From 0bd44afe3417454c5247c10b70897331e586536b Mon Sep 17 00:00:00 2001
From: Administrator <15274802129@163.com>
Date: Fri, 03 Jul 2026 11:25:45 +0800
Subject: [PATCH] feat(payment): 集成BSPAY巴西PIX支付功能

---
 src/main/java/cc/mrbird/febs/pay/service/BsPayService.java                                 |  382 +++++++++++++++++++++++++++++++
 src/main/java/cc/mrbird/febs/mall/dto/BsPayCreateOrderDto.java                             |   23 +
 src/main/java/cc/mrbird/febs/mall/controller/AdminSystemController.java                    |   22 +
 src/main/java/cc/mrbird/febs/mall/controller/dependentStation/ApiMallOrderController.java  |  118 +++++++++
 src/main/resources/templates/febs/views/modules/system/bsPayConfig.html                    |   88 +++++++
 src/main/java/cc/mrbird/febs/mall/controller/dependentStation/constant/OrderConstants.java |    3 
 src/main/java/cc/mrbird/febs/mall/controller/ViewSystemController.java                     |   16 +
 src/main/java/cc/mrbird/febs/mall/dto/BsPayConfigDto.java                                  |   21 +
 src/main/java/cc/mrbird/febs/mall/dto/ApiOrderPayDto.java                                  |    2 
 src/main/java/cc/mrbird/febs/common/configure/WebMvcConfigure.java                         |    1 
 10 files changed, 674 insertions(+), 2 deletions(-)

diff --git a/src/main/java/cc/mrbird/febs/common/configure/WebMvcConfigure.java b/src/main/java/cc/mrbird/febs/common/configure/WebMvcConfigure.java
index b11da8f..fd3c9e5 100644
--- a/src/main/java/cc/mrbird/febs/common/configure/WebMvcConfigure.java
+++ b/src/main/java/cc/mrbird/febs/common/configure/WebMvcConfigure.java
@@ -39,6 +39,7 @@
         registration.excludePathPatterns("/api/tokenview/**");
         registration.excludePathPatterns("/api/order/lwPayNotify");
         registration.excludePathPatterns("/api/order/lwPayReturn");
+        registration.excludePathPatterns("/api/order/bsPayNotify");
 
         // 添加Swagger UI相关路径
         registration.excludePathPatterns("/api/swagger-ui.html");
diff --git a/src/main/java/cc/mrbird/febs/mall/controller/AdminSystemController.java b/src/main/java/cc/mrbird/febs/mall/controller/AdminSystemController.java
index 00cd1b2..6ad55b9 100644
--- a/src/main/java/cc/mrbird/febs/mall/controller/AdminSystemController.java
+++ b/src/main/java/cc/mrbird/febs/mall/controller/AdminSystemController.java
@@ -95,6 +95,28 @@
         return new FebsResponse().success().message("保存成功");
     }
 
+    @PostMapping(value = "/bsPayConfig")
+    @ControllerEndpoint(operation = "保存BSPAY配置")
+    public FebsResponse bsPayConfig(BsPayConfigDto dto) {
+        if (StrUtil.isBlank(dto.getMemberId())) {
+            return new FebsResponse().fail().message("商户号不能为空");
+        }
+        if (StrUtil.isBlank(dto.getSecretKey())) {
+            return new FebsResponse().fail().message("签名密钥不能为空");
+        }
+        if (StrUtil.isBlank(dto.getNotifyUrl())) {
+            return new FebsResponse().fail().message("回调地址不能为空");
+        }
+        if (StrUtil.isBlank(dto.getApiBaseUrl())) {
+            return new FebsResponse().fail().message("API基础地址不能为空");
+        }
+        commonService.addDataDic("BSPAY_CONFIG", "MEMBER_ID", dto.getMemberId(), "BSPAY商户号", false);
+        commonService.addDataDic("BSPAY_CONFIG", "SECRET_KEY", dto.getSecretKey(), "BSPAY签名密钥", false);
+        commonService.addDataDic("BSPAY_CONFIG", "NOTIFY_URL", dto.getNotifyUrl(), "BSPAY异步回调地址", false);
+        commonService.addDataDic("BSPAY_CONFIG", "API_BASE_URL", dto.getApiBaseUrl(), "BSPAY API基础地址", false);
+        return new FebsResponse().success().message("保存成功");
+    }
+
     @PostMapping(value = "/tokenviewConfig")
     @ControllerEndpoint(operation = "保存Tokenview配置")
     public FebsResponse tokenviewConfig(TokenviewConfigDto dto) {
diff --git a/src/main/java/cc/mrbird/febs/mall/controller/ViewSystemController.java b/src/main/java/cc/mrbird/febs/mall/controller/ViewSystemController.java
index dabf489..70a3723 100644
--- a/src/main/java/cc/mrbird/febs/mall/controller/ViewSystemController.java
+++ b/src/main/java/cc/mrbird/febs/mall/controller/ViewSystemController.java
@@ -147,6 +147,22 @@
