feat: add wechat pay

2025-01-14 14:42:08 +08:00
parent 52c17b63bb
commit 9cd7659d14
32 changed files with 1431 additions and 110 deletions
--- a/backend/app/http/orders/controller.go
+++ b/backend/app/http/orders/controller.go
@@ -1,52 +0,0 @@
-package orders
-
-import (
-	"backend/app/requests"
-	"backend/database/models/qvyun_v2/public/model"
-	"backend/providers/jwt"
-
-	"github.com/gofiber/fiber/v3"
-	"github.com/jinzhu/copier"
-	"github.com/samber/lo"
-	log "github.com/sirupsen/logrus"
-)
-
-// @provider
-type Controller struct {
-	svc *Service
-	log *log.Entry `inject:"false"`
-}
-
-func (c *Controller) Prepare() error {
-	c.log = log.WithField("module", "orders.Controller")
-	return nil
-}
-
-// Orders show user orders
-// @Router			/api/v1/orders [get]
-// @Bind claim local
-// @Bind pagination query
-// @Bind filter query
-func (c *Controller) List(ctx fiber.Ctx, claim *jwt.Claims, pagination *requests.Pagination, filter *UserOrderFilter) (*requests.Pager, error) {
-	pagination.Format()
-	pager := &requests.Pager{
-		Pagination: *pagination,
-	}
-
-	filter.UserID = claim.UserID
-	orders, total, err := c.svc.GetOrders(ctx.Context(), pagination, filter)
-	if err != nil {
-		return nil, err
-	}
-	pager.Total = total
-
-	pager.Items = lo.FilterMap(orders, func(item model.Orders, _ int) (UserOrder, bool) {
-		var o UserOrder
-		if err := copier.Copy(&o, item); err != nil {
-			return o, false
-		}
-		return o, true
-	})
-
-	return pager, nil
-}
--- a/backend/app/http/orders/controller_order.go
+++ b/backend/app/http/orders/controller_order.go
@@ -0,0 +1,97 @@
+package orders
+
+import (
+	"backend/app/errorx"
+	"backend/app/http/posts"
+	"backend/app/http/tenants"
+	"backend/app/http/users"
+	"backend/app/requests"
+	"backend/database/models/qvyun_v2/public/model"
+	"backend/providers/jwt"
+
+	"github.com/gofiber/fiber/v3"
+	"github.com/jinzhu/copier"
+	"github.com/samber/lo"
+	log "github.com/sirupsen/logrus"
+)
+
+// @provider
+type OrderController struct {
+	svc       *Service
+	userSvc   *users.Service
+	tenantSvc *tenants.Service
+	postSvc   *posts.Service
+	log       *log.Entry `inject:"false"`
+}
+
+func (c *OrderController) Prepare() error {
+	c.log = log.WithField("module", "orders.OrderController")
+	return nil
+}
+
+// Orders show user orders
+// @Router			/api/v1/orders [get]
+// @Bind claim local
+// @Bind pagination query
+// @Bind filter query
+func (c *OrderController) List(ctx fiber.Ctx, claim *jwt.Claims, pagination *requests.Pagination, filter *UserOrderFilter) (*requests.Pager, error) {
+	pagination.Format()
+	pager := &requests.Pager{
+		Pagination: *pagination,
+	}
+
+	filter.UserID = claim.UserID
+	orders, total, err := c.svc.GetOrders(ctx.Context(), pagination, filter)
+	if err != nil {
+		return nil, err
+	}
+	pager.Total = total
+
+	pager.Items = lo.FilterMap(orders, func(item model.Orders, _ int) (UserOrder, bool) {
+		var o UserOrder
+		if err := copier.Copy(&o, item); err != nil {
+			return o, false
