消息推送后台打通

pages/mall/delivery/webhook-server/webhook-receiver.js

@@ -1,6 +1,29 @@
+// Load configuration into process.env.
+// Priority:
+// 1) Real environment variables
+// 2) CONFIG_FILE/CONFIG_PATH (explicit)
+// 3) Local file next to this script: webhook.config.json
+// 4) server/.env / server/config.json via server/load-config.js
+const fs = require('fs')
+const path = require('path')
+
+const localConfigPath = path.join(__dirname, 'webhook.config.json')
+if (!process.env.CONFIG_FILE && !process.env.CONFIG_PATH && fs.existsSync(localConfigPath)) {
+  process.env.CONFIG_FILE = localConfigPath
+}
+
+require('../../../../server/load-config')
+
 const express = require('express')
 const bodyParser = require('body-parser')
-const fetch = require('node-fetch')
+const fetch = (globalThis.fetch ? globalThis.fetch.bind(globalThis) : (() => {
+  try {
+    // Fallback for older Node versions where fetch is not available.
+    return require('node-fetch')
+  } catch (e) {
+    throw new Error("No fetch implementation found. Use Node.js 18+ or install 'node-fetch'.")
+  }
+})())
 const crypto = require('crypto')
 
 const PORT = process.env.PORT || 7201
@@ -10,11 +33,14 @@ const WEBHOOK_SECRET = process.env.WEBHOOK_SECRET || '' // optional HMAC secret
 
 function supaFetch(path, opts = {}) {
   const url = `${SUPA_URL}/rest/v1/${path}`
+  // Default to apikey only (compatible with self-hosted Supabase/Kong key-auth).
+  // Only attach Authorization: Bearer when explicitly enabled.
   const headers = Object.assign({}, opts.headers || {}, {
     apikey: SUPA_KEY,
-    Authorization: `Bearer ${SUPA_KEY}`,
     Accept: 'application/json'
   })
+  const sendBearer = (process.env.SUPA_USE_BEARER === 'true')
+  if (sendBearer) headers.Authorization = `Bearer ${SUPA_KEY}`
   return fetch(url, Object.assign({}, opts, { headers }))
 }
 
@@ -50,22 +76,30 @@ async function findWaybillId(tracking_no, order_no) {
   try {
     if (tracking_no) {
       const r = await supaFetch(`platform_express_waybills?tracking_no=eq.${encodeURIComponent(tracking_no)}`)
-      if (r.ok) {
-        const data = await r.json()
-        if (data && data.length > 0) return data[0].id
+      if (!r.ok) {
+        const txt = await r.text().catch(() => '')
+        const err = new Error(`Supabase query failed (tracking_no): HTTP ${r.status} ${txt}`)
+        err.status = r.status
+        throw err
       }
+      const data = await r.json()
+      if (data && data.length > 0) return data[0].id
     }
     if (order_no) {
       const r2 = await supaFetch(`platform_express_waybills?order_no=eq.${encodeURIComponent(order_no)}`)
-      if (r2.ok) {
-        const data2 = await r2.json()
-        if (data2 && data2.length > 0) return data2[0].id
+      if (!r2.ok) {
+        const txt2 = await r2.text().catch(() => '')
+        const err2 = new Error(`Supabase query failed (order_no): HTTP ${r2.status} ${txt2}`)
+        err2.status = r2.status
+        throw err2
       }
+      const data2 = await r2.json()
+      if (data2 && data2.length > 0) return data2[0].id
     }
     return null
   } catch (e) {
-    console.warn('findWaybillId error', e)
-    return null
+    console.warn('findWaybillId error', e && e.message ? e.message : e)
+    throw e
   }
 }
 
@@ -140,7 +174,16 @@ async function start() {
     const event_code = req.body && (req.body.infoContent || req.body.status_code || req.body.event_code)
     const event_text = req.body && (req.body.remark || req.body.event_text || '')
 
-    const waybillId = await findWaybillId(tracking_no, order_no)
+    let waybillId = null
+    try {
+      waybillId = await findWaybillId(tracking_no, order_no)
+    } catch (e) {
+      const status = e && e.status ? Number(e.status) : 0
+      if (status === 401 || status === 403) {
+        return res.status(502).json({ ok: false, message: 'supabase unauthorized (check SUPA_KEY/SUPA_URL)' })
+      }
+      return res.status(502).json({ ok: false, message: 'supabase query failed' })
+    }
     if (!waybillId) {
       // Waybill not found — respond 200 but inform caller in body.
       return res.status(200).json({ ok: false, message: 'waybill not found' })