         return FebsUtil.view("modules/system/lwPayConfig");
     }
 
+    @GetMapping("bsPayConfig")
+    @RequiresPermissions("bsPayConfig:update")
+    public String bsPayConfig(Model model) {
+        BsPayConfigDto dto = new BsPayConfigDto();
+        DataDictionaryCustom memberId = dataDictionaryCustomMapper.selectDicDataByTypeAndCode("BSPAY_CONFIG", "MEMBER_ID");
+        DataDictionaryCustom secretKey = dataDictionaryCustomMapper.selectDicDataByTypeAndCode("BSPAY_CONFIG", "SECRET_KEY");
+        DataDictionaryCustom notifyUrl = dataDictionaryCustomMapper.selectDicDataByTypeAndCode("BSPAY_CONFIG", "NOTIFY_URL");
+        DataDictionaryCustom apiBaseUrl = dataDictionaryCustomMapper.selectDicDataByTypeAndCode("BSPAY_CONFIG", "API_BASE_URL");
+        if (memberId != null) dto.setMemberId(memberId.getValue());
+        if (secretKey != null) dto.setSecretKey(secretKey.getValue());
+        if (notifyUrl != null) dto.setNotifyUrl(notifyUrl.getValue());
+        if (apiBaseUrl != null) dto.setApiBaseUrl(apiBaseUrl.getValue());
+        model.addAttribute("bsPayConfig", dto);
+        return FebsUtil.view("modules/system/bsPayConfig");
+    }
+
     @GetMapping("tokenviewConfig")
     @RequiresPermissions("tokenviewConfig:update")
     public String tokenviewConfig(Model model) {
diff --git a/src/main/java/cc/mrbird/febs/mall/controller/dependentStation/ApiMallOrderController.java b/src/main/java/cc/mrbird/febs/mall/controller/dependentStation/ApiMallOrderController.java
index 2cf681e..130e66d 100644
--- a/src/main/java/cc/mrbird/febs/mall/controller/dependentStation/ApiMallOrderController.java
+++ b/src/main/java/cc/mrbird/febs/mall/controller/dependentStation/ApiMallOrderController.java
@@ -14,8 +14,10 @@
 import cc.mrbird.febs.mall.vo.ApiOrderPayVo;
 import cc.mrbird.febs.mall.vo.OrderDetailVo;
 import cc.mrbird.febs.mall.vo.OrderListVo;
+import cc.mrbird.febs.pay.service.BsPayService;
 import cc.mrbird.febs.pay.service.IXcxPayService;
 import cc.mrbird.febs.pay.service.LwPayService;
+import cn.hutool.core.util.StrUtil;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
@@ -46,6 +48,7 @@
     private final IApiMallOrderInfoService mallOrderInfoService;
     private final IXcxPayService iXcxPayService;
     private final LwPayService lwPayService;
+    private final BsPayService bsPayService;
     private final IMallCountryDeliveryService countryDeliveryService;
 
     @ApiOperation(value = "创建订单--验证是否允许创建", notes = "创建订单--验证是否允许创建")
@@ -353,6 +356,121 @@
         return "redirect:/pages/payResult?orderNo=" + orderId + "&code=" + returncode;
     }
 
+    // ==================== BSPAY (巴西PIX) 支付 ====================
+
+    /**
+     * 创建订单并通过 BSPAY (巴西PIX) 支付
+     * <p>
+     * 流程:创建订单 → 调 BSPAY 下单接口 → 返回支付 URL (mweb_url)
+     * <p>
+     * 交易类型:trade_type=201 (巴西PIX),货币:BRL
+     */
+    @ApiOperation(value = "创建订单-BSPAY巴西PIX支付", notes = "创建订单并返回BSPAY PIX支付URL")
+    @PostMapping(value = "/createOrderByBsPay")
+    @Limit(key = "createOrderByBsPay", period = 1, count = 1, name = "BSPAY下单", prefix = "limit", limitType = LimitType.IP)
+    public FebsResponse createOrderByBsPay(@RequestBody @Validated BsPayCreateOrderDto bsPayDto) {
+        // 1. 创建订单
+        AddOrderDto addOrderDto = bsPayDto.getOrder();
+        Long orderId = mallOrderInfoService.createOrder(addOrderDto);
+
+        // 2. 获取订单详情
+        MallOrderInfo order = mallOrderInfoService.getById(orderId);
+        if (order != null
+                && OrderStatusEnum.WAIT_PAY.getValue() == order.getStatus()
+        ) {
+            // 3. 调用 BSPAY 下单接口
+            try {
+                String payUrl = bsPayService.createPayment(order);
+
+                Map<String, Object> result = new HashMap<>();
+                result.put("orderNo", order.getOrderNo());
+                result.put("amount", order.getAmount());
+                result.put("payUrl", payUrl);
+                return new FebsResponse().success().data(result);
+            } catch (Exception e) {
+                log.error("BSPAY 下单失败: orderId={}", orderId, e);
+                return new FebsResponse().fail().message("Payment channel exception: " + e.getMessage());
