUCILSpBbKn9dSzEIq2YSz5SxIExv24fhUJ0pjcjvVZo+O0Ddx9vrkNDNSPXao83zqiZTrQkix2vDAEIc6r5SsLCyaGwaTA==\r\nWechatpay-Signature-Type: WECHATPAY2-SHA256-RSA2048\r\nWechatpay-Timestamp: 1770696529\r\nX-Content-Type-Options: nosniff\r\n\r\n{\"code\":\"NO_AUTH\",\"message\":\"当前商户号接入升级版本功能,暂不支持使用升级前功能,请在产品中心-商家转账-前往功能查看接口文档\"}"}
+{"level":"debug","timestamp":"2026-02-10T14:30:44+08:00","caller":"kernel/baseClient.go:457","content":"POST https://api.mch.weixin.qq.com/v3/fund-app/mch-transfer/transfer-bills request header: { Content-Type:application/jsonAuthorization:WECHATPAY2-SHA256-RSA2048 mchid=\"1318592501\",nonce_str=\"tAslXtBASHF46eu8viT6eWrevb5s3amJ\",timestamp=\"1770705044\",serial_no=\"4A1DB62CD5C9BE0B6FC51C30621D6F99686E75C5\",signature=\"45mBO41rIGYDKEtV0wVTh5IjM9OsZNFFDcPpHCEXZin9ukqYHo8GXRlLR50gTYaETzoOry+kdI6Xe1aNpGoLLbeGFOw5Znj167BGrGPnfwyX87lAEvXbafrq7fpab+tVDHXJfLw/dnQ8q+Wy5/gszJx/YllSgyMgoIg+7gc3TDy8e6Ft/QtbbB8CLP4LVUvonG30OdVbspIDd6YpCsJSDQ58dM8Xb7sFEHaUv4bBVwu4U3sZ41muEXFH2JUgsVCT3AR+PgwXyTPeb+cNJyQ0RVAJ04/0fdPV3LszfKvjNJx5rtl05MQd5uS+Dh8JlFDXfHicnC4jG3EtAz1rT7crjw==\"Accept:*/*} request body:"}
+{"level":"debug","timestamp":"2026-02-10T14:30:44+08:00","caller":"kernel/baseClient.go:459","content":"------------------response content:HTTP/1.1 400 Bad Request\r\nContent-Length: 98\r\nCache-Control: no-cache, must-revalidate\r\nConnection: keep-alive\r\nContent-Language: zh-CN\r\nContent-Type: application/json; charset=utf-8\r\nDate: Tue, 10 Feb 2026 06:30:44 GMT\r\nKeep-Alive: timeout=8\r\nRequest-Id: 0894A1ABCC0610DF0318ECE7F8AF0120EE482884D103-268491067\r\nServer: nginx\r\nWechatpay-Nonce: 1edf81984af96eff23f05a173edee1a9\r\nWechatpay-Serial: 5F2543BF58239A4EB68FA4433DF1438A88B34B16\r\nWechatpay-Signature: sSpmhuIF5wtIHyiwwk7/4mjif3D6FadetjRTkamWXzuiTPp2Vmfo0je2ZKIC038nEqQpfC59ZuC2D6/xROJeAgbpuveTsNw+gRuw7ixMomRnu2ur5paxrelIxjxrStp66wjlbHRQgmsJyCag42ObZqrvJWA7SqPbyaYl3fmLGCv5I4uTiVLwTNmv2dg+9iMw6mk00A5sN99FXKDXIPrrTvKpyi7lbqoleDNzVBdG+DMhPh8Etjlr/QpHydjrTZ28plul6YtITAp8zYmEOMg/s0Iiz9Mp9ZCNDA2PPG1D/jZ2wpxqr1XMCnE6yZE3oKQqoXZZQr336LYjMxeQEh1lRA==\r\nWechatpay-Signature-Type: WECHATPAY2-SHA256-RSA2048\r\nWechatpay-Timestamp: 1770705044\r\nX-Content-Type-Options: nosniff\r\n\r\n{\"code\":\"INVALID_REQUEST\",\"message\":\"此IP地址不允许调用接口,请按开发指引设置\"}"}
diff --git a/soul-api/提现功能完整技术文档.md b/soul-api/提现功能完整技术文档.md
index 14e9a5e8..6eb1737f 100644
--- a/soul-api/提现功能完整技术文档.md
+++ b/soul-api/提现功能完整技术文档.md
@@ -79,7 +79,7 @@
### 开发指引
- **API V3 开发总览**:https://pay.weixin.qq.com/doc/v3/merchant/4012065168
-- **PHP SDK 使用**:https://pay.weixin.qq.com/doc/v3/merchant/4012076511
+
---
@@ -141,21 +141,8 @@ curl ifconfig.me
- **1000**:现金营销
- **1005**:营销活动
-### 5. 环境要求
-
-- PHP >= 7.0
-- OpenSSL 扩展(必须)
-- cURL 扩展(必须)
-- JSON 扩展(必须)
-- TLS 1.2+
-
