新增代理实名认证和授权

2025-05-24 14:26:20 +08:00
parent 16e57387db
commit 2d3ca4c18e
54 changed files with 4069 additions and 435 deletions
--- a/app/user/cmd/api/internal/logic/agent/agentrealnamelogic.go
+++ b/app/user/cmd/api/internal/logic/agent/agentrealnamelogic.go
@@ -0,0 +1,99 @@
+package agent
+
+import (
+	"context"
+	"database/sql"
+	"fmt"
+	"time"
+
+	"qnc-server/app/user/cmd/api/internal/service"
+	"qnc-server/app/user/cmd/api/internal/svc"
+	"qnc-server/app/user/cmd/api/internal/types"
+	"qnc-server/app/user/model"
+	"qnc-server/common/ctxdata"
+	"qnc-server/common/xerr"
+	"qnc-server/pkg/lzkit/crypto"
+
+	"github.com/pkg/errors"
+	"github.com/zeromicro/go-zero/core/logx"
+	"github.com/zeromicro/go-zero/core/stores/redis"
+)
+
+type AgentRealNameLogic struct {
+	logx.Logger
+	ctx    context.Context
+	svcCtx *svc.ServiceContext
+}
+
+func NewAgentRealNameLogic(ctx context.Context, svcCtx *svc.ServiceContext) *AgentRealNameLogic {
+	return &AgentRealNameLogic{
+		Logger: logx.WithContext(ctx),
+		ctx:    ctx,
+		svcCtx: svcCtx,
+	}
+}
+
+func (l *AgentRealNameLogic) AgentRealName(req *types.AgentRealNameReq) (resp *types.AgentRealNameResp, err error) {
+	userID, err := ctxdata.GetUidFromCtx(l.ctx)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "获取用户ID失败, %v", err)
+	}
+	secretKey := l.svcCtx.Config.Encrypt.SecretKey
+	encryptedMobile, err := crypto.EncryptMobile(req.Mobile, secretKey)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "代理实名, 加密手机号失败: %v", err)
+	}
+	// 检查手机号是否在一分钟内已发送过验证码
+	redisKey := fmt.Sprintf("%s:%s", "realName", encryptedMobile)
+	cacheCode, err := l.svcCtx.Redis.Get(redisKey)
+	if err != nil {
+		if errors.Is(err, redis.Nil) {
+			return nil, errors.Wrapf(xerr.NewErrMsg("验证码已过期"), "代理实名, 验证码过期: %s", encryptedMobile)
+		}
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "代理实名, 读取验证码redis缓存失败, mobile: %s, err: %+v", encryptedMobile, err)
+	}
+	if cacheCode != req.Code {
+		return nil, errors.Wrapf(xerr.NewErrMsg("验证码不正确"), "代理实名, 验证码不正确: %s", encryptedMobile)
+	}
+	agent, err := l.svcCtx.AgentModel.FindOneByUserId(l.ctx, userID)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "获取代理信息失败, %v", err)
+	}
+
+	agentRealName, err := l.svcCtx.AgentRealNameModel.FindOneByAgentId(l.ctx, agent.Id)
+	if err != nil && !errors.Is(err, model.ErrNotFound) {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "获取代理实名信息失败, %v", err)
+	}
+
+	if agentRealName != nil && agentRealName.Status == model.AgentRealNameStatusApproved {
+		return nil, errors.Wrapf(xerr.NewErrMsg("代理实名信息已审核通过"), "代理实名信息已审核通过")
+	}
+	// 三要素验证
+	threeVerification := service.ThreeFactorVerificationRequest{
+		Name:   req.Name,
+		IDCard: req.IDCard,
+		Mobile: req.Mobile,
+	}
+	verification, err := l.svcCtx.VerificationService.ThreeFactorVerification(threeVerification)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "三要素验证失败: %v", err)
+	}
+	if !verification.Passed {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.SERVER_COMMON_ERROR, verification.Err.Error()), "三要素验证不通过: %v", err)
+	}
+	agentRealName = &model.AgentRealName{
+		AgentId:     agent.Id,
+		Status:      model.AgentRealNameStatusApproved,
+		Name:        req.Name,
+		IdCard:      req.IDCard,
+		ApproveTime: sql.NullTime{Time: time.Now(), Valid: true},
+	}
+	_, err = l.svcCtx.AgentRealNameModel.Insert(l.ctx, nil, agentRealName)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "添加代理实名信息失败, %v", err)
+	}
+
+	return &types.AgentRealNameResp{
+		Status: agentRealName.Status,
+	}, nil
+}
--- a/app/user/cmd/api/internal/logic/agent/agentwithdrawallogic.go
+++ b/app/user/cmd/api/internal/logic/agent/agentwithdrawallogic.go
@@ -60,11 +60,22 @@ func (l *AgentWithdrawalLogic) AgentWithdrawal(req *types.WithdrawalReq) (*types
 		if err != nil {
 			return errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "获取用户ID失败: %v", err)
 		}
-
-		// 查询代理信息
 		agentModel, err := l.svcCtx.AgentModel.FindOneByUserId(l.ctx, userID)
 		if err != nil {
-			return errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询代理信息失败: %v", err)
+			return errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询代理信息失败: %v", err)
+		}
+		agentRealName, err := l.svcCtx.AgentRealNameModel.FindOneByAgentId(l.ctx, agentModel.Id)
+		if err != nil {
+			if errors.Is(err, model.ErrNotFound) {
+				return errors.Wrapf(xerr.NewErrMsg("您未进行实名认证, 无法提现"), "您未进行实名认证")
+			}
+			return errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询代理实名信息失败: %v", err)
+		}
+		if agentRealName.Status != model.AgentRealNameStatusApproved {
+			return errors.Wrapf(xerr.NewErrMsg("您的实名认证未通过, 无法提现"), "您的实名认证未通过")
+		}
+		if agentRealName.Name != req.PayeeName {
+			return errors.Wrapf(xerr.NewErrMsg("您的实名认证信息不匹配, 无法提现"), "您的实名认证信息不匹配")
 		}