+            }
+        }
+        return new FebsResponse().fail().message("Payment channel exception");
+    }
+
+    @ApiOperation(value = "BSPAY巴西PIX支付", notes = "BSPAY巴西PIX支付")
+    @ApiResponses({
+            @ApiResponse(code = 200, message = "success", response = ApiOrderPayVo.class)
+    })
+    @PostMapping(value = "/payOrderByBsPay", produces = "application/json")
+    public FebsResponse payOrderByBsPay(@RequestBody @Validated ApiOrderPayDto payDto) {
+
+        Long orderId = payDto.getOrderId();
+        Integer payType = payDto.getPayType();
+        // 2. 获取订单详情
+        MallOrderInfo order = mallOrderInfoService.getById(orderId);
+        if (order != null
+                && OrderConstants.PAY_TYPE_BS == payType
+                && OrderStatusEnum.WAIT_PAY.getValue() == order.getStatus()
+        ) {
+            // 3. 调用 BSPAY 下单接口
+            try {
+                String payUrl = bsPayService.createPayment(order);
+
+                Map<String, Object> result = new HashMap<>();
+                result.put("orderNo", order.getOrderNo());
+                result.put("amount", order.getAmount());
+                result.put("payUrl", payUrl);
+                return new FebsResponse().success().data(result).message("success");
+            } catch (Exception e) {
+                log.error("BSPAY 下单失败: orderId={}", orderId, e);
+                return new FebsResponse().fail().message("Payment channel exception: " + e.getMessage());
+            }
+        }
+        return new FebsResponse().fail().message("Payment channel exception");
+    }
+
+    /**
+     * BSPAY 支付结果通知(服务端回调)
+     * <p>
+     * BSPAY 在支付完成后会 POST JSON 通知到此地址。
+     * 需在 BSPAY 下单时传 notify_url 为此地址。
+     * <p>
+     * 注意:收到后必须响应 "SUCCESS",BSPAY 才会停止重试(最多5次)。
+     */
+    @ApiOperation(value = "BSPAY 支付回调", notes = "接收BSPAY异步通知")
+    @PostMapping(value = "/bsPayNotify")
+    public String bsPayNotify(HttpServletRequest request) {
+        // 读取 JSON body
+        try {
+            java.io.BufferedReader reader = request.getReader();
+            StringBuilder sb = new StringBuilder();
+            String line;
+            while ((line = reader.readLine()) != null) {
+                sb.append(line);
+            }
+            String body = sb.toString();
+            log.info("BSPAY 回调原始数据: {}", body);
+
+            if (StrUtil.isBlank(body)) {
+                log.error("BSPAY 回调数据为空");
+                return "FAIL";
+            }
+
+            // 解析 JSON 为 Map
+            Map<String, String> params = new HashMap<>();
+            com.alibaba.fastjson.JSONObject json = com.alibaba.fastjson.JSONObject.parseObject(body);
+            for (String key : json.keySet()) {
+                params.put(key, json.getString(key));
+            }
+
+            log.info("BSPAY 回调参数: {}", params);
+
+            boolean success = bsPayService.handleCallback(params);
+            return success ? "SUCCESS" : "FAIL";
+        } catch (Exception e) {
+            log.error("BSPAY 回调处理异常", e);
+            return "FAIL";
+        }
+    }
+
     @ApiOperation(value = "根据国家编码查询运费", notes = "根据国家编码查询对应运费")
     @ApiResponses({
             @ApiResponse(code = 200, message = "success")
diff --git a/src/main/java/cc/mrbird/febs/mall/controller/dependentStation/constant/OrderConstants.java b/src/main/java/cc/mrbird/febs/mall/controller/dependentStation/constant/OrderConstants.java
index 8add63c..0b27aa5 100644
--- a/src/main/java/cc/mrbird/febs/mall/controller/dependentStation/constant/OrderConstants.java
+++ b/src/main/java/cc/mrbird/febs/mall/controller/dependentStation/constant/OrderConstants.java
@@ -29,13 +29,14 @@
     public static final String ORDER_STATE = "order_state";
 
     /**
-     * 支付方式 1-微信 2-支付宝 3-USDT 4-LWPAY支付 5-XT支付
+     * 支付方式 1-微信 2-支付宝 3-USDT 4-LWPAY支付 5-XT支付 6-BSPAY支付(巴西PIX)
      */
     public static final Integer PAY_TYPE_WECHAT = 1;
     public static final Integer PAY_TYPE_ALIPAY = 2;
     public static final Integer PAY_TYPE_USDT = 3;
     public static final Integer PAY_TYPE_SYSTEM = 4;
     public static final Integer PAY_TYPE_XT = 5;
