| | |
|---|
| | | import cn.hutool.core.date.DateUtil; |
|---|
| | | import io.swagger.annotations.Api; |
|---|
| | | import lombok.extern.slf4j.Slf4j; |
|---|
| | | import org.apache.commons.codec.digest.DigestUtils; |
|---|
| | | import org.springframework.stereotype.Controller; |
|---|
| | | import org.springframework.ui.Model; |
|---|
| | | import org.springframework.web.bind.annotation.PostMapping; |
|---|
| | |
|---|
| | | import org.springframework.web.bind.annotation.RequestParam; |
|---|
| | | |
|---|
| | | import javax.annotation.Resource; |
|---|
| | | import java.util.Map; |
|---|
| | | import java.io.IOException; |
|---|
| | | import java.security.MessageDigest; |
|---|
| | | import java.security.NoSuchAlgorithmException; |
|---|
| | | |
|---|
| | | @Slf4j |
|---|
| | | @Controller |
|---|
| | | @Api(value = "FIUUController", tags = "FIUU支付") |
|---|
| | | //@RestController |
|---|
| | | @Api(value = "FiuuReturnController", tags = "FIUU支付-ReturnURL") |
|---|
| | | @RequestMapping(value = "/api/fuPayReturn") |
|---|
| | | public class FiuuReturnController { |
|---|
| | | |
|---|
| | | @PostMapping("/payment/callback") |
|---|
| | | public String handlePaymentCallback( |
|---|
| | | @RequestParam("amount") String amount, |
|---|
| | | @RequestParam("orderid") String orderId, |
|---|
| | | @RequestParam("tranID") String tranId, |
|---|
| | | @RequestParam("status") String status, |
|---|
| | | @RequestParam("domain") String domain, |
|---|
| | | @RequestParam("currency") String currency, |
|---|
| | | @RequestParam("paydate") String payDate, |
|---|
| | | @RequestParam("approcode") String appCode, |
|---|
| | | @RequestParam("skey") String skey, |
|---|
| | | Model model) { |
|---|
| | | |
|---|
| | | // // 验证skey以确保数据完整性 |
|---|
| | | // if (!validateSkey(tranId, orderId, status, domain, amount, currency, payDate, skey)) { |
|---|
| | | // return "error"; // 如果验证失败,跳转到错误页面 |
|---|
| | | // } |
|---|
| | | |
|---|
| | | // 将支付结果信息传递给支付成功页面 |
|---|
| | | model.addAttribute("amount", amount); |
|---|
| | | model.addAttribute("orderId", orderId); |
|---|
| | | model.addAttribute("tranId", tranId); |
|---|
| | | model.addAttribute("status", status); |
|---|
| | | model.addAttribute("currency", currency); |
|---|
| | | model.addAttribute("payDate", payDate); |
|---|
| | | |
|---|
| | | // 跳转到支付成功页面 |
|---|
| | | return "payment-success"; |
|---|
| | | } |
|---|
| | | |
|---|
| | | private boolean validateSkey(String tranId, String orderId, String status, String domain, |
|---|
| | | String amount, String currency, String payDate, String skey) { |
|---|
| | | // 这里实现skey的验证逻辑 |
|---|
| | | // 根据支付网关提供的skey生成规则,生成skey并与传入的skey进行比较 |
|---|
| | | // 如果一致,返回true,否则返回false |
|---|
| | | return true; // 这里假设验证通过 |
|---|
| | | } |
|---|
| | | |
|---|
| | | private static final String SECRET_KEY = "59c709fc18978a6a83b87f05d37cecbf"; |
|---|
| | | @Resource |
|---|
| | | private MallOrderInfoMapper mallOrderInfoMapper; |
|---|
| | | |
|---|
| | | // Java 通知接口 暂时停止使用 |
|---|
| | | @PostMapping("/callback") |
|---|
| | | public String handlePaymentCallback(@RequestParam Map<String, String> params, Model model) { |
|---|
| | | String secretKey = "59c709fc18978a6a83b87f05d37cecbf"; |
|---|
| | | String tranID = params.get("tranID"); |
|---|
| | | String orderId = params.get("orderid"); |
|---|
| | | String status = params.get("status"); |
|---|
| | | String domain = params.get("domain"); |
|---|
| | | String amount = params.get("amount"); |
|---|
| | | String currency = params.get("currency"); |
|---|
| | | String paydate = params.get("paydate"); |
|---|
| | | String skey = params.get("skey"); |
|---|
| | | public void handlePaymentCallback( |
