blame | history | patch | commit | commitdiff | show whitespace
KKSU
2025-02-10 566124b07d1ced752942a48f5c422906a6428696 
 src/main/java/cc/mrbird/febs/pay/controller/FiuuReturnController.java


@@ -17,6 +17,8 @@


import org.springframework.web.bind.annotation.RequestParam;




import javax.annotation.Resource;


import java.math.BigDecimal;


import java.math.RoundingMode;




@Slf4j


@Controller


@@ -37,17 +39,37 @@


            @RequestParam("status") String status,


            @RequestParam("domain") String domain,


            @RequestParam("currency") String currency,


            @RequestParam("appcode") String appcode,


            @RequestParam("paydate") String payDate,


            @RequestParam("skey") String receivedSkey,


            Model model) {




        // 验证skey以确保数据完整性


        String preSkey = DigestUtils.md5Hex(tranId + orderId + status + domain + amount + currency);


        String calculatedSkey = DigestUtils.md5Hex(payDate + domain + preSkey + SECRET_KEY);


        // 1. 格式化amount为两位小数(确保与Fiuu传递的格式一致)


        BigDecimal amountDecimal;


        try {


            amountDecimal = new BigDecimal(amount).setScale(2, RoundingMode.HALF_UP);


        } catch (NumberFormatException e) {


            throw new FebsException("金额格式错误: " + amount);


        }


        String formattedAmount = amountDecimal.toPlainString(); // 例如 "100.00"




        log.info("callback status: {}", status);


        log.info("callback skey: {}", receivedSkey);


        // 2. 生成preSkey(严格按照参数顺序拼接)


        log.info("callback Parameters for preSkey: tranId={}, orderId={}, status={}, domain={}, amount={}, currency={}", tranId, orderId, status, domain, amount, currency);


        // 第一步哈希:pre_skey = md5(txnID + orderID + status + domain + amount + currency)


        String preSkeyInput = tranId + orderId + status + domain + formattedAmount + currency;


        String preSkey = DigestUtils.md5Hex(preSkeyInput);


        log.info("callback preSkey生成参数: {}", preSkeyInput);


        log.info("callback preSkey计算结果: {}", preSkey);


        log.info("callback Parameters for calculatedSkey: payDate={}, domain={}, preSkey={}, appcode={}, SECRET_KEY={}", payDate, domain, preSkey, appcode, SECRET_KEY);


        // 第二步哈希:skey = md5(paydate + domain + pre_skey + appcode + secret_key)


        String skeyInput = payDate + domain + preSkey + appcode + SECRET_KEY;


        String calculatedSkey = DigestUtils.md5Hex(skeyInput);




        log.info("callback skey生成参数: {}", skeyInput);


        log.info("callback callback status: {}", status);


        log.info("callback receivedSkey: {}", receivedSkey);


        log.info("callback calculatedSkey: {}", calculatedSkey);




        if (!calculatedSkey.equalsIgnoreCase(receivedSkey)) {


            // 记录安全警告日志


            throw new FebsException("订单回调失败,---"+orderId);