xc-mall.git - Gitblit

package cc.mrbird.febs.pay.controller;
 
import cc.mrbird.febs.common.enumerates.OrderDeliveryStateEnum;
import cc.mrbird.febs.common.enumerates.OrderStatusEnum;
import cc.mrbird.febs.common.exception.FebsException;
import cc.mrbird.febs.common.utils.ValidateEntityUtils;
import cc.mrbird.febs.mall.entity.MallOrderInfo;
import cc.mrbird.febs.mall.mapper.MallOrderInfoMapper;
import cn.hutool.core.date.DateUtil;
import io.swagger.annotations.Api;
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
 
import javax.annotation.Resource;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
 
@Slf4j
@Controller
@Api(value = "FIUUController", tags = "FIUU支付")
@RequestMapping(value = "/api/fuPayReturn")
public class FiuuReturnController {
 
    private static final String SECRET_KEY = "59c709fc18978a6a83b87f05d37cecbf";
    @Resource
    private MallOrderInfoMapper mallOrderInfoMapper;
 
    // Java 通知接口 暂时停止使用
    @PostMapping("/callback")
    public void handlePaymentCallback(
            @RequestParam("amount") String amount,
            @RequestParam("orderid") String orderId,
            @RequestParam("tranID") String tranId,
            @RequestParam("status") String status,
            @RequestParam("domain") String domain,
            @RequestParam("currency") String currency,
            @RequestParam("paydate") String payDate,
            @RequestParam("approcode") String appCode,
            @RequestParam("skey") String receivedSkey,
            HttpServletResponse response) throws IOException{
 
        // 计算 skey 验证
        String calculatedSkey = calculateSkey(tranId, orderId, status, domain, amount, currency, payDate, appCode);
        MallOrderInfo mallOrderInfo = ValidateEntityUtils
                .ensureColumnReturnEntity(orderId, MallOrderInfo::getId, mallOrderInfoMapper::selectOne, "订单不存在");
        log.info("callback status: {}", status);
        log.info("callback skey: {}", receivedSkey);
        log.info("callback calculatedSkey: {}", calculatedSkey);
        log.info("callback payResult: {}", mallOrderInfo.getPayResult());
        if("1".equals(mallOrderInfo.getPayResult())){
            response.sendRedirect("/pages/order/pay/paySuccess?amount="+amount+"&type=3");
            return;
        }
        if (!calculatedSkey.equalsIgnoreCase(receivedSkey)) {
            // 记录安全警告日志
            throw new FebsException("订单回调失败，---"+orderId);
        }
        if ("00".equals(status)) {
            updateOrderStatus(orderId, status, amount, payDate, tranId);
            response.sendRedirect("/pages/order/pay/paySuccess?amount="+amount+"&type=3");
            return;
        }
    }
 
    private String calculateSkey(String tranId, String orderId, String status,
                                 String domain, String amount, String currency,
                                 String payDate, String appCode) {
        try {
            // 第一步哈希计算
            String preSkey = tranId + orderId + status + domain + amount + currency;
            String preSkeyHash = md5(preSkey);
 
            // 第二步哈希计算
            String finalInput = payDate + domain + preSkeyHash + appCode + SECRET_KEY;
            return md5(finalInput);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("MD5算法不可用", e);
        }
    }
 
    private String md5(String input) throws NoSuchAlgorithmException {
        MessageDigest md = MessageDigest.getInstance("MD5");
        byte[] hashBytes = md.digest(input.getBytes());
 
        StringBuilder hexString = new StringBuilder();
        for (byte b : hashBytes) {
            String hex = Integer.toHexString(0xff & b);
            if (hex.length() == 1) hexString.append('0');
            hexString.append(hex);
        }
        return hexString.toString();
    }
 
    private void updateOrderStatus(String orderId, String status, String amount, String paydate, String tranID) {
        // 实现订单状态更新逻辑（如更新数据库）
        MallOrderInfo mallOrderInfo = ValidateEntityUtils.ensureColumnReturnEntity(orderId, MallOrderInfo::getId, mallOrderInfoMapper::selectOne, "订单不存在");
        ValidateEntityUtils.ensureNotEqual(mallOrderInfo.getPayResult(), "1", "订单已支付");
        ValidateEntityUtils.ensureEqual(mallOrderInfo.getAmount().toString(), amount, "订单金额异常");
        // 更新订单状态
        mallOrderInfo.setPayMethod("FIUU支付");
        mallOrderInfo.setStatus(OrderStatusEnum.WAIT_SHIPPING.getValue());
        mallOrderInfo.setPayResult("1");
        mallOrderInfo.setPayTime(DateUtil.parseDateTime(paydate));
        mallOrderInfo.setDeliveryState(OrderDeliveryStateEnum.DELIVERY_WAIT.getValue());
        mallOrderInfo.setPayOrderNo(tranID);
        mallOrderInfoMapper.updateById(mallOrderInfo);
    }
}