Spaces:

DeepLearning101
/

API-CIECIETAIPEI

Running

App Files Files Community

DeepLearning101 commited on 9 days ago

Commit

b4479dc

verified ·

1 Parent(s): 1b7678c

Update main.py

Browse files

Files changed (1) hide show

main.py +102 -26

main.py CHANGED Viewed

@@ -6,13 +6,18 @@ from supabase import create_client, Client
 import os
 import requests
 import uuid
 app = FastAPI(title="Cié Cié Backend API")
 # 🌟 解決 CORS (跨域) 問題：允許您的 GitHub Pages 前端呼叫這台主機
 app.add_middleware(
     CORSMiddleware,
-    allow_origins=["*"], # 正式上線可改為 ["https://ciecietaipei.github.io"]
     allow_credentials=True,
     allow_methods=["*"],
     allow_headers=["*"],
@@ -20,11 +25,17 @@ app.add_middleware(
 # 讀取環境變數 (請在 Hugging Face Settings 中設定)
 SUPABASE_URL = os.getenv("SUPABASE_URL", "")
-# ⚠️ 注意：這裡必須使用 service_role key，才能無視 RLS 直接查核黑名單與寫入！
-SUPABASE_KEY = os.getenv("SUPABASE_KEY", "")
 LINE_ACCESS_TOKEN = os.getenv("LINE_ACCESS_TOKEN", "")
-BOSS_LINE_ID = os.getenv("BOSS_LINE_ID", "") # 老闆的 LINE User ID
 # 初始化 Supabase
 supabase: Client = create_client(SUPABASE_URL, SUPABASE_KEY) if SUPABASE_URL else None
@@ -71,22 +82,92 @@ async def submit_booking(payload: OrderPayload):
     # 💳 階段 2：金流分流處理 (需要收訂金 vs 不用收訂金)
     # ==========================================
-    # 狀況 A：需要付款 (產生 LINE Pay 連結)
     if final_deposit > 0:
         order_id = f"ORDER-{uuid.uuid4().hex[:8].upper()}"
-        # ⚠️ 這裡未來會串接真實的 LINE Pay API，目前先回傳模擬的結帳網址
-        mock_payment_url = f"https://sandbox-web-pay.line.me/web/payment/wait?transactionReserveId=mock&orderId={order_id}"
-        # 我們不先把資料寫入資料庫，而是等他「付款成功」的 Webhook 再寫入
-        return {
-            "status": "require_payment",
-            "message": "訂單需支付訂金",
-            "is_noshow_penalty": is_noshow, # 讓前端知道是不是因為被懲罰才要付錢
-            "deposit_amount": final_deposit,
-            "payment_url": mock_payment_url,
-            "order_id": order_id
         }
     # 狀況 B：不需付款 (直接寫入資料庫並完成訂位)
     booking_data = {
@@ -95,27 +176,22 @@ async def submit_booking(payload: OrderPayload):
         "date": payload.date,
         "time": payload.time,
         "pax": payload.pax,
-        "email": "", # 可由前端擴充
         "user_id": payload.line_id,
         "status": "待處理",
-        "remarks": f"類型: {'外帶' if payload.service_type == 'takeout' else '內用'}\n餐點內容: {payload.cart}"
     }
     try:
         supabase.table("bookings").insert(booking_data).execute()
         # 🔔 通知老闆有新訂位
         notify_boss(payload.name, payload.tel, payload.date, payload.time, payload.pax)
-        return {
-            "status": "success",
-            "message": "訂位已成功建立！"
-        }
     except Exception as e:
         raise HTTPException(status_code=500, detail=f"寫入資料庫失敗: {str(e)}")
 def notify_boss(name, tel, date, time, pax):
-    """發送 LINE 通知給老闆 (需設定環境變數)"""
     if not LINE_ACCESS_TOKEN or not BOSS_LINE_ID:
         return
     msg = f"🔔 【新訂位通知】\n姓名：{name}\n電話：{tel}\n時間：{date} {time}\n人數：{pax}位"

