fadd

Co-authored-by: Cursor <cursoragent@cursor.com>

.gitignore

@@ -22,6 +22,9 @@ data/*
 /app/api
 /app/main/api/main
 /app/main/api/_*
+__debug_bin.exe
+**/.../
+*.exe
 
 
 # 文档目录

app/main/api/desc/admin/admin_agent.api

@@ -20,6 +20,10 @@ service main {
 	@handler AdminGetAgentList
 	get /list (AdminGetAgentListReq) returns (AdminGetAgentListResp)
 
+	// 代理团队树（同钻石团队 + 邀请关系）
+	@handler AdminGetAgentTeamTree
+	get /team/tree (AdminGetAgentTeamTreeReq) returns (AdminGetAgentTeamTreeResp)
+
 	// 代理审核
 	@handler AdminAuditAgent
 	post /audit (AdminAuditAgentReq) returns (AdminAuditAgentResp)
@@ -32,6 +36,10 @@ service main {
 	@handler AdminGetAgentOrderList
 	get /order/list (AdminGetAgentOrderListReq) returns (AdminGetAgentOrderListResp)
 
+	// 单笔订单分账视图：同一响应返回佣金 + 返佣（避免前端双请求重复走鉴权）
+	@handler AdminGetAgentOrderSettlement
+	get /order/settlement (AdminGetAgentOrderSettlementReq) returns (AdminGetAgentOrderSettlementResp)
+
 	// 代理佣金分页查询
 	@handler AdminGetAgentCommissionList
 	get /commission/list (AdminGetAgentCommissionListReq) returns (AdminGetAgentCommissionListResp)
@@ -94,9 +102,12 @@ type (
 		Page         int64   `form:"page"` // 页码
 		PageSize     int64   `form:"pageSize"` // 每页数量
 		Mobile       *string `form:"mobile,optional"` // 手机号（可选）
+		AgentCode    *string `form:"agent_code,optional"` // 代理编码（可选）
 		Region       *string `form:"region,optional"` // 区域（可选）
 		Level        *int64  `form:"level,optional"` // 等级（可选）
 		TeamLeaderId *string `form:"team_leader_id,optional"` // 团队首领ID（可选）
+		AgentId      *string `form:"agent_id,optional"` // 代理主键UUID，精确查询；传入时不再按 team_leader 与其它条件组合筛选
+		RealName     *string `form:"real_name,optional"` // 实名姓名（可选，模糊匹配已三要素核验记录）
 	}
 	AgentListItem {
 		Id              string  `json:"id"` // 主键
@@ -105,8 +116,11 @@ type (
 		LevelName       string  `json:"level_name"` // 等级名称
 		Region          string  `json:"region"` // 区域
 		Mobile          string  `json:"mobile"` // 手机号
+		RealName        string  `json:"real_name"` // 姓名（来自实名表）
+		IdCard          string  `json:"id_card"` // 身份证（解密后明文返回）
 		WechatId        string  `json:"wechat_id"` // 微信号
-		TeamLeaderId    string  `json:"team_leader_id"` // 团队首领ID
+		TeamLeaderId     string  `json:"team_leader_id"` // 团队首领ID
+		SubordinateCount int64 `json:"subordinate_count"` // 直属下级代理数（team_leader_id 为本代理 id）
 		AgentCode       int64   `json:"agent_code"`
 		Balance         float64 `json:"balance"` // 钱包余额
 		TotalEarnings   float64 `json:"total_earnings"` // 累计收益
@@ -119,6 +133,21 @@ type (
 		Total int64           `json:"total"` // 总数
 		Items []AgentListItem `json:"items"` // 列表数据
 	}
+	AdminGetAgentTeamTreeReq {
+		AgentId string `form:"agent_id"` // 锚点代理ID（UUID）
+	}
+	AgentTeamTreeNode {
+		Id        string              `json:"id"`
+		AgentCode int64               `json:"agent_code"`
+		Level     int64               `json:"level"`
+		LevelName string              `json:"level_name"`
+		Mobile    string              `json:"mobile"`
+		IsAnchor  bool                `json:"is_anchor"`
+		Children  []AgentTeamTreeNode `json:"children"`
+	}
+	AdminGetAgentTeamTreeResp {
+		Root AgentTeamTreeNode `json:"root"`
+	}
 	// 代理审核
 	AdminAuditAgentReq {
 		AuditId     int64  `json:"audit_id"` // 审核记录ID
@@ -133,12 +162,14 @@ type (
 		Page           int64   `form:"page"` // 页码
 		PageSize       int64   `form:"pageSize"` // 每页数量
 		AgentId        *string `form:"agent_id,optional"` // 代理ID（可选）
+		AgentCode      *string `form:"agent_code,optional"` // 代理编号（可选）
 		ProductId      *string `form:"product_id,optional"` // 产品ID（可选）
 		LinkIdentifier *string `form:"link_identifier,optional"` // 推广码（可选）
 	}
 	AgentLinkListItem {
 		Id              string  `json:"id"` // 主键
 		AgentId         string  `json:"agent_id"` // 代理ID
+		AgentCode       int64   `json:"agent_code"` // 代理编号
 		ProductId       string  `json:"product_id"` // 产品ID
 		ProductName     string  `json:"product_name"` // 产品名称
 		SetPrice        float64 `json:"set_price"` // 设定价格
@@ -155,14 +186,18 @@ type (
 		Page          int64   `form:"page"` // 页码
 		PageSize      int64   `form:"pageSize"` // 每页数量
 		AgentId       *string `form:"agent_id,optional"` // 代理ID（可选）
+		AgentCode     *string `form:"agent_code,optional"` // 代理编号（可选）
 		OrderId       *string `form:"order_id,optional"` // 订单ID（可选）
+		OrderNo       *string `form:"order_no,optional"` // 商户订单号（可选）
 		ProcessStatus *int64  `form:"process_status,optional"` // 处理状态（可选）
 		OrderStatus   *string `form:"order_status,optional"` // 订单状态（可选）：pending-待支付，paid-已支付，refunded-已退款，closed-已关闭，failed-支付失败
 	}
 	AgentOrderListItem {
 		Id              string  `json:"id"` // 主键
 		AgentId         string  `json:"agent_id"` // 代理ID
+		AgentCode       int64   `json:"agent_code"` // 代理编号
 		OrderId         string  `json:"order_id"` // 订单ID
+		OrderNo         string  `json:"order_no"` // 商户订单号
 		ProductId       string  `json:"product_id"` // 产品ID
 		ProductName     string  `json:"product_name"` // 产品名称
 		OrderAmount     float64 `json:"order_amount"` // 订单金额
@@ -178,18 +213,28 @@ type (
 		Total int64                `json:"total"` // 总数
 		Items []AgentOrderListItem `json:"items"` // 列表数据
 	}
+	AdminGetAgentOrderSettlementReq {
+		OrderNo string `form:"order_no"` // 商户订单号
+	}
+	AdminGetAgentOrderSettlementResp {
+		Commissions []AgentCommissionListItem `json:"commissions"` // 本单销售佣金
+		Rebates     []AgentRebateListItem     `json:"rebates"` // 本单返佣
+	}
 	// 代理佣金分页查询
 	AdminGetAgentCommissionListReq {
-		Page     int64   `form:"page"` // 页码
+		Page      int64   `form:"page"` // 页码
-		PageSize int64   `form:"pageSize"` // 每页数量
+		PageSize  int64   `form:"pageSize"` // 每页数量
-		AgentId  *string `form:"agent_id,optional"` // 代理ID（可选）
+		AgentId   *string `form:"agent_id,optional"` // 代理ID（可选）
-		OrderId  *string `form:"order_id,optional"` // 订单ID（可选）
+		AgentCode *string `form:"agent_code,optional"` // 代理编号（可选）
-		Status   *int64  `form:"status,optional"` // 状态（可选）
+		OrderNo   *string `form:"order_no,optional"` // 商户订单号（可选）
+		Status    *int64  `form:"status,optional"` // 状态（可选）
 	}
 	AgentCommissionListItem {
 		Id          string  `json:"id"` // 主键
 		AgentId     string  `json:"agent_id"` // 代理ID
+		AgentCode   int64   `json:"agent_code"` // 代理编号
 		OrderId     string  `json:"order_id"` // 订单ID
+		OrderNo     string  `json:"order_no"` // 商户订单号
 		ProductName string  `json:"product_name"` // 产品名称
 		Amount      float64 `json:"amount"` // 金额
 		Status      int64   `json:"status"` // 状态
@@ -201,18 +246,23 @@ type (
 	}
 	// 代理返佣分页查询
 	AdminGetAgentRebateListReq {
-		Page          int64   `form:"page"` // 页码
+		Page             int64   `form:"page"` // 页码
-		PageSize      int64   `form:"pageSize"` // 每页数量
+		PageSize         int64   `form:"pageSize"` // 每页数量
-		AgentId       *string `form:"agent_id,optional"` // 代理ID（可选）
+		AgentId          *string `form:"agent_id,optional"` // 代理ID（可选）
-		SourceAgentId *string `form:"source_agent_id,optional"` // 来源代理ID（可选）
+		AgentCode        *string `form:"agent_code,optional"` // 代理编号（可选）
-		RebateType    *int64  `form:"rebate_type,optional"` // 返佣类型（可选）
+		SourceAgentCode  *string `form:"source_agent_code,optional"` // 来源代理编号（可选）
-		Status        *int64  `form:"status,optional"` // 状态（可选）：1=已发放，2=已冻结，3=已取消（已退款）
+		OrderNo          *string `form:"order_no,optional"` // 商户订单号（可选）
+		RebateType       *int64  `form:"rebate_type,optional"` // 返佣类型（可选）
+		Status           *int64  `form:"status,optional"` // 状态（可选）：1=已发放，2=已冻结，3=已取消（已退款）
 	}
 	AgentRebateListItem {
-		Id            string  `json:"id"` // 主键
+		Id               string  `json:"id"` // 主键
-		AgentId       string  `json:"agent_id"` // 获得返佣的代理ID
+		AgentId          string  `json:"agent_id"` // 获得返佣的代理ID
-		SourceAgentId string  `json:"source_agent_id"` // 来源代理ID
+		AgentCode        int64   `json:"agent_code"` // 获得返佣代理编号
-		OrderId       string  `json:"order_id"` // 订单ID
+		SourceAgentId    string  `json:"source_agent_id"` // 来源代理ID
+		SourceAgentCode  int64   `json:"source_agent_code"` // 来源代理编号
+		OrderId          string  `json:"order_id"` // 订单ID
+		OrderNo          string  `json:"order_no"` // 商户订单号
 		RebateType    int64   `json:"rebate_type"` // 返佣类型
 		Amount        float64 `json:"amount"` // 金额
 		Status        int64   `json:"status"` // 状态：1=已发放，2=已冻结，3=已取消（已退款）
@@ -227,12 +277,14 @@ type (
 		Page        int64   `form:"page"` // 页码
 		PageSize    int64   `form:"pageSize"` // 每页数量
 		AgentId     *string `form:"agent_id,optional"` // 代理ID（可选）
+		AgentCode   *string `form:"agent_code,optional"` // 代理编号（可选）
 		UpgradeType *int64  `form:"upgrade_type,optional"` // 升级类型（可选）
 		Status      *int64  `form:"status,optional"` // 状态（可选）
 	}
 	AgentUpgradeListItem {
 		Id           string  `json:"id"` // 主键
 		AgentId      string  `json:"agent_id"` // 代理ID
+		AgentCode    int64   `json:"agent_code"` // 代理编号
 		FromLevel    int64   `json:"from_level"` // 原等级
 		ToLevel      int64   `json:"to_level"` // 目标等级
 		UpgradeType  int64   `json:"upgrade_type"` // 升级类型
@@ -247,15 +299,20 @@ type (
 	}
 	// 代理提现分页查询
 	AdminGetAgentWithdrawalListReq {
-		Page       int64   `form:"page"` // 页码
+		Page             int64   `form:"page"` // 页码
-		PageSize   int64   `form:"pageSize"` // 每页数量
+		PageSize         int64   `form:"pageSize"` // 每页数量
-		AgentId    *string `form:"agent_id,optional"` // 代理ID（可选）
+		AgentId          *string `form:"agent_id,optional"` // 代理主键 UUID（弹窗内按代理筛选时传入）
-		Status     *int64  `form:"status,optional"` // 状态（可选）
+		AgentCode        *string `form:"agent_code,optional"` // 代理编号（可选）
-		WithdrawNo *string `form:"withdraw_no,optional"` // 提现单号（可选）
+		WithdrawNo       *string `form:"withdraw_no,optional"` // 提现单号（可选，模糊匹配）
+		Status           string  `form:"status,optional"` // 状态（可选）：1=待审核，2=已通过，3=已拒绝，5=已打款
+		WithdrawalType   string  `form:"withdrawal_type,optional"` // 提现方式（可选）：1=支付宝，2=银行卡
+		PayeeAccount     *string `form:"payee_account,optional"` // 收款账户（可选，模糊）
+		PayeeName        *string `form:"payee_name,optional"` // 收款人（可选，模糊）
 	}
 	AgentWithdrawalListItem {
 		Id              string  `json:"id"` // 主键
 		AgentId         string  `json:"agent_id"` // 代理ID
+		AgentCode       int64   `json:"agent_code"` // 代理编号
 		WithdrawNo      string  `json:"withdraw_no"` // 提现单号
 		Amount          float64 `json:"amount"` // 金额
 		TaxAmount       float64 `json:"tax_amount"` // 税费金额
@@ -292,6 +349,7 @@ type (
 	AgentRealNameListItem {
 		Id         string `json:"id"` // 主键
 		AgentId    string `json:"agent_id"` // 代理ID
+		AgentCode  int64  `json:"agent_code"` // 代理编号
 		Name       string `json:"name"` // 姓名
 		IdCard     string `json:"id_card"` // 身份证号
 		Mobile     string `json:"mobile"` // 手机号
@@ -410,20 +468,21 @@ type (
 	AdminGetInviteCodeListReq {
 		Page        int64   `form:"page"` // 页码
 		PageSize    int64   `form:"pageSize"` // 每页数量
-		Code        *string `form:"code,optional"` // 邀请码（可选）
+		Code        *string `form:"code,optional"` // 邀请码（可选，模糊匹配）
-		AgentId     *string `form:"agent_id,optional"` // 发放代理ID（可选，NULL表示平台发放）
 		TargetLevel *int64  `form:"target_level,optional"` // 目标等级（可选）
-		Status      *int64  `form:"status,optional"` // 状态（可选）
+		Status      string  `form:"status,optional"` // 状态（可选）：0=未使用，1=已使用，2=已失效
 	}
 	InviteCodeListItem {
-		Id          string `json:"id"` // 主键
+		Id             string `json:"id"` // 主键
-		Code        string `json:"code"` // 邀请码
+		Code           string `json:"code"` // 邀请码
-		AgentId     string `json:"agent_id"` // 发放代理ID（0表示平台发放）
+		AgentId        string `json:"agent_id"` // 发放代理ID（0表示平台发放）
-		AgentMobile string `json:"agent_mobile"` // 发放代理手机号
+		AgentCode      int64  `json:"agent_code"` // 发放代理编号（平台为0）
-		TargetLevel int64  `json:"target_level"` // 目标等级
+		AgentMobile    string `json:"agent_mobile"` // 发放代理手机号
-		Status      int64  `json:"status"` // 状态：0=未使用，1=已使用，2=已失效
+		TargetLevel    int64  `json:"target_level"` // 目标等级
-		UsedUserId  string `json:"used_user_id"` // 使用用户ID
+		Status         int64  `json:"status"` // 状态：0=未使用，1=已使用，2=已失效
-		UsedAgentId string `json:"used_agent_id"` // 使用代理ID
+		UsedUserId     string `json:"used_user_id"` // 使用用户ID
+		UsedAgentId    string `json:"used_agent_id"` // 使用代理ID
+		UsedAgentCode  int64  `json:"used_agent_code"` // 使用代理编号
 		UsedTime    string `json:"used_time"` // 使用时间
 		ExpireTime  string `json:"expire_time"` // 过期时间
 		Remark      string `json:"remark"` // 备注

app/main/api/desc/admin/admin_feature.api

@@ -8,8 +8,8 @@ info (
 
 // 功能管理接口
 @server (
-	prefix: /api/v1/admin/feature
+	prefix:     /api/v1/admin/feature
-	group:  admin_feature
+	group:      admin_feature
 	middleware: AdminAuthInterceptor
 )
 service main {
@@ -45,27 +45,31 @@ service main {
 type (
 	// 创建功能请求
 	AdminCreateFeatureReq {
-		ApiId string `json:"api_id"` // API标识
+		ApiId          string   `json:"api_id"` // API标识
-		Name  string `json:"name"` // 描述
+		Name           string   `json:"name"` // 描述
+		WhitelistPrice *float64 `json:"whitelist_price,optional"` // 白名单屏蔽价格（单位：元）
+		CostPrice      *float64 `json:"cost_price,optional"` // 天远API调用成本价（单位：元）
 	}
 	// 创建功能响应
-    AdminCreateFeatureResp {
+	AdminCreateFeatureResp {
-        Id string `json:"id"` // 功能ID
+		Id string `json:"id"` // 功能ID
-    }
+	}
 	// 更新功能请求
-    AdminUpdateFeatureReq {
+	AdminUpdateFeatureReq {
-        Id    string  `path:"id"` // 功能ID
+		Id             string   `path:"id"` // 功能ID
-        ApiId *string `json:"api_id,optional"` // API标识
+		ApiId          *string  `json:"api_id,optional"` // API标识
-        Name  *string `json:"name,optional"` // 描述
+		Name           *string  `json:"name,optional"` // 描述
-    }
+		WhitelistPrice *float64 `json:"whitelist_price,optional"` // 白名单屏蔽价格（单位：元）
+		CostPrice      *float64 `json:"cost_price,optional"` // 天远API调用成本价（单位：元）
+	}
 	// 更新功能响应
 	AdminUpdateFeatureResp {
 		Success bool `json:"success"` // 是否成功
 	}
 	// 删除功能请求
-    AdminDeleteFeatureReq {
+	AdminDeleteFeatureReq {
-        Id string `path:"id"` // 功能ID
+		Id string `path:"id"` // 功能ID
-    }
+	}
 	// 删除功能响应
 	AdminDeleteFeatureResp {
 		Success bool `json:"success"` // 是否成功
@@ -78,12 +82,14 @@ type (
 		Name     *string `form:"name,optional"` // 描述
 	}
 	// 功能列表项
-    FeatureListItem {
+	FeatureListItem {
-        Id         string `json:"id"` // 功能ID
+		Id             string  `json:"id"` // 功能ID
-        ApiId      string `json:"api_id"` // API标识
+		ApiId          string  `json:"api_id"` // API标识
-		Name       string `json:"name"` // 描述
+		Name           string  `json:"name"` // 描述
-		CreateTime string `json:"create_time"` // 创建时间
+		WhitelistPrice float64 `json:"whitelist_price"` // 白名单屏蔽价格（单位：元）
-		UpdateTime string `json:"update_time"` // 更新时间
+		CostPrice      float64 `json:"cost_price"` // 天远API调用成本价（单位：元）
+		CreateTime     string  `json:"create_time"` // 创建时间
+		UpdateTime     string  `json:"update_time"` // 更新时间
 	}
 	// 获取功能列表响应
 	AdminGetFeatureListResp {
@@ -91,38 +97,40 @@ type (
 		Items []FeatureListItem `json:"items"` // 列表数据
 	}
 	// 获取功能详情请求
-    AdminGetFeatureDetailReq {
+	AdminGetFeatureDetailReq {
-        Id string `path:"id"` // 功能ID
+		Id string `path:"id"` // 功能ID
-    }
+	}
 	// 获取功能详情响应
-    AdminGetFeatureDetailResp {
+	AdminGetFeatureDetailResp {
-        Id         string `json:"id"` // 功能ID
+		Id             string  `json:"id"` // 功能ID
-        ApiId      string `json:"api_id"` // API标识
+		ApiId          string  `json:"api_id"` // API标识
-		Name       string `json:"name"` // 描述
+		Name           string  `json:"name"` // 描述
-		CreateTime string `json:"create_time"` // 创建时间
+		WhitelistPrice float64 `json:"whitelist_price"` // 白名单屏蔽价格（单位：元）
-		UpdateTime string `json:"update_time"` // 更新时间
+		CostPrice      float64 `json:"cost_price"` // 天远API调用成本价（单位：元）
+		CreateTime     string  `json:"create_time"` // 创建时间
+		UpdateTime     string  `json:"update_time"` // 更新时间
 	}
 	// 配置功能示例数据请求
-    AdminConfigFeatureExampleReq {
+	AdminConfigFeatureExampleReq {
-        FeatureId string `json:"feature_id"` // 功能ID
+		FeatureId string `json:"feature_id"` // 功能ID
-        Data      string `json:"data"` // 示例数据JSON
+		Data      string `json:"data"` // 示例数据JSON
-    }
+	}
 	// 配置功能示例数据响应
 	AdminConfigFeatureExampleResp {
 		Success bool `json:"success"` // 是否成功
 	}
 	// 查看功能示例数据请求
-    AdminGetFeatureExampleReq {
+	AdminGetFeatureExampleReq {
-        FeatureId string `path:"feature_id"` // 功能ID
+		FeatureId string `path:"feature_id"` // 功能ID
-    }
+	}
 	// 查看功能示例数据响应
-    AdminGetFeatureExampleResp {
+	AdminGetFeatureExampleResp {
-        Id         string `json:"id"` // 示例数据ID
+		Id         string `json:"id"` // 示例数据ID
-        FeatureId  string `json:"feature_id"` // 功能ID
+		FeatureId  string `json:"feature_id"` // 功能ID
-        ApiId      string `json:"api_id"` // API标识
+		ApiId      string `json:"api_id"` // API标识
-        Data       string `json:"data"` // 示例数据JSON
+		Data       string `json:"data"` // 示例数据JSON
-        CreateTime string `json:"create_time"` // 创建时间
+		CreateTime string `json:"create_time"` // 创建时间
-        UpdateTime string `json:"update_time"` // 更新时间
+		UpdateTime string `json:"update_time"` // 更新时间
-    }
+	}
 )
 

app/main/api/desc/admin/admin_product.api

@@ -49,7 +49,6 @@ type (
 		ProductEn   string  `json:"product_en"`     // 英文名
 		Description string  `json:"description"`    // 描述
 		Notes       string  `json:"notes,optional"` // 备注
-		CostPrice   float64 `json:"cost_price"`     // 成本
 		SellPrice   float64 `json:"sell_price"`     // 售价
 	}
 
@@ -65,7 +64,6 @@ type (
 		ProductEn   *string  `json:"product_en,optional"`   // 英文名
 		Description *string  `json:"description,optional"`  // 描述
 		Notes       *string  `json:"notes,optional"`        // 备注
-		CostPrice   *float64 `json:"cost_price,optional"`   // 成本
 		SellPrice   *float64 `json:"sell_price,optional"`   // 售价
 	}
 
@@ -99,7 +97,7 @@ type (
 		ProductEn   string  `json:"product_en"`   // 英文名
 		Description string  `json:"description"`  // 描述
 		Notes       string  `json:"notes"`        // 备注
-		CostPrice   float64 `json:"cost_price"`   // 成本
+		CostPrice   float64 `json:"cost_price"`   // 成本（由关联模块成本汇总，只读）
 		SellPrice   float64 `json:"sell_price"`   // 售价
 		CreateTime  string  `json:"create_time"`  // 创建时间
 		UpdateTime  string  `json:"update_time"`  // 更新时间
@@ -123,7 +121,7 @@ type (
 		ProductEn   string  `json:"product_en"`   // 英文名
 		Description string  `json:"description"`  // 描述
 		Notes       string  `json:"notes"`        // 备注
-		CostPrice   float64 `json:"cost_price"`   // 成本
+		CostPrice   float64 `json:"cost_price"`   // 成本（由关联模块成本汇总，只读）
 		SellPrice   float64 `json:"sell_price"`   // 售价
 		CreateTime  string  `json:"create_time"`  // 创建时间
 		UpdateTime  string  `json:"update_time"`  // 更新时间
@@ -141,6 +139,7 @@ type (
         FeatureId   string `json:"feature_id"`   // 功能ID
         ApiId       string `json:"api_id"`       // API标识
         Name        string `json:"name"`         // 功能描述
+		CostPrice   float64 `json:"cost_price"`   // 模块成本价（元，来自 feature）
         Sort        int64  `json:"sort"`         // 排序
         Enable      int64  `json:"enable"`       // 是否启用
         IsImportant int64  `json:"is_important"` // 是否重要

app/main/api/desc/admin/admin_query.api

@@ -16,6 +16,10 @@ service main {
 	@handler AdminGetQueryDetailByOrderId
 	get /detail/:order_id (AdminGetQueryDetailByOrderIdReq) returns (AdminGetQueryDetailByOrderIdResp)
 
+	@doc "生成报告分享链接（供后台预览 H5）"
+	@handler AdminGenerateQueryShareLink
+	post /generate_share_link (AdminGenerateQueryShareLinkReq) returns (QueryGenerateShareLinkResp)
+
 	@doc "获取清理日志列表"
 	@handler AdminGetQueryCleanupLogList
 	get /cleanup/logs (AdminGetQueryCleanupLogListReq) returns (AdminGetQueryCleanupLogListResp)
@@ -37,6 +41,10 @@ service main {
      OrderId string `path:"order_id"`
 }
 
+ type AdminGenerateQueryShareLinkReq {
+     OrderId string `json:"order_id"`
+}
+
  type AdminGetQueryDetailByOrderIdResp {
      Id          string                 `json:"id"`           // 主键ID
      OrderId     string                 `json:"order_id"`     // 订单ID

app/main/api/desc/admin/dashboard.api

@@ -0,0 +1,93 @@
+syntax = "v1"
+
+info (
+	title:   "后台统计面板服务"
+	desc:    "后台统计面板相关接口"
+	author:  "team"
+	version: "v1"
+)
+
+// ============================================
+// 统计面板接口
+// ============================================
+@server (
+	prefix:     /api/v1/admin/dashboard
+	group:      admin_dashboard
+	middleware: AdminAuthInterceptor
+)
+service main {
+	// 获取统计面板数据
+	@handler AdminGetDashboardStatistics
+	get /statistics returns (AdminGetDashboardStatisticsResp)
+}
+
+type (
+	// 统计面板响应
+	AdminGetDashboardStatisticsResp {
+		// 订单统计
+		OrderStats AdminOrderStatistics `json:"order_stats"`
+		// 营收统计
+		RevenueStats AdminRevenueStatistics `json:"revenue_stats"`
+		// 代理统计
+		AgentStats AdminAgentStatistics `json:"agent_stats"`
+		// 利润统计
+		ProfitStats AdminProfitStatistics `json:"profit_stats"`
+		// 订单趋势（最近7天）
+		OrderTrend []AdminTrendData `json:"order_trend"`
+		// 营收趋势（最近7天）
+		RevenueTrend []AdminTrendData `json:"revenue_trend"`
+	}
+	// 订单统计
+	AdminOrderStatistics {
+		TodayCount     int64   `json:"today_count"` // 今日订单数
+		MonthCount     int64   `json:"month_count"` // 当月订单数
+		TotalCount     int64   `json:"total_count"` // 总订单数
+		YesterdayCount int64   `json:"yesterday_count"` // 昨日订单数
+		ChangeRate     float64 `json:"change_rate"` // 变化率（百分比）
+	}
+	// 营收统计
+	AdminRevenueStatistics {
+		TodayAmount     float64 `json:"today_amount"` // 今日营收
+		MonthAmount     float64 `json:"month_amount"` // 当月营收
+		TotalAmount     float64 `json:"total_amount"` // 总营收
+		YesterdayAmount float64 `json:"yesterday_amount"` // 昨日营收
+		ChangeRate      float64 `json:"change_rate"` // 变化率（百分比）
+	}
+	// 代理统计
+	AdminAgentStatistics {
+		TotalCount int64 `json:"total_count"` // 代理总数
+		TodayNew   int64 `json:"today_new"` // 今日新增
+		MonthNew   int64 `json:"month_new"` // 当月新增
+	}
+	// 利润统计
+	AdminProfitStatistics {
+		TodayProfit     float64 `json:"today_profit"` // 今日利润
+		MonthProfit     float64 `json:"month_profit"` // 当月利润
+		TotalProfit     float64 `json:"total_profit"` // 总利润
+		TodayProfitRate float64 `json:"today_profit_rate"` // 今日利润率
+		MonthProfitRate float64 `json:"month_profit_rate"` // 当月利润率
+		TotalProfitRate float64 `json:"total_profit_rate"` // 总利润率
+		// 今日明细
+		TodayDetail AdminProfitDetail `json:"today_detail"`
+		// 当月明细
+		MonthDetail AdminProfitDetail `json:"month_detail"`
+		// 总计明细
+		TotalDetail AdminProfitDetail `json:"total_detail"`
+	}
+	// 利润明细
+	AdminProfitDetail {
+		Revenue    float64 `json:"revenue"` // 营收
+		Commission float64 `json:"commission"` // 佣金
+		Rebate     float64 `json:"rebate"` // 返利
+		CompanyTax float64 `json:"company_tax"` // 税务成本
+		ApiCost    float64 `json:"api_cost"` // API调用成本
+		TaxIncome  float64 `json:"tax_income"` // 提现收税
+		Profit     float64 `json:"profit"` // 利润
+		ProfitRate float64 `json:"profit_rate"` // 利润率
+	}
+	// 趋势数据
+	AdminTrendData {
+		Date  string  `json:"date"` // 日期（格式：MM-DD）
+		Value float64 `json:"value"` // 数值
+	}
+)

app/main/api/desc/admin/order.api

@@ -39,6 +39,10 @@ service main {
 	@doc "重新执行代理处理"
 	@handler AdminRetryAgentProcess
 	post /retry-agent-process/:id (AdminRetryAgentProcessReq) returns (AdminRetryAgentProcessResp)
+
+	@doc "xpay补发货（查微信单并到账）"
+	@handler AdminXpayDeliver
+	post /xpay-deliver/:id (AdminXpayDeliverReq) returns (AdminXpayDeliverResp)
 }
 
 type (
@@ -53,6 +57,8 @@ type (
 		PaymentScene    string  `form:"payment_scene,optional"` // 支付平台
 		Amount          float64 `form:"amount,optional"` // 金额
 		Status          string  `form:"status,optional"` // 支付状态：pending-待支付，paid-已支付，refunded-已退款，closed-已关闭，failed-支付失败
+		IsAgentOrder    *bool   `form:"is_agent_order,optional"` // 是否代理订单
+		AgentCode       string  `form:"agent_code,optional"` // 代理编号
 		CreateTimeStart string  `form:"create_time_start,optional"` // 创建时间开始
 		CreateTimeEnd   string  `form:"create_time_end,optional"` // 创建时间结束
 		PayTimeStart    string  `form:"pay_time_start,optional"` // 支付时间开始
@@ -79,7 +85,9 @@ type (
 		CreateTime         string  `json:"create_time"` // 创建时间
 		PayTime            string  `json:"pay_time"` // 支付时间
 		RefundTime         string  `json:"refund_time"` // 退款时间
+		UpdateTime         string  `json:"update_time"` // 更新时间
 		IsAgentOrder       bool    `json:"is_agent_order"` // 是否是代理订单
+		AgentCode          string  `json:"agent_code"` // 代理编号
 		AgentProcessStatus string  `json:"agent_process_status"` // 代理事务处理状态：not_agent-非代理订单，success-处理成功，failed-处理失败，pending-待处理
 	}
 	// 详情请求
@@ -165,4 +173,15 @@ type (
 		Message     string `json:"message"` // 执行结果消息
 		ProcessedAt string `json:"processed_at"` // 处理时间
 	}
+	// xpay 补发货
+	AdminXpayDeliverReq {
+		Id string `path:"id"` // 订单ID
+	}
+	AdminXpayDeliverResp {
+		Credited     bool     `json:"credited"`
+		Notified     bool     `json:"notified"`
+		WechatDetail string   `json:"wechat_detail"`
+		Errors       []string `json:"errors"`
+		Message      string   `json:"message"`
+	}
 )

app/main/api/desc/admin/platform_user.api

@@ -39,6 +39,7 @@ type (
 	AdminGetPlatformUserListReq {
 		Page            int64  `form:"page,default=1"` // 页码
 		PageSize        int64  `form:"pageSize,default=20"` // 每页数量
+		UserId          string `form:"user_id,optional"` // 平台用户主键 ID，精确筛选
 		Mobile          string `form:"mobile,optional"` // 手机号
 		Nickname        string `form:"nickname,optional"` // 昵称
 		Inside          int64  `form:"inside,optional"` // 是否内部用户 1-是 0-否

app/main/api/desc/front/agent.api

@@ -123,6 +123,14 @@ type (
 	GetInviteLinkResp {
 		InviteLink string `json:"invite_link"` // 邀请链接
 	}
+	// 生成邀请海报请求
+	GenerateInvitePosterReq {
+		InviteLink string `form:"invite_link"` // 邀请链接（用于生成二维码）
+	}
+	// 生成邀请海报响应
+	GenerateInvitePosterResp {
+		PosterUrl string `json:"poster_url"` // 海报图片URL（base64编码的data URL）
+	}
 	// 获取代理等级特权信息
 	GetLevelPrivilegeResp {
 		Levels                 []LevelPrivilegeItem `json:"levels"`
@@ -250,6 +258,10 @@ service main {
 	@handler GetInviteLink
 	get /invite_link (GetInviteLinkReq) returns (GetInviteLinkResp)
 
+	// 生成邀请海报（带二维码的图片）
+	@handler GenerateInvitePoster
+	get /invite/poster (GenerateInvitePosterReq) returns (GenerateInvitePosterResp)
+
 	// 获取代理等级特权信息
 	@handler GetLevelPrivilege
 	get /level/privilege returns (GetLevelPrivilegeResp)
@@ -300,9 +312,9 @@ type (
 	}
 	// 生成推广链接
 	AgentGeneratingLinkReq {
-		ProductId  string  `json:"product_id"` // 产品ID
+		ProductId  string `json:"product_id"`           // 产品ID
-		SetPrice   float64 `json:"set_price"` // 设定价格
+		SetPrice   string `json:"set_price"`            // 设定价格
-		TargetPath string  `json:"target_path,optional"` // 目标地址（可选，默认为推广报告页面）
+		TargetPath string `json:"target_path,optional"` // 目标地址（可选，默认为推广报告页面）
 	}
 	AgentGeneratingLinkResp {
 		LinkIdentifier string `json:"link_identifier"` // 推广链接标识
@@ -639,7 +651,7 @@ type (
 		ProductName string                 `json:"product_name"` // 产品名称
 		CreateTime  string                 `json:"create_time"` // 创建时间
 		QueryState  string                 `json:"query_state"` // 查询状态
-		Params      map[string]interface{} `json:"params"` // 查询参数（已脱敏）
+		Params      map[string]interface{} `json:"params,optional"` // 查询参数（已脱敏）
 		Price       float64                `json:"price"` // 查询价格
 	}
 	// ============================================
@@ -685,35 +697,29 @@ type (
 		StatusText   string  `json:"status_text"` // 状态文本
 		CreateTime   string  `json:"create_time"` // 创建时间
 	}
-	// 检查模块白名单状态请求
 	CheckFeatureWhitelistStatusReq {
 		IdCard       string `form:"id_card"` // 身份证号
 		FeatureApiId string `form:"feature_api_id"` // Feature的API标识
-		QueryId      string `form:"query_id,optional"` // 查询记录ID（可选，用于检查报告数据是否已删除）
+		QueryId      string `form:"query_id,optional"` // 查询记录ID（可选）
 	}
-	// 检查模块白名单状态响应
 	CheckFeatureWhitelistStatusResp {
 		IsWhitelisted  bool    `json:"is_whitelisted"` // 是否在白名单中
-		WhitelistPrice float64 `json:"whitelist_price"` // 屏蔽价格（单位：元），如果为0表示不支持下架
+		WhitelistPrice float64 `json:"whitelist_price"` // 屏蔽价格（单位：元），0表示不支持下架
 		FeatureId      string  `json:"feature_id"` // Feature的UUID
-		DataDeleted    bool    `json:"data_deleted"` // 报告数据是否已删除（仅当提供了query_id时有效）
+		DataDeleted    bool    `json:"data_deleted"` // 报告数据是否已删除
 	}
-	// 下架单个模块请求
 	OfflineFeatureReq {
 		FeatureApiId string `json:"feature_api_id"` // Feature的API标识
 		QueryId      string `json:"query_id"` // 查询记录ID（Query表的ID，必选）
 	}
-	// 下架单个模块响应
 	OfflineFeatureResp {
 		Success bool    `json:"success"` // 是否已完成下架
 		NeedPay bool    `json:"need_pay"` // 是否需要发起支付
-		Amount  float64 `json:"amount"` // 需要支付的金额（单位：元），0表示无需支付
+		Amount  float64 `json:"amount"` // 需要支付的金额（元），0表示无需支付
 	}
-	// 检查订单是否属于当前代理请求
 	CheckOrderAgentReq {
 		OrderId string `form:"order_id"` // 订单ID
 	}
-	// 检查订单是否属于当前代理响应
 	CheckOrderAgentResp {
 		IsAgentOrder bool `json:"is_agent_order"` // 是否是当前代理推广的订单
 	}

app/main/api/desc/front/app.api

@@ -22,8 +22,31 @@ service main {
 
 	@handler getAppConfig
 	get /app/config returns (getAppConfigResp)
+
+	@handler getHomeDynamicData
+	get /app/home/dynamic (getHomeDynamicDataReq) returns (getHomeDynamicDataResp)
 }
 
+type (
+	getHomeDynamicDataReq {
+		LastId int64 `form:"lastId,optional"`
+	}
+	InquiryRecordItem {
+		Id    int64  `json:"id"`
+		Tag   string `json:"tag"`
+		Vin   string `json:"vin"`
+		Model string `json:"model"`
+	}
+	ReviewItem {
+		Name    string `json:"name"`
+		Content string `json:"content"`
+	}
+	getHomeDynamicDataResp {
+		Cases   []InquiryRecordItem `json:"cases"`
+		Reviews []ReviewItem        `json:"reviews"`
+	}
+)
+
 type (
 	// 心跳检测响应
 	HealthCheckResp {

app/main/api/desc/front/pay.api

@@ -22,6 +22,11 @@ service main {
 	// 微信退款回调
 	@handler WechatPayRefundCallback
 	post /pay/wechat/refund_callback
+
+	// 微信小程序虚拟支付发货推送（GET 验签 + POST 事件）
+	@handler XpayPush
+	get /pay/xpay/push
+	post /pay/xpay/push
 }
 