+		}
+		return o, true
+	})
+
+	return pager, nil
+}
+
+// Create order
+// @Router			/api/v1/orders [post]
+// @Bind claim local
+// @Bind hash path
+// @Bind tenantSlug cookie key(tenant)
+func (c *OrderController) Create(ctx fiber.Ctx, claim *jwt.Claims, tenantSlug, hash string) (*UserOrder, error) {
+	user, err := c.userSvc.GetUserByID(ctx.Context(), claim.UserID)
+	if err != nil {
+		return nil, err
+	}
+
+	tenant, err := c.tenantSvc.GetTenantBySlug(ctx.Context(), tenantSlug)
+	if err != nil {
+		return nil, err
+	}
+
+	post, err := c.postSvc.GetPostByHash(ctx.Context(), tenant.ID, hash)
+	if err != nil {
+		return nil, err
+	}
+
+	if tenant.ID != post.TenantID {
+		return nil, errorx.BadRequest
+	}
+
+	order, err := c.svc.Create(ctx.Context(), user, post)
+	if err != nil {
+		return nil, err
+	}
+
+	var userOrder UserOrder
+	if err := copier.Copy(&userOrder, order); err != nil {
+		return nil, err
+	}
+
+	return &userOrder, nil
+}
--- a/backend/app/http/orders/controller_pay.go
+++ b/backend/app/http/orders/controller_pay.go
@@ -0,0 +1,78 @@
+package orders
+
+import (
+	"backend/app/errorx"
+	"backend/app/http/posts"
+	"backend/app/http/tenants"
+	"backend/app/http/users"
+	"backend/database/fields"
+	"backend/database/models/qvyun_v2/public/model"
+	"backend/providers/jwt"
+	"backend/providers/pay"
+
+	"github.com/go-pay/gopay/wechat/v3"
+	"github.com/gofiber/fiber/v3"
+	log "github.com/sirupsen/logrus"
+)
+
+// @provider
+type PayController struct {
+	svc       *Service
+	pay       *pay.Client
+	userSvc   *users.Service
+	tenantSvc *tenants.Service
+	postSvc   *posts.Service
+	log       *log.Entry `inject:"false"`
+}
+
+func (c *PayController) Prepare() error {
+	c.log = log.WithField("module", "orders.Controller")
+	return nil
+}
+
+// JSPay
+// @Router			/api/v1/orders/pay/:orderID/js [get]
+// @Bind claim local
+// @Bind orderID path
+func (ctl *PayController) JSPay(ctx fiber.Ctx, claim *jwt.Claims, orderID string) (*wechat.JSAPIPayParams, error) {
+	order, err := ctl.svc.GetUserOrderByOrderID(ctx.Context(), orderID, claim.UserID)
+	if err != nil {
+		return nil, err
+	}
+
+	if order.Status != fields.OrderStatusPending {
+		return nil, errorx.BadRequest.WithMsg("订单状态异常")
+	}
+
+	oauths, err := ctl.userSvc.GetUserOAuthChannels(ctx.Context(), claim.UserID)
+	if err != nil {
+		return nil, err
+	}
+
+	var oauth *model.UserOauths
+	for _, v := range oauths {
+		if v.Channel == fields.AuthChannelWeChat {
+			oauth = &v
+			break
+		}
+	}
+
+	if oauth == nil {
+		return nil, errorx.BadRequest.WithMsg("未绑定微信")
+	}
+
+	params, err := ctl.pay.WeChat_JSApiPayRequest(
+		ctx.Context(),
+		oauth.OpenID,
+		order.OrderSerial,
+		order.Title,
+		order.Amount,
+		1,
+		"/v1/orders/pay/wechat/notify",
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	return params, nil
+}
--- a/backend/app/http/orders/provider.gen.go
+++ b/backend/app/http/orders/provider.gen.go
@@ -3,6 +3,11 @@ package orders
 import (
 	"database/sql"

