mr

controller/subscription_payment_waffo_pancake.go

@@ -103,8 +103,9 @@ func SubscriptionRequestWaffoPancakePay(c *gin.Context) {
 			Amount:      decimal.NewFromFloat(plan.PriceAmount).StringFixed(2),
 			TaxCategory: "saas",
 		},
-		BuyerEmail:       getWaffoPancakeBuyerEmail(user),
-		ExpiresInSeconds: &expiresInSeconds,
+		BuyerEmail:              getWaffoPancakeBuyerEmail(user),
+		ExpiresInSeconds:        &expiresInSeconds,
+		OrderMerchantExternalID: tradeNo,
 	})
 	if err != nil {
 		logger.LogError(c.Request.Context(), fmt.Sprintf("Waffo Pancake 订阅结账会话创建失败 user_id=%d plan_id=%d trade_no=%s error=%q", userId, plan.Id, tradeNo, err.Error()))

controller/topup_waffo_pancake.go

@@ -96,9 +96,6 @@ func getWaffoPancakeBuyerEmail(user *model.User) string {
 	if user != nil && strings.TrimSpace(user.Email) != "" {
 		return user.Email
 	}
-	if user != nil {
-		return fmt.Sprintf("%d@new-api.local", user.Id)
-	}
 	return ""
 }
 
@@ -408,8 +405,9 @@ func RequestWaffoPancakePay(c *gin.Context) {
 			Amount:      formatWaffoPancakeAmount(payMoney),
 			TaxCategory: "saas",
 		},
-		BuyerEmail:       getWaffoPancakeBuyerEmail(user),
-		ExpiresInSeconds: &expiresInSeconds,
+		BuyerEmail:              getWaffoPancakeBuyerEmail(user),
+		ExpiresInSeconds:        &expiresInSeconds,
+		OrderMerchantExternalID: tradeNo,
 	})
 	if err != nil {
 		logger.LogError(c.Request.Context(), fmt.Sprintf("Waffo Pancake 创建结账会话失败 user_id=%d trade_no=%s error=%q", id, tradeNo, err.Error()))
@@ -485,9 +483,9 @@ func WaffoPancakeWebhook(c *gin.Context) {
 		return
 	}
 
-	// Subscription vs top-up dispatch by trade_no prefix (written at
-	// session-creation time): WAFFO_PANCAKE_SUB- vs WAFFO_PANCAKE-.
-	rawTradeNo := strings.TrimSpace(event.Data.OrderID)
+	// Dispatch by trade_no prefix. OrderMerchantExternalID = our trade_no;
+	// OrderID is Pancake's internal ORD_* (logs only).
+	rawTradeNo := strings.TrimSpace(event.Data.OrderMerchantExternalID)
 	isSubscription := strings.HasPrefix(rawTradeNo, "WAFFO_PANCAKE_SUB-")
 
 	if isSubscription {

go.mod

@@ -60,7 +60,7 @@ require (
 	gorm.io/gorm v1.25.2
 )
 
-require github.com/waffo-com/waffo-pancake-sdk-go v0.2.0
+require github.com/waffo-com/waffo-pancake-sdk-go v0.3.1
 
 require (
 	github.com/DmitriyVTitov/size v1.5.0 // indirect

go.sum

@@ -312,6 +312,8 @@ github.com/waffo-com/waffo-pancake-sdk-go v0.1.1 h1:YOI7+3zTBlTB7Ou6+ZXnJV2JvW/a
 github.com/waffo-com/waffo-pancake-sdk-go v0.1.1/go.mod h1:5MBCGH/nqRRA5sHO/lQB/96r4BTAqy8QpWxn53m9htI=
 github.com/waffo-com/waffo-pancake-sdk-go v0.2.0 h1:cCSgccM66p7feTtgRqUUGT50tYQOhahsoPXavd+ib1U=
 github.com/waffo-com/waffo-pancake-sdk-go v0.2.0/go.mod h1:5MBCGH/nqRRA5sHO/lQB/96r4BTAqy8QpWxn53m9htI=
+github.com/waffo-com/waffo-pancake-sdk-go v0.3.1 h1:ngQSN/oVB35xTwFPLfg++bxPC+SptcF145Mb6c62YCc=
+github.com/waffo-com/waffo-pancake-sdk-go v0.3.1/go.mod h1:OB2MyFIQaefoPO0FV3J+yu9sDP8RVFQ+sbFsXqGuObc=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU=