 @server (
@@ -40,6 +45,10 @@ service main {
 
 	@handler PaymentCheck
 	post /pay/check (PaymentCheckReq) returns (PaymentCheckResp)
+
+	// 小程序虚拟支付：上报微信/Apple 客户端提示与步骤（写入服务端日志并可选查微信单）
+	@handler XpayClientEvent
+	post /pay/xpay/client-event (XpayClientEventReq) returns (XpayClientEventResp)
 }
 
 type (
@@ -47,6 +56,7 @@ type (
 		Id        string `json:"id"`
 		PayMethod string `json:"pay_method"` // 支付方式: wechat, alipay, appleiap, test(仅开发环境), test_empty(仅开发环境-空报告模式)
 		PayType   string `json:"pay_type" validate:"required,oneof=query agent_vip agent_upgrade"`
+		Code      string `json:"code,optional"` // 微信小程序/H5授权码，用于自动绑定微信账号（当用户未绑定微信时）
 	}
 	PaymentResp {
 		PrepayData interface{} `json:"prepay_data"`
@@ -57,8 +67,28 @@ type (
 		OrderNo string `json:"order_no" validate:"required"`
 	}
 	PaymentCheckResp {
-		Type   string `json:"type"`
+		Type           string `json:"type"`
-		Status string `json:"status"`
+		Status         string `json:"status"`
+		WxSyncError    string `json:"wx_sync_error,optional"`    // query_order 失败时微信返回
+		WxOrderStatus  int    `json:"wx_order_status,optional"`  // 微信侧订单 status
+		WxOrderDetail  string `json:"wx_order_detail,optional"`  // query_order 原始 order 摘要（排查用）
+	}
+	XpayClientEventReq {
+		OrderNo   string `json:"order_no,optional"`
+		Stage     string `json:"stage" validate:"required"` // prepay_ok, invoke, success, fail, check
+		EventType string `json:"event_type" validate:"required,oneof=info tip fail success"`
+		Message   string `json:"message,optional"` // 微信/Apple 展示给用户的话术（非 HTTP 报错）
+		ErrMsg    string `json:"err_msg,optional"`
+		ErrCode   int    `json:"err_code,optional"`
+		Errno     int    `json:"errno,optional"`
+		SignData  string `json:"sign_data,optional"`
+		Device    string `json:"device,optional"`
+		Extra     string `json:"extra,optional"`
+	}
+	XpayClientEventResp {
+		WxOrderStatus int    `json:"wx_order_status,optional"`
+		WxOrderDetail string `json:"wx_order_detail,optional"`
+		WxSyncError   string `json:"wx_sync_error,optional"`
 	}
 )
 

app/main/api/desc/front/toolbox.api

@@ -0,0 +1,29 @@
+syntax = "v1"
+
+info (
+	title:   "工具箱服务"
+	desc:    "免费工具箱（天行聚合等）"
+	version: "v1"
+)
+
+//============================> toolbox v1 <============================
+@server (
+	prefix: api/v1
+	group:  toolbox
+)
+service main {
+	@doc "工具箱统一查询"
+	@handler toolboxQuery
+	post /toolbox/query (ToolboxQueryReq) returns (ToolboxQueryResp)
+}
+
+type (
+	ToolboxQueryReq {
+		ToolKey string                 `json:"tool_key"`
+		Params  map[string]interface{} `json:"params,optional"`
+	}
+	ToolboxQueryResp {
+		ToolKey string                 `json:"tool_key"`
+		Result  map[string]interface{} `json:"result"`
+	}
+)

app/main/api/desc/front/upload.api

@@ -0,0 +1,44 @@
+syntax = "v1"
+
+info (
+	title:   "上传服务"
+	desc:    "图片 Base64 上传与文件访问"
+	version: "v1"
+)
+
+//============================> upload v1 <============================
+// 访问已上传图片（直接输出二进制，无 JSON 包装）
+@server (
+	prefix: api/v1
+	group:  upload
+)
+service main {
+	@doc "访问已上传图片"
+	@handler serveUpload
+	get /upload/file/:name (ServeUploadFileReq)
+}
+
+type ServeUploadFileReq {
+	Name string `path:"name"`
+}
+
+@server (
+	prefix:     api/v1
+	group:      upload
+	jwt:        JwtAuth
+	middleware: AuthInterceptor
+)
+service main {
+	@doc "图片 Base64 上传"
+	@handler uploadImage
+	post /upload/image (UploadImageReq) returns (UploadImageResp)
+}
+
+type (
+	UploadImageReq {
+		ImageBase64 string `json:"image_base64"`
+	}
+	UploadImageResp {
+		Url string `json:"url"`
+	}
+)

app/main/api/desc/front/user.api

@@ -156,8 +156,26 @@ service main {
 
 type (
 	sendSmsReq {
-		Mobile     string `json:"mobile" validate:"required,mobile"`
+		Mobile            string `json:"mobile" validate:"required,mobile"`
-		ActionType string `json:"actionType" validate:"required,oneof=login register query agentApply realName bindMobile"`
+		ActionType        string `json:"actionType" validate:"required,oneof=login register query agentApply realName bindMobile"`
+		CaptchaVerifyParam string `json:"captchaVerifyParam,optional"`
+	}
+)
+
+//============================> captcha v1 <============================
+@server (
+	prefix: api/v1
+	group:  captcha
+)
+service main {
+	@doc "get encrypted scene id for aliyun captcha"
+	@handler getEncryptedSceneId
+	post /captcha/encryptedSceneId returns (GetEncryptedSceneIdResp)
+}
+
+type (
+	GetEncryptedSceneIdResp {
+		EncryptedSceneId string `json:"encryptedSceneId"`
 	}
 )
 

app/main/api/desc/main.api

@@ -14,6 +14,8 @@ import "./front/product.api"
 import "./front/agent.api"
 import "./front/app.api"
 import "./front/authorization.api"
+import "./front/toolbox.api"
+import "./front/upload.api"
 // 后台
 import "./admin/auth.api"
 import "./admin/menu.api"
@@ -24,7 +26,11 @@ import "./admin/platform_user.api"
 import "./admin/notification.api"
 import "./admin/admin_product.api"
 import "./admin/admin_feature.api"
+import "./admin/dashboard.api"
 import "./admin/admin_query.api"
 import "./admin/admin_agent.api"
 import "./admin/admin_api.api"
 import "./admin/admin_role_api.api"
+
+
+

app/main/api/etc/main.dev.yaml

@@ -18,6 +18,12 @@ VerifyCode:
     SignName: "天远查"
     TemplateCode: "SMS_302641455"
     ValidTime: 300
+Captcha:
+    AccessKeyID: "LTAI5tKGB3TVJbMHSoZN3yr9"
+    AccessKeySecret: "OCQ30GWp4yENMjmfOAaagksE18bp65"
+    EndpointURL: "captcha.cn-shanghai.aliyuncs.com"
+    SceneID: "wynt39to"
+    EKey: ""
 Encrypt:
     SecretKey: "ff83609b2b24fc73196aac3d3dfb874f"
 WestConfig:
@@ -67,10 +73,22 @@ WechatH5:
     AppID: "wx442ee1ac1ee75917"
     AppSecret: "c80474909db42f63913b7a307b3bee17"
 WechatMini:
-    AppID: "wx781abb66b3368963" # 小程序的AppID
+    AppID: "wx5bacc94add2da981" # 小程序的AppID
-    AppSecret: "c7d02cdb0fc23c35c93187af9243b00d" # 小程序的AppSecret
+    AppSecret: "48a2c1e8ff1b7d4c0ff82fbefa64d2d0" # 小程序的AppSecret
-    TycAppID: "wxe74617f3dd56c196"
+WechatXpay:
-    TycAppSecret: "c8207e54aef5689b2a7c1f91ed7ae8a0"
+    Enabled: true
+    Env: 1                                              # 本地联调用沙箱；现网单请改 0 + 现网 AppKey
+    OfferId: "1450552691"
+    AppKey: "n1SSzeMiitPjiQwLlBn1s4Hn7SpkG3qD"         # 沙箱 AppKey（仅 env=1）
+    MessagePushToken: "qncXpayPush2026"                   # 与 mp 后台消息推送 Token 保持一致
+    SessionKeyTTL: 2592000                                # 30 天，与 JwtAuth.AccessExpire 对齐
+
+    # Enabled: true
+    # Env: 0                                              # 0 现网 / 1 沙箱（须与 AppKey 配套）
+    # OfferId: "1450552691"
+    # AppKey: "oYv2wooYzRmPDLdXkpBpqaml8cFaY0Bb"         # 现网 AppKey（env=0 必填现网密钥）
+    # MessagePushToken: "qncXpayPush2026"                   # 与 mp 后台消息推送 Token 保持一致
+    # SessionKeyTTL: 2592000                                # 30 天，与 JwtAuth.AccessExpire 对齐
 Query:
     ShareLinkExpire: 604800 # 7天 = 7 * 24 * 60 * 60 = 604800秒
 AdminConfig:
@@ -85,6 +103,10 @@ Tianyuanapi:
     Key: "04c6b4c559be6d5ba5351c04c8713a64"
     BaseURL: "https://api.tianyuanapi.com"
     Timeout: 60
+tianxingjuhe:
+    url: "https://apis.tianapi.com"
+    key: "4ceffb1ffb95b83230b9a9c9df2467e1"
+    timeout: 30
 Authorization:
     FileBaseURL: "https://www.quannengcha.com/api/v1/auth-docs" # 授权书文件访问基础URL
 Promotion:

app/main/api/etc/main.yaml

@@ -19,6 +19,12 @@ VerifyCode:
     SignName: "海南海宇大数据"
     TemplateCode: "SMS_302641455"
     ValidTime: 300
+Captcha:
+    AccessKeyID: "LTAI5tKGB3TVJbMHSoZN3yr9"
+    AccessKeySecret: "OCQ30GWp4yENMjmfOAaagksE18bp65"
+    EndpointURL: "captcha.cn-shanghai.aliyuncs.com"
+    SceneID: "wynt39to"
+    EKey: ""
 Encrypt:
     SecretKey: "ff83609b2b24fc73196aac3d3dfb874f"
 Alipay:
@@ -58,6 +64,13 @@ WechatH5:
 WechatMini:
     AppID: "wx5bacc94add2da981" # 小程序的AppID
     AppSecret: "48a2c1e8ff1b7d4c0ff82fbefa64d2d0" # 小程序的AppSecret
+WechatXpay:
+    Enabled: true
+    Env: 0                                              # 0 现网 / 1 沙箱（须与 AppKey 配套）
+    OfferId: "1450552691"
+    AppKey: "oYv2wooYzRmPDLdXkpBpqaml8cFaY0Bb"         # 现网 AppKey（env=0 必填现网密钥）
+    MessagePushToken: "qncXpayPush2026"                   # 与 mp 后台消息推送 Token 保持一致
+    SessionKeyTTL: 2592000                                # 30 天，与 JwtAuth.AccessExpire 对齐
 Query:
     ShareLinkExpire: 604800 # 7天 = 7 * 24 * 60 * 60 = 604800秒
 AdminConfig:
@@ -72,6 +85,10 @@ Tianyuanapi:
     Key: "04c6b4c559be6d5ba5351c04c8713a64"
     BaseURL: "https://api.tianyuanapi.com"
     Timeout: 60
+tianxingjuhe:
+    url: "https://apis.tianapi.com"
+    key: "4ceffb1ffb95b83230b9a9c9df2467e1"
+    timeout: 30
 Authorization:
     FileBaseURL: "https://www.quannengcha.com/api/v1/auth-docs" # 授权书文件访问基础URL
 Promotion:

app/main/api/internal/config/config.go

@@ -11,6 +11,7 @@ type Config struct {
 	CacheRedis    cache.CacheConf
 	JwtAuth       JwtAuth // JWT 鉴权相关配置
 	VerifyCode    VerifyCode
+	Captcha       CaptchaConfig // 阿里云验证码配置
 	Encrypt       Encrypt
 	Alipay        AlipayConfig
 	Wxpay         WxpayConfig
@@ -20,10 +21,12 @@ type Config struct {
 	WechatH5      WechatH5Config
 	Authorization AuthorizationConfig // 授权书配置
 	WechatMini    WechatMiniConfig
+	WechatXpay    WechatXpayConfig
 	Query         QueryConfig
 	AdminConfig   AdminConfig
 	TaxConfig     TaxConfig
-	Promotion     PromotionConfig // 推广链接配置
+	Promotion     PromotionConfig    // 推广链接配置
+	Tianxingjuhe  TianxingjuheConfig // 天行聚合API配置
 }
 
 // JwtAuth 用于 JWT 鉴权配置
@@ -40,6 +43,15 @@ type VerifyCode struct {
 	TemplateCode    string
 	ValidTime       int
 }
+
+type CaptchaConfig struct {
+	AccessKeyID     string
+	AccessKeySecret string
+	EndpointURL     string
+	SceneID         string
+	EKey            string // 加密模式用的 ekey（Base64）
+}
+
 type Encrypt struct {
 	SecretKey string
 }
@@ -87,6 +99,16 @@ type WechatMiniConfig struct {
 	AppID     string
 	AppSecret string
 }
+
+// WechatXpayConfig 微信小程序虚拟支付（xpay）
+type WechatXpayConfig struct {
+	Enabled          bool
+	Env              int // 0 现网 / 1 沙箱
+	OfferId          string
+	AppKey           string // 与 Env 配套的 AppKey（沙箱/现网各自在 yaml 中配置）
+	MessagePushToken string
+	SessionKeyTTL    int64
+}
 type QueryConfig struct {
 	ShareLinkExpire int64
 }
@@ -116,3 +138,10 @@ type PromotionConfig struct {
 	PromotionDomain string // 推广域名（用于生成短链）
 	OfficialDomain  string // 正式站点域名（短链重定向的目标域名）
 }
+
+// TianxingjuheConfig 天行聚合API配置
+type TianxingjuheConfig struct {
+	URL     string // API基础URL
+	Key     string // API密钥
+	Timeout int    // 超时时间（秒），默认30秒
+}

app/main/api/internal/handler/admin_agent/admingetagentordersettlementhandler.go

@@ -0,0 +1,29 @@
+package admin_agent
+
+import (
+	"net/http"
+
+	"github.com/zeromicro/go-zero/rest/httpx"
+	"qnc-server/app/main/api/internal/logic/admin_agent"
+	"qnc-server/app/main/api/internal/svc"
+	"qnc-server/app/main/api/internal/types"
+	"qnc-server/common/result"
+	"qnc-server/pkg/lzkit/validator"
+)
+
+func AdminGetAgentOrderSettlementHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var req types.AdminGetAgentOrderSettlementReq
+		if err := httpx.Parse(r, &req); err != nil {
+			result.ParamErrorResult(r, w, err)
+			return
+		}
+		if err := validator.Validate(req); err != nil {
+			result.ParamValidateErrorResult(r, w, err)
+			return
+		}
+		l := admin_agent.NewAdminGetAgentOrderSettlementLogic(r.Context(), svcCtx)
+		resp, err := l.AdminGetAgentOrderSettlement(&req)
+		result.HttpResult(r, w, resp, err)
+	}
+}

app/main/api/internal/handler/admin_agent/admingetagentteamtreehandler.go

@@ -0,0 +1,29 @@
+package admin_agent
+
+import (
+	"net/http"
+
+	"github.com/zeromicro/go-zero/rest/httpx"
+	"qnc-server/app/main/api/internal/logic/admin_agent"
+	"qnc-server/app/main/api/internal/svc"
+	"qnc-server/app/main/api/internal/types"
+	"qnc-server/common/result"
+	"qnc-server/pkg/lzkit/validator"
+)
+
+func AdminGetAgentTeamTreeHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var req types.AdminGetAgentTeamTreeReq
+		if err := httpx.Parse(r, &req); err != nil {
+			result.ParamErrorResult(r, w, err)
+			return
+		}
+		if err := validator.Validate(req); err != nil {
+			result.ParamValidateErrorResult(r, w, err)
+			return
+		}
+		l := admin_agent.NewAdminGetAgentTeamTreeLogic(r.Context(), svcCtx)
+		resp, err := l.AdminGetAgentTeamTree(&req)
+		result.HttpResult(r, w, resp, err)
+	}
+}

app/main/api/internal/handler/admin_dashboard/admingetdashboardstatisticshandler.go

@@ -0,0 +1,17 @@
+package admin_dashboard
+
+import (
+	"net/http"
+
+	"qnc-server/app/main/api/internal/logic/admin_dashboard"
+	"qnc-server/app/main/api/internal/svc"
+	"qnc-server/common/result"
+)
+
+func AdminGetDashboardStatisticsHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		l := admin_dashboard.NewAdminGetDashboardStatisticsLogic(r.Context(), svcCtx)
+		resp, err := l.AdminGetDashboardStatistics()
+		result.HttpResult(r, w, resp, err)
+	}
+}

app/main/api/internal/handler/admin_order/adminxpaydeliverhandler.go

@@ -0,0 +1,30 @@
+package admin_order
+
+import (
+	"net/http"
+
+	"qnc-server/app/main/api/internal/logic/admin_order"
+	"qnc-server/app/main/api/internal/svc"
+	"qnc-server/app/main/api/internal/types"
+	"qnc-server/common/result"
+	"qnc-server/pkg/lzkit/validator"
+
+	"github.com/zeromicro/go-zero/rest/httpx"
+)
+
+func AdminXpayDeliverHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var req types.AdminXpayDeliverReq
+		if err := httpx.Parse(r, &req); err != nil {
+			result.ParamErrorResult(r, w, err)
+			return
+		}
+		if err := validator.Validate(req); err != nil {
+			result.ParamValidateErrorResult(r, w, err)
+			return
+		}
+		l := admin_order.NewAdminXpayDeliverLogic(r.Context(), svcCtx)
+		resp, err := l.AdminXpayDeliver(&req)
+		result.HttpResult(r, w, resp, err)
+	}
+}

app/main/api/internal/handler/admin_query/admingeneratequerysharelinkhandler.go

@@ -0,0 +1,30 @@
+package admin_query
+
+import (
+	"net/http"
+
+	"qnc-server/app/main/api/internal/logic/admin_query"
+	"qnc-server/app/main/api/internal/svc"
+	"qnc-server/app/main/api/internal/types"
+	"qnc-server/common/result"
+	"qnc-server/pkg/lzkit/validator"
+
+	"github.com/zeromicro/go-zero/rest/httpx"
+)
+
+func AdminGenerateQueryShareLinkHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var req types.AdminGenerateQueryShareLinkReq
+		if err := httpx.Parse(r, &req); err != nil {
+			result.ParamErrorResult(r, w, err)
+			return
+		}
+		if err := validator.Validate(req); err != nil {
+			result.ParamValidateErrorResult(r, w, err)
+			return
+		}
+		l := admin_query.NewAdminGenerateQueryShareLinkLogic(r.Context(), svcCtx)
+		resp, err := l.AdminGenerateQueryShareLink(&req)
+		result.HttpResult(r, w, resp, err)
+	}
+}

app/main/api/internal/handler/agent/generateinviteposterhandler.go

@@ -0,0 +1,33 @@
+// Code scaffolded by goctl. Safe to edit.
+// goctl 1.9.2
+
+package agent
+
+import (
+	"net/http"
+
+	"qnc-server/app/main/api/internal/logic/agent"
+	"qnc-server/app/main/api/internal/svc"
+	"qnc-server/app/main/api/internal/types"
+	"qnc-server/common/result"
+	"qnc-server/pkg/lzkit/validator"
+
+	"github.com/zeromicro/go-zero/rest/httpx"
+)
+
+func GenerateInvitePosterHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var req types.GenerateInvitePosterReq
+		if err := httpx.Parse(r, &req); err != nil {
+			result.ParamErrorResult(r, w, err)
+			return
+		}
+		if err := validator.Validate(req); err != nil {
+			result.ParamValidateErrorResult(r, w, err)
+			return
+		}
+		l := agent.NewGenerateInvitePosterLogic(r.Context(), svcCtx)
+		resp, err := l.GenerateInvitePoster(&req)
+		result.HttpResult(r, w, resp, err)
+	}
+}

app/main/api/internal/handler/app/gethomedynamicdatahandler.go

@@ -0,0 +1,29 @@
+package app
+
+import (
+	"net/http"
+
+	"qnc-server/app/main/api/internal/logic/app"
+	"qnc-server/app/main/api/internal/svc"
+	"qnc-server/app/main/api/internal/types"
+
+	"github.com/zeromicro/go-zero/rest/httpx"
+)
+
+func GetHomeDynamicDataHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var req types.GetHomeDynamicDataReq
+		if err := httpx.Parse(r, &req); err != nil {
+			httpx.ErrorCtx(r.Context(), w, err)
+			return
+		}
+
+		l := app.NewGetHomeDynamicDataLogic(r.Context(), svcCtx)
+		resp, err := l.GetHomeDynamicData(&req)
+		if err != nil {
+			httpx.ErrorCtx(r.Context(), w, err)
+		} else {
+			httpx.OkJsonCtx(r.Context(), w, resp)
+		}
+	}
+}

app/main/api/internal/handler/auth/sendsmshandler.go

@@ -23,8 +23,27 @@ func SendSmsHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
 			result.ParamValidateErrorResult(r, w, err)
 			return
 		}
+		// 获取客户端真实 IP
+		clientIP := getClientIP(r)
+		// 获取 User-Agent 用于判断微信环境
+		userAgent := r.Header.Get("User-Agent")
 		l := auth.NewSendSmsLogic(r.Context(), svcCtx)
-		err := l.SendSms(&req)
+		err := l.SendSms(&req, clientIP, userAgent)
 		result.HttpResult(r, w, nil, err)
 	}
 }
+
+// getClientIP 获取客户端真实 IP
+func getClientIP(r *http.Request) string {
+	// 优先从 X-Forwarded-For 获取
+	if xff := r.Header.Get("X-Forwarded-For"); xff != "" {
+		// X-Forwarded-For 可能包含多个 IP，取第一个
+		return xff
+	}
+	// 其次从 X-Real-IP 获取
+	if xri := r.Header.Get("X-Real-IP"); xri != "" {
+		return xri
+	}
+	// 最后使用 RemoteAddr
+	return r.RemoteAddr
+}

app/main/api/internal/handler/captcha/getencryptedsceneidhandler.go

@@ -0,0 +1,21 @@
+package captcha
+
+import (
+	"net/http"
+
+	"github.com/zeromicro/go-zero/rest/httpx"
+	"qnc-server/app/main/api/internal/logic/captcha"
+	"qnc-server/app/main/api/internal/svc"
+)
+
+func GetEncryptedSceneIdHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		l := captcha.NewGetEncryptedSceneIdLogic(r.Context(), svcCtx)
+		resp, err := l.GetEncryptedSceneId()
+		if err != nil {
+			httpx.ErrorCtx(r.Context(), w, err)
+		} else {
+			httpx.OkJsonCtx(r.Context(), w, resp)
+		}
+	}
+}

app/main/api/internal/handler/pay/xpayclienteventhandler.go

@@ -0,0 +1,30 @@
+package pay
+
+import (
+	"net/http"
+
+	"qnc-server/app/main/api/internal/logic/pay"
+	"qnc-server/app/main/api/internal/svc"
+	"qnc-server/app/main/api/internal/types"
+	"qnc-server/common/result"
+	"qnc-server/pkg/lzkit/validator"
+
+	"github.com/zeromicro/go-zero/rest/httpx"
+)
+
+func XpayClientEventHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var req types.XpayClientEventReq
+		if err := httpx.Parse(r, &req); err != nil {
+			result.ParamErrorResult(r, w, err)
+			return
+		}
+		if err := validator.Validate(req); err != nil {
+			result.ParamValidateErrorResult(r, w, err)
+			return
+		}
+		l := pay.NewXpayClientEventLogic(r.Context(), svcCtx)
+		resp, err := l.XpayClientEvent(&req)
+		result.HttpResult(r, w, resp, err)
+	}
+}

app/main/api/internal/handler/pay/xpaypushhandler.go

@@ -0,0 +1,22 @@
+package pay
+
+import (
+	"net/http"
+
+	"qnc-server/app/main/api/internal/logic/pay"
+	"qnc-server/app/main/api/internal/svc"
+)
+
+func XpayPushHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
+	l := pay.NewXpayPushLogic(svcCtx)
+	return func(w http.ResponseWriter, r *http.Request) {
+		switch r.Method {
+		case http.MethodGet:
+			l.HandleGET(w, r)
+		case http.MethodPost:
+			l.HandlePOST(w, r)
+		default:
+			w.WriteHeader(http.StatusMethodNotAllowed)
+		}
+	}
+}

app/main/api/internal/handler/routes.go

@@ -7,6 +7,7 @@ import (
 	admin_agent "qnc-server/app/main/api/internal/handler/admin_agent"
 	admin_api "qnc-server/app/main/api/internal/handler/admin_api"
 	admin_auth "qnc-server/app/main/api/internal/handler/admin_auth"
+	admin_dashboard "qnc-server/app/main/api/internal/handler/admin_dashboard"
 	admin_feature "qnc-server/app/main/api/internal/handler/admin_feature"
 	admin_menu "qnc-server/app/main/api/internal/handler/admin_menu"
 	admin_notification "qnc-server/app/main/api/internal/handler/admin_notification"
@@ -21,10 +22,13 @@ import (
 	app "qnc-server/app/main/api/internal/handler/app"
 	auth "qnc-server/app/main/api/internal/handler/auth"
 	authorization "qnc-server/app/main/api/internal/handler/authorization"
+	captcha "qnc-server/app/main/api/internal/handler/captcha"
 	notification "qnc-server/app/main/api/internal/handler/notification"
 	pay "qnc-server/app/main/api/internal/handler/pay"
 	product "qnc-server/app/main/api/internal/handler/product"
 	query "qnc-server/app/main/api/internal/handler/query"
+	toolbox "qnc-server/app/main/api/internal/handler/toolbox"
+	upload "qnc-server/app/main/api/internal/handler/upload"
 	user "qnc-server/app/main/api/internal/handler/user"
 	"qnc-server/app/main/api/internal/svc"
 
@@ -81,6 +85,11 @@ func RegisterHandlers(server *rest.Server, serverCtx *svc.ServiceContext) {
 					Path:    "/order/list",
 					Handler: admin_agent.AdminGetAgentOrderListHandler(serverCtx),
 				},
+				{
+					Method:  http.MethodGet,
+					Path:    "/order/settlement",
+					Handler: admin_agent.AdminGetAgentOrderSettlementHandler(serverCtx),
+				},
 				{
 					Method:  http.MethodGet,
 					Path:    "/product_config/list",
@@ -101,6 +110,11 @@ func RegisterHandlers(server *rest.Server, serverCtx *svc.ServiceContext) {
 					Path:    "/rebate/list",
 					Handler: admin_agent.AdminGetAgentRebateListHandler(serverCtx),
 				},
+				{
+					Method:  http.MethodGet,
+					Path:    "/team/tree",
+					Handler: admin_agent.AdminGetAgentTeamTreeHandler(serverCtx),
+				},
 				{
 					Method:  http.MethodPost,
 					Path:    "/upgrade/agent",
@@ -177,6 +191,20 @@ func RegisterHandlers(server *rest.Server, serverCtx *svc.ServiceContext) {
 		rest.WithPrefix("/api/v1/admin/auth"),
 	)
 
+	server.AddRoutes(
+		rest.WithMiddlewares(
+			[]rest.Middleware{serverCtx.AdminAuthInterceptor},
+			[]rest.Route{
+				{
+					Method:  http.MethodGet,
+					Path:    "/statistics",
+					Handler: admin_dashboard.AdminGetDashboardStatisticsHandler(serverCtx),
+				},
+			}...,
+		),
+		rest.WithPrefix("/api/v1/admin/dashboard"),
+	)
+
 	server.AddRoutes(
 		rest.WithMiddlewares(
 			[]rest.Middleware{serverCtx.AdminAuthInterceptor},
@@ -340,6 +368,12 @@ func RegisterHandlers(server *rest.Server, serverCtx *svc.ServiceContext) {
 					Path:    "/retry-agent-process/:id",
 					Handler: admin_order.AdminRetryAgentProcessHandler(serverCtx),
 				},
+				{
+					// xpay补发货（查微信单并到账）
+					Method:  http.MethodPost,
+					Path:    "/xpay-deliver/:id",
+					Handler: admin_order.AdminXpayDeliverHandler(serverCtx),
+				},
 				{
 					// 更新订单
 					Method:  http.MethodPut,
@@ -463,6 +497,12 @@ func RegisterHandlers(server *rest.Server, serverCtx *svc.ServiceContext) {
 					Path:    "/detail/:order_id",
 					Handler: admin_query.AdminGetQueryDetailByOrderIdHandler(serverCtx),
 				},
+				{
+					// 生成报告分享链接（供后台预览 H5）
+					Method:  http.MethodPost,
+					Path:    "/generate_share_link",
+					Handler: admin_query.AdminGenerateQueryShareLinkHandler(serverCtx),
+				},
 			}...,
 		),
 		rest.WithPrefix("/api/v1/admin/query"),
@@ -646,6 +686,11 @@ func RegisterHandlers(server *rest.Server, serverCtx *svc.ServiceContext) {
 					Path:    "/info",
 					Handler: agent.GetAgentInfoHandler(serverCtx),
 				},
+				{
+					Method:  http.MethodGet,
+					Path:    "/invite/poster",
+					Handler: agent.GenerateInvitePosterHandler(serverCtx),
+				},
 				{
 					Method:  http.MethodPost,
 					Path:    "/invite_code/delete",
@@ -809,6 +854,11 @@ func RegisterHandlers(server *rest.Server, serverCtx *svc.ServiceContext) {
 				Path:    "/app/version",
 				Handler: app.GetAppVersionHandler(serverCtx),
 			},
+			{
+				Method:  http.MethodGet,
+				Path:    "/app/home/dynamic",
+				Handler: app.GetHomeDynamicDataHandler(serverCtx),
+			},
 			{
 				// 心跳检测接口
 				Method:  http.MethodGet,
@@ -852,6 +902,18 @@ func RegisterHandlers(server *rest.Server, serverCtx *svc.ServiceContext) {
 		rest.WithPrefix("/api/v1"),
 	)
 
+	server.AddRoutes(
+		[]rest.Route{
+			{
+				// get encrypted scene id for aliyun captcha
+				Method:  http.MethodPost,
+				Path:    "/captcha/encryptedSceneId",
+				Handler: captcha.GetEncryptedSceneIdHandler(serverCtx),
+			},
+		},
+		rest.WithPrefix("/api/v1"),
+	)
+
 	server.AddRoutes(
 		[]rest.Route{
 			{
@@ -881,6 +943,16 @@ func RegisterHandlers(server *rest.Server, serverCtx *svc.ServiceContext) {
 				Path:    "/pay/wechat/refund_callback",
 				Handler: pay.WechatPayRefundCallbackHandler(serverCtx),
 			},
+			{
+				Method:  http.MethodGet,
+				Path:    "/pay/xpay/push",
+				Handler: pay.XpayPushHandler(serverCtx),
+			},
+			{
+				Method:  http.MethodPost,
+				Path:    "/pay/xpay/push",
+				Handler: pay.XpayPushHandler(serverCtx),
+			},
 		},
 		rest.WithPrefix("/api/v1"),
 	)
@@ -904,6 +976,11 @@ func RegisterHandlers(server *rest.Server, serverCtx *svc.ServiceContext) {
 					Path:    "/pay/payment",
 					Handler: pay.PaymentHandler(serverCtx),
 				},
+				{
+					Method:  http.MethodPost,
+					Path:    "/pay/xpay/client-event",
+					Handler: pay.XpayClientEventHandler(serverCtx),
+				},
 			}...,
 		),
 		rest.WithJwt(serverCtx.Config.JwtAuth.AccessSecret),
@@ -1048,6 +1125,46 @@ func RegisterHandlers(server *rest.Server, serverCtx *svc.ServiceContext) {
 		rest.WithPrefix("/api/v1"),
 	)
 
+	server.AddRoutes(
+		[]rest.Route{
+			{
+				// 工具箱统一查询
+				Method:  http.MethodPost,
+				Path:    "/toolbox/query",
+				Handler: toolbox.ToolboxQueryHandler(serverCtx),
+			},
+		},
+		rest.WithPrefix("/api/v1"),
+	)
+
+	server.AddRoutes(
+		[]rest.Route{
+			{
+				// 访问已上传图片
+				Method:  http.MethodGet,
+				Path:    "/upload/file/:name",
+				Handler: upload.ServeUploadHandler(serverCtx),
+			},
+		},
+		rest.WithPrefix("/api/v1"),
+	)
+
+	server.AddRoutes(
+		rest.WithMiddlewares(
+			[]rest.Middleware{serverCtx.AuthInterceptor},
+			[]rest.Route{
+				{
+					// 图片 Base64 上传
+					Method:  http.MethodPost,
+					Path:    "/upload/image",
+					Handler: upload.UploadImageHandler(serverCtx),
+				},
+			}...,
+		),
+		rest.WithJwt(serverCtx.Config.JwtAuth.AccessSecret),
+		rest.WithPrefix("/api/v1"),
+	)
+
 	server.AddRoutes(
 		[]rest.Route{
 			{

app/main/api/internal/handler/toolbox/toolboxqueryhandler.go

@@ -0,0 +1,25 @@
+package toolbox
+
+import (
+	"net/http"
+
+	"qnc-server/app/main/api/internal/logic/toolbox"
+	"qnc-server/app/main/api/internal/svc"
+	"qnc-server/app/main/api/internal/types"
+	"qnc-server/common/result"
+
+	"github.com/zeromicro/go-zero/rest/httpx"
+)
+
+func ToolboxQueryHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var req types.ToolboxQueryReq
+		if err := httpx.Parse(r, &req); err != nil {
+			result.ParamErrorResult(r, w, err)
+			return
+		}
+		l := toolbox.NewToolboxQueryLogic(r.Context(), svcCtx)
+		resp, err := l.ToolboxQuery(&req)
+		result.HttpResult(r, w, resp, err)
+	}
+}

app/main/api/internal/handler/upload/serveuploadhandler.go

@@ -0,0 +1,26 @@
+package upload
+
+import (
+	"net/http"
+
+	uploadlogic "qnc-server/app/main/api/internal/logic/upload"
+	"qnc-server/app/main/api/internal/svc"
+	"qnc-server/app/main/api/internal/types"
+	"qnc-server/common/result"
+
+	"github.com/zeromicro/go-zero/rest/httpx"
+)
+
+func ServeUploadHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var req types.ServeUploadFileReq
+		if err := httpx.Parse(r, &req); err != nil {
+			result.ParamErrorResult(r, w, err)
+			return
+		}
+		l := uploadlogic.NewServeUploadLogic(r.Context(), svcCtx)
+		if err := l.ServeUpload(req.Name, w); err != nil {
+			result.HttpResult(r, w, nil, err)
+		}
+	}
+}

app/main/api/internal/handler/upload/uploadimagehandler.go

@@ -0,0 +1,25 @@
+package upload
+
+import (
+	"net/http"
+
+	uploadlogic "qnc-server/app/main/api/internal/logic/upload"
+	"qnc-server/app/main/api/internal/svc"
+	"qnc-server/app/main/api/internal/types"
+	"qnc-server/common/result"
+
+	"github.com/zeromicro/go-zero/rest/httpx"
+)
+
+func UploadImageHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var req types.UploadImageReq
+		if err := httpx.Parse(r, &req); err != nil {
+			result.ParamErrorResult(r, w, err)
+			return
+		}
+		l := uploadlogic.NewUploadImageLogic(r.Context(), svcCtx)
+		resp, err := l.UploadImage(&req)
+		result.HttpResult(r, w, resp, err)
+	}
+}

app/main/api/internal/logic/admin_agent/admingetagentcommissionlistlogic.go

@@ -2,6 +2,7 @@ package admin_agent
 
 import (
 	"context"
+	"strconv"
 
 	"qnc-server/app/main/api/internal/svc"
 	"qnc-server/app/main/api/internal/types"
@@ -27,20 +28,46 @@ func NewAdminGetAgentCommissionListLogic(ctx context.Context, svcCtx *svc.Servic
 
 func (l *AdminGetAgentCommissionListLogic) AdminGetAgentCommissionList(req *types.AdminGetAgentCommissionListReq) (resp *types.AdminGetAgentCommissionListResp, err error) {
 	builder := l.svcCtx.AgentCommissionModel.SelectBuilder()
+
+	// 按 agent_code 筛选：先查出 agent_id
+	if req.AgentCode != nil && *req.AgentCode != "" {
+		agentCodeInt, parseErr := strconv.ParseInt(*req.AgentCode, 10, 64)
+		if parseErr == nil {
+			agent, findErr := l.svcCtx.AgentModel.FindOneByAgentCode(l.ctx, agentCodeInt)
+			if findErr == nil && agent != nil {
+				builder = builder.Where(squirrel.Eq{"agent_id": agent.Id})
+			} else {
+				// 找不到对应代理，返回空列表
+				return &types.AdminGetAgentCommissionListResp{Total: 0, Items: []types.AgentCommissionListItem{}}, nil
+			}
+		} else {
+			return &types.AdminGetAgentCommissionListResp{Total: 0, Items: []types.AgentCommissionListItem{}}, nil
+		}
+	}
+
+	// 按 order_no 筛选：先查出 order_id
+	if req.OrderNo != nil && *req.OrderNo != "" {
+		order, findErr := l.svcCtx.OrderModel.FindOneByOrderNo(l.ctx, *req.OrderNo)
+		if findErr == nil && order != nil {
+			builder = builder.Where(squirrel.Eq{"order_id": order.Id})
+		} else {
+			return &types.AdminGetAgentCommissionListResp{Total: 0, Items: []types.AgentCommissionListItem{}}, nil
+		}
+	}
+
 	if req.AgentId != nil {
 		builder = builder.Where(squirrel.Eq{"agent_id": *req.AgentId})
 	}
 	if req.Status != nil {
 		builder = builder.Where(squirrel.Eq{"status": *req.Status})
 	}
-	// 产品名称筛选功能已移除，如需可按product_id筛选
 
 	list, total, err := l.svcCtx.AgentCommissionModel.FindPageListByPageWithTotal(l.ctx, builder, req.Page, req.PageSize, "create_time DESC")
 	if err != nil {
 		return nil, err
 	}
 
-	// 批量查product_name
+	// 批量查 product_name
 	productIds := make(map[string]struct{})
 	for _, v := range list {
 		productIds[v.ProductId] = struct{}{}
@@ -58,11 +85,38 @@ func (l *AdminGetAgentCommissionListLogic) AdminGetAgentCommissionList(req *type
 		}
 	}
 
+	// 批量查 agent_code
+	agentIds := make([]string, 0, len(list))
+	for _, v := range list {
+		if v.AgentId != "" {
+			agentIds = append(agentIds, v.AgentId)
+		}
+	}
+	agentCodeMap := batchAgentCodesByIds(l.ctx, l.svcCtx, agentIds)
+
+	// 批量查 order_no
+	orderIds := make([]string, 0, len(list))
+	for _, v := range list {
+		if v.OrderId != "" {
+			orderIds = append(orderIds, v.OrderId)
+		}
+	}
+	orderNoMap := make(map[string]string)
+	if len(orderIds) > 0 {
+		orderBuilder := l.svcCtx.OrderModel.SelectBuilder().Where(squirrel.Eq{"id": orderIds})
+		orders, _ := l.svcCtx.OrderModel.FindAll(l.ctx, orderBuilder, "")
+		for _, o := range orders {
+			orderNoMap[o.Id] = o.OrderNo
+		}
+	}
+
 	items := make([]types.AgentCommissionListItem, 0, len(list))
 	for _, v := range list {
 		item := types.AgentCommissionListItem{}
 		_ = copier.Copy(&item, v)
+		item.AgentCode = agentCodeMap[v.AgentId]
 		item.ProductName = productNameMap[v.ProductId]
+		item.OrderNo = orderNoMap[v.OrderId]
 		item.CreateTime = v.CreateTime.Format("2006-01-02 15:04:05")
 		items = append(items, item)
 	}

app/main/api/internal/logic/admin_agent/admingetagentlinklistlogic.go

@@ -2,9 +2,12 @@ package admin_agent
 
 import (
 	"context"
+	"fmt"
+	"strings"
 
 	"qnc-server/app/main/api/internal/svc"
 	"qnc-server/app/main/api/internal/types"
+	"qnc-server/common/globalkey"
 
 	"github.com/Masterminds/squirrel"
 	"github.com/zeromicro/go-zero/core/logx"
@@ -29,6 +32,16 @@ func (l *AdminGetAgentLinkListLogic) AdminGetAgentLinkList(req *types.AdminGetAg
 	if req.AgentId != nil {
 		builder = builder.Where("agent_id = ?", *req.AgentId)
 	}
+	if req.AgentCode != nil && strings.TrimSpace(*req.AgentCode) != "" {
+		var agentCode int64
+		if _, err := fmt.Sscanf(strings.TrimSpace(*req.AgentCode), "%d", &agentCode); err == nil {
+			builder = builder.Where(
+				"agent_id IN (SELECT id FROM agent WHERE agent_code = ? AND del_state = ?)",
+				agentCode,
+				globalkey.DelStateNo,
+			)
+		}
+	}
 	if req.LinkIdentifier != nil && *req.LinkIdentifier != "" {
 		builder = builder.Where("link_identifier = ?", *req.LinkIdentifier)
 	}
@@ -60,11 +73,20 @@ func (l *AdminGetAgentLinkListLogic) AdminGetAgentLinkList(req *types.AdminGetAg
 		}
 	}
 
+	agentIds := make([]string, 0, len(links))
+	for _, link := range links {
+		if link.AgentId != "" {
+			agentIds = append(agentIds, link.AgentId)
+		}
+	}
+	agentCodeMap := batchAgentCodesByIds(l.ctx, l.svcCtx, agentIds)
+
 	items := make([]types.AgentLinkListItem, 0, len(links))
 	for _, link := range links {
 		items = append(items, types.AgentLinkListItem{
 			Id:              link.Id,
 			AgentId:         link.AgentId,
+			AgentCode:       agentCodeMap[link.AgentId],
 			ProductId:       link.ProductId,
 			ProductName:     productNameMap[link.ProductId],
 			SetPrice:        link.SetPrice,

app/main/api/internal/logic/admin_agent/admingetagentlistlogic.go

@@ -2,9 +2,13 @@ package admin_agent
 
 import (
 	"context"
+	"encoding/hex"
+	"fmt"
+	"strings"
 
 	"qnc-server/app/main/api/internal/svc"
 	"qnc-server/app/main/api/internal/types"
+	"qnc-server/common/globalkey"
 	"qnc-server/common/xerr"
 	"qnc-server/pkg/lzkit/crypto"
 
@@ -30,26 +34,52 @@ func NewAdminGetAgentListLogic(ctx context.Context, svcCtx *svc.ServiceContext)
 func (l *AdminGetAgentListLogic) AdminGetAgentList(req *types.AdminGetAgentListReq) (resp *types.AdminGetAgentListResp, err error) {
 	builder := l.svcCtx.AgentModel.SelectBuilder()
 
-	// 如果传入TeamLeaderId，则查找该团队首领下的所有代理
+	exactByAgentId := req.AgentId != nil && *req.AgentId != ""
-	if req.TeamLeaderId != nil {
+	if exactByAgentId {
-		builder = builder.Where(squirrel.Eq{"team_leader_id": *req.TeamLeaderId})
+		builder = builder.Where(squirrel.Eq{"id": *req.AgentId})
-	}
+	} else {
-	if req.Level != nil {
+		// 如果传入TeamLeaderId，则查找该团队首领下的直属代理（不含首领本人：钻石等业务会把 team_leader_id 写成自己）
-		builder = builder.Where(squirrel.Eq{"level": *req.Level})
+		if req.TeamLeaderId != nil && *req.TeamLeaderId != "" {
-	}
+			tl := *req.TeamLeaderId
-	if req.Mobile != nil && *req.Mobile != "" {
+			builder = builder.Where(squirrel.Eq{"team_leader_id": tl})
-		// 加密手机号进行查询
+			builder = builder.Where(squirrel.NotEq{"id": tl})
-		encryptedMobile, err := crypto.EncryptMobile(*req.Mobile, l.svcCtx.Config.Encrypt.SecretKey)
+		}
-		if err != nil {
+		if req.Level != nil {
-			return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "加密手机号失败: %v", err)
+			builder = builder.Where(squirrel.Eq{"level": *req.Level})
+		}
+		if req.Mobile != nil && *req.Mobile != "" {
+			// 加密手机号进行查询
+			encryptedMobile, err := crypto.EncryptMobile(*req.Mobile, l.svcCtx.Config.Encrypt.SecretKey)
+			if err != nil {
+				return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "加密手机号失败: %v", err)
+			}
+			builder = builder.Where(squirrel.Eq{"mobile": encryptedMobile})
+		}
+		if req.Region != nil && *req.Region != "" {
+			// 注意：region字段现在是可选的，查询时需要处理NULL值
+			// 如果region字段是NULL，使用IS NULL查询；否则使用等值查询
+			// 这里简化处理，直接使用等值查询（如果数据库中有NULL值，需要特殊处理）
+			builder = builder.Where(squirrel.Eq{"region": *req.Region})
+		}
+		if req.AgentCode != nil && *req.AgentCode != "" {
+			// 将字符串转换为int64
+			var agentCode int64
+			if _, err := fmt.Sscanf(*req.AgentCode, "%d", &agentCode); err == nil {
+				builder = builder.Where(squirrel.Eq{"agent_code": agentCode})
+			}
 		}
-		builder = builder.Where(squirrel.Eq{"mobile": encryptedMobile})
 	}
-	if req.Region != nil && *req.Region != "" {
+
-		// 注意：region字段现在是可选的，查询时需要处理NULL值
+	if req.RealName != nil && strings.TrimSpace(*req.RealName) != "" {
-		// 如果region字段是NULL，使用IS NULL查询；否则使用等值查询
+		name := strings.TrimSpace(*req.RealName)
-		// 这里简化处理，直接使用等值查询（如果数据库中有NULL值，需要特殊处理）
+		likePattern := "%" + name + "%"
-		builder = builder.Where(squirrel.Eq{"region": *req.Region})
+		builder = builder.Where(`EXISTS (
+			SELECT 1 FROM agent_real_name arn
+			WHERE arn.agent_id = agent.id
+				AND arn.del_state = ?
+				AND arn.verify_time IS NOT NULL
+				AND arn.name LIKE ?
+		)`, globalkey.DelStateNo, likePattern)
 	}
 
 	agents, total, err := l.svcCtx.AgentModel.FindPageListByPageWithTotal(l.ctx, builder, req.Page, req.PageSize, "id DESC")
@@ -57,6 +87,17 @@ func (l *AdminGetAgentListLogic) AdminGetAgentList(req *types.AdminGetAgentListR
 		return nil, err
 	}
 