 		// 查询钱包
--- a/app/user/cmd/api/internal/logic/agent/applyforagentlogic.go
+++ b/app/user/cmd/api/internal/logic/agent/applyforagentlogic.go
@@ -8,7 +8,6 @@ import (
 	jwtx "qnc-server/common/jwt"
 	"qnc-server/common/xerr"
 	"qnc-server/pkg/lzkit/crypto"
-	"qnc-server/pkg/lzkit/lzUtils"
 	"time"

 	"github.com/pkg/errors"
@@ -108,7 +107,6 @@ func (l *ApplyForAgentLogic) ApplyForAgent(req *types.AgentApplyReq) (resp *type
 		agentAudit.UserId = user.Id
 		agentAudit.Mobile = encryptedMobile
 		agentAudit.Region = req.Region
-		agentAudit.WechatId = lzUtils.StringToNullString(req.WechatID)
 		agentAudit.Status = 1
 		_, insetAgentAuditErr := l.svcCtx.AgentAuditModel.Insert(transCtx, session, &agentAudit)
 		if insetAgentAuditErr != nil {
@@ -131,7 +129,6 @@ func (l *ApplyForAgentLogic) ApplyForAgent(req *types.AgentApplyReq) (resp *type
 		agentModel.Mobile = agentAudit.Mobile
 		agentModel.Region = agentAudit.Region
 		agentModel.UserId = agentAudit.UserId
-		agentModel.WechatId = lzUtils.StringToNullString(req.WechatID)
 		agentModelInsert, insertAgentModelErr := l.svcCtx.AgentModel.Insert(transCtx, session, &agentModel)
 		if insertAgentModelErr != nil {
 			return errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "代理申请, 新增代理失败: %+v", insertAgentModelErr)
--- a/app/user/cmd/api/internal/logic/agent/getagentinfologic.go
+++ b/app/user/cmd/api/internal/logic/agent/getagentinfologic.go
@@ -6,12 +6,12 @@ import (
 	"qnc-server/common/ctxdata"
 	"qnc-server/common/xerr"
 	"qnc-server/pkg/lzkit/crypto"
-	"qnc-server/pkg/lzkit/lzUtils"

 	"github.com/pkg/errors"

 	"qnc-server/app/user/cmd/api/internal/svc"
 	"qnc-server/app/user/cmd/api/internal/types"
+	"qnc-server/app/user/model"

 	"github.com/zeromicro/go-zero/core/logx"
 )
@@ -64,6 +64,16 @@ func (l *GetAgentInfoLogic) GetAgentInfo() (resp *types.AgentInfoResp, err error
 	if err != nil {
 		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "获取代理信息, 解密手机号失败: %v", err)
 	}
+
+	IsRealName := false
+	agentRealName, err := l.svcCtx.AgentRealNameModel.FindOneByAgentId(l.ctx, agent.Id)
+	if err != nil && !errors.Is(err, model.ErrNotFound) {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "获取代理实名信息失败, %v", err)
+	}
+	if agentRealName != nil {
+		IsRealName = true
+	}
+
 	return &types.AgentInfoResp{
 		AgentID:    agent.Id,
 		Level:      agent.LevelName,
@@ -72,6 +82,6 @@ func (l *GetAgentInfoLogic) GetAgentInfo() (resp *types.AgentInfoResp, err error
 		Region:     agent.Region,
 		Mobile:     agent.Mobile,
 		ExpiryTime: agent.MembershipExpiryTime.Time.Format("2006-01-02 15:04:05"),
-		WechatID:   lzUtils.NullStringToString(agent.WechatId),
+		IsRealName: IsRealName,
 	}, nil
 }
--- a/app/user/cmd/api/internal/logic/auth/getfaceverifyresultlogic.go
+++ b/app/user/cmd/api/internal/logic/auth/getfaceverifyresultlogic.go
@@ -0,0 +1,122 @@
+package auth
+
+import (
+	"context"
+	"fmt"
+	"qnc-server/common/xerr"
+
+	"github.com/bytedance/sonic"
+	"github.com/pkg/errors"
+
+	"qnc-server/app/user/cmd/api/internal/svc"
+	"qnc-server/app/user/cmd/api/internal/types"
+	"qnc-server/app/user/model"
+
+	"github.com/zeromicro/go-zero/core/logx"
+	"github.com/zeromicro/go-zero/core/stores/sqlx"
+)
+
+type GetFaceVerifyResultLogic struct {
+	logx.Logger
+	ctx    context.Context
+	svcCtx *svc.ServiceContext
+}
+
+func NewGetFaceVerifyResultLogic(ctx context.Context, svcCtx *svc.ServiceContext) *GetFaceVerifyResultLogic {
+	return &GetFaceVerifyResultLogic{
+		Logger: logx.WithContext(ctx),
+		ctx:    ctx,
+		svcCtx: svcCtx,
+	}
+}
+
+func (l *GetFaceVerifyResultLogic) GetFaceVerifyResult(req *types.GetFaceVerifyResultReq) (resp *types.GetFaceVerifyResultResp, err error) {
+	// 1. 查询认证明细
+	face, err := l.svcCtx.AuthorizationFaceModel.FindOneByCertifyId(l.ctx, req.CertifyId)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询认证明细失败: %v", err)
+	}
+	if face == nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询认证明细为空")
+	}
+
+	// 2. 查询主授权（如后续需要可用）
+	auth, err := l.svcCtx.AuthorizationModel.FindOne(l.ctx, face.AuthorizationId)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询授权主表失败: %v", err)
+	}
+
+	// 3. 判断人脸认证明细和主授权状态，若均已是"success"，则直接返回通过
+	if (face.Status == model.AuthorizationFaceStatusSuccess) && (auth.Status == model.AuthorizationStatusSuccess) {
+		return &types.GetFaceVerifyResultResp{
+			OrderID: auth.OrderId,
+			Passed:  true,
+		}, nil
+	}
+
+	// 4. 调用阿里云接口查询认证结果
+	describeResp, err := l.svcCtx.CloudAuthService.DescribeFaceVerify(req.CertifyId)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "校验人脸识别结果失败: %v", err)
+	}
+
+	// 5. 判断认证状态并更新（使用事务）
+	if describeResp.Passed {
+		// 使用事务更新状态
+		err = l.svcCtx.AuthorizationModel.Trans(l.ctx, func(ctx context.Context, session sqlx.Session) error {
+			order, err := l.svcCtx.OrderModel.FindOne(ctx, auth.OrderId)
+			if err != nil {
+				return errors.Wrapf(err, "查询订单失败")
+			}
+			redisKey := fmt.Sprintf(types.QueryCacheKey, order.UserId, order.OrderNo)
+			cache, cacheErr := l.svcCtx.Redis.GetCtx(ctx, redisKey)
+			if cacheErr != nil {
+				return fmt.Errorf("获取缓存内容失败: %+v", cacheErr)
+			}
+			var data types.QueryCacheLoad
+			err = sonic.Unmarshal([]byte(cache), &data)
+			if err != nil {
+				return fmt.Errorf("解析缓存内容失败: %+v", err)
+			}
+			// 插入新queryModel
+			query := &model.Query{
+				OrderId:     auth.OrderId,
+				UserId:      auth.UserId,
+				ProductId:   order.ProductId,
+				QueryParams: data.Params,
+				QueryState:  "pending",
+			}
+			_, insertQueryErr := l.svcCtx.QueryModel.Insert(ctx, session, query)
+			if insertQueryErr != nil {
+				return errors.Wrapf(insertQueryErr, "保存查询失败")
+			}
+			// 更新主授权状态
+			auth.Status = model.AuthorizationStatusSuccess
+			_, err = l.svcCtx.AuthorizationModel.Update(ctx, session, auth)
+			if err != nil {
+				return errors.Wrapf(err, "更新授权状态失败")
+			}
+			// 更新人脸认证明细状态
+			face.Status = model.AuthorizationFaceStatusSuccess
+			_, err = l.svcCtx.AuthorizationFaceModel.Update(ctx, session, face)
+			if err != nil {
+				return errors.Wrapf(err, "更新人脸认证状态失败")
+			}
+			if asyncErr := l.svcCtx.AsynqService.SendQueryTask(auth.OrderId); asyncErr != nil {
+				logx.Errorf("异步任务调度失败: %v", asyncErr)
+				return asyncErr
+			}
+			return nil
+		})
+		if err != nil {
+			return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "更新认证状态失败: %v", err)
+		}
+	}
+	// 6. 返回resp（resp.Passed := describeResp.Passed）和err（如有）
+	resp = &types.GetFaceVerifyResultResp{
+		OrderID:  auth.OrderId,
+		Passed:   describeResp.Passed,
+		AuthType: auth.AuthType.Int64,
+	}
+	return resp, nil
+}
--- a/app/user/cmd/api/internal/logic/auth/initfaceverifylogic.go
+++ b/app/user/cmd/api/internal/logic/auth/initfaceverifylogic.go
@@ -0,0 +1,134 @@
+package auth
+
+import (
+	"context"
+	"database/sql"
+	"encoding/hex"
+	"math/rand"
+	"strconv"
+	"time"
+
+	"qnc-server/app/user/cmd/api/internal/svc"
+	"qnc-server/app/user/cmd/api/internal/types"
+	"qnc-server/app/user/model"
+	"qnc-server/common/xerr"
+	"qnc-server/pkg/core/aliyun/cloudauth"
+	"qnc-server/pkg/lzkit/crypto"
+
+	"github.com/pkg/errors"
+	"github.com/zeromicro/go-zero/core/logx"
+	"github.com/zeromicro/go-zero/core/stores/sqlx"
+)
+
+type InitFaceVerifyLogic struct {
+	logx.Logger
+	ctx    context.Context
+	svcCtx *svc.ServiceContext
+}
+
+func NewInitFaceVerifyLogic(ctx context.Context, svcCtx *svc.ServiceContext) *InitFaceVerifyLogic {
+	return &InitFaceVerifyLogic{
+		Logger: logx.WithContext(ctx),
+		ctx:    ctx,
+		svcCtx: svcCtx,
+	}
+}
+
+// 生成带前缀的随机OuterOrderNo（阿里云人脸验证单号）
+func genOuterOrderNo() string {
+	prefix := "FACE_"
+	timestamp := time.Now().UnixNano()
+	randNum := rand.Intn(1000000)
+	return prefix + strconv.FormatInt(timestamp, 10) + strconv.Itoa(randNum)
+}
+
+func (l *InitFaceVerifyLogic) InitFaceVerify(req *types.InitFaceVerifyReq) (resp *types.InitFaceVerifyResp, err error) {
+	order, err := l.svcCtx.OrderModel.FindOneByOrderNo(l.ctx, req.OrderNo)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询订单失败: %v", err)
+	}
+
+	if order.Status != "paid" {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "订单未支付")
+	}
+
+	authorization, err := l.svcCtx.AuthorizationModel.FindOneByOrderId(l.ctx, order.Id)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询授权信息失败: %v", err)
+	}
+
+	if authorization.Status != "pending" {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "授权信息状态不正确")
+	}
+	key, decodeErr := hex.DecodeString(l.svcCtx.Config.Encrypt.SecretKey)
+	if decodeErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询授权信息失败: %v", decodeErr)
+	}
+	if authorization.GrantType == "face" {
+		authorizationFaceBuilder := l.svcCtx.AuthorizationFaceModel.SelectBuilder().
+			Where("authorization_id = ? AND status = ? AND certify_id != '' AND certify_url != ''",
+				authorization.Id, model.AuthorizationStatusPending).
+			OrderBy("create_time DESC").
+			Limit(1)
+		existingFaces, err := l.svcCtx.AuthorizationFaceModel.FindAll(l.ctx, authorizationFaceBuilder, "")
+		if err != nil {
+			return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询人脸认证记录失败: %v", err)
+		}
+		if len(existingFaces) > 0 {
+			// 如果存在记录，直接返回最新的认证信息
+			return &types.InitFaceVerifyResp{
+				CertifyId:  existingFaces[0].CertifyId,
+				CertifyUrl: existingFaces[0].CertifyUrl,
+			}, nil
+		}
+
+	}
+	outerOrderNo := genOuterOrderNo()
+	name, err := crypto.AesDecrypt(authorization.TargetName, key)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "解密姓名失败: %v", err)
+	}
+	idCard, err := crypto.AesDecrypt(authorization.TargetIdcard, key)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "解密身份证号失败: %v", err)
+	}
+	initFaceVerifyResp, err := l.svcCtx.CloudAuthService.InitFaceVerify(cloudauth.InitFaceVerifyParam{
+		OuterOrderNo: outerOrderNo,
+		CertName:     string(name),
+		CertNo:       string(idCard),
+		MetaInfo:     req.MetaInfo,
+	})
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "初始化人脸认证失败: %v", err)
+	}
+	err = l.svcCtx.AuthorizationModel.Trans(l.ctx, func(ctx context.Context, session sqlx.Session) error {
+		authorization.AuthType = sql.NullInt64{
+			Int64: req.AuthType,
+			Valid: true,
+		}
+		_, err = l.svcCtx.AuthorizationModel.Update(l.ctx, session, authorization)
+		if err != nil {
+			return err
+		}
+		authorizationFace := &model.AuthorizationFace{
+			AuthorizationId:    authorization.Id,
+			CertifyId:          initFaceVerifyResp.CertifyId,
+			CertifyUrl:         initFaceVerifyResp.CertifyUrl,
+			Status:             model.AuthorizationStatusPending,
+			CertifyUrlExpireAt: time.Now().Add(time.Minute * 30),
+			OuterOrderNo:       outerOrderNo,
+		}
+		_, err = l.svcCtx.AuthorizationFaceModel.Insert(l.ctx, session, authorizationFace)
+		if err != nil {
+			return err
+		}
+		return nil
+	})
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "更新授权信息失败: %v", err)
+	}
+	return &types.InitFaceVerifyResp{
+		CertifyId:  initFaceVerifyResp.CertifyId,
+		CertifyUrl: initFaceVerifyResp.CertifyUrl,
+	}, nil
+}
--- a/app/user/cmd/api/internal/logic/auth/rejectauthorizationlogic.go
+++ b/app/user/cmd/api/internal/logic/auth/rejectauthorizationlogic.go
@@ -0,0 +1,30 @@
+package auth
+
+import (
+	"context"
+
+	"qnc-server/app/user/cmd/api/internal/svc"
+	"qnc-server/app/user/cmd/api/internal/types"
+
+	"github.com/zeromicro/go-zero/core/logx"
+)
+
+type RejectAuthorizationLogic struct {
+	logx.Logger
+	ctx    context.Context
+	svcCtx *svc.ServiceContext
+}
+
+func NewRejectAuthorizationLogic(ctx context.Context, svcCtx *svc.ServiceContext) *RejectAuthorizationLogic {
+	return &RejectAuthorizationLogic{
+		Logger: logx.WithContext(ctx),
+		ctx:    ctx,
+		svcCtx: svcCtx,
+	}
+}
+
+func (l *RejectAuthorizationLogic) RejectAuthorization(req *types.RejectAuthorizationReq) (resp *types.RejectAuthorizationResp, err error) {
+	// todo: add your logic here and delete this line
+
+	return
+}
--- a/app/user/cmd/api/internal/logic/pay/alipaycallbacklogic.go
+++ b/app/user/cmd/api/internal/logic/pay/alipaycallbacklogic.go
@@ -2,8 +2,11 @@ package pay

 import (
 	"context"
+	"encoding/hex"
+	"encoding/json"
 	"fmt"
 	"net/http"
+	"qnc-server/pkg/lzkit/crypto"
 	"qnc-server/pkg/lzkit/lzUtils"
 	"strings"
 	"time"
@@ -11,6 +14,7 @@ import (
 	"github.com/smartwalle/alipay/v3"

 	"qnc-server/app/user/cmd/api/internal/svc"
+	"qnc-server/app/user/cmd/api/internal/types"
 	"qnc-server/app/user/model"

 	"github.com/zeromicro/go-zero/core/logx"
@@ -95,9 +99,48 @@ func (l *AlipayCallbackLogic) handleQueryOrderPayment(w http.ResponseWriter, not
 	}

 	if order.Status == "paid" {
-		if asyncErr := l.svcCtx.AsynqService.SendQueryTask(order.Id); asyncErr != nil {
-			logx.Errorf("异步任务调度失败: %v", asyncErr)
-			return asyncErr
+		redisKey := fmt.Sprintf(types.QueryCacheKey, order.UserId, order.OrderNo)
+		cache, cacheErr := l.svcCtx.Redis.Get(redisKey)
+		if cacheErr != nil {
+			return fmt.Errorf("获取缓存内容失败: %+v", cacheErr)
+		}
+		var data types.QueryCacheLoad
+		err = json.Unmarshal([]byte(cache), &data)
+		if err != nil {
+			return fmt.Errorf("解析缓存内容失败: %+v", err)
+		}
+		secretKey := l.svcCtx.Config.Encrypt.SecretKey
+		key, decodeErr := hex.DecodeString(secretKey)
+		if decodeErr != nil {
+			return fmt.Errorf("获取AES密钥失败: %+v", decodeErr)
+		}
+		decryptData, aesdecryptErr := crypto.AesDecrypt(data.Params, key)
+		if aesdecryptErr != nil {
+			return fmt.Errorf("解密参数失败: %+v", aesdecryptErr)
+		}
+		var paramsMap map[string]string
+		if err := json.Unmarshal([]byte(decryptData), &paramsMap); err != nil {
+			return fmt.Errorf("解析参数失败: %+v", err)
+		}
+		encryptName, err := crypto.AesEncrypt([]byte(paramsMap["name"]), key)
+		if err != nil {
+			return fmt.Errorf("生成订单, 加密姓名失败: %+v", err)
+		}
+		encryptIdcard, err := crypto.AesEncrypt([]byte(paramsMap["id_card"]), key)
+		if err != nil {
+			return fmt.Errorf("生成订单, 加密身份证号失败: %+v", err)
+		}
+		_, err = l.svcCtx.AuthorizationModel.Insert(l.ctx, nil, &model.Authorization{
+			OrderId:      order.Id,
+			UserId:       order.UserId,
+			TargetName:   encryptName,
+			TargetIdcard: encryptIdcard,
+			GrantType:    model.GrantTypeFace,
+			Status:       model.AuthorizationStatusPending,
+		})
+		if err != nil {
+			logx.Errorf("支付宝支付回调，插入授权信息失败: %+v", err)
+			return fmt.Errorf("插入授权信息失败: %+v", err)
 		}
 	}

@@ -183,6 +226,7 @@ func (l *AlipayCallbackLogic) handleAgentVipOrderPayment(w http.ResponseWriter,
 	return nil
 }

+// 退款
 func (l *AlipayCallbackLogic) handleRefund(order *model.AgentMembershipRechargeOrder) error {
 	ctx := context.Background()
 	// 退款
--- a/app/user/cmd/api/internal/logic/pay/paymentlogic.go
+++ b/app/user/cmd/api/internal/logic/pay/paymentlogic.go
@@ -5,6 +5,7 @@ import (
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
+	"os"
 	"qnc-server/app/user/cmd/api/internal/svc"
 	"qnc-server/app/user/cmd/api/internal/types"
 	"qnc-server/app/user/model"
@@ -125,6 +126,14 @@ func (l *PaymentLogic) QueryOrderPayment(req *types.PaymentReq, session sqlx.Ses
 		amount = 0.01
 	}
 	var orderID int64
+	Status := "pending"
+	env := os.Getenv("ENV")
+	if env == "" {
+		env = "production"
+	}
+	if env == "development" {
+		Status = "paid"
+	}
 	order := model.Order{
 		OrderNo:         outTradeNo,
 		UserId:          userID,
@@ -132,7 +141,7 @@ func (l *PaymentLogic) QueryOrderPayment(req *types.PaymentReq, session sqlx.Ses
 		PaymentPlatform: req.PayMethod,
 		PaymentScene:    "app",
 		Amount:          amount,
-		Status:          "pending",
+		Status:          Status,
 	}
 	orderInsertResult, insertOrderErr := l.svcCtx.OrderModel.Insert(l.ctx, session, &order)
 	if insertOrderErr != nil {
@@ -157,6 +166,53 @@ func (l *PaymentLogic) QueryOrderPayment(req *types.PaymentReq, session sqlx.Ses
 			return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "生成订单, 保存代理订单失败: %+v", agentOrderInsert)
 		}
 	}
+
+	if env == "development" {
+		redisKey := fmt.Sprintf(types.QueryCacheKey, order.UserId, order.OrderNo)
+		cache, cacheErr := l.svcCtx.Redis.Get(redisKey)
+		if cacheErr != nil {
+			return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "生成订单, 获取缓存内容失败: %+v", cacheErr)
+		}
+		var data types.QueryCacheLoad
+		err = json.Unmarshal([]byte(cache), &data)
+		if err != nil {
+			return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "生成订单, 解析缓存内容失败: %+v", err)
+		}
+		secretKey := l.svcCtx.Config.Encrypt.SecretKey
+		key, decodeErr := hex.DecodeString(secretKey)
+		if decodeErr != nil {
+			return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "生成订单, 获取AES密钥失败: %+v", decodeErr)
+		}
+		decryptData, aesdecryptErr := crypto.AesDecrypt(data.Params, key)
+		if aesdecryptErr != nil {
+			return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "生成订单, 解密参数失败: %+v", aesdecryptErr)
+		}
+		var paramsMap map[string]string
+		if err := json.Unmarshal([]byte(decryptData), &paramsMap); err != nil {
+			return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "生成订单, 解析参数失败: %+v", err)
+		}
+
+		encryptName, err := crypto.AesEncrypt([]byte(paramsMap["name"]), key)
+		if err != nil {
+			return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "生成订单, 加密姓名失败: %+v", err)
+		}
+		encryptIdcard, err := crypto.AesEncrypt([]byte(paramsMap["id_card"]), key)
+		if err != nil {
+			return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "生成订单, 加密身份证号失败: %+v", err)
+		}
+		_, err = l.svcCtx.AuthorizationModel.Insert(l.ctx, nil, &model.Authorization{
+			OrderId:      orderID,
+			UserId:       order.UserId,
+			TargetName:   encryptName,
+			TargetIdcard: encryptIdcard,
+			GrantType:    model.GrantTypeFace,
+			Status:       model.AuthorizationStatusPending,
+		})
+		if err != nil {
+			logx.Errorf("支付宝支付回调，插入授权信息失败: %+v", err)
+			return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "生成订单, 插入授权信息失败: %+v", err)
+		}
+	}
 	return &PaymentTypeResp{amount: amount, outTradeNo: outTradeNo, description: product.ProductName}, nil
 }
 func (l *PaymentLogic) AgentVipOrderPayment(req *types.PaymentReq, session sqlx.Session) (resp *PaymentTypeResp, err error) {
--- a/app/user/cmd/api/internal/logic/pay/querypaymentchecklogic.go
+++ b/app/user/cmd/api/internal/logic/pay/querypaymentchecklogic.go
@@ -0,0 +1,100 @@
+package pay
+
+import (
+	"context"
+	"encoding/hex"
+	"strings"
+
+	"qnc-server/app/user/cmd/api/internal/svc"
+	"qnc-server/app/user/cmd/api/internal/types"
+	"qnc-server/common/xerr"
+	"qnc-server/pkg/lzkit/crypto"
+
+	"github.com/pkg/errors"
+	"github.com/zeromicro/go-zero/core/logx"
+)
+
+type QueryPaymentCheckLogic struct {
+	logx.Logger
+	ctx    context.Context
+	svcCtx *svc.ServiceContext
+}
+
+func NewQueryPaymentCheckLogic(ctx context.Context, svcCtx *svc.ServiceContext) *QueryPaymentCheckLogic {
+	return &QueryPaymentCheckLogic{
+		Logger: logx.WithContext(ctx),
+		ctx:    ctx,
+		svcCtx: svcCtx,
+	}
+}
+
+func (l *QueryPaymentCheckLogic) QueryPaymentCheck(req *types.QueryPaymentCheckReq) (resp *types.QueryPaymentCheckResp, err error) {
+	order, err := l.svcCtx.OrderModel.FindOneByOrderNo(l.ctx, req.OrderNo)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询订单失败: %v", err)
+	}
+	product, err := l.svcCtx.ProductModel.FindOne(l.ctx, order.ProductId)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询产品失败: %v", err)
+	}
+	resp = new(types.QueryPaymentCheckResp)
+	resp.OrderStatus = order.Status
+	resp.ProductName = product.ProductName
+
+	if order.Status == "paid" {
+		authorization, err := l.svcCtx.AuthorizationModel.FindOneByOrderId(l.ctx, order.Id)
+		if err != nil {
+			return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询授权信息失败: %v", err)
+		}
+		resp.AuthorizationStatus = authorization.Status
+		key, decodeErr := hex.DecodeString(l.svcCtx.Config.Encrypt.SecretKey)
+		if decodeErr != nil {
+			return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询授权信息失败: %v", decodeErr)
+		}
+		decryptName, err := crypto.AesDecrypt(authorization.TargetName, key)
+		if err != nil {
+			return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询授权信息失败: %v", err)
+		}
+		idCard, err := crypto.AesDecrypt(authorization.TargetIdcard, key)
+		if err != nil {
+			return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询授权信息失败: %v", err)
+		}
+		resp.Name = maskName(string(decryptName))
+		resp.IdCard = maskIDCard(string(idCard))
+	}
+
+	return resp, nil
+}
+
+// 姓名脱敏
+func maskName(name string) string {
+	// 将字符串转换为rune切片以正确处理中文字符
+	runes := []rune(name)
+	length := len(runes)
+
+	if length <= 1 {
+		return name
+	}
+
+	if length == 2 {
+		// 两个字：保留第一个字，第二个字用*替代
+		return string(runes[0]) + "*"
+	}
+
+	// 三个字及以上：保留首尾字，中间用*替代
+	first := string(runes[0])
+	last := string(runes[length-1])
+	mask := strings.Repeat("*", length-2)
+
+	return first + mask + last
+}
+
+// 身份证号脱敏
+func maskIDCard(idCard string) string {
+	length := len(idCard)
+	if length <= 10 {
+		return idCard // 如果长度太短，可能不是身份证，不处理
+	}
+	// 保留前3位和后4位
+	return idCard[:3] + strings.Repeat("*", length-7) + idCard[length-4:]
+}
--- a/app/user/cmd/api/internal/logic/pay/wechatpaycallbacklogic.go
+++ b/app/user/cmd/api/internal/logic/pay/wechatpaycallbacklogic.go
@@ -2,10 +2,14 @@ package pay

 import (
 	"context"
+	"encoding/hex"
+	"encoding/json"
 	"fmt"
 	"net/http"
 	"qnc-server/app/user/cmd/api/internal/service"
+	"qnc-server/app/user/cmd/api/internal/types"
 	"qnc-server/app/user/model"
+	"qnc-server/pkg/lzkit/crypto"
 	"qnc-server/pkg/lzkit/lzUtils"
 	"strings"
 	"time"
@@ -197,15 +201,41 @@ func (l *WechatPayCallbackLogic) handleRefund(order *model.AgentMembershipRechar
 			return refundErr
 		}
 		if refund.IsSuccess() {
-			logx.Errorf("支付宝退款成功, orderID: %d", order.Id)
-			// 更新订单状态为退款
-			order.Status = "refunded"
-			updateOrderErr := l.svcCtx.AgentMembershipRechargeOrderModel.UpdateWithVersion(ctx, nil, order)
-			if updateOrderErr != nil {
-				logx.Errorf("更新订单状态失败，订单ID: %d, 错误: %v", order.Id, updateOrderErr)
-				return fmt.Errorf("更新订单状态失败: %v", updateOrderErr)
+			redisKey := fmt.Sprintf(types.QueryCacheKey, order.UserId, order.OrderNo)
+			cache, cacheErr := l.svcCtx.Redis.Get(redisKey)
+			if cacheErr != nil {
+				return fmt.Errorf("获取缓存内容失败: %+v", cacheErr)
+			}
+			var data types.QueryCacheLoad
+			err := json.Unmarshal([]byte(cache), &data)
+			if err != nil {
+				return fmt.Errorf("解析缓存内容失败: %+v", err)
+			}
+			secretKey := l.svcCtx.Config.Encrypt.SecretKey
+			key, decodeErr := hex.DecodeString(secretKey)
+			if decodeErr != nil {
+				return fmt.Errorf("获取AES密钥失败: %+v", decodeErr)
+			}
+			decryptData, aesdecryptErr := crypto.AesDecrypt(data.Params, key)
+			if aesdecryptErr != nil {
+				return fmt.Errorf("解密参数失败: %+v", aesdecryptErr)
+			}
+			var paramsMap map[string]string
+			if err := json.Unmarshal([]byte(decryptData), &paramsMap); err != nil {
+				return fmt.Errorf("解析参数失败: %+v", err)
+			}
+			_, err = l.svcCtx.AuthorizationModel.Insert(l.ctx, nil, &model.Authorization{
+				OrderId:      order.Id,
+				UserId:       order.UserId,
+				TargetName:   paramsMap["name"],
+				TargetIdcard: paramsMap["id_card"],
+				GrantType:    model.GrantTypeFace,
+				Status:       model.AuthorizationStatusPending,
+			})
+			if err != nil {
+				logx.Errorf("支付宝支付回调，插入授权信息失败: %+v", err)
+				return fmt.Errorf("插入授权信息失败: %+v", err)
 			}
-			return nil
 		} else {
 			logx.Errorf("支付宝退款失败:%v", refundErr)
 			return refundErr
--- a/app/user/cmd/api/internal/logic/query/confirmquerystatelogic.go
+++ b/app/user/cmd/api/internal/logic/query/confirmquerystatelogic.go
@@ -0,0 +1,62 @@
+package query
+
+import (
+	"context"
+	"qnc-server/app/user/cmd/api/internal/svc"
+	"qnc-server/app/user/cmd/api/internal/types"
+	"qnc-server/app/user/model"
+	"qnc-server/common/xerr"
+
+	"github.com/pkg/errors"
+	"github.com/zeromicro/go-zero/core/logx"
+)
+
+type ConfirmQueryStateLogic struct {
+	logx.Logger
+	ctx    context.Context
+	svcCtx *svc.ServiceContext
+}
+
+func NewConfirmQueryStateLogic(ctx context.Context, svcCtx *svc.ServiceContext) *ConfirmQueryStateLogic {
+	return &ConfirmQueryStateLogic{
+		Logger: logx.WithContext(ctx),
+		ctx:    ctx,
+		svcCtx: svcCtx,
+	}
+}
+
+func (l *ConfirmQueryStateLogic) ConfirmQueryState(req *types.ConfirmQueryStateReq) (resp *types.ConfirmQueryStateResp, err error) {
+	// 1. 通过 order_id 查询订单，判断订单是否已支付
+	order, err := l.svcCtx.OrderModel.FindOne(l.ctx, req.OrderID)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询订单失败: %v", err)
+	}
+	if order == nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "订单不存在")
+	}
+	// 若订单未支付，则直接返回 OrderState := "pending", QueryState := ""
+	if order.Status != model.OrderStatusPaid {
+		return &types.ConfirmQueryStateResp{
+			OrderState: order.Status,
+			QueryState: "",
+		}, nil
+	}
+
+	// 2. 订单已支付，查询 query 状态（假设通过 order_id 查询 query 记录，例如使用 QueryModel.FindOneByOrderId）
+	query, err := l.svcCtx.QueryModel.FindOneByOrderId(l.ctx, req.OrderID)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询 query 失败: %v", err)
+	}
+	if query == nil {
+		// 若 query 不存在，则返回 OrderState := "paid", QueryState := ""
+		return &types.ConfirmQueryStateResp{
+			OrderState: order.Status,
+			QueryState: "",
+		}, nil
+	}
+	// 否则，返回 OrderState := "paid", QueryState := query.QueryState
+	return &types.ConfirmQueryStateResp{
+		OrderState: query.QueryState,
+		QueryState: query.QueryState,
+	}, nil
+}
--- a/app/user/cmd/api/internal/logic/query/querylistlogic.go
+++ b/app/user/cmd/api/internal/logic/query/querylistlogic.go
@@ -4,11 +4,11 @@ import (
 	"context"
 	"qnc-server/app/user/cmd/api/internal/svc"
 	"qnc-server/app/user/cmd/api/internal/types"
+	"qnc-server/app/user/model"
 	"qnc-server/common/ctxdata"
 	"qnc-server/common/xerr"

 	"github.com/Masterminds/squirrel"
-	"github.com/jinzhu/copier"
 	"github.com/pkg/errors"
 	"github.com/zeromicro/go-zero/core/logx"
 )
@@ -30,35 +30,66 @@ func NewQueryListLogic(ctx context.Context, svcCtx *svc.ServiceContext) *QueryLi
 func (l *QueryListLogic) QueryList(req *types.QueryListReq) (resp *types.QueryListResp, err error) {
 	userID, getUidErr := ctxdata.GetUidFromCtx(l.ctx)
 	if getUidErr != nil {
-		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "报告列表查询, 获取用户信息失败, %+v", getUidErr)
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "订单列表查询, 获取用户信息失败, %+v", getUidErr)
 	}

-	// 直接构建查询query表的条件
-	build := l.svcCtx.QueryModel.SelectBuilder().Where(squirrel.Eq{
-		"user_id": userID,
+	// 构建查询订单表的条件，排除未支付的订单
+	build := l.svcCtx.OrderModel.SelectBuilder().Where(squirrel.And{
+		squirrel.Eq{
+			"user_id": userID,
+		},
+		squirrel.NotEq{
+			"status": model.OrderStatusPending,
+		},
 	})

-	// 直接从query表分页查询
-	queryList, total, err := l.svcCtx.QueryModel.FindPageListByPageWithTotal(l.ctx, build, req.Page, req.PageSize, "create_time DESC")
+	// 从订单表分页查询
+	orderList, total, err := l.svcCtx.OrderModel.FindPageListByPageWithTotal(l.ctx, build, req.Page, req.PageSize, "create_time DESC")
 	if err != nil {
-		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "报告列表查询, 查找报告列表错误, %+v", err)
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "订单列表查询, 查找订单列表错误, %+v", err)
 	}

 	var list []types.Query
-	if len(queryList) > 0 {
-		for _, queryModel := range queryList {
+	if len(orderList) > 0 {
+		for _, orderModel := range orderList {
 			var query types.Query
-			query.CreateTime = queryModel.CreateTime.Format("2006-01-02 15:04:05")
-			query.UpdateTime = queryModel.UpdateTime.Format("2006-01-02 15:04:05")
-			copyErr := copier.Copy(&query, queryModel)
-			if copyErr != nil {
-				return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "报告列表查询, 报告结构体复制失败, %+v", err)
-			}
-			product, findProductErr := l.svcCtx.ProductModel.FindOne(l.ctx, queryModel.ProductId)
+			query.CreateTime = orderModel.CreateTime.Format("2006-01-02 15:04:05")
+			query.UpdateTime = orderModel.UpdateTime.Format("2006-01-02 15:04:05")
+			// 设置订单ID
+			query.OrderId = orderModel.Id
+			query.UserId = orderModel.UserId
+
+			// 获取商品信息
+			product, findProductErr := l.svcCtx.ProductModel.FindOne(l.ctx, orderModel.ProductId)
 			if findProductErr != nil {
-				return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "报告列表查询, 获取商品信息失败, %+v", err)
+				return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "订单列表查询, 获取商品信息失败, %+v", findProductErr)
 			}
 			query.ProductName = product.ProductName
+
+			// 设置订单支付状态
+			query.IsPaid = orderModel.Status == model.OrderStatusPaid
+
+			// 查询查询状态
+			queryInfo, findQueryErr := l.svcCtx.QueryModel.FindOneByOrderId(l.ctx, orderModel.Id)
+			if findQueryErr == nil {
+				// 查询存在
+				query.Id = queryInfo.Id
+				query.QueryState = queryInfo.QueryState
+				query.IsQueryCompleted = queryInfo.QueryState == model.QueryStateSuccess
+			} else {
+				query.QueryState = "未创建"
+				query.IsQueryCompleted = false
+			}
+
+			// 获取授权状态
+			authInfo, findAuthErr := l.svcCtx.AuthorizationModel.FindOneByOrderId(l.ctx, orderModel.Id)
+			if findAuthErr == nil {
+				// 授权存在
+				query.IsAuthCompleted = authInfo.Status == model.AuthorizationStatusSuccess
+			} else {
+				query.IsAuthCompleted = false
+			}
+
 			list = append(list, query)
 		}
 	}
--- a/app/user/cmd/api/internal/logic/query/queryservicelogic.go
+++ b/app/user/cmd/api/internal/logic/query/queryservicelogic.go
@@ -463,16 +463,16 @@ func (l *QueryServiceLogic) ProcessBackgroundCheckLogic(req *types.QueryServiceR
 	}

 	// 校验验证码
-	//verifyCodeErr := l.VerifyCode(data.Mobile, data.Code)
-	//if verifyCodeErr != nil {
-	//	return nil, verifyCodeErr
-	//}
-	//
-	//// 校验三要素
-	//verifyErr := l.Verify(data.Name, data.IDCard, data.Mobile)
-	//if verifyErr != nil {
-	//	return nil, verifyErr
-	//}
+	verifyCodeErr := l.VerifyCode(data.Mobile, data.Code)
+	if verifyCodeErr != nil {
+		return nil, verifyCodeErr
+	}
+
+	// 校验三要素
+	verifyErr := l.Verify(data.Name, data.IDCard, data.Mobile)
+	if verifyErr != nil {
+		return nil, verifyErr
+	}

 	// 缓存
 	params := map[string]interface{}{