+	"backend/app/http/posts"
+	"backend/app/http/tenants"
+	"backend/app/http/users"
+	"backend/providers/pay"
+
 	"git.ipao.vip/rogeecn/atom"
 	"git.ipao.vip/rogeecn/atom/container"
 	"git.ipao.vip/rogeecn/atom/contracts"
@@ -11,10 +16,16 @@ import (

 func Provide(opts ...opt.Option) error {
 	if err := container.Container.Provide(func(
+		postSvc *posts.Service,
 		svc *Service,
-	) (*Controller, error) {
-		obj := &Controller{
-			svc: svc,
+		tenantSvc *tenants.Service,
+		userSvc *users.Service,
+	) (*OrderController, error) {
+		obj := &OrderController{
+			postSvc:   postSvc,
+			svc:       svc,
+			tenantSvc: tenantSvc,
+			userSvc:   userSvc,
 		}
 		if err := obj.Prepare(); err != nil {
 			return nil, err
@@ -25,10 +36,34 @@ func Provide(opts ...opt.Option) error {
 		return err
 	}
 	if err := container.Container.Provide(func(
-		controller *Controller,
+		pay *pay.Client,
+		postSvc *posts.Service,
+		svc *Service,
+		tenantSvc *tenants.Service,
+		userSvc *users.Service,
+	) (*PayController, error) {
+		obj := &PayController{
+			pay:       pay,
+			postSvc:   postSvc,
+			svc:       svc,
+			tenantSvc: tenantSvc,
+			userSvc:   userSvc,
+		}
+		if err := obj.Prepare(); err != nil {
+			return nil, err
+		}
+
+		return obj, nil
+	}); err != nil {
+		return err
+	}
+	if err := container.Container.Provide(func(
+		orderController *OrderController,
+		payController *PayController,
 	) (contracts.HttpRoute, error) {
 		obj := &Routes{
-			controller: controller,
+			orderController: orderController,
+			payController:   payController,
 		}
 		if err := obj.Prepare(); err != nil {
 			return nil, err
--- a/backend/app/http/orders/routes.gen.go
+++ b/backend/app/http/orders/routes.gen.go
@@ -15,8 +15,9 @@ import (

 // @provider contracts.HttpRoute atom.GroupRoutes
 type Routes struct {
-	log        *log.Entry `inject:"false"`
-	controller *Controller
+	log             *log.Entry `inject:"false"`
+	orderController *OrderController
+	payController   *PayController
 }

 func (r *Routes) Prepare() error {
@@ -29,12 +30,26 @@ func (r *Routes) Name() string {
 }

 func (r *Routes) Register(router fiber.Router) {
-	// 注册路由组: Controller
+	// 注册路由组: OrderController
 	router.Get("/api/v1/orders", DataFunc3(
-		r.controller.List,
+		r.orderController.List,
 		Local[*jwt.Claims]("claim"),
 		Query[requests.Pagination]("pagination"),
 		Query[UserOrderFilter]("filter"),
 	))

+	router.Post("/api/v1/orders", DataFunc3(
+		r.orderController.Create,
+		Local[*jwt.Claims]("claim"),
+		CookieParam("tenant"),
+		PathParam[string]("hash"),
+	))
+
+	// 注册路由组: PayController
+	router.Get("/api/v1/orders/pay/:orderID/js", DataFunc2(
+		r.payController.JSPay,
+		Local[*jwt.Claims]("claim"),
+		PathParam[string]("orderID"),
+	))
+
 }
--- a/backend/app/http/orders/service.go
+++ b/backend/app/http/orders/service.go
@@ -3,10 +3,13 @@ package orders
 import (
 	"context"
 	"database/sql"
+	"time"

 	"backend/app/requests"
+	"backend/database/fields"
 	"backend/database/models/qvyun_v2/public/model"
 	"backend/database/models/qvyun_v2/public/table"
+	"backend/pkg/utils"
 	"backend/providers/otel"