+	leaderIds := make([]string, 0, len(agents))
+	for _, a := range agents {
+		if a.Id != "" {
+			leaderIds = append(leaderIds, a.Id)
+		}
+	}
+	subCountByLeader, err := l.svcCtx.AgentModel.CountSubordinatesByTeamLeaderIds(l.ctx, leaderIds)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "统计直属下级数量失败: %v", err)
+	}
+
 	items := make([]types.AgentListItem, 0, len(agents))
 
 	for _, agent := range agents {
@@ -79,11 +120,25 @@ func (l *AdminGetAgentListLogic) AdminGetAgentList(req *types.AdminGetAgentListR
 		// 查询钱包信息
 		wallet, _ := l.svcCtx.AgentWalletModel.FindOneByAgentId(l.ctx, agent.Id)
 
-		// 查询实名认证信息
+		// 查询实名认证信息（数据库姓名明文、身份证密文，解密后明文返回不脱敏）
 		realNameInfo, _ := l.svcCtx.AgentRealNameModel.FindOneByAgentId(l.ctx, agent.Id)
 		isRealName := false
-		if realNameInfo != nil && realNameInfo.VerifyTime.Valid {
+		realName := ""
-			isRealName = true // verify_time不为空表示已通过三要素核验
+		idCardPlain := "" // 解密后明文返回
+		if realNameInfo != nil {
+			if realNameInfo.VerifyTime.Valid {
+				isRealName = true // verify_time不为空表示已通过三要素核验
+			}
+			realName = realNameInfo.Name
+			if realNameInfo.IdCard != "" {
+				key, keyErr := hex.DecodeString(l.svcCtx.Config.Encrypt.SecretKey)
+				if keyErr == nil {
+					decrypted, err := crypto.DecryptIDCard(realNameInfo.IdCard, key)
+					if err == nil {
+						idCardPlain = decrypted
+					}
+				}
+			}
 		}
 
 		wechatId := ""
@@ -102,15 +157,18 @@ func (l *AdminGetAgentListLogic) AdminGetAgentList(req *types.AdminGetAgentListR
 		}
 
 		item := types.AgentListItem{
-			Id:              agent.Id,
+			Id:               agent.Id,
-			UserId:          agent.UserId,
+			UserId:           agent.UserId,
-			Level:           agent.Level,
+			Level:            agent.Level,
-			LevelName:       levelName,
+			LevelName:        levelName,
-			Region:          region,
+			Region:           region,
-			Mobile:          agent.Mobile,
+			Mobile:           agent.Mobile,
-			WechatId:        wechatId,
+			RealName:         realName,
-			TeamLeaderId:    teamLeaderId,
+			IdCard:           idCardPlain,
-			AgentCode:       agent.AgentCode,
+			WechatId:         wechatId,
+			TeamLeaderId:     teamLeaderId,
+			SubordinateCount: subCountByLeader[agent.Id],
+			AgentCode:        agent.AgentCode,
 			Balance:         0,
 			TotalEarnings:   0,
 			FrozenBalance:   0,

app/main/api/internal/logic/admin_agent/admingetagentorderlistlogic.go

@@ -2,6 +2,8 @@ package admin_agent
 
 import (
 	"context"
+	"strconv"
+
 	"qnc-server/common/globalkey"
 	"qnc-server/common/xerr"
 
@@ -28,21 +30,57 @@ func NewAdminGetAgentOrderListLogic(ctx context.Context, svcCtx *svc.ServiceCont
 	}
 }
 
+func emptyAgentOrderListResp() *types.AdminGetAgentOrderListResp {
+	return &types.AdminGetAgentOrderListResp{
+		Total: 0,
+		Items: []types.AgentOrderListItem{},
+	}
+}
+
 func (l *AdminGetAgentOrderListLogic) AdminGetAgentOrderList(req *types.AdminGetAgentOrderListReq) (resp *types.AdminGetAgentOrderListResp, err error) {
 	builder := l.svcCtx.AgentOrderModel.SelectBuilder().
 		Where("del_state = ?", globalkey.DelStateNo)
 
-	if req.AgentId != nil {
+	if req.AgentId != nil && *req.AgentId != "" {
 		builder = builder.Where("agent_id = ?", *req.AgentId)
 	}
-	if req.OrderId != nil {
+
+	if req.AgentCode != nil && *req.AgentCode != "" {
+		code, parseErr := strconv.ParseInt(*req.AgentCode, 10, 64)
+		if parseErr != nil {
+			return emptyAgentOrderListResp(), nil
+		}
+		agent, findErr := l.svcCtx.AgentModel.FindOneByAgentCode(l.ctx, code)
+		if findErr != nil || agent == nil {
+			return emptyAgentOrderListResp(), nil
+		}
+		builder = builder.Where("agent_id = ?", agent.Id)
+	}
+
+	if req.OrderId != nil && *req.OrderId != "" {
 		builder = builder.Where("order_id = ?", *req.OrderId)
 	}
+
+	if req.OrderNo != nil && *req.OrderNo != "" {
+		o, findErr := l.svcCtx.OrderModel.FindOneByOrderNo(l.ctx, *req.OrderNo)
+		if findErr != nil || o == nil {
+			return emptyAgentOrderListResp(), nil
+		}
+		builder = builder.Where("order_id = ?", o.Id)
+	}
+
 	if req.ProcessStatus != nil {
 		builder = builder.Where("process_status = ?", *req.ProcessStatus)
 	}
 
-	// 分页查询
+	if req.OrderStatus != nil && *req.OrderStatus != "" {
+		builder = builder.Where(squirrel.Expr(
+			"order_id IN (SELECT id FROM `order` WHERE status = ? AND del_state = ?)",
+			*req.OrderStatus,
+			globalkey.DelStateNo,
+		))
+	}
+
 	page := req.Page
 	if page <= 0 {
 		page = 1
@@ -57,7 +95,6 @@ func (l *AdminGetAgentOrderListLogic) AdminGetAgentOrderList(req *types.AdminGet
 		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询代理订单列表失败, %v", err)
 	}
 
-	// 批量查询产品名称
 	productIdSet := make(map[string]struct{})
 	for _, order := range orders {
 		productIdSet[order.ProductId] = struct{}{}
@@ -74,13 +111,50 @@ func (l *AdminGetAgentOrderListLogic) AdminGetAgentOrderList(req *types.AdminGet
 		}
 	}
 
-	// 组装响应
+	agentIds := make([]string, 0, len(orders))
+	orderIds := make([]string, 0, len(orders))
+	for _, order := range orders {
+		if order.AgentId != "" {
+			agentIds = append(agentIds, order.AgentId)
+		}
+		if order.OrderId != "" {
+			orderIds = append(orderIds, order.OrderId)
+		}
+	}
+	agentCodeMap := batchAgentCodesByIds(l.ctx, l.svcCtx, agentIds)
+
+	orderNoMap := make(map[string]string)
+	orderStatusMap := make(map[string]string)
+	if len(orderIds) > 0 {
+		uniq := make([]string, 0, len(orderIds))
+		seen := make(map[string]struct{}, len(orderIds))
+		for _, id := range orderIds {
+			if id == "" {
+				continue
+			}
+			if _, ok := seen[id]; ok {
+				continue
+			}
+			seen[id] = struct{}{}
+			uniq = append(uniq, id)
+		}
+		if len(uniq) > 0 {
+			os, _ := l.svcCtx.OrderModel.FindAll(l.ctx, l.svcCtx.OrderModel.SelectBuilder().Where(squirrel.Eq{"id": uniq}), "")
+			for _, o := range os {
+				orderNoMap[o.Id] = o.OrderNo
+				orderStatusMap[o.Id] = o.Status
+			}
+		}
+	}
+
 	items := make([]types.AgentOrderListItem, 0, len(orders))
 	for _, order := range orders {
 		items = append(items, types.AgentOrderListItem{
 			Id:              order.Id,
 			AgentId:         order.AgentId,
+			AgentCode:       agentCodeMap[order.AgentId],
 			OrderId:         order.OrderId,
+			OrderNo:         orderNoMap[order.OrderId],
 			ProductId:       order.ProductId,
 			ProductName:     productNameMap[order.ProductId],
 			OrderAmount:     order.OrderAmount,
@@ -89,6 +163,7 @@ func (l *AdminGetAgentOrderListLogic) AdminGetAgentOrderList(req *types.AdminGet
 			PriceCost:       order.PriceCost,
 			AgentProfit:     order.AgentProfit,
 			ProcessStatus:   order.ProcessStatus,
+			OrderStatus:     orderStatusMap[order.OrderId],
 			CreateTime:      order.CreateTime.Format("2006-01-02 15:04:05"),
 		})
 	}

app/main/api/internal/logic/admin_agent/admingetagentordersettlementlogic.go

@@ -0,0 +1,98 @@
+package admin_agent
+
+import (
+	"context"
+	"sync"
+
+	"qnc-server/app/main/api/internal/svc"
+	"qnc-server/app/main/api/internal/types"
+
+	"github.com/zeromicro/go-zero/core/logx"
+)
+
+type AdminGetAgentOrderSettlementLogic struct {
+	logx.Logger
+	ctx    context.Context
+	svcCtx *svc.ServiceContext
+}
+
+func NewAdminGetAgentOrderSettlementLogic(ctx context.Context, svcCtx *svc.ServiceContext) *AdminGetAgentOrderSettlementLogic {
+	return &AdminGetAgentOrderSettlementLogic{
+		Logger: logx.WithContext(ctx),
+		ctx:    ctx,
+		svcCtx: svcCtx,
+	}
+}
+
+func (l *AdminGetAgentOrderSettlementLogic) AdminGetAgentOrderSettlement(req *types.AdminGetAgentOrderSettlementReq) (resp *types.AdminGetAgentOrderSettlementResp, err error) {
+	empty := &types.AdminGetAgentOrderSettlementResp{
+		Commissions: []types.AgentCommissionListItem{},
+		Rebates:     []types.AgentRebateListItem{},
+	}
+	if req.OrderNo == "" {
+		return empty, nil
+	}
+	on := req.OrderNo
+	page := int64(1)
+	pageSize := int64(200)
+
+	var wg sync.WaitGroup
+	var mu sync.Mutex
+	var cResp *types.AdminGetAgentCommissionListResp
+	var cErr error
+	var rResp *types.AdminGetAgentRebateListResp
+	var rErr error
+
+	wg.Add(2)
+	go func() {
+		defer wg.Done()
+		resp, e := NewAdminGetAgentCommissionListLogic(l.ctx, l.svcCtx).AdminGetAgentCommissionList(
+			&types.AdminGetAgentCommissionListReq{
+				Page:     page,
+				PageSize: pageSize,
+				OrderNo:  &on,
+			},
+		)
+		mu.Lock()
+		cResp, cErr = resp, e
+		mu.Unlock()
+	}()
+	go func() {
+		defer wg.Done()
+		resp, e := NewAdminGetAgentRebateListLogic(l.ctx, l.svcCtx).AdminGetAgentRebateList(
+			&types.AdminGetAgentRebateListReq{
+				Page:     page,
+				PageSize: pageSize,
+				OrderNo:  &on,
+			},
+		)
+		mu.Lock()
+		rResp, rErr = resp, e
+		mu.Unlock()
+	}()
+	wg.Wait()
+	if cErr != nil {
+		return nil, cErr
+	}
+	if rErr != nil {
+		return nil, rErr
+	}
+	if cResp == nil {
+		cResp = &types.AdminGetAgentCommissionListResp{Items: []types.AgentCommissionListItem{}}
+	}
+	if rResp == nil {
+		rResp = &types.AdminGetAgentRebateListResp{Items: []types.AgentRebateListItem{}}
+	}
+	commissions := cResp.Items
+	if commissions == nil {
+		commissions = []types.AgentCommissionListItem{}
+	}
+	rebates := rResp.Items
+	if rebates == nil {
+		rebates = []types.AgentRebateListItem{}
+	}
+	return &types.AdminGetAgentOrderSettlementResp{
+		Commissions: commissions,
+		Rebates:     rebates,
+	}, nil
+}

app/main/api/internal/logic/admin_agent/admingetagentrealnamelistlogic.go

@@ -2,15 +2,15 @@ package admin_agent
 
 import (
 	"context"
+	"encoding/hex"
+
+	"qnc-server/app/main/api/internal/svc"
+	"qnc-server/app/main/api/internal/types"
 	"qnc-server/common/globalkey"
 	"qnc-server/common/xerr"
 	"qnc-server/pkg/lzkit/crypto"
 
 	"github.com/pkg/errors"
-
-	"qnc-server/app/main/api/internal/svc"
-	"qnc-server/app/main/api/internal/types"
-
 	"github.com/zeromicro/go-zero/core/logx"
 )
 
@@ -60,6 +60,14 @@ func (l *AdminGetAgentRealNameListLogic) AdminGetAgentRealNameList(req *types.Ad
 		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询实名认证列表失败, %v", err)
 	}
 
+	agentIds := make([]string, 0, len(realNames))
+	for _, realName := range realNames {
+		if realName.AgentId != "" {
+			agentIds = append(agentIds, realName.AgentId)
+		}
+	}
+	agentCodeMap := batchAgentCodesByIds(l.ctx, l.svcCtx, agentIds)
+
 	// 组装响应
 	items := make([]types.AgentRealNameListItem, 0, len(realNames))
 	for _, realName := range realNames {
@@ -72,16 +80,19 @@ func (l *AdminGetAgentRealNameListLogic) AdminGetAgentRealNameList(req *types.Ad
 			}
 		}
 
-		// 解密身份证号（仅显示部分）
+		// 解密身份证号（仅显示部分，密钥与实名认证写入时一致：hex 解码后使用）
 		idCard := ""
 		if realName.IdCard != "" {
-			decrypted, err := crypto.DecryptIDCard(realName.IdCard, []byte(l.svcCtx.Config.Encrypt.SecretKey))
+			key, keyErr := hex.DecodeString(l.svcCtx.Config.Encrypt.SecretKey)
-			if err == nil {
+			if keyErr == nil {
-				// 脱敏显示
+				decrypted, err := crypto.DecryptIDCard(realName.IdCard, key)
-				if len(decrypted) > 10 {
+				if err == nil {
-					idCard = decrypted[:3] + "***********" + decrypted[len(decrypted)-4:]
+					// 脱敏显示
-				} else {
+					if len(decrypted) > 10 {
-					idCard = decrypted
+						idCard = decrypted[:3] + "***********" + decrypted[len(decrypted)-4:]
+					} else {
+						idCard = decrypted
+					}
 				}
 			}
 		}
@@ -97,6 +108,7 @@ func (l *AdminGetAgentRealNameListLogic) AdminGetAgentRealNameList(req *types.Ad
 		item := types.AgentRealNameListItem{
 			Id:         realName.Id,
 			AgentId:    realName.AgentId,
+			AgentCode:  agentCodeMap[realName.AgentId],
 			Name:       realName.Name,
 			IdCard:     idCard,
 			Mobile:     mobile,

app/main/api/internal/logic/admin_agent/admingetagentrebatelistlogic.go

@@ -2,6 +2,8 @@ package admin_agent
 
 import (
 	"context"
+	"strconv"
+
 	"qnc-server/common/globalkey"
 	"qnc-server/common/xerr"
 
@@ -35,9 +37,47 @@ func (l *AdminGetAgentRebateListLogic) AdminGetAgentRebateList(req *types.AdminG
 	if req.AgentId != nil {
 		builder = builder.Where("agent_id = ?", *req.AgentId)
 	}
-	if req.SourceAgentId != nil {
+
-		builder = builder.Where("source_agent_id = ?", *req.SourceAgentId)
+	// 按 agent_code 筛选：先查出 agent_id
+	if req.AgentCode != nil && *req.AgentCode != "" {
+		agentCodeInt, parseErr := strconv.ParseInt(*req.AgentCode, 10, 64)
+		if parseErr == nil {
+			agent, findErr := l.svcCtx.AgentModel.FindOneByAgentCode(l.ctx, agentCodeInt)
+			if findErr == nil && agent != nil {
+				builder = builder.Where("agent_id = ?", agent.Id)
+			} else {
+				return &types.AdminGetAgentRebateListResp{Total: 0, Items: []types.AgentRebateListItem{}}, nil
+			}
+		} else {
+			return &types.AdminGetAgentRebateListResp{Total: 0, Items: []types.AgentRebateListItem{}}, nil
+		}
 	}
+
+	// 按 source_agent_code 筛选：先查出 source_agent_id
+	if req.SourceAgentCode != nil && *req.SourceAgentCode != "" {
+		sourceAgentCodeInt, parseErr := strconv.ParseInt(*req.SourceAgentCode, 10, 64)
+		if parseErr == nil {
+			agent, findErr := l.svcCtx.AgentModel.FindOneByAgentCode(l.ctx, sourceAgentCodeInt)
+			if findErr == nil && agent != nil {
+				builder = builder.Where("source_agent_id = ?", agent.Id)
+			} else {
+				return &types.AdminGetAgentRebateListResp{Total: 0, Items: []types.AgentRebateListItem{}}, nil
+			}
+		} else {
+			return &types.AdminGetAgentRebateListResp{Total: 0, Items: []types.AgentRebateListItem{}}, nil
+		}
+	}
+
+	// 按 order_no 筛选：先查出 order_id
+	if req.OrderNo != nil && *req.OrderNo != "" {
+		order, findErr := l.svcCtx.OrderModel.FindOneByOrderNo(l.ctx, *req.OrderNo)
+		if findErr == nil && order != nil {
+			builder = builder.Where("order_id = ?", order.Id)
+		} else {
+			return &types.AdminGetAgentRebateListResp{Total: 0, Items: []types.AgentRebateListItem{}}, nil
+		}
+	}
+
 	if req.RebateType != nil {
 		builder = builder.Where("rebate_type = ?", *req.RebateType)
 	}
@@ -74,17 +114,48 @@ func (l *AdminGetAgentRebateListLogic) AdminGetAgentRebateList(req *types.AdminG
 		}
 	}
 
+	agentIds := make([]string, 0, len(rebates)*2)
+	for _, rebate := range rebates {
+		if rebate.AgentId != "" {
+			agentIds = append(agentIds, rebate.AgentId)
+		}
+		if rebate.SourceAgentId != "" {
+			agentIds = append(agentIds, rebate.SourceAgentId)
+		}
+	}
+	agentCodeMap := batchAgentCodesByIds(l.ctx, l.svcCtx, agentIds)
+
+	// 批量查 order_no
+	orderIds := make([]string, 0, len(rebates))
+	for _, rebate := range rebates {
+		if rebate.OrderId != "" {
+			orderIds = append(orderIds, rebate.OrderId)
+		}
+	}
+	orderNoMap := make(map[string]string)
+	if len(orderIds) > 0 {
+		orderBuilder := l.svcCtx.OrderModel.SelectBuilder().Where(squirrel.Eq{"id": orderIds})
+		orders, _ := l.svcCtx.OrderModel.FindAll(l.ctx, orderBuilder, "")
+		for _, o := range orders {
+			orderNoMap[o.Id] = o.OrderNo
+		}
+	}
+
 	// 组装响应
 	items := make([]types.AgentRebateListItem, 0, len(rebates))
 	for _, rebate := range rebates {
 		items = append(items, types.AgentRebateListItem{
-			Id:            rebate.Id,
+			Id:              rebate.Id,
-			AgentId:       rebate.AgentId,
+			AgentId:         rebate.AgentId,
-			SourceAgentId: rebate.SourceAgentId,
+			AgentCode:       agentCodeMap[rebate.AgentId],
-			OrderId:       rebate.OrderId,
+			SourceAgentId:   rebate.SourceAgentId,
-			RebateType:    rebate.RebateType,
+			SourceAgentCode: agentCodeMap[rebate.SourceAgentId],
-			Amount:        rebate.RebateAmount,
+			OrderId:         rebate.OrderId,
-			CreateTime:    rebate.CreateTime.Format("2006-01-02 15:04:05"),
+			OrderNo:         orderNoMap[rebate.OrderId],
+			RebateType:      rebate.RebateType,
+			Amount:          rebate.RebateAmount,
+			Status:          rebate.Status,
+			CreateTime:      rebate.CreateTime.Format("2006-01-02 15:04:05"),
 		})
 	}
 

app/main/api/internal/logic/admin_agent/admingetagentteamtreelogic.go

@@ -0,0 +1,207 @@
+package admin_agent
+
+import (
+	"context"
+	"sort"
+
+	"qnc-server/app/main/api/internal/svc"
+	"qnc-server/app/main/api/internal/types"
+	"qnc-server/app/main/model"
+	"qnc-server/common/globalkey"
+	"qnc-server/common/xerr"
+	"qnc-server/pkg/lzkit/crypto"
+
+	"github.com/Masterminds/squirrel"
+	"github.com/pkg/errors"
+	"github.com/zeromicro/go-zero/core/logx"
+)
+
+type AdminGetAgentTeamTreeLogic struct {
+	logx.Logger
+	ctx    context.Context
+	svcCtx *svc.ServiceContext
+}
+
+func NewAdminGetAgentTeamTreeLogic(ctx context.Context, svcCtx *svc.ServiceContext) *AdminGetAgentTeamTreeLogic {
+	return &AdminGetAgentTeamTreeLogic{
+		Logger: logx.WithContext(ctx),
+		ctx:    ctx,
+		svcCtx: svcCtx,
+	}
+}
+
+func resolveDiamondTeamRootId(agent *model.Agent) string {
+	if agent.TeamLeaderId.Valid && agent.TeamLeaderId.String != "" && agent.TeamLeaderId.String != agent.Id {
+		return agent.TeamLeaderId.String
+	}
+	return agent.Id
+}
+
+func levelName(lv int64) string {
+	switch lv {
+	case 1:
+		return "普通"
+	case 2:
+		return "黄金"
+	case 3:
+		return "钻石"
+	default:
+		return ""
+	}
+}
+
+func (l *AdminGetAgentTeamTreeLogic) AdminGetAgentTeamTree(req *types.AdminGetAgentTeamTreeReq) (resp *types.AdminGetAgentTeamTreeResp, err error) {
+	if req.AgentId == "" {
+		return nil, errors.Wrapf(xerr.NewErrMsg("agent_id 不能为空"), "")
+	}
+
+	anchor, err := l.svcCtx.AgentModel.FindOne(l.ctx, req.AgentId)
+	if err != nil {
+		if errors.Is(err, model.ErrNotFound) {
+			return nil, errors.Wrapf(xerr.NewErrMsg("代理不存在"), "")
+		}
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询代理失败: %v", err)
+	}
+
+	teamRootId := resolveDiamondTeamRootId(anchor)
+
+	builder := l.svcCtx.AgentModel.SelectBuilder().
+		Where("del_state = ?", globalkey.DelStateNo).
+		Where(squirrel.Or{
+			squirrel.Eq{"id": teamRootId},
+			squirrel.And{
+				squirrel.Eq{"team_leader_id": teamRootId},
+				squirrel.NotEq{"id": teamRootId},
+			},
+		})
+
+	members, err := l.svcCtx.AgentModel.FindAll(l.ctx, builder, "")
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询团队成员失败: %v", err)
+	}
+
+	agentById := make(map[string]*model.Agent, len(members)+1)
+	memberIDs := make([]string, 0, len(members)+1)
+	anchorInTeam := false
+	for _, m := range members {
+		agentById[m.Id] = m
+		memberIDs = append(memberIDs, m.Id)
+		if m.Id == anchor.Id {
+			anchorInTeam = true
+		}
+	}
+	if !anchorInTeam {
+		agentById[anchor.Id] = anchor
+		memberIDs = append(memberIDs, anchor.Id)
+		members = append(members, anchor)
+	}
+
+	relBuilder := l.svcCtx.AgentRelationModel.SelectBuilder().
+		Where("relation_type = ? AND del_state = ?", 1, globalkey.DelStateNo).
+		Where(squirrel.Eq{"parent_id": memberIDs}).
+		Where(squirrel.Eq{"child_id": memberIDs})
+
+	relations, err := l.svcCtx.AgentRelationModel.FindAll(l.ctx, relBuilder, "")
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询邀请关系失败: %v", err)
+	}
+
+	childSet := make(map[string]map[string]struct{})
+	addEdge := func(parentId, childId string) {
+		if parentId == "" || childId == "" || parentId == childId {
+			return
+		}
+		if _, ok := agentById[parentId]; !ok {
+			return
+		}
+		if _, ok := agentById[childId]; !ok {
+			return
+		}
+		if childSet[parentId] == nil {
+			childSet[parentId] = make(map[string]struct{})
+		}
+		childSet[parentId][childId] = struct{}{}
+	}
+
+	for _, r := range relations {
+		addEdge(r.ParentId, r.ChildId)
+	}
+
+	reachable := map[string]bool{teamRootId: true}
+	var walkReach func(string)
+	walkReach = func(id string) {
+		for cid := range childSet[id] {
+			if reachable[cid] {
+				continue
+			}
+			reachable[cid] = true
+			walkReach(cid)
+		}
+	}
+	walkReach(teamRootId)
+
+	for _, m := range members {
+		if m.Id == teamRootId {
+			continue
+		}
+		if !reachable[m.Id] {
+			addEdge(teamRootId, m.Id)
+			if !reachable[m.Id] {
+				reachable[m.Id] = true
+				walkReach(m.Id)
+			}
+		}
+	}
+
+	childrenMap := make(map[string][]string)
+	for pid, set := range childSet {
+		slice := make([]string, 0, len(set))
+		for cid := range set {
+			slice = append(slice, cid)
+		}
+		sort.Slice(slice, func(i, j int) bool {
+			return agentById[slice[i]].AgentCode < agentById[slice[j]].AgentCode
+		})
+		childrenMap[pid] = slice
+	}
+
+	var build func(string) (types.AgentTeamTreeNode, error)
+	build = func(agentId string) (types.AgentTeamTreeNode, error) {
+		ag := agentById[agentId]
+		if ag == nil {
+			return types.AgentTeamTreeNode{}, errors.New("missing agent in tree")
+		}
+		mobile := ag.Mobile
+		mobile, err = crypto.DecryptMobile(mobile, l.svcCtx.Config.Encrypt.SecretKey)
+		if err != nil {
+			return types.AgentTeamTreeNode{}, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "解密手机号失败: %v", err)
+		}
+
+		node := types.AgentTeamTreeNode{
+			Id:        ag.Id,
+			AgentCode: ag.AgentCode,
+			Level:     ag.Level,
+			LevelName: levelName(ag.Level),
+			Mobile:    mobile,
+			IsAnchor:  ag.Id == anchor.Id,
+			Children:  []types.AgentTeamTreeNode{},
+		}
+
+		kids := childrenMap[agentId]
+		for _, cid := range kids {
+			childNode, err := build(cid)
+			if err != nil {
+				return types.AgentTeamTreeNode{}, err
+			}
+			node.Children = append(node.Children, childNode)
+		}
+		return node, nil
+	}
+
+	root, err := build(teamRootId)
+	if err != nil {
+		return nil, err
+	}
+
+	return &types.AdminGetAgentTeamTreeResp{Root: root}, nil
+}

app/main/api/internal/logic/admin_agent/admingetagentupgradelistlogic.go

@@ -2,6 +2,8 @@ package admin_agent
 
 import (
 	"context"
+	"strconv"
+
 	"qnc-server/common/globalkey"
 	"qnc-server/common/xerr"
 
@@ -31,9 +33,26 @@ func (l *AdminGetAgentUpgradeListLogic) AdminGetAgentUpgradeList(req *types.Admi
 	builder := l.svcCtx.AgentUpgradeModel.SelectBuilder().
 		Where("del_state = ?", globalkey.DelStateNo)
 
-	if req.AgentId != nil {
+	if req.AgentCode != nil && *req.AgentCode != "" {
+		agentCodeInt, parseErr := strconv.ParseInt(*req.AgentCode, 10, 64)
+		if parseErr != nil {
+			return &types.AdminGetAgentUpgradeListResp{
+				Total: 0,
+				Items: []types.AgentUpgradeListItem{},
+			}, nil
+		}
+		agent, findErr := l.svcCtx.AgentModel.FindOneByAgentCode(l.ctx, agentCodeInt)
+		if findErr != nil || agent == nil {
+			return &types.AdminGetAgentUpgradeListResp{
+				Total: 0,
+				Items: []types.AgentUpgradeListItem{},
+			}, nil
+		}
+		builder = builder.Where("agent_id = ?", agent.Id)
+	} else if req.AgentId != nil && *req.AgentId != "" {
 		builder = builder.Where("agent_id = ?", *req.AgentId)
 	}
+
 	if req.UpgradeType != nil {
 		builder = builder.Where("upgrade_type = ?", *req.UpgradeType)
 	}
@@ -56,12 +75,21 @@ func (l *AdminGetAgentUpgradeListLogic) AdminGetAgentUpgradeList(req *types.Admi
 		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询升级记录列表失败, %v", err)
 	}
 
+	agentIds := make([]string, 0, len(upgrades))
+	for _, upgrade := range upgrades {
+		if upgrade.AgentId != "" {
+			agentIds = append(agentIds, upgrade.AgentId)
+		}
+	}
+	agentCodeMap := batchAgentCodesByIds(l.ctx, l.svcCtx, agentIds)
+
 	// 组装响应
 	items := make([]types.AgentUpgradeListItem, 0, len(upgrades))
 	for _, upgrade := range upgrades {
 		items = append(items, types.AgentUpgradeListItem{
 			Id:           upgrade.Id,
 			AgentId:      upgrade.AgentId,
+			AgentCode:    agentCodeMap[upgrade.AgentId],
 			FromLevel:    upgrade.FromLevel,
 			ToLevel:      upgrade.ToLevel,
 			UpgradeType:  upgrade.UpgradeType,

app/main/api/internal/logic/admin_agent/admingetagentwithdrawallistlogic.go

@@ -2,9 +2,13 @@ package admin_agent
 
 import (
 	"context"
+	"fmt"
+	"strconv"
+	"strings"
 
 	"qnc-server/app/main/api/internal/svc"
 	"qnc-server/app/main/api/internal/types"
+	"qnc-server/common/globalkey"
 
 	"github.com/Masterminds/squirrel"
 	"github.com/jinzhu/copier"
@@ -27,23 +31,60 @@ func NewAdminGetAgentWithdrawalListLogic(ctx context.Context, svcCtx *svc.Servic
 
 func (l *AdminGetAgentWithdrawalListLogic) AdminGetAgentWithdrawalList(req *types.AdminGetAgentWithdrawalListReq) (resp *types.AdminGetAgentWithdrawalListResp, err error) {
 	builder := l.svcCtx.AgentWithdrawalModel.SelectBuilder()
-	if req.AgentId != nil {
+	if req.AgentId != nil && strings.TrimSpace(*req.AgentId) != "" {
-		builder = builder.Where(squirrel.Eq{"agent_id": *req.AgentId})
+		builder = builder.Where(squirrel.Eq{"agent_id": strings.TrimSpace(*req.AgentId)})
 	}
-	if req.Status != nil {
+	if req.AgentCode != nil && strings.TrimSpace(*req.AgentCode) != "" {
-		builder = builder.Where(squirrel.Eq{"status": *req.Status})
+		var code int64
+		if _, scanErr := fmt.Sscanf(strings.TrimSpace(*req.AgentCode), "%d", &code); scanErr == nil {
+			builder = builder.Where(
+				"agent_id IN (SELECT id FROM agent WHERE agent_code = ? AND del_state = ?)",
+				code,
+				globalkey.DelStateNo,
+			)
+		}
 	}
-	if req.WithdrawNo != nil && *req.WithdrawNo != "" {
+	if strings.TrimSpace(req.Status) != "" {
-		builder = builder.Where(squirrel.Eq{"withdraw_no": *req.WithdrawNo})
+		st, perr := strconv.ParseInt(strings.TrimSpace(req.Status), 10, 64)
+		if perr == nil {
+			builder = builder.Where(squirrel.Eq{"status": st})
+		}
+	}
+	if strings.TrimSpace(req.WithdrawalType) != "" {
+		wt, perr := strconv.ParseInt(strings.TrimSpace(req.WithdrawalType), 10, 64)
+		if perr == nil {
+			builder = builder.Where(squirrel.Eq{"withdrawal_type": wt})
+		}
+	}
+	if req.WithdrawNo != nil && strings.TrimSpace(*req.WithdrawNo) != "" {
+		pat := "%" + strings.TrimSpace(*req.WithdrawNo) + "%"
+		builder = builder.Where("withdraw_no LIKE ?", pat)
+	}
+	if req.PayeeAccount != nil && strings.TrimSpace(*req.PayeeAccount) != "" {
+		pat := "%" + strings.TrimSpace(*req.PayeeAccount) + "%"
+		builder = builder.Where("payee_account LIKE ?", pat)
+	}
+	if req.PayeeName != nil && strings.TrimSpace(*req.PayeeName) != "" {
+		pat := "%" + strings.TrimSpace(*req.PayeeName) + "%"
+		builder = builder.Where("payee_name LIKE ?", pat)
 	}
 	list, total, err := l.svcCtx.AgentWithdrawalModel.FindPageListByPageWithTotal(l.ctx, builder, req.Page, req.PageSize, "create_time DESC")
 	if err != nil {
 		return nil, err
 	}
+	agentIds := make([]string, 0, len(list))
+	for _, v := range list {
+		if v.AgentId != "" {
+			agentIds = append(agentIds, v.AgentId)
+		}
+	}
+	agentCodeMap := batchAgentCodesByIds(l.ctx, l.svcCtx, agentIds)
+
 	items := make([]types.AgentWithdrawalListItem, 0, len(list))
 	for _, v := range list {
 		item := types.AgentWithdrawalListItem{}
 		_ = copier.Copy(&item, v)
+		item.AgentCode = agentCodeMap[v.AgentId]
 		item.Remark = ""
 		if v.Remark.Valid {
 			item.Remark = v.Remark.String

app/main/api/internal/logic/admin_agent/admingetinvitecodelistlogic.go

@@ -2,6 +2,9 @@ package admin_agent
 
 import (
 	"context"
+	"strconv"
+	"strings"
+
 	"qnc-server/common/globalkey"
 	"qnc-server/common/xerr"
 	"qnc-server/pkg/lzkit/crypto"
@@ -34,22 +37,18 @@ func (l *AdminGetInviteCodeListLogic) AdminGetInviteCodeList(req *types.AdminGet
 	builder := l.svcCtx.AgentInviteCodeModel.SelectBuilder().
 		Where("del_state = ?", globalkey.DelStateNo)
 
-	if req.Code != nil && *req.Code != "" {
+	if req.Code != nil && strings.TrimSpace(*req.Code) != "" {
-		builder = builder.Where("code = ?", *req.Code)
+		pat := "%" + strings.TrimSpace(*req.Code) + "%"
-	}
+		builder = builder.Where("code LIKE ?", pat)
-	if req.AgentId != nil && *req.AgentId != "" {
-		if *req.AgentId == "0" {
-			// agent_id = 0 表示查询平台发放的邀请码（agent_id为NULL）
-			builder = builder.Where("agent_id IS NULL")
-		} else {
-			builder = builder.Where("agent_id = ?", *req.AgentId)
-		}
 	}
 	if req.TargetLevel != nil {
 		builder = builder.Where("target_level = ?", *req.TargetLevel)
 	}
-	if req.Status != nil {
+	if strings.TrimSpace(req.Status) != "" {
-		builder = builder.Where("status = ?", *req.Status)
+		st, perr := strconv.ParseInt(strings.TrimSpace(req.Status), 10, 64)
+		if perr == nil {
+			builder = builder.Where("status = ?", st)
+		}
 	}
 
 	// 2. 分页查询
@@ -58,15 +57,19 @@ func (l *AdminGetInviteCodeListLogic) AdminGetInviteCodeList(req *types.AdminGet
 		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询邀请码列表失败, %v", err)
 	}
 
-	// 3. 批量查询代理信息（用于显示代理手机号）
+	// 3. 批量查询代理信息（用于显示代理手机号、代理编号）
 	agentIds := make(map[string]struct{})
 	for _, v := range list {
 		if v.AgentId.Valid && v.AgentId.String != "" {
 			agentIds[v.AgentId.String] = struct{}{}
 		}
+		if v.UsedAgentId.Valid && v.UsedAgentId.String != "" {
+			agentIds[v.UsedAgentId.String] = struct{}{}
+		}
 	}
 
 	agentMobileMap := make(map[string]string)
+	agentCodeMap := make(map[string]int64)
 	if len(agentIds) > 0 {
 		agentIdList := make([]string, 0, len(agentIds))
 		for id := range agentIds {
@@ -75,6 +78,7 @@ func (l *AdminGetInviteCodeListLogic) AdminGetInviteCodeList(req *types.AdminGet
 		agents, _ := l.svcCtx.AgentModel.FindAll(l.ctx, l.svcCtx.AgentModel.SelectBuilder().Where(squirrel.Eq{"id": agentIdList}), "")
 		secretKey := l.svcCtx.Config.Encrypt.SecretKey
 		for _, agent := range agents {
+			agentCodeMap[agent.Id] = agent.AgentCode
 			mobile, decErr := crypto.DecryptMobile(agent.Mobile, secretKey)
 			if decErr == nil {
 				agentMobileMap[agent.Id] = mobile
@@ -100,6 +104,7 @@ func (l *AdminGetInviteCodeListLogic) AdminGetInviteCodeList(req *types.AdminGet
 		if v.AgentId.Valid {
 			item.AgentId = v.AgentId.String
 			item.AgentMobile = agentMobileMap[v.AgentId.String]
+			item.AgentCode = agentCodeMap[v.AgentId.String]
 		}
 
 		if v.UsedUserId.Valid {
@@ -107,6 +112,7 @@ func (l *AdminGetInviteCodeListLogic) AdminGetInviteCodeList(req *types.AdminGet
 		}
 		if v.UsedAgentId.Valid {
 			item.UsedAgentId = v.UsedAgentId.String
+			item.UsedAgentCode = agentCodeMap[v.UsedAgentId.String]
 		}
 		if v.UsedTime.Valid {
 			item.UsedTime = v.UsedTime.Time.Format("2006-01-02 15:04:05")

app/main/api/internal/logic/admin_agent/adminupdateagentconfiglogic.go

@@ -163,12 +163,9 @@ func (l *AdminUpdateAgentConfigLogic) AdminUpdateAgentConfig(req *types.AdminUpd
 		if err := updateConfig("commission_freeze_threshold", &req.CommissionFreeze.Threshold); err != nil {
 			return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "更新佣金冻结阈值失败, %v", err)
 		}
-		// 更新解冻天数（整数类型）
+		daysFloat := float64(req.CommissionFreeze.Days)
-		if req.CommissionFreeze.Days > 0 {
+		if err := updateConfig("commission_freeze_days", &daysFloat); err != nil {
-			daysFloat := float64(req.CommissionFreeze.Days)
+			return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "更新佣金冻结解冻天数失败, %v", err)
-			if err := updateConfig("commission_freeze_days", &daysFloat); err != nil {
-				return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "更新佣金冻结解冻天数失败, %v", err)
-			}
 		}
 	}
 

app/main/api/internal/logic/admin_agent/agentcodecollection.go

@@ -0,0 +1,37 @@
+package admin_agent
+
+import (
+	"context"
+
+	"qnc-server/app/main/api/internal/svc"
+
+	"github.com/Masterminds/squirrel"
+)
+
+// batchAgentCodesByIds 按代理主键批量查询 agent_code，用于列表软关联展示。
+func batchAgentCodesByIds(ctx context.Context, svcCtx *svc.ServiceContext, ids []string) map[string]int64 {
+	out := make(map[string]int64)
+	uniq := make([]string, 0, len(ids))
+	seen := make(map[string]struct{}, len(ids))
+	for _, id := range ids {
+		if id == "" {
+			continue
+		}
+		if _, ok := seen[id]; ok {
+			continue
+		}
+		seen[id] = struct{}{}
+		uniq = append(uniq, id)
+	}
+	if len(uniq) == 0 {
+		return out
+	}
+	agents, err := svcCtx.AgentModel.FindAll(ctx, svcCtx.AgentModel.SelectBuilder().Where(squirrel.Eq{"id": uniq}), "")
+	if err != nil {
+		return out
+	}
+	for _, a := range agents {
+		out[a.Id] = a.AgentCode
+	}
+	return out
+}

