From b116b2b304a6aff67a41e9fdcb89967afef194f8 Mon Sep 17 00:00:00 2001
From: KKSU <15274802129@163.com>
Date: Sat, 08 Feb 2025 16:31:32 +0800
Subject: [PATCH] refactor(pay): 重构 FiuuReturnController 中的 skey 计算逻辑
---
src/main/java/cc/mrbird/febs/pay/controller/FiuuReturnController.java | 101 +++++++++-----------------------------------------
1 files changed, 18 insertions(+), 83 deletions(-)
diff --git a/src/main/java/cc/mrbird/febs/pay/controller/FiuuReturnController.java b/src/main/java/cc/mrbird/febs/pay/controller/FiuuReturnController.java
index f9abf88..19ba8b9 100644
--- a/src/main/java/cc/mrbird/febs/pay/controller/FiuuReturnController.java
+++ b/src/main/java/cc/mrbird/febs/pay/controller/FiuuReturnController.java
@@ -9,6 +9,7 @@
import cn.hutool.core.date.DateUtil;
import io.swagger.annotations.Api;
import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.codec.digest.DigestUtils;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.PostMapping;
@@ -16,9 +17,6 @@
import org.springframework.web.bind.annotation.RequestParam;
import javax.annotation.Resource;
-import java.io.IOException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
@Slf4j
@Controller
@@ -26,6 +24,10 @@
@Api(value = "FiuuReturnController", tags = "FIUU支付-ReturnURL")
@RequestMapping(value = "/api/fuPayReturn")
public class FiuuReturnController {
+
+ private static final String SECRET_KEY = "59c709fc18978a6a83b87f05d37cecbf";
+ @Resource
+ private MallOrderInfoMapper mallOrderInfoMapper;
@PostMapping("/payment/callback")
public String handlePaymentCallback(
@@ -36,13 +38,20 @@
@RequestParam("domain") String domain,
@RequestParam("currency") String currency,
@RequestParam("paydate") String payDate,
- @RequestParam("skey") String skey,
+ @RequestParam("skey") String receivedSkey,
Model model) {
-// // 验证skey以确保数据完整性
-// if (!validateSkey(tranId, orderId, status, domain, amount, currency, payDate, skey)) {
-// return "error"; // 如果验证失败,跳转到错误页面
-// }
+ // 验证skey以确保数据完整性
+ String preSkey = DigestUtils.md5Hex(tranId + orderId + status + domain + amount + currency);
+ String calculatedSkey = DigestUtils.md5Hex(payDate + domain + preSkey + SECRET_KEY);
+
+ log.info("callback status: {}", status);
+ log.info("callback skey: {}", receivedSkey);
+ log.info("callback calculatedSkey: {}", calculatedSkey);
+ if (!calculatedSkey.equalsIgnoreCase(receivedSkey)) {
+ // 记录安全警告日志
+ throw new FebsException("订单回调失败,---"+orderId);
+ }
// 将支付结果信息传递给支付成功页面
model.addAttribute("amount", amount);
@@ -51,84 +60,10 @@
model.addAttribute("status", status);
model.addAttribute("currency", currency);
model.addAttribute("payDate", payDate);
+ updateOrderStatus(orderId, status, amount, payDate, tranId);
// 跳转到支付成功页面
return "payment-success";
- }
-
- private boolean validateSkey(String tranId, String orderId, String status, String domain,
- String amount, String currency, String payDate, String skey) {
- // 这里实现skey的验证逻辑
- // 根据支付网关提供的skey生成规则,生成skey并与传入的skey进行比较
- // 如果一致,返回true,否则返回false
- return true; // 这里假设验证通过
- }
-
- private static final String SECRET_KEY = "59c709fc18978a6a83b87f05d37cecbf";
- @Resource
- private MallOrderInfoMapper mallOrderInfoMapper;
-
- // Java 通知接口 暂时停止使用
- @PostMapping("/callback")
- public void handlePaymentCallback(
- @RequestParam("amount") String amount,
- @RequestParam("orderid") String orderId,
- @RequestParam("tranID") String tranId,
- @RequestParam("status") String status,
- @RequestParam("domain") String domain,
- @RequestParam("currency") String currency,
- @RequestParam("paydate") String payDate,
- @RequestParam("approcode") String appCode,
- @RequestParam("skey") String receivedSkey) throws IOException{
-
- // 计算 skey 验证
- String calculatedSkey = calculateSkey(tranId, orderId, status, domain, amount, currency, payDate, appCode);
- MallOrderInfo mallOrderInfo = ValidateEntityUtils
- .ensureColumnReturnEntity(orderId, MallOrderInfo::getId, mallOrderInfoMapper::selectOne, "订单不存在");
- log.info("callback status: {}", status);
- log.info("callback skey: {}", receivedSkey);
- log.info("callback calculatedSkey: {}", calculatedSkey);
- log.info("callback payResult: {}", mallOrderInfo.getPayResult());
- if("1".equals(mallOrderInfo.getPayResult())){
- return;
- }
- if (!calculatedSkey.equalsIgnoreCase(receivedSkey)) {
- // 记录安全警告日志
- throw new FebsException("订单回调失败,---"+orderId);
- }
- if ("00".equals(status)) {
- updateOrderStatus(orderId, status, amount, payDate, tranId);
- return;
- }
- }
-
- private String calculateSkey(String tranId, String orderId, String status,
- String domain, String amount, String currency,
- String payDate, String appCode) {
- try {
- // 第一步哈希计算
- String preSkey = tranId + orderId + status + domain + amount + currency;
- String preSkeyHash = md5(preSkey);
-
- // 第二步哈希计算
- String finalInput = payDate + domain + preSkeyHash + appCode + SECRET_KEY;
- return md5(finalInput);
- } catch (NoSuchAlgorithmException e) {
- throw new RuntimeException("MD5算法不可用", e);
- }
- }
-
- private String md5(String input) throws NoSuchAlgorithmException {
- MessageDigest md = MessageDigest.getInstance("MD5");
- byte[] hashBytes = md.digest(input.getBytes());
-
- StringBuilder hexString = new StringBuilder();
- for (byte b : hashBytes) {
- String hex = Integer.toHexString(0xff & b);
- if (hex.length() == 1) hexString.append('0');
- hexString.append(hex);
- }
- return hexString.toString();
}
private void updateOrderStatus(String orderId, String status, String amount, String paydate, String tranID) {
--
Gitblit v1.9.1