feat: user invoice pay_balance

app/routes.php

@@ -116,6 +116,7 @@ return static function (Slim\App $app): void {
         // 账单页面
         $group->get('/invoice', App\Controllers\User\InvoiceController::class . ':invoice');
         $group->get('/invoice/{id}/view', App\Controllers\User\InvoiceController::class . ':detail');
+        $group->post('/invoice/pay_balance', App\Controllers\User\InvoiceController::class . ':payBalance');
         $group->post('/invoice/ajax', App\Controllers\User\InvoiceController::class . ':ajax');
 
         // 新优惠码系统

resources/views/tabler/user/invoice/view.tpl

@@ -21,65 +21,125 @@
     </div>
     <div class="page-body">
         <div class="container-xl">
-            <div class="card">
-                <div class="card-header">
-                    <h3 class="card-title">基本信息</h3>
-                </div>
-                <div class="card-body">
-                    <div class="datagrid">
-                        <div class="datagrid-item">
-                            <div class="datagrid-title">订单ID</div>
-                            <div class="datagrid-content">{$invoice->order_id}</div>
+            <div class="row row-cards">
+                <div class="col-sm-12 col-md-6 col-lg-9">
+                    <div class="card">
+                        <div class="card-header">
+                            <h3 class="card-title">基本信息</h3>
+                        </div>
+                        <div class="card-body">
+                            <div class="datagrid">
+                                <div class="datagrid-item">
+                                    <div class="datagrid-title">订单ID</div>
+                                    <div class="datagrid-content">{$invoice->order_id}</div>
+                                </div>
+                                <div class="datagrid-item">
+                                    <div class="datagrid-title">订单金额</div>
+                                    <div class="datagrid-content">{$invoice->price}</div>
+                                </div>
+                                <div class="datagrid-item">
+                                    <div class="datagrid-title">订单状态</div>
+                                    <div class="datagrid-content">{$invoice->status}</div>
+                                </div>
+                                <div class="datagrid-item">
+                                    <div class="datagrid-title">创建时间</div>
+                                    <div class="datagrid-content">{$invoice->create_time}</div>
+                                </div>
+                                <div class="datagrid-item">
+                                    <div class="datagrid-title">更新时间</div>
+                                    <div class="datagrid-content">{$invoice->update_time}</div>
+                                </div>
+                                <div class="datagrid-item">
+                                    <div class="datagrid-title">支付时间</div>
+                                    <div class="datagrid-content">{$invoice->pay_time}</div>
+                                </div>
+                            </div>
                         </div>
-                        <div class="datagrid-item">
-                            <div class="datagrid-title">订单金额</div>
-                            <div class="datagrid-content">{$invoice->price}</div>
+                    </div>
+                    <div class="card my-3">
+                        <div class="card-header">
+                            <h3 class="card-title">账单详情</h3>
                         </div>
-                        <div class="datagrid-item">
-                            <div class="datagrid-title">订单状态</div>
-                            <div class="datagrid-content">{$invoice->status}</div>
+                        <div class="card-body">
+                            <div class="table-responsive">
+                                <table id="invoice_content_table" class="table table-vcenter card-table">
+                                    <thead>
+                                        <tr>
+                                            <th>名称</th>
+                                            <th>价格</th>
+                                        </tr>
+                                    </thead>
+                                    <tbody>
+                                        {foreach $invoice_content as $invoice_content_detail}
+                                        <tr>
+                                            <td>{$invoice_content_detail->name}</td>
+                                            <td>{$invoice_content_detail->price}</td>
+                                        </tr>
+                                        {/foreach}
+                                    </tbody>
+                                </table>
+                            </div>
                         </div>
-                        <div class="datagrid-item">
-                            <div class="datagrid-title">创建时间</div>
-                            <div class="datagrid-content">{$invoice->create_time}</div>
+                    </div>
+                </div>
+                <div class="col-sm-12 col-md-6 col-lg-3">
+                    <div class="card">
+                        <div class="card-header">
+                            <h3 class="card-title">余额支付</h3>
                         </div>
-                        <div class="datagrid-item">
-                            <div class="datagrid-title">更新时间</div>
-                            <div class="datagrid-content">{$invoice->update_time}</div>
+                        <div class="card-body">
+                            <div class="mb-3">
+                                当前账户可用余额：<code>{$user->money}</code> 元
+                            </div>
                         </div>
-                        <div class="datagrid-item">
-                            <div class="datagrid-title">支付时间</div>
-                            <div class="datagrid-content">{$invoice->pay_time}</div>
+                        <div class="card-footer">
+                          <div class="d-flex">
+                          <button id="pay-balance" class="btn" type="button">支付</button>
+                          </div>
                         </div>
                     </div>
-                </div>
-            </div>
-            <div class="card my-3">
-                <div class="card-header">
-                    <h3 class="card-title">账单详情</h3>
-                </div>
-                <div class="card-body">
-                    <div class="table-responsive">
-                        <table id="invoice_content_table" class="table table-vcenter card-table">
-                            <thead>
-                                <tr>
-                                    <th>名称</th>
-                                    <th>价格</th>
-                                </tr>
-                            </thead>
-                            <tbody>
-                                {foreach $invoice_content as $invoice_content_detail}
-                                <tr>
-                                    <td>{$invoice_content_detail->name}</td>
-                                    <td>{$invoice_content_detail->price}</td>
-                                </tr>
+                    <div class="card my-3">
+                        <div class="card-header">
+                            <h3 class="card-title">网关支付</h3>
+                        </div>
+                        <div class="card-body">
+                            {if count($payments) > 0}
+                                {foreach from=$payments item=payment}
+                                <div class="mb-3">
+                                    {$payment::getPurchaseHTML()}
+                                </div>
                                 {/foreach}
-                            </tbody>
-                        </table>
+                            {/if}
+                        </div>
                     </div>
                 </div>
             </div>
         </div>
     </div>
 