app/main/api/internal/logic/admin_dashboard/admingetdashboardstatisticslogic.go

@@ -0,0 +1,256 @@
+package admin_dashboard
+
+import (
+	"context"
+	"time"
+
+	"github.com/pkg/errors"
+	"github.com/zeromicro/go-zero/core/logx"
+	"qnc-server/app/main/api/internal/service"
+	"qnc-server/app/main/api/internal/svc"
+	"qnc-server/app/main/api/internal/types"
+	"qnc-server/common/globalkey"
+	"qnc-server/common/xerr"
+)
+
+type AdminGetDashboardStatisticsLogic struct {
+	logx.Logger
+	ctx    context.Context
+	svcCtx *svc.ServiceContext
+}
+
+func NewAdminGetDashboardStatisticsLogic(ctx context.Context, svcCtx *svc.ServiceContext) *AdminGetDashboardStatisticsLogic {
+	return &AdminGetDashboardStatisticsLogic{
+		Logger: logx.WithContext(ctx),
+		ctx:    ctx,
+		svcCtx: svcCtx,
+	}
+}
+
+func (l *AdminGetDashboardStatisticsLogic) AdminGetDashboardStatistics() (resp *types.AdminGetDashboardStatisticsResp, err error) {
+	loc, _ := time.LoadLocation("Asia/Shanghai")
+	now := time.Now().In(loc)
+	todayStart := time.Date(now.Year(), now.Month(), now.Day(), 0, 0, 0, 0, loc)
+	todayEnd := todayStart.AddDate(0, 0, 1)
+	yesterdayStart := todayStart.AddDate(0, 0, -1)
+	yesterdayEnd := todayStart
+	monthStart := time.Date(now.Year(), now.Month(), 1, 0, 0, 0, 0, loc)
+	monthEnd := monthStart.AddDate(0, 1, 0)
+
+	orderStats, err := l.calculateOrderStatistics(todayStart, todayEnd, yesterdayStart, yesterdayEnd, monthStart, monthEnd)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "计算订单统计失败, %v", err)
+	}
+	revenueStats, err := l.calculateRevenueStatistics(todayStart, todayEnd, yesterdayStart, yesterdayEnd, monthStart, monthEnd)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "计算营收统计失败, %v", err)
+	}
+	agentStats, err := l.calculateAgentStatistics(todayStart, monthStart)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "计算代理统计失败, %v", err)
+	}
+	profitStats, err := l.calculateProfitStatistics(todayStart, todayEnd, monthStart, monthEnd, revenueStats)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "计算利润统计失败, %v", err)
+	}
+	orderTrend, err := l.calculateOrderTrend(now, loc)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "计算订单趋势失败, %v", err)
+	}
+	revenueTrend, err := l.calculateRevenueTrend(now, loc)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "计算营收趋势失败, %v", err)
+	}
+	return &types.AdminGetDashboardStatisticsResp{
+		OrderStats:   orderStats,
+		RevenueStats: revenueStats,
+		AgentStats:   agentStats,
+		ProfitStats:  profitStats,
+		OrderTrend:   orderTrend,
+		RevenueTrend: revenueTrend,
+	}, nil
+}
+
+func (l *AdminGetDashboardStatisticsLogic) calculateOrderStatistics(todayStart, todayEnd, yesterdayStart, yesterdayEnd, monthStart, monthEnd time.Time) (types.AdminOrderStatistics, error) {
+	var stats types.AdminOrderStatistics
+	todayBuilder := l.svcCtx.OrderModel.SelectBuilder().
+		Where("status = ? AND create_time >= ? AND create_time < ?", "paid", todayStart, todayEnd)
+	todayCount, err := l.svcCtx.OrderModel.FindCount(l.ctx, todayBuilder, "id")
+	if err != nil {
+		return stats, err
+	}
+	stats.TodayCount = todayCount
+	yesterdayBuilder := l.svcCtx.OrderModel.SelectBuilder().
+		Where("status = ? AND create_time >= ? AND create_time < ?", "paid", yesterdayStart, yesterdayEnd)
+	yesterdayCount, _ := l.svcCtx.OrderModel.FindCount(l.ctx, yesterdayBuilder, "id")
+	stats.YesterdayCount = yesterdayCount
+	monthBuilder := l.svcCtx.OrderModel.SelectBuilder().
+		Where("status = ? AND create_time >= ? AND create_time < ?", "paid", monthStart, monthEnd)
+	monthCount, _ := l.svcCtx.OrderModel.FindCount(l.ctx, monthBuilder, "id")
+	stats.MonthCount = monthCount
+	totalBuilder := l.svcCtx.OrderModel.SelectBuilder().Where("status = ?", "paid")
+	totalCount, _ := l.svcCtx.OrderModel.FindCount(l.ctx, totalBuilder, "id")
+	stats.TotalCount = totalCount
+	if stats.YesterdayCount > 0 {
+		stats.ChangeRate = float64(stats.TodayCount-stats.YesterdayCount) / float64(stats.YesterdayCount) * 100
+	} else if stats.TodayCount > 0 {
+		stats.ChangeRate = 100
+	}
+	return stats, nil
+}
+
+func (l *AdminGetDashboardStatisticsLogic) calculateRevenueStatistics(todayStart, todayEnd, yesterdayStart, yesterdayEnd, monthStart, monthEnd time.Time) (types.AdminRevenueStatistics, error) {
+	var stats types.AdminRevenueStatistics
+	todayBuilder := l.svcCtx.OrderModel.SelectBuilder().
+		Where("status = ? AND create_time >= ? AND create_time < ?", "paid", todayStart, todayEnd)
+	todayAmount, _ := l.svcCtx.OrderModel.FindSum(l.ctx, todayBuilder, "amount")
+	stats.TodayAmount = todayAmount
+	yesterdayBuilder := l.svcCtx.OrderModel.SelectBuilder().
+		Where("status = ? AND create_time >= ? AND create_time < ?", "paid", yesterdayStart, yesterdayEnd)
+	yesterdayAmount, _ := l.svcCtx.OrderModel.FindSum(l.ctx, yesterdayBuilder, "amount")
+	stats.YesterdayAmount = yesterdayAmount
+	monthBuilder := l.svcCtx.OrderModel.SelectBuilder().
+		Where("status = ? AND create_time >= ? AND create_time < ?", "paid", monthStart, monthEnd)
+	monthAmount, _ := l.svcCtx.OrderModel.FindSum(l.ctx, monthBuilder, "amount")
+	stats.MonthAmount = monthAmount
+	totalBuilder := l.svcCtx.OrderModel.SelectBuilder().Where("status = ?", "paid")
+	totalAmount, _ := l.svcCtx.OrderModel.FindSum(l.ctx, totalBuilder, "amount")
+	stats.TotalAmount = totalAmount
+	if stats.YesterdayAmount > 0 {
+		stats.ChangeRate = (stats.TodayAmount - stats.YesterdayAmount) / stats.YesterdayAmount * 100
+	} else if stats.TodayAmount > 0 {
+		stats.ChangeRate = 100
+	}
+	return stats, nil
+}
+
+func (l *AdminGetDashboardStatisticsLogic) calculateAgentStatistics(todayStart, monthStart time.Time) (types.AdminAgentStatistics, error) {
+	var stats types.AdminAgentStatistics
+	totalCount, _ := l.svcCtx.AgentModel.FindCount(l.ctx, l.svcCtx.AgentModel.SelectBuilder(), "id")
+	stats.TotalCount = totalCount
+	todayBuilder := l.svcCtx.AgentModel.SelectBuilder().Where("create_time >= ?", todayStart)
+	todayNew, _ := l.svcCtx.AgentModel.FindCount(l.ctx, todayBuilder, "id")
+	stats.TodayNew = todayNew
+	monthBuilder := l.svcCtx.AgentModel.SelectBuilder().Where("create_time >= ?", monthStart)
+	monthNew, _ := l.svcCtx.AgentModel.FindCount(l.ctx, monthBuilder, "id")
+	stats.MonthNew = monthNew
+	return stats, nil
+}
+
+func (l *AdminGetDashboardStatisticsLogic) calculateProfitStatistics(todayStart, todayEnd, monthStart, monthEnd time.Time, revenueStats types.AdminRevenueStatistics) (types.AdminProfitStatistics, error) {
+	var stats types.AdminProfitStatistics
+	const companyTaxRate = 0.06
+	todayRevenue := revenueStats.TodayAmount
+	todayCommissionBuilder := l.svcCtx.AgentCommissionModel.SelectBuilder().
+		Where("del_state = ? AND status != ? AND create_time >= ? AND create_time < ?", globalkey.DelStateNo, 3, todayStart, todayEnd)
+	todayCommission, _ := l.svcCtx.AgentCommissionModel.FindSum(l.ctx, todayCommissionBuilder, "amount")
+	todayRebateBuilder := l.svcCtx.AgentRebateModel.SelectBuilder().
+		Where("del_state = ? AND status != ? AND create_time >= ? AND create_time < ?", globalkey.DelStateNo, 3, todayStart, todayEnd)
+	todayRebate, _ := l.svcCtx.AgentRebateModel.FindSum(l.ctx, todayRebateBuilder, "rebate_amount")
+	todayCompanyTax := todayRevenue * companyTaxRate
+	todayTaxIncomeBuilder := l.svcCtx.AgentWithdrawalTaxModel.SelectBuilder().
+		Where("del_state = ? AND tax_status = ? AND create_time >= ? AND create_time < ?", globalkey.DelStateNo, 2, todayStart, todayEnd)
+	todayTaxIncome, _ := l.svcCtx.AgentWithdrawalTaxModel.FindSum(l.ctx, todayTaxIncomeBuilder, "tax_amount")
+	todayApiCost := 0.0
+	if l.svcCtx.TianyuanapiCallLogService != nil {
+		todayApiStats, e := l.svcCtx.TianyuanapiCallLogService.GetStatistics(l.ctx, service.StatisticsFilter{StartDate: todayStart, EndDate: todayEnd})
+		if e == nil {
+			todayApiCost = todayApiStats.TotalCost
+		}
+	}
+	stats.TodayProfit = todayRevenue - todayCommission - todayRebate - todayCompanyTax - todayApiCost + todayTaxIncome
+	if todayRevenue > 0 {
+		stats.TodayProfitRate = stats.TodayProfit / todayRevenue * 100
+	}
+	stats.TodayDetail = types.AdminProfitDetail{
+		Revenue: todayRevenue, Commission: todayCommission, Rebate: todayRebate,
+		CompanyTax: todayCompanyTax, ApiCost: todayApiCost, TaxIncome: todayTaxIncome,
+		Profit: stats.TodayProfit, ProfitRate: stats.TodayProfitRate,
+	}
+	monthRevenue := revenueStats.MonthAmount
+	monthCommissionBuilder := l.svcCtx.AgentCommissionModel.SelectBuilder().
+		Where("del_state = ? AND status != ? AND create_time >= ? AND create_time < ?", globalkey.DelStateNo, 3, monthStart, monthEnd)
+	monthCommission, _ := l.svcCtx.AgentCommissionModel.FindSum(l.ctx, monthCommissionBuilder, "amount")
+	monthRebateBuilder := l.svcCtx.AgentRebateModel.SelectBuilder().
+		Where("del_state = ? AND status != ? AND create_time >= ? AND create_time < ?", globalkey.DelStateNo, 3, monthStart, monthEnd)
+	monthRebate, _ := l.svcCtx.AgentRebateModel.FindSum(l.ctx, monthRebateBuilder, "rebate_amount")
+	monthCompanyTax := monthRevenue * companyTaxRate
+	monthTaxIncomeBuilder := l.svcCtx.AgentWithdrawalTaxModel.SelectBuilder().
+		Where("del_state = ? AND tax_status = ? AND create_time >= ? AND create_time < ?", globalkey.DelStateNo, 2, monthStart, monthEnd)
+	monthTaxIncome, _ := l.svcCtx.AgentWithdrawalTaxModel.FindSum(l.ctx, monthTaxIncomeBuilder, "tax_amount")
+	monthApiCost := 0.0
+	if l.svcCtx.TianyuanapiCallLogService != nil {
+		monthApiStats, e := l.svcCtx.TianyuanapiCallLogService.GetStatistics(l.ctx, service.StatisticsFilter{StartDate: monthStart, EndDate: monthEnd})
+		if e == nil {
+			monthApiCost = monthApiStats.TotalCost
+		}
+	}
+	stats.MonthProfit = monthRevenue - monthCommission - monthRebate - monthCompanyTax - monthApiCost + monthTaxIncome
+	if monthRevenue > 0 {
+		stats.MonthProfitRate = stats.MonthProfit / monthRevenue * 100
+	}
+	stats.MonthDetail = types.AdminProfitDetail{
+		Revenue: monthRevenue, Commission: monthCommission, Rebate: monthRebate,
+		CompanyTax: monthCompanyTax, ApiCost: monthApiCost, TaxIncome: monthTaxIncome,
+		Profit: stats.MonthProfit, ProfitRate: stats.MonthProfitRate,
+	}
+	totalRevenue := revenueStats.TotalAmount
+	totalCommissionBuilder := l.svcCtx.AgentCommissionModel.SelectBuilder().Where("del_state = ? AND status != ?", globalkey.DelStateNo, 3)
+	totalCommission, _ := l.svcCtx.AgentCommissionModel.FindSum(l.ctx, totalCommissionBuilder, "amount")
+	totalRebateBuilder := l.svcCtx.AgentRebateModel.SelectBuilder().Where("status != ?", 3)
+	totalRebate, _ := l.svcCtx.AgentRebateModel.FindSum(l.ctx, totalRebateBuilder, "rebate_amount")
+	totalCompanyTax := totalRevenue * companyTaxRate
+	totalTaxIncomeBuilder := l.svcCtx.AgentWithdrawalTaxModel.SelectBuilder().Where("tax_status = ?", 2)
+	totalTaxIncome, _ := l.svcCtx.AgentWithdrawalTaxModel.FindSum(l.ctx, totalTaxIncomeBuilder, "tax_amount")
+	totalApiCost := 0.0
+	if l.svcCtx.TianyuanapiCallLogService != nil {
+		totalApiStats, e := l.svcCtx.TianyuanapiCallLogService.GetStatistics(l.ctx, service.StatisticsFilter{})
+		if e == nil {
+			totalApiCost = totalApiStats.TotalCost
+		}
+	}
+	stats.TotalProfit = totalRevenue - totalCommission - totalRebate - totalCompanyTax - totalApiCost + totalTaxIncome
+	if totalRevenue > 0 {
+		stats.TotalProfitRate = stats.TotalProfit / totalRevenue * 100
+	}
+	stats.TotalDetail = types.AdminProfitDetail{
+		Revenue: totalRevenue, Commission: totalCommission, Rebate: totalRebate,
+		CompanyTax: totalCompanyTax, ApiCost: totalApiCost, TaxIncome: totalTaxIncome,
+		Profit: stats.TotalProfit, ProfitRate: stats.TotalProfitRate,
+	}
+	return stats, nil
+}
+
+func (l *AdminGetDashboardStatisticsLogic) calculateOrderTrend(now time.Time, loc *time.Location) ([]types.AdminTrendData, error) {
+	var trend []types.AdminTrendData
+	for i := 6; i >= 0; i-- {
+		date := now.AddDate(0, 0, -i)
+		dateStart := time.Date(date.Year(), date.Month(), date.Day(), 0, 0, 0, 0, loc)
+		dateEnd := dateStart.AddDate(0, 0, 1)
+		builder := l.svcCtx.OrderModel.SelectBuilder().
+			Where("status = ? AND create_time >= ? AND create_time < ?", "paid", dateStart, dateEnd)
+		count, err := l.svcCtx.OrderModel.FindCount(l.ctx, builder, "id")
+		if err != nil {
+			return nil, err
+		}
+		trend = append(trend, types.AdminTrendData{Date: date.Format("01-02"), Value: float64(count)})
+	}
+	return trend, nil
+}
+
+func (l *AdminGetDashboardStatisticsLogic) calculateRevenueTrend(now time.Time, loc *time.Location) ([]types.AdminTrendData, error) {
+	var trend []types.AdminTrendData
+	for i := 6; i >= 0; i-- {
+		date := now.AddDate(0, 0, -i)
+		dateStart := time.Date(date.Year(), date.Month(), date.Day(), 0, 0, 0, 0, loc)
+		dateEnd := dateStart.AddDate(0, 0, 1)
+		builder := l.svcCtx.OrderModel.SelectBuilder().
+			Where("status = ? AND create_time >= ? AND create_time < ?", "paid", dateStart, dateEnd)
+		amount, err := l.svcCtx.OrderModel.FindSum(l.ctx, builder, "amount")
+		if err != nil {
+			return nil, err
+		}
+		trend = append(trend, types.AdminTrendData{Date: date.Format("01-02"), Value: amount})
+	}
+	return trend, nil
+}

app/main/api/internal/logic/admin_feature/admincreatefeaturelogic.go

@@ -34,6 +34,12 @@ func (l *AdminCreateFeatureLogic) AdminCreateFeature(req *types.AdminCreateFeatu
 		ApiId: req.ApiId,
 		Name:  req.Name,
 	}
+	if req.WhitelistPrice != nil {
+		data.WhitelistPrice = *req.WhitelistPrice
+	}
+	if req.CostPrice != nil {
+		data.CostPrice = *req.CostPrice
+	}
 
 	// 2. 数据库操作
 	result, err := l.svcCtx.FeatureModel.Insert(l.ctx, nil, data)

app/main/api/internal/logic/admin_feature/admingetfeaturedetaillogic.go

@@ -35,11 +35,13 @@ func (l *AdminGetFeatureDetailLogic) AdminGetFeatureDetail(req *types.AdminGetFe
 
 	// 2. 构建响应
 	resp = &types.AdminGetFeatureDetailResp{
-		Id:         record.Id,
+		Id:             record.Id,
-		ApiId:      record.ApiId,
+		ApiId:          record.ApiId,
-		Name:       record.Name,
+		Name:           record.Name,
-		CreateTime: record.CreateTime.Format("2006-01-02 15:04:05"),
+		WhitelistPrice: record.WhitelistPrice,
-		UpdateTime: record.UpdateTime.Format("2006-01-02 15:04:05"),
+		CostPrice:      record.CostPrice,
+		CreateTime:     record.CreateTime.Format("2006-01-02 15:04:05"),
+		UpdateTime:     record.UpdateTime.Format("2006-01-02 15:04:05"),
 	}
 
 	return resp, nil

app/main/api/internal/logic/admin_feature/admingetfeaturelistlogic.go

@@ -49,11 +49,13 @@ func (l *AdminGetFeatureListLogic) AdminGetFeatureList(req *types.AdminGetFeatur
 	items := make([]types.FeatureListItem, 0, len(list))
 	for _, item := range list {
 		listItem := types.FeatureListItem{
-			Id:         item.Id,
+			Id:             item.Id,
-			ApiId:      item.ApiId,
+			ApiId:          item.ApiId,
-			Name:       item.Name,
+			Name:           item.Name,
-			CreateTime: item.CreateTime.Format("2006-01-02 15:04:05"),
+			WhitelistPrice: item.WhitelistPrice,
-			UpdateTime: item.UpdateTime.Format("2006-01-02 15:04:05"),
+			CostPrice:      item.CostPrice,
+			CreateTime:     item.CreateTime.Format("2006-01-02 15:04:05"),
+			UpdateTime:     item.UpdateTime.Format("2006-01-02 15:04:05"),
 		}
 		items = append(items, listItem)
 	}

app/main/api/internal/logic/admin_feature/adminupdatefeaturelogic.go

@@ -3,6 +3,7 @@ package admin_feature
 import (
 	"context"
 
+	"qnc-server/app/main/api/internal/logic/productcost"
 	"qnc-server/app/main/api/internal/svc"
 	"qnc-server/app/main/api/internal/types"
 	"qnc-server/common/xerr"
@@ -46,6 +47,12 @@ func (l *AdminUpdateFeatureLogic) AdminUpdateFeature(req *types.AdminUpdateFeatu
 	if req.Name != nil && *req.Name != "" {
 		record.Name = *req.Name
 	}
+	if req.WhitelistPrice != nil {
+		record.WhitelistPrice = *req.WhitelistPrice
+	}
+	if req.CostPrice != nil {
+		record.CostPrice = *req.CostPrice
+	}
 
 	// 4. 执行更新操作
 	err = l.svcCtx.FeatureModel.UpdateWithVersion(l.ctx, nil, record)
@@ -54,6 +61,10 @@ func (l *AdminUpdateFeatureLogic) AdminUpdateFeature(req *types.AdminUpdateFeatu
 			"更新功能失败, err: %v, id: %d", err, req.Id)
 	}
 
+	if err := productcost.SyncAllProductsUsingFeature(l.ctx, l.svcCtx, req.Id); err != nil {
+		return nil, err
+	}
+
 	// 5. 返回成功结果
 	return &types.AdminUpdateFeatureResp{Success: true}, nil
 }

app/main/api/internal/logic/admin_notification/admingetnotificationlistlogic.go

@@ -2,6 +2,7 @@ package admin_notification
 
 import (
 	"context"
+	"strings"
 	"time"
 
 	"qnc-server/app/main/api/internal/svc"
@@ -32,7 +33,10 @@ func (l *AdminGetNotificationListLogic) AdminGetNotificationList(req *types.Admi
 		builder = builder.Where("title LIKE ?", "%"+*req.Title+"%")
 	}
 	if req.NotificationPage != nil {
-		builder = builder.Where("notification_page = ?", *req.NotificationPage)
+		s := strings.TrimSpace(*req.NotificationPage)
+		if s != "" {
+			builder = builder.Where("notification_page LIKE ?", "%"+s+"%")
+		}
 	}
 	if req.Status != nil {
 		builder = builder.Where("status = ?", *req.Status)

app/main/api/internal/logic/admin_notification/adminupdatenotificationlogic.go

@@ -3,6 +3,7 @@ package admin_notification
 import (
 	"context"
 	"database/sql"
+	"strings"
 	"time"
 
 	"qnc-server/app/main/api/internal/svc"
@@ -33,12 +34,28 @@ func (l *AdminUpdateNotificationLogic) AdminUpdateNotification(req *types.AdminU
 		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查找通知失败, err: %v, id: %d", err, req.Id)
 	}
 	if req.StartDate != nil {
-		startDate, _ := time.Parse("2006-01-02", *req.StartDate)
+		s := strings.TrimSpace(*req.StartDate)
-		notification.StartDate = sql.NullTime{Time: startDate, Valid: true}
+		if s == "" {
+			notification.StartDate = sql.NullTime{Valid: false}
+		} else {
+			startDate, err := time.Parse("2006-01-02", s)
+			if err != nil {
+				return nil, errors.Wrapf(xerr.NewErrCode(xerr.REUQEST_PARAM_ERROR), "start_date 格式错误: %v", err)
+			}
+			notification.StartDate = sql.NullTime{Time: startDate, Valid: true}
+		}
 	}
 	if req.EndDate != nil {
-		endDate, _ := time.Parse("2006-01-02", *req.EndDate)
+		s := strings.TrimSpace(*req.EndDate)
-		notification.EndDate = sql.NullTime{Time: endDate, Valid: true}
+		if s == "" {
+			notification.EndDate = sql.NullTime{Valid: false}
+		} else {
+			endDate, err := time.Parse("2006-01-02", s)
+			if err != nil {
+				return nil, errors.Wrapf(xerr.NewErrCode(xerr.REUQEST_PARAM_ERROR), "end_date 格式错误: %v", err)
+			}
+			notification.EndDate = sql.NullTime{Time: endDate, Valid: true}
+		}
 	}
 	if req.Title != nil {
 		notification.Title = *req.Title

app/main/api/internal/logic/admin_order/admingetorderlistlogic.go

@@ -2,6 +2,7 @@ package admin_order
 
 import (
 	"context"
+	"fmt"
 	"sync"
 
 	"qnc-server/app/main/api/internal/svc"
@@ -54,6 +55,24 @@ func (l *AdminGetOrderListLogic) AdminGetOrderList(req *types.AdminGetOrderListR
 	if req.Status != "" {
 		builder = builder.Where("status = ?", req.Status)
 	}
+	// 是否代理订单筛选
+	if req.IsAgentOrder != nil {
+		if *req.IsAgentOrder {
+			// 筛选代理订单：订单ID在agent_order表中
+			builder = builder.Where("id IN (SELECT order_id FROM agent_order WHERE del_state = 0)")
+		} else {
+			// 筛选非代理订单：订单ID不在agent_order表中
+			builder = builder.Where("id NOT IN (SELECT order_id FROM agent_order WHERE del_state = 0)")
+		}
+	}
+	// 代理编号筛选
+	if req.AgentCode != "" {
+		// 将字符串转换为int64进行查询
+		var agentCode int64
+		if _, err := fmt.Sscanf(req.AgentCode, "%d", &agentCode); err == nil {
+			builder = builder.Where("id IN (SELECT order_id FROM agent_order ao JOIN agent a ON ao.agent_id = a.id WHERE a.agent_code = ? AND ao.del_state = 0)", agentCode)
+		}
+	}
 	// 时间范围查询
 	if req.CreateTimeStart != "" {
 		builder = builder.Where("create_time >= ?", req.CreateTimeStart)
@@ -86,7 +105,7 @@ func (l *AdminGetOrderListLogic) AdminGetOrderList(req *types.AdminGetOrderListR
 		return nil
 	}, func() error {
 		var err error
-		orders, err = l.svcCtx.OrderModel.FindPageListByPage(l.ctx, builder, req.Page, req.PageSize, "id DESC")
+		orders, err = l.svcCtx.OrderModel.FindPageListByPage(l.ctx, builder, req.Page, req.PageSize, "update_time DESC")
 		if err != nil {
 			return errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "AdminGetOrderList, 查询订单列表失败 err: %v", err)
 		}
@@ -101,6 +120,7 @@ func (l *AdminGetOrderListLogic) AdminGetOrderList(req *types.AdminGetOrderListR
 	queryStateMap := make(map[string]string)
 	agentOrderMap := make(map[string]bool)           // 代理订单映射
 	agentProcessStatusMap := make(map[string]string) // 代理处理状态映射
+	agentCodeMap := make(map[string]string)          // 代理编号映射
 
 	var mu sync.Mutex
 
@@ -169,8 +189,32 @@ func (l *AdminGetOrderListLogic) AdminGetOrderList(req *types.AdminGetOrderListR
 		}
 
 		// 记录代理订单
+		agentIds := make([]string, 0, len(agentOrders))
 		for _, agentOrder := range agentOrders {
 			agentOrderMap[agentOrder.OrderId] = true
+			agentIds = append(agentIds, agentOrder.AgentId)
+		}
+
+		// 批量获取代理编号
+		if len(agentIds) > 0 {
+			agents, err := l.svcCtx.AgentModel.FindAll(l.ctx,
+				l.svcCtx.AgentModel.SelectBuilder().Where(squirrel.Eq{"id": agentIds}), "")
+			if err != nil && !errors.Is(err, model.ErrNotFound) {
+				return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "AdminGetOrderList, 批量查询代理信息失败 err: %v", err)
+			}
+
+			// 构建代理ID到代理编号的映射
+			agentIdToCodeMap := make(map[string]string)
+			for _, agent := range agents {
+				agentIdToCodeMap[agent.Id] = fmt.Sprintf("%d", agent.AgentCode)
+			}
+
+			// 为每个代理订单设置代理编号
+			for _, agentOrder := range agentOrders {
+				if code, exists := agentIdToCodeMap[agentOrder.AgentId]; exists {
+					agentCodeMap[agentOrder.OrderId] = code
+				}
+			}
 		}
 
 		// 对于代理订单，查询代理处理状态
@@ -264,6 +308,7 @@ func (l *AdminGetOrderListLogic) AdminGetOrderList(req *types.AdminGetOrderListR
 			Status:          order.Status,
 			CreateTime:      order.CreateTime.Format("2006-01-02 15:04:05"),
 			QueryState:      queryStateMap[order.Id],
+			UpdateTime:      order.UpdateTime.Format("2006-01-02 15:04:05"),
 		}
 		if order.PayTime.Valid {
 			item.PayTime = order.PayTime.Time.Format("2006-01-02 15:04:05")
@@ -276,6 +321,7 @@ func (l *AdminGetOrderListLogic) AdminGetOrderList(req *types.AdminGetOrderListR
 		if agentOrderMap[order.Id] {
 			item.IsAgentOrder = true
 			item.AgentProcessStatus = agentProcessStatusMap[order.Id]
+			item.AgentCode = agentCodeMap[order.Id]
 		} else {
 			item.IsAgentOrder = false
 			item.AgentProcessStatus = "not_agent"

app/main/api/internal/logic/admin_order/adminrefundorderlogic.go

@@ -1,20 +1,21 @@
 package admin_order
 
 import (
-    "context"
+	"context"
-    "database/sql"
+	"database/sql"
-    "fmt"
+	"fmt"
-    "time"
+	"time"
 
-    "qnc-server/app/main/api/internal/svc"
+	paylogic "qnc-server/app/main/api/internal/logic/pay"
-    "qnc-server/app/main/api/internal/types"
+	"qnc-server/app/main/api/internal/svc"
-    "qnc-server/app/main/model"
+	"qnc-server/app/main/api/internal/types"
-    "qnc-server/common/xerr"
+	"qnc-server/app/main/model"
+	"qnc-server/common/xerr"
 
-    "github.com/pkg/errors"
+	"github.com/google/uuid"
-    "github.com/zeromicro/go-zero/core/logx"
+	"github.com/pkg/errors"
-    "github.com/zeromicro/go-zero/core/stores/sqlx"
+	"github.com/zeromicro/go-zero/core/logx"
-    "github.com/google/uuid"
+	"github.com/zeromicro/go-zero/core/stores/sqlx"
 )
 
 const (
@@ -44,6 +45,10 @@ func (l *AdminRefundOrderLogic) AdminRefundOrder(req *types.AdminRefundOrderReq)
 		return nil, err
 	}
 
+	if model.IsXpayOrder(order) {
+		return l.handleXpayRefund(order, req)
+	}
+
 	// 根据支付平台处理退款
 	switch order.PaymentPlatform {
 	case PaymentPlatformAlipay:
@@ -107,6 +112,24 @@ func (l *AdminRefundOrderLogic) handleAlipayRefund(order *model.Order, req *type
 	}
 }
 
+// handleXpayRefund 处理小程序虚拟支付退款
+func (l *AdminRefundOrderLogic) handleXpayRefund(order *model.Order, req *types.AdminRefundOrderReq) (*types.AdminRefundOrderResp, error) {
+	if req.RefundAmount != order.Amount {
+		return nil, errors.Wrapf(xerr.NewErrMsg("虚拟支付订单仅支持全额退款"), "")
+	}
+	if err := paylogic.RefundXpayQueryOrder(l.ctx, l.svcCtx, order); err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "虚拟支付退款失败: %v", err)
+	}
+	refundNo := l.generateRefundNo(order.OrderNo)
+	_ = l.createRefundRecordOnly(order, req, refundNo, "", model.OrderRefundStatusSuccess)
+	l.Infof("[xpay] admin refund OK order_no=%s amount=%.2f", order.OrderNo, req.RefundAmount)
+	return &types.AdminRefundOrderResp{
+		Status:   model.OrderStatusRefunded,
+		RefundNo: refundNo,
+		Amount:   req.RefundAmount,
+	}, nil
+}
+
 // handleWechatRefund 处理微信退款
 func (l *AdminRefundOrderLogic) handleWechatRefund(order *model.Order, req *types.AdminRefundOrderReq) (*types.AdminRefundOrderResp, error) {
 	// 调用微信退款接口
@@ -133,18 +156,18 @@ func (l *AdminRefundOrderLogic) handleWechatRefund(order *model.Order, req *type
 func (l *AdminRefundOrderLogic) createRefundRecordAndUpdateOrder(order *model.Order, req *types.AdminRefundOrderReq, refundNo, platformRefundId, orderStatus, refundStatus string) error {
 	return l.svcCtx.OrderModel.Trans(l.ctx, func(ctx context.Context, session sqlx.Session) error {
 		// 创建退款记录
-    refund := &model.OrderRefund{
+		refund := &model.OrderRefund{
-        Id:               uuid.NewString(),
+			Id:               uuid.NewString(),
-        RefundNo:         refundNo,
+			RefundNo:         refundNo,
-        PlatformRefundId: l.createNullString(platformRefundId),
+			PlatformRefundId: l.createNullString(platformRefundId),
-        OrderId:          order.Id,
+			OrderId:          order.Id,
-        UserId:           order.UserId,
+			UserId:           order.UserId,
-        ProductId:        order.ProductId,
+			ProductId:        order.ProductId,
-        RefundAmount:     req.RefundAmount,
+			RefundAmount:     req.RefundAmount,
-        RefundReason:     l.createNullString(req.RefundReason),
+			RefundReason:     l.createNullString(req.RefundReason),
-        Status:           refundStatus, // 使用传入的状态，不再硬编码
+			Status:           refundStatus, // 使用传入的状态，不再硬编码
-        RefundTime:       sql.NullTime{Time: time.Now(), Valid: true},
+			RefundTime:       sql.NullTime{Time: time.Now(), Valid: true},
-    }
+		}
 
 		if _, err := l.svcCtx.OrderRefundModel.Insert(ctx, session, refund); err != nil {
 			return fmt.Errorf("创建退款记录失败: %v", err)
@@ -156,24 +179,31 @@ func (l *AdminRefundOrderLogic) createRefundRecordAndUpdateOrder(order *model.Or
 			return fmt.Errorf("更新订单状态失败: %v", err)
 		}
 
+		// 退款成功落库后冲正代理佣金/返佣（部分退款与全额退款均全额冲回本单分账；仅已退款时执行，不含「退款中」）
+		if orderStatus == model.OrderStatusRefunded {
+			if revErr := l.svcCtx.AgentService.ReverseAgentSettlementOnOrderRefund(ctx, session, order.Id); revErr != nil {
+				return revErr
+			}
+		}
+
 		return nil
 	})
 }
 
 // createRefundRecordOnly 仅创建退款记录，不更新订单状态（用于退款失败的情况）
 func (l *AdminRefundOrderLogic) createRefundRecordOnly(order *model.Order, req *types.AdminRefundOrderReq, refundNo, platformRefundId, refundStatus string) error {
-    refund := &model.OrderRefund{
+	refund := &model.OrderRefund{
-        Id:               uuid.NewString(),
+		Id:               uuid.NewString(),
-        RefundNo:         refundNo,
+		RefundNo:         refundNo,
-        PlatformRefundId: l.createNullString(platformRefundId),
+		PlatformRefundId: l.createNullString(platformRefundId),
-        OrderId:          order.Id,
+		OrderId:          order.Id,
-        UserId:           order.UserId,
+		UserId:           order.UserId,
-        ProductId:        order.ProductId,
+		ProductId:        order.ProductId,
-        RefundAmount:     req.RefundAmount,
+		RefundAmount:     req.RefundAmount,
-        RefundReason:     l.createNullString(req.RefundReason),
+		RefundReason:     l.createNullString(req.RefundReason),
-        Status:           refundStatus,
+		Status:           refundStatus,
-        RefundTime:       sql.NullTime{Time: time.Now(), Valid: true},
+		RefundTime:       sql.NullTime{Time: time.Now(), Valid: true},
-    }
+	}
 
 	_, err := l.svcCtx.OrderRefundModel.Insert(l.ctx, nil, refund)
 	if err != nil {

app/main/api/internal/logic/admin_order/adminxpaydeliverlogic.go

@@ -0,0 +1,56 @@
+package admin_order
+
+import (
+	"context"
+
+	"qnc-server/app/main/api/internal/logic/pay"
+	"qnc-server/app/main/api/internal/svc"
+	"qnc-server/app/main/api/internal/types"
+	"qnc-server/app/main/model"
+	"qnc-server/common/xerr"
+
+	"github.com/pkg/errors"
+	"github.com/zeromicro/go-zero/core/logx"
+)
+
+type AdminXpayDeliverLogic struct {
+	logx.Logger
+	ctx    context.Context
+	svcCtx *svc.ServiceContext
+}
+
+func NewAdminXpayDeliverLogic(ctx context.Context, svcCtx *svc.ServiceContext) *AdminXpayDeliverLogic {
+	return &AdminXpayDeliverLogic{
+		Logger: logx.WithContext(ctx),
+		ctx:    ctx,
+		svcCtx: svcCtx,
+	}
+}
+
+func (l *AdminXpayDeliverLogic) AdminXpayDeliver(req *types.AdminXpayDeliverReq) (resp *types.AdminXpayDeliverResp, err error) {
+	order, findErr := l.svcCtx.OrderModel.FindOne(l.ctx, req.Id)
+	if findErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrMsg("订单不存在"), "%v", findErr)
+	}
+
+	if !model.IsXpayOrder(order) {
+		return nil, errors.Wrapf(xerr.NewErrMsg("仅支持小程序虚拟支付订单"), "")
+	}
+
+	if l.svcCtx.XpayService == nil || !l.svcCtx.XpayService.Enabled() {
+		return nil, errors.Wrapf(xerr.NewErrMsg("虚拟支付未启用"), "")
+	}
+
+	result, deliverErr := pay.DeliverXpayQueryOrder(l.ctx, l.svcCtx, order.OrderNo)
+	if deliverErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "补发货失败: %v", deliverErr)
+	}
+
+	return &types.AdminXpayDeliverResp{
+		Credited:     result.Credited,
+		Notified:     result.Notified,
+		WechatDetail: result.WechatDetail,
+		Errors:       result.Errors,
+		Message:      result.Message,
+	}, nil
+}

app/main/api/internal/logic/admin_platform_user/admingetplatformuserlistlogic.go

@@ -30,8 +30,17 @@ func NewAdminGetPlatformUserListLogic(ctx context.Context, svcCtx *svc.ServiceCo
 
 func (l *AdminGetPlatformUserListLogic) AdminGetPlatformUserList(req *types.AdminGetPlatformUserListReq) (resp *types.AdminGetPlatformUserListResp, err error) {
 	builder := l.svcCtx.UserModel.SelectBuilder()
+	secretKey := l.svcCtx.Config.Encrypt.SecretKey
+	if req.UserId != "" {
+		builder = builder.Where("id = ?", req.UserId)
+	}
 	if req.Mobile != "" {
-		builder = builder.Where("mobile = ?", req.Mobile)
+		// 数据库存密文，搜索时把明文手机号加密后再查询
+		encryptedMobile, err := crypto.EncryptMobile(req.Mobile, secretKey)
+		if err != nil {
+			return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "手机号加密失败: %v", err)
+		}
+		builder = builder.Where("mobile = ?", encryptedMobile)
 	}
 	if req.Nickname != "" {
 		builder = builder.Where("nickname = ?", req.Nickname)
@@ -55,16 +64,15 @@ func (l *AdminGetPlatformUserListLogic) AdminGetPlatformUserList(req *types.Admi
 		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询用户分页失败: %v", err)
 	}
 	var items []types.PlatformUserListItem
-	secretKey := l.svcCtx.Config.Encrypt.SecretKey
 
 	for _, user := range users {
 		mobile := user.Mobile
 		if mobile.Valid {
-			encryptedMobile, err := crypto.DecryptMobile(mobile.String, secretKey)
+			DecryptMobile, err := crypto.DecryptMobile(mobile.String, secretKey)
 			if err != nil {
 				return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "手机登录, 解密手机号失败: %+v", err)
 			}
-			mobile = sql.NullString{String: encryptedMobile, Valid: true}
+			mobile = sql.NullString{String: DecryptMobile, Valid: true}
 		}
 		itemData := types.PlatformUserListItem{
 			Id:         user.Id,

app/main/api/internal/logic/admin_product/admincreateproductlogic.go

@@ -28,6 +28,7 @@ func NewAdminCreateProductLogic(ctx context.Context, svcCtx *svc.ServiceContext)
 	}
 }
 
+// AdminCreateProduct 创建产品后，在同一事务内写入一条 agent_product_config（与代理产品配置列表一致）。
 func (l *AdminCreateProductLogic) AdminCreateProduct(req *types.AdminCreateProductReq) (resp *types.AdminCreateProductResp, err error) {
 	// 1. 数据转换
 	data := &model.Product{
@@ -36,7 +37,7 @@ func (l *AdminCreateProductLogic) AdminCreateProduct(req *types.AdminCreateProdu
 		ProductEn:   req.ProductEn,
 		Description: req.Description,
 		Notes:       sql.NullString{String: req.Notes, Valid: req.Notes != ""},
-		CostPrice:   req.CostPrice,
+		CostPrice:   0, // 成本由关联模块汇总，创建后为 0，保存模块关联后写入
 		SellPrice:   req.SellPrice,
 	}
 
@@ -51,7 +52,14 @@ func (l *AdminCreateProductLogic) AdminCreateProduct(req *types.AdminCreateProdu
 		}
 		productId = data.Id
 
-		// 2.2 同步创建代理产品配置（使用默认值）
+		// 2.2 同步创建代理产品配置（使用默认值）；已存在则跳过（幂等）
+		if _, findErr := l.svcCtx.AgentProductConfigModel.FindOneByProductId(ctx, productId); findErr == nil {
+			return nil
+		} else if findErr != model.ErrNotFound {
+			return errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR),
+				"检查代理产品配置失败, err: %v, productId: %s", findErr, productId)
+		}
+
 		agentProductConfig := &model.AgentProductConfig{
 			Id:             uuid.NewString(),
 			ProductId:      productId,

app/main/api/internal/logic/admin_product/admindeleteproductlogic.go

@@ -2,8 +2,10 @@ package admin_product
 
 import (
 	"context"
+
 	"qnc-server/app/main/api/internal/svc"
 	"qnc-server/app/main/api/internal/types"
+	"qnc-server/app/main/model"
 	"qnc-server/common/xerr"
 
 	"github.com/pkg/errors"
@@ -25,12 +27,13 @@ func NewAdminDeleteProductLogic(ctx context.Context, svcCtx *svc.ServiceContext)
 	}
 }
 
+// AdminDeleteProduct 软删除产品后，在同一事务内软删除对应 agent_product_config（与产品列表一致）。
 func (l *AdminDeleteProductLogic) AdminDeleteProduct(req *types.AdminDeleteProductReq) (resp *types.AdminDeleteProductResp, err error) {
 	// 1. 查询记录是否存在
 	record, err := l.svcCtx.ProductModel.FindOne(l.ctx, req.Id)
 	if err != nil {
 		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR),
-			"查找产品失败, err: %v, id: %d", err, req.Id)
+			"查找产品失败, err: %v, id: %s", err, req.Id)
 	}
 
 	// 2. 执行软删除（使用事务确保产品表和代理产品配置表同步）
@@ -39,20 +42,22 @@ func (l *AdminDeleteProductLogic) AdminDeleteProduct(req *types.AdminDeleteProdu
 		err = l.svcCtx.ProductModel.DeleteSoft(ctx, session, record)
 		if err != nil {
 			return errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR),
-				"删除产品失败, err: %v, id: %d", err, req.Id)
+				"删除产品失败, err: %v, id: %s", err, record.Id)
 		}
 
-		// 2.2 同步软删除代理产品配置
+		// 2.2 同步软删除代理产品配置（按产品主键 product_id）
-		agentProductConfig, err := l.svcCtx.AgentProductConfigModel.FindOneByProductId(ctx, req.Id)
+		agentProductConfig, findErr := l.svcCtx.AgentProductConfigModel.FindOneByProductId(ctx, record.Id)
-		if err != nil {
+		switch {
-			// 如果代理产品配置不存在，记录日志但不影响主流程
+		case findErr == nil:
-			l.Infof("同步删除代理产品配置失败：代理产品配置不存在, productId: %d, err: %v", req.Id, err)
+			if err = l.svcCtx.AgentProductConfigModel.DeleteSoft(ctx, session, agentProductConfig); err != nil {
-		} else {
-			err = l.svcCtx.AgentProductConfigModel.DeleteSoft(ctx, session, agentProductConfig)
-			if err != nil {
 				return errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR),
-					"同步删除代理产品配置失败, err: %v, productId: %d", err, req.Id)
+					"同步删除代理产品配置失败, err: %v, productId: %s", err, record.Id)
 			}
+		case findErr == model.ErrNotFound:
+			l.Infof("产品无对应代理产品配置，跳过同步删除, productId: %s", record.Id)
+		default:
+			return errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR),
+				"查询代理产品配置失败, err: %v, productId: %s", findErr, record.Id)
 		}
 
 		return nil

app/main/api/internal/logic/admin_product/admingetproductdetaillogic.go

@@ -32,14 +32,21 @@ func (l *AdminGetProductDetailLogic) AdminGetProductDetail(req *types.AdminGetPr
 			"查找产品失败, err: %v, id: %d", err, req.Id)
 	}
 
-	// 2. 构建响应
+	// 2. 成本价为关联模块 cost_price 之和
+	costSum, err := l.svcCtx.ProductFeatureModel.SumFeatureCostPriceByProductId(l.ctx, req.Id)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR),
+			"汇总产品模块成本失败, err: %v, id: %s", err, req.Id)
+	}
+
+	// 3. 构建响应
 	resp = &types.AdminGetProductDetailResp{
 		Id:          record.Id,
 		ProductName: record.ProductName,
 		ProductEn:   record.ProductEn,
 		Description: record.Description,
 		Notes:       record.Notes.String,
-		CostPrice:   record.CostPrice,
+		CostPrice:   costSum,
 		SellPrice:   record.SellPrice,
 		CreateTime:  record.CreateTime.Format("2006-01-02 15:04:05"),
 		UpdateTime:  record.UpdateTime.Format("2006-01-02 15:04:05"),

app/main/api/internal/logic/admin_product/admingetproductfeaturelistlogic.go

@@ -105,6 +105,7 @@ func (l *AdminGetProductFeatureListLogic) AdminGetProductFeatureList(req *types.
 			FeatureId:   item.FeatureId,
 			ApiId:       feature.ApiId,
 			Name:        feature.Name,
+			CostPrice:   feature.CostPrice,
 			Sort:        item.Sort,
 			Enable:      item.Enable,
 			IsImportant: item.IsImportant,

app/main/api/internal/logic/admin_product/admingetproductlistlogic.go

@@ -44,16 +44,26 @@ func (l *AdminGetProductListLogic) AdminGetProductList(req *types.AdminGetProduc
 			"查询产品列表失败, err: %v, req: %+v", err, req)
 	}
 