 	. "github.com/go-jet/jet/v2/postgres"
@@ -75,3 +78,99 @@ func (svc *Service) GetOrders(ctx context.Context, pagination *requests.Paginati
 	}
 	return orders, count.Cnt, nil
 }
+
+// CreateOrder
+func (svc *Service) Create(ctx context.Context, user *model.Users, post *model.Posts) (*model.Orders, error) {
+	_, span := otel.Start(ctx, "users.service.CreateOrder")
+	defer span.End()
+	span.SetAttributes(
+		attribute.Int64("post.id", post.ID),
+	)
+
+	price := post.Price
+	if post.Discount != 100 {
+		price = post.Price * int64(post.Discount) / 100
+	}
+
+	m := model.Orders{
+		CreatedAt:          time.Now(),
+		UpdatedAt:          time.Now(),
+		TenantID:           post.TenantID,
+		UserID:             user.ID,
+		Type:               fields.OrderTypeConsume,
+		Status:             fields.OrderStatusPending,
+		OrderSerial:        svc.generateCreateOrderSerial(ctx),
+		RemoteOrderSerial:  "",
+		RefundSerial:       "",
+		RemoteRefundSerial: "",
+		Amount:             price,
+		Currency:           "CNY",
+		Title:              post.Title,
+		Description:        new(string),
+		Meta: fields.ToJson(fields.OrderMeta{
+			ObjectID: post.ID,
+			Price:    post.Price,
+			Discount: post.Discount,
+			Coupons:  nil,
+		}),
+	}
+
+	tbl := table.Orders
+	stmt := tbl.INSERT(tbl.MutableColumns).MODEL(m).RETURNING(tbl.AllColumns)
+	span.SetAttributes(semconv.DBStatementKey.String(stmt.DebugSql()))
+
+	var mm model.Orders
+	if err := stmt.QueryContext(ctx, svc.db, &mm); err != nil {
+		return nil, err
+	}
+	return &mm, nil
+}
+
+// generateCreateOrderSerial
+func (svc *Service) generateCreateOrderSerial(ctx context.Context) string {
+	return utils.GenerateOrderSerial("O")
+}
+
+// generateRefundOrderSerial
+func (svc *Service) generateRefundOrderSerial(ctx context.Context) string {
+	return utils.GenerateOrderSerial("R")
+}
+
+// GetByOrderID
+func (svc *Service) GetByOrderID(ctx context.Context, orderID string) (*model.Orders, error) {
+	_, span := otel.Start(ctx, "users.service.GetByOrderID")
+	defer span.End()
+	span.SetAttributes(
+		attribute.String("order.id", orderID),
+	)
+
+	tbl := table.Orders
+	stmt := tbl.SELECT(tbl.AllColumns).WHERE(tbl.OrderSerial.EQ(String(orderID)))
+	span.SetAttributes(semconv.DBStatementKey.String(stmt.DebugSql()))
+
+	var order model.Orders
+	if err := stmt.QueryContext(ctx, svc.db, &order); err != nil {
+		return nil, err
+	}
+	return &order, nil
+}
+
+// GetUserOrderByOrderID
+func (svc *Service) GetUserOrderByOrderID(ctx context.Context, orderID string, userID int64) (*model.Orders, error) {
+	_, span := otel.Start(ctx, "users.service.GetUserOrderByOrderID")
+	defer span.End()
+	span.SetAttributes(
+		attribute.String("order.id", orderID),
+		attribute.Int64("user.id", userID),
+	)
+
+	tbl := table.Orders
+	stmt := tbl.SELECT(tbl.AllColumns).WHERE(tbl.OrderSerial.EQ(String(orderID)).AND(tbl.UserID.EQ(Int64(userID))))
+	span.SetAttributes(semconv.DBStatementKey.String(stmt.DebugSql()))
+
+	var order model.Orders
+	if err := stmt.QueryContext(ctx, svc.db, &order); err != nil {
+		return nil, err
+	}
+	return &order, nil
+}
--- a/backend/app/http/posts/controller.go
+++ b/backend/app/http/posts/controller.go
@@ -1,6 +1,7 @@
 package posts

 import (
+	"backend/app/http/tenants"
 	"backend/app/requests"
 	"backend/database/models/qvyun_v2/public/model"
 	"backend/providers/jwt"
@@ -13,8 +14,9 @@ import (

 // @provider
 type Controller struct {
-	svc *Service
-	log *log.Entry `inject:"false"`
+	tenantSvc *tenants.Service
+	svc       *Service
+	log       *log.Entry `inject:"false"`
 }

 func (c *Controller) Prepare() error {
@@ -24,16 +26,22 @@ func (c *Controller) Prepare() error {