+    public static final Integer PAY_TYPE_BS = 6;
     public static final String ORDER_PAY_TYPE = "order_pay_type";
 
     public static final String TRC20_SYSTEM_ADDRESS = "pay.trc20.address";
diff --git a/src/main/java/cc/mrbird/febs/mall/dto/ApiOrderPayDto.java b/src/main/java/cc/mrbird/febs/mall/dto/ApiOrderPayDto.java
index 85a6a8f..d522eaa 100644
--- a/src/main/java/cc/mrbird/febs/mall/dto/ApiOrderPayDto.java
+++ b/src/main/java/cc/mrbird/febs/mall/dto/ApiOrderPayDto.java
@@ -17,6 +17,6 @@
     private Long orderId;
 
     @NotNull(message = "支付方式不能为空")
-    @ApiModelProperty(value = "支付方式 1-微信 2-支付宝 3-USDT 4-LwPAY 5-XTPAY", example = "you_ke_*****")
+    @ApiModelProperty(value = "支付方式 1-微信 2-支付宝 3-USDT 4-LwPAY 5-XTPAY 6-BSPAY", example = "you_ke_*****")
     private Integer payType;
 }
\ No newline at end of file
diff --git a/src/main/java/cc/mrbird/febs/mall/dto/BsPayConfigDto.java b/src/main/java/cc/mrbird/febs/mall/dto/BsPayConfigDto.java
new file mode 100644
index 0000000..163707c
--- /dev/null
+++ b/src/main/java/cc/mrbird/febs/mall/dto/BsPayConfigDto.java
@@ -0,0 +1,21 @@
+package cc.mrbird.febs.mall.dto;
+
+import lombok.Data;
+
+/**
+ * BSPAY (巴西PIX) 支付配置 DTO
+ * 对应 data_dictionary_custom 表 type='BSPAY_CONFIG' 的多条记录
+ *
+ * @author auto-generated
+ */
+@Data
+public class BsPayConfigDto {
+    /** BSPAY 商户号 */
+    private String memberId;
+    /** BSPAY 签名密钥 */
+    private String secretKey;
+    /** 异步回调通知地址 */
+    private String notifyUrl;
+    /** BSPAY API 基础地址 */
+    private String apiBaseUrl;
+}
diff --git a/src/main/java/cc/mrbird/febs/mall/dto/BsPayCreateOrderDto.java b/src/main/java/cc/mrbird/febs/mall/dto/BsPayCreateOrderDto.java
new file mode 100644
index 0000000..8be876c
--- /dev/null
+++ b/src/main/java/cc/mrbird/febs/mall/dto/BsPayCreateOrderDto.java
@@ -0,0 +1,23 @@
+package cc.mrbird.febs.mall.dto;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+
+import javax.validation.Valid;
+import javax.validation.constraints.NotNull;
+
+/**
+ * BSPAY (巴西PIX) 创建订单请求 DTO
+ *
+ * @author auto-generated
+ */
+@Data
+@ApiModel(value = "BsPayCreateOrderDto", description = "BSPAY巴西PIX支付下单参数")
+public class BsPayCreateOrderDto {
+
+    @Valid
+    @NotNull(message = "订单信息不能为空")
+    @ApiModelProperty(value = "订单信息", required = true)
+    private AddOrderDto order;
+}
diff --git a/src/main/java/cc/mrbird/febs/pay/service/BsPayService.java b/src/main/java/cc/mrbird/febs/pay/service/BsPayService.java
new file mode 100644
index 0000000..df2fd0c
--- /dev/null
+++ b/src/main/java/cc/mrbird/febs/pay/service/BsPayService.java
@@ -0,0 +1,382 @@
+package cc.mrbird.febs.pay.service;
+
+import cc.mrbird.febs.common.enumerates.OrderStatusEnum;
+import cc.mrbird.febs.common.utils.RedisUtils;
+import cc.mrbird.febs.mall.controller.dependentStation.constant.OrderConstants;
+import cc.mrbird.febs.mall.entity.DataDictionaryCustom;
+import cc.mrbird.febs.mall.entity.MallOrderInfo;
+import cc.mrbird.febs.mall.mapper.DataDictionaryCustomMapper;
+import cc.mrbird.febs.mall.mapper.MallOrderInfoMapper;
+import cn.hutool.core.util.StrUtil;
+import cn.hutool.crypto.SecureUtil;
+import com.alibaba.fastjson.JSONObject;
+import com.baomidou.mybatisplus.core.toolkit.Wrappers;
+import lombok.extern.slf4j.Slf4j;
+import okhttp3.MediaType;
+import okhttp3.OkHttpClient;
+import okhttp3.Request;
+import okhttp3.RequestBody;
+import okhttp3.Response;
+import org.springframework.stereotype.Service;
+
+import javax.annotation.Resource;
+import java.math.BigDecimal;
+import java.math.RoundingMode;
+import java.util.Date;
+import java.util.Map;
+import java.util.TreeMap;
+
+/**
+ * BSPAY (巴西PIX) 支付服务
+ * <p>
+ * 处理 BSPAY 下单(PIX支付)和回调通知
+ * <p>
+ * BSPAY API 说明:
+ * - 传输方式:HTTPS,POST,JSON
+ * - 签名算法:参数按 ASCII 字典序排序 → key=value 拼接 → 末尾追加 &key={secret} → MD5 → 大写
+ * - 下单接口:POST /api/pay/applyOrder (Content-Type: application/json)
+ * - 支付回调:JSON POST,收到后需响应 "SUCCESS"
+ * - 交易类型:trade_type=201 (巴西PIX)
+ * - 货币类型:fee_type=BRL
+ * - 金额单位:分 (1元=100分)
+ *
+ * @author auto-generated
+ */
+@Slf4j
+@Service
+public class BsPayService {
+
+    @Resource
+    private MallOrderInfoMapper mallOrderInfoMapper;
+    @Resource