-	// 4. 构建响应列表
+	// 4. 构建响应列表（成本价为关联模块 cost_price 之和，非库表字段直读）
 	items := make([]types.ProductListItem, 0, len(list))
+	productIds := make([]string, 0, len(list))
 	for _, item := range list {
+		productIds = append(productIds, item.Id)
+	}
+	costByProduct, err := l.svcCtx.ProductFeatureModel.SumFeatureCostPriceByProductIds(l.ctx, productIds)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR),
+			"汇总产品模块成本失败, err: %v, req: %+v", err, req)
+	}
+	for _, item := range list {
+		cost := costByProduct[item.Id]
 		listItem := types.ProductListItem{
 			Id:          item.Id,
 			ProductName: item.ProductName,
 			ProductEn:   item.ProductEn,
 			Description: item.Description,
 			Notes:       item.Notes.String,
-			CostPrice:   item.CostPrice,
+			CostPrice:   cost,
 			SellPrice:   item.SellPrice,
 			CreateTime:  item.CreateTime.Format("2006-01-02 15:04:05"),
 			UpdateTime:  item.UpdateTime.Format("2006-01-02 15:04:05"),

app/main/api/internal/logic/admin_product/adminupdateproductfeatureslogic.go

@@ -1,18 +1,20 @@
 package admin_product
 
 import (
-    "context"
+	"context"
-    "sync"
+	"sync"
-    "qnc-server/app/main/api/internal/svc"
-    "qnc-server/app/main/api/internal/types"
-    "qnc-server/app/main/model"
-    "qnc-server/common/xerr"
 
-    "github.com/pkg/errors"
+	"qnc-server/app/main/api/internal/logic/productcost"
-    "github.com/zeromicro/go-zero/core/logx"
+	"qnc-server/app/main/api/internal/svc"
-    "github.com/zeromicro/go-zero/core/mr"
+	"qnc-server/app/main/api/internal/types"
-    "github.com/zeromicro/go-zero/core/stores/sqlx"
+	"qnc-server/app/main/model"
-    "github.com/google/uuid"
+	"qnc-server/common/xerr"
+
+	"github.com/google/uuid"
+	"github.com/pkg/errors"
+	"github.com/zeromicro/go-zero/core/logx"
+	"github.com/zeromicro/go-zero/core/mr"
+	"github.com/zeromicro/go-zero/core/stores/sqlx"
 )
 
 type AdminUpdateProductFeaturesLogic struct {
@@ -120,15 +122,15 @@ func (l *AdminUpdateProductFeaturesLogic) AdminUpdateProductFeatures(req *types.
 					return
 				}
 			} else {
-            // 新增关联
+				// 新增关联
-            newFeature := &model.ProductFeature{
+				newFeature := &model.ProductFeature{
-                Id:          uuid.NewString(),
+					Id:          uuid.NewString(),
-                ProductId:   req.ProductId,
+					ProductId:   req.ProductId,
-                FeatureId:   data.featureId,
+					FeatureId:   data.featureId,
-                Sort:        data.newItem.Sort,
+					Sort:        data.newItem.Sort,
-                Enable:      data.newItem.Enable,
+					Enable:      data.newItem.Enable,
-                IsImportant: data.newItem.IsImportant,
+					IsImportant: data.newItem.IsImportant,
-            }
+				}
 				_, err = l.svcCtx.ProductFeatureModel.Insert(ctx, session, newFeature)
 				if err != nil {
 					updateErr = errors.Wrapf(err, "新增产品功能关联失败, product_id: %d, feature_id: %d",
@@ -156,6 +158,10 @@ func (l *AdminUpdateProductFeaturesLogic) AdminUpdateProductFeatures(req *types.
 			"更新产品功能关联失败, err: %v, req: %+v", err, req)
 	}
 
+	if err := productcost.SyncProductCostFromModules(l.ctx, l.svcCtx, req.ProductId); err != nil {
+		return nil, err
+	}
+
 	// 5. 返回结果
 	return &types.AdminUpdateProductFeaturesResp{Success: true}, nil
 }

app/main/api/internal/logic/admin_product/adminupdateproductlogic.go

@@ -47,9 +47,6 @@ func (l *AdminUpdateProductLogic) AdminUpdateProduct(req *types.AdminUpdateProdu
 	if req.Notes != nil {
 		record.Notes = sql.NullString{String: *req.Notes, Valid: *req.Notes != ""}
 	}
-	if req.CostPrice != nil {
-		record.CostPrice = *req.CostPrice
-	}
 	if req.SellPrice != nil {
 		record.SellPrice = *req.SellPrice
 	}

app/main/api/internal/logic/admin_query/admingeneratequerysharelinklogic.go

@@ -0,0 +1,80 @@
+package admin_query
+
+import (
+	"context"
+	"encoding/hex"
+	"encoding/json"
+	"time"
+
+	"qnc-server/app/main/api/internal/svc"
+	"qnc-server/app/main/api/internal/types"
+	"qnc-server/app/main/model"
+	"qnc-server/common/xerr"
+	"qnc-server/pkg/lzkit/crypto"
+
+	"github.com/pkg/errors"
+	"github.com/zeromicro/go-zero/core/logx"
+)
+
+type AdminGenerateQueryShareLinkLogic struct {
+	logx.Logger
+	ctx    context.Context
+	svcCtx *svc.ServiceContext
+}
+
+func NewAdminGenerateQueryShareLinkLogic(ctx context.Context, svcCtx *svc.ServiceContext) *AdminGenerateQueryShareLinkLogic {
+	return &AdminGenerateQueryShareLinkLogic{
+		Logger: logx.WithContext(ctx),
+		ctx:    ctx,
+		svcCtx: svcCtx,
+	}
+}
+
+func (l *AdminGenerateQueryShareLinkLogic) AdminGenerateQueryShareLink(req *types.AdminGenerateQueryShareLinkReq) (resp *types.QueryGenerateShareLinkResp, err error) {
+	if req.OrderId == "" {
+		return nil, errors.Wrapf(xerr.NewErrMsg("订单ID不能为空"), "")
+	}
+
+	order, err := l.svcCtx.OrderModel.FindOne(l.ctx, req.OrderId)
+	if err != nil {
+		if errors.Is(err, model.ErrNotFound) {
+			return nil, errors.Wrapf(xerr.NewErrMsg("订单不存在"), "")
+		}
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "生成分享链接, 获取订单失败: %v", err)
+	}
+
+	if order.Status != model.OrderStatusPaid {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "生成分享链接, 订单未支付")
+	}
+
+	query, err := l.svcCtx.QueryModel.FindOneByOrderId(l.ctx, order.Id)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "生成分享链接, 获取查询失败: %v", err)
+	}
+
+	if query.QueryState != model.QueryStateSuccess {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "生成分享链接, 查询未成功")
+	}
+
+	expireAt := time.Now().Add(time.Duration(l.svcCtx.Config.Query.ShareLinkExpire) * time.Second)
+	payload := types.QueryShareLinkPayload{
+		OrderId:  order.Id,
+		ExpireAt: expireAt.Unix(),
+	}
+	secretKey := l.svcCtx.Config.Encrypt.SecretKey
+	key, err := hex.DecodeString(secretKey)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "生成分享链接, 解密失败: %v", err)
+	}
+	payloadBytes, err := json.Marshal(payload)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "生成分享链接, 序列化失败: %v", err)
+	}
+	encryptedPayload, err := crypto.AesEncryptURL(payloadBytes, key)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "生成分享链接, 加密失败: %v", err)
+	}
+	return &types.QueryGenerateShareLinkResp{
+		ShareLink: encryptedPayload,
+	}, nil
+}

app/main/api/internal/logic/agent/applyforagentlogic.go

@@ -10,6 +10,7 @@ import (
 	"qnc-server/app/main/model"
 	"qnc-server/common/ctxdata"
 	"qnc-server/common/globalkey"
+	"qnc-server/common/reviewphone"
 	"qnc-server/common/xerr"
 	"qnc-server/pkg/lzkit/crypto"
 
@@ -53,8 +54,12 @@ func (l *ApplyForAgentLogic) ApplyForAgent(req *types.AgentApplyReq) (resp *type
 	if req.Referrer == "" {
 		return nil, errors.Wrapf(xerr.NewErrMsg("请填写邀请信息"), "")
 	}
-	// 2. 校验验证码（开发环境下跳过验证码校验）
+	// 2. 校验验证码：开发环境跳过；审核预留号段 + 固定码；其余 Redis
-	if os.Getenv("ENV") != "development" {
+	if os.Getenv("ENV") == "development" {
+		// skip
+	} else if reviewphone.IsAppReviewDemoMobile(req.Mobile) && req.Code == reviewphone.DemoVerifyCode {
+		l.Infof("[ApplyForAgent] 审核体验号段固定验证码通过, mobile: %s", req.Mobile)
+	} else {
 		redisKey := fmt.Sprintf("%s:%s", "agentApply", encryptedMobile)
 		cacheCode, err := l.svcCtx.Redis.Get(redisKey)
 		if err != nil {

app/main/api/internal/logic/agent/applywithdrawallogic.go

@@ -88,26 +88,29 @@ func (l *ApplyWithdrawalLogic) ApplyWithdrawal(req *types.ApplyWithdrawalReq) (r
 		}
 	}
 
-	// 5. 验证提现金额
+	// 5. 获取钱包信息
-	if req.Amount <= 0 {
-		return nil, errors.Wrapf(xerr.NewErrMsg("提现金额必须大于0"), "")
-	}
-
-	// 6. 获取钱包信息
 	wallet, err := l.svcCtx.AgentWalletModel.FindOneByAgentId(l.ctx, agent.Id)
 	if err != nil {
 		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询钱包失败, %v", err)
 	}
 
-	// 7. 验证余额（包括检查是否为负数）
+	// 6. 提现金额与可用余额：仅可提「可用余额」内金额；可用余额须大于 0
-	if wallet.Balance < 0 {
+	withdrawAmount := lzUtils.RoundMoney(req.Amount)
-		return nil, errors.Wrapf(xerr.NewErrMsg(fmt.Sprintf("账户存在欠款，请先补足欠款后再申请提现，当前余额：%.2f", wallet.Balance)), "")
+	if withdrawAmount <= 0 {
+		return nil, errors.Wrapf(xerr.NewErrMsg("提现金额必须大于0"), "")
 	}
-	if wallet.Balance < req.Amount {
+	bal := lzUtils.RoundMoney(wallet.Balance)
-		return nil, errors.Wrapf(xerr.NewErrMsg(fmt.Sprintf("余额不足，当前余额：%.2f", wallet.Balance)), "")
+	if bal < 0 {
+		return nil, errors.Wrapf(xerr.NewErrMsg(fmt.Sprintf("账户存在欠款，请先补足欠款后再申请提现，当前可用余额：%.2f", bal)), "")
+	}
+	if bal <= 0 {
+		return nil, errors.Wrapf(xerr.NewErrMsg("可用余额须大于0才能申请提现"), "")
+	}
+	if withdrawAmount > bal {
+		return nil, errors.Wrapf(xerr.NewErrMsg(fmt.Sprintf("提现金额不能超过可用余额（不含冻结），当前可用：%.2f", bal)), "")
 	}
 
-	// 8. 支付宝月度提现额度校验（仅针对支付宝提现）
+	// 7. 支付宝月度提现额度校验（仅针对支付宝提现）
 	if req.WithdrawalType == 1 {
 		now := time.Now()
 		monthStart := time.Date(now.Year(), now.Month(), 1, 0, 0, 0, 0, now.Location())
@@ -138,7 +141,7 @@ func (l *ApplyWithdrawalLogic) ApplyWithdrawal(req *types.ApplyWithdrawalReq) (r
 			)
 		}
 
-		if req.Amount > remainQuota {
+		if withdrawAmount > remainQuota {
 			return nil, errors.Wrapf(
 				xerr.NewErrMsg(fmt.Sprintf("本月支付宝最高可提现 %.2f 元，请调整提现金额或使用银行卡提现", remainQuota)),
 				"",
@@ -148,7 +151,7 @@ func (l *ApplyWithdrawalLogic) ApplyWithdrawal(req *types.ApplyWithdrawalReq) (r
 
 	// 9. 计算税费
 	yearMonth := int64(time.Now().Year()*100 + int(time.Now().Month()))
-	taxInfo, err := l.calculateTax(l.ctx, agent.Id, req.Amount, yearMonth)
+	taxInfo, err := l.calculateTax(l.ctx, agent.Id, withdrawAmount, yearMonth)
 	if err != nil {
 		return nil, errors.Wrapf(err, "计算税费失败")
 	}
@@ -164,9 +167,26 @@ func (l *ApplyWithdrawalLogic) ApplyWithdrawal(req *types.ApplyWithdrawalReq) (r
 	// 11. 使用事务处理提现申请
 	var withdrawalId string
 	err = l.svcCtx.AgentWalletModel.Trans(l.ctx, func(transCtx context.Context, session sqlx.Session) error {
+		// 提交前再次校验可用余额（防止并发入账/冲正与申请提现竞态）
+		fresh, wErr := l.svcCtx.AgentWalletModel.FindOneByAgentId(transCtx, agent.Id)
+		if wErr != nil {
+			return errors.Wrapf(wErr, "事务内查询钱包失败")
+		}
+		freshBal := lzUtils.RoundMoney(fresh.Balance)
+		if freshBal < 0 {
+			return errors.New("账户存在欠款，无法申请提现")
+		}
+		if freshBal <= 0 {
+			return errors.New("可用余额须大于0才能申请提现")
+		}
+		if withdrawAmount > freshBal {
+			return fmt.Errorf("提现金额不能超过当前可用余额（%.2f）", freshBal)
+		}
+		wallet = fresh
+
 		// 11.1 冻结余额
-		wallet.FrozenBalance += req.Amount
+		wallet.FrozenBalance += withdrawAmount
-		wallet.Balance -= req.Amount
+		wallet.Balance -= withdrawAmount
 		if err := l.svcCtx.AgentWalletModel.UpdateWithVersion(transCtx, session, wallet); err != nil {
 			return errors.Wrapf(err, "冻结余额失败")
 		}
@@ -179,7 +199,7 @@ func (l *ApplyWithdrawalLogic) ApplyWithdrawal(req *types.ApplyWithdrawalReq) (r
 			WithdrawalType: req.WithdrawalType,
 			PayeeAccount:   req.PayeeAccount,
 			PayeeName:      req.PayeeName,
-			Amount:         req.Amount,
+			Amount:         withdrawAmount,
 			ActualAmount:   taxInfo.ActualAmount,
 			TaxAmount:      taxInfo.TaxAmount,
 			Status:         1, // 待审核
@@ -206,7 +226,7 @@ func (l *ApplyWithdrawalLogic) ApplyWithdrawal(req *types.ApplyWithdrawalReq) (r
 			AgentId:          agent.Id,
 			WithdrawalId:     withdrawalId,
 			YearMonth:        yearMonth,
-			WithdrawalAmount: req.Amount,
+			WithdrawalAmount: withdrawAmount,
 			TaxableAmount:    taxInfo.TaxableAmount,
 			TaxRate:          taxInfo.TaxRate,
 			TaxAmount:        taxInfo.TaxAmount,
@@ -293,8 +313,8 @@ func (l *ApplyWithdrawalLogic) calculateTax(ctx context.Context, agentId string,
 	}
 
 	// 计算税费
-	taxAmount := taxableAmount * taxRate
+	taxAmount := lzUtils.RoundMoney(taxableAmount * taxRate)
-	actualAmount := amount - taxAmount
+	actualAmount := lzUtils.RoundMoney(amount - taxAmount)
 
 	return &TaxInfo{
 		TaxableAmount: taxableAmount,

app/main/api/internal/logic/agent/checkfeaturewhiteliststatuslogic.go

@@ -2,10 +2,14 @@ package agent
 
 import (
 	"context"
+	"strings"
 
 	"qnc-server/app/main/api/internal/svc"
 	"qnc-server/app/main/api/internal/types"
+	"qnc-server/app/main/model"
+	"qnc-server/common/xerr"
 
+	"github.com/pkg/errors"
 	"github.com/zeromicro/go-zero/core/logx"
 )
 
@@ -24,7 +28,46 @@ func NewCheckFeatureWhitelistStatusLogic(ctx context.Context, svcCtx *svc.Servic
 }
 
 func (l *CheckFeatureWhitelistStatusLogic) CheckFeatureWhitelistStatus(req *types.CheckFeatureWhitelistStatusReq) (resp *types.CheckFeatureWhitelistStatusResp, err error) {
-	// todo: add your logic here and delete this line
+	if req.IdCard == "" {
-
+		return nil, errors.Wrapf(xerr.NewErrMsg("身份证号不能为空"), "")
-	return
+	}
+	if req.FeatureApiId == "" {
+		return nil, errors.Wrapf(xerr.NewErrMsg("模块API标识不能为空"), "")
+	}
+	mainApiId := req.FeatureApiId
+	if idx := strings.Index(req.FeatureApiId, "_"); idx > 0 {
+		mainApiId = req.FeatureApiId[:idx]
+	}
+	feature, err := l.svcCtx.FeatureModel.FindOneByApiId(l.ctx, mainApiId)
+	if err != nil {
+		if errors.Is(err, model.ErrNotFound) {
+			return nil, errors.Wrapf(xerr.NewErrMsg("模块不存在"), "")
+		}
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询模块信息失败, %v", err)
+	}
+	whitelistBuilder := l.svcCtx.UserFeatureWhitelistModel.SelectBuilder().
+		Where("id_card = ? AND feature_api_id = ? AND status = ?", req.IdCard, mainApiId, 1)
+	whitelists, err := l.svcCtx.UserFeatureWhitelistModel.FindAll(l.ctx, whitelistBuilder, "")
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询白名单记录失败, %v", err)
+	}
+	isWhitelisted := len(whitelists) > 0
+	dataDeleted := false
+	if req.QueryId != "" {
+		containsFeature, err := l.svcCtx.WhitelistService.CheckQueryDataContainsFeature(l.ctx, req.QueryId, req.FeatureApiId)
+		if err != nil {
+			logx.Errorf("检查报告数据是否包含模块失败：%v", err)
+			dataDeleted = true
+		} else {
+			dataDeleted = !containsFeature
+		}
+	} else {
+		dataDeleted = true
+	}
+	return &types.CheckFeatureWhitelistStatusResp{
+		IsWhitelisted:  isWhitelisted,
+		WhitelistPrice: feature.WhitelistPrice,
+		FeatureId:      feature.Id,
+		DataDeleted:    dataDeleted,
+	}, nil
 }

app/main/api/internal/logic/agent/checkorderagentlogic.go

@@ -5,7 +5,11 @@ import (
 
 	"qnc-server/app/main/api/internal/svc"
 	"qnc-server/app/main/api/internal/types"
+	"qnc-server/app/main/model"
+	"qnc-server/common/ctxdata"
+	"qnc-server/common/xerr"
 
+	"github.com/pkg/errors"
 	"github.com/zeromicro/go-zero/core/logx"
 )
 
@@ -23,8 +27,28 @@ func NewCheckOrderAgentLogic(ctx context.Context, svcCtx *svc.ServiceContext) *C
 	}
 }
 
+// CheckOrderAgent 判断订单是否为当前代理推广的订单（通过 agent_order 关联）
 func (l *CheckOrderAgentLogic) CheckOrderAgent(req *types.CheckOrderAgentReq) (resp *types.CheckOrderAgentResp, err error) {
-	// todo: add your logic here and delete this line
+	if req.OrderId == "" {
-
+		return &types.CheckOrderAgentResp{IsAgentOrder: false}, nil
-	return
+	}
+	userID, err := ctxdata.GetUidFromCtx(l.ctx)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "获取用户信息失败, %v", err)
+	}
+	agent, err := l.svcCtx.AgentModel.FindOneByUserId(l.ctx, userID)
+	if err != nil {
+		if errors.Is(err, model.ErrNotFound) {
+			return &types.CheckOrderAgentResp{IsAgentOrder: false}, nil
+		}
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询代理信息失败, %v", err)
+	}
+	agentOrder, err := l.svcCtx.AgentOrderModel.FindOneByOrderId(l.ctx, req.OrderId)
+	if err != nil {
+		if errors.Is(err, model.ErrNotFound) {
+			return &types.CheckOrderAgentResp{IsAgentOrder: false}, nil
+		}
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询订单关联失败, %v", err)
+	}
+	return &types.CheckOrderAgentResp{IsAgentOrder: agentOrder.AgentId == agent.Id}, nil
 }

app/main/api/internal/logic/agent/createwhitelistorderlogic.go

@@ -2,11 +2,18 @@ package agent
 
 import (
 	"context"
+	"fmt"
 
 	"qnc-server/app/main/api/internal/svc"
 	"qnc-server/app/main/api/internal/types"
+	"qnc-server/app/main/model"
+	"qnc-server/common/ctxdata"
+	"qnc-server/common/xerr"
 
+	"github.com/google/uuid"
+	"github.com/pkg/errors"
 	"github.com/zeromicro/go-zero/core/logx"
+	"github.com/zeromicro/go-zero/core/stores/sqlx"
 )
 
 type CreateWhitelistOrderLogic struct {
@@ -24,7 +31,98 @@ func NewCreateWhitelistOrderLogic(ctx context.Context, svcCtx *svc.ServiceContex
 }
 
 func (l *CreateWhitelistOrderLogic) CreateWhitelistOrder(req *types.CreateWhitelistOrderReq) (resp *types.CreateWhitelistOrderResp, err error) {
-	// todo: add your logic here and delete this line
+	userID, err := ctxdata.GetUidFromCtx(l.ctx)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "获取用户信息失败, %v", err)
+	}
+	_, err = l.svcCtx.AgentModel.FindOneByUserId(l.ctx, userID)
+	if err != nil {
+		if errors.Is(err, model.ErrNotFound) {
+			return nil, errors.Wrapf(xerr.NewErrMsg("您不是代理"), "")
+		}
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询代理信息失败, %v", err)
+	}
+	if req.IdCard == "" {
+		return nil, errors.Wrapf(xerr.NewErrMsg("身份证号不能为空"), "")
+	}
+	if len(req.FeatureIds) == 0 {
+		return nil, errors.Wrapf(xerr.NewErrMsg("请至少选择一个模块"), "")
+	}
 
-	return
+	var totalAmount float64
+	var orderItems []struct {
+		FeatureId    string
+		FeatureApiId string
+		FeatureName  string
+		Price        float64
+	}
+
+	for _, featureId := range req.FeatureIds {
+		feature, err := l.svcCtx.FeatureModel.FindOne(l.ctx, featureId)
+		if err != nil {
+			if errors.Is(err, model.ErrNotFound) {
+				return nil, errors.Wrapf(xerr.NewErrMsg(fmt.Sprintf("模块不存在: %s", featureId)), "")
+			}
+			return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询模块信息失败, %v", err)
+		}
+		whitelistPrice := feature.WhitelistPrice
+		if whitelistPrice <= 0 {
+			return nil, errors.Wrapf(xerr.NewErrMsg(fmt.Sprintf("模块 %s 不支持白名单屏蔽", feature.Name)), "")
+		}
+		whitelistBuilder := l.svcCtx.UserFeatureWhitelistModel.SelectBuilder().
+			Where("id_card = ? AND feature_id = ?", req.IdCard, featureId)
+		existing, err := l.svcCtx.UserFeatureWhitelistModel.FindAll(l.ctx, whitelistBuilder, "")
+		if err != nil {
+			return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询白名单记录失败, %v", err)
+		}
+		for _, item := range existing {
+			if item.Status == 1 {
+				return nil, errors.Wrapf(xerr.NewErrMsg(fmt.Sprintf("身份证号 %s 的模块 %s 已经加入白名单", req.IdCard, feature.Name)), "")
+			}
+		}
+		totalAmount += whitelistPrice
+		orderItems = append(orderItems, struct {
+			FeatureId    string
+			FeatureApiId string
+			FeatureName  string
+			Price        float64
+		}{
+			FeatureId: feature.Id, FeatureApiId: feature.ApiId, FeatureName: feature.Name, Price: whitelistPrice,
+		})
+	}
+
+	base := l.svcCtx.AlipayService.GenerateOutTradeNo()
+	orderNo := "W_" + base
+	if len(orderNo) > 32 {
+		orderNo = orderNo[:32]
+	}
+
+	var orderId string
+	err = l.svcCtx.WhitelistOrderModel.Trans(l.ctx, func(ctx context.Context, session sqlx.Session) error {
+		order := &model.WhitelistOrder{
+			Id: uuid.NewString(), OrderNo: orderNo, UserId: userID, IdCard: req.IdCard,
+			TotalAmount: totalAmount, Status: 1,
+		}
+		_, err := l.svcCtx.WhitelistOrderModel.Insert(ctx, session, order)
+		if err != nil {
+			return errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "创建订单失败, %v", err)
+		}
+		orderId = order.Id
+		for _, item := range orderItems {
+			orderItem := &model.WhitelistOrderItem{
+				Id: uuid.NewString(), OrderId: orderId, FeatureId: item.FeatureId,
+				FeatureApiId: item.FeatureApiId, FeatureName: item.FeatureName, Price: item.Price,
+			}
+			if _, err := l.svcCtx.WhitelistOrderItemModel.Insert(ctx, session, orderItem); err != nil {
+				return errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "创建订单明细失败, %v", err)
+			}
+		}
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+	return &types.CreateWhitelistOrderResp{
+		OrderId: orderId, OrderNo: orderNo, TotalAmount: totalAmount,
+	}, nil
 }

app/main/api/internal/logic/agent/generateinviteposterlogic.go

@@ -0,0 +1,52 @@
+// Code scaffolded by goctl. Safe to edit.
+// goctl 1.9.2
+
+package agent
+
+import (
+	"context"
+	"encoding/base64"
+	"fmt"
+
+	"qnc-server/app/main/api/internal/svc"
+	"qnc-server/app/main/api/internal/types"
+	"qnc-server/common/xerr"
+
+	"github.com/pkg/errors"
+	"github.com/zeromicro/go-zero/core/logx"
+)
+
+type GenerateInvitePosterLogic struct {
+	logx.Logger
+	ctx    context.Context
+	svcCtx *svc.ServiceContext
+}
+
+func NewGenerateInvitePosterLogic(ctx context.Context, svcCtx *svc.ServiceContext) *GenerateInvitePosterLogic {
+	return &GenerateInvitePosterLogic{
+		Logger: logx.WithContext(ctx),
+		ctx:    ctx,
+		svcCtx: svcCtx,
+	}
+}
+
+func (l *GenerateInvitePosterLogic) GenerateInvitePoster(req *types.GenerateInvitePosterReq) (resp *types.GenerateInvitePosterResp, err error) {
+	if req.InviteLink == "" {
+		return nil, errors.Wrapf(xerr.NewErrMsg("邀请链接不能为空"), "")
+	}
+
+	// 调用ImageService生成海报
+	imageData, mimeType, err := l.svcCtx.ImageService.ProcessImageWithQRCode("invitation", req.InviteLink)
+	if err != nil {
+		l.Errorf("生成邀请海报失败: %v", err)
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "生成海报失败: %v", err)
+	}
+
+	// 将图片数据转换为base64编码的data URL
+	base64Data := base64.StdEncoding.EncodeToString(imageData)
+	posterUrl := fmt.Sprintf("data:%s;base64,%s", mimeType, base64Data)
+
+	return &types.GenerateInvitePosterResp{
+		PosterUrl: posterUrl,
+	}, nil
+}

app/main/api/internal/logic/agent/generatinglinklogic.go

@@ -15,6 +15,7 @@ import (
 	"qnc-server/common/tool"
 	"qnc-server/common/xerr"
 	"qnc-server/pkg/lzkit/crypto"
+	"qnc-server/pkg/lzkit/lzUtils"
 
 	"github.com/Masterminds/squirrel"
 	"github.com/pkg/errors"
@@ -41,6 +42,12 @@ func NewGeneratingLinkLogic(ctx context.Context, svcCtx *svc.ServiceContext) *Ge
 }
 
 func (l *GeneratingLinkLogic) GeneratingLink(req *types.AgentGeneratingLinkReq) (resp *types.AgentGeneratingLinkResp, err error) {
+	// 将 set_price 从 string 转为 float64
+	setPrice, err := strconv.ParseFloat(req.SetPrice, 64)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrMsg("设定价格格式不正确"), "")
+	}
+
 	userID, err := ctxdata.GetUidFromCtx(l.ctx)
 	if err != nil {
 		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "生成推广链接失败, %v", err)
@@ -71,14 +78,14 @@ func (l *GeneratingLinkLogic) GeneratingLink(req *types.AgentGeneratingLinkReq)
 	}
 
     basePrice := productConfig.BasePrice
-    actualBasePrice := basePrice + float64(levelBonus)
+    actualBasePrice := lzUtils.RoundMoney(basePrice + float64(levelBonus))
     systemMaxPrice := productConfig.SystemMaxPrice
     upliftAmount, err := l.getLevelMaxUpliftAmount(agentModel.Level)
     if err != nil {
         return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "获取等级上调金额失败, %v", err)
     }
-    levelMaxPrice := systemMaxPrice + upliftAmount
+    levelMaxPrice := lzUtils.RoundMoney(systemMaxPrice + upliftAmount)
-    if req.SetPrice < actualBasePrice || req.SetPrice > levelMaxPrice {
+    if setPrice < actualBasePrice || setPrice > levelMaxPrice {
         return nil, errors.Wrapf(xerr.NewErrMsg("设定价格必须在 %.2f 到 %.2f 之间"), "设定价格必须在 %.2f 到 %.2f 之间", actualBasePrice, levelMaxPrice)
     }
 
@@ -86,7 +93,7 @@ func (l *GeneratingLinkLogic) GeneratingLink(req *types.AgentGeneratingLinkReq)
 	builder := l.svcCtx.AgentLinkModel.SelectBuilder().Where(squirrel.And{
 		squirrel.Eq{"agent_id": agentModel.Id},
 		squirrel.Eq{"product_id": req.ProductId},
-		squirrel.Eq{"set_price": req.SetPrice},
+		squirrel.Eq{"set_price": setPrice},
 		squirrel.Eq{"del_state": globalkey.DelStateNo},
 	})
 
@@ -115,7 +122,7 @@ func (l *GeneratingLinkLogic) GeneratingLink(req *types.AgentGeneratingLinkReq)
 	var agentIdentifier types.AgentIdentifier
 	agentIdentifier.AgentID = agentModel.Id
 	agentIdentifier.ProductID = req.ProductId
-	agentIdentifier.SetPrice = req.SetPrice
+	agentIdentifier.SetPrice = setPrice
 	agentIdentifierByte, err := json.Marshal(agentIdentifier)
 	if err != nil {
 		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "序列化标识失败, %v", err)
@@ -140,7 +147,7 @@ func (l *GeneratingLinkLogic) GeneratingLink(req *types.AgentGeneratingLinkReq)
 		UserId:          userID,
 		ProductId:       req.ProductId,
 		LinkIdentifier:  encrypted,
-		SetPrice:        req.SetPrice,
+		SetPrice:        setPrice,
 		ActualBasePrice: actualBasePrice,
 	}
 

app/main/api/internal/logic/agent/getagentproductconfiglogic.go

@@ -6,6 +6,7 @@ import (
 	"qnc-server/app/main/model"
 	"qnc-server/common/ctxdata"
 	"qnc-server/common/xerr"
+	"qnc-server/pkg/lzkit/lzUtils"
 
 	"github.com/pkg/errors"
 
@@ -76,11 +77,11 @@ func (l *GetAgentProductConfigLogic) GetAgentProductConfig() (resp *types.AgentP
 		productBasePrice := productConfig.BasePrice
 
 		// 计算该产品的实际底价
-		productActualBasePrice := productBasePrice + float64(levelBonus)
+		productActualBasePrice := lzUtils.RoundMoney(productBasePrice + float64(levelBonus))
 
         priceRangeMin := productActualBasePrice
         upliftAmount, _ := l.getLevelMaxUpliftAmount(agentModel.Level)
-        priceRangeMax := productConfig.SystemMaxPrice + upliftAmount
+        priceRangeMax := lzUtils.RoundMoney(productConfig.SystemMaxPrice + upliftAmount)
 
 		// 使用产品配置的提价阈值和手续费比例，如果为NULL则使用0
 		productPriceThreshold := 0.0

app/main/api/internal/logic/agent/getinvitelinklogic.go

@@ -4,15 +4,15 @@ import (
 	"context"
 	"database/sql"
 	"fmt"
-	"strconv"
-	"strings"
-	"time"
 	"qnc-server/app/main/model"
 	"qnc-server/common/ctxdata"
 	"qnc-server/common/globalkey"
 	"qnc-server/common/tool"
 	"qnc-server/common/xerr"
 	"qnc-server/pkg/lzkit/crypto"
+	"strconv"
+	"strings"
+	"time"
 
 	"github.com/pkg/errors"
 
@@ -124,7 +124,18 @@ func (l *GetInviteLinkLogic) createInviteShortLink(inviteCodeId string, inviteCo
 	// 先查询是否已存在短链
 	existingShortLink, err := l.svcCtx.AgentShortLinkModel.FindOneByInviteCodeIdTypeDelState(l.ctx, sql.NullString{String: inviteCodeId, Valid: inviteCodeId != ""}, 2, globalkey.DelStateNo)
 	if err == nil && existingShortLink != nil {
-		// 已存在短链，直接返回
+		// 已存在短链，检查 target_path 是否需要更新
+		if existingShortLink.TargetPath != targetPath {
+			// target_path 已变化，更新短链记录
+			oldTargetPath := existingShortLink.TargetPath
+			existingShortLink.TargetPath = targetPath
+			if updateErr := l.svcCtx.AgentShortLinkModel.UpdateWithVersion(l.ctx, nil, existingShortLink); updateErr != nil {
+				l.Errorf("更新短链 target_path 失败: %v", updateErr)
+				// 即使更新失败，也返回旧短链，避免影响用户体验
+			} else {
+				l.Infof("短链 target_path 已更新: shortCode=%s, old=%s, new=%s", existingShortLink.ShortCode, oldTargetPath, targetPath)
+			}
+		}
 		return fmt.Sprintf("%s/s/%s", promotionConfig.PromotionDomain, existingShortLink.ShortCode), nil
 	}
 
@@ -136,6 +147,18 @@ func (l *GetInviteLinkLogic) createInviteShortLink(inviteCodeId string, inviteCo
 	if inviteCodeId == "" && inviteCode != "" {
 		existingByCode, err2 := l.svcCtx.AgentShortLinkModel.FindOneByInviteCodeTypeDelState(l.ctx, sql.NullString{String: inviteCode, Valid: true}, 2, globalkey.DelStateNo)
 		if err2 == nil && existingByCode != nil {
+			// 已存在短链，检查 target_path 是否需要更新
+			if existingByCode.TargetPath != targetPath {
+				// target_path 已变化，更新短链记录
+				oldTargetPath := existingByCode.TargetPath
+				existingByCode.TargetPath = targetPath
+				if updateErr := l.svcCtx.AgentShortLinkModel.UpdateWithVersion(l.ctx, nil, existingByCode); updateErr != nil {
+					l.Errorf("更新短链 target_path 失败: %v", updateErr)
+					// 即使更新失败，也返回旧短链，避免影响用户体验
+				} else {
+					l.Infof("短链 target_path 已更新: shortCode=%s, old=%s, new=%s", existingByCode.ShortCode, oldTargetPath, targetPath)
+				}
+			}
 			return fmt.Sprintf("%s/s/%s", promotionConfig.PromotionDomain, existingByCode.ShortCode), nil
 		}
 		if err2 != nil && !errors.Is(err2, model.ErrNotFound) {

app/main/api/internal/logic/agent/getwhitelistfeatureslogic.go

@@ -3,10 +3,12 @@ package agent
 import (
 	"context"
 
+	"github.com/zeromicro/go-zero/core/logx"
 	"qnc-server/app/main/api/internal/svc"
 	"qnc-server/app/main/api/internal/types"
+	"qnc-server/common/xerr"
 
-	"github.com/zeromicro/go-zero/core/logx"
+	"github.com/pkg/errors"
 )
 
 type GetWhitelistFeaturesLogic struct {
@@ -23,8 +25,21 @@ func NewGetWhitelistFeaturesLogic(ctx context.Context, svcCtx *svc.ServiceContex
 	}
 }
 
+// GetWhitelistFeatures 返回支持白名单屏蔽的 feature 列表（whitelist_price > 0）
 func (l *GetWhitelistFeaturesLogic) GetWhitelistFeatures(req *types.GetWhitelistFeaturesReq) (resp *types.GetWhitelistFeaturesResp, err error) {
-	// todo: add your logic here and delete this line
+	builder := l.svcCtx.FeatureModel.SelectBuilder().Where("whitelist_price > ?", 0)
-
+	list, err := l.svcCtx.FeatureModel.FindAll(l.ctx, builder, "id ASC")
-	return
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询功能列表失败, %v", err)
+	}
+	items := make([]types.WhitelistFeatureItem, 0, len(list))
+	for _, f := range list {
+		items = append(items, types.WhitelistFeatureItem{
+			FeatureId:      f.Id,
+			FeatureApiId:   f.ApiId,
+			FeatureName:    f.Name,
+			WhitelistPrice: f.WhitelistPrice,
+		})
+	}
+	return &types.GetWhitelistFeaturesResp{List: items}, nil
 }

app/main/api/internal/logic/agent/getwhitelistlistlogic.go

@@ -5,7 +5,10 @@ import (
 
 	"qnc-server/app/main/api/internal/svc"
 	"qnc-server/app/main/api/internal/types"
+	"qnc-server/common/ctxdata"
+	"qnc-server/common/xerr"
 
+	"github.com/pkg/errors"
 	"github.com/zeromicro/go-zero/core/logx"
 )
 
@@ -23,8 +26,53 @@ func NewGetWhitelistListLogic(ctx context.Context, svcCtx *svc.ServiceContext) *
 	}
 }
 
-func (l *GetWhitelistListLogic) GetWhitelistList(req *types.GetWhitelistListReq) (resp *types.GetWhitelistListResp, err error) {
+func statusToText(status int64) string {
-	// todo: add your logic here and delete this line
+	switch status {
-
+	case 1:
-	return
+		return "生效"
+	case 2:
+		return "已失效"
+	default:
+		return ""
+	}
+}
+
+func (l *GetWhitelistListLogic) GetWhitelistList(req *types.GetWhitelistListReq) (resp *types.GetWhitelistListResp, err error) {
+	userID, err := ctxdata.GetUidFromCtx(l.ctx)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "获取用户信息失败, %v", err)
+	}
+	if req.Page <= 0 {
+		req.Page = 1
+	}
+	if req.PageSize <= 0 || req.PageSize > 100 {
+		req.PageSize = 10
+	}
+	builder := l.svcCtx.UserFeatureWhitelistModel.SelectBuilder().Where("user_id = ?", userID)
+	if req.IdCard != "" {
+		builder = builder.Where("id_card = ?", req.IdCard)
+	}
+	list, total, err := l.svcCtx.UserFeatureWhitelistModel.FindPageListByPageWithTotal(l.ctx, builder, req.Page, req.PageSize, "create_time DESC")
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询白名单列表失败, %v", err)
+	}
+	items := make([]types.WhitelistItem, 0, len(list))
+	for _, r := range list {
+		featureName := r.FeatureApiId
+		if f, e := l.svcCtx.FeatureModel.FindOne(l.ctx, r.FeatureId); e == nil {
+			featureName = f.Name
+		}
+		items = append(items, types.WhitelistItem{
+			Id:           r.Id,
+			IdCard:       r.IdCard,
+			FeatureId:    r.FeatureId,
+			FeatureApiId: r.FeatureApiId,
+			FeatureName:  featureName,
+			Amount:       r.Amount,
+			Status:       r.Status,
+			StatusText:   statusToText(r.Status),
+			CreateTime:   r.CreateTime.Format("2006-01-02 15:04:05"),
+		})
+	}
+	return &types.GetWhitelistListResp{Total: total, List: items}, nil
 }

app/main/api/internal/logic/agent/offlinefeaturelogic.go

@@ -2,10 +2,14 @@ package agent
 
 import (
 	"context"
+	"encoding/json"
 
 	"qnc-server/app/main/api/internal/svc"
 	"qnc-server/app/main/api/internal/types"
+	"qnc-server/common/ctxdata"
+	"qnc-server/common/xerr"
 
+	"github.com/pkg/errors"
 	"github.com/zeromicro/go-zero/core/logx"
 )
 
@@ -24,7 +28,44 @@ func NewOfflineFeatureLogic(ctx context.Context, svcCtx *svc.ServiceContext) *Of
 }
 
 func (l *OfflineFeatureLogic) OfflineFeature(req *types.OfflineFeatureReq) (resp *types.OfflineFeatureResp, err error) {
-	// todo: add your logic here and delete this line
+	userID, err := ctxdata.GetUidFromCtx(l.ctx)
-
+	if err != nil {
-	return
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "获取用户信息失败, %v", err)
+	}
+	if req.FeatureApiId == "" || req.QueryId == "" {
+		return nil, errors.Wrapf(xerr.NewErrMsg("模块标识和查询记录ID不能为空"), "")
+	}
+	// 从 Query 获取 id_card
+	query, err := l.svcCtx.QueryModel.FindOne(l.ctx, req.QueryId)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询记录不存在或查询失败, %v", err)
+	}
+	idCard := ""
+	if query.QueryParams != "" {
+		var params map[string]interface{}
+		if e := json.Unmarshal([]byte(query.QueryParams), &params); e == nil {
+			if v, ok := params["id_card"]; ok {
+				if s, ok := v.(string); ok {
+					idCard = s
+				}
+			}
+		}
+	}
+	if idCard == "" {
+		return nil, errors.Wrapf(xerr.NewErrMsg("无法从查询记录中获取身份证号"), "")
+	}
+	needPay, amount, whitelistCreated, err := l.svcCtx.WhitelistService.ProcessOfflineFeature(l.ctx, nil, idCard, req.FeatureApiId, userID, req.QueryId)
+	if err != nil {
+		return nil, err
+	}
+	if whitelistCreated && !needPay {
+		if err := l.svcCtx.WhitelistService.DeleteFeatureFromQueryData(l.ctx, nil, req.QueryId, req.FeatureApiId); err != nil {
+			logx.Errorf("从报告数据中删除模块失败: %v", err)
+		}
+		return &types.OfflineFeatureResp{Success: true, NeedPay: false, Amount: 0}, nil
+	}
+	if needPay {
+		return &types.OfflineFeatureResp{Success: false, NeedPay: true, Amount: amount}, nil
+	}
+	return &types.OfflineFeatureResp{Success: true, NeedPay: false, Amount: 0}, nil
 }

app/main/api/internal/logic/agent/registerbyinvitecodelogic.go

@@ -5,14 +5,16 @@ import (
 	"database/sql"
 	"fmt"
 	"os"
-	"strconv"
-	"time"
 	"qnc-server/app/main/model"
 	"qnc-server/common/ctxdata"
 	"qnc-server/common/globalkey"
+	"qnc-server/common/reviewphone"
 	"qnc-server/common/xerr"
 	"qnc-server/pkg/lzkit/crypto"
+	"strconv"
+	"time"
 
