Spaces:

ZHIWEI666
/

ComfyUI-Ranking-API

Running

App Files Files Community

ZHIWEI666 commited on 6 days ago

Commit

027a973

verified ·

1 Parent(s): 1774480

Upload 3 files

Browse files

Files changed (3) hide show

models.py +3 -3
models_sql.py +1 -1
router_wallet.py +41 -7

models.py CHANGED Viewed

@@ -1,5 +1,5 @@
 # models.py
-from pydantic import BaseModel, validator
 from typing import Optional, List
 class SendCodeRequest(BaseModel):
@@ -118,7 +118,7 @@ class RatingRequest(BaseModel):
 class RechargeRequest(BaseModel):
     account: str
-    amount: int
     method: Optional[str] = "alipay"
 class PurchaseRequest(BaseModel):
@@ -134,7 +134,7 @@ class TipRequest(BaseModel):
 class WithdrawRequest(BaseModel):
     account: str
-    amount: int
     alipayAccount: str
     real_name: str
     code: str

 # models.py
+from pydantic import BaseModel, Field, validator
 from typing import Optional, List
 class SendCodeRequest(BaseModel):
 class RechargeRequest(BaseModel):
     account: str
+    amount: int = Field(..., ge=1, le=10000)  # 单次充值1-10000
     method: Optional[str] = "alipay"
 class PurchaseRequest(BaseModel):
 class WithdrawRequest(BaseModel):
     account: str
+    amount: int = Field(..., ge=1, le=5000)  # 单次提现1-5000
     alipayAccount: str
     real_name: str
     code: str

models_sql.py CHANGED Viewed

@@ -61,7 +61,7 @@ class Transaction(Base):
     tx_id = Column(String, primary_key=True)
     account = Column(String, index=True)
-    tx_type = Column(String)                     # 枚举: RECHARGE, PURCHASE, EARN, TIP_SEND, TIP_RECEIVE, WITHDRAW_APPLY, REFUND
     amount = Column(Integer)
     related_account = Column(String, nullable=True)
     item_id = Column(String, nullable=True)

     tx_id = Column(String, primary_key=True)
     account = Column(String, index=True)
+    tx_type = Column(String)                     # 枚举: RECHARGE, PURCHASE, SALE, TIP_OUT, TIP_IN, WITHDRAW, WITHDRAW_FEE, REFUND, TASK_FREEZE, TASK_DEPOSIT, TASK_PAYMENT, TASK_INCOME, TASK_REFUND, TASK_CANCEL_REFUND
     amount = Column(Integer)
     related_account = Column(String, nullable=True)
     item_id = Column(String, nullable=True)

router_wallet.py CHANGED Viewed

@@ -124,13 +124,15 @@ def calculate_tx_hash(tx_id, account, tx_type, amount, prev_hash):
     return hashlib.sha256(data.encode()).hexdigest()
 @router.post("/api/wallet/create_recharge_order")
-async def create_recharge_order(req: RechargeRequest):
     if not alipay:
         # 这里会将真实的错误原因直接弹窗发给前端！
         raise HTTPException(status_code=500, detail=f"支付网关配置错误: {alipay_error_msg}")
     order_id = f"PAY_{int(time.time())}_{uuid.uuid4().hex[:6]}"
-    subject = f"ComfyUI Community Points - {req.account}"
     order_string = alipay.api_alipay_trade_precreate(
         out_trade_no=order_id,
@@ -270,7 +272,9 @@ async def get_wallet(account: str, db: Session = Depends(get_db)):
 @router.post("/api/wallet/purchase")
 @limiter.limit("10/minute")  # 🔒 P0安全优化：购买每分钟最多10次
-async def purchase_item(request: Request, req: PurchaseRequest, db: Session = Depends(get_db)):
     items_db = json_db.load_data("items.json", default_data=[])
     item = next((i for i in items_db if i["id"] == req.item_id), None)
@@ -381,6 +385,24 @@ async def purchase_item(request: Request, req: PurchaseRequest, db: Session = De
             related_user_name=seller_user_name
         )
         db.add(new_tx)
         db.commit()
         # 📝 P2优化：购买审计日志
@@ -413,7 +435,9 @@ async def purchase_item(request: Request, req: PurchaseRequest, db: Session = De
 @router.post("/api/wallet/tip")
 @limiter.limit("20/minute")  # 🔒 P0安全优化：打赏每分钟最多20次
-async def tip_user(request: Request, req: TipRequest, db: Session = Depends(get_db)):
     if req.amount <= 0:
         raise HTTPException(status_code=400, detail="打赏金额必须大于0")
     if req.sender_account == req.target_account:
@@ -568,7 +592,9 @@ async def tip_user(request: Request, req: TipRequest, db: Session = Depends(get_
 @router.post("/api/wallet/withdraw")
 @limiter.limit("3/minute")  # 🔒 P0安全优化：提现每分钟最多3次
-async def withdraw(request: Request, req: WithdrawRequest, db: Session = Depends(get_db)):
     # 🔒 P1幂等性防护：检查最近10秒内是否存在相同提现请求
     recent_cutoff = datetime.datetime.utcnow() - datetime.timedelta(seconds=10)
     duplicate_tx = db.query(Transaction).filter(
@@ -882,6 +908,12 @@ async def get_sales_stats(account: str, db: Session = Depends(get_db)):
     total_purchase = abs(purchase_stats.total or 0)
     purchase_count = purchase_stats.count or 0
     # 净销售 = 销售收入 - 购买支出
     net_sales = total_sales - total_purchase
@@ -889,7 +921,7 @@ async def get_sales_stats(account: str, db: Session = Depends(get_db)):
         "status": "success",
         "data": {
             "total_sales": total_sales,
-            "sales_count": 0,  # 目前无法精确统计销售笔数（没有卖家交易记录）
             "total_purchase": total_purchase,
             "purchase_count": purchase_count,
             "net_sales": net_sales
@@ -974,7 +1006,9 @@ async def get_purchase_status(account: str, item_id: str, db: Session = Depends(
 @router.post("/api/wallet/refund")
 @limiter.limit("3/minute")  # 🔒 P0安全优化：退款每分钟最多3次
-async def refund_purchase(request: Request, account: str, item_id: str, db: Session = Depends(get_db)):
     """
     🔄 P7后悔模式：申请退款
     - 24小时内可退款

