Spaces:

ZHIWEI666
/

ComfyUI-Ranking-API

Running

App Files Files Community

ZHIWEI666 commited on Apr 3

Commit

c6147cc

verified ·

1 Parent(s): 43299fb

Upload router_wallet.py

Browse files

Files changed (1) hide show

router_wallet.py +779 -744

router_wallet.py CHANGED Viewed

@@ -1,745 +1,780 @@
-# router_wallet.py
-# ==========================================
-# 💰 钱包与交易路由模块
-# ==========================================
-# 作用：处理充值、提现、购买、打赏等资金操作
-# 关联文件：
-#   - verify_code_engine.py (提现验证码缓存)
-#   - database_sql.py (SQL数据库连接)
-#   - models_sql.py (Wallet, Transaction, Ownership 模型)
-# 🔒 P0安全优化：API限流
-# ==========================================
-from fastapi import APIRouter, Depends, HTTPException, Request
-from fastapi.responses import Response
-from sqlalchemy.orm import Session
-import time
-import uuid
-import hashlib
-import os
-import datetime
-import logging
-from database_sql import get_db
-from models_sql import Wallet, Transaction, Ownership, Refund
-from models import RechargeRequest, WithdrawRequest, PurchaseRequest, TipRequest
-import 数据库连接 as json_db
-# 🔒 P0安全优化：API限流
-from slowapi import Limiter
-from slowapi.util import get_remote_address
-limiter = Limiter(key_func=get_remote_address)
-# 🔄 P7后悔模式：24小时退款窗口
-REFUND_WINDOW_HOURS = 24
-# 🔄 P7后悔模式：退款后30天禁购
-REFUND_BAN_DAYS = 30
-# 📝 P2优化：审计日志
-logger = logging.getLogger("ComfyUI-Ranking.Wallet")
-# 🔐 导入验证码缓存 (提现时需要验证)
-from verify_code_engine import VERIFY_CODES
-router = APIRouter()
-# ==========================================
-# 🚨 替换这里的支付宝初始化逻辑 🚨
-# ==========================================
-def format_pem_key(key_str, key_type="PRIVATE"):
-    """自动给'裸奔'的秘钥穿上符合 Python 规范的外套"""
-    # 如果用户已经带有 BEGIN 标签，说明格式没问题，直接返回
-    if "BEGIN" in key_str:
-        return key_str.replace("\\n", "\n").strip()
-    # 去除所有的空格和换行符，拿到最纯净的字符串
-    clean_key = key_str.replace(" ", "").replace("\n", "").replace("\\n", "").replace("\r", "")
-    # 按照国际标准，每 64 个字符强制切断换行
-    chunks = [clean_key[i:i+64] for i in range(0, len(clean_key), 64)]
-    formatted_body = "\n".join(chunks)
-    # 穿上头尾外套
-    if key_type == "PRIVATE":
-        return f"-----BEGIN RSA PRIVATE KEY-----\n{formatted_body}\n-----END RSA PRIVATE KEY-----"
-    else:
-        return f"-----BEGIN PUBLIC KEY-----\n{formatted_body}\n-----END PUBLIC KEY-----"
-alipay_error_msg = "未知错误"
-try:
-    from alipay import AliPay
-    from alipay.utils import AliPayConfig
-    # 1. 抓取原生态的环境变量
-    raw_appid = os.environ.get("ALIPAY_APPID", "").strip()
-    raw_priv_key = os.environ.get("ALIPAY_PRIVATE_KEY", "").strip()
-    raw_pub_key = os.environ.get("ALIPAY_PUBLIC_KEY", "").strip()
-    if not raw_appid or not raw_priv_key or not raw_pub_key:
-        alipay_error_msg = f"缺少环境变量。当前读取到: APPID={bool(raw_appid)}, PRIV_KEY={bool(raw_priv_key)}, PUB_KEY={bool(raw_pub_key)}"
-        alipay = None
-    else:
-        # 2. 扔进我们的格式化引擎进行自动包装！
-        priv_key_formatted = format_pem_key(raw_priv_key, "PRIVATE")
-        pub_key_formatted = format_pem_key(raw_pub_key, "PUBLIC")
-        # 3. 完美加载
-        alipay = AliPay(
-            appid=raw_appid,
-            app_notify_url="https://zhiwei666-comfyui-ranking-api.hf.space/api/wallet/alipay_notify",
-            app_private_key_string=priv_key_formatted,
-            alipay_public_key_string=pub_key_formatted,
-            sign_type="RSA2",
-            debug=False,
-            config=AliPayConfig(timeout=15)
-        )
-except Exception as e:
-    alipay = None
-    alipay_error_msg = f"支付宝 SDK 崩溃: {str(e)}"
-    print(f"🚨 支付宝初始化异常: {alipay_error_msg}")
-def calculate_tx_hash(tx_id, account, tx_type, amount, prev_hash):
-    data = f"{tx_id}{account}{tx_type}{amount}{prev_hash}"
-    return hashlib.sha256(data.encode()).hexdigest()
-@router.post("/api/wallet/create_recharge_order")
-async def create_recharge_order(req: RechargeRequest):
-    if not alipay:
-        # 这里会将真实的错误原因直接弹窗发给前端！
-        raise HTTPException(status_code=500, detail=f"支付网关配置错误: {alipay_error_msg}")
-    order_id = f"PAY_{int(time.time())}_{uuid.uuid4().hex[:6]}"
-    subject = f"ComfyUI Community Points - {req.account}"
-    order_string = alipay.api_alipay_trade_precreate(
-        out_trade_no=order_id,
-        total_amount=str(req.amount),
-        subject=subject
-    )
-    qr_code_url = order_string.get("qr_code")
-    if not qr_code_url:
-        raise HTTPException(status_code=500, detail="生成支付二维码失败")
-    return {"status": "success", "order_id": order_id, "qr_code": qr_code_url}
-# 🟢 业务流转细节修复：正确解析 application/x-www-form-urlencoded
-@router.post("/api/wallet/alipay_notify")
-async def alipay_notify(request: Request, db: Session = Depends(get_db)):
-    # 强制将表单数据解析为纯字典，防止由于数据类型错误导致验签失败
-    form_data = await request.form()
-    data = dict(form_data.items())
-    signature = data.pop("sign", None)
-    data.pop("sign_type", None)
-    if not alipay or not signature or not alipay.verify(data, signature):
-        return Response(content="fail", media_type="text/plain")
-    if data.get("trade_status") in ("TRADE_SUCCESS", "TRADE_FINISHED"):
-        order_id = data.get("out_trade_no")
-        existing_tx = db.query(Transaction).filter(Transaction.tx_id == order_id).first()
-        if not existing_tx:
-            amount = int(float(data.get("total_amount", 0)))
-            account = data.get("subject", "").split(" - ")[-1]
-            # 🔒 P1并发安全：使用悲观锁+异常处理+事务回滚防止并发充值问题
-            try:
-                wallet = db.query(Wallet).filter(Wallet.account == account).with_for_update().first()
-                if not wallet:
-                    wallet = Wallet(account=account)
-                    db.add(wallet)
-                wallet.balance += amount
-                last_tx = db.query(Transaction).filter(Transaction.account == account).order_by(Transaction.created_at.desc()).first()
-                prev_hash = last_tx.tx_hash if last_tx else "GENESIS_HASH"
-                tx_hash = calculate_tx_hash(order_id, account, "RECHARGE", amount, prev_hash)
-                new_tx = Transaction(
-                    tx_id=order_id, account=account, tx_type="RECHARGE", amount=amount,
-                    prev_hash=prev_hash, tx_hash=tx_hash
-                )
-                db.add(new_tx)
-                db.commit()
-                # 📝 P2优化：充值审计日志
-                logger.info(f"RECHARGE | account={account} | amount={amount} | order={order_id}")
-            except Exception as e:
-                db.rollback()
-                logger.error(f"RECHARGE_ERROR | account={account} | amount={amount} | order={order_id} | error={str(e)}")
-                return Response(content="fail", media_type="text/plain")
-    return Response(content="success", media_type="text/plain")
-@router.get("/api/wallet/check_order/{order_id}")
-async def check_order(order_id: str, db: Session = Depends(get_db)):
-    tx = db.query(Transaction).filter(Transaction.tx_id == order_id).first()
-    if tx:
-        return {"status": "SUCCESS"}
-    return {"status": "PENDING"}
-@router.get("/api/wallet/{account}")
-async def get_wallet(account: str, db: Session = Depends(get_db)):
-    wallet = db.query(Wallet).filter(Wallet.account == account).first()
-    # 🚀 P1性能优化：使用聚合函数代替 .all() + sum
-    from sqlalchemy import func
-    total_withdrawn = db.query(func.coalesce(func.sum(Transaction.amount), 0)).filter(
-        Transaction.account == account,
-        Transaction.tx_type == 'WITHDRAW'
-    ).scalar() or 0
-    total_withdrawn = abs(total_withdrawn)  # 提现金额是负数
-    if not wallet:
-        return {"status": "success", "balance": 0, "earn_balance": 0, "tip_balance": 0, "frozen_balance": 0, "total_withdrawn": total_withdrawn}
