From 37e34bbbb9f1838481c41a7848a2185a30f5617e Mon Sep 17 00:00:00 2001
From: KKSU <15274802129@163.com>
Date: Sat, 08 Feb 2025 16:48:23 +0800
Subject: [PATCH] refactor(pay): 重构 FiuuReturnController 中的 skey 计算逻辑
---
src/main/java/cc/mrbird/febs/pay/controller/FiuuReturnController.java | 72 ++++++++++-------------------------
1 files changed, 21 insertions(+), 51 deletions(-)
diff --git a/src/main/java/cc/mrbird/febs/pay/controller/FiuuReturnController.java b/src/main/java/cc/mrbird/febs/pay/controller/FiuuReturnController.java
index 0dca5b3..19ba8b9 100644
--- a/src/main/java/cc/mrbird/febs/pay/controller/FiuuReturnController.java
+++ b/src/main/java/cc/mrbird/febs/pay/controller/FiuuReturnController.java
@@ -9,20 +9,19 @@
import cn.hutool.core.date.DateUtil;
import io.swagger.annotations.Api;
import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.codec.digest.DigestUtils;
import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import javax.annotation.Resource;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
@Slf4j
@Controller
-@Api(value = "FIUUController", tags = "FIUU支付")
+//@RestController
+@Api(value = "FiuuReturnController", tags = "FIUU支付-ReturnURL")
@RequestMapping(value = "/api/fuPayReturn")
public class FiuuReturnController {
@@ -30,9 +29,8 @@
@Resource
private MallOrderInfoMapper mallOrderInfoMapper;
- // Java 通知接口 暂时停止使用
- @PostMapping("/callback")
- public void handlePaymentCallback(
+ @PostMapping("/payment/callback")
+ public String handlePaymentCallback(
@RequestParam("amount") String amount,
@RequestParam("orderid") String orderId,
@RequestParam("tranID") String tranId,
@@ -40,60 +38,32 @@
@RequestParam("domain") String domain,
@RequestParam("currency") String currency,
@RequestParam("paydate") String payDate,
- @RequestParam("approcode") String appCode,
@RequestParam("skey") String receivedSkey,
- HttpServletResponse response) throws IOException{
+ Model model) {
- // 计算 skey 验证
- String calculatedSkey = calculateSkey(tranId, orderId, status, domain, amount, currency, payDate, appCode);
- MallOrderInfo mallOrderInfo = ValidateEntityUtils
- .ensureColumnReturnEntity(orderId, MallOrderInfo::getId, mallOrderInfoMapper::selectOne, "订单不存在");
+ // 验证skey以确保数据完整性
+ String preSkey = DigestUtils.md5Hex(tranId + orderId + status + domain + amount + currency);
+ String calculatedSkey = DigestUtils.md5Hex(payDate + domain + preSkey + SECRET_KEY);
+
log.info("callback status: {}", status);
log.info("callback skey: {}", receivedSkey);
log.info("callback calculatedSkey: {}", calculatedSkey);
- log.info("callback payResult: {}", mallOrderInfo.getPayResult());
- if("1".equals(mallOrderInfo.getPayResult())){
- response.sendRedirect("/pages/order/pay/paySuccess?amount="+amount+"&type=3");
- return;
- }
if (!calculatedSkey.equalsIgnoreCase(receivedSkey)) {
// 记录安全警告日志
throw new FebsException("订单回调失败,---"+orderId);
}
- if ("00".equals(status)) {
- updateOrderStatus(orderId, status, amount, payDate, tranId);
- response.sendRedirect("/pages/order/pay/paySuccess?amount="+amount+"&type=3");
- return;
- }
- }
- private String calculateSkey(String tranId, String orderId, String status,
- String domain, String amount, String currency,
- String payDate, String appCode) {
- try {
- // 第一步哈希计算
- String preSkey = tranId + orderId + status + domain + amount + currency;
- String preSkeyHash = md5(preSkey);
+ // 将支付结果信息传递给支付成功页面
+ model.addAttribute("amount", amount);
+ model.addAttribute("orderId", orderId);
+ model.addAttribute("tranId", tranId);
+ model.addAttribute("status", status);
+ model.addAttribute("currency", currency);
+ model.addAttribute("payDate", payDate);
+ updateOrderStatus(orderId, status, amount, payDate, tranId);
- // 第二步哈希计算
- String finalInput = payDate + domain + preSkeyHash + appCode + SECRET_KEY;
- return md5(finalInput);
- } catch (NoSuchAlgorithmException e) {
- throw new RuntimeException("MD5算法不可用", e);
- }
- }
-
- private String md5(String input) throws NoSuchAlgorithmException {
- MessageDigest md = MessageDigest.getInstance("MD5");
- byte[] hashBytes = md.digest(input.getBytes());
-
- StringBuilder hexString = new StringBuilder();
- for (byte b : hashBytes) {
- String hex = Integer.toHexString(0xff & b);
- if (hex.length() == 1) hexString.append('0');
- hexString.append(hex);
- }
- return hexString.toString();
+ // 跳转到支付成功页面
+ return "payment-success";
}
private void updateOrderStatus(String orderId, String status, String amount, String paydate, String tranID) {
--
Gitblit v1.9.1