     return hashlib.sha256(data.encode()).hexdigest()
 @router.post("/api/wallet/create_recharge_order")
+async def create_recharge_order(req: RechargeRequest, current_user: str = Depends(require_auth)):
     if not alipay:
         # 这里会将真实的错误原因直接弹窗发给前端！
         raise HTTPException(status_code=500, detail=f"支付网关配置错误: {alipay_error_msg}")
+    # 🔒 使用已认证用户账号，忽略客户端传入的 account
+    authenticated_account = current_user
     order_id = f"PAY_{int(time.time())}_{uuid.uuid4().hex[:6]}"
+    subject = f"ComfyUI Community Points - {authenticated_account}"
     order_string = alipay.api_alipay_trade_precreate(
         out_trade_no=order_id,
 @router.post("/api/wallet/purchase")
 @limiter.limit("10/minute")  # 🔒 P0安全优化：购买每分钟最多10次
+async def purchase_item(request: Request, req: PurchaseRequest, current_user: str = Depends(require_auth), db: Session = Depends(get_db)):
+    # 🔒 使用已认证用户账号，忽略客户端传入的 account
+    req.account = current_user
     items_db = json_db.load_data("items.json", default_data=[])
     item = next((i for i in items_db if i["id"] == req.item_id), None)
             related_user_name=seller_user_name
         )
         db.add(new_tx)
+        # 为卖家生成销售收入记录
+        buyer_info = users_db.get(req.account, {})
+        buyer_user_name = buyer_info.get("name", req.account)
+        seller_tx_id = f"SALE_{int(time.time())}_{uuid.uuid4().hex[:6]}"
+        seller_tx = Transaction(
+            tx_id=seller_tx_id,
+            account=seller_account,
+            tx_type="SALE",
+            amount=price,
+            related_account=req.account,
+            item_id=req.item_id,
+            item_title=item.get('title', ''),
+            item_type=item.get('type', ''),
+            related_user_name=buyer_user_name,
+            description=f"销售收入: {item.get('title', req.item_id)}"
+        )
+        db.add(seller_tx)
         db.commit()
         # 📝 P2优化：购买审计日志
 @router.post("/api/wallet/tip")
 @limiter.limit("20/minute")  # 🔒 P0安全优化：打赏每分钟最多20次
+async def tip_user(request: Request, req: TipRequest, current_user: str = Depends(require_auth), db: Session = Depends(get_db)):
+    # 🔒 使用已认证用户账号，忽略客户端传入的 sender_account
+    req.sender_account = current_user
     if req.amount <= 0:
         raise HTTPException(status_code=400, detail="打赏金额必须大于0")
     if req.sender_account == req.target_account:
 @router.post("/api/wallet/withdraw")
 @limiter.limit("3/minute")  # 🔒 P0安全优化：提现每分钟最多3次
+async def withdraw(request: Request, req: WithdrawRequest, current_user: str = Depends(require_auth), db: Session = Depends(get_db)):
+    # 🔒 使用已认证用户账号，忽略客户端传入的 account
+    req.account = current_user
     # 🔒 P1幂等性防护：检查最近10秒内是否存在相同提现请求
     recent_cutoff = datetime.datetime.utcnow() - datetime.timedelta(seconds=10)
     duplicate_tx = db.query(Transaction).filter(
     total_purchase = abs(purchase_stats.total or 0)
     purchase_count = purchase_stats.count or 0
+    # 统计销售笔数（SALE类型交易记录）
+    sales_count = db.query(sql_func.count(Transaction.tx_id)).filter(
+        Transaction.account == account,
+        Transaction.tx_type == "SALE"
+    ).scalar() or 0
     # 净销售 = 销售收入 - 购买支出
     net_sales = total_sales - total_purchase
         "status": "success",
         "data": {
             "total_sales": total_sales,
+            "sales_count": sales_count,
             "total_purchase": total_purchase,
             "purchase_count": purchase_count,
             "net_sales": net_sales
 @router.post("/api/wallet/refund")
 @limiter.limit("3/minute")  # 🔒 P0安全优化：退款每分钟最多3次
+async def refund_purchase(request: Request, item_id: str, current_user: str = Depends(require_auth), db: Session = Depends(get_db)):
+    # 🔒 使用已认证用户账号，忽略客户端传入的 account
+    account = current_user
     """
     🔄 P7后悔模式：申请退款
     - 24小时内可退款