-    return {
-        "status": "success",
-        "balance": wallet.balance,
-        "earn_balance": wallet.earn_balance,
-        "tip_balance": wallet.tip_balance,
-        "frozen_balance": wallet.frozen_balance,
-        "total_withdrawn": total_withdrawn  # 暴露给前端
-    }
-@router.post("/api/wallet/purchase")
-@limiter.limit("10/minute")  # 🔒 P0安全优化：购买每分钟最多10次
-async def purchase_item(request: Request, req: PurchaseRequest, db: Session = Depends(get_db)):
-    items_db = json_db.load_data("items.json", default_data=[])
-    item = next((i for i in items_db if i["id"] == req.item_id), None)
-    if not item:
-        raise HTTPException(status_code=404, detail="商品不存在")
-    # 🔄 P7后悔模式：检查价格是否延迟生效
-    actual_price = item.get("price", 0)
-    pending_price = item.get("pending_price")
-    pending_price_effective = item.get("pending_price_effective_at")
-    if pending_price is not None and pending_price_effective:
-        # 检查是否已过生效时间
-        effective_time = datetime.datetime.fromisoformat(pending_price_effective)
-        if datetime.datetime.now() >= effective_time:
-            actual_price = pending_price
-            # 更新实际价格，清除待生效价格
-            item["price"] = pending_price
-            item["pending_price"] = None
-            item["pending_price_effective_at"] = None
-            json_db.save_data("items.json", items_db)
-    price = int(actual_price)
-    seller_account = item.get("author")
-    if price <= 0 or req.account == seller_account:
-        # ☁️ 免费资源或作者本人，也返回网盘密码
-        return {
-            "status": "success",
-            "already_owned": True,
-            "netdisk_password": item.get("netdisk_password"),  # ☁️
-            "is_netdisk": item.get("is_netdisk", False)        # ☁️
-        }
-    # 🔄 P7后悔模式：检查30天禁购
-    refund_ban = db.query(Refund).filter(
-        Refund.account == req.account,
-        Refund.item_id == req.item_id,
-        Refund.ban_until > datetime.datetime.utcnow()
-    ).first()
-    if refund_ban:
-        days_left = (refund_ban.ban_until - datetime.datetime.utcnow()).days + 1
-        raise HTTPException(status_code=403, detail=f"您已退款过此商品，{days_left}天内禁止再次购买")
-    # 检查是否已拥有（排除已退款的记录）
-    owned = db.query(Ownership).filter(
-        Ownership.account == req.account,
-        Ownership.item_id == req.item_id,
-        Ownership.is_refunded == False
-    ).first()
-    if owned:
-        # ☁️ 已购买用户，返回网盘密码
-        return {
-            "status": "success",
-            "already_owned": True,
-            "netdisk_password": item.get("netdisk_password"),  # ☁️
-            "is_netdisk": item.get("is_netdisk", False)        # ☁️
-        }
-    # 🔒 P1并发安全：使用悲观锁+异常处理+事务回滚防止双花问题
-    try:
-        buyer_wallet = db.query(Wallet).filter(Wallet.account == req.account).with_for_update().first()
-        if not buyer_wallet or buyer_wallet.balance < price:
-            raise HTTPException(status_code=402, detail="余额不足，请先充值")
-        seller_wallet = db.query(Wallet).filter(Wallet.account == seller_account).with_for_update().first()
-        if not seller_wallet:
-            seller_wallet = Wallet(account=seller_account)
-            db.add(seller_wallet)
-        buyer_wallet.balance -= price
-        seller_wallet.earn_balance += price
-        # 🔄 P7后悔模式：记录购买价格
-        new_ownership = Ownership(account=req.account, item_id=req.item_id, price_paid=price)
-        db.add(new_ownership)
-        tx_id = f"BUY_{int(time.time())}_{uuid.uuid4().hex[:6]}"
-        last_tx = db.query(Transaction).filter(Transaction.account == req.account).order_by(Transaction.created_at.desc()).first()
-        prev_hash = last_tx.tx_hash if last_tx else "GENESIS_HASH"
-        tx_hash = calculate_tx_hash(tx_id, req.account, "PURCHASE", -price, prev_hash)
-        # 创建交易记录 (字段名为 related_account，与 models_sql.py 中 Transaction 模型保持一致)
-        new_tx = Transaction(
-            tx_id=tx_id, account=req.account, tx_type="PURCHASE", amount=-price,
-            related_account=seller_account, item_id=req.item_id, prev_hash=prev_hash, tx_hash=tx_hash
-        )
-        db.add(new_tx)
-        db.commit()
-        # 📝 P2优化：购买审计日志
-        logger.info(f"PURCHASE | buyer={req.account} | seller={seller_account} | item={req.item_id} | amount={price} | tx={tx_id}")
-        # ☁️ 购买成功后返回网盘密码
-        return {
-            "status": "success",
-            "already_owned": False,
-            "netdisk_password": item.get("netdisk_password"),  # ☁️ 只有购买成功才返回
-            "is_netdisk": item.get("is_netdisk", False)        # ☁️
-        }
-    except HTTPException:
-        db.rollback()
-        raise
-    except Exception as e:
-        db.rollback()
-        logger.error(f"PURCHASE_ERROR | buyer={req.account} | item={req.item_id} | error={str(e)}")
-        raise HTTPException(status_code=500, detail="购买处理失败，请稍后重试")
-@router.post("/api/wallet/tip")
-@limiter.limit("20/minute")  # 🔒 P0安全优化：打赏每分钟最多20次
-async def tip_user(request: Request, req: TipRequest, db: Session = Depends(get_db)):
-    if req.amount <= 0:
-        raise HTTPException(status_code=400, detail="打赏金额必须大于0")
-    if req.sender_account == req.target_account:
-        raise HTTPException(status_code=400, detail="不能打赏给自己")
-    # 🔒 P1并发安全：使用悲观锁+异常处理+事务回滚防止双花问题
-    try:
-        sender_wallet = db.query(Wallet).filter(Wallet.account == req.sender_account).with_for_update().first()
-        target_wallet = db.query(Wallet).filter(Wallet.account == req.target_account).with_for_update().first()
-        if not sender_wallet or sender_wallet.balance < req.amount:
-            raise HTTPException(status_code=400, detail="余额不足")
-        if not target_wallet:
-            target_wallet = Wallet(account=req.target_account, balance=0, earn_balance=0, tip_balance=0, frozen_balance=0)
-            db.add(target_wallet)
-        sender_wallet.balance -= req.amount
-        target_wallet.tip_balance += req.amount
-        tx_id_sender = f"TIP_OUT_{int(time.time())}_{uuid.uuid4().hex[:6]}"
-        tx_id_target = f"TIP_IN_{int(time.time())}_{uuid.uuid4().hex[:6]}"
-        # 记录交易
-        last_tx_sender = db.query(Transaction).filter(Transaction.account == req.sender_account).order_by(Transaction.created_at.desc()).first()
-        last_tx_target = db.query(Transaction).filter(Transaction.account == req.target_account).order_by(Transaction.created_at.desc()).first()
-        prev_hash_sender = last_tx_sender.tx_hash if last_tx_sender else "GENESIS_HASH"
-        prev_hash_target = last_tx_target.tx_hash if last_tx_target else "GENESIS_HASH"
-        # 发送方交易记录 (字段名为 related_account，与 models_sql.py 中 Transaction 模型保持一致)
-        tx_sender = Transaction(tx_id=tx_id_sender, account=req.sender_account, tx_type="TIP_OUT", amount=-req.amount,
-                                related_account=req.target_account, prev_hash=prev_hash_sender,
-                                tx_hash=calculate_tx_hash(tx_id_sender, req.sender_account, "TIP_OUT", -req.amount, prev_hash_sender))
-        # 接收方交易记录
-        tx_target = Transaction(tx_id=tx_id_target, account=req.target_account, tx_type="TIP_IN", amount=req.amount,
-                                related_account=req.sender_account, prev_hash=prev_hash_target,
-                                tx_hash=calculate_tx_hash(tx_id_target, req.target_account, "TIP_IN", req.amount, prev_hash_target))
-        db.add(tx_sender)
-        db.add(tx_target)
-        db.commit()
-        # 📝 P2优化：打赏审计日志
-        logger.info(f"TIP | from={req.sender_account} | to={req.target_account} | amount={req.amount} | item={req.item_id or 'N/A'} | anon={req.is_anonymous}")