+    private DataDictionaryCustomMapper dataDictionaryCustomMapper;
+    @Resource
+    private RedisUtils redisUtils;
+
+    /** BSPAY 配置字典 type */
+    private static final String DICT_TYPE = "BSPAY_CONFIG";
+    /** BSPAY 下单接口路径 */
+    private static final String APPLY_ORDER_PATH = "/api/pay/applyOrder";
+    /** OkHttp JSON MediaType */
+    private static final MediaType JSON_MEDIA_TYPE = MediaType.parse("application/json;charset=UTF-8");
+
+    /** 交易类型:巴西PIX */
+    private static final String TRADE_TYPE_PIX = "201";
+    /** 货币类型:巴西雷亚尔 */
+    private static final String FEE_TYPE_BRL = "BRL";
+    /** 签名类型 */
+    private static final String SIGN_TYPE_MD5 = "MD5";
+
+    // ==================== 下单接口 ====================
+
+    /**
+     * 创建 BSPAY PIX 支付订单 → 获取支付跳转 URL
+     *
+     * @param order 订单实体
+     * @return BSPAY 支付页面 URL (mweb_url)
+     */
+    public String createPayment(MallOrderInfo order) {
+        String memberId = getConfigValue("MEMBER_ID");
+        String secretKey = getConfigValue("SECRET_KEY");
+        String notifyUrl = getConfigValue("NOTIFY_URL");
+        String apiBaseUrl = getConfigValue("API_BASE_URL");
+
+        if (StrUtil.isBlank(memberId) || StrUtil.isBlank(secretKey)) {
+            throw new RuntimeException("BSPAY 商户号/秘钥未配置");
+        }
+        if (StrUtil.isBlank(apiBaseUrl)) {
+            throw new RuntimeException("BSPAY API基础地址未配置");
+        }
+        if (StrUtil.isBlank(notifyUrl)) {
+            throw new RuntimeException("BSPAY 回调地址未配置");
+        }
+
+        // 金额转 BRL 分 (cents)
+        String totalFee = getBRLAmountInCents(order.getAmount());
+
+        // 构建参数(TreeMap 自动按 ASCII 字典序排序)
+        TreeMap<String, String> params = new TreeMap<>();
+        params.put("member_id", memberId);
+        params.put("out_trade_no", order.getOrderNo());
+        params.put("body", "商品订单-" + order.getOrderNo());
+        params.put("total_fee", totalFee);
+        params.put("fee_type", FEE_TYPE_BRL);
+        params.put("notify_url", notifyUrl);
+        params.put("trade_type", TRADE_TYPE_PIX);
+        params.put("sign_type", SIGN_TYPE_MD5);
+
+        // 生成签名
+        String sign = generateSign(params, secretKey);
+        params.put("sign", sign);
+
+        log.info("BSPAY 下单请求: memberId={}, orderNo={}, amount={}, totalFee={}",
+                memberId, order.getOrderNo(), order.getAmount(), totalFee);
+
+        // 发送 POST JSON 请求
+        String requestUrl = apiBaseUrl + APPLY_ORDER_PATH;
+        String response = postJson(requestUrl, params);
+        log.info("BSPAY 下单响应: {}", response);
+
+        if (StrUtil.isBlank(response)) {
+            throw new RuntimeException("BSPAY 响应为空");
+        }
+
+        // 解析响应
+        JSONObject json = JSONObject.parseObject(response);
+
+        // 检查通信状态
+        String returnCode = json.getString("return_code");
+        if (!"SUCCESS".equals(returnCode)) {
+            String returnMsg = json.getString("return_msg");
+            String errCode = json.getString("err_code");
+            String errCodeDes = json.getString("err_code_des");
+            throw new RuntimeException("BSPAY 下单失败: " + returnMsg
+                    + (errCode != null ? " [" + errCode + ":" + errCodeDes + "]" : ""));
+        }
+
+        // 验证签名
+        String respSign = json.getString("sign");
+        if (StrUtil.isNotBlank(respSign)) {
+            TreeMap<String, String> verifyParams = new TreeMap<>();
+            for (String key : json.keySet()) {
+                if (!"sign".equals(key)) {
+                    String val = json.getString(key);
+                    if (StrUtil.isNotBlank(val)) {
+                        verifyParams.put(key, val);
+                    }
+                }
+            }
+            if (!verifySign(verifyParams, secretKey, respSign)) {
+                log.warn("BSPAY 响应签名验证失败,但仍继续处理");
+            }
+        }
+
+        // 检查业务结果
+        String resultCode = json.getString("result_code");
+        if (!"SUCCESS".equals(resultCode)) {
+            throw new RuntimeException("BSPAY 下单业务失败: " + json.getString("err_code_des"));
+        }
+
+        String mwebUrl = json.getString("mweb_url");