service/waffo_pancake.go

@@ -17,14 +17,15 @@ type WaffoPancakePriceSnapshot struct {
 }
 
 // WaffoPancakeCreateSessionParams is the input to CreateWaffoPancakeCheckoutSession.
-// BuyerIdentity (merchant-controlled, stable per user) is what survives the
-// buyer editing email at checkout — see WaffoPancakeBuyerIdentityFromUserID.
+// BuyerIdentity must be stable per user (see WaffoPancakeBuyerIdentityFromUserID).
+// OrderMerchantExternalID = our trade_no; Pancake echoes it back in webhooks.
 type WaffoPancakeCreateSessionParams struct {
-	ProductID        string
-	BuyerIdentity    string
-	PriceSnapshot    *WaffoPancakePriceSnapshot
-	BuyerEmail       string
-	ExpiresInSeconds *int
+	ProductID               string
+	BuyerIdentity           string
+	PriceSnapshot           *WaffoPancakePriceSnapshot
+	BuyerEmail              string
+	ExpiresInSeconds        *int
+	OrderMerchantExternalID string
 }
 
 // WaffoPancakeCheckoutSession is the response of CreateWaffoPancakeCheckoutSession.
@@ -52,7 +53,9 @@ type WaffoPancakeWebhookEvent struct {
 }
 
 type WaffoPancakeWebhookData struct {
+	// OrderID = Pancake ORD_* (logs); OrderMerchantExternalID = our trade_no (lookup).
 	OrderID                       string
+	OrderMerchantExternalID       string
 	BuyerEmail                    string
 	Currency                      string
 	Amount                        string
@@ -100,17 +103,21 @@ func CreateWaffoPancakeCheckoutSession(ctx context.Context, params *WaffoPancake
 	if strings.TrimSpace(params.BuyerIdentity) == "" {
 		return nil, fmt.Errorf("missing buyer identity")
 	}
+	if strings.TrimSpace(params.OrderMerchantExternalID) == "" {
+		return nil, fmt.Errorf("missing order merchant external id")
+	}
 	client, err := newWaffoPancakeClient()
 	if err != nil {
 		return nil, fmt.Errorf("build Waffo Pancake client: %w", err)
 	}
 
 	sdkParams := pancake.AuthenticatedCheckoutParams{
 		CreateCheckoutSessionParams: pancake.CreateCheckoutSessionParams{
-			ProductID:        params.ProductID,
-			Currency:         "USD",
-			BuyerEmail:       optionalString(params.BuyerEmail),
-			ExpiresInSeconds: params.ExpiresInSeconds,
+			ProductID:               params.ProductID,
+			Currency:                "USD",
+			BuyerEmail:              optionalString(params.BuyerEmail),
+			ExpiresInSeconds:        params.ExpiresInSeconds,
+			OrderMerchantExternalID: optionalString(params.OrderMerchantExternalID),
 		},
 		BuyerIdentity: params.BuyerIdentity,
 	}
@@ -163,6 +170,10 @@ func VerifyConfiguredWaffoPancakeWebhook(payload string, signatureHeader string)
 	if evt.Data.MerchantProvidedBuyerIdentity != nil {
 		identity = *evt.Data.MerchantProvidedBuyerIdentity
 	}
+	externalID := ""
+	if evt.Data.OrderMerchantExternalID != nil {
+		externalID = *evt.Data.OrderMerchantExternalID
+	}
 	return &WaffoPancakeWebhookEvent{
 		ID:        evt.ID,
 		Timestamp: evt.Timestamp,
@@ -172,6 +183,7 @@ func VerifyConfiguredWaffoPancakeWebhook(payload string, signatureHeader string)
 		Mode:      string(evt.Mode),
 		Data: WaffoPancakeWebhookData{
 			OrderID:                       evt.Data.OrderID,
+			OrderMerchantExternalID:       externalID,
 			BuyerEmail:                    evt.Data.BuyerEmail,
 			Currency:                      evt.Data.Currency,
 			Amount:                        evt.Data.Amount,
@@ -183,19 +195,18 @@ func VerifyConfiguredWaffoPancakeWebhook(payload string, signatureHeader string)
 }
 