-        # 🚀 核心新增：记录打赏榜单和月度收益趋势 (写入 JSON 以供高频读取)
-        users_db = json_db.load_data("users.json", default_data={})
-        items_db = json_db.load_data("items.json", default_data=[])
-        current_month = datetime.date.today().strftime("%Y-%m")
-        # 1. 更新创作者的总打赏榜与收益趋势
-        if req.target_account in users_db:
-            u = users_db[req.target_account]
-            if "tip_history" not in u: u["tip_history"] = {}
-            u["tip_history"][current_month] = u["tip_history"].get(current_month, 0) + req.amount
-            if "tip_board" not in u: u["tip_board"] = []
-            sender_entry = next((x for x in u["tip_board"] if x["account"] == req.sender_account), None)
-            if sender_entry:
-                sender_entry["amount"] += req.amount
-            else:
-                u["tip_board"].append({"account": req.sender_account, "amount": req.amount, "is_anon": req.is_anonymous})
-            u["tip_board"] = sorted(u["tip_board"], key=lambda x: x["amount"], reverse=True)
-            json_db.save_data("users.json", users_db)
-        # 2. 如果关联了具体作品，更新作品详情的专属打赏榜与收益趋势
-        if req.item_id:
-            for item in items_db:
-                if item["id"] == req.item_id:
-                    if "tip_history" not in item: item["tip_history"] = {}
-                    item["tip_history"][current_month] = item["tip_history"].get(current_month, 0) + req.amount
-                    if "tip_board" not in item: item["tip_board"] = []
-                    sender_entry = next((x for x in item["tip_board"] if x["account"] == req.sender_account), None)
-                    if sender_entry:
-                        sender_entry["amount"] += req.amount
-                    else:
-                        item["tip_board"].append({"account": req.sender_account, "amount": req.amount, "is_anon": req.is_anonymous})
-                    item["tip_board"] = sorted(item["tip_board"], key=lambda x: x["amount"], reverse=True)
-                    json_db.save_data("items.json", items_db)
-                    break
-        return {"status": "success", "balance": sender_wallet.balance}
-    except HTTPException:
-        db.rollback()
-        raise
-    except Exception as e:
-        db.rollback()
-        logger.error(f"TIP_ERROR | from={req.sender_account} | to={req.target_account} | amount={req.amount} | error={str(e)}")
-        raise HTTPException(status_code=500, detail="打赏处理失败，请稍后重试")
-@router.post("/api/wallet/withdraw")
-@limiter.limit("3/minute")  # 🔒 P0安全优化：提现每分钟最多3次
-async def withdraw(request: Request, req: WithdrawRequest, db: Session = Depends(get_db)):
-    key = f"{req.account}_withdraw"
-    code_data = VERIFY_CODES.get(key)
-    # 🔒 P0安全修复：统一使用 expires_at 字段，兼容旧版 expires
-    expire_time = code_data.get("expires_at", code_data.get("expires", 0)) if code_data else 0
-    if not code_data or code_data["code"] != req.code or time.time() > expire_time:
-        raise HTTPException(status_code=400, detail="验证码无效或已过期")
-    # 🔒 P1并发安全：使用悲观锁+异常处理+事务回滚防��并发问题
-    try:
-        wallet = db.query(Wallet).filter(Wallet.account == req.account).with_for_update().first()
-        if not wallet:
-            raise HTTPException(status_code=400, detail="钱包不存在")
-        # 🚀 核心新增：阶梯手续费计算 (与前端逻辑统一)
-        # 查询历史累计提现总额 (WITHDRAW 类型的 amount 是负数，需要取绝对值)
-        # 🚀 P1性能优化：使用聚合函数代替 .all() + sum
-        from sqlalchemy import func as sql_func
-        withdrawals_sum = db.query(sql_func.coalesce(sql_func.sum(Transaction.amount), 0)).filter(
-            Transaction.account == req.account,
-            Transaction.tx_type == 'WITHDRAW'
-        ).scalar() or 0
-        total_withdrawn = abs(withdrawals_sum)
-        # 手续费规则：100元 = 10000积分 免手续费额度，超出部分收取 10%
-        free_quota = max(0, 10000 - total_withdrawn)  # 剩余免责额度
-        fee_amount = 0
-        if req.amount > free_quota:
-            fee_amount = int((req.amount - free_quota) * 0.10)  # 只对超出部分收 10%
-        actual_withdraw = req.amount  # 从账户扣除的金额
-        net_amount = req.amount - fee_amount  # 用户实际到账金额
-        total_withdrawable = wallet.earn_balance + wallet.tip_balance
-        if actual_withdraw > total_withdrawable:
-            raise HTTPException(status_code=400, detail="可提现余额不足")
-        if actual_withdraw <= wallet.earn_balance:
-            wallet.earn_balance -= actual_withdraw
-        else:
-            remaining = actual_withdraw - wallet.earn_balance
-            wallet.earn_balance = 0
-            wallet.tip_balance -= remaining
-        wallet.frozen_balance += net_amount  # 冻结的是到账金额，非手续费部分
-        tx_id = f"WD_{int(time.time())}_{uuid.uuid4().hex[:6]}"
-        last_tx = db.query(Transaction).filter(Transaction.account == req.account).order_by(Transaction.created_at.desc()).first()
-        prev_hash = last_tx.tx_hash if last_tx else "GENESIS_HASH"
-        tx_hash = calculate_tx_hash(tx_id, req.account, "WITHDRAW", -actual_withdraw, prev_hash)
-        new_tx = Transaction(
-            tx_id=tx_id, account=req.account, tx_type="WITHDRAW", amount=-actual_withdraw,
-            prev_hash=prev_hash, tx_hash=tx_hash
-        )
-        db.add(new_tx)
-        # 🚀 如果有手续费，额外记录一笔手续费交易
-        if fee_amount > 0:
-            fee_tx_id = f"FEE_{int(time.time())}_{uuid.uuid4().hex[:6]}"
-            fee_tx_hash = calculate_tx_hash(fee_tx_id, req.account, "WITHDRAW_FEE", -fee_amount, tx_hash)
-            fee_tx = Transaction(
-                tx_id=fee_tx_id, account=req.account, tx_type="WITHDRAW_FEE", amount=-fee_amount,
-                prev_hash=tx_hash, tx_hash=fee_tx_hash
-            )
-            db.add(fee_tx)
-        db.commit()
-        # 📝 P2优化：提现审计日志
-        logger.info(f"WITHDRAW | account={req.account} | amount={actual_withdraw} | fee={fee_amount} | net={net_amount} | tx={tx_id}")
-        del VERIFY_CODES[key]
-        return {
-            "status": "success",
-            "withdraw_amount": actual_withdraw,
-            "fee_amount": fee_amount,
-            "net_amount": net_amount,
-            "free_quota_used": min(req.amount, free_quota + total_withdrawn) - total_withdrawn  # 本次消耗的免责额度
-        }
-    except HTTPException:
-        db.rollback()
-        raise
-    except Exception as e:
-        db.rollback()
-        logger.error(f"WITHDRAW_ERROR | account={req.account} | amount={req.amount} | error={str(e)}")
-        raise HTTPException(status_code=500, detail="提现处理失败，请稍后重试")
-# ==========================================
-# 💳 P6支付增强：交易明细查询API
-# ==========================================
-@router.get("/api/wallet/{account}/transactions")
-async def get_transactions(
-    account: str,
-    page: int = 1,
-    limit: int = 20,
-    tx_type: str = None,
-    db: Session = Depends(get_db)
-):
-    """
-    获取用户交易明细（分页）
-    - tx_type: 可选筛选（RECHARGE/PURCHASE/TIP_OUT/TIP_IN/WITHDRAW/TASK_FREEZE/TASK_DEPOSIT/TASK_PAYMENT/TASK_INCOME/TASK_REFUND）
-    """
-    query = db.query(Transaction).filter(Transaction.account == account)
-    if tx_type:
-        query = query.filter(Transaction.tx_type == tx_type)
-    total = query.count()
-    transactions = query.order_by(Transaction.created_at.desc()).offset((page - 1) * limit).limit(limit).all()
-    # 格式化输出
-    tx_list = []
-    for tx in transactions:
-        tx_list.append({
-            "tx_id": tx.tx_id,
-            "tx_type": tx.tx_type,
-            "amount": tx.amount,
-            "related_account": tx.related_account,
-            "item_id": tx.item_id,
-            "created_at": tx.created_at.isoformat() if tx.created_at else None
-        })