+	"github.com/go-sql-driver/mysql"
 	"github.com/google/uuid"
 	"github.com/pkg/errors"
 	"github.com/zeromicro/go-zero/core/stores/redis"
@@ -24,6 +26,36 @@ import (
 	"github.com/zeromicro/go-zero/core/logx"
 )
 
+func isMySQLDuplicateEntry(err error) bool {
+	var me *mysql.MySQLError
+	return errors.As(err, &me) && me.Number == 1062
+}
+
+// insertMobileUserAuthOrSkip 写入 mobile 认证；若并发重复插入触发唯一键冲突，且该手机号已绑定同一用户则视为成功（幂等）。
+func (l *RegisterByInviteCodeLogic) insertMobileUserAuthOrSkip(ctx context.Context, session sqlx.Session, userID string, encryptedMobile string) error {
+	_, err := l.svcCtx.UserAuthModel.Insert(ctx, session, &model.UserAuth{
+		Id:       uuid.NewString(),
+		UserId:   userID,
+		AuthType: model.UserAuthTypeMobile,
+		AuthKey:  encryptedMobile,
+	})
+	if err == nil {
+		return nil
+	}
+	if !isMySQLDuplicateEntry(err) {
+		return err
+	}
+	exist, findErr := l.svcCtx.UserAuthModel.FindOneByAuthTypeAuthKey(ctx, model.UserAuthTypeMobile, encryptedMobile)
+	if findErr != nil {
+		return findErr
+	}
+	if exist != nil && exist.UserId == userID {
+		l.Infof("[insertMobileUserAuthOrSkip] mobile 认证已由并发请求创建，跳过: userId=%s", userID)
+		return nil
+	}
+	return errors.Wrapf(xerr.NewErrMsg("该手机号已被占用"), "")
+}
+
 type RegisterByInviteCodeLogic struct {
 	logx.Logger
 	ctx    context.Context
@@ -48,8 +80,12 @@ func (l *RegisterByInviteCodeLogic) RegisterByInviteCode(req *types.RegisterByIn
 	}
 	l.Infof("[RegisterByInviteCode] 手机号加密完成, encryptedMobile: %s", encryptedMobile)
 
-	// 校验验证码（开发环境下跳过验证码校验）
+	// 校验验证码：开发环境跳过；审核预留号段 + 固定码走专用通道；其余走 Redis
-	if os.Getenv("ENV") != "development" && req.Code != "143838" {
+	if os.Getenv("ENV") == "development" {
+		l.Infof("[RegisterByInviteCode] 开发环境跳过验证码校验")
+	} else if reviewphone.IsAppReviewDemoMobile(req.Mobile) && req.Code == reviewphone.DemoVerifyCode {
+		l.Infof("[RegisterByInviteCode] 审核体验号段固定验证码通过, mobile: %s", req.Mobile)
+	} else {
 		redisKey := fmt.Sprintf("%s:%s", "agentApply", encryptedMobile)
 		cacheCode, err := l.svcCtx.Redis.Get(redisKey)
 		if err != nil {
@@ -64,8 +100,6 @@ func (l *RegisterByInviteCodeLogic) RegisterByInviteCode(req *types.RegisterByIn
 			return nil, errors.Wrapf(xerr.NewErrMsg("验证码不正确"), "")
 		}
 		l.Infof("[RegisterByInviteCode] 验证码校验通过, mobile: %s", req.Mobile)
-	} else {
-		l.Infof("[RegisterByInviteCode] 开发环境跳过验证码校验")
 	}
 
 	// 获取当前登录态（可能为空）
@@ -471,14 +505,8 @@ func (l *RegisterByInviteCodeLogic) handleMobileNotExists(ctx context.Context, s
 			return "", errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "创建用户失败: %v", err)
 		}
 		l.Infof("[handleMobileNotExists] 用户创建成功, userId: %s", newUser.Id)
-		// 创建 mobile 认证
+		if err := l.insertMobileUserAuthOrSkip(ctx, session, newUser.Id, encryptedMobile); err != nil {
-		if _, err := l.svcCtx.UserAuthModel.Insert(ctx, session, &model.UserAuth{
+			return "", errors.Wrap(err, "创建手机号认证失败")
-			Id:       uuid.NewString(),
-			UserId:   newUser.Id,
-			AuthType: model.UserAuthTypeMobile,
-			AuthKey:  encryptedMobile,
-		}); err != nil {
-			return "", errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "创建手机号认证失败: %v", err)
 		}
 		l.Infof("[handleMobileNotExists] 手机号认证创建成功, userId: %s", newUser.Id)
 		return newUser.Id, nil
@@ -496,14 +524,8 @@ func (l *RegisterByInviteCodeLogic) handleMobileNotExists(ctx context.Context, s
 			return "", errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "更新手机号失败: %v", err)
 		}
 		l.Infof("[handleMobileNotExists] 用户升级为正式用户成功, userId: %s", currentUserID)
-		// 创建 mobile 认证
+		if err := l.insertMobileUserAuthOrSkip(ctx, session, currentUserID, encryptedMobile); err != nil {
-		if _, err := l.svcCtx.UserAuthModel.Insert(ctx, session, &model.UserAuth{
+			return "", errors.Wrap(err, "创建手机号认证失败")
-			Id:       uuid.NewString(),
-			UserId:   currentUserID,
-			AuthType: model.UserAuthTypeMobile,
-			AuthKey:  encryptedMobile,
-		}); err != nil {
-			return "", errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "创建手机号认证失败: %v", err)
 		}
 		l.Infof("[handleMobileNotExists] 手机号认证创建成功, userId: %s", currentUserID)
 		return currentUserID, nil

app/main/api/internal/logic/app/gethomedynamicdatalogic.go

@@ -0,0 +1,91 @@
+package app
+
+import (
+	"context"
+
+	"qnc-server/app/main/api/internal/svc"
+	"qnc-server/app/main/api/internal/types"
+	"qnc-server/app/main/model"
+
+	"github.com/zeromicro/go-zero/core/logx"
+)
+
+type GetHomeDynamicDataLogic struct {
+	logx.Logger
+	ctx    context.Context
+	svcCtx *svc.ServiceContext
+}
+
+func NewGetHomeDynamicDataLogic(ctx context.Context, svcCtx *svc.ServiceContext) *GetHomeDynamicDataLogic {
+	return &GetHomeDynamicDataLogic{
+		Logger: logx.WithContext(ctx),
+		ctx:    ctx,
+		svcCtx: svcCtx,
+	}
+}
+
+func (l *GetHomeDynamicDataLogic) GetHomeDynamicData(req *types.GetHomeDynamicDataReq) (resp *types.GetHomeDynamicDataResp, err error) {
+	// 1. 获取真实查询案例 (支持增量查询)
+	// 增加日志输出，方便调试
+	l.Infof("获取首页动态数据, lastId: %d", req.LastId)
+
+	builder := l.svcCtx.InquiryRecordModel.SelectBuilder().Where("status = ?", 1)
+
+	var records []*model.InquiryRecord
+	if req.LastId > 0 {
+		// 增量获取大于 lastId 的记录
+		records, err = l.svcCtx.InquiryRecordModel.FindPageListByIdASC(l.ctx, builder, req.LastId, 50)
+	} else {
+		// 首次加载获取最新的 10 条
+		records, err = l.svcCtx.InquiryRecordModel.FindPageListByPage(l.ctx, builder, 1, 10, "id DESC")
+	}
+
+	if err != nil {
+		l.Errorf("查询查询记录失败: %v", err)
+	}
+
+	cases := make([]types.InquiryRecordItem, 0)
+	if err == nil && len(records) > 0 {
+		for _, r := range records {
+			cases = append(cases, types.InquiryRecordItem{
+				Id:    r.Id,
+				Tag:   r.InquiryTag,
+				Vin:   r.VinMasked,
+				Model: r.CarModel,
+			})
+		}
+	} else {
+		// 如果数据库没有数据或查询失败，返回一些兜底的 Mock 数据，确保前端有展示
+		if req.LastId == 0 {
+			l.Info("使用兜底 Mock 案例数据")
+			mockCases := []struct {
+				Id    int64
+				Tag   string
+				Vin   string
+				Model string
+			}{
+				{1, "查询成功", "湘A·12345", "奔驰GLC"},
+				{2, "查询成功", "粤B·67890", "丰田凯美瑞"},
+				{3, "查询成功", "京A·00011", "特斯拉ModelY"},
+				{4, "查询成功", "苏E·88888", "大众迈腾"},
+				{5, "查询成功", "沪A·87654", "宝马325"},
+			}
+			for _, m := range mockCases {
+				cases = append(cases, types.InquiryRecordItem{
+					Id:    m.Id,
+					Tag:   m.Tag,
+					Vin:   m.Vin,
+					Model: m.Model,
+				})
+			}
+		}
+	}
+
+	// 2. 评价数据不再从后端返回，改为前端硬编码
+	reviews := make([]types.ReviewItem, 0)
+
+	return &types.GetHomeDynamicDataResp{
+		Cases:   cases,
+		Reviews: reviews,
+	}, nil
+}

app/main/api/internal/logic/auth/sendsmslogic.go

@@ -2,10 +2,12 @@ package auth
 
 import (
 	"context"
-	"qnc-server/common/xerr"
-	"qnc-server/pkg/lzkit/crypto"
 	"fmt"
 	"math/rand"
+	"qnc-server/common/reviewphone"
+	"qnc-server/common/xerr"
+	"qnc-server/pkg/captcha"
+	"qnc-server/pkg/lzkit/crypto"
 	"time"
 
 	"github.com/pkg/errors"
@@ -34,13 +36,72 @@ func NewSendSmsLogic(ctx context.Context, svcCtx *svc.ServiceContext) *SendSmsLo
 	}
 }
 
-func (l *SendSmsLogic) SendSms(req *types.SendSmsReq) error {
+func (l *SendSmsLogic) SendSms(req *types.SendSmsReq, clientIP string, userAgent string) error {
 	secretKey := l.svcCtx.Config.Encrypt.SecretKey
 	encryptedMobile, err := crypto.EncryptMobile(req.Mobile, secretKey)
 	if err != nil {
 		return errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "短信发送, 加密手机号失败: %v", err)
 	}
-	// 检查手机号是否在一分钟内已发送过验证码
+
+	// 审核体验：预留号段申请代理时不发短信、不校验滑块，仅写入与注册校验一致的固定验证码
+	if req.ActionType == "agentApply" && reviewphone.IsAppReviewDemoMobile(req.Mobile) {
+		codeKey := fmt.Sprintf("%s:%s", req.ActionType, encryptedMobile)
+		limitCodeKey := fmt.Sprintf("limit:%s:%s", req.ActionType, encryptedMobile)
+		if err := l.svcCtx.Redis.Setex(codeKey, reviewphone.DemoVerifyCode, l.svcCtx.Config.VerifyCode.ValidTime); err != nil {
+			return errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "短信发送, 审核号写入验证码失败: %v", err)
+		}
+		if err := l.svcCtx.Redis.Setex(limitCodeKey, "1", 60); err != nil {
+			return errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "短信发送, 审核号限流标记失败: %v", err)
+		}
+		l.Infof("短信发送, 审核体验号段跳过真实短信, mobile=%s", req.Mobile)
+		return nil
+	}
+
+	// 1. 滑块验证码校验（可选，支持微信环境跳过验证）
+	cfg := l.svcCtx.Config.Captcha
+	captchaResult := captcha.VerifyOptionalWithUserAgent(captcha.Config{
+		AccessKeyID:     cfg.AccessKeyID,
+		AccessKeySecret: cfg.AccessKeySecret,
+		EndpointURL:     cfg.EndpointURL,
+		SceneID:         cfg.SceneID,
+	}, req.CaptchaVerifyParam, userAgent)
+
+	if captchaResult.VerifyErr != nil {
+		return captchaResult.VerifyErr
+	}
+
+	// 2. 防刷策略
+	if captchaResult.Skipped {
+		// 没有滑块验证码，使用更严格的限流策略
+		// 2.1 IP 限流：同一 IP 每小时最多发送 10 次
+		ipLimitKey := fmt.Sprintf("ip_limit:%s", clientIP)
+		ipCount, err := l.svcCtx.Redis.Incr(ipLimitKey)
+		if err != nil {
+			return errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "短信发送, 读取IP限流缓存失败: %v", err)
+		}
+		if ipCount == 1 {
+			// 第一次访问，设置 1 小时过期
+			l.svcCtx.Redis.Expire(ipLimitKey, 3600)
+		}
+		if ipCount > 10 {
+			return errors.Wrapf(xerr.NewErrMsg("请求过于频繁，请稍后再试"), "短信发送, IP限流: %s, count: %d", clientIP, ipCount)
+		}
+
+		// 2.2 手机号限流：同一手机号每小时最多发送 5 次（无滑块时更严格）
+		hourLimitKey := fmt.Sprintf("hour_limit:%s:%s", req.ActionType, encryptedMobile)
+		hourCount, err := l.svcCtx.Redis.Incr(hourLimitKey)
+		if err != nil {
+			return errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "短信发送, 读取小时限流缓存失败: %v", err)
+		}
+		if hourCount == 1 {
+			l.svcCtx.Redis.Expire(hourLimitKey, 3600)
+		}
+		if hourCount > 5 {
+			return errors.Wrapf(xerr.NewErrMsg("该手机号请求过于频繁，请稍后再试"), "短信发送, 手机号小时限流: %s, count: %d", encryptedMobile, hourCount)
+		}
+	}
+
+	// 3. 检查手机号是否在一分钟内已发送过验证码（通用）
 	limitCodeKey := fmt.Sprintf("limit:%s:%s", req.ActionType, encryptedMobile)
 	exists, err := l.svcCtx.Redis.Exists(limitCodeKey)
 	if err != nil {
@@ -48,7 +109,6 @@ func (l *SendSmsLogic) SendSms(req *types.SendSmsReq) error {
 	}
 
 	if exists {
-		// 如果 Redis 中已经存在标记，说明在 1 分钟内请求过，返回错误
 		return errors.Wrapf(xerr.NewErrMsg("一分钟内不能重复发送验证码"), "短信发送, 手机号1分钟内重复请求发送验证码: %s", encryptedMobile)
 	}
 

app/main/api/internal/logic/captcha/getencryptedsceneidlogic.go

@@ -0,0 +1,37 @@
+package captcha
+
+import (
+	"context"
+
+	"qnc-server/app/main/api/internal/svc"
+	"qnc-server/app/main/api/internal/types"
+	"qnc-server/pkg/captcha"
+
+	"github.com/zeromicro/go-zero/core/logx"
+)
+
+type GetEncryptedSceneIdLogic struct {
+	logx.Logger
+	ctx    context.Context
+	svcCtx *svc.ServiceContext
+}
+
+func NewGetEncryptedSceneIdLogic(ctx context.Context, svcCtx *svc.ServiceContext) *GetEncryptedSceneIdLogic {
+	return &GetEncryptedSceneIdLogic{
+		Logger: logx.WithContext(ctx),
+		ctx:    ctx,
+		svcCtx: svcCtx,
+	}
+}
+
+func (l *GetEncryptedSceneIdLogic) GetEncryptedSceneId() (*types.GetEncryptedSceneIdResp, error) {
+	cfg := l.svcCtx.Config.Captcha
+	encrypted, err := captcha.GenerateEncryptedSceneID(cfg.SceneID, cfg.EKey, 3600)
+	if err != nil {
+		l.Errorf("generate encrypted scene id error: %+v", err)
+		return nil, err
+	}
+	return &types.GetEncryptedSceneIdResp{
+		EncryptedSceneId: encrypted,
+	}, nil
+}

app/main/api/internal/logic/pay/paymentchecklogic.go

@@ -3,8 +3,12 @@ package pay
 import (
 	"context"
 	"strings"
+
+	"qnc-server/app/main/api/internal/service"
 	"qnc-server/app/main/api/internal/svc"
 	"qnc-server/app/main/api/internal/types"
+	"qnc-server/app/main/model"
+	"qnc-server/common/ctxdata"
 	"qnc-server/common/xerr"
 
 	"github.com/pkg/errors"
@@ -26,26 +30,98 @@ func NewPaymentCheckLogic(ctx context.Context, svcCtx *svc.ServiceContext) *Paym
 }
 
 func (l *PaymentCheckLogic) PaymentCheck(req *types.PaymentCheckReq) (resp *types.PaymentCheckResp, err error) {
-	// 根据订单号前缀判断订单类型
 	if strings.HasPrefix(req.OrderNo, "U_") {
-		// 升级订单
+		order, findErr := l.svcCtx.OrderModel.FindOneByOrderNo(l.ctx, req.OrderNo)
-		order, err := l.svcCtx.OrderModel.FindOneByOrderNo(l.ctx, req.OrderNo)
+		if findErr != nil {
-		if err != nil {
+			return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询升级订单失败: %v", findErr)
-			return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询升级订单失败: %v", err)
 		}
-		return &types.PaymentCheckResp{
+		return &types.PaymentCheckResp{Type: "agent_upgrade", Status: order.Status}, nil
-			Type:   "agent_upgrade",
-			Status: order.Status,
-		}, nil
 	}
-	
+
-	// 查询订单（包括代理订单）
+	order, findErr := l.svcCtx.OrderModel.FindOneByOrderNo(l.ctx, req.OrderNo)
-	order, err := l.svcCtx.OrderModel.FindOneByOrderNo(l.ctx, req.OrderNo)
+	if findErr != nil {
-	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询订单失败: %v", findErr)
-		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询订单失败: %v", err)
 	}
-	return &types.PaymentCheckResp{
+
-		Type:   "query",
+	resp = &types.PaymentCheckResp{Type: "query", Status: order.Status}
-		Status: order.Status,
+
-	}, nil
+	// xpay 轮询：pending 时主动查微信单并到账（不通知微信发货）
+	if order.Status == model.OrderStatusPending && model.IsXpayOrder(order) &&
+		l.svcCtx.XpayService != nil && l.svcCtx.XpayService.Enabled() {
+		wxInfo, syncErr := l.syncXpayOrderStatus(order)
+		resp.WxOrderStatus = wxInfo.Status
+		resp.WxOrderDetail = wxInfo.RawOrder
+		if syncErr != nil {
+			resp.WxSyncError = syncErr.Error()
+			l.Errorf("[xpay] 轮询查单失败 order_no=%s local_status=%s wx_status=%d wx_detail=%s err=%v",
+				req.OrderNo, order.Status, wxInfo.Status, wxInfo.RawOrder, syncErr)
+		} else if wxInfo.Status > 0 && !service.IsXpayPaidStatus(wxInfo.Status) {
+			l.Infof("[xpay] 轮询查单未到账 order_no=%s wx_status=%d wx_detail=%s",
+				req.OrderNo, wxInfo.Status, wxInfo.RawOrder)
+		}
+		order, _ = l.svcCtx.OrderModel.FindOneByOrderNo(l.ctx, req.OrderNo)
+		resp.Status = order.Status
+	}
+
+	return resp, nil
+}
+
+type xpaySyncInfo struct {
+	Status   int
+	RawOrder string
+}
+
+func (l *PaymentCheckLogic) syncXpayOrderStatus(order *model.Order) (xpaySyncInfo, error) {
+	info := xpaySyncInfo{}
+	userID, err := ctxdata.GetUidFromCtx(l.ctx)
+	if err != nil {
+		return info, err
+	}
+	if order.UserId != userID {
+		return info, errors.New("无权查询此订单")
+	}
+
+	openid, err := l.svcCtx.XpayService.GetWxMiniOpenID(l.ctx, l.svcCtx.UserAuthModel, userID)
+	if err != nil {
+		return info, err
+	}
+
+	l.Infof("[xpay] check sync start order_no=%s openid=%s env=%d", order.OrderNo, openid, l.svcCtx.XpayService.Env())
+
+	status, err := l.svcCtx.XpayService.QueryOrder(l.ctx, openid, order.OrderNo, "")
+	if err != nil {
+		return info, err
+	}
+	info.Status = status.Status
+	info.RawOrder = status.RawOrder
+
+	if service.IsXpayPaidStatus(status.Status) {
+		_, fulfillErr := fulfillQueryOrderPaid(l.ctx, l.svcCtx, order, status.WxOrderID, status.PaidFee)
+		if fulfillErr != nil {
+			return info, fulfillErr
+		}
+		l.Infof("[xpay] check sync paid order_no=%s wx_order_id=%s paid_fee=%d",
+			order.OrderNo, status.WxOrderID, status.PaidFee)
+		return info, nil
+	}
+
+	if service.IsXpayRefundedStatus(status.Status) || service.IsXpayAlreadyRefunded(status) {
+		order.Status = model.OrderStatusRefunded
+		if updateErr := l.svcCtx.OrderModel.UpdateWithVersion(l.ctx, nil, order); updateErr != nil {
+			return info, updateErr
+		}
+		l.Infof("[xpay] check sync refunded order_no=%s wx_status=%d left_fee=%d", order.OrderNo, status.Status, status.LeftFee)
+		return info, nil
+	}
+
+	if service.IsXpayClosedStatus(status.Status) {
+		order.Status = model.OrderStatusClosed
+		if updateErr := l.svcCtx.OrderModel.UpdateWithVersion(l.ctx, nil, order); updateErr != nil {
+			return info, updateErr
+		}
+		l.Infof("[xpay] check sync closed order_no=%s wx_status=%d", order.OrderNo, status.Status)
+		return info, nil
+	}
+
+	return info, nil
 }

app/main/api/internal/logic/pay/paymentlogic.go

@@ -6,15 +6,15 @@ import (
 	"encoding/json"
 	"fmt"
 	"os"
-	"strconv"
-	"strings"
-	"time"
 	"qnc-server/app/main/api/internal/svc"
 	"qnc-server/app/main/api/internal/types"
 	"qnc-server/app/main/model"
 	"qnc-server/common/ctxdata"
 	"qnc-server/common/xerr"
 	"qnc-server/pkg/lzkit/lzUtils"
+	"strconv"
+	"strings"
+	"time"
 
 	"github.com/google/uuid"
 	"github.com/pkg/errors"
@@ -33,8 +33,12 @@ type PaymentTypeResp struct {
 	outTradeNo  string
 	description string
 	orderID     string // 订单ID，用于开发环境测试支付模式
+	productEn   string // 产品英文名，xpay 道具 ID
 }
 
+// enableDevTestPayment 测试支付功能开关，设置为 true 以启用测试支付功能
+const enableDevTestPayment = false
+
 func NewPaymentLogic(ctx context.Context, svcCtx *svc.ServiceContext) *PaymentLogic {
 	return &PaymentLogic{
 		Logger: logx.WithContext(ctx),
@@ -47,11 +51,12 @@ func (l *PaymentLogic) Payment(req *types.PaymentReq) (resp *types.PaymentResp,
 	var paymentTypeResp *PaymentTypeResp
 	var prepayData interface{}
 	var orderID string
+	useXpay := l.shouldUseXpay(req)
 
 	// 检查是否为开发环境的测试支付模式
 	env := os.Getenv("ENV")
-	isDevTestPayment := env == "development" && (req.PayMethod == "test" || req.PayMethod == "test_empty")
+	isDevTestPayment := enableDevTestPayment && env == "development" && (req.PayMethod == "test" || req.PayMethod == "test_empty")
-	isEmptyReportMode := env == "development" && req.PayMethod == "test_empty"
+	isEmptyReportMode := enableDevTestPayment && env == "development" && req.PayMethod == "test_empty"
 
 	l.svcCtx.OrderModel.Trans(l.ctx, func(ctx context.Context, session sqlx.Session) error {
 		switch req.PayType {
@@ -62,7 +67,7 @@ func (l *PaymentLogic) Payment(req *types.PaymentReq) (resp *types.PaymentResp,
 			}
 
 		case "query":
-			paymentTypeResp, err = l.QueryOrderPayment(req, session)
+			paymentTypeResp, err = l.QueryOrderPayment(req, session, useXpay)
 			if err != nil {
 				return err
 			}
@@ -92,10 +97,12 @@ func (l *PaymentLogic) Payment(req *types.PaymentReq) (resp *types.PaymentResp,
 			return nil
 		}
 
-		// 正常支付流程
+		// 正常支付流程（微信小程序 xpay 在事务外构造支付参数）
 		var createOrderErr error
-		if req.PayMethod == "wechat" {
+		if useXpay {
-			prepayData, createOrderErr = l.svcCtx.WechatPayService.CreateWechatOrder(l.ctx, paymentTypeResp.amount, paymentTypeResp.description, paymentTypeResp.outTradeNo)
+			// 订单已在 QueryOrderPayment 中创建，此处跳过 JSAPI 预下单
+		} else if req.PayMethod == "wechat" {
+			prepayData, createOrderErr = l.svcCtx.WechatPayService.CreateWechatOrder(l.ctx, paymentTypeResp.amount, paymentTypeResp.description, paymentTypeResp.outTradeNo, req.Code)
 		} else if req.PayMethod == "alipay" {
 			prepayData, createOrderErr = l.svcCtx.AlipayService.CreateAlipayOrder(l.ctx, paymentTypeResp.amount, paymentTypeResp.description, paymentTypeResp.outTradeNo)
 		} else if req.PayMethod == "appleiap" {
@@ -110,6 +117,26 @@ func (l *PaymentLogic) Payment(req *types.PaymentReq) (resp *types.PaymentResp,
 		return nil, err
 	}
 
+	// 微信小程序虚拟支付：构造 signData / paySig / signature
+	if useXpay && paymentTypeResp != nil {
+		userID, uidErr := ctxdata.GetUidFromCtx(l.ctx)
+		if uidErr != nil {
+			return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "获取用户信息失败")
+		}
+		xpayParams, buildErr := l.svcCtx.XpayService.BuildPayParams(l.ctx, userID, paymentTypeResp.outTradeNo, paymentTypeResp.productEn, paymentTypeResp.amount)
+		if buildErr != nil {
+			logx.WithContext(l.ctx).Errorf("[xpay] BuildPayParams FAIL user=%s order_no=%s amount=%.2f product_en=%s env=%d err=%v",
+				userID, paymentTypeResp.outTradeNo, paymentTypeResp.amount, paymentTypeResp.productEn, l.svcCtx.XpayService.Env(), buildErr)
+			if strings.Contains(buildErr.Error(), "过期") || strings.Contains(buildErr.Error(), "会话") {
+				return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, buildErr.Error()), "")
+			}
+			return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "构造虚拟支付参数失败: %v", buildErr)
+		}
+		logx.WithContext(l.ctx).Infof("[xpay] BuildPayParams OK user=%s order_no=%s env=%d signData=%s",
+			userID, paymentTypeResp.outTradeNo, l.svcCtx.XpayService.Env(), xpayParams.SignData)
+		prepayData = xpayParams
+	}
+
 	// 开发环境测试支付模式：事务提交后处理订单状态更新和后续流程
 	if isDevTestPayment && paymentTypeResp != nil && paymentTypeResp.orderID != "" {
 		// 使用 goroutine 异步处理，确保事务已完全提交
@@ -202,7 +229,7 @@ func (l *PaymentLogic) Payment(req *types.PaymentReq) (resp *types.PaymentResp,
 	}
 }
 
-func (l *PaymentLogic) QueryOrderPayment(req *types.PaymentReq, session sqlx.Session) (resp *PaymentTypeResp, err error) {
+func (l *PaymentLogic) QueryOrderPayment(req *types.PaymentReq, session sqlx.Session, useXpay bool) (resp *PaymentTypeResp, err error) {
 	userID, getUidErr := ctxdata.GetUidFromCtx(l.ctx)
 	if getUidErr != nil {
 		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "生成订单, 获取用户信息失败, %+v", getUidErr)
@@ -248,13 +275,44 @@ func (l *PaymentLogic) QueryOrderPayment(req *types.PaymentReq, session sqlx.Ses
 	if user.Inside == 1 {
 		amount = 0.01
 	}
+
+	// 同一 queryId 重复发起支付：复用已有订单，避免 order_no 唯一键冲突导致二次支付失败
+	if existingOrder, findOrderErr := l.svcCtx.OrderModel.FindOneByOrderNo(l.ctx, outTradeNo); findOrderErr == nil {
+		switch existingOrder.Status {
+		case model.OrderStatusPaid:
+			return nil, errors.Wrapf(xerr.NewErrMsg("订单已支付，请前往报告查看"), "订单号: %s", outTradeNo)
+		case model.OrderStatusPending:
+			if existingOrder.Status != model.OrderStatusPending {
+				existingOrder.Status = model.OrderStatusPending
+				if updateErr := l.svcCtx.OrderModel.UpdateWithVersion(l.ctx, session, existingOrder); updateErr != nil {
+					return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "重置订单状态失败: %+v", updateErr)
+				}
+			}
+			return &PaymentTypeResp{
+				amount:      existingOrder.Amount,
+				outTradeNo:  outTradeNo,
+				description: product.ProductName,
+				orderID:     existingOrder.Id,
+				productEn:   product.ProductEn,
+			}, nil
+		default:
+			return nil, errors.Wrapf(xerr.NewErrMsg("订单状态异常，请重新发起查询"), "status=%s", existingOrder.Status)
+		}
+	} else if !errors.Is(findOrderErr, model.ErrNotFound) {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查询订单失败: %+v", findOrderErr)
+	}
+
+	paymentPlatform := req.PayMethod
+	if useXpay {
+		paymentPlatform = model.PaymentPlatformWechatXpay
+	}
 	order := model.Order{
 		Id:              uuid.NewString(),
 		OrderNo:         outTradeNo,
 		UserId:          userID,
 		ProductId:       product.Id,
-		PaymentPlatform: req.PayMethod,
+		PaymentPlatform: paymentPlatform,
-		PaymentScene:    "app",
+		PaymentScene:    resolvePaymentScene(l.ctx),
 		Amount:          amount,
 		Status:          "pending",
 	}
@@ -289,7 +347,7 @@ func (l *PaymentLogic) QueryOrderPayment(req *types.PaymentReq, session sqlx.Ses
 
 		// 使用产品配置的底价计算实际底价
 		basePrice := productConfig.BasePrice
-		actualBasePrice := basePrice + float64(levelBonus)
+		actualBasePrice := lzUtils.RoundMoney(basePrice + float64(levelBonus))
 
 		// 计算提价成本（使用产品配置）
 		priceThreshold := 0.0
@@ -303,11 +361,11 @@ func (l *PaymentLogic) QueryOrderPayment(req *types.PaymentReq, session sqlx.Ses
 
 		priceCost := 0.0
 		if agentLinkModel.SetPrice > priceThreshold {
-			priceCost = (agentLinkModel.SetPrice - priceThreshold) * priceFeeRate
+			priceCost = lzUtils.RoundMoney((agentLinkModel.SetPrice - priceThreshold) * priceFeeRate)
 		}
 
 		// 计算代理收益
-		agentProfit := agentLinkModel.SetPrice - actualBasePrice - priceCost
+		agentProfit := lzUtils.RoundMoney(agentLinkModel.SetPrice - actualBasePrice - priceCost)
 
 		// 创建代理订单记录
 		agentOrder := model.AgentOrder{
@@ -327,7 +385,35 @@ func (l *PaymentLogic) QueryOrderPayment(req *types.PaymentReq, session sqlx.Ses
 			return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "生成订单, 保存代理订单失败: %+v", agentOrderInsert)
 		}
 	}
-	return &PaymentTypeResp{amount: amount, outTradeNo: outTradeNo, description: product.ProductName, orderID: orderID}, nil
+	return &PaymentTypeResp{
+		amount:      amount,
+		outTradeNo:  outTradeNo,
+		description: product.ProductName,
+		orderID:     orderID,
+		productEn:   product.ProductEn,
+	}, nil
+}
+
+func (l *PaymentLogic) shouldUseXpay(req *types.PaymentReq) bool {
+	if req.PayMethod != "wechat" || req.PayType != "query" {
+		return false
+	}
+	if l.svcCtx.XpayService == nil || !l.svcCtx.XpayService.Enabled() {
+		return false
+	}
+	platform, err := ctxdata.GetPlatformFromCtx(l.ctx)
+	if err != nil || platform != model.PlatformWxMini {
+		return false
+	}
+	return true
+}
+
+func resolvePaymentScene(ctx context.Context) string {
+	platform, err := ctxdata.GetPlatformFromCtx(ctx)
+	if err != nil {
+		return model.PaymentSceneApp
+	}
+	return model.PaymentSceneFromPlatform(platform)
 }
 
 // AgentVipOrderPayment 代理会员充值订单（已废弃，新系统使用升级功能替代）

app/main/api/internal/logic/pay/wechatpayrefundcallbacklogic.go

@@ -107,6 +107,12 @@ func (l *WechatPayRefundCallbackLogic) handleQueryOrderRefund(orderNo string, st
 			return errors.Wrapf(err, "更新退款记录状态失败: orderNo=%s", orderNo)
 		}
 
+		if status == refunddomestic.STATUS_SUCCESS {
+			if err := l.svcCtx.AgentService.ReverseAgentSettlementOnOrderRefund(ctx, session, order.Id); err != nil {
+				return err
+			}
+		}
+
 		return nil
 	})
 

app/main/api/internal/logic/pay/xpay_deliver.go

@@ -0,0 +1,87 @@
+package pay
+
+import (
+	"context"
+	"strings"
+
+	"qnc-server/app/main/api/internal/service"
+	"qnc-server/app/main/api/internal/svc"
+	"qnc-server/app/main/model"
+)
+
+// XpayDeliverResult 同步 xpay 支付状态（查微信单 → 本地到账 → 异步查报告）
+type XpayDeliverResult struct {
+	Credited     bool     `json:"credited"`
+	Notified     bool     `json:"notified"`
+	WechatDetail string   `json:"wechat_detail"`
+	Errors       []string `json:"errors"`
+	Message      string   `json:"message"`
+}
+
+// DeliverXpayQueryOrder 按商户订单号同步微信虚拟支付到账（不通知微信发货，发货在报告成功后）
+func DeliverXpayQueryOrder(ctx context.Context, svcCtx *svc.ServiceContext, orderNo string) (*XpayDeliverResult, error) {
+	order, err := svcCtx.OrderModel.FindOneByOrderNo(ctx, orderNo)
+	if err != nil {
+		return nil, err
+	}
+
+	resp := &XpayDeliverResult{WechatDetail: "ok"}
+
+	if order.Status == model.OrderStatusPaid {
+		resp.Message = "订单已支付，无需同步"
+		return resp, nil
+	}
+
+	if !model.IsXpayOrder(order) {
+		resp.Errors = append(resp.Errors, "非小程序虚拟支付订单")
+		resp.Message = "非小程序虚拟支付订单"
+		return resp, nil
+	}
+
+	if svcCtx.XpayService == nil || !svcCtx.XpayService.Enabled() {
+		resp.Errors = append(resp.Errors, "虚拟支付未启用")
+		resp.Message = "虚拟支付未启用"
+		return resp, nil
+	}
+
+	openid, err := svcCtx.XpayService.GetWxMiniOpenID(ctx, svcCtx.UserAuthModel, order.UserId)
+	if err != nil {
+		resp.Errors = append(resp.Errors, err.Error())
+		resp.Message = "获取用户 openid 失败"
+		return resp, nil
+	}
+
+	status, qErr := svcCtx.XpayService.QueryOrder(ctx, openid, order.OrderNo, "")
+	if qErr != nil {
+		resp.Errors = append(resp.Errors, qErr.Error())
+		resp.WechatDetail = qErr.Error()
+		resp.Message = "查询微信订单失败"
+		return resp, nil
+	}
+
+	if !service.IsXpayPaidStatus(status.Status) {
+		resp.Errors = append(resp.Errors, "微信侧订单未支付")
+		resp.Message = "微信侧订单未支付"
+		return resp, nil
+	}
+
+	platformOrderID := status.WxOrderID
+	credited, fulfillErr := fulfillQueryOrderPaid(ctx, svcCtx, order, platformOrderID, status.PaidFee)
+	resp.Credited = credited
+	if fulfillErr != nil {
+		resp.Errors = append(resp.Errors, fulfillErr.Error())
+	}
+
+	resp.Message = buildXpayDeliverMessage(resp)
+	return resp, nil
+}
+
+func buildXpayDeliverMessage(r *XpayDeliverResult) string {
+	if len(r.Errors) > 0 {
+		return strings.Join(r.Errors, "；")
+	}
+	if r.Credited {
+		return "同步成功，订单已到账并开始查询报告"
+	}
+	return "未执行到账"
+}

app/main/api/internal/logic/pay/xpay_notify.go

@@ -0,0 +1,48 @@
+package pay
+
+import (
+	"context"
+
+	"qnc-server/app/main/api/internal/svc"
+	"qnc-server/app/main/model"
+
+	"github.com/zeromicro/go-zero/core/logx"
+)
+
+// NotifyXpayGoodsAfterReport 报告生成成功后通知微信虚拟支付已发货（合规/结算）
+func NotifyXpayGoodsAfterReport(ctx context.Context, svcCtx *svc.ServiceContext, order *model.Order) {
+	if order == nil || !model.IsXpayOrder(order) {
+		return
+	}
+	if svcCtx.XpayService == nil || !svcCtx.XpayService.Enabled() {
+		return
+	}
+
+	already, err := svcCtx.XpayService.AlreadyNotified(ctx, order.OrderNo)
+	if err != nil {
+		logx.WithContext(ctx).Errorf("[xpay] 检查发货通知状态失败 order_no=%s err=%v", order.OrderNo, err)
+		return
+	}
+	if already {
+		return
+	}
+
+	openid, err := svcCtx.XpayService.GetWxMiniOpenID(ctx, svcCtx.UserAuthModel, order.UserId)
+	if err != nil {
+		logx.WithContext(ctx).Errorf("[xpay] 报告成功后通知发货：获取 openid 失败 order_no=%s err=%v", order.OrderNo, err)
+		return
+	}
+
+	sessionKey, _ := svcCtx.XpayService.GetSessionKey(ctx, order.UserId)
+	wxOrderID := ""
+	if order.PlatformOrderId.Valid {
+		wxOrderID = order.PlatformOrderId.String
+	}
+
+	if notifyErr := svcCtx.XpayService.NotifyProvideGoods(ctx, openid, order.OrderNo, wxOrderID, sessionKey); notifyErr != nil {
+		logx.WithContext(ctx).Errorf("[xpay] 报告成功后 notify_provide_goods 失败 order_no=%s err=%v", order.OrderNo, notifyErr)
+		return
+	}
+	_ = svcCtx.XpayService.MarkNotified(ctx, order.OrderNo)
+	logx.WithContext(ctx).Infof("[xpay] 报告成功后已通知微信发货 order_no=%s", order.OrderNo)
+}

app/main/api/internal/logic/pay/xpay_refund.go

@@ -0,0 +1,84 @@
+package pay
+
+import (
+	"context"
+	"fmt"
+
+	"qnc-server/app/main/api/internal/svc"
+	"qnc-server/app/main/model"
+	"qnc-server/pkg/lzkit/lzUtils"
+
+	"github.com/zeromicro/go-zero/core/logx"
+	"github.com/zeromicro/go-zero/core/stores/sqlx"
+)
+
+// RefundXpayQueryOrder 对 xpay 查询订单发起全额退款并更新本地订单状态
+func RefundXpayQueryOrder(ctx context.Context, svcCtx *svc.ServiceContext, order *model.Order) error {
+	if svcCtx.XpayService == nil || !svcCtx.XpayService.Enabled() {
+		return fmt.Errorf("虚拟支付未启用")
+	}
+	openid, err := svcCtx.XpayService.GetWxMiniOpenID(ctx, svcCtx.UserAuthModel, order.UserId)
+	if err != nil {
+		return fmt.Errorf("获取 openid 失败: %w", err)
+	}
+
+	refundFeeFen := lzUtils.ToWechatAmount(order.Amount)
+	refundOrderID := buildXpayRefundOrderID(order.OrderNo)
+	if refundErr := svcCtx.XpayService.RefundOrder(ctx, openid, order.OrderNo, refundOrderID, refundFeeFen); refundErr != nil {
+		return refundErr
+	}
+	logx.WithContext(ctx).Infof("[xpay] refund local sync order_no=%s", order.OrderNo)
+
+	return svcCtx.OrderModel.Trans(ctx, func(transCtx context.Context, session sqlx.Session) error {
+		order.Status = model.OrderStatusRefunded
+		if updateErr := svcCtx.OrderModel.UpdateWithVersion(transCtx, session, order); updateErr != nil {
+			return updateErr
+		}
+		return svcCtx.AgentService.ReverseAgentSettlementOnOrderRefund(transCtx, session, order.Id)
+	})
+}
+
+func buildXpayRefundOrderID(orderNo string) string {
+	const prefix = "RF_"
+	id := prefix + orderNo
+	if len(id) > 32 {
+		id = id[:32]
+	}
+	if len(id) < 8 {
+		id = id + "00000000"
+		id = id[:8]
+	}
+	return id
+}
+
+// TryRefundOnQueryFailure 查询失败时按支付渠道退款
+func TryRefundOnQueryFailure(ctx context.Context, svcCtx *svc.ServiceContext, order *model.Order) {
+	var refundErr error
+	switch {
+	case model.IsXpayOrder(order):
+		refundErr = RefundXpayQueryOrder(ctx, svcCtx, order)
+	case order.PaymentPlatform == model.PaymentPlatformWechat:
+		refundErr = svcCtx.WechatPayService.WeChatRefund(ctx, order.OrderNo, order.Amount, order.Amount)
+	default:
+		refund, err := svcCtx.AlipayService.AliRefund(ctx, order.OrderNo, order.Amount)
+		if err != nil {
+			refundErr = err
+		} else if !refund.IsSuccess() {
+			refundErr = fmt.Errorf("支付宝退款失败: %s", refund.Msg)
+		} else {
+			transErr := svcCtx.OrderModel.Trans(ctx, func(transCtx context.Context, session sqlx.Session) error {
+				order.Status = model.OrderStatusRefunded
+				if err := svcCtx.OrderModel.UpdateWithVersion(transCtx, session, order); err != nil {
+					return err
+				}
+				return svcCtx.AgentService.ReverseAgentSettlementOnOrderRefund(transCtx, session, order.Id)
+			})
+			if transErr != nil {
+				refundErr = transErr
+			}
+		}
+	}
+	if refundErr != nil {
+		logx.WithContext(ctx).Errorf("[refund] 查询失败自动退款未成功 order_no=%s platform=%s err=%v", order.OrderNo, order.PaymentPlatform, refundErr)
+	}
+}