 // ResolveWaffoPancakeTradeNo maps a verified webhook event to a local TopUp
-// trade_no, rejecting any payload whose buyer identity doesn't match the one
-// we recorded at checkout — defence-in-depth on top of signature verification.
+// trade_no via OrderMerchantExternalID, and rejects buyer-identity mismatches.
 func ResolveWaffoPancakeTradeNo(event *WaffoPancakeWebhookEvent) (string, error) {
 	if event == nil {
 		return "", fmt.Errorf("missing webhook event")
 	}
-	tradeNo := strings.TrimSpace(event.Data.OrderID)
+	tradeNo := strings.TrimSpace(event.Data.OrderMerchantExternalID)
 	if tradeNo == "" {
-		return "", fmt.Errorf("missing webhook orderId")
+		return "", fmt.Errorf("missing webhook orderMerchantExternalId")
 	}
 	topUp := model.GetTopUpByTradeNo(tradeNo)
 	if topUp == nil || topUp.PaymentProvider != model.PaymentProviderWaffoPancake {
-		return "", fmt.Errorf("waffo pancake order not found for webhook orderId=%s", tradeNo)
+		return "", fmt.Errorf("waffo pancake order not found for tradeNo=%s", tradeNo)
 	}
 	expectedIdentity := WaffoPancakeBuyerIdentityFromUserID(topUp.UserId)
 	actualIdentity := strings.TrimSpace(event.Data.MerchantProvidedBuyerIdentity)
@@ -216,13 +227,13 @@ func ResolveWaffoPancakeSubscriptionTradeNo(event *WaffoPancakeWebhookEvent) (st
 	if event == nil {
 		return "", fmt.Errorf("missing webhook event")
 	}
-	tradeNo := strings.TrimSpace(event.Data.OrderID)
+	tradeNo := strings.TrimSpace(event.Data.OrderMerchantExternalID)
 	if tradeNo == "" {
-		return "", fmt.Errorf("missing webhook orderId")
+		return "", fmt.Errorf("missing webhook orderMerchantExternalId")
 	}
 	order := model.GetSubscriptionOrderByTradeNo(tradeNo)
 	if order == nil || order.PaymentProvider != model.PaymentProviderWaffoPancake {
-		return "", fmt.Errorf("waffo pancake subscription order not found for webhook orderId=%s", tradeNo)
+		return "", fmt.Errorf("waffo pancake subscription order not found for tradeNo=%s", tradeNo)
 	}
 	expectedIdentity := WaffoPancakeBuyerIdentityFromUserID(order.UserId)
 	actualIdentity := strings.TrimSpace(event.Data.MerchantProvidedBuyerIdentity)

service/waffo_pancake_test.go

@@ -1,6 +1,7 @@
 package service
 
 import (
+	"context"
 	"fmt"
 	"strings"
 	"testing"
@@ -40,24 +41,36 @@ func setupWaffoPancakeTestDB(t *testing.T) *gorm.DB {
 	return db
 }
 
+func TestCreateWaffoPancakeCheckoutSession_RequiresOrderMerchantExternalID(t *testing.T) {
+	session, err := CreateWaffoPancakeCheckoutSession(context.Background(), &WaffoPancakeCreateSessionParams{
+		ProductID:     "PROD_checkout_guard",
+		BuyerIdentity: WaffoPancakeBuyerIdentityFromUserID(1),
+	})
+
+	require.Error(t, err)
+	require.Nil(t, session)
+	require.Contains(t, err.Error(), "missing order merchant external id")
+}
+
 func TestResolveWaffoPancakeTradeNo_UsesWebhookOrderIDWhenLocalOrderExists(t *testing.T) {
 	db := setupWaffoPancakeTestDB(t)
 
 	topUp := &model.TopUp{
-		UserId:        1,
-		Amount:        10,
-		Money:         29,
-		TradeNo:       "ORD_5dXBtmF2HLlHfbPNm0Wcnz",
+		UserId:          1,
+		Amount:          10,
+		Money:           29,
+		TradeNo:         "ORD_5dXBtmF2HLlHfbPNm0Wcnz",
 		PaymentMethod:   model.PaymentMethodWaffoPancake,
 		PaymentProvider: model.PaymentProviderWaffoPancake,
-		CreateTime:    time.Now().Unix(),
-		Status:        common.TopUpStatusPending,
+		CreateTime:      time.Now().Unix(),
+		Status:          common.TopUpStatusPending,
 	}
 	require.NoError(t, db.Create(topUp).Error)
 