-    return {
-        "status": "success",
-        "data": tx_list,
-        "total": total,
-        "page": page,
-        "limit": limit
-    }
-@router.get("/api/wallet/{account}/task-stats")
-async def get_task_stats(account: str, db: Session = Depends(get_db)):
-    """
-    📊 获取用户任务收益统计
-    🚀 P1性能优化：使用单次查询+分组聚合替代多次查询
-    """
-    from sqlalchemy import func as sql_func, case
-    # 🚀 P1性能优化：使用分组聚合一次查询多种类型的统计
-    stats = db.query(
-        Transaction.tx_type,
-        sql_func.count(Transaction.tx_id).label('count'),
-        sql_func.coalesce(sql_func.sum(Transaction.amount), 0).label('total')
-    ).filter(
-        Transaction.account == account,
-        Transaction.tx_type.in_(["TASK_INCOME", "TASK_FREEZE", "TASK_DEPOSIT", "TASK_PAYMENT", "TASK_REFUND"])
-    ).group_by(Transaction.tx_type).all()
-    # 解析统计结果
-    stats_map = {s.tx_type: {'count': s.count, 'total': s.total} for s in stats}
-    total_income = stats_map.get('TASK_INCOME', {}).get('total', 0) or 0
-    income_count = stats_map.get('TASK_INCOME', {}).get('count', 0) or 0
-    # 任务支出（发布任务的支付）
-    total_payment = abs(
-        (stats_map.get('TASK_FREEZE', {}).get('total', 0) or 0) +
-        (stats_map.get('TASK_DEPOSIT', {}).get('total', 0) or 0) +
-        (stats_map.get('TASK_PAYMENT', {}).get('total', 0) or 0)
-    )
-    payment_count = (
-        (stats_map.get('TASK_FREEZE', {}).get('count', 0) or 0) +
-        (stats_map.get('TASK_DEPOSIT', {}).get('count', 0) or 0) +
-        (stats_map.get('TASK_PAYMENT', {}).get('count', 0) or 0)
-    )
-    total_refund = stats_map.get('TASK_REFUND', {}).get('total', 0) or 0
-    # 最近交易（任务相关）
-    recent_txs = db.query(Transaction).filter(
-        Transaction.account == account,
-        Transaction.tx_type.in_(["TASK_INCOME", "TASK_PAYMENT", "TASK_DEPOSIT", "TASK_FREEZE", "TASK_REFUND"])
-    ).order_by(Transaction.created_at.desc()).limit(10).all()
-    recent_list = [{
-        "tx_id": tx.tx_id,
-        "tx_type": tx.tx_type,
-        "amount": tx.amount,
-        "item_id": tx.item_id,
-        "created_at": tx.created_at.isoformat() if tx.created_at else None
-    } for tx in recent_txs]
-    return {
-        "status": "success",
-        "data": {
-            "total_income": total_income,
-            "income_count": income_count,
-            "total_payment": total_payment,
-            "payment_count": payment_count,
-            "total_refund": total_refund,
-            "net_earnings": total_income - total_payment + total_refund,
-            "recent_transactions": recent_list
-        }
-    }
-# ==========================================
-# 🔄 P7后悔模式：退款API
-# ==========================================
-@router.get("/api/wallet/{account}/purchase/{item_id}")
-async def get_purchase_status(account: str, item_id: str, db: Session = Depends(get_db)):
-    """
-    获取购买状态（用于判断是否可退款）
-    """
-    ownership = db.query(Ownership).filter(
-        Ownership.account == account,
-        Ownership.item_id == item_id,
-        Ownership.is_refunded == False
-    ).first()
-    if not ownership:
-        return {"status": "success", "owned": False}
-    # 计算是否在退款窗口内
-    purchased_at = ownership.purchased_at
-    now = datetime.datetime.utcnow()
-    refund_deadline = purchased_at + datetime.timedelta(hours=REFUND_WINDOW_HOURS)
-    can_refund = now < refund_deadline
-    hours_left = max(0, (refund_deadline - now).total_seconds() / 3600) if can_refund else 0
-    return {
-        "status": "success",
-        "owned": True,
-        "purchased_at": purchased_at.isoformat(),
-        "price_paid": ownership.price_paid,
-        "can_refund": can_refund,
-        "refund_hours_left": round(hours_left, 1)
-    }
-@router.post("/api/wallet/refund")
-@limiter.limit("3/minute")  # 🔒 P0安全优化：退款每分钟最多3次
-async def refund_purchase(request: Request, account: str, item_id: str, db: Session = Depends(get_db)):
-    """
-    🔄 P7后悔模式：申请退款
-    - 24小时内可退款
-    - 退款后30天内禁止再次购买
-    - 退款后权限回收
-    """
-    items_db = json_db.load_data("items.json", default_data=[])
-    item = next((i for i in items_db if i["id"] == item_id), None)
-    if not item:
-        raise HTTPException(status_code=404, detail="商品不存在")
-    # 查找购买记录
-    ownership = db.query(Ownership).filter(
-        Ownership.account == account,
-        Ownership.item_id == item_id,
-        Ownership.is_refunded == False
-    ).first()
-    if not ownership:
-        raise HTTPException(status_code=404, detail="未找到购买记录")
-    # 检查是否在退款窗口内
-    purchased_at = ownership.purchased_at
-    now = datetime.datetime.utcnow()
-    refund_deadline = purchased_at + datetime.timedelta(hours=REFUND_WINDOW_HOURS)
-    if now >= refund_deadline:
-        hours_passed = (now - purchased_at).total_seconds() / 3600
-        raise HTTPException(status_code=400, detail=f"已超过24小时退款窗口（已购买{hours_passed:.1f}小时）")
-    refund_amount = ownership.price_paid or 0
-    seller_account = item.get("author")
-    if refund_amount <= 0:
-        raise HTTPException(status_code=400, detail="该商品为免费资源，无需退款")
-    # 🔒 P1并发安全：使用悲观锁+异常处理+事务回滚防止并发问题
-    try:
-        # 执行退款
-        buyer_wallet = db.query(Wallet).filter(Wallet.account == account).with_for_update().first()
-        seller_wallet = db.query(Wallet).filter(Wallet.account == seller_account).with_for_update().first()
-        if seller_wallet:
-            # 从卖家收益中扣除（如果不足则从余额扣除）
-            if seller_wallet.earn_balance >= refund_amount:
-                seller_wallet.earn_balance -= refund_amount
-            else:
-                remaining = refund_amount - seller_wallet.earn_balance
-                seller_wallet.earn_balance = 0
-                seller_wallet.balance = max(0, seller_wallet.balance - remaining)
-        if buyer_wallet:
-            buyer_wallet.balance += refund_amount
-        else:
-            buyer_wallet = Wallet(account=account, balance=refund_amount)
-            db.add(buyer_wallet)
-        # 标记所有权为已退款
-        ownership.is_refunded = True
-        ownership.refunded_at = now
-        # 创建退款记录（30天禁购）
-        ban_until = now + datetime.timedelta(days=REFUND_BAN_DAYS)
-        new_refund = Refund(
-            account=account,
-            item_id=item_id,
-            amount=refund_amount,
-            ban_until=ban_until
-        )
-        db.add(new_refund)
-        # 记录退款交易
-        tx_id = f"REFUND_{int(time.time())}_{uuid.uuid4().hex[:6]}"
-        last_tx = db.query(Transaction).filter(Transaction.account == account).order_by(Transaction.created_at.desc()).first()
-        prev_hash = last_tx.tx_hash if last_tx else "GENESIS_HASH"
-        tx_hash = calculate_tx_hash(tx_id, account, "REFUND", refund_amount, prev_hash)
-        new_tx = Transaction(
-            tx_id=tx_id, account=account, tx_type="REFUND", amount=refund_amount,
-            related_account=seller_account, item_id=item_id, prev_hash=prev_hash, tx_hash=tx_hash
-        )
-        db.add(new_tx)
-        db.commit()
-        logger.info(f"REFUND | buyer={account} | seller={seller_account} | item={item_id} | amount={refund_amount} | ban_until={ban_until.isoformat()}")
-        return {
-            "status": "success",
-            "message": f"退款成功，{refund_amount}积分已退还",
-            "refund_amount": refund_amount,
-            "ban_days": REFUND_BAN_DAYS
-        }
-    except HTTPException:
-        db.rollback()
-        raise
-    except Exception as e:
-        db.rollback()
-        logger.error(f"REFUND_ERROR | buyer={account} | item={item_id} | amount={refund_amount} | error={str(e)}")
         raise HTTPException(status_code=500, detail="退款处理失败，请稍后重试")