+        if (StrUtil.isBlank(mwebUrl)) {
+            throw new RuntimeException("BSPAY 下单未返回支付链接");
+        }
+
+        // 记录平台支付订单号
+        String prepayId = json.getString("prepay_id");
+        if (StrUtil.isNotBlank(prepayId)) {
+            mallOrderInfoMapper.update(
+                    null,
+                    Wrappers.lambdaUpdate(MallOrderInfo.class)
+                            .set(MallOrderInfo::getPayOrderNo, prepayId)
+                            .eq(MallOrderInfo::getId, order.getId())
+            );
+        }
+
+        return mwebUrl;
+    }
+
+    // ==================== 回调处理 ====================
+
+    /**
+     * 处理 BSPAY 支付结果通知
+     * <p>
+     * 回调参数为 JSON 格式:
+     * return_code, return_msg, member_id, sign, result_code, trade_type,
+     * total_fee, transaction_id, out_trade_no, time_end
+     *
+     * @param params 回调参数 Map
+     * @return true-处理成功, false-处理失败
+     */
+    public boolean handleCallback(Map<String, String> params) {
+        String secretKey = getConfigValue("SECRET_KEY");
+        if (StrUtil.isBlank(secretKey)) {
+            log.error("BSPAY 秘钥未配置,无法验签");
+            return false;
+        }
+
+        // 1. 验证签名(sign 不参与签名)
+        String receivedSign = params.get("sign");
+        if (StrUtil.isBlank(receivedSign)) {
+            log.error("BSPAY 回调缺少 sign 参数");
+            return false;
+        }
+
+        TreeMap<String, String> signParams = new TreeMap<>();
+        for (Map.Entry<String, String> entry : params.entrySet()) {
+            if (!"sign".equals(entry.getKey()) && StrUtil.isNotBlank(entry.getValue())) {
+                signParams.put(entry.getKey(), entry.getValue());
+            }
+        }
+        if (!verifySign(signParams, secretKey, receivedSign)) {
+            log.error("BSPAY 回调签名验证失败: params={}", params);
+            return false;
+        }
+
+        String returnCode = params.get("return_code");
+        String resultCode = params.get("result_code");
+        String outTradeNo = params.get("out_trade_no");
+        String totalFee = params.get("total_fee");
+        String transactionId = params.get("transaction_id");
+        String tradeType = params.get("trade_type");
+
+        log.info("BSPAY 回调: out_trade_no={}, return_code={}, result_code={}, total_fee={}, transaction_id={}",
+                outTradeNo, returnCode, resultCode, totalFee, transactionId);
+
+        // 2. 判断通信状态
+        if (!"SUCCESS".equals(returnCode)) {
+            log.warn("BSPAY 回调通信失败: out_trade_no={}, return_code={}", outTradeNo, returnCode);
+            return true;
+        }
+
+        // 3. 判断支付结果
+        if (!"SUCCESS".equals(resultCode)) {
+            log.warn("BSPAY 支付未成功: out_trade_no={}, result_code={}", outTradeNo, resultCode);
+            return true;
+        }
+
+        // 4. 查询订单
+        MallOrderInfo order = mallOrderInfoMapper.selectOne(
+                Wrappers.lambdaQuery(MallOrderInfo.class)
+                        .eq(MallOrderInfo::getOrderNo, outTradeNo)
+        );
+        if (order == null) {
+            log.error("BSPAY 回调订单不存在: out_trade_no={}", outTradeNo);
+            return false;
+        }
+
+        // 5. 幂等检查(避免重复回调)
+        if (OrderStatusEnum.WAIT_PAY.getValue() != order.getStatus()) {
+            log.info("BSPAY 订单已处理: out_trade_no={}, status={}", outTradeNo, order.getStatus());
+            return true;
+        }
+
+        // 6. 更新订单状态为待发货
+        mallOrderInfoMapper.update(
+                null,
+                Wrappers.lambdaUpdate(MallOrderInfo.class)
+                        .set(MallOrderInfo::getStatus, OrderStatusEnum.WAIT_SHIPPING.getValue())
+                        .set(MallOrderInfo::getTradeHash, transactionId)
+                        .set(MallOrderInfo::getPayTime, new Date())
+                        .set(MallOrderInfo::getPayMethod, "BSPAY支付(PIX)")
+                        .set(MallOrderInfo::getPayResult, "1")
+                        .eq(MallOrderInfo::getId, order.getId())
+        );
+
+        // 清理 Redis 中的金额匹配 key
+        String amountKey = OrderConstants.TRC20_ORDER_KEY + order.getAmount();