 // List show posts list
 // @Router			/api/v1/posts [get]
+// @Bind tenantSlug cookie key(tenant)
 // @Bind claim local
 // @Bind pagination query
 // @Bind filter query
-func (c *Controller) List(ctx fiber.Ctx, claim *jwt.Claims, pagination *requests.Pagination, filter *UserPostFilter) (*requests.Pager, error) {
+func (c *Controller) List(ctx fiber.Ctx, tenantSlug string, claim *jwt.Claims, pagination *requests.Pagination, filter *UserPostFilter) (*requests.Pager, error) {
+	tenant, err := c.tenantSvc.GetTenantBySlug(ctx.Context(), tenantSlug)
+	if err != nil {
+		return nil, err
+	}
+
 	pagination.Format()
 	pager := &requests.Pager{
 		Pagination: *pagination,
 	}

-	filter.TenantID = *claim.TenantID
+	filter.TenantID = tenant.ID
 	filter.UserID = claim.UserID
 	orders, total, err := c.svc.GetPosts(ctx.Context(), pagination, filter)
 	if err != nil {
@@ -51,3 +59,64 @@ func (c *Controller) List(ctx fiber.Ctx, claim *jwt.Claims, pagination *requests

 	return pager, nil
 }
+
+// ListBought show user bought posts list
+// @Router			/api/v1/bought-posts [get]
+// @Bind tenantSlug cookie key(tenant)
+// @Bind claim local
+// @Bind pagination query
+// @Bind filter query
+func (c *Controller) ListBought(ctx fiber.Ctx, tenantSlug string, claim *jwt.Claims, pagination *requests.Pagination, filter *UserPostFilter) (*requests.Pager, error) {
+	tenant, err := c.tenantSvc.GetTenantBySlug(ctx.Context(), tenantSlug)
+	if err != nil {
+		return nil, err
+	}
+
+	pagination.Format()
+	pager := &requests.Pager{
+		Pagination: *pagination,
+	}
+
+	filter.TenantID = tenant.ID
+	filter.UserID = claim.UserID
+	orders, total, err := c.svc.GetBoughtPosts(ctx.Context(), pagination, filter)
+	if err != nil {
+		return nil, err
+	}
+	pager.Total = total
+
+	pager.Items = lo.FilterMap(orders, func(item model.Posts, _ int) (UserPost, bool) {
+		var o UserPost
+		if err := copier.Copy(&o, item); err != nil {
+			return o, false
+		}
+		return o, true
+	})
+
+	return pager, nil
+}
+
+// Show show posts detail
+// @Router			/api/v1/show/:hash [get]
+// @Bind claim local
+// @Bind tenantSlug cookie key(tenant)
+// @Bind hash path
+func (c *Controller) Show(ctx fiber.Ctx, claim *jwt.Claims, tenantSlug, hash string) (*UserPost, error) {
+	userPost := &UserPost{}
+
+	tenant, err := c.tenantSvc.GetTenantBySlug(ctx.Context(), tenantSlug)
+	if err != nil {
+		return nil, err
+	}
+
+	post, err := c.svc.GetPostByHash(ctx.Context(), tenant.ID, hash)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := copier.Copy(userPost, post); err != nil {
+		return nil, err
+	}
+
+	return userPost, nil
+}
--- a/backend/app/http/posts/provider.gen.go
+++ b/backend/app/http/posts/provider.gen.go
@@ -3,6 +3,8 @@ package posts
 import (
 	"database/sql"

