feat: 实现 iOS Apple Pay 内购支付功能

前端: - 集成 in_app_purchase 插件，实现 IAP 支付流程 - 添加支付模块 (payments/) 处理产品获取、购买、验证 - 积分中心页面集成 Apple Pay 购买入口 - 设置页面重构: 关于/隐私/协议直接展示，删除 legal_center 子页面 - 修复欢迎引导页滚动检测阈值问题 - 修复解卦结果页 iOS 侧滑返回手势被阻止的问题 - 邀请码绑定按钮临时禁用（待后端实现）后端: - 新增 apple_iap_transactions 表记录交易 - 实现 Apple 服务器端验证 (App Store Server API) - 支付成功后自动发放积分 - 支持 Sandbox/Production 环境切换 - 添加退款处理和交易状态机协议: - 更新积分流水协议，支持 purchase/refund 类型 - 新增 PAYMENT_* 错误码
2026-04-28 10:45:29 +08:00
parent b453ff7345
commit 87f92987b2
58 changed files with 3741 additions and 336 deletions
@@ -0,0 +1,68 @@
+from __future__ import annotations
+
+import base64
+import json
+
+from v1.payments.apple_verifier import (
+    AppleJwsVerifier,
+    VerificationError,
+    VerifiedTransaction,
+)
+
+
+def _make_jws_parts(header: dict[str, object], payload: dict[str, object]) -> tuple[str, str]:
+    h = base64.urlsafe_b64encode(json.dumps(header).encode()).rstrip(b"=").decode()
+    p = base64.urlsafe_b64encode(json.dumps(payload).encode()).rstrip(b"=").decode()
+    return h, p
+
+
+class TestAppleJwsVerifierInvalidInput:
+    def test_invalid_header_returns_error(self) -> None:
+        verifier = AppleJwsVerifier()
+        result = verifier.verify_signed_transaction(
+            "not-a-jws",
+            expected_bundle_id="com.meeyao.qianwen",
+            expected_product_id="com.meeyao.qianwen.basic_pack",
+        )
+        assert isinstance(result, VerificationError)
+        assert result.code == "PAYMENT_TRANSACTION_INVALID"
+        assert "decode" in result.detail.lower() or "header" in result.detail.lower()
+
+    def test_missing_x5c_returns_error(self) -> None:
+        verifier = AppleJwsVerifier()
+        h, p = _make_jws_parts({"alg": "ES256"}, {"bundleId": "test"})
+        result = verifier.verify_signed_transaction(
+            f"{h}.{p}.fake",
+            expected_bundle_id="com.meeyao.qianwen",
+            expected_product_id="com.meeyao.qianwen.basic_pack",
+        )
+        assert isinstance(result, VerificationError)
+        assert "x5c" in result.detail
+
+    def test_short_x5c_returns_error(self) -> None:
+        verifier = AppleJwsVerifier()
+        h, p = _make_jws_parts({"alg": "ES256", "x5c": ["one"]}, {"bundleId": "test"})
+        result = verifier.verify_signed_transaction(
+            f"{h}.{p}.fake",
+            expected_bundle_id="com.meeyao.qianwen",
+            expected_product_id="com.meeyao.qianwen.basic_pack",
+        )
+        assert isinstance(result, VerificationError)
+        assert "x5c" in result.detail
+
+    def test_issuer_subject_mismatch_returns_error(self) -> None:
+        verifier = AppleJwsVerifier()
+        leaf_cert_b64 = base64.b64encode(b"fake_leaf_cert").decode()
+        intermediate_cert_b64 = base64.b64encode(b"fake_intermediate_cert").decode()
+        root_cert_b64 = base64.b64encode(b"fake_root_cert").decode()
+        h, p = _make_jws_parts(
+            {"alg": "ES256", "x5c": [leaf_cert_b64, intermediate_cert_b64, root_cert_b64]},
+            {"bundleId": "com.meeyao.qianwen"},
+        )
+        result = verifier.verify_signed_transaction(
+            f"{h}.{p}.fake",
+            expected_bundle_id="com.meeyao.qianwen",
+            expected_product_id="com.meeyao.qianwen.basic_pack",
+        )
+        assert isinstance(result, VerificationError)
+        assert "fingerprint" in result.detail or "issuer" in result.detail or "subject" in result.detail