blame | history | patch | commit | commitdiff | ignore whitespace
KKSU
2025-02-08 d08a04ee79db9370f6d3c9a7e4ad41911d2d9390 
 src/main/java/cc/mrbird/febs/pay/controller/FiuuReturnController.java


@@ -9,15 +9,16 @@


import cn.hutool.core.date.DateUtil;


import io.swagger.annotations.Api;


import lombok.extern.slf4j.Slf4j;


import org.apache.commons.codec.digest.DigestUtils;


import org.springframework.stereotype.Controller;


import org.springframework.ui.Model;


import org.springframework.web.bind.annotation.PostMapping;


import org.springframework.web.bind.annotation.RequestMapping;


import org.springframework.web.bind.annotation.RequestParam;




import javax.annotation.Resource;


import java.util.Map;


import javax.servlet.http.HttpServletResponse;


import java.io.IOException;


import java.security.MessageDigest;


import java.security.NoSuchAlgorithmException;




@Slf4j


@Controller


@@ -25,47 +26,76 @@


@RequestMapping(value = "/api/fuPayReturn")


public class FiuuReturnController {






    private static final String SECRET_KEY = "59c709fc18978a6a83b87f05d37cecbf";


    @Resource


    private MallOrderInfoMapper mallOrderInfoMapper;




    // Java 通知接口 暂时停止使用


    @PostMapping("/callback")


    public String handlePaymentCallback(@RequestParam Map<String, String> params, Model model) {


        String secretKey = "59c709fc18978a6a83b87f05d37cecbf";


        String tranID = params.get("tranID");


        String orderId = params.get("orderid");


        String status = params.get("status");


        String domain = params.get("domain");


        String amount = params.get("amount");


        String currency = params.get("currency");


        String paydate = params.get("paydate");


        String skey = params.get("skey");


    public void handlePaymentCallback(


            @RequestParam("amount") String amount,


            @RequestParam("orderid") String orderId,


            @RequestParam("tranID") String tranId,


            @RequestParam("status") String status,


            @RequestParam("domain") String domain,


            @RequestParam("currency") String currency,


            @RequestParam("paydate") String payDate,


            @RequestParam("approcode") String appCode,


            @RequestParam("skey") String receivedSkey,


            HttpServletResponse response) throws IOException{




        // 计算 skey 验证


        String preSkey = DigestUtils.md5Hex(tranID + orderId + status + domain + amount + currency);


        String calculatedSkey = DigestUtils.md5Hex(paydate + domain + preSkey + secretKey);


        String calculatedSkey = calculateSkey(tranId, orderId, status, domain, amount, currency, payDate, appCode);


        MallOrderInfo mallOrderInfo = ValidateEntityUtils


                .ensureColumnReturnEntity(orderId, MallOrderInfo::getId, mallOrderInfoMapper::selectOne, "订单不存在");


        log.info("callback status: {}", status);


        log.info("callback skey: {}", preSkey);


        log.info("callback skey: {}", receivedSkey);


        log.info("callback calculatedSkey: {}", calculatedSkey);


        log.info("callback payResult: {}", mallOrderInfo.getPayResult());


        if("1".equals(mallOrderInfo.getPayResult())){


            return "success";


            response.sendRedirect("/pages/order/pay/paySuccess?amount="+amount+"&type=3");


            return;


        }




        if (!calculatedSkey.equals(skey)) {


        if (!calculatedSkey.equalsIgnoreCase(receivedSkey)) {


            // 记录安全警告日志


            throw new FebsException("订单回调失败,---"+orderId);


        }


        if ("00".equals(status)) {


            updateOrderStatus(orderId, status, amount, paydate, tranID);


            return "success";


        }else{


            return "fail";


            updateOrderStatus(orderId, status, amount, payDate, tranId);


            response.sendRedirect("/pages/order/pay/paySuccess?amount="+amount+"&type=3");


            return;


        }


    }




    private String calculateSkey(String tranId, String orderId, String status,


                                 String domain, String amount, String currency,


                                 String payDate, String appCode) {


        try {


            // 第一步哈希计算


            String preSkey = tranId + orderId + status + domain + amount + currency;


            String preSkeyHash = md5(preSkey);




            // 第二步哈希计算


            String finalInput = payDate + domain + preSkeyHash + appCode + SECRET_KEY;


            return md5(finalInput);


        } catch (NoSuchAlgorithmException e) {


            throw new RuntimeException("MD5算法不可用", e);


        }


    }




    private String md5(String input) throws NoSuchAlgorithmException {


        MessageDigest md = MessageDigest.getInstance("MD5");


        byte[] hashBytes = md.digest(input.getBytes());




        StringBuilder hexString = new StringBuilder();


        for (byte b : hashBytes) {


            String hex = Integer.toHexString(0xff & b);


            if (hex.length() == 1) hexString.append('0');


            hexString.append(hex);


        }


        return hexString.toString();


    }




    private void updateOrderStatus(String orderId, String status, String amount, String paydate, String tranID) {


        // 实现订单状态更新逻辑(如更新数据库)


        MallOrderInfo mallOrderInfo = ValidateEntityUtils.ensureColumnReturnEntity(orderId, MallOrderInfo::getId, mallOrderInfoMapper::selectOne, "订单不存在");