+	"backend/app/http/tenants"
+
 	"git.ipao.vip/rogeecn/atom"
 	"git.ipao.vip/rogeecn/atom/container"
 	"git.ipao.vip/rogeecn/atom/contracts"
@@ -12,9 +14,11 @@ import (
 func Provide(opts ...opt.Option) error {
 	if err := container.Container.Provide(func(
 		svc *Service,
+		tenantSvc *tenants.Service,
 	) (*Controller, error) {
 		obj := &Controller{
-			svc: svc,
+			svc:       svc,
+			tenantSvc: tenantSvc,
 		}
 		if err := obj.Prepare(); err != nil {
 			return nil, err
--- a/backend/app/http/posts/routes.gen.go
+++ b/backend/app/http/posts/routes.gen.go
@@ -30,11 +30,27 @@ func (r *Routes) Name() string {

 func (r *Routes) Register(router fiber.Router) {
 	// 注册路由组: Controller
-	router.Get("/api/v1/posts", DataFunc3(
+	router.Get("/api/v1/posts", DataFunc4(
 		r.controller.List,
+		CookieParam("tenant"),
 		Local[*jwt.Claims]("claim"),
 		Query[requests.Pagination]("pagination"),
 		Query[UserPostFilter]("filter"),
 	))

+	router.Get("/api/v1/bought-posts", DataFunc4(
+		r.controller.ListBought,
+		CookieParam("tenant"),
+		Local[*jwt.Claims]("claim"),
+		Query[requests.Pagination]("pagination"),
+		Query[UserPostFilter]("filter"),
+	))
+
+	router.Get("/api/v1/show/:hash", DataFunc3(
+		r.controller.Show,
+		Local[*jwt.Claims]("claim"),
+		CookieParam("tenant"),
+		PathParam[string]("hash"),
+	))
+
 }
--- a/backend/app/http/posts/service.go
+++ b/backend/app/http/posts/service.go
@@ -11,6 +11,7 @@ import (
 	"backend/providers/otel"

 	. "github.com/go-jet/jet/v2/postgres"
+	"github.com/samber/lo"
 	log "github.com/sirupsen/logrus"
 	"go.opentelemetry.io/otel/attribute"
 	semconv "go.opentelemetry.io/otel/semconv/v1.4.0"
@@ -28,6 +29,78 @@ func (svc *Service) Prepare() error {
 	return nil
 }

+// GetBoughtPosts
+func (svc *Service) GetBoughtPosts(ctx context.Context, pagination *requests.Pagination, filter *UserPostFilter) ([]model.Posts, int64, error) {
+	_, span := otel.Start(ctx, "users.service.GetBoughtPosts")
+	defer span.End()
+	span.SetAttributes(
+		attribute.Int64("user.id", filter.UserID),
+		attribute.Int64("page.page", pagination.Page),
+		attribute.Int64("page.limit", pagination.Limit),
+	)
+	tbl := table.Posts
+
+	boughtIds, err := svc.GetUserBoughtIDs(ctx, filter.TenantID, filter.UserID)
+	if err != nil {
+		return nil, 0, err
+	}
+
+	if len(boughtIds) == 0 {
+		return nil, 0, nil
+	}
+
+	idExprs := lo.Map(boughtIds, func(id int64, _ int) Expression { return Int64(id) })
+
+	cond := tbl.ID.IN(
+		idExprs...,
+	).AND(
+		tbl.TenantID.EQ(Int64(filter.TenantID)),
+	).AND(
+		tbl.UserID.EQ(Int64(filter.UserID)),
+	)
+
+	if filter.CreatedAt != nil {
+		cond = cond.AND(tbl.CreatedAt.LT_EQ(TimestampT(*filter.CreatedAt)))
+	}
+
+	if filter.Keyword != nil {
+		cond = cond.AND(
+			tbl.Title.
+				LIKE(String(database.WrapLike(*filter.Keyword))).
+				OR(
+					tbl.Description.LIKE(String(database.WrapLike(*filter.Keyword))),
+				).
+				OR(
+					tbl.Content.LIKE(String(database.WrapLike(*filter.Keyword))),
+				),
+		)
+	}
+
+	cntStmt := tbl.SELECT(COUNT(tbl.ID).AS("cnt")).WHERE(cond)
+	span.SetAttributes(semconv.DBStatementKey.String(cntStmt.DebugSql()))
+
+	var count struct {
+		Cnt int64
+	}
+	if err := cntStmt.QueryContext(ctx, svc.db, &count); err != nil {
+		return nil, 0, err
+	}
+
+	stmt := tbl.
+		SELECT(tbl.AllColumns).
+		ORDER_BY(tbl.ID.DESC()).
+		LIMIT(pagination.Limit).
+		OFFSET(pagination.Offset())
+	span.SetAttributes(semconv.DBStatementKey.String(stmt.DebugSql()))
+
+	var posts []model.Posts
+	if err := stmt.QueryContext(ctx, svc.db, &posts); err != nil {
+		return nil, 0, err
+	}
+
+	return posts, count.Cnt, nil
+}
+
 // GetPosts
 func (svc *Service) GetPosts(ctx context.Context, pagination *requests.Pagination, filter *UserPostFilter) ([]model.Posts, int64, error) {
 	_, span := otel.Start(ctx, "users.service.GetPosts")
@@ -89,3 +162,61 @@ func (svc *Service) GetPosts(ctx context.Context, pagination *requests.Paginatio

