feat: 小程序真实微信支付功能

新增:
1. /api/miniprogram/pay - 创建预支付订单API
2. /api/miniprogram/pay/notify - 支付回调处理
3. /api/miniprogram/login - 小程序登录获取openId

配置:
- 小程序AppID: wxb8bbb2b10dec74aa
- 商户号: 1318592501
- 回调地址: https://soul.cunbao.net/api/miniprogram/pay/notify

更新:
- app.js: 添加getOpenId方法，支付前获取openId
- read.js: processPayment调用真实支付接口
- 支持API不可用时回退到测试模式

app/api/miniprogram/pay/notify/route.ts

@@ -0,0 +1,141 @@
+/**
+ * 小程序支付回调通知处理
+ * 微信支付成功后会调用此接口
+ */
+
+import { NextResponse } from 'next/server'
+import crypto from 'crypto'
+
+const WECHAT_PAY_CONFIG = {
+  appId: 'wxb8bbb2b10dec74aa',
+  mchId: '1318592501',
+  mchKey: 'wx3e31b068be59ddc131b068be59ddc2',
+}
+
+// 生成签名
+function generateSign(params: Record<string, string>, key: string): string {
+  const sortedKeys = Object.keys(params).sort()
+  const signString = sortedKeys
+    .filter((k) => params[k] && k !== 'sign')
+    .map((k) => `${k}=${params[k]}`)
+    .join('&')
+
+  const signWithKey = `${signString}&key=${key}`
+  return crypto.createHash('md5').update(signWithKey, 'utf8').digest('hex').toUpperCase()
+}
+
+// 验证签名
+function verifySign(params: Record<string, string>, key: string): boolean {
+  const receivedSign = params.sign
+  if (!receivedSign) return false
+
+  const data = { ...params }
+  delete data.sign
+
+  const calculatedSign = generateSign(data, key)
+  return receivedSign === calculatedSign
+}
+
+// XML转对象
+function xmlToDict(xml: string): Record<string, string> {
+  const result: Record<string, string> = {}
+  const regex = /<(\w+)><!\[CDATA\[(.*?)\]\]><\/\1>/g
+  let match
+  while ((match = regex.exec(xml)) !== null) {
+    result[match[1]] = match[2]
+  }
+  const simpleRegex = /<(\w+)>([^<]*)<\/\1>/g
+  while ((match = simpleRegex.exec(xml)) !== null) {
+    if (!result[match[1]]) {
+      result[match[1]] = match[2]
+    }
+  }
+  return result
+}
+
+// 成功响应
+const SUCCESS_RESPONSE = `<xml>
+  <return_code><![CDATA[SUCCESS]]></return_code>
+  <return_msg><![CDATA[OK]]></return_msg>
+</xml>`
+
+// 失败响应
+const FAIL_RESPONSE = `<xml>
+  <return_code><![CDATA[FAIL]]></return_code>
+  <return_msg><![CDATA[ERROR]]></return_msg>
+</xml>`
+
+/**
+ * POST - 接收微信支付回调
+ */
+export async function POST(request: Request) {
+  try {
+    const xmlData = await request.text()
+    console.log('[PayNotify] 收到支付回调')
+
+    const data = xmlToDict(xmlData)
+
+    // 验证签名
+    if (!verifySign(data, WECHAT_PAY_CONFIG.mchKey)) {
+      console.error('[PayNotify] 签名验证失败')
+      return new Response(FAIL_RESPONSE, {
+        headers: { 'Content-Type': 'application/xml' }
+      })
+    }
+
+    // 检查支付结果
+    if (data.return_code !== 'SUCCESS' || data.result_code !== 'SUCCESS') {
+      console.log('[PayNotify] 支付未成功:', data.err_code, data.err_code_des)
+      return new Response(SUCCESS_RESPONSE, {
+        headers: { 'Content-Type': 'application/xml' }
+      })
+    }
+
+    const orderSn = data.out_trade_no
+    const transactionId = data.transaction_id
+    const totalFee = parseInt(data.total_fee || '0', 10)
+    const openId = data.openid
+
+    console.log('[PayNotify] 支付成功:', {
+      orderSn,
+      transactionId,
+      totalFee,
+      openId: openId?.slice(0, 10) + '...',
+    })
+
+    // 解析附加数据
+    let attach: Record<string, string> = {}
+    if (data.attach) {
+      try {
+        attach = JSON.parse(data.attach)
+      } catch (e) {
+        // 忽略解析错误
+      }
+    }
+
+    const { productType, productId, userId } = attach
+
+    // TODO: 这里应该更新数据库中的订单状态
+    // 1. 更新订单状态为已支付
+    // 2. 如果是章节购买，将章节添加到用户已购列表
+    // 3. 如果是全书购买，更新用户为全书用户
+    
+    console.log('[PayNotify] 订单处理完成:', {
+      orderSn,
+      productType,
+      productId,
+      userId,
+    })
+
+    // 返回成功响应给微信
+    return new Response(SUCCESS_RESPONSE, {
+      headers: { 'Content-Type': 'application/xml' }
+    })
+
+  } catch (error) {
+    console.error('[PayNotify] 处理回调失败:', error)
+    return new Response(FAIL_RESPONSE, {
+      headers: { 'Content-Type': 'application/xml' }
+    })
+  }
+}