From c435e639177976f6874a0d0987d35774b356f260 Mon Sep 17 00:00:00 2001
From: LittleSheep <littlesheep.code@hotmail.com>
Date: Sun, 5 Oct 2025 22:20:32 +0800
Subject: [PATCH] :sparkles: Able to update the custom apps order's status

---
 DysonNetwork.Pass/Wallet/OrderController.cs | 42 ++++++++++++++++++++-
 1 file changed, 41 insertions(+), 1 deletion(-)

diff --git a/DysonNetwork.Pass/Wallet/OrderController.cs b/DysonNetwork.Pass/Wallet/OrderController.cs
index e732545..9fd0062 100644
--- a/DysonNetwork.Pass/Wallet/OrderController.cs
+++ b/DysonNetwork.Pass/Wallet/OrderController.cs
@@ -1,4 +1,3 @@
-using DysonNetwork.Pass.Auth;
 using DysonNetwork.Shared.Models;
 using DysonNetwork.Shared.Proto;
 using Microsoft.AspNetCore.Authorization;
@@ -99,5 +98,46 @@ public class OrderController(
             return BadRequest(new { error = ex.Message });
         }
     }
+
+    public class UpdateOrderStatusRequest
+    {
+        public string ClientId { get; set; } = null!;
+        public string ClientSecret { get; set; } = null!;
+        public Shared.Models.OrderStatus Status { get; set; }
+    }
+
+    [HttpPatch("{id:guid}/status")]
+    public async Task<ActionResult<SnWalletOrder>> UpdateOrderStatus(Guid id, [FromBody] UpdateOrderStatusRequest request)
+    {
+        var clientResp = await customApps.GetCustomAppAsync(new GetCustomAppRequest { Slug = request.ClientId });
+        if (clientResp.App is null) return BadRequest("Client not found");
+        var client = SnCustomApp.FromProtoValue(clientResp.App);
+
+        var secret = await customApps.CheckCustomAppSecretAsync(new CheckCustomAppSecretRequest
+        {
+            AppId = client.Id.ToString(),
+            Secret = request.ClientSecret,
+        });
+        if (!secret.Valid) return BadRequest("Invalid client secret");
+
+        var order = await db.PaymentOrders.FindAsync(id);
+
+        if (order == null)
+            return NotFound();
+
+        if (order.AppIdentifier != request.ClientId)
+        {
+            return BadRequest("Order does not belong to this client.");
+        }
+
+        if (request.Status != Shared.Models.OrderStatus.Finished && request.Status != Shared.Models.OrderStatus.Cancelled)
+            return BadRequest("Invalid status. Available statuses are Finished, Cancelled.");
+
+
+        order.Status = request.Status;
+        await db.SaveChangesAsync();
+
+        return Ok(order);
+    }
 }