From 37e34bbbb9f1838481c41a7848a2185a30f5617e Mon Sep 17 00:00:00 2001
From: KKSU <15274802129@163.com>
Date: Sat, 08 Feb 2025 16:48:23 +0800
Subject: [PATCH] refactor(pay): 重构 FiuuReturnController 中的 skey 计算逻辑
---
src/main/java/cc/mrbird/febs/pay/controller/FiuuReturnController.java | 66 ++++++++++++++++----------------
1 files changed, 33 insertions(+), 33 deletions(-)
diff --git a/src/main/java/cc/mrbird/febs/pay/controller/FiuuReturnController.java b/src/main/java/cc/mrbird/febs/pay/controller/FiuuReturnController.java
index 1f79e7b..19ba8b9 100644
--- a/src/main/java/cc/mrbird/febs/pay/controller/FiuuReturnController.java
+++ b/src/main/java/cc/mrbird/febs/pay/controller/FiuuReturnController.java
@@ -17,53 +17,53 @@
import org.springframework.web.bind.annotation.RequestParam;
import javax.annotation.Resource;
-import java.util.Map;
@Slf4j
@Controller
-@Api(value = "FIUUController", tags = "FIUU支付")
+//@RestController
+@Api(value = "FiuuReturnController", tags = "FIUU支付-ReturnURL")
@RequestMapping(value = "/api/fuPayReturn")
public class FiuuReturnController {
-
+ private static final String SECRET_KEY = "59c709fc18978a6a83b87f05d37cecbf";
@Resource
private MallOrderInfoMapper mallOrderInfoMapper;
- // Java 通知接口 暂时停止使用
- @PostMapping("/callback")
- public String handlePaymentCallback(@RequestParam Map<String, String> params, Model model) {
- String secretKey = "59c709fc18978a6a83b87f05d37cecbf";
- String tranID = params.get("tranID");
- String orderId = params.get("orderid");
- String status = params.get("status");
- String domain = params.get("domain");
- String amount = params.get("amount");
- String currency = params.get("currency");
- String paydate = params.get("paydate");
- String skey = params.get("skey");
+ @PostMapping("/payment/callback")
+ public String handlePaymentCallback(
+ @RequestParam("amount") String amount,
+ @RequestParam("orderid") String orderId,
+ @RequestParam("tranID") String tranId,
+ @RequestParam("status") String status,
+ @RequestParam("domain") String domain,
+ @RequestParam("currency") String currency,
+ @RequestParam("paydate") String payDate,
+ @RequestParam("skey") String receivedSkey,
+ Model model) {
- // 计算 skey 验证
- String preSkey = DigestUtils.md5Hex(tranID + orderId + status + domain + amount + currency);
- String calculatedSkey = DigestUtils.md5Hex(paydate + domain + preSkey + secretKey);
- MallOrderInfo mallOrderInfo = ValidateEntityUtils
- .ensureColumnReturnEntity(orderId, MallOrderInfo::getId, mallOrderInfoMapper::selectOne, "订单不存在");
+ // 验证skey以确保数据完整性
+ String preSkey = DigestUtils.md5Hex(tranId + orderId + status + domain + amount + currency);
+ String calculatedSkey = DigestUtils.md5Hex(payDate + domain + preSkey + SECRET_KEY);
+
log.info("callback status: {}", status);
- log.info("callback skey: {}", preSkey);
+ log.info("callback skey: {}", receivedSkey);
log.info("callback calculatedSkey: {}", calculatedSkey);
- log.info("callback payResult: {}", mallOrderInfo.getPayResult());
- if("1".equals(mallOrderInfo.getPayResult())){
- return "success";
- }
-
- if (!calculatedSkey.equals(skey)) {
+ if (!calculatedSkey.equalsIgnoreCase(receivedSkey)) {
+ // 记录安全警告日志
throw new FebsException("订单回调失败,---"+orderId);
}
- if ("00".equals(status)) {
- updateOrderStatus(orderId, status, amount, paydate, tranID);
- return "success";
- }else{
- return "fail";
- }
+
+ // 将支付结果信息传递给支付成功页面
+ model.addAttribute("amount", amount);
+ model.addAttribute("orderId", orderId);
+ model.addAttribute("tranId", tranId);
+ model.addAttribute("status", status);
+ model.addAttribute("currency", currency);
+ model.addAttribute("payDate", payDate);
+ updateOrderStatus(orderId, status, amount, payDate, tranId);
+
+ // 跳转到支付成功页面
+ return "payment-success";
}
private void updateOrderStatus(String orderId, String status, String amount, String paydate, String tranID) {
--
Gitblit v1.9.1