 import os
 import requests
 import uuid
+import json
+import base64
+import hashlib
+import hmac
+import time
 app = FastAPI(title="Cié Cié Backend API")
 # 🌟 解決 CORS (跨域) 問題：允許您的 GitHub Pages 前端呼叫這台主機
 app.add_middleware(
     CORSMiddleware,
+    allow_origins=["*"],
     allow_credentials=True,
     allow_methods=["*"],
     allow_headers=["*"],
 # 讀取環境變數 (請在 Hugging Face Settings 中設定)
 SUPABASE_URL = os.getenv("SUPABASE_URL", "")
+SUPABASE_KEY = os.getenv("SUPABASE_KEY", "") # 必須使用 service_role key
 LINE_ACCESS_TOKEN = os.getenv("LINE_ACCESS_TOKEN", "")
+BOSS_LINE_ID = os.getenv("BOSS_LINE_ID", "")
+# 🌟 LINE Pay 金鑰設定 🌟
+LINE_PAY_CHANNEL_ID = os.getenv("LINE_PAY_CHANNEL_ID", "")
+LINE_PAY_CHANNEL_SECRET = os.getenv("LINE_PAY_CHANNEL_SECRET", "")
+LINE_PAY_BASE_URL = "https://sandbox-api-pay.line.me" # 這是沙盒(測試)環境的專屬網址
+# 結帳完成後要跳轉回哪個網頁？(設定回您的官網)
+RETURN_URL = "https://ciecietaipei.github.io/index.html"
 # 初始化 Supabase
 supabase: Client = create_client(SUPABASE_URL, SUPABASE_KEY) if SUPABASE_URL else None
     # 💳 階段 2：金流分流處理 (需要收訂金 vs 不用收訂金)
     # ==========================================
+    # 狀況 A：需要付款 (產生真實 LINE Pay 連結)
     if final_deposit > 0:
         order_id = f"ORDER-{uuid.uuid4().hex[:8].upper()}"
+        # 1. 準備發送給 LINE Pay 的訂單資料 (JSON)
+        request_body = {
+            "amount": final_deposit,
+            "currency": "TWD",
+            "orderId": order_id,
+            "packages": [
+                {
+                    "id": "pkg_1",
+                    "amount": final_deposit,
+                    "name": "Cié Cié Taipei 預約/點餐",
+                    "products": [
+                        {
+                            "name": "餐飲訂金與預付金",
+                            "quantity": 1,
+                            "price": final_deposit
+                        }
+                    ]
+                }
+            ],
+            "redirectUrls": {
+                "confirmUrl": RETURN_URL, # 客人付款完，LINE Pay 會把他導回您的首頁
+                "cancelUrl": RETURN_URL
+            }
+        }
+        # 2. 核心大魔王：生成 HMAC-SHA256 簽章
+        uri = "/v3/payments/request"
+        nonce = str(uuid.uuid4())
+        body_str = json.dumps(request_body)
+        message = LINE_PAY_CHANNEL_SECRET + uri + body_str + nonce
+        # 執行加密
+        signature = base64.b64encode(
+            hmac.new(
+                LINE_PAY_CHANNEL_SECRET.encode(),
+                message.encode(),
+                hashlib.sha256
+            ).digest()
+        ).decode()
+        # 3. 發送請求給 LINE Pay 總部
+        headers = {
+            "Content-Type": "application/json",
+            "X-LINE-ChannelId": LINE_PAY_CHANNEL_ID,
+            "X-LINE-Authorization-Nonce": nonce,
+            "X-LINE-Authorization": signature
         }
+        try:
+            line_pay_res = requests.post(
+                f"{LINE_PAY_BASE_URL}{uri}",
+                headers=headers,
+                data=body_str
+            )
+            res_data = line_pay_res.json()
+            # 如果 LINE Pay 成功受理，它會回傳一組專屬網址給我們
+            if res_data.get("returnCode") == "0000":
+                payment_url = res_data["info"]["paymentUrl"]["web"]
+                # 這裡我們先把訂單狀態記為 "待付款"，寫入資料庫
+                booking_data = {
+                    "name": payload.name, "tel": payload.tel, "date": payload.date,
+                    "time": payload.time, "pax": payload.pax, "user_id": payload.line_id,
+                    "status": "待付款", # 特別標記為待付款
+                    "remarks": f"類型: {'外帶' if payload.service_type == 'takeout' else '內用'}\n餐點: {payload.cart}\n訂單號: {order_id}"
+                }
+                supabase.table("bookings").insert(booking_data).execute()
+                return {
+                    "status": "require_payment",
+                    "message": "訂單需支付訂金",
+                    "is_noshow_penalty": is_noshow,
+                    "deposit_amount": final_deposit,
+                    "payment_url": payment_url, # 這是真實會跳轉去刷卡的網址！
+                    "order_id": order_id
+                }
+            else:
+                raise HTTPException(status_code=500, detail=f"LINE Pay 錯誤: {res_data.get('returnMessage')}")
+        except Exception as e:
+            raise HTTPException(status_code=500, detail=f"金流連線失敗: {str(e)}")
     # 狀況 B：不需付款 (直接寫入資料庫並完成訂位)
     booking_data = {
         "date": payload.date,
         "time": payload.time,
         "pax": payload.pax,
+        "email": "",
         "user_id": payload.line_id,
         "status": "待處理",
+        "remarks": f"類型: {'外帶' if payload.service_type == 'takeout' else '內用'}\n餐點: {payload.cart}"
     }
     try:
         supabase.table("bookings").insert(booking_data).execute()
         # 🔔 通知老闆有新訂位
         notify_boss(payload.name, payload.tel, payload.date, payload.time, payload.pax)
+        return { "status": "success", "message": "訂位已成功建立！" }
     except Exception as e:
         raise HTTPException(status_code=500, detail=f"寫入資料庫失敗: {str(e)}")
 def notify_boss(name, tel, date, time, pax):
+    """發送 LINE 通知給老闆"""
     if not LINE_ACCESS_TOKEN or not BOSS_LINE_ID:
         return
     msg = f"🔔 【新訂位通知】\n姓名：{name}\n電話：{tel}\n時間：{date} {time}\n人數：{pax}位"