+# router_wallet.py
+# ==========================================
+# 💰 钱包与交易路由模块
+# ==========================================
+# 作用：处理充值、提现、购买、打赏等资金操作
+# 关联文件：
+#   - verify_code_engine.py (提现验证码缓存)
+#   - database_sql.py (SQL数据库连接)
+#   - models_sql.py (Wallet, Transaction, Ownership 模型)
+# 🔒 P0安全优化：API限流
+# ==========================================
+from fastapi import APIRouter, Depends, HTTPException, Request
+from fastapi.responses import Response
+from sqlalchemy.orm import Session
+import time
+import uuid
+import hashlib
+import os
+import datetime
+import logging
+from database_sql import get_db
+from models_sql import Wallet, Transaction, Ownership, Refund
+from models import RechargeRequest, WithdrawRequest, PurchaseRequest, TipRequest
+import 数据库连接 as json_db
+# 🔒 P0安全优化：API限流
+from slowapi import Limiter
+from slowapi.util import get_remote_address
+limiter = Limiter(key_func=get_remote_address)
+# 🔄 P7后悔模式：24小时退款窗口
+REFUND_WINDOW_HOURS = 24
+# 🔄 P7后悔模式：退款后30天禁购
+REFUND_BAN_DAYS = 30
+# 📝 P2优化：审计日志
+logger = logging.getLogger("ComfyUI-Ranking.Wallet")
+# 🔐 导入验证码缓存 (提现时需要验证)
+from verify_code_engine import VERIFY_CODES
+router = APIRouter()
+# ==========================================
+# 🚨 替换这里的支付宝初始化逻辑 🚨
+# ==========================================
+def format_pem_key(key_str, key_type="PRIVATE"):
+    """自动给'裸奔'的秘钥穿上符合 Python 规范的外套"""
+    # 如果用户已经带有 BEGIN 标签，说明格式没问题，直接返回
+    if "BEGIN" in key_str:
+        return key_str.replace("\\n", "\n").strip()
+    # 去除所有的空格和换行符，拿到最纯净的字符串
+    clean_key = key_str.replace(" ", "").replace("\n", "").replace("\\n", "").replace("\r", "")
+    # 按照国际标准，每 64 个字符强制切断换行
+    chunks = [clean_key[i:i+64] for i in range(0, len(clean_key), 64)]
+    formatted_body = "\n".join(chunks)
+    # 穿上头尾外套
+    if key_type == "PRIVATE":
+        return f"-----BEGIN RSA PRIVATE KEY-----\n{formatted_body}\n-----END RSA PRIVATE KEY-----"
+    else:
+        return f"-----BEGIN PUBLIC KEY-----\n{formatted_body}\n-----END PUBLIC KEY-----"
+alipay_error_msg = "未知错误"
+try:
+    from alipay import AliPay
+    from alipay.utils import AliPayConfig
+    # 1. 抓取原生态的环境变量
+    raw_appid = os.environ.get("ALIPAY_APPID", "").strip()
+    raw_priv_key = os.environ.get("ALIPAY_PRIVATE_KEY", "").strip()
+    raw_pub_key = os.environ.get("ALIPAY_PUBLIC_KEY", "").strip()
+    if not raw_appid or not raw_priv_key or not raw_pub_key:
+        alipay_error_msg = f"缺少环境变量。当前读取到: APPID={bool(raw_appid)}, PRIV_KEY={bool(raw_priv_key)}, PUB_KEY={bool(raw_pub_key)}"
+        alipay = None
+    else:
+        # 2. 扔进我们的格式化引擎进行自动包装！
+        priv_key_formatted = format_pem_key(raw_priv_key, "PRIVATE")
+        pub_key_formatted = format_pem_key(raw_pub_key, "PUBLIC")
+        # 3. 完美加载
+        alipay = AliPay(
+            appid=raw_appid,
+            app_notify_url="https://zhiwei666-comfyui-ranking-api.hf.space/api/wallet/alipay_notify",
+            app_private_key_string=priv_key_formatted,
+            alipay_public_key_string=pub_key_formatted,
+            sign_type="RSA2",
+            debug=False,
+            config=AliPayConfig(timeout=15)
+        )
+except Exception as e:
+    alipay = None
+    alipay_error_msg = f"支付宝 SDK 崩溃: {str(e)}"
+    print(f"🚨 支付宝初始化异常: {alipay_error_msg}")
+def calculate_tx_hash(tx_id, account, tx_type, amount, prev_hash):
+    data = f"{tx_id}{account}{tx_type}{amount}{prev_hash}"
+    return hashlib.sha256(data.encode()).hexdigest()
+@router.post("/api/wallet/create_recharge_order")
+async def create_recharge_order(req: RechargeRequest):
+    if not alipay:
+        # 这里会将真实的错误原因直接弹窗发给前端！
+        raise HTTPException(status_code=500, detail=f"支付网关配置错误: {alipay_error_msg}")
+    order_id = f"PAY_{int(time.time())}_{uuid.uuid4().hex[:6]}"
+    subject = f"ComfyUI Community Points - {req.account}"
+    order_string = alipay.api_alipay_trade_precreate(
+        out_trade_no=order_id,
+        total_amount=str(req.amount),
+        subject=subject
+    )
+    qr_code_url = order_string.get("qr_code")
+    if not qr_code_url:
+        raise HTTPException(status_code=500, detail="生成支付二维码失败")
+    return {"status": "success", "order_id": order_id, "qr_code": qr_code_url}
+# 🟢 业务流转细节修复：正确解析 application/x-www-form-urlencoded
+@router.post("/api/wallet/alipay_notify")
+async def alipay_notify(request: Request, db: Session = Depends(get_db)):
+    # 强制将表单数据解析为纯字典，防止由于数据类型错误导致验签失败
+    form_data = await request.form()
+    data = dict(form_data.items())
+    signature = data.pop("sign", None)
+    data.pop("sign_type", None)
+    if not alipay or not signature or not alipay.verify(data, signature):
+        return Response(content="fail", media_type="text/plain")
+    if data.get("trade_status") in ("TRADE_SUCCESS", "TRADE_FINISHED"):
+        order_id = data.get("out_trade_no")
+        existing_tx = db.query(Transaction).filter(Transaction.tx_id == order_id).first()
+        if not existing_tx:
+            amount = int(float(data.get("total_amount", 0)))
+            account = data.get("subject", "").split(" - ")[-1]
+            # 🔒 P1并发安全：使用悲观锁+异常处理+事务回滚防止并发充值问题
+            try:
+                wallet = db.query(Wallet).filter(Wallet.account == account).with_for_update().first()
+                if not wallet:
+                    wallet = Wallet(account=account)
+                    db.add(wallet)
+                wallet.balance += amount
+                last_tx = db.query(Transaction).filter(Transaction.account == account).order_by(Transaction.created_at.desc()).first()
+                prev_hash = last_tx.tx_hash if last_tx else "GENESIS_HASH"
+                tx_hash = calculate_tx_hash(order_id, account, "RECHARGE", amount, prev_hash)
+                new_tx = Transaction(
+                    tx_id=order_id, account=account, tx_type="RECHARGE", amount=amount,
+                    prev_hash=prev_hash, tx_hash=tx_hash
+                )
+                db.add(new_tx)
+                db.commit()
+                # 📝 P2优化：充值审计日志
+                logger.info(f"RECHARGE | account={account} | amount={amount} | order={order_id}")
+            except Exception as e:
+                db.rollback()
+                logger.error(f"RECHARGE_ERROR | account={account} | amount={amount} | order={order_id} | error={str(e)}")
+                return Response(content="fail", media_type="text/plain")
+    return Response(content="success", media_type="text/plain")
+@router.get("/api/wallet/check_order/{order_id}")
+async def check_order(order_id: str, account: str = None, db: Session = Depends(get_db)):
+    # 防线 1：先查本地数据库（如果 Webhook 成功了，这里就能查到）
+    tx = db.query(Transaction).filter(Transaction.tx_id == order_id).first()
+    if tx:
+        return {"status": "SUCCESS"}
+    # 防线 2：主动向支付宝发起查单（解决 Hugging Face 收不到回调的绝杀技）
+    if alipay and account:
+        try:
+            # 拿着订单号去问支付宝：这笔钱到底付了没？
+            result = alipay.api_alipay_trade_query(out_trade_no=order_id)
+            if result.get("code") == "10000" and result.get("trade_status") in ("TRADE_SUCCESS", "TRADE_FINISHED"):
+                # 钱真的到了！立刻加锁入账
+                amount = int(float(result.get("total_amount", 0)))
+                wallet = db.query(Wallet).filter(Wallet.account == account).with_for_update().first()
+                if not wallet:
+                    wallet = Wallet(account=account)
+                    db.add(wallet)
+                wallet.balance += amount
+                last_tx = db.query(Transaction).filter(Transaction.account == account).order_by(Transaction.created_at.desc()).first()
+                prev_hash = last_tx.tx_hash if last_tx else "GENESIS_HASH"
+                tx_hash = calculate_tx_hash(order_id, account, "RECHARGE", amount, prev_hash)
+                new_tx = Transaction(
+                    tx_id=order_id, account=account, tx_type="RECHARGE", amount=amount,
+                    prev_hash=prev_hash, tx_hash=tx_hash
+                )
+                db.add(new_tx)
+                db.commit()
+                return {"status": "SUCCESS"}
+        except Exception as e:
+            print(f"主动查单发生异常: {e}")
+    # 如果没查到支付成功状态，继续让前端等
+    return {"status": "PENDING"}
+@router.get("/api/wallet/{account}")
+async def get_wallet(account: str, db: Session = Depends(get_db)):
+    wallet = db.query(Wallet).filter(Wallet.account == account).first()
+    # 🚀 P1性能优化：使用聚合函数代替 .all() + sum
+    from sqlalchemy import func
+    total_withdrawn = db.query(func.coalesce(func.sum(Transaction.amount), 0)).filter(
+        Transaction.account == account,
+        Transaction.tx_type == 'WITHDRAW'
+    ).scalar() or 0
+    total_withdrawn = abs(total_withdrawn)  # 提现金额是负数
+    if not wallet:
+        return {"status": "success", "balance": 0, "earn_balance": 0, "tip_balance": 0, "frozen_balance": 0, "total_withdrawn": total_withdrawn}
+    return {
+        "status": "success",
+        "balance": wallet.balance,
+        "earn_balance": wallet.earn_balance,
+        "tip_balance": wallet.tip_balance,
+        "frozen_balance": wallet.frozen_balance,
+        "total_withdrawn": total_withdrawn  # 暴露给前端
+    }
+@router.post("/api/wallet/purchase")
+@limiter.limit("10/minute")  # 🔒 P0安全优化：购买每分钟最多10次
+async def purchase_item(request: Request, req: PurchaseRequest, db: Session = Depends(get_db)):
+    items_db = json_db.load_data("items.json", default_data=[])
+    item = next((i for i in items_db if i["id"] == req.item_id), None)
+    if not item:
+        raise HTTPException(status_code=404, detail="商品不存在")
+    # 🔄 P7后悔模式：检查价格是否延迟生效
+    actual_price = item.get("price", 0)
+    pending_price = item.get("pending_price")
+    pending_price_effective = item.get("pending_price_effective_at")
+    if pending_price is not None and pending_price_effective:
+        # 检查是否已过生效时间
+        effective_time = datetime.datetime.fromisoformat(pending_price_effective)
+        if datetime.datetime.now() >= effective_time:
+            actual_price = pending_price
+            # 更新实际价格，清除待生效价格
+            item["price"] = pending_price
+            item["pending_price"] = None
+            item["pending_price_effective_at"] = None
+            json_db.save_data("items.json", items_db)
+    price = int(actual_price)
+    seller_account = item.get("author")
+    if price <= 0 or req.account == seller_account:
+        # ☁️ 免费资源或作者本人，也返回网盘密码
+        return {
+            "status": "success",
+            "already_owned": True,
+            "netdisk_password": item.get("netdisk_password"),  # ☁️
+            "is_netdisk": item.get("is_netdisk", False)        # ☁️
+        }
+    # 🔄 P7后悔模式：检查30天禁购
+    refund_ban = db.query(Refund).filter(
+        Refund.account == req.account,
+        Refund.item_id == req.item_id,
+        Refund.ban_until > datetime.datetime.utcnow()
+    ).first()
+    if refund_ban:
+        days_left = (refund_ban.ban_until - datetime.datetime.utcnow()).days + 1
+        raise HTTPException(status_code=403, detail=f"您已退款过此商品，{days_left}天内禁止再次购买")
+    # 检查是否已拥有（排除已退款的记录）
+    owned = db.query(Ownership).filter(
+        Ownership.account == req.account,
+        Ownership.item_id == req.item_id,
+        Ownership.is_refunded == False
+    ).first()
+    if owned:
+        # ☁️ 已购买用户，返回网盘密码
+        return {
+            "status": "success",
+            "already_owned": True,
+            "netdisk_password": item.get("netdisk_password"),  # ☁️
+            "is_netdisk": item.get("is_netdisk", False)        # ☁️
+        }
+    # 🔒 P1并发安全：使用悲观锁+异常处理+事务回滚防止双花问题
+    try:
+        buyer_wallet = db.query(Wallet).filter(Wallet.account == req.account).with_for_update().first()
+        if not buyer_wallet or buyer_wallet.balance < price:
+            raise HTTPException(status_code=402, detail="余额不足，请先充值")
+        seller_wallet = db.query(Wallet).filter(Wallet.account == seller_account).with_for_update().first()
+        if not seller_wallet:
+            seller_wallet = Wallet(account=seller_account)
+            db.add(seller_wallet)
+        buyer_wallet.balance -= price
+        seller_wallet.earn_balance += price
+        # 🔄 P7后悔模式：记录购买价格
+        new_ownership = Ownership(account=req.account, item_id=req.item_id, price_paid=price)
+        db.add(new_ownership)
+        tx_id = f"BUY_{int(time.time())}_{uuid.uuid4().hex[:6]}"
+        last_tx = db.query(Transaction).filter(Transaction.account == req.account).order_by(Transaction.created_at.desc()).first()
+        prev_hash = last_tx.tx_hash if last_tx else "GENESIS_HASH"
+        tx_hash = calculate_tx_hash(tx_id, req.account, "PURCHASE", -price, prev_hash)
+        # 创建交易记录 (字段名为 related_account，与 models_sql.py 中 Transaction 模型保持一致)
+        new_tx = Transaction(
+            tx_id=tx_id, account=req.account, tx_type="PURCHASE", amount=-price,
+            related_account=seller_account, item_id=req.item_id, prev_hash=prev_hash, tx_hash=tx_hash
+        )
+        db.add(new_tx)
+        db.commit()
+        # 📝 P2优化：购买审计日志
+        logger.info(f"PURCHASE | buyer={req.account} | seller={seller_account} | item={req.item_id} | amount={price} | tx={tx_id}")
+        # ☁️ 购买成功后返回网盘密码
+        return {
+            "status": "success",
+            "already_owned": False,
+            "netdisk_password": item.get("netdisk_password"),  # ☁️ 只有购买成功才返回
+            "is_netdisk": item.get("is_netdisk", False)        # ☁️
+        }
+    except HTTPException:
+        db.rollback()
+        raise
+    except Exception as e:
+        db.rollback()
+        logger.error(f"PURCHASE_ERROR | buyer={req.account} | item={req.item_id} | error={str(e)}")
+        raise HTTPException(status_code=500, detail="购买处理失败，请稍后重试")
+@router.post("/api/wallet/tip")
+@limiter.limit("20/minute")  # 🔒 P0安全优化：打赏每分钟最多20次
+async def tip_user(request: Request, req: TipRequest, db: Session = Depends(get_db)):
+    if req.amount <= 0:
+        raise HTTPException(status_code=400, detail="打赏金额必须大于0")
+    if req.sender_account == req.target_account:
+        raise HTTPException(status_code=400, detail="不能打赏给自己")
+    # 🔒 P1并发安全：使用悲观锁+异常处理+事务回滚防止双花问题
+    try:
+        sender_wallet = db.query(Wallet).filter(Wallet.account == req.sender_account).with_for_update().first()
+        target_wallet = db.query(Wallet).filter(Wallet.account == req.target_account).with_for_update().first()
+        if not sender_wallet or sender_wallet.balance < req.amount:
+            raise HTTPException(status_code=400, detail="余额不足")
+        if not target_wallet:
+            target_wallet = Wallet(account=req.target_account, balance=0, earn_balance=0, tip_balance=0, frozen_balance=0)
+            db.add(target_wallet)
+        sender_wallet.balance -= req.amount
+        target_wallet.tip_balance += req.amount
+        tx_id_sender = f"TIP_OUT_{int(time.time())}_{uuid.uuid4().hex[:6]}"
+        tx_id_target = f"TIP_IN_{int(time.time())}_{uuid.uuid4().hex[:6]}"
+        # 记录交易
+        last_tx_sender = db.query(Transaction).filter(Transaction.account == req.sender_account).order_by(Transaction.created_at.desc()).first()
+        last_tx_target = db.query(Transaction).filter(Transaction.account == req.target_account).order_by(Transaction.created_at.desc()).first()
+        prev_hash_sender = last_tx_sender.tx_hash if last_tx_sender else "GENESIS_HASH"
+        prev_hash_target = last_tx_target.tx_hash if last_tx_target else "GENESIS_HASH"
+        # 发送方交易记录 (字段名为 related_account，与 models_sql.py 中 Transaction 模型保持一致)
+        tx_sender = Transaction(tx_id=tx_id_sender, account=req.sender_account, tx_type="TIP_OUT", amount=-req.amount,
+                                related_account=req.target_account, prev_hash=prev_hash_sender,
+                                tx_hash=calculate_tx_hash(tx_id_sender, req.sender_account, "TIP_OUT", -req.amount, prev_hash_sender))
