[pull] master from yansongda:master#25
Open
pull[bot] wants to merge 204 commits intozc0570:masterfrom
Open
Conversation
* fix: alipay 中 event dispatch provider 是 wechat 的问题 * changelog
* feat: 追加初始化第三方应用授权token * feat: 配置文件增加 app_auth_token 参数,并支持每个请求自定义 Co-authored-by: yansongda <me@yansongda.cn>
* feat: 支持微信投诉API * tests
* feat: 微信服务商退款及查询退款支持自动 sub_mchid 参数 * tests: fix unit tests
* fix: 微信注释中返回类型错误 * fix: 微信注释中返回类型错误
* fixed: 公众号支付供应商模式 sub_appid 非必填 * refactor: 优化代码 Co-authored-by: BranchZero Sun <branchzero@elemenx.com> Co-authored-by: yansongda <me@yansongda.cn>
* fix: 提前读取响应数据造成验签错误的问题
* fix: 提前读取响应数据造成数据错误的问题
fix: 微信服务商模式预下单存在子商户appid时,invoke 时也应该为子商户 appid Co-authored-by: yansongda <me@yansongda.cn>
* fixed: 微信代金券详情插件 * tests Co-authored-by: yansongda <me@yansongda.cn>
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 6.0.6 to 6.0.9. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.0.9/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 6.2.3 to 6.2.4. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.2.4/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.2.4/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 6.2.4 to 6.2.6. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.2.6/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.2.6/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 6.2.6 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
feat: 微信商家转账支持内置异步通知参数 tests: 新增单元测试 --------- Co-authored-by: yansongda <me@yansongda.cn>
--------- Co-authored-by: yansongda <me@yansongda.cn>
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.0.6 to 7.0.7. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v7.0.7/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v7.0.7/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 7.0.7 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Removed acknowledgments and CDN service information from the Authorize component.
* build(deps-dev): bump vite from 7.1.6 to 7.1.11 in /web Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.1.6 to 7.1.11. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v7.1.11/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 7.1.11 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps-dev): bump web frontend dependencies to latest (#1128) * Initial plan * build(deps-dev): update all web frontend dependencies to latest versions Co-authored-by: yansongda <11869114+yansongda@users.noreply.github.com> * fix: add .node-version to require Node 20 for vite 8.x compatibility Co-authored-by: yansongda <11869114+yansongda@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: yansongda <11869114+yansongda@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: yansongda <11869114+yansongda@users.noreply.github.com>
* Initial plan * Add PayPal payment provider support - Add Paypal provider class implementing ProviderInterface with web/query/refund/callback/success methods - Add PaypalServiceProvider for dependency injection registration - Add OAuth2 token management (GetAccessTokenPlugin, ObtainAccessTokenPlugin) with caching - Add AddRadarPlugin supporting Basic auth (token fetch) and Bearer auth (API calls) - Add ResponsePlugin validating HTTP 2xx status codes - Add Pay, Capture, Query, QueryRefund, Refund, Callback plugins for PayPal V2 API - Add WebShortcut, QueryShortcut, RefundShortcut for common payment flows - Add PARAMS_PAYPAL_URL_MISSING (9223) and CONFIG_PAYPAL_INVALID (9406) exception constants - Add get_paypal_url() and get_paypal_access_token() helper functions - Register PaypalServiceProvider in Pay class - Add PayPal sandbox test configuration in TestCase - Add tests for all plugins and shortcuts Production URL: https://api-m.paypal.com/ Sandbox URL: https://api-m.sandbox.paypal.com/ Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Add validation for required IDs in PayPal plugins, update tests Co-authored-by: yansongda <11869114+yansongda@users.noreply.github.com> * Add PayPal documentation and CHANGELOG entry for v3.7.20 (#1127) Co-authored-by: yansongda <11869114+yansongda@users.noreply.github.com> * refactor: rename PayPal namespace from V1 to V2, support external access_token, add Copilot attribution to docs, improve test coverage Co-authored-by: yansongda <11869114+yansongda@users.noreply.github.com> Agent-Logs-Url: https://github.com/yansongda/pay/sessions/9a63746b-7c08-4fb0-979d-3bec1a76fe32 * fix: resolve coding style issues in Functions.php and add PayPal function tests Co-authored-by: yansongda <11869114+yansongda@users.noreply.github.com> Agent-Logs-Url: https://github.com/yansongda/pay/sessions/dad4a76a-d5cf-4c3a-b352-1b0852f12a91 * fix: address PR review comments and add copilot-instructions.md - Add @todo for webhook signature verification in CallbackPlugin - Replace collect() with plain PHP loops in docs (framework-agnostic) - Create .github/copilot-instructions.md for Copilot custom instructions Co-authored-by: yansongda <11869114+yansongda@users.noreply.github.com> Agent-Logs-Url: https://github.com/yansongda/pay/sessions/f88bda98-4e48-4f04-905b-eeb9d4967119 * feat: implement PayPal webhook signature verification and rewrite copilot-instructions.md in Chinese - Implement verify_paypal_webhook_sign() using PayPal's verify-webhook-signature API - Refactor Provider callback() to pass ServerRequestInterface (like Wechat pattern) - Refactor CallbackPlugin to verify webhook signature before accepting payload - Add VerifyWebhookSignPlugin for building verification API request - Add webhook_id to PayPal config (required for signature verification) - Add comprehensive tests for webhook verification (localhost skip, missing config, empty sig, success, failure) - Rewrite .github/copilot-instructions.md entirely in Chinese - Add security requirements section emphasizing API security as top priority - Update callback documentation with webhook signature verification details Co-authored-by: yansongda <11869114+yansongda@users.noreply.github.com> Agent-Logs-Url: https://github.com/yansongda/pay/sessions/41829a91-9c75-4201-8d60-5d4bf4853433 * fix: add phpstan-ignore for CallbackPlugin type mismatch PHPStan reported type mismatch because $rocket->getDestinationOrigin() returns RequestInterface|ResponseInterface|null, but verify_paypal_webhook_sign() expects ServerRequestInterface. After init() validates and sets the ServerRequestInterface, the type is guaranteed at runtime. Follow Wechat CallbackPlugin pattern with @phpstan-ignore-next-line annotation. Co-authored-by: yansongda <11869114+yansongda@users.noreply.github.com> Agent-Logs-Url: https://github.com/yansongda/pay/sessions/8a1deb45-aac3-4325-b766-1207be39ba87 * refactor: remove unnecessary @throws and imports from PayPal plugins CapturePlugin, QueryPlugin, QueryRefundPlugin, and RefundPlugin don't call get_provider_config() or any function that throws ContainerException or ServiceNotFoundException. Remove these inaccurate @throws annotations and their unused imports to improve code accuracy. Co-authored-by: yansongda <11869114+yansongda@users.noreply.github.com> Agent-Logs-Url: https://github.com/yansongda/pay/sessions/8a1deb45-aac3-4325-b766-1207be39ba87 * test: add PaypalTest.php Provider-level tests Add Provider-level tests for PayPal following the same pattern as WechatTest/DouyinTest: shortcut not found, mergeCommonPlugins, cancel/close exceptions, callback with ServerRequestInterface, callback with array, and success response. Co-authored-by: yansongda <11869114+yansongda@users.noreply.github.com> Agent-Logs-Url: https://github.com/yansongda/pay/sessions/6a640cf2-7209-47e9-b2b7-39a64fc4b01b --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: yansongda <11869114+yansongda@users.noreply.github.com>
* Initial plan
* Add Stripe payment provider support
Implements Stripe as a new payment provider following the PayPal patterns.