 	tradeNo, err := ResolveWaffoPancakeTradeNo(&WaffoPancakeWebhookEvent{
 		Data: WaffoPancakeWebhookData{
-			OrderID:                       "ORD_5dXBtmF2HLlHfbPNm0Wcnz",
+			OrderID:                       "ORD_internal_pancake_id",
+			OrderMerchantExternalID:       "ORD_5dXBtmF2HLlHfbPNm0Wcnz",
 			MerchantProvidedBuyerIdentity: WaffoPancakeBuyerIdentityFromUserID(topUp.UserId),
 		},
 	})
@@ -69,22 +82,23 @@ func TestResolveWaffoPancakeTradeNo_RejectsBuyerIdentityMismatch(t *testing.T) {
 	db := setupWaffoPancakeTestDB(t)
 
 	topUp := &model.TopUp{
-		UserId:        42,
-		Amount:        10,
-		Money:         29,
-		TradeNo:       "ORD_identity_mismatch_case",
+		UserId:          42,
+		Amount:          10,
+		Money:           29,
+		TradeNo:         "ORD_identity_mismatch_case",
 		PaymentMethod:   model.PaymentMethodWaffoPancake,
 		PaymentProvider: model.PaymentProviderWaffoPancake,
-		CreateTime:    time.Now().Unix(),
-		Status:        common.TopUpStatusPending,
+		CreateTime:      time.Now().Unix(),
+		Status:          common.TopUpStatusPending,
 	}
 	require.NoError(t, db.Create(topUp).Error)
 
 	// Webhook reports the right order but a different buyer — could be a
 	// crossed-wires bug or a tampered payload. Either way: reject.
 	tradeNo, err := ResolveWaffoPancakeTradeNo(&WaffoPancakeWebhookEvent{
 		Data: WaffoPancakeWebhookData{
-			OrderID:                       "ORD_identity_mismatch_case",
+			OrderID:                       "ORD_internal_pancake_id",
+			OrderMerchantExternalID:       "ORD_identity_mismatch_case",
 			MerchantProvidedBuyerIdentity: WaffoPancakeBuyerIdentityFromUserID(99), // wrong user
 		},
 	})
@@ -97,14 +111,14 @@ func TestResolveWaffoPancakeTradeNo_RejectsMissingBuyerIdentity(t *testing.T) {
 	db := setupWaffoPancakeTestDB(t)
 
 	topUp := &model.TopUp{
-		UserId:        7,
-		Amount:        10,
-		Money:         29,
-		TradeNo:       "ORD_missing_identity",
+		UserId:          7,
+		Amount:          10,
+		Money:           29,
+		TradeNo:         "ORD_missing_identity",
 		PaymentMethod:   model.PaymentMethodWaffoPancake,
 		PaymentProvider: model.PaymentProviderWaffoPancake,
-		CreateTime:    time.Now().Unix(),
-		Status:        common.TopUpStatusPending,
+		CreateTime:      time.Now().Unix(),
+		Status:          common.TopUpStatusPending,
 	}
 	require.NoError(t, db.Create(topUp).Error)
 
@@ -113,7 +127,8 @@ func TestResolveWaffoPancakeTradeNo_RejectsMissingBuyerIdentity(t *testing.T) {
 	// reject so that we never credit anonymous orders to a specific user.
 	tradeNo, err := ResolveWaffoPancakeTradeNo(&WaffoPancakeWebhookEvent{
 		Data: WaffoPancakeWebhookData{
-			OrderID: "ORD_missing_identity",
+			OrderID:                 "ORD_internal_pancake_id",
+			OrderMerchantExternalID: "ORD_missing_identity",
 		},
 	})
 	require.Error(t, err)
@@ -133,22 +148,23 @@ func TestResolveWaffoPancakeTradeNo_FailsWhenWebhookOrderIDIsUnknown(t *testing.
 	require.NoError(t, db.Create(user).Error)
 
 	topUp := &model.TopUp{
-		UserId:        user.Id,
-		Amount:        10,
-		Money:         29,
-		TradeNo:       "WAFFO_PANCAKE-42-123456-abc123",
+		UserId:          user.Id,
+		Amount:          10,
+		Money:           29,
+		TradeNo:         "WAFFO_PANCAKE-42-123456-abc123",
 		PaymentMethod:   model.PaymentMethodWaffoPancake,
 		PaymentProvider: model.PaymentProviderWaffoPancake,
-		CreateTime:    time.Now().Unix(),
-		Status:        common.TopUpStatusPending,
+		CreateTime:      time.Now().Unix(),
+		Status:          common.TopUpStatusPending,
 	}
 	require.NoError(t, db.Create(topUp).Error)
 