+        # 接收方交易记录
+        tx_target = Transaction(tx_id=tx_id_target, account=req.target_account, tx_type="TIP_IN", amount=req.amount,
+                                related_account=req.sender_account, prev_hash=prev_hash_target,
+                                tx_hash=calculate_tx_hash(tx_id_target, req.target_account, "TIP_IN", req.amount, prev_hash_target))
+        db.add(tx_sender)
+        db.add(tx_target)
+        db.commit()
+        # 📝 P2优化：打赏审计日志
+        logger.info(f"TIP | from={req.sender_account} | to={req.target_account} | amount={req.amount} | item={req.item_id or 'N/A'} | anon={req.is_anonymous}")
+        # 🚀 核心新增：记录打赏榜单和月度收益趋势 (写入 JSON 以供高频读取)
+        users_db = json_db.load_data("users.json", default_data={})
+        items_db = json_db.load_data("items.json", default_data=[])
+        current_month = datetime.date.today().strftime("%Y-%m")
+        # 1. 更新创作者的总打赏榜与收益趋势
+        if req.target_account in users_db:
+            u = users_db[req.target_account]
+            if "tip_history" not in u: u["tip_history"] = {}
+            u["tip_history"][current_month] = u["tip_history"].get(current_month, 0) + req.amount
+            if "tip_board" not in u: u["tip_board"] = []
+            sender_entry = next((x for x in u["tip_board"] if x["account"] == req.sender_account), None)
+            if sender_entry:
+                sender_entry["amount"] += req.amount
+            else:
+                u["tip_board"].append({"account": req.sender_account, "amount": req.amount, "is_anon": req.is_anonymous})
+            u["tip_board"] = sorted(u["tip_board"], key=lambda x: x["amount"], reverse=True)
+            json_db.save_data("users.json", users_db)
+        # 2. 如果关联了具体作品，更新作品详情的专属打赏榜与收益趋势
+        if req.item_id:
+            for item in items_db:
+                if item["id"] == req.item_id:
+                    if "tip_history" not in item: item["tip_history"] = {}
+                    item["tip_history"][current_month] = item["tip_history"].get(current_month, 0) + req.amount
+                    if "tip_board" not in item: item["tip_board"] = []
+                    sender_entry = next((x for x in item["tip_board"] if x["account"] == req.sender_account), None)
+                    if sender_entry:
+                        sender_entry["amount"] += req.amount
+                    else:
+                        item["tip_board"].append({"account": req.sender_account, "amount": req.amount, "is_anon": req.is_anonymous})
+                    item["tip_board"] = sorted(item["tip_board"], key=lambda x: x["amount"], reverse=True)
+                    json_db.save_data("items.json", items_db)
+                    break
+        return {"status": "success", "balance": sender_wallet.balance}
+    except HTTPException:
+        db.rollback()
+        raise
+    except Exception as e:
+        db.rollback()
+        logger.error(f"TIP_ERROR | from={req.sender_account} | to={req.target_account} | amount={req.amount} | error={str(e)}")
+        raise HTTPException(status_code=500, detail="打赏处理失败，请稍后重试")
+@router.post("/api/wallet/withdraw")
+@limiter.limit("3/minute")  # 🔒 P0安全优化：提现每分钟最多3次
+async def withdraw(request: Request, req: WithdrawRequest, db: Session = Depends(get_db)):
+    key = f"{req.account}_withdraw"
+    code_data = VERIFY_CODES.get(key)
+    # 🔒 P0安全修复：统一使用 expires_at 字段，兼容旧版 expires
+    expire_time = code_data.get("expires_at", code_data.get("expires", 0)) if code_data else 0
+    if not code_data or code_data["code"] != req.code or time.time() > expire_time:
+        raise HTTPException(status_code=400, detail="验证码无效或已过期")
+    # 🔒 P1并发安全：使用悲观锁+异常处理+事务回滚防止并发问题
+    try:
+        wallet = db.query(Wallet).filter(Wallet.account == req.account).with_for_update().first()
+        if not wallet:
+            raise HTTPException(status_code=400, detail="钱包不存在")
+        # 🚀 核心新增：阶梯手续费计算 (与前端逻辑统一)
+        # 查询历史累计提现总额 (WITHDRAW 类型的 amount 是负数，需要取绝对值)
+        # 🚀 P1性能优化：使用聚合函数代替 .all() + sum
+        from sqlalchemy import func as sql_func
+        withdrawals_sum = db.query(sql_func.coalesce(sql_func.sum(Transaction.amount), 0)).filter(
+            Transaction.account == req.account,
+            Transaction.tx_type == 'WITHDRAW'
+        ).scalar() or 0
+        total_withdrawn = abs(withdrawals_sum)
+        # 手续费规则：100元 = 10000积分 免手续费额度，超出部分收取 10%
+        free_quota = max(0, 10000 - total_withdrawn)  # 剩余免责额度
+        fee_amount = 0
+        if req.amount > free_quota:
+            fee_amount = int((req.amount - free_quota) * 0.10)  # 只对超出部分收 10%
+        actual_withdraw = req.amount  # 从账户扣除的金额
+        net_amount = req.amount - fee_amount  # 用户实际到账金额
+        total_withdrawable = wallet.earn_balance + wallet.tip_balance
+        if actual_withdraw > total_withdrawable:
+            raise HTTPException(status_code=400, detail="可提现余额不足")
+        if actual_withdraw <= wallet.earn_balance:
+            wallet.earn_balance -= actual_withdraw
+        else:
+            remaining = actual_withdraw - wallet.earn_balance
+            wallet.earn_balance = 0
+            wallet.tip_balance -= remaining
+        wallet.frozen_balance += net_amount  # 冻结的是到账金额，非手续费部分
+        tx_id = f"WD_{int(time.time())}_{uuid.uuid4().hex[:6]}"
+        last_tx = db.query(Transaction).filter(Transaction.account == req.account).order_by(Transaction.created_at.desc()).first()
+        prev_hash = last_tx.tx_hash if last_tx else "GENESIS_HASH"
+        tx_hash = calculate_tx_hash(tx_id, req.account, "WITHDRAW", -actual_withdraw, prev_hash)
+        new_tx = Transaction(
+            tx_id=tx_id, account=req.account, tx_type="WITHDRAW", amount=-actual_withdraw,
+            prev_hash=prev_hash, tx_hash=tx_hash
+        )
+        db.add(new_tx)
+        # 🚀 如果有手续费，额外记录一笔手续费交易
+        if fee_amount > 0:
+            fee_tx_id = f"FEE_{int(time.time())}_{uuid.uuid4().hex[:6]}"
+            fee_tx_hash = calculate_tx_hash(fee_tx_id, req.account, "WITHDRAW_FEE", -fee_amount, tx_hash)
+            fee_tx = Transaction(
+                tx_id=fee_tx_id, account=req.account, tx_type="WITHDRAW_FEE", amount=-fee_amount,
+                prev_hash=tx_hash, tx_hash=fee_tx_hash
+            )
+            db.add(fee_tx)
+        db.commit()
+        # 📝 P2优化：提现审计日志
+        logger.info(f"WITHDRAW | account={req.account} | amount={actual_withdraw} | fee={fee_amount} | net={net_amount} | tx={tx_id}")
+        del VERIFY_CODES[key]
+        return {
+            "status": "success",
+            "withdraw_amount": actual_withdraw,
+            "fee_amount": fee_amount,
+            "net_amount": net_amount,
+            "free_quota_used": min(req.amount, free_quota + total_withdrawn) - total_withdrawn  # 本次消耗的免责额度
+        }
+    except HTTPException:
+        db.rollback()
+        raise
+    except Exception as e:
+        db.rollback()
+        logger.error(f"WITHDRAW_ERROR | account={req.account} | amount={req.amount} | error={str(e)}")
+        raise HTTPException(status_code=500, detail="提现处理失败，请稍后重试")
+# ==========================================
+# 💳 P6支付增强：交易明细查询API
+# ==========================================
+@router.get("/api/wallet/{account}/transactions")
+async def get_transactions(
+    account: str,
+    page: int = 1,
+    limit: int = 20,
+    tx_type: str = None,
+    db: Session = Depends(get_db)
+):
+    """
+    获取用户交易明细（分页）
+    - tx_type: 可选筛选（RECHARGE/PURCHASE/TIP_OUT/TIP_IN/WITHDRAW/TASK_FREEZE/TASK_DEPOSIT/TASK_PAYMENT/TASK_INCOME/TASK_REFUND）
+    """
+    query = db.query(Transaction).filter(Transaction.account == account)
+    if tx_type:
+        query = query.filter(Transaction.tx_type == tx_type)
+    total = query.count()
+    transactions = query.order_by(Transaction.created_at.desc()).offset((page - 1) * limit).limit(limit).all()
+    # 格式化输出
+    tx_list = []
+    for tx in transactions:
+        tx_list.append({