## New files:
- src/Plugin/Stripe/V1/AddRadarPlugin.php - HTTP radar with Bearer auth and form-encoded body
- src/Plugin/Stripe/V1/ResponsePlugin.php - HTTP response status validation
- src/Plugin/Stripe/V1/Pay/PayPlugin.php - Create PaymentIntent (POST /v1/payment_intents)
- src/Plugin/Stripe/V1/Pay/WebPlugin.php - Create Checkout Session (POST /v1/checkout/sessions)
- src/Plugin/Stripe/V1/Pay/QueryPlugin.php - Retrieve PaymentIntent (GET /v1/payment_intents/{id})
- src/Plugin/Stripe/V1/Pay/QueryRefundPlugin.php - Retrieve Refund (GET /v1/refunds/{id})
- src/Plugin/Stripe/V1/Pay/RefundPlugin.php - Create Refund (POST /v1/refunds)
- src/Plugin/Stripe/V1/Pay/CancelPlugin.php - Cancel PaymentIntent (POST /v1/payment_intents/{id}/cancel)
- src/Plugin/Stripe/V1/Pay/CallbackPlugin.php - Webhook callback with local HMAC-SHA256 verification
- src/Provider/Stripe.php - Provider implementing ProviderInterface
- src/Service/StripeServiceProvider.php - Service container registration
- src/Shortcut/Stripe/IntentShortcut.php - PaymentIntent shortcut
- src/Shortcut/Stripe/WebShortcut.php - Checkout Session shortcut
- src/Shortcut/Stripe/QueryShortcut.php - Query order/refund shortcut
- src/Shortcut/Stripe/RefundShortcut.php - Refund shortcut
- src/Shortcut/Stripe/CancelShortcut.php - Cancel shortcut
## Modified files:
- src/Exception/Exception.php - Added PARAMS_STRIPE_URL_MISSING and CONFIG_STRIPE_INVALID constants
- src/Functions.php - Added get_stripe_url() and verify_stripe_webhook_sign() helpers
- src/Pay.php - Registered Stripe provider and StripeServiceProvider
- tests/TestCase.php - Added stripe test configuration
## Key differences from PayPal:
- No OAuth token flow (direct Bearer key auth)
- Form-encoded request bodies (application/x-www-form-urlencoded)
- Local HMAC-SHA256 webhook verification via Stripe-Signature header
- No AddPayloadBodyPlugin needed (AddRadarPlugin handles encoding)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* feat: add Stripe payment provider tests and documentation
- Add unit tests for all Stripe V1 plugins:
- AddRadarPlugin: Bearer auth, form-encoded body, GET/POST handling
- ResponsePlugin: 2xx success, 4xx/5xx error handling
- PayPlugin, WebPlugin, QueryPlugin, CancelPlugin, RefundPlugin,
QueryRefundPlugin, CallbackPlugin
- Add provider test (StripeTest): mergeCommonPlugins, close exception,
callback, callbackWithArray, success
- Add shortcut tests: IntentShortcut, WebShortcut, QueryShortcut
(default/order/refund actions), RefundShortcut, CancelShortcut
- Add documentation under web/docs/v3/stripe/:
pay.md, query.md, refund.md, cancel.md, close.md, callback.md,
response.md, all.md
- Add quick-start guide: web/docs/v3/quick-start/stripe.md
- Update sidebar (v3.js): add Stripe section after PayPal and
quick-start entry
- Update web/docs/v3/quick-start/init.md: add Stripe config block
- Update CHANGELOG.md: add Stripe entry under v3.7.20
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix: address code review suggestions from automated reviewer
- Remove `static` from @method annotations in Provider/Stripe.php (instance methods, not static)
- Fix Stripe-Signature header parsing in Functions.php: add trim() and
2-element count check per segment to handle malformed headers safely
- Add JSON decode error check in CallbackPlugin.php to throw explicit
InvalidParamsException on invalid body
- Fix GET requests in AddRadarPlugin.php to append payload params as
query string (previously silently dropped)
- Remove unused @throws annotations from PayPlugin.php (no throwing code)
- Add GET query string test in AddRadarPluginTest.php
- Add invalid JSON test in CallbackPluginTest.php
- Add VerifyWebhookSignTest.php covering all branches: localhost skip,
missing webhook_secret, empty/malformed signature, expired timestamp,
wrong signature, valid signature
Not adopted (with explanation):
- Localhost in callback(array): intentional design pattern consistent
with Paypal/Wechat providers; array callback is test-only, production
should use ServerRequestInterface
- Suggestion to throw on array input: would be a breaking change vs the
established SDK-wide pattern
Co-authored-by: yansongda <11869114+yansongda@users.noreply.github.com>
Agent-Logs-Url: https://github.com/yansongda/pay/sessions/47f0d207-e97f-4f2b-a58e-152f54864473
* fix: restore missing testNormalCallback() method declaration in CallbackPluginTest
The method declaration was accidentally dropped when inserting testInvalidJsonBodyThrowsException(),
leaving an orphan { at line 48 which caused a PHP ParseError in CI.