app/main/api/internal/logic/pay/xpayclienteventlogic.go

@@ -0,0 +1,65 @@
+package pay
+
+import (
+	"context"
+
+	"qnc-server/app/main/api/internal/svc"
+	"qnc-server/app/main/api/internal/types"
+	"qnc-server/common/ctxdata"
+
+	"github.com/zeromicro/go-zero/core/logx"
+)
+
+type XpayClientEventLogic struct {
+	logx.Logger
+	ctx    context.Context
+	svcCtx *svc.ServiceContext
+}
+
+func NewXpayClientEventLogic(ctx context.Context, svcCtx *svc.ServiceContext) *XpayClientEventLogic {
+	return &XpayClientEventLogic{
+		Logger: logx.WithContext(ctx),
+		ctx:    ctx,
+		svcCtx: svcCtx,
+	}
+}
+
+// XpayClientEvent 记录小程序虚拟支付各步骤及微信/Apple 客户端提示（非 HTTP 异常）
+func (l *XpayClientEventLogic) XpayClientEvent(req *types.XpayClientEventReq) (*types.XpayClientEventResp, error) {
+	userID, _ := ctxdata.GetUidFromCtx(l.ctx)
+
+	l.Infof("[xpay:client-event] user=%s order_no=%s stage=%s event=%s message=%q err_msg=%q err_code=%d errno=%d sign_data=%s device=%s extra=%s",
+		userID, req.OrderNo, req.Stage, req.EventType, req.Message, req.ErrMsg, req.ErrCode, req.Errno,
+		req.SignData, req.Device, req.Extra)
+
+	resp := &types.XpayClientEventResp{}
+
+	if req.OrderNo == "" || l.svcCtx.XpayService == nil || !l.svcCtx.XpayService.Enabled() {
+		return resp, nil
+	}
+
+	// 客户端 fail/tip 时主动 query_order，把微信服务端侧状态一并记入日志
+	if req.EventType == "fail" || req.EventType == "tip" {
+		openid, err := l.svcCtx.XpayService.GetWxMiniOpenID(l.ctx, l.svcCtx.UserAuthModel, userID)
+		if err != nil {
+			resp.WxSyncError = "获取 openid 失败: " + err.Error()
+			l.Errorf("[xpay:client-event] query_order skip order_no=%s reason=%v", req.OrderNo, err)
+			return resp, nil
+		}
+
+		status, qErr := l.svcCtx.XpayService.QueryOrder(l.ctx, openid, req.OrderNo, "")
+		if qErr != nil {
+			resp.WxSyncError = qErr.Error()
+			l.Errorf("[xpay:client-event] query_order FAIL order_no=%s client_msg=%q wx_err=%v",
+				req.OrderNo, req.Message, qErr)
+			return resp, nil
+		}
+
+		resp.WxOrderStatus = status.Status
+		resp.WxOrderDetail = status.RawOrder
+		l.Infof("[xpay:client-event] query_order SNAPSHOT order_no=%s client_msg=%q wx_status=%d wx_order_id=%s paid_fee=%d err_msg=%s raw=%s",
+			req.OrderNo, req.Message, status.Status, status.WxOrderID, status.PaidFee, status.ErrMsg, status.RawOrder)
+	}
+
+	return resp, nil
+}

app/main/api/internal/logic/pay/xpayorderfulfilllogic.go

@@ -0,0 +1,54 @@
+package pay
+
+import (
+	"context"
+	"database/sql"
+	"time"
+
+	"qnc-server/app/main/api/internal/svc"
+	"qnc-server/app/main/model"
+	"qnc-server/pkg/lzkit/lzUtils"
+
+	"github.com/zeromicro/go-zero/core/logx"
+)
+
+// fulfillQueryOrderPaid 幂等将查询订单标记为已支付并触发报告生成
+// wechatPaidFen：微信侧实付金额（分），>0 时须与订单 amount 一致
+func fulfillQueryOrderPaid(ctx context.Context, svcCtx *svc.ServiceContext, order *model.Order, platformOrderID string, wechatPaidFen int64) (credited bool, err error) {
+	if order.Status == "paid" {
+		return false, nil
+	}
+
+	orderFen := lzUtils.ToWechatAmount(order.Amount)
+	if wechatPaidFen > 0 && wechatPaidFen != orderFen {
+		if model.IsXpayOrder(order) {
+			order.Amount = lzUtils.RoundMoney(float64(wechatPaidFen) / 100)
+			orderFen = wechatPaidFen
+			logx.WithContext(ctx).Infof("[xpay] 同步微信实付金额 order_no=%s amount=%.2f fen=%d", order.OrderNo, order.Amount, wechatPaidFen)
+		} else {
+			logx.WithContext(ctx).Errorf("[xpay] 金额不一致 order_no=%s order_fen=%d wechat_fen=%d", order.OrderNo, orderFen, wechatPaidFen)
+			return false, nil
+		}
+	}
+
+	order.Status = "paid"
+	order.PayTime = sql.NullTime{Time: time.Now(), Valid: true}
+	if platformOrderID != "" {
+		order.PlatformOrderId = sql.NullString{String: platformOrderID, Valid: true}
+	}
+	if order.PaymentScene == "" || order.PaymentScene == model.PaymentSceneApp {
+		order.PaymentScene = model.PaymentSceneMiniProgram
+	}
+
+	if updateErr := svcCtx.OrderModel.UpdateWithVersion(ctx, nil, order); updateErr != nil {
+		return false, updateErr
+	}
+
+	if asyncErr := svcCtx.AsynqService.SendQueryTask(order.Id); asyncErr != nil {
+		logx.WithContext(ctx).Errorf("[xpay] SendQueryTask 失败 order_id=%s err=%v", order.Id, asyncErr)
+		return true, asyncErr
+	}
+
+	logx.WithContext(ctx).Infof("[xpay] 订单到账 order_no=%s order_id=%s", order.OrderNo, order.Id)
+	return true, nil
+}

app/main/api/internal/logic/pay/xpaypushlogic.go

@@ -0,0 +1,101 @@
+package pay
+
+import (
+	"encoding/json"
+	"io"
+	"net/http"
+
+	"qnc-server/app/main/api/internal/service"
+	"qnc-server/app/main/api/internal/svc"
+
+	"github.com/zeromicro/go-zero/core/logx"
+)
+
+type XpayPushLogic struct {
+	logx.Logger
+	svcCtx *svc.ServiceContext
+}
+
+func NewXpayPushLogic(svcCtx *svc.ServiceContext) *XpayPushLogic {
+	return &XpayPushLogic{svcCtx: svcCtx}
+}
+
+// HandleGET mp 后台配置消息推送时的验签
+func (l *XpayPushLogic) HandleGET(w http.ResponseWriter, r *http.Request) {
+	q := r.URL.Query()
+	signature := q.Get("signature")
+	timestamp := q.Get("timestamp")
+	nonce := q.Get("nonce")
+	echostr := q.Get("echostr")
+
+	if l.svcCtx.XpayService.VerifyPushSignature(signature, timestamp, nonce) {
+		w.WriteHeader(http.StatusOK)
+		_, _ = w.Write([]byte(echostr))
+		return
+	}
+	w.WriteHeader(http.StatusForbidden)
+}
+
+// HandlePOST 接收 xpay_goods_deliver_notify
+func (l *XpayPushLogic) HandlePOST(w http.ResponseWriter, r *http.Request) {
+	body, err := io.ReadAll(r.Body)
+	if err != nil {
+		l.writePushResp(w, 1, "read body failed")
+		return
+	}
+
+	var notify service.XpayDeliverNotify
+	if err := json.Unmarshal(body, &notify); err != nil {
+		l.writePushResp(w, 1, "parse failed")
+		return
+	}
+
+	if notify.Event != "" && notify.Event != "xpay_goods_deliver_notify" {
+		l.writePushResp(w, 0, "ignored")
+		return
+	}
+
+	orderNo := notify.OutTradeNo
+	if orderNo == "" {
+		l.writePushResp(w, 1, "missing OutTradeNo")
+		return
+	}
+
+	ctx := r.Context()
+	logx.WithContext(ctx).Infof("[xpay:push] recv event=%s order_no=%s openid=%s env=%d body=%s",
+		notify.Event, orderNo, notify.OpenId, notify.Env, string(body))
+
+	already, _ := l.svcCtx.XpayService.AlreadyNotified(ctx, orderNo)
+	if already {
+		l.writePushResp(w, 0, "already notified")
+		return
+	}
+
+	order, findErr := l.svcCtx.OrderModel.FindOneByOrderNo(ctx, orderNo)
+	if findErr != nil {
+		logx.WithContext(ctx).Errorf("[xpay push] 订单不存在 order_no=%s err=%v", orderNo, findErr)
+		l.writePushResp(w, 1, "order not found")
+		return
+	}
+
+	wxOrderID := notify.WeChatPayInfo.TransactionId
+	credited, fulfillErr := fulfillQueryOrderPaid(ctx, l.svcCtx, order, wxOrderID, notify.GoodsInfo.ActualPrice)
+	if fulfillErr != nil {
+		logx.WithContext(ctx).Errorf("[xpay push] 到账失败 order_no=%s err=%v", orderNo, fulfillErr)
+		l.writePushResp(w, 1, fulfillErr.Error())
+		return
+	}
+
+	_ = l.svcCtx.XpayService.MarkNotified(ctx, orderNo)
+	logx.WithContext(ctx).Infof("[xpay push] event=xpay_goods_deliver_notify order_no=%s credited=%v", orderNo, credited)
+	l.writePushResp(w, 0, "success")
+}
+
+func (l *XpayPushLogic) writePushResp(w http.ResponseWriter, errCode int, errMsg string) {
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(http.StatusOK)
+	_ = json.NewEncoder(w).Encode(map[string]interface{}{
+		"ErrCode": errCode,
+		"ErrMsg":  errMsg,
+	})
+}

app/main/api/internal/logic/productcost/sync.go

@@ -0,0 +1,51 @@
+package productcost
+
+import (
+	"context"
+
+	"qnc-server/app/main/api/internal/svc"
+	"qnc-server/common/xerr"
+
+	"github.com/pkg/errors"
+)
+
+// SyncProductCostFromModules 将产品 cost_price 更新为当前关联模块的 feature.cost_price 之和
+func SyncProductCostFromModules(ctx context.Context, c *svc.ServiceContext, productId string) error {
+	sum, err := c.ProductFeatureModel.SumFeatureCostPriceByProductId(ctx, productId)
+	if err != nil {
+		return errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR),
+			"汇总产品模块成本失败, err: %v, productId: %s", err, productId)
+	}
+	record, err := c.ProductModel.FindOne(ctx, productId)
+	if err != nil {
+		return errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR),
+			"查找产品失败, err: %v, productId: %s", err, productId)
+	}
+	record.CostPrice = sum
+	if _, err = c.ProductModel.Update(ctx, nil, record); err != nil {
+		return errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR),
+			"同步产品成本失败, err: %v, productId: %s", err, productId)
+	}
+	return nil
+}
+
+// SyncAllProductsUsingFeature 在模块成本等变更后，刷新所有关联了该模块的产品的 cost_price
+func SyncAllProductsUsingFeature(ctx context.Context, c *svc.ServiceContext, featureId string) error {
+	builder := c.ProductFeatureModel.SelectBuilder().Where("feature_id = ?", featureId)
+	list, err := c.ProductFeatureModel.FindAll(ctx, builder, "")
+	if err != nil {
+		return errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR),
+			"查询产品模块关联失败, err: %v, featureId: %s", err, featureId)
+	}
+	seen := make(map[string]struct{})
+	for _, pf := range list {
+		if _, ok := seen[pf.ProductId]; ok {
+			continue
+		}
+		seen[pf.ProductId] = struct{}{}
+		if err := SyncProductCostFromModules(ctx, c, pf.ProductId); err != nil {
+			return err
+		}
+	}
+	return nil
+}

app/main/api/internal/logic/query/query_common.go

@@ -115,6 +115,8 @@ func BuildEncryptedQuery(ctx context.Context, svcCtx *svc.ServiceContext, queryM
 	if err != nil {
 		return "", errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "报告查询, 报告结构体复制失败, %v", err)
 	}
+	// 显式写入查询记录 ID，供前端报告页「模块下架」等白名单能力使用
+	query.Id = queryModel.Id
 	product, err := svcCtx.ProductModel.FindOne(ctx, queryModel.ProductId)
 	if err != nil {
 		return "", errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "报告查询, 获取商品信息失败, %v", err)

app/main/api/internal/logic/query/queryservicelogic.go

@@ -6,12 +6,12 @@ import (
 	"encoding/json"
 	"fmt"
 	"os"
-	"time"
 	"qnc-server/app/main/api/internal/service"
 	"qnc-server/common/ctxdata"
 	"qnc-server/common/xerr"
 	"qnc-server/pkg/lzkit/crypto"
 	"qnc-server/pkg/lzkit/validator"
+	"time"
 
 	"github.com/pkg/errors"
 	"github.com/zeromicro/go-zero/core/stores/redis"
@@ -55,6 +55,21 @@ var productProcessors = map[string]func(*QueryServiceLogic, *types.QueryServiceR
 	"backgroundcheck":        (*QueryServiceLogic).ProcessBackgroundCheckLogic,
 	"personalData":           (*QueryServiceLogic).ProcessPersonalDataLogic,
 	"consumerFinanceReport":  (*QueryServiceLogic).ProcessConsumerFinanceReportLogic,
+	// 车辆类产品
+	"toc_VehiclesUnderNameCount":   (*QueryServiceLogic).ProcessVehiclesUnderNameCountLogic,
+	"toc_VehicleStaticInfo":        (*QueryServiceLogic).ProcessVehicleVinCodeLogic,
+	"toc_VehicleMileageMixed":      (*QueryServiceLogic).ProcessVehicleMileageMixedLogic,
+	"toc_VehicleVinValuation":      (*QueryServiceLogic).ProcessVehicleVinValuationLogic,
+	"toc_VehicleTransferSimple":    (*QueryServiceLogic).ProcessVehicleTransferSimpleLogic,
+	"toc_VehicleTransferDetail":    (*QueryServiceLogic).ProcessVehicleVinCodeLogic,
+	"toc_VehicleMaintenanceSimple": (*QueryServiceLogic).ProcessVehicleMaintenanceSimpleLogic,
+	"toc_VehicleMaintenanceDetail": (*QueryServiceLogic).ProcessVehicleMaintenanceDetailLogic,
+	"toc_VehicleClaimDetail":       (*QueryServiceLogic).ProcessVehicleClaimDetailLogic,
+	"toc_VehicleClaimVerify":       (*QueryServiceLogic).ProcessVehicleClaimVerifyLogic,
+	"toc_VehiclesUnderName":        (*QueryServiceLogic).ProcessMarriageLogic,
+	"toc_VehiclesUnderNamePlate":   (*QueryServiceLogic).ProcessMarriageLogic,
+	"toc_PersonVehicleVerification":       (*QueryServiceLogic).ProcessPersonVehicleVerificationLogic,
+	"toc_PersonVehicleVerificationDetail": (*QueryServiceLogic).ProcessPersonVehicleVerificationLogic,
 }
 
 func (l *QueryServiceLogic) PreprocessLogic(req *types.QueryServiceReq, product string) (*types.QueryServiceResp, error) {
@@ -709,6 +724,435 @@ func (l *QueryServiceLogic) CacheData(params map[string]interface{}, Product str
 	return outTradeNo, nil
 }
 
+// ---- 车辆类产品处理方法 ----
+
+// ProcessVehiclesUnderNameCountLogic 名下车辆(数量)：仅 user_type + id_card
+func (l *QueryServiceLogic) ProcessVehiclesUnderNameCountLogic(req *types.QueryServiceReq) (*types.QueryServiceResp, error) {
+	decryptData, DecryptDataErr := l.DecryptData(req.Data)
+	if DecryptDataErr != nil {
+		return nil, DecryptDataErr
+	}
+	var data types.TocVehiclesUnderNameCountReq
+	if unmarshalErr := json.Unmarshal(decryptData, &data); unmarshalErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", unmarshalErr)
+	}
+	if validatorErr := validator.Validate(data); validatorErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, validatorErr.Error()), "查询服务, 参数不正确: %+v", validatorErr)
+	}
+	userType := data.UserType
+	if userType == "" {
+		userType = "1"
+	}
+	params := map[string]interface{}{
+		"user_type": userType,
+		"id_card":   data.IDCard,
+	}
+	userID, err := l.GetOrCreateUser()
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 处理用户失败: %v", err)
+	}
+	cacheNo, cacheDataErr := l.CacheData(params, "toc_VehiclesUnderNameCount", userID)
+	if cacheDataErr != nil {
+		return nil, cacheDataErr
+	}
+	token, err := l.svcCtx.UserService.GeneralUserToken(l.ctx, userID)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 生成token失败 : %d", userID)
+	}
+	now := time.Now().Unix()
+	return &types.QueryServiceResp{
+		Id:           cacheNo,
+		AccessToken:  token,
+		AccessExpire: now + l.svcCtx.Config.JwtAuth.AccessExpire,
+		RefreshAfter: now + l.svcCtx.Config.JwtAuth.RefreshAfter,
+	}, nil
+}
+
+// ProcessVehicleVinCodeLogic 仅 vin_code（车辆静态信息、过户详版等）
+func (l *QueryServiceLogic) ProcessVehicleVinCodeLogic(req *types.QueryServiceReq) (*types.QueryServiceResp, error) {
+	decryptData, DecryptDataErr := l.DecryptData(req.Data)
+	if DecryptDataErr != nil {
+		return nil, DecryptDataErr
+	}
+	var data types.TocVehicleVinCodeReq
+	if unmarshalErr := json.Unmarshal(decryptData, &data); unmarshalErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", unmarshalErr)
+	}
+	if validatorErr := validator.Validate(data); validatorErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, validatorErr.Error()), "查询服务, 参数不正确: %+v", validatorErr)
+	}
+	if data.Mobile != "" && data.Code != "" {
+		if verifyCodeErr := l.VerifyCode(data.Mobile, data.Code); verifyCodeErr != nil {
+			return nil, verifyCodeErr
+		}
+	}
+	params := map[string]interface{}{
+		"vin_code": data.VinCode,
+	}
+	product := req.Product
+	userID, err := l.GetOrCreateUser()
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 处理用户失败: %v", err)
+	}
+	cacheNo, cacheDataErr := l.CacheData(params, product, userID)
+	if cacheDataErr != nil {
+		return nil, cacheDataErr
+	}
+	token, err := l.svcCtx.UserService.GeneralUserToken(l.ctx, userID)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 生成token失败 : %d", userID)
+	}
+	now := time.Now().Unix()
+	return &types.QueryServiceResp{
+		Id:           cacheNo,
+		AccessToken:  token,
+		AccessExpire: now + l.svcCtx.Config.JwtAuth.AccessExpire,
+		RefreshAfter: now + l.svcCtx.Config.JwtAuth.RefreshAfter,
+	}, nil
+}
+
+// ProcessVehicleMileageMixedLogic 车辆里程记录(混合) QCXG1U4U
+func (l *QueryServiceLogic) ProcessVehicleMileageMixedLogic(req *types.QueryServiceReq) (*types.QueryServiceResp, error) {
+	decryptData, DecryptDataErr := l.DecryptData(req.Data)
+	if DecryptDataErr != nil {
+		return nil, DecryptDataErr
+	}
+	var data types.TocVehicleMileageMixedReq
+	if unmarshalErr := json.Unmarshal(decryptData, &data); unmarshalErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", unmarshalErr)
+	}
+	if validatorErr := validator.Validate(data); validatorErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, validatorErr.Error()), "查询服务, 参数不正确: %+v", validatorErr)
+	}
+	if data.Mobile != "" && data.Code != "" {
+		if verifyCodeErr := l.VerifyCode(data.Mobile, data.Code); verifyCodeErr != nil {
+			return nil, verifyCodeErr
+		}
+	}
+	params := map[string]interface{}{
+		"vin_code":  data.VinCode,
+		"image_url": data.ImageURL,
+	}
+	userID, err := l.GetOrCreateUser()
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 处理用户失败: %v", err)
+	}
+	cacheNo, cacheDataErr := l.CacheData(params, "toc_VehicleMileageMixed", userID)
+	if cacheDataErr != nil {
+		return nil, cacheDataErr
+	}
+	token, err := l.svcCtx.UserService.GeneralUserToken(l.ctx, userID)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 生成token失败 : %d", userID)
+	}
+	now := time.Now().Unix()
+	return &types.QueryServiceResp{
+		Id:           cacheNo,
+		AccessToken:  token,
+		AccessExpire: now + l.svcCtx.Config.JwtAuth.AccessExpire,
+		RefreshAfter: now + l.svcCtx.Config.JwtAuth.RefreshAfter,
+	}, nil
+}
+
+// ProcessVehicleVinValuationLogic 二手车VIN估值 QCXGY7F2
+func (l *QueryServiceLogic) ProcessVehicleVinValuationLogic(req *types.QueryServiceReq) (*types.QueryServiceResp, error) {
+	decryptData, DecryptDataErr := l.DecryptData(req.Data)
+	if DecryptDataErr != nil {
+		return nil, DecryptDataErr
+	}
+	var data types.TocVehicleVinValuationReq
+	if unmarshalErr := json.Unmarshal(decryptData, &data); unmarshalErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", unmarshalErr)
+	}
+	if validatorErr := validator.Validate(data); validatorErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, validatorErr.Error()), "查询服务, 参数不正确: %+v", validatorErr)
+	}
+	if data.Mobile != "" && data.Code != "" {
+		if verifyCodeErr := l.VerifyCode(data.Mobile, data.Code); verifyCodeErr != nil {
+			return nil, verifyCodeErr
+		}
+	}
+	params := map[string]interface{}{
+		"vin_code":               data.VinCode,
+		"vehicle_location":       data.VehicleLocation,
+		"first_registrationdate": data.FirstRegistrationDate,
+	}
+	userID, err := l.GetOrCreateUser()
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 处理用户失败: %v", err)
+	}
+	cacheNo, cacheDataErr := l.CacheData(params, "toc_VehicleVinValuation", userID)
+	if cacheDataErr != nil {
+		return nil, cacheDataErr
+	}
+	token, err := l.svcCtx.UserService.GeneralUserToken(l.ctx, userID)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 生成token失败 : %d", userID)
+	}
+	now := time.Now().Unix()
+	return &types.QueryServiceResp{
+		Id:           cacheNo,
+		AccessToken:  token,
+		AccessExpire: now + l.svcCtx.Config.JwtAuth.AccessExpire,
+		RefreshAfter: now + l.svcCtx.Config.JwtAuth.RefreshAfter,
+	}, nil
+}
+
+// ProcessVehicleTransferSimpleLogic 车辆过户简版 QCXG1H7Y
+func (l *QueryServiceLogic) ProcessVehicleTransferSimpleLogic(req *types.QueryServiceReq) (*types.QueryServiceResp, error) {
+	decryptData, DecryptDataErr := l.DecryptData(req.Data)
+	if DecryptDataErr != nil {
+		return nil, DecryptDataErr
+	}
+	var data types.TocVehicleTransferSimpleReq
+	if unmarshalErr := json.Unmarshal(decryptData, &data); unmarshalErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", unmarshalErr)
+	}
+	if validatorErr := validator.Validate(data); validatorErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, validatorErr.Error()), "查询服务, 参数不正确: %+v", validatorErr)
+	}
+	if data.Mobile != "" && data.Code != "" {
+		if verifyCodeErr := l.VerifyCode(data.Mobile, data.Code); verifyCodeErr != nil {
+			return nil, verifyCodeErr
+		}
+	}
+	params := map[string]interface{}{
+		"vin_code": data.VinCode,
+	}
+	userID, err := l.GetOrCreateUser()
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 处理用户失败: %v", err)
+	}
+	cacheNo, cacheDataErr := l.CacheData(params, "toc_VehicleTransferSimple", userID)
+	if cacheDataErr != nil {
+		return nil, cacheDataErr
+	}
+	token, err := l.svcCtx.UserService.GeneralUserToken(l.ctx, userID)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 生成token失败 : %d", userID)
+	}
+	now := time.Now().Unix()
+	return &types.QueryServiceResp{
+		Id:           cacheNo,
+		AccessToken:  token,
+		AccessExpire: now + l.svcCtx.Config.JwtAuth.AccessExpire,
+		RefreshAfter: now + l.svcCtx.Config.JwtAuth.RefreshAfter,
+	}, nil
+}
+
+// ProcessVehicleMaintenanceSimpleLogic 车辆维保简版 QCXG3Y6B
+func (l *QueryServiceLogic) ProcessVehicleMaintenanceSimpleLogic(req *types.QueryServiceReq) (*types.QueryServiceResp, error) {
+	decryptData, DecryptDataErr := l.DecryptData(req.Data)
+	if DecryptDataErr != nil {
+		return nil, DecryptDataErr
+	}
+	var data types.TocVehicleMaintenanceSimpleReq
+	if unmarshalErr := json.Unmarshal(decryptData, &data); unmarshalErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", unmarshalErr)
+	}
+	if validatorErr := validator.Validate(data); validatorErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, validatorErr.Error()), "查询服务, 参数不正确: %+v", validatorErr)
+	}
+	if data.Mobile != "" && data.Code != "" {
+		if verifyCodeErr := l.VerifyCode(data.Mobile, data.Code); verifyCodeErr != nil {
+			return nil, verifyCodeErr
+		}
+	}
+	params := map[string]interface{}{
+		"vin_code": data.VinCode,
+	}
+	userID, err := l.GetOrCreateUser()
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 处理用户失败: %v", err)
+	}
+	cacheNo, cacheDataErr := l.CacheData(params, "toc_VehicleMaintenanceSimple", userID)
+	if cacheDataErr != nil {
+		return nil, cacheDataErr
+	}
+	token, err := l.svcCtx.UserService.GeneralUserToken(l.ctx, userID)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 生成token失败 : %d", userID)
+	}
+	now := time.Now().Unix()
+	return &types.QueryServiceResp{
+		Id:           cacheNo,
+		AccessToken:  token,
+		AccessExpire: now + l.svcCtx.Config.JwtAuth.AccessExpire,
+		RefreshAfter: now + l.svcCtx.Config.JwtAuth.RefreshAfter,
+	}, nil
+}
+
+// ProcessVehicleMaintenanceDetailLogic 车辆维保详细版 QCXG3Z3L
+func (l *QueryServiceLogic) ProcessVehicleMaintenanceDetailLogic(req *types.QueryServiceReq) (*types.QueryServiceResp, error) {
+	decryptData, DecryptDataErr := l.DecryptData(req.Data)
+	if DecryptDataErr != nil {
+		return nil, DecryptDataErr
+	}
+	var data types.TocVehicleMaintenanceDetailReq
+	if unmarshalErr := json.Unmarshal(decryptData, &data); unmarshalErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", unmarshalErr)
+	}
+	if validatorErr := validator.Validate(data); validatorErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, validatorErr.Error()), "查询服务, 参数不正确: %+v", validatorErr)
+	}
+	if data.Mobile != "" && data.Code != "" {
+		if verifyCodeErr := l.VerifyCode(data.Mobile, data.Code); verifyCodeErr != nil {
+			return nil, verifyCodeErr
+		}
+	}
+	params := map[string]interface{}{
+		"vin_code": data.VinCode,
+	}
+	userID, err := l.GetOrCreateUser()
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 处理用户失败: %v", err)
+	}
+	cacheNo, cacheDataErr := l.CacheData(params, "toc_VehicleMaintenanceDetail", userID)
+	if cacheDataErr != nil {
+		return nil, cacheDataErr
+	}
+	token, err := l.svcCtx.UserService.GeneralUserToken(l.ctx, userID)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 生成token失败 : %d", userID)
+	}
+	now := time.Now().Unix()
+	return &types.QueryServiceResp{
+		Id:           cacheNo,
+		AccessToken:  token,
+		AccessExpire: now + l.svcCtx.Config.JwtAuth.AccessExpire,
+		RefreshAfter: now + l.svcCtx.Config.JwtAuth.RefreshAfter,
+	}, nil
+}
+
+// ProcessVehicleClaimDetailLogic 车辆出险详版 QCXGP00W
+func (l *QueryServiceLogic) ProcessVehicleClaimDetailLogic(req *types.QueryServiceReq) (*types.QueryServiceResp, error) {
+	decryptData, DecryptDataErr := l.DecryptData(req.Data)
+	if DecryptDataErr != nil {
+		return nil, DecryptDataErr
+	}
+	var data types.TocVehicleClaimDetailReq
+	if unmarshalErr := json.Unmarshal(decryptData, &data); unmarshalErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", unmarshalErr)
+	}
+	if validatorErr := validator.Validate(data); validatorErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, validatorErr.Error()), "查询服务, 参数不正确: %+v", validatorErr)
+	}
+	if data.Mobile != "" && data.Code != "" {
+		if verifyCodeErr := l.VerifyCode(data.Mobile, data.Code); verifyCodeErr != nil {
+			return nil, verifyCodeErr
+		}
+	}
+	params := map[string]interface{}{
+		"vin_code":     data.VinCode,
+		"vlphoto_data": data.VlphotoData,
+	}
+	userID, err := l.GetOrCreateUser()
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 处理用户失败: %v", err)
+	}
+	cacheNo, cacheDataErr := l.CacheData(params, "toc_VehicleClaimDetail", userID)
+	if cacheDataErr != nil {
+		return nil, cacheDataErr
+	}
+	token, err := l.svcCtx.UserService.GeneralUserToken(l.ctx, userID)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 生成token失败 : %d", userID)
+	}
+	now := time.Now().Unix()
+	return &types.QueryServiceResp{
+		Id:           cacheNo,
+		AccessToken:  token,
+		AccessExpire: now + l.svcCtx.Config.JwtAuth.AccessExpire,
+		RefreshAfter: now + l.svcCtx.Config.JwtAuth.RefreshAfter,
+	}, nil
+}
+
+// ProcessVehicleClaimVerifyLogic 车辆出险记录核验 QCXG6B4E
+func (l *QueryServiceLogic) ProcessVehicleClaimVerifyLogic(req *types.QueryServiceReq) (*types.QueryServiceResp, error) {
+	decryptData, DecryptDataErr := l.DecryptData(req.Data)
+	if DecryptDataErr != nil {
+		return nil, DecryptDataErr
+	}
+	var data types.TocVehicleClaimVerifyReq
+	if unmarshalErr := json.Unmarshal(decryptData, &data); unmarshalErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", unmarshalErr)
+	}
+	if validatorErr := validator.Validate(data); validatorErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, validatorErr.Error()), "查询服务, 参数不正确: %+v", validatorErr)
+	}
+	if data.Mobile != "" && data.Code != "" {
+		if verifyCodeErr := l.VerifyCode(data.Mobile, data.Code); verifyCodeErr != nil {
+			return nil, verifyCodeErr
+		}
+	}
+	auth := data.Authorized
+	if auth == "" {
+		auth = "1"
+	}
+	params := map[string]interface{}{
+		"vin_code":   data.VINCode,
+		"authorized": auth,
+	}
+	userID, err := l.GetOrCreateUser()
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 处理用户失败: %v", err)
+	}
+	cacheNo, cacheDataErr := l.CacheData(params, "toc_VehicleClaimVerify", userID)
+	if cacheDataErr != nil {
+		return nil, cacheDataErr
+	}
+	token, err := l.svcCtx.UserService.GeneralUserToken(l.ctx, userID)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 生成token失败 : %d", userID)
+	}
+	now := time.Now().Unix()
+	return &types.QueryServiceResp{
+		Id:           cacheNo,
+		AccessToken:  token,
+		AccessExpire: now + l.svcCtx.Config.JwtAuth.AccessExpire,
+		RefreshAfter: now + l.svcCtx.Config.JwtAuth.RefreshAfter,
+	}, nil
+}
+
+// ProcessPersonVehicleVerificationLogic 人车核验简版：姓名+号牌类型+车牌号
+func (l *QueryServiceLogic) ProcessPersonVehicleVerificationLogic(req *types.QueryServiceReq) (*types.QueryServiceResp, error) {
+	decryptData, DecryptDataErr := l.DecryptData(req.Data)
+	if DecryptDataErr != nil {
+		return nil, DecryptDataErr
+	}
+	var data types.TocPersonVehicleVerification
+	if unmarshalErr := json.Unmarshal(decryptData, &data); unmarshalErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", unmarshalErr)
+	}
+	if validatorErr := validator.Validate(data); validatorErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, validatorErr.Error()), "查询服务, 参数不正确: %+v", validatorErr)
+	}
+	params := map[string]interface{}{
+		"name":          data.Name,
+		"plate_no":      data.CarLicense,
+		"carplate_type": data.CarType,
+	}
+	userID, err := l.GetOrCreateUser()
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 处理用户失败: %v", err)
+	}
+	cacheNo, cacheDataErr := l.CacheData(params, req.Product, userID)
+	if cacheDataErr != nil {
+		return nil, cacheDataErr
+	}
+	token, err := l.svcCtx.UserService.GeneralUserToken(l.ctx, userID)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 生成token失败 : %d", userID)
+	}
+	now := time.Now().Unix()
+	return &types.QueryServiceResp{
+		Id:           cacheNo,
+		AccessToken:  token,
+		AccessExpire: now + l.svcCtx.Config.JwtAuth.AccessExpire,
+		RefreshAfter: now + l.svcCtx.Config.JwtAuth.RefreshAfter,
+	}, nil
+}
+
 // GetOrCreateUser 获取或创建用户
 // 1. 如果已登录，使用当前登录用户
 // 2. 如果未登录，创建临时用户（UUID用户）