+    <script>
+        $("#pay-balance").click(function() {
+            $.ajax({
+                url: '/user/invoice/pay_balance',
+                type: 'POST',
+                dataType: "json",
+                data: {
+                    invoice_id: {$invoice->id},
+                },
+                success: function(data) {
+                    if (data.ret == 1) {
+                        $('#success-message').text(data.msg);
+                        $('#success-dialog').modal('show');
+                        setTimeout(function() {
+                            $(location).attr('href', '/user/invoice/');
+                        }, 1500);
+                    } else {
+                        $('#fail-message').text(data.msg);
+                        $('#fail-dialog').modal('show');
+                    }
+                }
+            })
+        });  
+    </script>
+
 {include file='user/tabler_footer.tpl'}

src/Controllers/User/InvoiceController.php

@@ -6,9 +6,11 @@ namespace App\Controllers\User;
 
 use App\Controllers\BaseController;
 use App\Models\Invoice;
+use App\Services\Payment;
 use App\Utils\Tools;
 use Slim\Http\Response;
 use Slim\Http\ServerRequest;
+use voku\helper\AntiXSS;
 
 final class InvoiceController extends BaseController
 {
@@ -36,9 +38,15 @@ final class InvoiceController extends BaseController
 
     public function detail(ServerRequest $request, Response $response, array $args)
     {
-        $id = $args['id'];
+        $antiXss = new AntiXSS();
+        $id = $antiXss->xss_clean($args['id']);
+
+        $invoice = Invoice::where('user_id', $this->user->id)->where('id', $id)->first();
+
+        if ($invoice === null) {
+            return $response->withRedirect('/user/invoice');
+        }
 
-        $invoice = Invoice::find($id);
         $invoice->status = Tools::getInvoiceStatus($invoice);
         $invoice->create_time = Tools::toDateTime($invoice->create_time);
         $invoice->update_time = Tools::toDateTime($invoice->update_time);
@@ -49,10 +57,48 @@ final class InvoiceController extends BaseController
             $this->view()
                 ->assign('invoice', $invoice)
                 ->assign('invoice_content', $invoice_content)
+                ->assign('payments', Payment::getPaymentsEnabled())
                 ->fetch('user/invoice/view.tpl')
         );
     }
 
+    public function payBalance(ServerRequest $request, Response $response, array $args)
+    {
+        $antiXss = new AntiXSS();
+        $invoice_id = $antiXss->xss_clean($request->getParam('invoice_id'));
+
+        $invoice = Invoice::where("user_id", $this->user->id)->where("id", $invoice_id)->first();
+
+        if ($invoice === null) {
+            return $response->withJson([
+                'ret' => 0,
+                'msg' => '账单不存在',
+            ]);
+        }
+
+        $user = $this->user;
+
+        if ($user->money < $invoice->price) {
+            return $response->withJson([
+                'ret' => 0,
+                'msg' => '余额不足',
+            ]);
+        }
+
+        $user->money -= $invoice->price;
+        $user->save();
+
+        $invoice->status = 'paid_balance';
+        $invoice->update_time = \time();
+        $invoice->pay_time = \time();
+        $invoice->save();
+
+        return $response->withJson([
+            'ret' => 1,
+            'msg' => '支付成功',
+        ]);
+    }
+
     public function ajax(ServerRequest $request, Response $response, array $args)
     {
         $invoices = Invoice::orderBy('id', 'desc')->get();

src/Controllers/User/OrderController.php

@@ -42,7 +42,8 @@ final class OrderController extends BaseController
 
     public function create(ServerRequest $request, Response $response, array $args)
     {
-        $product_id = $request->getQueryParams()['product_id'] ?? null;
+        $antiXss = new AntiXSS();
+        $product_id = $antiXss->xss_clean($request->getQueryParams()['product_id']) ?? null;
 
         if ($product_id === null || $product_id === '') {
             return $response->withRedirect('/user/product');
@@ -61,9 +62,15 @@ final class OrderController extends BaseController
 
     public function detail(ServerRequest $request, Response $response, array $args)
     {
-        $id = $args['id'];
+        $antiXss = new AntiXSS();
+        $id = $antiXss->xss_clean($args['id']);
+
+        $order = Order::where('user_id', $this->user->id)->where('id', $id)->first();
+
+        if ($order === null) {
+            return $response->withRedirect('/user/order');
+        }
 
-        $order = Order::find($id);
         $order->product_type = Tools::getOrderProductType($order);
         $order->status = Tools::getOrderStatus($order);
         $order->create_time = Tools::toDateTime($order->create_time);