第248集电商账户余额提现到微信钱包架构实战：支付流程、风控对账与企业级资金安全设计

前言

电商平台用户余额提现到微信钱包是典型的资金流转场景，涉及账户余额扣减、第三方支付、风控审核、对账结算等多个环节。本文从架构设计到代码实现，系统梳理企业级提现系统的完整解决方案，确保资金安全与系统稳定。

一、业务架构设计

1.1 核心业务流程

1.2 系统架构图

二、核心组件设计

2.1 提现状态机

public enum WithdrawStatus {
    PENDING("待审核", 1),
    APPROVED("审核通过", 2),
    PROCESSING("处理中", 3),
    SUCCESS("提现成功", 4),
    FAILED("提现失败", 5),
    CANCELLED("已取消", 6),
    REFUNDED("已退款", 7);

    private final String description;
    private final int code;

    WithdrawStatus(String description, int code) {
        this.description = description;
        this.code = code;
    }

    // 状态转换规则
    public boolean canTransitionTo(WithdrawStatus target) {
        switch (this) {
            case PENDING:
                return target == APPROVED || target == CANCELLED;
            case APPROVED:
                return target == PROCESSING || target == CANCELLED;
            case PROCESSING:
                return target == SUCCESS || target == FAILED || target == REFUNDED;
            case SUCCESS:
            case FAILED:
            case CANCELLED:
            case REFUNDED:
                return false; // 终态
            default:
                return false;
        }
    }
}

2.2 提现实体设计

@Entity
@Table(name = "withdraw_order")
@Data
public class WithdrawOrder {

    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Long id;

    @Column(name = "order_no", unique = true, nullable = false)
    private String orderNo;

    @Column(name = "user_id", nullable = false)
    private Long userId;

    @Column(name = "amount", nullable = false)
    private BigDecimal amount;

    @Column(name = "fee", nullable = false)
    private BigDecimal fee;

    @Column(name = "actual_amount", nullable = false)
    private BigDecimal actualAmount;

    @Enumerated(EnumType.STRING)
    @Column(name = "status", nullable = false)
    private WithdrawStatus status;

    @Column(name = "wechat_openid")
    private String wechatOpenid;

    @Column(name = "wechat_order_id")
    private String wechatOrderId;

    @Column(name = "remark")
    private String remark;

    @Column(name = "create_time", nullable = false)
    private LocalDateTime createTime;

    @Column(name = "update_time", nullable = false)
    private LocalDateTime updateTime;

    @Column(name = "version", nullable = false)
    @Version
    private Integer version;
}

三、核心服务实现

3.1 提现服务

@Service
@Transactional
@Slf4j
public class WithdrawService {

    @Autowired
    private WithdrawOrderMapper withdrawOrderMapper;

    @Autowired
    private AccountService accountService;

    @Autowired
    private WechatPayService wechatPayService;

    @Autowired
    private RiskControlService riskControlService;

    @Autowired
    private NotificationService notificationService;

    @Autowired
    private RedisTemplate<String, Object> redisTemplate;

    /**
     * 发起提现申请
     */
    public WithdrawResult submitWithdraw(WithdrawRequest request) {
        // 1. 参数校验
        validateWithdrawRequest(request);

        // 2. 幂等性检查
        String idempotentKey = "withdraw:" + request.getUserId() + ":" + request.getAmount();
        if (redisTemplate.hasKey(idempotentKey)) {
            throw new BusinessException("重复提交，请稍后再试");
        }

        // 3. 风控审核
        RiskControlResult riskResult = riskControlService.checkWithdrawRisk(request);
        if (!riskResult.isPass()) {
            return WithdrawResult.failed(riskResult.getReason());
        }

        // 4. 创建提现订单
        WithdrawOrder order = createWithdrawOrder(request);
        withdrawOrderMapper.insert(order);

        // 5. 冻结余额
        accountService.freezeBalance(request.getUserId(), request.getAmount());

        // 6. 设置幂等性标记
        redisTemplate.opsForValue().set(idempotentKey, order.getOrderNo(), Duration.ofMinutes(5));

        // 7. 异步处理提现
        CompletableFuture.runAsync(() -> processWithdraw(order.getId()));

        return WithdrawResult.success(order.getOrderNo());
    }

    /**
     * 处理提现
     */
    @Async("withdrawExecutor")
    public void processWithdraw(Long orderId) {
        WithdrawOrder order = withdrawOrderMapper.selectById(orderId);
        if (order == null) {
            log.error("提现订单不存在: {}", orderId);
            return;
        }

        try {
            // 1. 更新状态为处理中
            updateOrderStatus(order, WithdrawStatus.PROCESSING);

            // 2. 调用微信支付API
            WechatPayResult payResult = wechatPayService.transferToWallet(
                order.getWechatOpenid(),
                order.getActualAmount(),
                order.getOrderNo()
            );

            if (payResult.isSuccess()) {
                // 3. 提现成功
                order.setWechatOrderId(payResult.getTransactionId());
                updateOrderStatus(order, WithdrawStatus.SUCCESS);

                // 4. 扣减余额
                accountService.deductBalance(order.getUserId(), order.getAmount());

                // 5. 发送成功通知
                notificationService.sendWithdrawSuccessNotification(order);

            } else {
                // 6. 提现失败
                updateOrderStatus(order, WithdrawStatus.FAILED);

                // 7. 解冻余额
                accountService.unfreezeBalance(order.getUserId(), order.getAmount());

                // 8. 发送失败通知
                notificationService.sendWithdrawFailedNotification(order, payResult.getErrorMessage());
            }

        } catch (Exception e) {
            log.error("处理提现异常: orderId={}", orderId, e);

            // 异常处理
            updateOrderStatus(order, WithdrawStatus.FAILED);
            accountService.unfreezeBalance(order.getUserId(), order.getAmount());
            notificationService.sendWithdrawFailedNotification(order, "系统异常，请联系客服");
        }
    }

    /**
     * 更新订单状态
     */
    private void updateOrderStatus(WithdrawOrder order, WithdrawStatus newStatus) {
        if (!order.getStatus().canTransitionTo(newStatus)) {
            throw new BusinessException("状态转换不合法: " + order.getStatus() + " -> " + newStatus);
        }

        order.setStatus(newStatus);
        order.setUpdateTime(LocalDateTime.now());
        withdrawOrderMapper.updateById(order);
    }

    /**
     * 创建提现订单
     */
    private WithdrawOrder createWithdrawOrder(WithdrawRequest request) {
        WithdrawOrder order = new WithdrawOrder();
        order.setOrderNo(generateOrderNo());
        order.setUserId(request.getUserId());
        order.setAmount(request.getAmount());
        order.setFee(calculateFee(request.getAmount()));
        order.setActualAmount(request.getAmount().subtract(order.getFee()));
        order.setStatus(WithdrawStatus.PENDING);
        order.setWechatOpenid(request.getWechatOpenid());
        order.setRemark(request.getRemark());
        order.setCreateTime(LocalDateTime.now());
        order.setUpdateTime(LocalDateTime.now());
        order.setVersion(1);
        return order;
    }

    /**
     * 生成订单号
     */
    private String generateOrderNo() {
        return "WD" + System.currentTimeMillis() + RandomUtils.nextInt(1000, 9999);
    }

    /**
     * 计算手续费
     */
    private BigDecimal calculateFee(BigDecimal amount) {
        // 手续费计算规则：每笔最低0.1元，最高5元，费率0.1%
        BigDecimal fee = amount.multiply(new BigDecimal("0.001"));
        if (fee.compareTo(new BigDecimal("0.1")) < 0) {
            fee = new BigDecimal("0.1");
        } else if (fee.compareTo(new BigDecimal("5")) > 0) {
            fee = new BigDecimal("5");
        }
        return fee;
    }
}

3.2 微信支付服务

@Service
@Slf4j
public class WechatPayService {

    @Value("${wechat.pay.appid}")
    private String appId;

    @Value("${wechat.pay.mchid}")
    private String mchId;

    @Value("${wechat.pay.api-key}")
    private String apiKey;

    @Value("${wechat.pay.cert-path}")
    private String certPath;

    @Autowired
    private RestTemplate restTemplate;

    /**
     * 转账到微信钱包
     */
    public WechatPayResult transferToWallet(String openid, BigDecimal amount, String orderNo) {
        try {
            // 1. 构建请求参数
            Map<String, Object> params = buildTransferParams(openid, amount, orderNo);

            // 2. 签名
            String sign = generateSign(params);
            params.put("sign", sign);

            // 3. 发送请求
            String xml = mapToXml(params);
            String response = restTemplate.postForObject(
                "https://api.mch.weixin.qq.com/mmpaymkttransfers/promotion/transfers",
                xml,
                String.class
            );

            // 4. 解析响应
            Map<String, Object> responseMap = xmlToMap(response);

            // 5. 验证签名
            if (!verifySign(responseMap)) {
                throw new BusinessException("微信支付签名验证失败");
            }

            // 6. 处理结果
            if ("SUCCESS".equals(responseMap.get("result_code"))) {
                return WechatPayResult.success(responseMap.get("partner_trade_no").toString());
            } else {
                return WechatPayResult.failed(responseMap.get("err_code_des").toString());
            }

        } catch (Exception e) {
            log.error("微信支付转账异常: openid={}, amount={}, orderNo={}", openid, amount, orderNo, e);
            return WechatPayResult.failed("系统异常: " + e.getMessage());
        }
    }

    /**
     * 构建转账参数
     */
    private Map<String, Object> buildTransferParams(String openid, BigDecimal amount, String orderNo) {
        Map<String, Object> params = new HashMap<>();
        params.put("mch_appid", appId);
        params.put("mchid", mchId);
        params.put("nonce_str", generateNonceStr());
        params.put("partner_trade_no", orderNo);
        params.put("openid", openid);
        params.put("check_name", "NO_CHECK");
        params.put("amount", amount.multiply(new BigDecimal("100")).intValue()); // 转换为分
        params.put("desc", "账户余额提现");
        params.put("spbill_create_ip", getClientIp());
        return params;
    }

    /**
     * 生成签名
     */
    private String generateSign(Map<String, Object> params) {
        // 1. 参数排序
        List<String> keys = new ArrayList<>(params.keySet());
        keys.sort(String::compareTo);

        // 2. 拼接字符串
        StringBuilder sb = new StringBuilder();
        for (String key : keys) {
            Object value = params.get(key);
            if (value != null && !value.toString().isEmpty()) {
                sb.append(key).append("=").append(value).append("&");
            }
        }
        sb.append("key=").append(apiKey);

        // 3. MD5签名
        return DigestUtils.md5Hex(sb.toString()).toUpperCase();
    }

    /**
     * 验证签名
     */
    private boolean verifySign(Map<String, Object> params) {
        String sign = params.get("sign").toString();
        params.remove("sign");
        String calculatedSign = generateSign(params);
        return sign.equals(calculatedSign);
    }

    /**
     * Map转XML
     */
    private String mapToXml(Map<String, Object> params) {
        StringBuilder sb = new StringBuilder();
        sb.append("<xml>");
        for (Map.Entry<String, Object> entry : params.entrySet()) {
            sb.append("<").append(entry.getKey()).append(">")
              .append(entry.getValue())
              .append("</").append(entry.getKey()).append(">");
        }
        sb.append("</xml>");
        return sb.toString();
    }

    /**
     * XML转Map
     */
    private Map<String, Object> xmlToMap(String xml) {
        // XML解析实现
        // 这里使用简化的实现，实际项目中建议使用专业的XML解析库
        Map<String, Object> map = new HashMap<>();
        // 解析逻辑...
        return map;
    }

    /**
     * 生成随机字符串
     */
    private String generateNonceStr() {
        return UUID.randomUUID().toString().replace("-", "");
    }

    /**
     * 获取客户端IP
     */
    private String getClientIp() {
        // 获取客户端IP的实现
        return "127.0.0.1";
    }
}

3.3 风控服务

@Service
@Slf4j
public class RiskControlService {

    @Autowired
    private WithdrawOrderMapper withdrawOrderMapper;

    @Autowired
    private UserMapper userMapper;

    @Autowired
    private RedisTemplate<String, Object> redisTemplate;

    /**
     * 提现风控检查
     */
    public RiskControlResult checkWithdrawRisk(WithdrawRequest request) {
        try {
            // 1. 基础风控检查
            RiskControlResult basicResult = checkBasicRisk(request);
            if (!basicResult.isPass()) {
                return basicResult;
            }

            // 2. 频率限制检查
            RiskControlResult frequencyResult = checkFrequencyLimit(request);
            if (!frequencyResult.isPass()) {
                return frequencyResult;
            }

            // 3. 金额限制检查
            RiskControlResult amountResult = checkAmountLimit(request);
            if (!amountResult.isPass()) {
                return amountResult;
            }

            // 4. 用户行为分析
            RiskControlResult behaviorResult = checkUserBehavior(request);
            if (!behaviorResult.isPass()) {
                return behaviorResult;
            }

            return RiskControlResult.pass();

        } catch (Exception e) {
            log.error("风控检查异常: userId={}, amount={}", request.getUserId(), request.getAmount(), e);
            return RiskControlResult.failed("风控系统异常，请稍后再试");
        }
    }

    /**
     * 基础风控检查
     */
    private RiskControlResult checkBasicRisk(WithdrawRequest request) {
        // 1. 用户状态检查
        User user = userMapper.selectById(request.getUserId());
        if (user == null || !user.isActive()) {
            return RiskControlResult.failed("用户状态异常");
        }

        // 2. 微信OpenID检查
        if (StringUtils.isEmpty(request.getWechatOpenid())) {
            return RiskControlResult.failed("微信OpenID不能为空");
        }

        // 3. 金额检查
        if (request.getAmount().compareTo(BigDecimal.ZERO) <= 0) {
            return RiskControlResult.failed("提现金额必须大于0");
        }

        return RiskControlResult.pass();
    }

    /**
     * 频率限制检查
     */
    private RiskControlResult checkFrequencyLimit(WithdrawRequest request) {
        String key = "withdraw_frequency:" + request.getUserId();

        // 1. 日提现次数限制
        String dailyKey = key + ":daily:" + LocalDate.now().toString();
        Integer dailyCount = (Integer) redisTemplate.opsForValue().get(dailyKey);
        if (dailyCount != null && dailyCount >= 5) {
            return RiskControlResult.failed("今日提现次数已达上限");
        }

        // 2. 小时提现次数限制
        String hourlyKey = key + ":hourly:" + LocalDateTime.now().format(DateTimeFormatter.ofPattern("yyyyMMddHH"));
        Integer hourlyCount = (Integer) redisTemplate.opsForValue().get(hourlyKey);
        if (hourlyCount != null && hourlyCount >= 3) {
            return RiskControlResult.failed("提现过于频繁，请稍后再试");
        }

        // 3. 更新计数器
        redisTemplate.opsForValue().increment(dailyKey);
        redisTemplate.expire(dailyKey, Duration.ofDays(1));
        redisTemplate.opsForValue().increment(hourlyKey);
        redisTemplate.expire(hourlyKey, Duration.ofHours(1));

        return RiskControlResult.pass();
    }

    /**
     * 金额限制检查
     */
    private RiskControlResult checkAmountLimit(WithdrawRequest request) {
        // 1. 单笔提现限额
        if (request.getAmount().compareTo(new BigDecimal("10000")) > 0) {
            return RiskControlResult.failed("单笔提现金额不能超过10000元");
        }

        // 2. 日提现限额
        String dailyAmountKey = "withdraw_amount:daily:" + request.getUserId() + ":" + LocalDate.now().toString();
        BigDecimal dailyAmount = (BigDecimal) redisTemplate.opsForValue().get(dailyAmountKey);
        if (dailyAmount != null && dailyAmount.add(request.getAmount()).compareTo(new BigDecimal("50000")) > 0) {
            return RiskControlResult.failed("今日提现金额已达上限");
        }

        // 3. 更新日提现金额
        if (dailyAmount == null) {
            dailyAmount = BigDecimal.ZERO;
        }
        redisTemplate.opsForValue().set(dailyAmountKey, dailyAmount.add(request.getAmount()));
        redisTemplate.expire(dailyAmountKey, Duration.ofDays(1));

        return RiskControlResult.pass();
    }

    /**
     * 用户行为分析
     */
    private RiskControlResult checkUserBehavior(WithdrawRequest request) {
        // 1. 检查用户历史提现记录
        List<WithdrawOrder> historyOrders = withdrawOrderMapper.selectByUserIdAndTimeRange(
            request.getUserId(),
            LocalDateTime.now().minusDays(30),
            LocalDateTime.now()
        );

        // 2. 异常行为检测
        if (historyOrders.size() > 20) {
            return RiskControlResult.failed("提现频率过高，请稍后再试");
        }

        // 3. 大额提现检查
        if (request.getAmount().compareTo(new BigDecimal("5000")) > 0) {
            // 需要人工审核
            return RiskControlResult.manualReview("大额提现需要人工审核");
        }

        return RiskControlResult.pass();
    }
}

3.4 账户服务

@Service
@Transactional
@Slf4j
public class AccountService {

    @Autowired
    private AccountMapper accountMapper;

    @Autowired
    private AccountTransactionMapper transactionMapper;

    @Autowired
    private RedisTemplate<String, Object> redisTemplate;

    /**
     * 冻结余额
     */
    public void freezeBalance(Long userId, BigDecimal amount) {
        String lockKey = "account_lock:" + userId;
        RLock lock = redissonClient.getLock(lockKey);

        try {
            if (lock.tryLock(10, TimeUnit.SECONDS)) {
                Account account = accountMapper.selectByUserId(userId);
                if (account == null) {
                    throw new BusinessException("账户不存在");
                }

                if (account.getAvailableBalance().compareTo(amount) < 0) {
                    throw new BusinessException("余额不足");
                }

                // 更新账户余额
                account.setAvailableBalance(account.getAvailableBalance().subtract(amount));
                account.setFrozenBalance(account.getFrozenBalance().add(amount));
                account.setUpdateTime(LocalDateTime.now());
                accountMapper.updateById(account);

                // 记录交易流水
                AccountTransaction transaction = new AccountTransaction();
                transaction.setUserId(userId);
                transaction.setType(TransactionType.FREEZE);
                transaction.setAmount(amount);
                transaction.setBalance(account.getAvailableBalance());
                transaction.setDescription("提现冻结");
                transaction.setCreateTime(LocalDateTime.now());
                transactionMapper.insert(transaction);

            } else {
                throw new BusinessException("账户操作超时，请稍后再试");
            }
        } finally {
            if (lock.isHeldByCurrentThread()) {
                lock.unlock();
            }
        }
    }

    /**
     * 解冻余额
     */
    public void unfreezeBalance(Long userId, BigDecimal amount) {
        String lockKey = "account_lock:" + userId;
        RLock lock = redissonClient.getLock(lockKey);

        try {
            if (lock.tryLock(10, TimeUnit.SECONDS)) {
                Account account = accountMapper.selectByUserId(userId);
                if (account == null) {
                    throw new BusinessException("账户不存在");
                }

                if (account.getFrozenBalance().compareTo(amount) < 0) {
                    throw new BusinessException("冻结余额不足");
                }

                // 更新账户余额
                account.setAvailableBalance(account.getAvailableBalance().add(amount));
                account.setFrozenBalance(account.getFrozenBalance().subtract(amount));
                account.setUpdateTime(LocalDateTime.now());
                accountMapper.updateById(account);

                // 记录交易流水
                AccountTransaction transaction = new AccountTransaction();
                transaction.setUserId(userId);
                transaction.setType(TransactionType.UNFREEZE);
                transaction.setAmount(amount);
                transaction.setBalance(account.getAvailableBalance());
                transaction.setDescription("提现解冻");
                transaction.setCreateTime(LocalDateTime.now());
                transactionMapper.insert(transaction);

            } else {
                throw new BusinessException("账户操作超时，请稍后再试");
            }
        } finally {
            if (lock.isHeldByCurrentThread()) {
                lock.unlock();
            }
        }
    }

    /**
     * 扣减余额
     */
    public void deductBalance(Long userId, BigDecimal amount) {
        String lockKey = "account_lock:" + userId;
        RLock lock = redissonClient.getLock(lockKey);

        try {
            if (lock.tryLock(10, TimeUnit.SECONDS)) {
                Account account = accountMapper.selectByUserId(userId);
                if (account == null) {
                    throw new BusinessException("账户不存在");
                }

                if (account.getFrozenBalance().compareTo(amount) < 0) {
                    throw new BusinessException("冻结余额不足");
                }

                // 更新账户余额
                account.setFrozenBalance(account.getFrozenBalance().subtract(amount));
                account.setTotalBalance(account.getTotalBalance().subtract(amount));
                account.setUpdateTime(LocalDateTime.now());
                accountMapper.updateById(account);

                // 记录交易流水
                AccountTransaction transaction = new AccountTransaction();
                transaction.setUserId(userId);
                transaction.setType(TransactionType.DEDUCT);
                transaction.setAmount(amount);
                transaction.setBalance(account.getTotalBalance());
                transaction.setDescription("提现扣减");
                transaction.setCreateTime(LocalDateTime.now());
                transactionMapper.insert(transaction);

            } else {
                throw new BusinessException("账户操作超时，请稍后再试");
            }
        } finally {
            if (lock.isHeldByCurrentThread()) {
                lock.unlock();
            }
        }
    }
}

四、分布式事务处理

4.1 基于消息队列的最终一致性

@Component
@Slf4j
public class WithdrawTransactionManager {

    @Autowired
    private RabbitTemplate rabbitTemplate;

    @Autowired
    private WithdrawOrderMapper withdrawOrderMapper;

    @Autowired
    private AccountService accountService;

    /**
     * 发送提现消息
     */
    public void sendWithdrawMessage(WithdrawOrder order) {
        WithdrawMessage message = new WithdrawMessage();
        message.setOrderId(order.getId());
        message.setUserId(order.getUserId());
        message.setAmount(order.getAmount());
        message.setWechatOpenid(order.getWechatOpenid());
        message.setTimestamp(System.currentTimeMillis());

        rabbitTemplate.convertAndSend("withdraw.exchange", "withdraw.process", message);
    }

    /**
     * 处理提现消息
     */
    @RabbitListener(queues = "withdraw.process.queue")
    public void handleWithdrawMessage(WithdrawMessage message) {
        try {
            // 1. 检查订单状态
            WithdrawOrder order = withdrawOrderMapper.selectById(message.getOrderId());
            if (order == null || order.getStatus() != WithdrawStatus.APPROVED) {
                log.warn("提现订单状态异常: orderId={}", message.getOrderId());
                return;
            }

            // 2. 更新状态为处理中
            order.setStatus(WithdrawStatus.PROCESSING);
            order.setUpdateTime(LocalDateTime.now());
            withdrawOrderMapper.updateById(order);

            // 3. 发送微信支付消息
            sendWechatPayMessage(message);

        } catch (Exception e) {
            log.error("处理提现消息异常: message={}", message, e);
            // 发送失败消息
            sendWithdrawFailedMessage(message, e.getMessage());
        }
    }

    /**
     * 发送微信支付消息
     */
    private void sendWechatPayMessage(WithdrawMessage message) {
        WechatPayMessage payMessage = new WechatPayMessage();
        payMessage.setOrderId(message.getOrderId());
        payMessage.setUserId(message.getUserId());
        payMessage.setAmount(message.getAmount());
        payMessage.setWechatOpenid(message.getWechatOpenid());
        payMessage.setTimestamp(System.currentTimeMillis());

        rabbitTemplate.convertAndSend("wechatpay.exchange", "wechatpay.transfer", payMessage);
    }

    /**
     * 处理微信支付结果
     */
    @RabbitListener(queues = "wechatpay.result.queue")
    public void handleWechatPayResult(WechatPayResultMessage resultMessage) {
        try {
            WithdrawOrder order = withdrawOrderMapper.selectById(resultMessage.getOrderId());
            if (order == null) {
                log.warn("提现订单不存在: orderId={}", resultMessage.getOrderId());
                return;
            }

            if (resultMessage.isSuccess()) {
                // 支付成功，扣减余额
                accountService.deductBalance(order.getUserId(), order.getAmount());
                order.setStatus(WithdrawStatus.SUCCESS);
                order.setWechatOrderId(resultMessage.getTransactionId());
            } else {
                // 支付失败，解冻余额
                accountService.unfreezeBalance(order.getUserId(), order.getAmount());
                order.setStatus(WithdrawStatus.FAILED);
            }

            order.setUpdateTime(LocalDateTime.now());
            withdrawOrderMapper.updateById(order);

        } catch (Exception e) {
            log.error("处理微信支付结果异常: resultMessage={}", resultMessage, e);
        }
    }
}

4.2 补偿机制

@Component
@Slf4j
public class WithdrawCompensationService {

    @Autowired
    private WithdrawOrderMapper withdrawOrderMapper;

    @Autowired
    private AccountService accountService;

    @Autowired
    private WechatPayService wechatPayService;

    /**
     * 补偿处理
     */
    @Scheduled(fixedDelay = 300000) // 5分钟执行一次
    public void compensateWithdrawOrders() {
        // 1. 查找超时的处理中订单
        List<WithdrawOrder> timeoutOrders = withdrawOrderMapper.selectTimeoutProcessingOrders(
            LocalDateTime.now().minusMinutes(10)
        );

        for (WithdrawOrder order : timeoutOrders) {
            try {
                // 2. 查询微信支付状态
                WechatPayResult payResult = wechatPayService.queryTransferStatus(order.getWechatOrderId());

                if (payResult.isSuccess()) {
                    // 3. 支付成功，扣减余额
                    accountService.deductBalance(order.getUserId(), order.getAmount());
                    order.setStatus(WithdrawStatus.SUCCESS);
                } else {
                    // 4. 支付失败，解冻余额
                    accountService.unfreezeBalance(order.getUserId(), order.getAmount());
                    order.setStatus(WithdrawStatus.FAILED);
                }

                order.setUpdateTime(LocalDateTime.now());
                withdrawOrderMapper.updateById(order);

                log.info("补偿处理完成: orderId={}, status={}", order.getId(), order.getStatus());

            } catch (Exception e) {
                log.error("补偿处理异常: orderId={}", order.getId(), e);
            }
        }
    }
}

五、监控与告警

5.1 业务监控

@Component
@Slf4j
public class WithdrawMonitor {

    private final MeterRegistry meterRegistry;
    private final Counter successCounter;
    private final Counter failedCounter;
    private final Timer processTimer;

    public WithdrawMonitor(MeterRegistry meterRegistry) {
        this.meterRegistry = meterRegistry;
        this.successCounter = Counter.builder("withdraw.success.count")
                .description("提现成功次数")
                .register(meterRegistry);
        this.failedCounter = Counter.builder("withdraw.failed.count")
                .description("提现失败次数")
                .register(meterRegistry);
        this.processTimer = Timer.builder("withdraw.process.time")
                .description("提现处理时间")
                .register(meterRegistry);
    }

    /**
     * 记录提现成功
     */
    public void recordSuccess(BigDecimal amount) {
        successCounter.increment();
        meterRegistry.gauge("withdraw.success.amount", amount.doubleValue());
    }

    /**
     * 记录提现失败
     */
    public void recordFailed(String reason) {
        failedCounter.increment();
        meterRegistry.counter("withdraw.failed.reason", "reason", reason).increment();
    }

    /**
     * 记录处理时间
     */
    public void recordProcessTime(Duration duration) {
        processTimer.record(duration);
    }
}

5.2 告警配置

# Prometheus告警规则
groups:
  - name: withdraw-alerts
    rules:
      - alert: WithdrawFailureRateHigh
        expr: rate(withdraw_failed_count[5m]) / rate(withdraw_success_count[5m] + withdraw_failed_count[5m]) > 0.1
        for: 2m
        labels:
          severity: warning
        annotations:
          summary: "提现失败率过高"

      - alert: WithdrawProcessTimeHigh
        expr: histogram_quantile(0.95, rate(withdraw_process_time_bucket[5m])) > 30
        for: 1m
        labels:
          severity: warning
        annotations:
          summary: "提现处理时间过长"

      - alert: WithdrawVolumeAbnormal
        expr: rate(withdraw_success_amount[1h]) > 100000
        for: 5m
        labels:
          severity: critical
        annotations:
          summary: "提现金额异常"

六、安全防护

6.1 接口安全

@RestController
@RequestMapping("/api/withdraw")
@Slf4j
public class WithdrawController {

    @Autowired
    private WithdrawService withdrawService;

    @Autowired
    private RateLimiter rateLimiter;

    /**
     * 发起提现
     */
    @PostMapping("/submit")
    @RateLimit(key = "#request.userId", limit = 10, window = 60) // 每分钟最多10次
    public ResponseEntity<WithdrawResult> submitWithdraw(
            @Valid @RequestBody WithdrawRequest request,
            HttpServletRequest httpRequest) {

        try {
            // 1. 限流检查
            if (!rateLimiter.tryAcquire()) {
                return ResponseEntity.status(429).body(WithdrawResult.failed("请求过于频繁"));
            }

            // 2. 参数校验
            validateWithdrawRequest(request);

            // 3. 用户身份验证
            Long userId = getCurrentUserId(httpRequest);
            request.setUserId(userId);

            // 4. 发起提现
            WithdrawResult result = withdrawService.submitWithdraw(request);

            return ResponseEntity.ok(result);

        } catch (BusinessException e) {
            log.warn("提现业务异常: userId={}, error={}", request.getUserId(), e.getMessage());
            return ResponseEntity.badRequest().body(WithdrawResult.failed(e.getMessage()));
        } catch (Exception e) {
            log.error("提现系统异常: userId={}", request.getUserId(), e);
            return ResponseEntity.status(500).body(WithdrawResult.failed("系统异常，请稍后再试"));
        }
    }

    /**
     * 查询提现状态
     */
    @GetMapping("/status/{orderNo}")
    public ResponseEntity<WithdrawStatusResponse> getWithdrawStatus(
            @PathVariable String orderNo,
            HttpServletRequest httpRequest) {

        try {
            Long userId = getCurrentUserId(httpRequest);
            WithdrawOrder order = withdrawService.getWithdrawOrderByOrderNo(orderNo);

            if (order == null || !order.getUserId().equals(userId)) {
                return ResponseEntity.notFound().build();
            }

            WithdrawStatusResponse response = new WithdrawStatusResponse();
            response.setOrderNo(order.getOrderNo());
            response.setStatus(order.getStatus());
            response.setAmount(order.getAmount());
            response.setCreateTime(order.getCreateTime());
            response.setUpdateTime(order.getUpdateTime());

            return ResponseEntity.ok(response);

        } catch (Exception e) {
            log.error("查询提现状态异常: orderNo={}", orderNo, e);
            return ResponseEntity.status(500).build();
        }
    }
}

6.2 数据加密

@Component
public class DataEncryptionService {

    @Value("${encryption.key}")
    private String encryptionKey;

    /**
     * 加密敏感数据
     */
    public String encrypt(String plainText) {
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            SecretKeySpec keySpec = new SecretKeySpec(encryptionKey.getBytes(), "AES");
            IvParameterSpec ivSpec = new IvParameterSpec(encryptionKey.substring(0, 16).getBytes());
            cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec);

            byte[] encrypted = cipher.doFinal(plainText.getBytes());
            return Base64.getEncoder().encodeToString(encrypted);
        } catch (Exception e) {
            throw new RuntimeException("数据加密失败", e);
        }
    }

    /**
     * 解密敏感数据
     */
    public String decrypt(String encryptedText) {
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            SecretKeySpec keySpec = new SecretKeySpec(encryptionKey.getBytes(), "AES");
            IvParameterSpec ivSpec = new IvParameterSpec(encryptionKey.substring(0, 16).getBytes());
            cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);

            byte[] decrypted = cipher.doFinal(Base64.getDecoder().decode(encryptedText));
            return new String(decrypted);
        } catch (Exception e) {
            throw new RuntimeException("数据解密失败", e);
        }
    }
}

