支付宝 OpenAPI SDK
Yet Another Alipay OpenAPI Smart Development Kit
主要功能
- OOP风格化的,可弹性扩容的,支付宝OpenAPI SDK
- 低依赖,目前仅依赖
Axios - 使用Node原生代码实现支付宝OpenAPI的AES(
aes-128-cbc)加/解密功能 - 使用Node原生代码实现支付宝OpenAPI的RSA(
sha1WithRSAEncryption)及RSA2(sha256WithRSAEncryption)签名、验签功能 - 异步通知消息验签
- 命令行网关交互工具
SDK约定
- 使用
method({请求参数}[, {公共请求参数}[, {特殊头参数}]])作为HTTP接口驱动,释义如下:- 接口定义中
公共请求参数的method,即作为本SDK标准方法链,弹性扩容,示例使用方法如下,详细审查见文末 - 接口定义中的
请求参数,以Object对象作为第一个入参 - 接口定义中的
公共请求参数,以Object对象作为第二个入参 - 特别的,对于图片/视频上传,需要定义
multipart/form-data头信息,以Object对象作为第三个入参,见如下示例 - 特别的,对于页面表单提交型,即所谓的page类接口,第三参数须定义为
Formatter.page,返回结果可直接作为页面/接口输出,说明用法见如下示例
- 接口定义中
- 请求数据签名以及返回数据验签均自动完成,开发者仅需关注业务代码即可;特别地,对于验签结果有依赖的情况,可以从返回值的头部获取:
headers[x-alipay-verified]为验签结果,值可能为ok,undefinedheaders[x-alipay-signature]为源返回数据签名值,值可能为undefinedheaders[x-alipay-responder]为源返回值字段名转译,值可能为undefined,error或者实际请求的method值
使用手册
whatsCli 命令行工具
以命令行的形式,与OpenAPI网关交互,play the OpenAPI requests over command line.
$ ./node_modules/.bin/whatsCli -h (click to toggle display)
``` Usage: cli.js [options] Options: -k, --privateKey The privateKey pem file path [required] -p, --publicCert The publicCert pem file path [required] -m, --method The method, eg: alipay.trade.query [required] -s, --search The search parameters, eg: search.app_id=2088 [required] -b, --biz The biz_content, eg: biz.out_trade_no=abcd1234 [required] -d, --log Turn on the request trace log [boolean] -u, --baseURL The OpenAPI gateway, eg: https://openapi.alipaydev.com/gateway.do -h, --help Show help [boolean] -V, --version Show version number [boolean] Examples: cli.js -k merchant.key -p alipay.pub -m alipay.trade.pay The Face2Face barCode scenario -s.app_id=2088 -b.subject=HelloKitty -b.out_trade_no=Kitty0001 -b.scene=bar_code -b.total_amount=0.01 -b.auth_code= cli.js -k merchant.key -p alipay.pub -m alipay.trade.refund The trade refund scenario -s.app_id=2088 -b.refund_amount=0.01 -b.refund_currency=CNY -b.out_trade_no=Kitty0001 cli.js -d -u https://openapi.alipaydev.com/gateway.do -k The trade query scenario over the sandbox environment merchant.key -p alipay.pub -m alipay.trade.query with trace logging -s.app_id=2088 -b.out_trade_no=Kitty0001 ```certHelper 命令行工具
$ ./node_modules/.bin/certHelper -h (click to toggle display)
``` Usage: cert.js [command] [options] Commands: cert.js SN Get the certificatie(s) `SN` [default] cert.js extract Extract the chained certificate(s) Options: -f, --file The certificate(s) file path [required] -p, --pattern The algo prefix or suffix, dot(.) for all -h, --help Show help [boolean] -V, --version Show version number [boolean] Examples: cert.js SN -f alipayRootCert.crt get the `sha256`(default) certificate `SN` cert.js SN -f alipayRootCert.crt -p ec get the signatureAlgorithm whose contains `ec` words certificate `SN` cert.js SN -f alipayRootCert.crt -p . get all chained certificate(s) `SN` cert.js extract -f alipayRootCert.crt extract the `sha256`(default) certificate cert.js extract -f alipayRootCert.crt -p sha1 extract the `sha1` certificate cert.js extract -f alipayRootCert.crt -p . extract all chained certificate(s) cert.js extract -f alipayRootCert.crt -p sha1 | openssl x509 piped openssl x509 command -noout -text cert.js extract -f alipayRootCert.crt -p sha1 > tmp.pem save to a file ```此命令行工具,主要是用来计算并获取 公钥证书模式 所需的 应用公钥证书SN(app_cert_sn)及 支付宝公钥证书SN(alipay_root_cert_sn)。
./bin/cert.js SN -f /path/your/app_cert.crt
./bin/cert.js SN -f /path/your/alipay_root_cert.crt -p RSAEncryption
而SN 命令是 Helpers.SN 的语法糖,可从如下API文档查看更详细用法
初始化
const { Alipay, Rsa } = require('whats-alipay');
//应用app_id
const app_id = '2014072300007148';