**检查环境**:
-```bash
-php -v
-php -m | grep openssl
-php -m | grep curl
-```
---
diff --git a/soul-api/管理端鉴权设计.md b/soul-api/管理端鉴权设计.md
new file mode 100644
index 00000000..068de0ad
--- /dev/null
+++ b/soul-api/管理端鉴权设计.md
@@ -0,0 +1,116 @@
+# soul-api 管理端登录判断与权限校验
+
+## 一、有没有登录的依据(JWT)
+
+**依据:请求中的 JWT。优先从 `Authorization: Bearer ` 读取,兼容从 Cookie `admin_session` 读取。**
+
+| 项目 | 说明 |
+|------|------|
+| 推荐方式 | 请求头 `Authorization: Bearer ` |
+| 兼容方式 | Cookie 名 `admin_session`,值为 JWT 字符串 |
+| JWT 算法 | HS256,密钥为 `ADMIN_SESSION_SECRET` |
+| 有效期 | 7 天(exp claim) |
+| 载荷 | sub=admin, username, role=admin |
+| 校验 | 验签 + 未过期 → 视为已登录 |
+
+- 配置:`ADMIN_USERNAME` / `ADMIN_PASSWORD` 用于登录校验;`ADMIN_SESSION_SECRET` 用于签发/校验 JWT。
+- 未带有效 JWT → 401。
+
+---
+
+## 二、权限校验设计(路由分层)
+
+- **不校验登录**:只做业务逻辑(登录、登出、鉴权检查)
+ - `GET /api/admin` → 鉴权检查(读 Cookie,有效 200 / 无效 401)
+ - `POST /api/admin` → 登录(校验账号密码,写 Cookie)
+ - `POST /api/admin/logout` → 登出(删 Cookie)
+
+- **必须已登录**:挂 `AdminAuth()` 中间件,从请求读 `admin_session` 并验签+过期,不通过直接 401,不进入 handler
+ - `/api/admin/*`(如 chapters、content、withdrawals、settings 等)
+ - `/api/db/*`
+
+- **其它**:如 `/api/miniprogram/*`、`/api/book/*` 等不加 AdminAuth,按各自接口鉴权(如小程序 token)。
+
+---
+
+## 三、框图
+
+```mermaid
+flowchart TB
+ subgraph 前端["soul-admin 前端"]
+ A[用户打开后台 / 请求接口]
+ A --> B{请求类型}
+ B -->|登录| C[POST /api/admin]
+ B -->|登出| D[POST /api/admin/logout]
+ B -->|进后台前检查| E[GET /api/admin]
+ B -->|业务接口| F[GET/POST /api/admin/xxx]
+ end
+
+ subgraph 请求["每次请求"]
+ G[浏览器自动携带 Cookie: admin_session]
+ G --> H[发往 soul-api]
+ end
+
+ subgraph soul-api["soul-api 路由"]
+ I["/api/admin 三条(无中间件)"]
+ J["/api/admin/* 与 /api/db/*"]
+ J --> K[AdminAuth 中间件]
+ end
+
+ subgraph 鉴权["AdminAuth 与 AdminCheck 逻辑"]
+ K --> L[从请求读 Cookie admin_session]
+ L --> M{有 Cookie?}
+ M -->|无| N[401 未授权]
+ M -->|有| O[解析 exp.signature]
+ O --> P{未过期 且 验签通过?}
+ P -->|否| N
+ P -->|是| Q[放行 / 返回 200]
+ end
+
+ C --> I
+ D --> I
+ E --> I
+ F --> J
+ H --> soul-api
+ I --> E2[GET: 同鉴权逻辑 200/401]
+ I --> C2[POST: 校验账号密码 写 Cookie]
+ I --> D2[POST: 清 Cookie]
+```
+
+**路由与中间件关系(框线):**
+
+```mermaid
+flowchart LR
+ subgraph 无鉴权["不经过 AdminAuth"]
+ R1[GET /api/admin]
+ R2[POST /api/admin]
+ R3[POST /api/admin/logout]
+ end
+
+ subgraph 需登录["经过 AdminAuth"]
+ R4["/api/admin/chapters"]
+ R5["/api/admin/withdrawals"]
+ R6["/api/admin/settings"]
+ R7["/api/db/*"]
+ end
+
+ subgraph 中间件["AdminAuth()"]
+ M[读 Cookie → 验 token → 通过/401]
+ end
+
+ H1[直接进 handler]
+ H2[通过则进 handler]
+ 无鉴权 --> H1
+ 需登录 --> M --> H2
+```
+
+---
+
+## 四、相关代码位置
+
+| 作用 | 位置 |
+|------|------|
+| JWT 签发/校验/从请求取 token | `internal/auth/adminjwt.go` |
+| 登录、登出、GET 鉴权检查 | `internal/handler/admin.go` |
+| 管理端中间件 | `internal/middleware/admin_auth.go` |
+| 路由挂载 | `internal/router/router.go`(api.Group + admin.Use(AdminAuth())) |