+        redisUtils.del(amountKey);
+
+        log.info("BSPAY 支付成功: out_trade_no={}, transaction_id={}, total_fee={}",
+                outTradeNo, transactionId, totalFee);
+        return true;
+    }
+
+    // ==================== 金额转换 ====================
+
+    /**
+     * 将订单金额转换为 BRL 分(cents)
+     * 1. 先按汇率转换为 BRL
+     * 2. 再乘以 100 转换为分
+     *
+     * @param amount 订单金额
+     * @return BRL 金额(分,不含小数)
+     */
+    private String getBRLAmountInCents(BigDecimal amount) {
+        DataDictionaryCustom dataDictionaryCustom = dataDictionaryCustomMapper.selectDicDataByTypeAndCode(
+                "MONEY_CHANGE", "BRL"
+        );
+        BigDecimal rate = new BigDecimal("5.18");
+        if (dataDictionaryCustom != null) {
+            rate = new BigDecimal(dataDictionaryCustom.getValue());
+        }
+        // 转 BRL → 转分 → 取整数
+        return amount.multiply(rate)
+                .multiply(new BigDecimal("100"))
+                .setScale(0, RoundingMode.DOWN)
+                .toString();
+    }
+
+    // ==================== 签名工具 ====================
+
+    /**
+     * 生成 MD5 签名(大写)
+     * <p>
+     * 1. 参数按 ASCII 字典序排序 (TreeMap)
+     * 2. key=value&key=value 拼接
+     * 3. 末尾追加 &key={secretKey}
+     * 4. MD5 → 大写
+     */
+    private String generateSign(TreeMap<String, String> params, String secretKey) {
+        String signStr = buildSignString(params) + "&key=" + secretKey;
+        log.info("BSPAY 待签名字符串: {}", signStr);
+        return SecureUtil.md5(signStr).toUpperCase();
+    }
+
+    /**
+     * 验证签名
+     */
+    private boolean verifySign(TreeMap<String, String> params, String secretKey, String expectedSign) {
+        String calculatedSign = generateSign(params, secretKey);
+        boolean valid = calculatedSign.equalsIgnoreCase(expectedSign);
+        if (!valid) {
+            log.warn("BSPAY 签名不匹配: expected={}, calculated={}", expectedSign, calculatedSign);
+        }
+        return valid;
+    }
+
+    /**
+     * 将参数拼接为 key=value&key=value 格式(不含 &key=)
+     */
+    private String buildSignString(TreeMap<String, String> params) {
+        StringBuilder sb = new StringBuilder();
+        for (Map.Entry<String, String> entry : params.entrySet()) {
+            if (StrUtil.isNotBlank(entry.getValue())) {
+                if (sb.length() > 0) {
+                    sb.append("&");
+                }
+                sb.append(entry.getKey()).append("=").append(entry.getValue());
+            }
+        }
+        return sb.toString();
+    }
+
+    // ==================== 配置读取 ====================
+
+    /**
+     * 从数据字典获取 BSPAY 配置
+     */
+    public String getConfigValue(String code) {
+        DataDictionaryCustom dict = dataDictionaryCustomMapper.selectDicDataByTypeAndCode(DICT_TYPE, code);
+        return dict != null ? dict.getValue() : null;
+    }
+
+    // ==================== HTTP 请求工具 ====================
+
+    /**
+     * POST JSON 请求
+     */
+    private String postJson(String url, TreeMap<String, String> params) {
+        try {
+            String jsonBody = JSONObject.toJSONString(params);
+            log.info("BSPAY POST JSON: url={}, body={}", url, jsonBody);
+
+            OkHttpClient client = new OkHttpClient();
+            RequestBody body = RequestBody.create(JSON_MEDIA_TYPE, jsonBody);
+            Request request = new Request.Builder()
+                    .url(url)
+                    .post(body)
+                    .build();
+
+            try (Response response = client.newCall(request).execute()) {
+                if (response.body() != null) {
+                    return response.body().string();
+                }
+                return null;
+            }
+        } catch (Exception e) {
+            log.error("BSPAY POST JSON 异常: url={}", url, e);
+            return null;
+        }
+    }
+}
diff --git a/src/main/resources/templates/febs/views/modules/system/bsPayConfig.html b/src/main/resources/templates/febs/views/modules/system/bsPayConfig.html
new file mode 100644
index 0000000..7e99742
--- /dev/null
+++ b/src/main/resources/templates/febs/views/modules/system/bsPayConfig.html
@@ -0,0 +1,88 @@