 	tradeNo, err := ResolveWaffoPancakeTradeNo(&WaffoPancakeWebhookEvent{
 		Data: WaffoPancakeWebhookData{
-			OrderID:    "ORD_unknown",
-			BuyerEmail: user.Email,
-			Amount:     "29.00",
+			OrderID:                 "ORD_internal_pancake_id",
+			OrderMerchantExternalID: "WAFFO_PANCAKE-unknown",
+			BuyerEmail:              user.Email,
+			Amount:                  "29.00",
 		},
 	})
 	require.Error(t, err)
@@ -177,7 +193,8 @@ func TestResolveWaffoPancakeSubscriptionTradeNo_UsesWebhookOrderIDWhenLocalOrder
 
 	tradeNo, err := ResolveWaffoPancakeSubscriptionTradeNo(&WaffoPancakeWebhookEvent{
 		Data: WaffoPancakeWebhookData{
-			OrderID:                       "WAFFO_PANCAKE_SUB-1-1700000000-abc123",
+			OrderID:                       "ORD_internal_pancake_id",
+			OrderMerchantExternalID:       "WAFFO_PANCAKE_SUB-1-1700000000-abc123",
 			MerchantProvidedBuyerIdentity: WaffoPancakeBuyerIdentityFromUserID(order.UserId),
 		},
 	})
@@ -202,7 +219,8 @@ func TestResolveWaffoPancakeSubscriptionTradeNo_RejectsBuyerIdentityMismatch(t *
 
 	tradeNo, err := ResolveWaffoPancakeSubscriptionTradeNo(&WaffoPancakeWebhookEvent{
 		Data: WaffoPancakeWebhookData{
-			OrderID:                       "WAFFO_PANCAKE_SUB-42-mismatch",
+			OrderID:                       "ORD_internal_pancake_id",
+			OrderMerchantExternalID:       "WAFFO_PANCAKE_SUB-42-mismatch",
 			MerchantProvidedBuyerIdentity: WaffoPancakeBuyerIdentityFromUserID(99), // wrong user
 		},
 	})
@@ -228,7 +246,7 @@ func TestResolveWaffoPancakeSubscriptionTradeNo_RejectsMissingBuyerIdentity(t *t
 
 	tradeNo, err := ResolveWaffoPancakeSubscriptionTradeNo(&WaffoPancakeWebhookEvent{
 		Data: WaffoPancakeWebhookData{
-			OrderID: "WAFFO_PANCAKE_SUB-7-missing-identity",
+			OrderMerchantExternalID: "WAFFO_PANCAKE_SUB-7-missing-identity",
 		},
 	})
 	require.Error(t, err)
@@ -253,7 +271,7 @@ func TestResolveWaffoPancakeSubscriptionTradeNo_FailsWhenWebhookOrderIDIsUnknown
 
 	tradeNo, err := ResolveWaffoPancakeSubscriptionTradeNo(&WaffoPancakeWebhookEvent{
 		Data: WaffoPancakeWebhookData{
-			OrderID: "WAFFO_PANCAKE_SUB-unknown",
+			OrderMerchantExternalID: "WAFFO_PANCAKE_SUB-unknown",
 		},
 	})
 	require.Error(t, err)

web/classic/src/components/settings/PaymentSetting.jsx

@@ -52,9 +52,6 @@ const PaymentSetting = () => {
     StripeMinTopUp: 1,
     StripePromotionCodesEnabled: false,
 
-    WaffoPancakeMerchantID: '',
-    WaffoPancakePrivateKey: '',
-    WaffoPancakeReturnURL: '',
     'payment_setting.compliance_confirmed': false,
     'payment_setting.compliance_terms_version': '',
     'payment_setting.compliance_confirmed_at': 0,
@@ -165,11 +162,6 @@ const PaymentSetting = () => {
           case 'StripeMinTopUp':
             newInputs[item.key] = parseFloat(item.value);
             break;
-          case 'WaffoPancakeMerchantID':
-          case 'WaffoPancakePrivateKey':
-          case 'WaffoPancakeReturnURL':
-            newInputs[item.key] = item.value;
-            break;
           default:
             if (item.key.endsWith('Enabled')) {
               newInputs[item.key] = toBoolean(item.value);