app/main/api/internal/logic/query/queryservicelogic.md

@@ -0,0 +1,921 @@
+package query
+
+import (
+	"context"
+	"database/sql"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"os"
+	"time"
+	"tyc-server/app/main/api/internal/service"
+	"tyc-server/app/main/model"
+	"tyc-server/common/ctxdata"
+	"tyc-server/common/globalkey"
+	"tyc-server/common/xerr"
+	"tyc-server/pkg/captcha"
+	"tyc-server/pkg/lzkit/crypto"
+	"tyc-server/pkg/lzkit/validator"
+
+	"github.com/pkg/errors"
+	"github.com/zeromicro/go-zero/core/stores/redis"
+
+	"tyc-server/app/main/api/internal/svc"
+	"tyc-server/app/main/api/internal/types"
+
+	"github.com/zeromicro/go-zero/core/logx"
+)
+
+type QueryServiceLogic struct {
+	logx.Logger
+	ctx    context.Context
+	svcCtx *svc.ServiceContext
+}
+
+func NewQueryServiceLogic(ctx context.Context, svcCtx *svc.ServiceContext) *QueryServiceLogic {
+	return &QueryServiceLogic{
+		Logger: logx.WithContext(ctx),
+		ctx:    ctx,
+		svcCtx: svcCtx,
+	}
+}
+
+func (l *QueryServiceLogic) QueryService(req *types.QueryServiceReq) (resp *types.QueryServiceResp, err error) {
+	if req.AgentIdentifier != "" {
+		l.ctx = context.WithValue(l.ctx, "agentIdentifier", req.AgentIdentifier)
+	} else if req.App {
+		l.ctx = context.WithValue(l.ctx, "app", req.App)
+	}
+	return l.PreprocessLogic(req, req.Product)
+}
+
+// queryHandlerFunc 通用查询 handler：解密后的数据 + 产品名 -> 校验并返回待缓存的 params
+// 新增产品时只需在 productHandlers 里加一行并选用已有 handler 类型即可，无需再写 ProcessXxx
+type queryHandlerFunc func(l *QueryServiceLogic, decryptData []byte, product string) (map[string]interface{}, error)
+
+var productHandlers = map[string]queryHandlerFunc{
+	"marriage":               runMarriageReq,
+	"homeservice":            runMarriageReq,
+	"riskassessment":         runMarriageReq,
+	"companyinfo":            runMarriageReq,
+	"rentalinfo":             runMarriageReq,
+	"preloanbackgroundcheck": runMarriageReq,
+	"backgroundcheck":        runBackgroundCheckReq,
+	"personalData":           runMarriageReq,
+	"toc_PersonalBadRecord":  runPersonalBadRecordReq,
+	"toc_PersonalLawsuit":    runMarriageReq,
+	"toc_EnterpriseLawsuit":  runEntLawsuitReq,
+	// 人企关系加强版：仅身份证号
+	"toc_PersonEnterprisePro": runPersonEnterpriseProReq,
+	// 新司法涉诉类产品
+	"toc_EnterpriseLawsuitQYGL66SL":       runEnterpriseLawsuitSimpleReq,
+	"toc_LimitHighExecuted":               runLimitHighExecutedReq,
+	"toc_DishonestExecutedPerson":         runDishonestExecutedReq,
+	"toc_Marriage":                        runMarriageReq,
+	"toc_PersonalMarriageStatus":          runMarriageReq,
+	"toc_MarriageStatusRegisterTime":      runMarriageReq,
+	"toc_MarriageStatusSupplement":        runMarriageReq,
+	"toc_MarriageStatusVerify":            runMarriageReq,
+	"toc_DualMarriageStatusRegisterTime":  runDualMarriageReq,
+	"toc_VehiclesUnderName":               runMarriageReq,
+	"toc_VehiclesUnderNamePlate":          runMarriageReq,
+	"toc_PersonVehicleVerification":       runPersonVehicleVerificationReq,
+	"toc_PersonVehicleVerificationDetail": runPersonVehicleVerificationReq,
+	// 车辆类产品（按 md 传参）
+	"toc_VehiclesUnderNameCount":   runVehiclesUnderNameCountReq,
+	"toc_VehicleStaticInfo":        runVehicleVinCodeReq,
+	"toc_VehicleMileageMixed":      runVehicleMileageMixedReq,
+	"toc_VehicleVinValuation":      runVehicleVinValuationReq,
+	"toc_VehicleTransferSimple":    runVehicleTransferSimpleReq,
+	"toc_VehicleTransferDetail":    runVehicleVinCodeReq,
+	"toc_VehicleMaintenanceSimple": runVehicleMaintenanceSimpleReq,
+	"toc_VehicleMaintenanceDetail": runVehicleMaintenanceDetailReq,
+	"toc_VehicleClaimDetail":       runVehicleClaimDetailReq,
+	"toc_VehicleClaimVerify":       runVehicleClaimVerifyReq,
+	// 核验工具（verify feature.md）
+	"toc_PoliceTwoFactors":                 runVerifyAuthTwoReq,
+	"toc_PoliceThreeFactors":               runVerifyAuthThreeReq,
+	"toc_ProfessionalCertificate":          runVerifyCertReq,
+	"toc_PersonalConsumptionCapacityLevel": runVerifyConsumptionReq, // 个人消费能力（沿用现有 product_en）
+	"toc_OperatorTwoFactors":               runVerifyYysTwoReq,
+	"toc_MobileThreeFactors":               runVerifyYysThreeReq,
+	"toc_NumberRecycle":                    runVerifyMobileOnlyReq,
+	"toc_MobileEmptyCheck":                 runVerifyMobileOnlyReq,
+	"toc_MobilePortability":                runVerifyMobileOnlyReq,
+	"toc_MobileOnlineStatus":               runVerifyMobileOnlyReq,
+	"toc_MobileOnlineDuration":             runVerifyMobileOnlyReq,
+	"toc_MobileAttribution":                runVerifyMobileOnlyReq,
+	"toc_MobileConsumptionRange":           runVerifyYysConsumptionReq,
+	"toc_EnterpriseRelation":               runVerifyEntRelationReq,
+	"toc_BankcardFourFactors":              runVerifyBankFourReq,
+	"toc_BankcardBlacklist":                runVerifyBankBlackReq,
+}
+
+// productHasSmsCode 表示该 product 解密后的请求结构体中是否包含必填短信验证码 Code。
+// 有 Code 的产品在「获取验证码」时已经做了滑块，这里不再强制要求 CaptchaVerifyParam。
+// 其他产品（无 Code）在查询时必须传并校验 CaptchaVerifyParam，防止跳过图形验证；
+// 微信小程序（X-Platform: wxmini，见 ctxdata.GetPlatformFromCtx）不嵌入 H5 滑块，由 PreprocessLogic 跳过图形校验。
+func productHasSmsCode(product string) bool {
+	switch product {
+	case "marriage",
+		"homeservice",
+		"riskassessment",
+		"companyinfo",
+		"rentalinfo",
+		"preloanbackgroundcheck",
+		"personalData",
+		"toc_PersonalLawsuit",
+		"toc_EnterpriseLawsuit",
+		"toc_Marriage",
+		"toc_PersonalMarriageStatus",
+		"toc_MarriageStatusRegisterTime",
+		"toc_MarriageStatusSupplement",
+		"toc_MarriageStatusVerify",
+		"toc_DualMarriageStatusRegisterTime",
+		"toc_VehiclesUnderName",
+		"toc_VehiclesUnderNamePlate":
+		return true
+	default:
+		return false
+	}
+}
+
+func (l *QueryServiceLogic) PreprocessLogic(req *types.QueryServiceReq, product string) (*types.QueryServiceResp, error) {
+	// 无短信验证码 Code 的 product：查询前必须传并校验滑块；微信小程序端跳过（依赖登录态与 X-Platform）
+	requireCaptcha := !productHasSmsCode(product)
+	if requireCaptcha {
+		if plat, platErr := ctxdata.GetPlatformFromCtx(l.ctx); platErr == nil && plat == model.PlatformWxMini {
+			requireCaptcha = false
+		}
+	}
+	if requireCaptcha {
+		if req.CaptchaVerifyParam == "" {
+			return nil, errors.Wrapf(xerr.NewErrMsg("请完成图形验证"), "product %s requires captcha", product)
+		}
+		cfg := l.svcCtx.Config.Captcha
+		if err := captcha.Verify(captcha.Config{
+			AccessKeyID:     cfg.AccessKeyID,
+			AccessKeySecret: cfg.AccessKeySecret,
+			EndpointURL:     cfg.EndpointURL,
+			SceneID:         cfg.SceneID,
+		}, req.CaptchaVerifyParam); err != nil {
+			return nil, err
+		}
+	}
+
+	decryptData, err := l.DecryptData(req.Data)
+	if err != nil {
+		return nil, err
+	}
+	handler, exists := productHandlers[product]
+	if !exists {
+		return nil, errors.New("未找到相应的处理程序")
+	}
+	params, err := handler(l, decryptData, product)
+	if err != nil {
+		return nil, err
+	}
+	return l.commonQueryTail(params, product)
+}
+
+// commonQueryTail 通用收尾：写缓存、生成 token 并返回
+func (l *QueryServiceLogic) commonQueryTail(params map[string]interface{}, product string) (*types.QueryServiceResp, error) {
+	userID, err := l.GetOrCreateUser()
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 处理用户失败: %v", err)
+	}
+	cacheNo, cacheDataErr := l.CacheData(params, product, userID)
+	if cacheDataErr != nil {
+		return nil, cacheDataErr
+	}
+	token, err := l.svcCtx.UserService.GeneralUserToken(l.ctx, userID, model.UserTypeNormal)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 生成token失败 : %d", userID)
+	}
+	now := time.Now().Unix()
+	return &types.QueryServiceResp{
+		Id:           cacheNo,
+		AccessToken:  token,
+		AccessExpire: now + l.svcCtx.Config.JwtAuth.AccessExpire,
+		RefreshAfter: now + l.svcCtx.Config.JwtAuth.RefreshAfter,
+	}, nil
+}
+
+// runMarriageReq 姓名+身份证+手机+验证码 类产品（婚恋、家政、司法涉诉、婚姻状况、名下车辆等）
+func runMarriageReq(l *QueryServiceLogic, decryptData []byte, product string) (map[string]interface{}, error) {
+	var data types.MarriageReq
+	if unmarshalErr := json.Unmarshal(decryptData, &data); unmarshalErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", unmarshalErr)
+	}
+	if validatorErr := validator.Validate(data); validatorErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, validatorErr.Error()), "查询服务, 参数不正确: %+v", validatorErr)
+	}
+	if verifyCodeErr := l.VerifyCode(data.Mobile, data.Code); verifyCodeErr != nil {
+		return nil, verifyCodeErr
+	}
+	if verifyErr := l.Verify(data.Name, data.IDCard, data.Mobile); verifyErr != nil {
+		return nil, verifyErr
+	}
+	return map[string]interface{}{
+		"name":    data.Name,
+		"id_card": data.IDCard,
+		"mobile":  data.Mobile,
+	}, nil
+}
+
+func runBackgroundCheckReq(l *QueryServiceLogic, decryptData []byte, product string) (map[string]interface{}, error) {
+	var data types.BackgroundCheckReq
+	if unmarshalErr := json.Unmarshal(decryptData, &data); unmarshalErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", unmarshalErr)
+	}
+	if validatorErr := validator.Validate(data); validatorErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, validatorErr.Error()), "查询服务, 参数不正确: %+v", validatorErr)
+	}
+	if verifyErr := l.Verify(data.Name, data.IDCard, data.Mobile); verifyErr != nil {
+		return nil, verifyErr
+	}
+	return map[string]interface{}{
+		"name":    data.Name,
+		"id_card": data.IDCard,
+		"mobile":  data.Mobile,
+	}, nil
+}
+
+// runEntLawsuitReq 企业司法涉诉：企业名称+统一社会信用代码+手机+验证码
+func runEntLawsuitReq(l *QueryServiceLogic, decryptData []byte, product string) (map[string]interface{}, error) {
+	var data types.EntLawsuitReq
+	if unmarshalErr := json.Unmarshal(decryptData, &data); unmarshalErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", unmarshalErr)
+	}
+	if validatorErr := validator.Validate(data); validatorErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, validatorErr.Error()), "查询服务, 参数不正确: %+v", validatorErr)
+	}
+	if verifyCodeErr := l.VerifyCode(data.Mobile, data.Code); verifyCodeErr != nil {
+		return nil, verifyCodeErr
+	}
+	return map[string]interface{}{
+		"ent_name": data.EntName,
+		"ent_code": data.EntCode,
+		"mobile":   data.Mobile,
+	}, nil
+}
+
+// 企业司法涉诉简版 QYGL66SL：仅企业名称，auth_date 与授权文件编码由后端自动生成
+func runEnterpriseLawsuitSimpleReq(l *QueryServiceLogic, decryptData []byte, product string) (map[string]interface{}, error) {
+	var data types.EnterpriseLawsuitSimpleReq
+	if unmarshalErr := json.Unmarshal(decryptData, &data); unmarshalErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", unmarshalErr)
+	}
+	if validatorErr := validator.Validate(data); validatorErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, validatorErr.Error()), "查询服务, 参数不正确: %+v", validatorErr)
+	}
+	now := time.Now()
+	start := now.AddDate(0, 0, -7)
+	end := now.AddDate(0, 0, 7)
+	authDate := fmt.Sprintf("%s-%s", start.Format("20060102"), end.Format("20060102"))
+	return map[string]interface{}{
+		"ent_name":                 data.EntName,
+		"auth_date":                authDate,
+		"auth_authorize_file_code": "AUTHTYC0001",
+	}, nil
+}
+
+// 限高被执行人 FLXG3A9B
+func runLimitHighExecutedReq(l *QueryServiceLogic, decryptData []byte, product string) (map[string]interface{}, error) {
+	var data types.LimitHighExecutedReq
+	if unmarshalErr := json.Unmarshal(decryptData, &data); unmarshalErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", unmarshalErr)
+	}
+	if validatorErr := validator.Validate(data); validatorErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, validatorErr.Error()), "查询服务, 参数不正确: %+v", validatorErr)
+	}
+	auth := data.Authorized
+	if auth == "" {
+		auth = "1"
+	}
+	return map[string]interface{}{
+		"name":       data.Name,
+		"id_card":    data.IDCard,
+		"mobile_no":  data.Mobile,
+		"authorized": auth,
+	}, nil
+}
+
+// 本人不良 FLXGDEA9：姓名 + 身份证（授权由 ApiRequest 默认传 1）
+func runPersonalBadRecordReq(l *QueryServiceLogic, decryptData []byte, product string) (map[string]interface{}, error) {
+	var data types.PersonalBadRecordReq
+	if unmarshalErr := json.Unmarshal(decryptData, &data); unmarshalErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", unmarshalErr)
+	}
+	if validatorErr := validator.Validate(data); validatorErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, validatorErr.Error()), "查询服务, 参数不正确: %+v", validatorErr)
+	}
+	return map[string]interface{}{
+		"name":    data.Name,
+		"id_card": data.IDCard,
+	}, nil
+}
+
+// 失信被执行人 QYGL2S0W
+func runDishonestExecutedReq(l *QueryServiceLogic, decryptData []byte, product string) (map[string]interface{}, error) {
+	var data types.DishonestExecutedReq
+	if unmarshalErr := json.Unmarshal(decryptData, &data); unmarshalErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", unmarshalErr)
+	}
+	if validatorErr := validator.Validate(data); validatorErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, validatorErr.Error()), "查询服务, 参数不正确: %+v", validatorErr)
+	}
+	tp := data.Type
+	if tp == "" {
+		tp = "per"
+	}
+	return map[string]interface{}{
+		"type":    tp,
+		"name":    data.Name,
+		"id_card": data.IDCard,
+	}, nil
+}
+
+// runDualMarriageReq 双人婚姻状态：男方/女方姓名+身份证+手机+验证码
+func runDualMarriageReq(l *QueryServiceLogic, decryptData []byte, product string) (map[string]interface{}, error) {
+	var data types.TocDualMarriageReq
+	if unmarshalErr := json.Unmarshal(decryptData, &data); unmarshalErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", unmarshalErr)
+	}
+	if validatorErr := validator.Validate(data); validatorErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, validatorErr.Error()), "查询服务, 参数不正确: %+v", validatorErr)
+	}
+	if verifyCodeErr := l.VerifyCode(data.Mobile, data.Code); verifyCodeErr != nil {
+		return nil, verifyCodeErr
+	}
+	if verifyErr := l.VerifyTwo(data.NameMan, data.IDCardMan); verifyErr != nil {
+		return nil, verifyErr
+	}
+	if verifyErr := l.VerifyTwo(data.NameWoman, data.IDCardWoman); verifyErr != nil {
+		return nil, verifyErr
+	}
+	return map[string]interface{}{
+		"name":          data.NameMan,
+		"id_card":       data.IDCardMan,
+		"mobile":        data.Mobile,
+		"name_man":      data.NameMan,
+		"id_card_man":   data.IDCardMan,
+		"name_woman":    data.NameWoman,
+		"id_card_woman": data.IDCardWoman,
+	}, nil
+}
+
+// runPersonVehicleVerificationReq 人车核验简版：姓名+号牌类型+车牌号
+func runPersonVehicleVerificationReq(l *QueryServiceLogic, decryptData []byte, product string) (map[string]interface{}, error) {
+	var data types.TocPersonVehicleVerification
+	if unmarshalErr := json.Unmarshal(decryptData, &data); unmarshalErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", unmarshalErr)
+	}
+	if validatorErr := validator.Validate(data); validatorErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, validatorErr.Error()), "查询服务, 参数不正确: %+v", validatorErr)
+	}
+
+	return map[string]interface{}{
+		"name":          data.Name,
+		"plate_no":      data.CarLicense,
+		"carplate_type": data.CarType,
+	}, nil
+}
+
+// runVehiclesUnderNameCountReq 名下车辆(数量) QCXG4D2E：仅 user_type + id_card
+func runVehiclesUnderNameCountReq(l *QueryServiceLogic, decryptData []byte, product string) (map[string]interface{}, error) {
+	var data types.TocVehiclesUnderNameCountReq
+	if unmarshalErr := json.Unmarshal(decryptData, &data); unmarshalErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", unmarshalErr)
+	}
+	if validatorErr := validator.Validate(data); validatorErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, validatorErr.Error()), "查询服务, 参数不正确: %+v", validatorErr)
+	}
+	userType := data.UserType
+	if userType == "" {
+		userType = "1"
+	}
+	return map[string]interface{}{
+		"user_type": userType,
+		"id_card":   data.IDCard,
+	}, nil
+}
+
+// runVehicleVinCodeReq 仅 vin_code（车辆静态信息、过户详版等）
+func runVehicleVinCodeReq(l *QueryServiceLogic, decryptData []byte, product string) (map[string]interface{}, error) {
+	var data types.TocVehicleVinCodeReq
+	if unmarshalErr := json.Unmarshal(decryptData, &data); unmarshalErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", unmarshalErr)
+	}
+	if validatorErr := validator.Validate(data); validatorErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, validatorErr.Error()), "查询服务, 参数不正确: %+v", validatorErr)
+	}
+	if data.Mobile != "" && data.Code != "" {
+		if verifyCodeErr := l.VerifyCode(data.Mobile, data.Code); verifyCodeErr != nil {
+			return nil, verifyCodeErr
+		}
+	}
+	return map[string]interface{}{
+		"vin_code": data.VinCode,
+	}, nil
+}
+
+// runVehicleMileageMixedReq 车辆里程记录(混合) QCXG1U4U
+func runVehicleMileageMixedReq(l *QueryServiceLogic, decryptData []byte, product string) (map[string]interface{}, error) {
+	var data types.TocVehicleMileageMixedReq
+	if unmarshalErr := json.Unmarshal(decryptData, &data); unmarshalErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", unmarshalErr)
+	}
+	if validatorErr := validator.Validate(data); validatorErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, validatorErr.Error()), "查询服务, 参数不正确: %+v", validatorErr)
+	}
+	if data.Mobile != "" && data.Code != "" {
+		if verifyCodeErr := l.VerifyCode(data.Mobile, data.Code); verifyCodeErr != nil {
+			return nil, verifyCodeErr
+		}
+	}
+	// 回调地址由后端在 ApiRequestService 中统一生成，此处不再下发 return_url
+	return map[string]interface{}{
+		"vin_code":  data.VinCode,
+		"image_url": data.ImageURL,
+	}, nil
+}
+
+// runVehicleVinValuationReq 二手车VIN估值 QCXGY7F2（仅必填）
+func runVehicleVinValuationReq(l *QueryServiceLogic, decryptData []byte, product string) (map[string]interface{}, error) {
+	var data types.TocVehicleVinValuationReq
+	if unmarshalErr := json.Unmarshal(decryptData, &data); unmarshalErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", unmarshalErr)
+	}
+	if validatorErr := validator.Validate(data); validatorErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, validatorErr.Error()), "查询服务, 参数不正确: %+v", validatorErr)
+	}
+	if data.Mobile != "" && data.Code != "" {
+		if verifyCodeErr := l.VerifyCode(data.Mobile, data.Code); verifyCodeErr != nil {
+			return nil, verifyCodeErr
+		}
+	}
+	return map[string]interface{}{
+		"vin_code":               data.VinCode,
+		"vehicle_location":       data.VehicleLocation,
+		"first_registrationdate": data.FirstRegistrationDate,
+	}, nil
+}
+
+// runVehicleTransferSimpleReq 车辆过户简版 QCXG1H7Y（仅必填 vin_code）
+func runVehicleTransferSimpleReq(l *QueryServiceLogic, decryptData []byte, product string) (map[string]interface{}, error) {
+	var data types.TocVehicleTransferSimpleReq
+	if unmarshalErr := json.Unmarshal(decryptData, &data); unmarshalErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", unmarshalErr)
+	}
+	if validatorErr := validator.Validate(data); validatorErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, validatorErr.Error()), "查询服务, 参数不正确: %+v", validatorErr)
+	}
+	if data.Mobile != "" && data.Code != "" {
+		if verifyCodeErr := l.VerifyCode(data.Mobile, data.Code); verifyCodeErr != nil {
+			return nil, verifyCodeErr
+		}
+	}
+	return map[string]interface{}{"vin_code": data.VinCode}, nil
+}
+
+// runVehicleMaintenanceSimpleReq 车辆维保简版 QCXG3Y6B（仅必填 vin_code；回调地址后端自动生成）
+func runVehicleMaintenanceSimpleReq(l *QueryServiceLogic, decryptData []byte, product string) (map[string]interface{}, error) {
+	var data types.TocVehicleMaintenanceSimpleReq
+	if unmarshalErr := json.Unmarshal(decryptData, &data); unmarshalErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", unmarshalErr)
+	}
+	if validatorErr := validator.Validate(data); validatorErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, validatorErr.Error()), "查询服务, 参数不正确: %+v", validatorErr)
+	}
+	if data.Mobile != "" && data.Code != "" {
+		if verifyCodeErr := l.VerifyCode(data.Mobile, data.Code); verifyCodeErr != nil {
+			return nil, verifyCodeErr
+		}
+	}
+	// 回调地址由后端在 ApiRequestService 中统一生成，此处不再下发 return_url
+	return map[string]interface{}{
+		"vin_code": data.VinCode,
+	}, nil
+}
+
+// runVehicleMaintenanceDetailReq 车辆维保详细版 QCXG3Z3L（仅必填 vin_code；回调地址后端自动生成）
+func runVehicleMaintenanceDetailReq(l *QueryServiceLogic, decryptData []byte, product string) (map[string]interface{}, error) {
+	var data types.TocVehicleMaintenanceDetailReq
+	if unmarshalErr := json.Unmarshal(decryptData, &data); unmarshalErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", unmarshalErr)
+	}
+	if validatorErr := validator.Validate(data); validatorErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, validatorErr.Error()), "查询服务, 参数不正确: %+v", validatorErr)
+	}
+	if data.Mobile != "" && data.Code != "" {
+		if verifyCodeErr := l.VerifyCode(data.Mobile, data.Code); verifyCodeErr != nil {
+			return nil, verifyCodeErr
+		}
+	}
+	// 回调地址由后端在 ApiRequestService 中统一生成，此处不再下发 return_url
+	return map[string]interface{}{
+		"vin_code": data.VinCode,
+	}, nil
+}
+
+// runVehicleClaimDetailReq 车辆出险详版 QCXGP00W（仅必填 vin_code, vlphoto_data；回调地址后端自动生成），vlphoto_data 由 API 层加密为 data
+func runVehicleClaimDetailReq(l *QueryServiceLogic, decryptData []byte, product string) (map[string]interface{}, error) {
+	var data types.TocVehicleClaimDetailReq
+	if unmarshalErr := json.Unmarshal(decryptData, &data); unmarshalErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", unmarshalErr)
+	}
+	if validatorErr := validator.Validate(data); validatorErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, validatorErr.Error()), "查询服务, 参数不正确: %+v", validatorErr)
+	}
+	if data.Mobile != "" && data.Code != "" {
+		if verifyCodeErr := l.VerifyCode(data.Mobile, data.Code); verifyCodeErr != nil {
+			return nil, verifyCodeErr
+		}
+	}
+	// 回调地址由后端在 ApiRequestService 中统一生成，此处不再下发 return_url
+	return map[string]interface{}{
+		"vin_code":     data.VinCode,
+		"vlphoto_data": data.VlphotoData,
+	}, nil
+}
+
+// runVehicleClaimVerifyReq 车辆出险记录核验 QCXG6B4E
+func runVehicleClaimVerifyReq(l *QueryServiceLogic, decryptData []byte, product string) (map[string]interface{}, error) {
+	var data types.TocVehicleClaimVerifyReq
+	if unmarshalErr := json.Unmarshal(decryptData, &data); unmarshalErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", unmarshalErr)
+	}
+	if validatorErr := validator.Validate(data); validatorErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, validatorErr.Error()), "查询服务, 参数不正确: %+v", validatorErr)
+	}
+	if data.Mobile != "" && data.Code != "" {
+		if verifyCodeErr := l.VerifyCode(data.Mobile, data.Code); verifyCodeErr != nil {
+			return nil, verifyCodeErr
+		}
+	}
+	auth := data.Authorized
+	if auth == "" {
+		auth = "1"
+	}
+	return map[string]interface{}{
+		"vin_code":   data.VINCode,
+		"authorized": auth,
+	}, nil
+}
+
+// runPersonEnterpriseProReq 人企关系加强版预查询：仅身份证号
+func runPersonEnterpriseProReq(l *QueryServiceLogic, decryptData []byte, product string) (map[string]interface{}, error) {
+	var data types.TocPersonEnterpriseProReq
+	if unmarshalErr := json.Unmarshal(decryptData, &data); unmarshalErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", unmarshalErr)
+	}
+	if validatorErr := validator.Validate(data); validatorErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, validatorErr.Error()), "查询服务, 参数不正确: %+v", validatorErr)
+	}
+	return map[string]interface{}{
+		"id_card": data.IDCard,
+	}, nil
+}
+
+// --------------- 核验工具 handlers ---------------
+func runVerifyAuthTwoReq(l *QueryServiceLogic, decryptData []byte, product string) (map[string]interface{}, error) {
+	var data types.TocVerifyAuthTwoReq
+	if err := json.Unmarshal(decryptData, &data); err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", err)
+	}
+	if err := validator.Validate(data); err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, err.Error()), "查询服务, 参数不正确: %+v", err)
+	}
+	return map[string]interface{}{"mobile_no": data.MobileNo, "id_card": data.IDCard, "name": data.Name}, nil
+}
+
+func runVerifyAuthThreeReq(l *QueryServiceLogic, decryptData []byte, product string) (map[string]interface{}, error) {
+	var data types.TocVerifyAuthThreeReq
+	if err := json.Unmarshal(decryptData, &data); err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", err)
+	}
+	if err := validator.Validate(data); err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, err.Error()), "查询服务, 参数不正确: %+v", err)
+	}
+	return map[string]interface{}{"photo_data": data.PhotoData, "id_card": data.IDCard, "name": data.Name}, nil
+}
+
+func runVerifyCertReq(l *QueryServiceLogic, decryptData []byte, product string) (map[string]interface{}, error) {
+	var data types.TocVerifyCertReq
+	if err := json.Unmarshal(decryptData, &data); err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", err)
+	}
+	if err := validator.Validate(data); err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, err.Error()), "查询服务, 参数不正确: %+v", err)
+	}
+	return map[string]interface{}{"id_card": data.IDCard, "name": data.Name}, nil
+}
+
+func runVerifyConsumptionReq(l *QueryServiceLogic, decryptData []byte, product string) (map[string]interface{}, error) {
+	var data types.TocVerifyConsumptionReq
+	if err := json.Unmarshal(decryptData, &data); err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", err)
+	}
+	if err := validator.Validate(data); err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, err.Error()), "查询服务, 参数不正确: %+v", err)
+	}
+	return map[string]interface{}{"mobile_no": data.MobileNo, "id_card": data.IDCard, "name": data.Name}, nil
+}
+
+func runVerifyYysTwoReq(l *QueryServiceLogic, decryptData []byte, product string) (map[string]interface{}, error) {
+	var data types.TocVerifyYysTwoReq
+	if err := json.Unmarshal(decryptData, &data); err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", err)
+	}
+	if err := validator.Validate(data); err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, err.Error()), "查询服务, 参数不正确: %+v", err)
+	}
+	return map[string]interface{}{"mobile_no": data.MobileNo, "name": data.Name}, nil
+}
+
+func runVerifyYysThreeReq(l *QueryServiceLogic, decryptData []byte, product string) (map[string]interface{}, error) {
+	var data types.TocVerifyYysThreeReq
+	if err := json.Unmarshal(decryptData, &data); err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", err)
+	}
+	if err := validator.Validate(data); err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, err.Error()), "查询服务, 参数不正确: %+v", err)
+	}
+	return map[string]interface{}{"mobile_no": data.MobileNo, "id_card": data.IDCard, "name": data.Name}, nil
+}
+
+func runVerifyMobileOnlyReq(l *QueryServiceLogic, decryptData []byte, product string) (map[string]interface{}, error) {
+	var data types.TocVerifyMobileOnlyReq
+	if err := json.Unmarshal(decryptData, &data); err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", err)
+	}
+	if err := validator.Validate(data); err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, err.Error()), "查询服务, 参数不正确: %+v", err)
+	}
+	return map[string]interface{}{"mobile_no": data.MobileNo}, nil
+}
+
+func runVerifyYysConsumptionReq(l *QueryServiceLogic, decryptData []byte, product string) (map[string]interface{}, error) {
+	var data types.TocVerifyYysConsumptionReq
+	if err := json.Unmarshal(decryptData, &data); err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", err)
+	}
+	if err := validator.Validate(data); err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, err.Error()), "查询服务, 参数不正确: %+v", err)
+	}
+	return map[string]interface{}{"mobile_no": data.MobileNo, "authorized": data.Authorized}, nil
+}
+
+func runVerifyEntRelationReq(l *QueryServiceLogic, decryptData []byte, product string) (map[string]interface{}, error) {
+	var data types.TocVerifyEntRelationReq
+	if err := json.Unmarshal(decryptData, &data); err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", err)
+	}
+	out := map[string]interface{}{}
+	if data.IDCard != "" {
+		out["id_card"] = data.IDCard
+	}
+	return out, nil
+}
+
+func runVerifyBankFourReq(l *QueryServiceLogic, decryptData []byte, product string) (map[string]interface{}, error) {
+	var data types.TocVerifyBankFourReq
+	if err := json.Unmarshal(decryptData, &data); err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", err)
+	}
+	if err := validator.Validate(data); err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, err.Error()), "查询服务, 参数不正确: %+v", err)
+	}
+	return map[string]interface{}{
+		"mobile_no": data.MobileNo,
+		"id_card":   data.IDCard,
+		"bank_card": data.BankCard,
+		"name":      data.Name,
+	}, nil
+}
+
+func runVerifyBankBlackReq(l *QueryServiceLogic, decryptData []byte, product string) (map[string]interface{}, error) {
+	var data types.TocVerifyBankBlackReq
+	if err := json.Unmarshal(decryptData, &data); err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 解密后的数据格式不正确: %+v", err)
+	}
+	if err := validator.Validate(data); err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, err.Error()), "查询服务, 参数不正确: %+v", err)
+	}
+	return map[string]interface{}{
+		"mobile_no": data.MobileNo,
+		"id_card":   data.IDCard,
+		"name":      data.Name,
+		"bank_card": data.BankCard,
+	}, nil
+}
+
+func (l *QueryServiceLogic) DecryptData(data string) ([]byte, error) {
+	secretKey := l.svcCtx.Config.Encrypt.SecretKey
+	key, decodeErr := hex.DecodeString(secretKey)
+	if decodeErr != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "密钥获取失败: %+v", decodeErr)
+	}
+	decryptData, aesDecryptErr := crypto.AesDecrypt(data, key)
+	if aesDecryptErr != nil || len(decryptData) == 0 {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "解密失败: %+v", aesDecryptErr)
+	}
+	return decryptData, nil
+}
+
+// 校验验证码（开发环境 ENV=development 可跳过）
+func (l *QueryServiceLogic) VerifyCode(mobile string, code string) error {
+	if os.Getenv("ENV") == "development" {
+		return nil
+	}
+	secretKey := l.svcCtx.Config.Encrypt.SecretKey
+	encryptedMobile, err := crypto.EncryptMobile(mobile, secretKey)
+	if err != nil {
+		return errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "加密手机号失败: %+v", err)
+	}
+	codeRedisKey := fmt.Sprintf("%s:%s", "query", encryptedMobile)
+	cacheCode, err := l.svcCtx.Redis.Get(codeRedisKey)
+	if err != nil {
+		if errors.Is(err, redis.Nil) {
+			return errors.Wrapf(xerr.NewErrMsg("验证码已过期"), "验证码过期: %s", mobile)
+		}
+		return errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "读取验证码redis缓存失败, mobile: %s, err: %+v", mobile, err)
+	}
+	if cacheCode != code {
+		return errors.Wrapf(xerr.NewErrMsg("验证码不正确"), "验证码不正确: %s", mobile)
+	}
+	return nil
+}
+
+func (l *QueryServiceLogic) IsAgentQuery() bool {
+	agentID, _ := l.ctx.Value("agentIdentifier").(string)
+	return agentID != ""
+}
+
+// 二要素验证（仅姓名+身份证号）（开发环境不调用验证 API）
+func (l *QueryServiceLogic) VerifyTwo(Name string, IDCard string) error {
+	if os.Getenv("ENV") == "development" {
+		return nil
+	}
+	twoVerification := service.TwoFactorVerificationRequest{
+		Name:   Name,
+		IDCard: IDCard,
+	}
+	verification, err := l.svcCtx.VerificationService.TwoFactorVerification(twoVerification)
+	if err != nil {
+		return errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "二要素验证失败: %v", err)
+	}
+	if !verification.Passed {
+		return errors.Wrapf(xerr.NewErrCodeMsg(xerr.SERVER_COMMON_ERROR, verification.Err.Error()), "二要素验证不通过: %v", err)
+	}
+	return nil
+}
+
+// 按代理/非代理切换要素验证：代理走三要素；非代理走二要素（开发环境不调用验证 API）
+func (l *QueryServiceLogic) Verify(Name string, IDCard string, Mobile string) error {
+	if os.Getenv("ENV") == "development" {
+		return nil
+	}
+	if !l.IsAgentQuery() {
+		twoVerification := service.TwoFactorVerificationRequest{
+			Name:   Name,
+			IDCard: IDCard,
+		}
+		verification, err := l.svcCtx.VerificationService.TwoFactorVerification(twoVerification)
+		if err != nil {
+			return errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "二要素验证失败: %v", err)
+		}
+		if !verification.Passed {
+			return errors.Wrapf(xerr.NewErrCodeMsg(xerr.SERVER_COMMON_ERROR, verification.Err.Error()), "二要素验证不通过: %v", err)
+		}
+	} else {
+		// 三要素验证
+		if Mobile == "" {
+			return errors.Wrapf(xerr.NewErrCodeMsg(xerr.PARAM_VERIFICATION_ERROR, "手机号不能为空"), "三要素验证参数不正确: mobile为空")
+		}
+		threeVerification := service.ThreeFactorVerificationRequest{
+			Name:   Name,
+			IDCard: IDCard,
+			Mobile: Mobile,
+		}
+		verification, err := l.svcCtx.VerificationService.ThreeFactorVerification(threeVerification)
+		if err != nil {
+			return errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "三要素验证失败: %v", err)
+		}
+		if !verification.Passed {
+			return errors.Wrapf(xerr.NewErrCodeMsg(xerr.SERVER_COMMON_ERROR, verification.Err.Error()), "三要素验证不通过: %v", err)
+		}
+	}
+	return nil
+}
+
+// 缓存
+func (l *QueryServiceLogic) CacheData(params map[string]interface{}, Product string, userID int64) (string, error) {
+	agentIdentifier, _ := l.ctx.Value("agentIdentifier").(string)
+	secretKey := l.svcCtx.Config.Encrypt.SecretKey
+	key, decodeErr := hex.DecodeString(secretKey)
+	if decodeErr != nil {
+		return "", errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 获取AES密钥失败: %+v", decodeErr)
+	}
+	paramsMarshal, marshalErr := json.Marshal(params)
+	if marshalErr != nil {
+		return "", errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 序列化参数失败: %+v", marshalErr)
+	}
+	encryptParams, aesEncryptErr := crypto.AesEncrypt(paramsMarshal, key)
+	if aesEncryptErr != nil {
+		return "", errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 加密参数失败: %+v", aesEncryptErr)
+	}
+	queryCache := types.QueryCacheLoad{
+		Params:          encryptParams,
+		Product:         Product,
+		AgentIdentifier: agentIdentifier,
+	}
+	jsonData, marshalErr := json.Marshal(queryCache)
+	if marshalErr != nil {
+		return "", errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "查询服务, 序列化参数失败: %+v", marshalErr)
+	}
+	outTradeNo := "Q_" + l.svcCtx.AlipayService.GenerateOutTradeNo()
+	redisKey := fmt.Sprintf(types.QueryCacheKey, userID, outTradeNo)
+	cacheErr := l.svcCtx.Redis.SetexCtx(l.ctx, redisKey, string(jsonData), int(2*time.Hour))
+	if cacheErr != nil {
+		return "", cacheErr
+	}
+
+	// 写入 query_user_record，用于后台按被查询人姓名/身份证/手机号追溯订单（见 query_user_record.sql 说明 1）
+	nameStr, _ := params["name"].(string)
+	idCardStr, _ := params["id_card"].(string)
+	mobileStr, _ := params["mobile"].(string)
+	if nameStr != "" || idCardStr != "" || mobileStr != "" {
+		var encName, encIdCard, encMobile string
+		if nameStr != "" {
+			encName, _ = crypto.AesEcbEncrypt([]byte(nameStr), key)
+		}
+		if idCardStr != "" {
+			encIdCard, _ = crypto.EncryptIDCard(idCardStr, key)
+		}
+		if mobileStr != "" {
+			encMobile, _ = crypto.EncryptMobile(mobileStr, secretKey)
+		}
+		agentIdent := sql.NullString{}
+		if agentIdentifier != "" {
+			agentIdent = sql.NullString{String: agentIdentifier, Valid: true}
+		}
+		rec := &model.QueryUserRecord{
+			DeleteTime:      sql.NullTime{},
+			DelState:        globalkey.DelStateNo,
+			Version:         0,
+			UserId:          userID,
+			Name:            encName,
+			IdCard:          encIdCard,
+			Mobile:          encMobile,
+			Product:         Product,
+			QueryNo:         outTradeNo,
+			OrderId:         0,
+			PlatformOrderId: sql.NullString{},
+			AgentIdentifier: agentIdent,
+		}
+		_, insertErr := l.svcCtx.QueryUserRecordModel.Insert(l.ctx, nil, rec)
+		if insertErr != nil {
+			logx.WithContext(l.ctx).Errorf("CacheData 写入 query_user_record 失败: %v", insertErr)
+		}
+	}
+
+	return outTradeNo, nil
+}
+
+// GetOrCreateUser 获取或创建用户
+// 1. 如果上下文中已有用户ID，直接返回
+// 2. 如果是代理查询或APP请求，创建新用户
+// 3. 其他情况返回未登录错误
+func (l *QueryServiceLogic) GetOrCreateUser() (int64, error) {
+	// 尝试获取用户ID
+	claims, err := ctxdata.GetClaimsFromCtx(l.ctx)
+	if err != nil {
+		return 0, err
+	}
+	userID := claims.UserId
+	return userID, nil
+
+	// // 如果不是未登录错误，说明是其他错误，直接返回
+	// if !ctxdata.IsNoUserIdError(err) {
+	// 	return 0, err
+	// }
+
+	// // 检查是否是代理查询或APP请求
+	// isAgentQuery := false
+	// if agentID, ok := l.ctx.Value("agentIdentifier").(string); ok && agentID != "" {
+	// 	isAgentQuery = true
+	// }
+	// if app, ok := l.ctx.Value("app").(bool); ok && app {
+	// 	isAgentQuery = true
+	// }
+
+	// // 如果不是代理查询或APP请求，返回未登录错误
+	// if !isAgentQuery {
+	// 	return 0, ctxdata.ErrNoUserIdInCtx
+	// }
+
+	// // 创建新用户
+	// return l.svcCtx.UserService.RegisterUUIDUser(l.ctx)
+}

app/main/api/internal/logic/toolbox/toolboxquerylogic.go

@@ -0,0 +1,48 @@
+package toolbox
+
+import (
+	"context"
+
+	"qnc-server/app/main/api/internal/svc"
+	"qnc-server/app/main/api/internal/types"
+	"qnc-server/common/xerr"
+
+	"github.com/pkg/errors"
+	"github.com/zeromicro/go-zero/core/logx"
+)
+
+type ToolboxQueryLogic struct {
+	logx.Logger
+	ctx    context.Context
+	svcCtx *svc.ServiceContext
+}
+
+func NewToolboxQueryLogic(ctx context.Context, svcCtx *svc.ServiceContext) *ToolboxQueryLogic {
+	return &ToolboxQueryLogic{
+		Logger: logx.WithContext(ctx),
+		ctx:    ctx,
+		svcCtx: svcCtx,
+	}
+}
+
+func (l *ToolboxQueryLogic) ToolboxQuery(req *types.ToolboxQueryReq) (*types.ToolboxQueryResp, error) {
+	if req.ToolKey == "" {
+		return nil, errors.Wrapf(xerr.NewErrMsg("tool_key 不能为空"), "")
+	}
+	if l.svcCtx.ToolboxService == nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "工具箱服务未初始化")
+	}
+	params := req.Params
+	if params == nil {
+		params = map[string]interface{}{}
+	}
+	result, err := l.svcCtx.ToolboxService.Query(l.ctx, req.ToolKey, params)
+	if err != nil {
+		return nil, err
+	}
+
+	return &types.ToolboxQueryResp{
+		ToolKey: req.ToolKey,
+		Result:  result,
+	}, nil
+}

app/main/api/internal/logic/upload/serveuploadlogic.go

@@ -0,0 +1,67 @@
+package upload
+
+import (
+	"context"
+	"net/http"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"qnc-server/app/main/api/internal/svc"
+	"qnc-server/common/xerr"
+
+	"github.com/pkg/errors"
+	"github.com/zeromicro/go-zero/core/logx"
+)
+
+type ServeUploadLogic struct {
+	logx.Logger
+	ctx    context.Context
+	svcCtx *svc.ServiceContext
+}
+
+func NewServeUploadLogic(ctx context.Context, svcCtx *svc.ServiceContext) *ServeUploadLogic {
+	return &ServeUploadLogic{
+		Logger: logx.WithContext(ctx),
+		ctx:    ctx,
+		svcCtx: svcCtx,
+	}
+}
+
+func (l *ServeUploadLogic) ServeUpload(name string, w http.ResponseWriter) error {
+	name = filepath.Base(strings.TrimSpace(name))
+	if name == "" || name == "." || name == ".." || !isSafeUploadFileName(name) {
+		return errors.Wrapf(xerr.NewErrMsg("无效的文件名"), "")
+	}
+	fullPath := filepath.Join(uploadImageDir, name)
+	data, err := os.ReadFile(fullPath)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return errors.Wrapf(xerr.NewErrMsg("文件不存在"), "")
+		}
+		return errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "读取文件失败: %v", err)
+	}
+	w.Header().Set("Cache-Control", "public, max-age=86400")
+	switch filepath.Ext(name) {
+	case ".png":
+		w.Header().Set("Content-Type", "image/png")
+	case ".gif":
+		w.Header().Set("Content-Type", "image/gif")
+	case ".webp":
+		w.Header().Set("Content-Type", "image/webp")
+	default:
+		w.Header().Set("Content-Type", "image/jpeg")
+	}
+	_, err = w.Write(data)
+	return err
+}
+
+func isSafeUploadFileName(name string) bool {
+	for _, c := range name {
+		if (c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') || (c >= '0' && c <= '9') || c == '.' || c == '_' || c == '-' {
+			continue
+		}
+		return false
+	}
+	return true
+}

app/main/api/internal/logic/upload/uploadimagelogic.go

@@ -0,0 +1,93 @@
+package upload
+
+import (
+	"context"
+	"encoding/base64"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"qnc-server/app/main/api/internal/svc"
+	"qnc-server/app/main/api/internal/types"
+	"qnc-server/common/xerr"
+
+	"github.com/google/uuid"
+	"github.com/pkg/errors"
+	"github.com/zeromicro/go-zero/core/logx"
+)
+
+const uploadImageDir = "uploads/images"
+
+type UploadImageLogic struct {
+	logx.Logger
+	ctx    context.Context
+	svcCtx *svc.ServiceContext
+}
+
+func NewUploadImageLogic(ctx context.Context, svcCtx *svc.ServiceContext) *UploadImageLogic {
+	return &UploadImageLogic{
+		Logger: logx.WithContext(ctx),
+		ctx:    ctx,
+		svcCtx: svcCtx,
+	}
+}
+
+func (l *UploadImageLogic) UploadImage(req *types.UploadImageReq) (*types.UploadImageResp, error) {
+	raw := strings.TrimSpace(req.ImageBase64)
+	if raw == "" {
+		return nil, errors.Wrapf(xerr.NewErrMsg("image_base64 不能为空"), "")
+	}
+	if idx := strings.Index(raw, ","); idx >= 0 {
+		raw = raw[idx+1:]
+	}
+	data, err := base64.StdEncoding.DecodeString(raw)
+	if err != nil {
+		return nil, errors.Wrapf(xerr.NewErrMsg("图片 Base64 解析失败"), "")
+	}
+	if len(data) == 0 {
+		return nil, errors.Wrapf(xerr.NewErrMsg("图片内容为空"), "")
+	}
+	if len(data) > 5*1024*1024 {
+		return nil, errors.Wrapf(xerr.NewErrMsg("图片不能超过 5MB"), "")
+	}
+
+	ext := detectImageExt(data)
+	fileName := fmt.Sprintf("%s%s", uuid.NewString(), ext)
+	dir := uploadImageDir
+	if err := os.MkdirAll(dir, 0o755); err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "创建上传目录失败: %v", err)
+	}
+	fullPath := filepath.Join(dir, fileName)
+	if err := os.WriteFile(fullPath, data, 0o644); err != nil {
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.SERVER_COMMON_ERROR), "保存图片失败: %v", err)
+	}
+
+	base := publicAPIBase(l.svcCtx.Config.Promotion.OfficialDomain)
+	url := fmt.Sprintf("%s/api/v1/upload/file/%s", base, fileName)
+	return &types.UploadImageResp{Url: url}, nil
+}
+
+func detectImageExt(data []byte) string {
+	if len(data) >= 3 && data[0] == 0xFF && data[1] == 0xD8 && data[2] == 0xFF {
+		return ".jpg"
+	}
+	if len(data) >= 8 && string(data[0:8]) == "\x89PNG\r\n\x1a\n" {
+		return ".png"
+	}
+	if len(data) >= 6 && string(data[0:6]) == "GIF87a" || string(data[0:6]) == "GIF89a" {
+		return ".gif"
+	}
+	if len(data) >= 12 && string(data[8:12]) == "WEBP" {
+		return ".webp"
+	}
+	return ".jpg"
+}
+
+func publicAPIBase(officialDomain string) string {
+	base := strings.TrimRight(officialDomain, "/")
+	if base != "" {
+		return base
+	}
+	return "http://127.0.0.1:8888"
+}

app/main/api/internal/logic/user/bindmobilelogic.go

@@ -68,7 +68,7 @@ func (l *BindMobileLogic) BindMobile(req *types.BindMobileReq) (resp *types.Bind
 		}
 	}
 
-	// 通过加密后的手机号查找目标用户（手机号用户视为正式用户）
+	// 通过加密后的手机号查找目标用户（手机号用户视为正式用户；可能命中 go-zero 二级缓存）
 	targetUser, err := l.svcCtx.UserModel.FindOneByMobile(l.ctx, sql.NullString{String: encryptedMobile, Valid: true})
 	if err != nil && !errors.Is(err, model.ErrNotFound) {
 		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "查找用户失败: %v", err)
@@ -90,6 +90,13 @@ func (l *BindMobileLogic) BindMobile(req *types.BindMobileReq) (resp *types.Bind
 		if _, err := l.svcCtx.UserAuthModel.Insert(l.ctx, nil, &model.UserAuth{Id: uuid.NewString(), UserId: finalUserID, AuthType: model.UserAuthTypeMobile, AuthKey: encryptedMobile}); err != nil {
 			return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "创建手机号认证失败: %v", err)
 		}
+		// 与 userModel_gen 中 FindOneByMobile 的 QueryRowIndexCtx key 规则一致，避免此前「未命中」缓存导致后续按手机号仍查不到
+		userMobileCacheKey := fmt.Sprintf("cache:qnc:user:mobile:%v", sql.NullString{String: encryptedMobile, Valid: true})
+		if _, delErr := l.svcCtx.Redis.DelCtx(l.ctx, userMobileCacheKey); delErr != nil {
+			l.Errorf("[BindMobile] 失效 FindOneByMobile 缓存失败 | key: %s | err: %v", userMobileCacheKey, delErr)
+		} else {
+			l.Infof("[BindMobile] 已失效 FindOneByMobile 缓存 | key: %s", userMobileCacheKey)
+		}
 		// 发放token（userType会根据mobile字段动态计算）
 		token, err := l.svcCtx.UserService.GeneralUserToken(l.ctx, finalUserID)
 		if err != nil {

app/main/api/internal/logic/user/mobilecodeloginlogic.go

@@ -56,7 +56,7 @@ func (l *MobileCodeLoginLogic) MobileCodeLogin(req *types.MobileCodeLoginReq) (r
 	var userID string
 	user, findUserErr := l.svcCtx.UserModel.FindOneByMobile(l.ctx, sql.NullString{String: encryptedMobile, Valid: true})
 	if findUserErr != nil && findUserErr != model.ErrNotFound {
-		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "手机登录, 读取数据库获取用户失败, mobile: %s, err: %+v", encryptedMobile, err)
+		return nil, errors.Wrapf(xerr.NewErrCode(xerr.DB_ERROR), "手机登录, 读取数据库获取用户失败, mobile: %s, err: %+v", encryptedMobile, findUserErr)
 	}
 	if user == nil {
 		// 用户不存在，自动注册新用户