Co-authored-by: yansongda <11869114+yansongda@users.noreply.github.com>
Agent-Logs-Url: https://github.com/yansongda/pay/sessions/bb388c79-b59a-44b4-b370-e6e9589ea9f0
* fix: add PARAMS_STRIPE_BODY_INVALID constant and use it in CallbackPlugin
Exception::PARAMS_INVALID did not exist, causing PHPStan error and test failure.
Added PARAMS_STRIPE_BODY_INVALID = 9225 to Exception.php and updated
CallbackPlugin.php + CallbackPluginTest.php to use the new constant.
Co-authored-by: yansongda <11869114+yansongda@users.noreply.github.com>
Agent-Logs-Url: https://github.com/yansongda/pay/sessions/3347b2aa-4994-41b5-9238-36c5761effee
* fix: use SIGN_ERROR (not SIGN_EMPTY) for Stripe signature format error
When Stripe-Signature header is present but has no valid t= or v1= segments,
the error is a format error (SIGN_ERROR), not an empty signature (SIGN_EMPTY).
SIGN_EMPTY is now strictly reserved for missing/empty header.
Also updated VerifyWebhookSignTest to assert SIGN_ERROR code for malformed header.
Co-authored-by: yansongda <11869114+yansongda@users.noreply.github.com>
Agent-Logs-Url: https://github.com/yansongda/pay/sessions/65c1ae5f-58c4-4448-ae03-b76c90424ec3
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: yansongda <11869114+yansongda@users.noreply.github.com>
* fix: remove localhost bypass to fix signature verification security vulnerability (GHSA-q938-ghwv-8gvc) Co-authored-by: yansongda <11869114+yansongda@users.noreply.github.com> Agent-Logs-Url: https://github.com/yansongda/pay/sessions/fbd84207-6c68-42f1-afd1-c2437e822dbe * fix(tests): revert Wechat serial to 45F59D4... by remapping cert to wechatAppPublicKey.pem Co-authored-by: yansongda <11869114+yansongda@users.noreply.github.com> Agent-Logs-Url: https://github.com/yansongda/pay/sessions/01187528-a334-4544-80ee-4f5d07d0a140 * docs: add changelog entry for GHSA-q938-ghwv-8gvc fix under v3.7.20 (#1131) Co-authored-by: yansongda <11869114+yansongda@users.noreply.github.com> Agent-Logs-Url: https://github.com/yansongda/pay/sessions/c254bf75-2ab8-4976-aa96-024054dcc334 * Update tests/Plugin/Stripe/V1/VerifyWebhookSignTest.php Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * fix(tests): use wechatPublicKey.crt for serial 45F59D4... by regenerating cert from wechatAppPrivateKey.pem Co-authored-by: yansongda <11869114+yansongda@users.noreply.github.com> Agent-Logs-Url: https://github.com/yansongda/pay/sessions/2633d7f5-4b5b-4957-aea4-f3801d8004c6 * fix(tests): revert to abe2659 cert mapping and add comment explaining wechatAppPublicKey.pem usage Co-authored-by: yansongda <11869114+yansongda@users.noreply.github.com> Agent-Logs-Url: https://github.com/yansongda/pay/sessions/3812dc33-b167-49dc-b6b7-f0b3e16d8f32 --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: yansongda <11869114+yansongda@users.noreply.github.com> Co-authored-by: yansongda <me@yansongda.cn> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )