feat(integration): 完善外部 API 對接邏輯與安全性

1. 新增 API Rate Limiting (每分鐘 60 次) 2. 實作 ProductServiceInterface 與 findOrCreateWarehouseByName 解決跨模組耦合問題 3. 強化 OrderSync API 驗證 (price 欄位限制最小 0、payment_method 加上允許白名單) 4. 實作 OrderSync API 冪等性處理，重複訂單直接回傳現有資訊 5. 修正 ProductSync API 同步邏輯，每次同步皆會更新產品分類與單位 6. 完善 integration API 對接手冊內容與 UI 排版
2026-02-23 10:10:03 +08:00
parent 29cdf37b71
commit a05acd96dc
13 changed files with 303 additions and 37 deletions
--- a/app/Modules/Integration/Controllers/ProductSyncController.php
+++ b/app/Modules/Integration/Controllers/ProductSyncController.php
@@ -4,14 +4,14 @@ namespace App\Modules\Integration\Controllers;

 use App\Http\Controllers\Controller;
 use Illuminate\Http\Request;
-use App\Modules\Inventory\Services\ProductService;
+use App\Modules\Inventory\Contracts\ProductServiceInterface;
 use Illuminate\Support\Facades\Log;

 class ProductSyncController extends Controller
 {
    protected $productService;

-    public function __construct(ProductService $productService)
+    public function __construct(ProductServiceInterface $productService)
    {
        $this->productService = $productService;
    }
@@ -21,7 +21,7 @@ class ProductSyncController extends Controller
        $request->validate([
            'external_pos_id' => 'required|string',
            'name' => 'required|string',
-            'price' => 'nullable|numeric',
+            'price' => 'nullable|numeric|min:0',
            'barcode' => 'nullable|string',
            'category' => 'nullable|string',
            'unit' => 'nullable|string',
@@ -40,7 +40,9 @@ class ProductSyncController extends Controller
            ]);
        } catch (\Exception $e) {
            Log::error('Product Sync Failed', ['error' => $e->getMessage(), 'payload' => $request->all()]);
-            return response()->json(['message' => 'Sync failed'], 500);
+            return response()->json([
+                'message' => 'Sync failed: ' . $e->getMessage(),
+            ], 500);
        }
    }
 }