//商户RSA私钥,入参是'从官方工具获取到的BASE64字符串'
const privateKey = Rsa.fromPkcs1('MIIEpAIBAAKCAQEApdXuft3as2x...');
// 以上是下列代码的语法糖,格式为 'private.pkcs1://' + '从官方工具获取到的字符串'
// const privateKey = Rsa.from('private.pkcs1://MIIEpAIBAAKCAQEApdXuft3as2x...');
// Node10仅支持以下方式,须保证`private_key.pem`为完整X509格式
// const privateKey = require('fs').readFileSync('/your/openapi/private_key.pem');
//支付宝RSA公钥,入参是'从官方工具获取到的BASE64字符串'
const publicKey = Rsa.fromSpki('MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCg...');
// 以上是下列代码的语法糖,格式为 'public.spki://' + '从官方工具获取到的字符串'
// const publicKey = Rsa.from('public.spki://MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCg...');
// Node10仅支持以下方式,须保证`public_key.pem`为完整X509格式
// const publicKey = require('fs').readFileSync('/the/alipay/public_key.pem');
const whats = new Alipay({ privateKey, publicKey, params: { app_id, } });统一收单线下交易查询
whats
.alipay.trade.query({out_trade_no})
.then(({headers,data}) => ({headers,data}))
.catch(({response: {data}}) => data)
.then(console.log)$ console.log sample result (click to toggle display)
```javascript { headers: { server: 'Tengine/2.1.0', date: 'Fri, 25 Sep 2020 03:27:32 GMT', 'content-type': 'text/html;charset=utf-8', 'content-length': '829', connection: 'close', 'set-cookie': [ 'JSESSIONID=6FF6F65BB1EC785992117C95EA7C27BB; Path=/; HttpOnly', 'spanner=ubOmkyHGnYLtouOsffShT4n70pJgSji6Xt2T4qEYgj0=;path=/;secure;' ], via: 'spanner-internet-5396.sa127[200]', 'x-alipay-responder': 'alipay.trade.query', 'x-alipay-signature': 'gALtsKSWEWRG4wSx8==', 'x-alipay-verified': 'ok' }, data: { code: '10000', msg: 'Success', buyer_logon_id: '134******38', buyer_pay_amount: '183.00', buyer_user_id: '2088101117955611', fund_bill_list: [ { amount: '183.00', fund_channel: 'ALIPAYACCOUNT' } ], invoice_amount: '183.00', out_trade_no: '6823789339978248', point_amount: '0.00', receipt_amount: '183.00', send_pay_date: '2020-09-19 17:00:28', total_amount: '183.00', trade_no: '2013112011001004330000121536', trade_status: 'TRADE_SUCCESS' } } ```统一收单交易支付接口
whats
.alipay.trade.pay({
out_trade_no,
scene,
auth_code,
product_code,
subject,
total_amount,
})
.then(({data}) => data)
.catch(({response: {data}}) => data)
.then(console.log)统一收单线下交易预创建
whats
.alipay.trade.precreate({
out_trade_no,
subject,
total_amount,
})
.then(({data}) => data)
.catch(({response: {data}}) => data)
.then(console.log)手机网站支付接口2.0
whats
.alipay.trade.wap.pay({
out_trade_no,
subject,
total_amount,
product_code,
quit_url,
}, {}, Formatter.page)
.then(res => res)
.then(console.log)- 注: 特别地
res结构做了优化,直接支持literal(独立服务模式:${res}) 或者JSON.stringify(二次接口模式:JSON.stringify(res))
统一收单下单并支付页面接口
whats
.alipay.trade.page.pay({
out_trade_no,
subject,
total_amount,
product_code,
}, {return_url}, Formatter.page)
.then(res => res)
.then(console.log)- 注: 特别地
res结构做了优化,直接支持literal(独立服务模式:${res}) 或者JSON.stringify(二次接口模式:JSON.stringify(res))
订单咨询服务
whats
.alipay.trade.advance.consult({/*文档上的参数就好*/})
.then(({data}) => data)
.catch(({response: {data}}) => data)
.then(console.log)口碑营销活动列表查询
whats
.koubei.marketing.campaign.activity.batchquery(/*文档上的参数就好*/})
.then(({data}) => data)
.catch(({response: {data}}) => data)
.then(console.log)支付API > 图片上传
const { Multipart } = require('whats-alipay');
const form = new Multipart();
form.append(
'image_content',
require('fs').readFileSync('/path/for/uploading.jpg'),
'uploading.jpg'
);
whats
.ant.merchant.expand.indirect.image.upload(
form.getBuffer(),
{image_type: 'jpg'},
{...form.getHeaders()}
)
.then(({data}) => data)
.catch(({response: {data}}) => data)
.then(console.log)店铺API > 上传门店照片和视频接口