七、测试策略

7.1 单元测试

@SpringBootTest
@Transactional
class WithdrawServiceTest {

    @Autowired
    private WithdrawService withdrawService;

    @Autowired
    private AccountService accountService;

    @MockBean
    private WechatPayService wechatPayService;

    @Test
    void testSubmitWithdraw_Success() {
        // 准备测试数据
        WithdrawRequest request = new WithdrawRequest();
        request.setUserId(1L);
        request.setAmount(new BigDecimal("100"));
        request.setWechatOpenid("test_openid");

        // 模拟微信支付成功
        when(wechatPayService.transferToWallet(any(), any(), any()))
                .thenReturn(WechatPayResult.success("transaction_id"));

        // 执行测试
        WithdrawResult result = withdrawService.submitWithdraw(request);

        // 验证结果
        assertThat(result.isSuccess()).isTrue();
        assertThat(result.getOrderNo()).isNotNull();
    }

    @Test
    void testSubmitWithdraw_InsufficientBalance() {
        // 准备测试数据
        WithdrawRequest request = new WithdrawRequest();
        request.setUserId(1L);
        request.setAmount(new BigDecimal("10000")); // 超过余额

        // 执行测试并验证异常
        assertThatThrownBy(() -> withdrawService.submitWithdraw(request))
                .isInstanceOf(BusinessException.class)
                .hasMessage("余额不足");
    }
}

7.2 集成测试

@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
@TestPropertySource(properties = {
    "wechat.pay.appid=test_appid",
    "wechat.pay.mchid=test_mchid",
    "wechat.pay.api-key=test_key"
})
class WithdrawIntegrationTest {

    @Autowired
    private TestRestTemplate restTemplate;

    @Autowired
    private WithdrawOrderMapper withdrawOrderMapper;

    @Test
    void testWithdrawFlow_EndToEnd() {
        // 1. 准备用户数据
        createTestUser();

        // 2. 发起提现请求
        WithdrawRequest request = new WithdrawRequest();
        request.setAmount(new BigDecimal("100"));
        request.setWechatOpenid("test_openid");

        ResponseEntity<WithdrawResult> response = restTemplate.postForEntity(
                "/api/withdraw/submit", request, WithdrawResult.class);

        // 3. 验证响应
        assertThat(response.getStatusCode()).isEqualTo(HttpStatus.OK);
        assertThat(response.getBody().isSuccess()).isTrue();

        // 4. 验证数据库状态
        WithdrawOrder order = withdrawOrderMapper.selectByOrderNo(response.getBody().getOrderNo());
        assertThat(order).isNotNull();
        assertThat(order.getStatus()).isEqualTo(WithdrawStatus.PROCESSING);
    }
}

八、部署与运维

8.1 Docker配置

FROM openjdk:11-jre-slim

COPY target/withdraw-service.jar app.jar

EXPOSE 8080

ENTRYPOINT ["java", "-jar", "/app.jar"]

8.2 Kubernetes配置

apiVersion: apps/v1
kind: Deployment
metadata:
  name: withdraw-service
spec:
  replicas: 3
  selector:
    matchLabels:
      app: withdraw-service
  template:
    metadata:
      labels:
        app: withdraw-service
    spec:
      containers:
      - name: withdraw-service
        image: withdraw-service:latest
        ports:
        - containerPort: 8080
        env:
        - name: SPRING_PROFILES_ACTIVE
          value: "prod"
        resources:
          requests:
            memory: "512Mi"
            cpu: "500m"
          limits:
            memory: "1Gi"
            cpu: "1000m"
        livenessProbe:
          httpGet:
            path: /actuator/health
            port: 8080
          initialDelaySeconds: 30
          periodSeconds: 10
        readinessProbe:
          httpGet:
            path: /actuator/health
            port: 8080
          initialDelaySeconds: 5
          periodSeconds: 5

九、总结

电商账户余额提现到微信钱包是一个复杂的业务场景，涉及多个系统的协调配合。通过合理的架构设计、完善的风控机制、可靠的分布式事务处理和全面的监控告警，可以构建一个稳定、安全、高效的提现系统。

关键要点：

业务架构：清晰的状态机设计和业务流程控制
技术架构：微服务化、异步处理、消息队列
安全防护：风控系统、接口限流、数据加密
监控运维：全链路监控、异常告警、自动补偿
测试保障：单元测试、集成测试、压力测试

通过本文的实践指导，读者可以快速搭建企业级的提现系统，为电商平台的资金流转提供强有力的技术支撑。