+<div class="layui-fluid layui-anim febs-anim" id="bspay-config" lay-title="BSPAY巴西PIX支付设置">
+    <div class="layui-row layui-col-space8 febs-container">
+        <form class="layui-form" action="" lay-filter="bspay-config-form">
+            <div class="layui-card">
+                <div class="layui-card-header">BSPAY 巴西PIX支付参数配置</div>
+                <div class="layui-card-body">
+                    <div class="layui-form-item">
+                        <label class="layui-form-label required">商户号:</label>
+                        <div class="layui-input-block">
+                            <input type="text" name="memberId" data-th-id="${bsPayConfig.memberId}"
+                                   lay-verify="required" autocomplete="off" class="layui-input" placeholder="BSPAY 商户号(member_id)">
+                        </div>
+                    </div>
+                    <div class="layui-form-item">
+                        <label class="layui-form-label required">签名密钥:</label>
+                        <div class="layui-input-block">
+                            <input type="text" name="secretKey" data-th-id="${bsPayConfig.secretKey}"
+                                   lay-verify="required" autocomplete="off" class="layui-input" placeholder="BSPAY 签名密钥/key">
+                        </div>
+                    </div>
+                    <div class="layui-form-item">
+                        <label class="layui-form-label required">回调地址:</label>
+                        <div class="layui-input-block">
+                            <input type="text" name="notifyUrl" data-th-id="${bsPayConfig.notifyUrl}"
+                                   lay-verify="required|url" autocomplete="off" class="layui-input" placeholder="异步回调通知地址(notify_url)">
+                        </div>
+                        <div class="layui-word-aux" style="margin-left: 150px;">BSPAY 支付成功后异步通知的地址,必须以 http(s):// 开头</div>
+                    </div>
+                    <div class="layui-form-item">
+                        <label class="layui-form-label required">API基础地址:</label>
+                        <div class="layui-input-block">
+                            <input type="text" name="apiBaseUrl" data-th-id="${bsPayConfig.apiBaseUrl}"
+                                   lay-verify="required|url" autocomplete="off" class="layui-input" placeholder="BSPAY API基础地址">
+                        </div>
+                        <div class="layui-word-aux" style="margin-left: 150px;">BSPAY API服务器地址,如 https://api.bspay.com,下单路径为 {apiBaseUrl}/api/pay/applyOrder</div>
+                    </div>
+                </div>
+
+                <div class="layui-card-footer">
+                    <button class="layui-btn layui-btn-normal" lay-submit="" lay-filter="bspay-config-form-submit" id="submit">保存</button>
+                </div>
+            </div>
+        </form>
+    </div>
+</div>
+<style>
+    .layui-form-label {
+        width: 120px;
+    }
+
+    .layui-form-item .layui-input-block {
+        margin-left: 150px;
+    }
+
+    .layui-table-form .layui-form-item {
+        margin-bottom: 20px !important;
+    }
+</style>
+<script data-th-inline="javascript" type="text/javascript">
+    layui.use(['dropdown', 'jquery', 'validate', 'febs', 'form'], function () {
+        var $ = layui.jquery,
+            febs = layui.febs,
+            form = layui.form,
+            bsPayConfig = [[${bsPayConfig}]],
+            validate = layui.validate,
+            $view = $('#bspay-config');
+
+        form.verify(validate);
+
+        if (bsPayConfig) {
+            form.val("bspay-config-form", {
+                "memberId": bsPayConfig.memberId,
+                "secretKey": bsPayConfig.secretKey,
+                "notifyUrl": bsPayConfig.notifyUrl,
+                "apiBaseUrl": bsPayConfig.apiBaseUrl
+            });
+        }
+
+        form.render();
+
+        form.on('submit(bspay-config-form-submit)', function (data) {
+            febs.post(ctx + 'admin/system/bsPayConfig', data.field, function (res) {
+                febs.alert.success('保存成功');
+            });
+            return false;
+        });
+    });
+</script>

--
Gitblit v1.9.1