 	return posts, count.Cnt, nil
 }
+
+// GetPostByHash
+func (svc *Service) GetPostByHash(ctx context.Context, tenantID int64, hash string) (*model.Posts, error) {
+	_, span := otel.Start(ctx, "users.service.GetPostByHash")
+	defer span.End()
+	span.SetAttributes(
+		attribute.String("hash", hash),
+	)
+	tbl := table.Posts
+
+	stmt := tbl.
+		SELECT(tbl.AllColumns).
+		WHERE(
+			tbl.Hash.EQ(String(hash)).AND(
+				tbl.TenantID.EQ(Int64(tenantID)),
+			),
+		)
+	span.SetAttributes(semconv.DBStatementKey.String(stmt.DebugSql()))
+
+	var post model.Posts
+	if err := stmt.QueryContext(ctx, svc.db, &post); err != nil {
+		return nil, err
+	}
+
+	return &post, nil
+}
+
+// GetUserBoughtPosts
+func (svc *Service) GetUserBoughtIDs(ctx context.Context, tenantID, userID int64) ([]int64, error) {
+	_, span := otel.Start(ctx, "users.service.GetUserBoughtIDs")
+	defer span.End()
+	span.SetAttributes(
+		attribute.Int64("tenant.id", tenantID),
+		attribute.Int64("user.id", userID),
+	)
+	tbl := table.UserBoughtPosts
+
+	stmt := tbl.
+		SELECT(tbl.PostID.AS("post_id")).
+		WHERE(
+			tbl.TenantID.EQ(Int64(tenantID)).AND(
+				tbl.UserID.EQ(Int64(userID)),
+			),
+		)
+	span.SetAttributes(semconv.DBStatementKey.String(stmt.DebugSql()))
+	type tmp struct {
+		PostID int64
+	}
+
+	var results []tmp
+	if err := stmt.QueryContext(ctx, svc.db, &results); err != nil {
+		return nil, err
+	}
+
+	return lo.Map(results, func(item tmp, _ int) int64 {
+		return item.PostID
+	}), nil
+}
--- a/backend/app/http/tenants/controller.go
+++ b/backend/app/http/tenants/controller.go
@@ -1,9 +1,6 @@
 package tenants

 import (
-	"time"
-
-	"backend/app/consts"
 	"backend/providers/jwt"
 	"backend/providers/otel"

@@ -40,20 +37,11 @@ func (c *Controller) Index(ctx fiber.Ctx, tenant string, claim *jwt.Claims) erro
 		return err
 	}

-	if claim.TenantID == nil {
-		claim.TenantID = &tenantModel.ID
-		token, err := c.jwt.CreateToken(claim)
-		if err != nil {
-			return err
-		}
-
-		ctx.Cookie(&fiber.Cookie{
-			Name:     consts.TokenTypeUser.String(),
-			Value:    token,
-			Expires:  time.Now().Add(6 * time.Hour),
-			HTTPOnly: true,
-		})
-	}
+	// set tenant cookie
+	ctx.Cookie(&fiber.Cookie{
+		Name:  "tenant",
+		Value: tenantModel.Slug,
+	})

 	// TODO:  render page
 	return nil