|---|
| | | @RequestParam("amount") String amount, |
|---|
| | | @RequestParam("orderid") String orderId, |
|---|
| | | @RequestParam("tranID") String tranId, |
|---|
| | | @RequestParam("status") String status, |
|---|
| | | @RequestParam("domain") String domain, |
|---|
| | | @RequestParam("currency") String currency, |
|---|
| | | @RequestParam("paydate") String payDate, |
|---|
| | | @RequestParam("approcode") String appCode, |
|---|
| | | @RequestParam("skey") String receivedSkey) throws IOException{ |
|---|
| | | |
|---|
| | | // 计算 skey 验证 |
|---|
| | | String preSkey = DigestUtils.md5Hex(tranID + orderId + status + domain + amount + currency); |
|---|
| | | String calculatedSkey = DigestUtils.md5Hex(paydate + domain + preSkey + secretKey); |
|---|
| | | String calculatedSkey = calculateSkey(tranId, orderId, status, domain, amount, currency, payDate, appCode); |
|---|
| | | MallOrderInfo mallOrderInfo = ValidateEntityUtils |
|---|
| | | .ensureColumnReturnEntity(orderId, MallOrderInfo::getId, mallOrderInfoMapper::selectOne, "订单不存在"); |
|---|
| | | log.info("callback status: {}", status); |
|---|
| | | log.info("callback skey: {}", preSkey); |
|---|
| | | log.info("callback skey: {}", receivedSkey); |
|---|
| | | log.info("callback calculatedSkey: {}", calculatedSkey); |
|---|
| | | log.info("callback payResult: {}", mallOrderInfo.getPayResult()); |
|---|
| | | if("1".equals(mallOrderInfo.getPayResult())){ |
|---|
| | | return "success"; |
|---|
| | | return; |
|---|
| | | } |
|---|
| | | |
|---|
| | | if (!calculatedSkey.equals(skey)) { |
|---|
| | | if (!calculatedSkey.equalsIgnoreCase(receivedSkey)) { |
|---|
| | | // 记录安全警告日志 |
|---|
| | | throw new FebsException("订单回调失败,---"+orderId); |
|---|
| | | } |
|---|
| | | if ("00".equals(status)) { |
|---|
| | | updateOrderStatus(orderId, status, amount, paydate, tranID); |
|---|
| | | return "success"; |
|---|
| | | }else{ |
|---|
| | | return "fail"; |
|---|
| | | updateOrderStatus(orderId, status, amount, payDate, tranId); |
|---|
| | | return; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | private String calculateSkey(String tranId, String orderId, String status, |
|---|
| | | String domain, String amount, String currency, |
|---|
| | | String payDate, String appCode) { |
|---|
| | | try { |
|---|
| | | // 第一步哈希计算 |
|---|
| | | String preSkey = tranId + orderId + status + domain + amount + currency; |
|---|
| | | String preSkeyHash = md5(preSkey); |
|---|
| | | |
|---|
| | | // 第二步哈希计算 |
|---|
| | | String finalInput = payDate + domain + preSkeyHash + appCode + SECRET_KEY; |
|---|
| | | return md5(finalInput); |
|---|
| | | } catch (NoSuchAlgorithmException e) { |
|---|
| | | throw new RuntimeException("MD5算法不可用", e); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | private String md5(String input) throws NoSuchAlgorithmException { |
|---|
| | | MessageDigest md = MessageDigest.getInstance("MD5"); |
|---|
| | | byte[] hashBytes = md.digest(input.getBytes()); |
|---|
| | | |
|---|
| | | StringBuilder hexString = new StringBuilder(); |
|---|
| | | for (byte b : hashBytes) { |
|---|
| | | String hex = Integer.toHexString(0xff & b); |
|---|
| | | if (hex.length() == 1) hexString.append('0'); |
|---|
| | | hexString.append(hex); |
|---|
| | | } |
|---|
| | | return hexString.toString(); |
|---|
| | | } |
|---|
| | | |
|---|
| | | private void updateOrderStatus(String orderId, String status, String amount, String paydate, String tranID) { |
|---|
| | | // 实现订单状态更新逻辑(如更新数据库) |
|---|
| | | MallOrderInfo mallOrderInfo = ValidateEntityUtils.ensureColumnReturnEntity(orderId, MallOrderInfo::getId, mallOrderInfoMapper::selectOne, "订单不存在"); |
|---|