+            "tx_id": tx.tx_id,
+            "tx_type": tx.tx_type,
+            "amount": tx.amount,
+            "related_account": tx.related_account,
+            "item_id": tx.item_id,
+            "created_at": tx.created_at.isoformat() if tx.created_at else None
+        })
+    return {
+        "status": "success",
+        "data": tx_list,
+        "total": total,
+        "page": page,
+        "limit": limit
+    }
+@router.get("/api/wallet/{account}/task-stats")
+async def get_task_stats(account: str, db: Session = Depends(get_db)):
+    """
+    📊 获取用户任务收益统计
+    🚀 P1性能优化：使用单次查询+分组聚合替代多次查询
+    """
+    from sqlalchemy import func as sql_func, case
+    # 🚀 P1性能优化：使用分组聚合一次查询多种类型的统计
+    stats = db.query(
+        Transaction.tx_type,
+        sql_func.count(Transaction.tx_id).label('count'),
+        sql_func.coalesce(sql_func.sum(Transaction.amount), 0).label('total')
+    ).filter(
+        Transaction.account == account,
+        Transaction.tx_type.in_(["TASK_INCOME", "TASK_FREEZE", "TASK_DEPOSIT", "TASK_PAYMENT", "TASK_REFUND"])
+    ).group_by(Transaction.tx_type).all()
+    # 解析统计结果
+    stats_map = {s.tx_type: {'count': s.count, 'total': s.total} for s in stats}
+    total_income = stats_map.get('TASK_INCOME', {}).get('total', 0) or 0
+    income_count = stats_map.get('TASK_INCOME', {}).get('count', 0) or 0
+    # 任务支出（发布任务的支付）
+    total_payment = abs(
+        (stats_map.get('TASK_FREEZE', {}).get('total', 0) or 0) +
+        (stats_map.get('TASK_DEPOSIT', {}).get('total', 0) or 0) +
+        (stats_map.get('TASK_PAYMENT', {}).get('total', 0) or 0)
+    )
+    payment_count = (
+        (stats_map.get('TASK_FREEZE', {}).get('count', 0) or 0) +
+        (stats_map.get('TASK_DEPOSIT', {}).get('count', 0) or 0) +
+        (stats_map.get('TASK_PAYMENT', {}).get('count', 0) or 0)
+    )
+    total_refund = stats_map.get('TASK_REFUND', {}).get('total', 0) or 0
+    # 最近交易（任务相关）
+    recent_txs = db.query(Transaction).filter(
+        Transaction.account == account,
+        Transaction.tx_type.in_(["TASK_INCOME", "TASK_PAYMENT", "TASK_DEPOSIT", "TASK_FREEZE", "TASK_REFUND"])
+    ).order_by(Transaction.created_at.desc()).limit(10).all()
+    recent_list = [{
+        "tx_id": tx.tx_id,
+        "tx_type": tx.tx_type,
+        "amount": tx.amount,
+        "item_id": tx.item_id,
+        "created_at": tx.created_at.isoformat() if tx.created_at else None
+    } for tx in recent_txs]
+    return {
+        "status": "success",
+        "data": {
+            "total_income": total_income,
+            "income_count": income_count,
+            "total_payment": total_payment,
+            "payment_count": payment_count,
+            "total_refund": total_refund,
+            "net_earnings": total_income - total_payment + total_refund,
+            "recent_transactions": recent_list
+        }
+    }
+# ==========================================
+# 🔄 P7后悔模式：退款API
+# ==========================================
+@router.get("/api/wallet/{account}/purchase/{item_id}")
+async def get_purchase_status(account: str, item_id: str, db: Session = Depends(get_db)):
+    """
+    获取购买状态（用于判断是否可退款）
+    """
+    ownership = db.query(Ownership).filter(
+        Ownership.account == account,
+        Ownership.item_id == item_id,
+        Ownership.is_refunded == False
+    ).first()
+    if not ownership:
+        return {"status": "success", "owned": False}
+    # 计算是否在退款窗口内
+    purchased_at = ownership.purchased_at
+    now = datetime.datetime.utcnow()
+    refund_deadline = purchased_at + datetime.timedelta(hours=REFUND_WINDOW_HOURS)
+    can_refund = now < refund_deadline
+    hours_left = max(0, (refund_deadline - now).total_seconds() / 3600) if can_refund else 0
+    return {
+        "status": "success",
+        "owned": True,
+        "purchased_at": purchased_at.isoformat(),
+        "price_paid": ownership.price_paid,
+        "can_refund": can_refund,
+        "refund_hours_left": round(hours_left, 1)
+    }
+@router.post("/api/wallet/refund")
+@limiter.limit("3/minute")  # 🔒 P0安全优化：退款每分钟最多3次
+async def refund_purchase(request: Request, account: str, item_id: str, db: Session = Depends(get_db)):
+    """
+    🔄 P7后悔模式：申请退款
+    - 24小时内可退款
+    - 退款后30天内禁止再次购买
+    - 退款后权限回收
+    """
+    items_db = json_db.load_data("items.json", default_data=[])
+    item = next((i for i in items_db if i["id"] == item_id), None)
+    if not item:
+        raise HTTPException(status_code=404, detail="商品不存在")
+    # 查找购买记录
+    ownership = db.query(Ownership).filter(
+        Ownership.account == account,
+        Ownership.item_id == item_id,
+        Ownership.is_refunded == False
+    ).first()
+    if not ownership:
+        raise HTTPException(status_code=404, detail="未找到购买记录")
+    # 检查是否在退款窗口内
+    purchased_at = ownership.purchased_at
+    now = datetime.datetime.utcnow()
+    refund_deadline = purchased_at + datetime.timedelta(hours=REFUND_WINDOW_HOURS)
+    if now >= refund_deadline:
+        hours_passed = (now - purchased_at).total_seconds() / 3600
+        raise HTTPException(status_code=400, detail=f"已超过24小时退款窗口（已购买{hours_passed:.1f}小时）")
+    refund_amount = ownership.price_paid or 0
+    seller_account = item.get("author")
+    if refund_amount <= 0:
+        raise HTTPException(status_code=400, detail="该商品为免费资源，无需退款")
+    # 🔒 P1并发安全：使用悲观锁+异常处理+事务回滚防止并发问题
+    try:
+        # 执行退款
+        buyer_wallet = db.query(Wallet).filter(Wallet.account == account).with_for_update().first()
+        seller_wallet = db.query(Wallet).filter(Wallet.account == seller_account).with_for_update().first()
+        if seller_wallet:
+            # 从卖家收益中扣除（如果不足则从余额扣除）
+            if seller_wallet.earn_balance >= refund_amount:
+                seller_wallet.earn_balance -= refund_amount
+            else:
+                remaining = refund_amount - seller_wallet.earn_balance
+                seller_wallet.earn_balance = 0
+                seller_wallet.balance = max(0, seller_wallet.balance - remaining)
+        if buyer_wallet:
+            buyer_wallet.balance += refund_amount
+        else:
+            buyer_wallet = Wallet(account=account, balance=refund_amount)
+            db.add(buyer_wallet)
+        # 标记所有权为已退款
+        ownership.is_refunded = True
+        ownership.refunded_at = now
+        # 创建退款记录（30天禁购）
+        ban_until = now + datetime.timedelta(days=REFUND_BAN_DAYS)
+        new_refund = Refund(
+            account=account,
+            item_id=item_id,
+            amount=refund_amount,
+            ban_until=ban_until
+        )
+        db.add(new_refund)
+        # 记录退款交易
+        tx_id = f"REFUND_{int(time.time())}_{uuid.uuid4().hex[:6]}"
+        last_tx = db.query(Transaction).filter(Transaction.account == account).order_by(Transaction.created_at.desc()).first()
+        prev_hash = last_tx.tx_hash if last_tx else "GENESIS_HASH"
+        tx_hash = calculate_tx_hash(tx_id, account, "REFUND", refund_amount, prev_hash)
+        new_tx = Transaction(
+            tx_id=tx_id, account=account, tx_type="REFUND", amount=refund_amount,
+            related_account=seller_account, item_id=item_id, prev_hash=prev_hash, tx_hash=tx_hash
+        )
+        db.add(new_tx)
+        db.commit()
+        logger.info(f"REFUND | buyer={account} | seller={seller_account} | item={item_id} | amount={refund_amount} | ban_until={ban_until.isoformat()}")
+        return {
+            "status": "success",
+            "message": f"退款成功，{refund_amount}积分已退还",
+            "refund_amount": refund_amount,
+            "ban_days": REFUND_BAN_DAYS
+        }
+    except HTTPException:
+        db.rollback()
+        raise
+    except Exception as e:
+        db.rollback()
+        logger.error(f"REFUND_ERROR | buyer={account} | item={item_id} | amount={refund_amount} | error={str(e)}")
         raise HTTPException(status_code=500, detail="退款处理失败，请稍后重试")