package cc.mrbird.febs.pay.controller; import cc.mrbird.febs.common.enumerates.OrderDeliveryStateEnum; import cc.mrbird.febs.common.enumerates.OrderStatusEnum; import cc.mrbird.febs.common.exception.FebsException; import cc.mrbird.febs.common.utils.ValidateEntityUtils; import cc.mrbird.febs.mall.entity.MallOrderInfo; import cc.mrbird.febs.mall.mapper.MallOrderInfoMapper; import cn.hutool.core.date.DateUtil; import io.swagger.annotations.Api; import lombok.extern.slf4j.Slf4j; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestParam; import javax.annotation.Resource; import java.io.IOException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @Slf4j @Controller //@RestController @Api(value = "FiuuReturnController", tags = "FIUU支付-ReturnURL") @RequestMapping(value = "/api/fuPayReturn") public class FiuuReturnController { @PostMapping("/payment/callback") public String handlePaymentCallback( @RequestParam("amount") String amount, @RequestParam("orderid") String orderId, @RequestParam("tranID") String tranId, @RequestParam("status") String status, @RequestParam("domain") String domain, @RequestParam("currency") String currency, @RequestParam("paydate") String payDate, @RequestParam("approcode") String appCode, @RequestParam("skey") String skey, Model model) { // // 验证skey以确保数据完整性 // if (!validateSkey(tranId, orderId, status, domain, amount, currency, payDate, skey)) { // return "error"; // 如果验证失败,跳转到错误页面 // } // 将支付结果信息传递给支付成功页面 model.addAttribute("amount", amount); model.addAttribute("orderId", orderId); model.addAttribute("tranId", tranId); model.addAttribute("status", status); model.addAttribute("currency", currency); model.addAttribute("payDate", payDate); // 跳转到支付成功页面 return "payment-success"; } private boolean validateSkey(String tranId, String orderId, String status, String domain, String amount, String currency, String payDate, String skey) { // 这里实现skey的验证逻辑 // 根据支付网关提供的skey生成规则,生成skey并与传入的skey进行比较 // 如果一致,返回true,否则返回false return true; // 这里假设验证通过 } private static final String SECRET_KEY = "59c709fc18978a6a83b87f05d37cecbf"; @Resource private MallOrderInfoMapper mallOrderInfoMapper; // Java 通知接口 暂时停止使用 @PostMapping("/callback") public void handlePaymentCallback( @RequestParam("amount") String amount, @RequestParam("orderid") String orderId, @RequestParam("tranID") String tranId, @RequestParam("status") String status, @RequestParam("domain") String domain, @RequestParam("currency") String currency, @RequestParam("paydate") String payDate, @RequestParam("approcode") String appCode, @RequestParam("skey") String receivedSkey) throws IOException{ // 计算 skey 验证 String calculatedSkey = calculateSkey(tranId, orderId, status, domain, amount, currency, payDate, appCode); MallOrderInfo mallOrderInfo = ValidateEntityUtils .ensureColumnReturnEntity(orderId, MallOrderInfo::getId, mallOrderInfoMapper::selectOne, "订单不存在"); log.info("callback status: {}", status); log.info("callback skey: {}", receivedSkey); log.info("callback calculatedSkey: {}", calculatedSkey); log.info("callback payResult: {}", mallOrderInfo.getPayResult()); if("1".equals(mallOrderInfo.getPayResult())){ return; } if (!calculatedSkey.equalsIgnoreCase(receivedSkey)) { // 记录安全警告日志 throw new FebsException("订单回调失败,---"+orderId); } if ("00".equals(status)) { updateOrderStatus(orderId, status, amount, payDate, tranId); return; } } private String calculateSkey(String tranId, String orderId, String status, String domain, String amount, String currency, String payDate, String appCode) { try { // 第一步哈希计算 String preSkey = tranId + orderId + status + domain + amount + currency; String preSkeyHash = md5(preSkey); // 第二步哈希计算 String finalInput = payDate + domain + preSkeyHash + appCode + SECRET_KEY; return md5(finalInput); } catch (NoSuchAlgorithmException e) { throw new RuntimeException("MD5算法不可用", e); } } private String md5(String input) throws NoSuchAlgorithmException { MessageDigest md = MessageDigest.getInstance("MD5"); byte[] hashBytes = md.digest(input.getBytes()); StringBuilder hexString = new StringBuilder(); for (byte b : hashBytes) { String hex = Integer.toHexString(0xff & b); if (hex.length() == 1) hexString.append('0'); hexString.append(hex); } return hexString.toString(); } private void updateOrderStatus(String orderId, String status, String amount, String paydate, String tranID) { // 实现订单状态更新逻辑(如更新数据库) MallOrderInfo mallOrderInfo = ValidateEntityUtils.ensureColumnReturnEntity(orderId, MallOrderInfo::getId, mallOrderInfoMapper::selectOne, "订单不存在"); ValidateEntityUtils.ensureNotEqual(mallOrderInfo.getPayResult(), "1", "订单已支付"); ValidateEntityUtils.ensureEqual(mallOrderInfo.getAmount().toString(), amount, "订单金额异常"); // 更新订单状态 mallOrderInfo.setPayMethod("FIUU支付"); mallOrderInfo.setStatus(OrderStatusEnum.WAIT_SHIPPING.getValue()); mallOrderInfo.setPayResult("1"); mallOrderInfo.setPayTime(DateUtil.parseDateTime(paydate)); mallOrderInfo.setDeliveryState(OrderDeliveryStateEnum.DELIVERY_WAIT.getValue()); mallOrderInfo.setPayOrderNo(tranID); mallOrderInfoMapper.updateById(mallOrderInfo); } }