const { Multipart } = require('whats-alipay');
const form = new Multipart();
form.append(
'image_content',
require('fs').readFileSync('/path/for/uploading.jpg'),
'uploading.jpg'
);
whats
.alipay.offline.material.image.upload(
form.getBuffer(),
{image_type: 'jpg', image_name: 'uploading.jpg'},
{...form.getHeaders()}
)
.then(({data}) => data)
.catch(({response: {data}}) => data)
.then(console.log)芝麻信用API > 授权查询
whats
.zhima.auth.info.authquery(/*文档上的参数就好*/})
.then(({data}) => data)
.catch(({response: {data}}) => data)
.then(console.log)车主服务API > 车辆驶入接口
whats
.alipay.eco.mycar.parking.enterinfo.sync(/*文档上的参数就好*/})
.then(({data}) => data)
.catch(({response: {data}}) => data)
.then(console.log)资金API > 单笔转账接口
whats
.alipay.fund.trans.uni.transfer(/*文档上的参数就好*/})
.then(({data}) => data)
.catch(({response: {data}}) => data)
.then(console.log)何以弹性扩容
whats 上绑定多少 method,即扩容至多少,以上示例打印如下:
$ console.info sample result (click to toggle display)
```javascript console.info(whats) [Function (anonymous)] { ant: [Function: ant] { merchant: [Function: ant.merchant] { expand: [Function: ant.merchant.expand] { indirect: [Function: ant.merchant.expand.indirect] { image: [Function: ant.merchant.expand.indirect.image] { upload: [Function: ant.merchant.expand.indirect.image.upload] } } } } }, alipay: [Function: alipay] { trade: [Function: alipay.trade] { query: [Function: alipay.trade.query], precreate: [Function: alipay.trade.precreate], advance: [Function: alipay.trade.advance] { consult: [Function: alipay.trade.advance.consult] }, page: [Function: alipay.trade.page] { pay: [Function: alipay.trade.page.pay] }, wap: [Function: alipay.trade.wap] { pay: [Function: alipay.trade.wap.pay] } }, fund: [Function: alipay.fund] { trans: [Function: alipay.fund.trans] { uni: [Function: alipay.fund.trans.uni] { transfer: [Function: alipay.fund.trans.uni.transfer] } } }, eco: [Function: alipay.eco] { mycar: [Function: alipay.eco.mycar] { parking: [Function: alipay.eco.mycar.parking] { enterinfo: [Function: alipay.eco.mycar.parking.enterinfo] { sync: [Function: alipay.eco.mycar.parking.enterinfo.sync] } } } }, offline: [Function: alipay.offline] { material: [Function: alipay.offline.material] { image: [Function: alipay.offline.material.image] { upload: [Function: alipay.offline.material.image.upload] } } } }, zhima: [Function: zhima] { auth: [Function: zhima.auth] { info: [Function: zhima.auth.info] { authquery: [Function: zhima.auth.info.authquery] } } }, koubei: [Function: koubei] { marketing: [Function: koubei.marketing] { campaign: [Function: koubei.marketing.campaign] { activity: [Function: koubei.marketing.campaign.activity] { batchquery: [Function: koubei.marketing.campaign.activity.batchquery] } } } } } ```异步通知消息验签
通知消息验签,依赖相关 webserver 提供的 POST 数据解析能力,以下函数在 http.createServer 上做过验证,仅供参考。
function notificationValidator(things, publicCert, withoutSignType = true) {
const {groups: {sign}} = (typeof things === 'string' ? things : '').match(/\bsign=(?<sign>[^&]+)/) || {groups: {}}
const source = [...new URLSearchParams(things)].reduce((des, [key, value]) => (des[key] = value, des), {})
const signType = source['sign_type']
const signature = (source.sign || '').replace(/ /g, '+').replace(/_/g, '/')
// The signature with `sign_type` is only for the notifications whose come from `alipay.open.public.*` APIs.
if (withoutSignType) {
delete source['sign_type']
}
return Rsa.verify(Formatter.queryStringLike(Formatter.ksort(source)), sign || signature, publicCert, signType)
}单元测试
npm install && npm test
To disable nock and request with the real gateway, just NOCK_OFF=true npm test
链接
- 变更历史
许可证