search

fym201 / alipay-node-sdk

支付宝新版App支付nodejs版sdk.
MIT License
209 stars 64 forks source link

可以反回JSON的吗? #4

Closed kuyoonjo closed 7 years ago

kuyoonjo commented 7 years ago

app_id=2017051707267063&biz_content=%7B%22body%22%3A%22%E7%B1%B3%E5%85%9C%E8%B4%A6%E6%88%B7%E5%85%85%E5%80%BC20%E5%85%83%22%2C%22subject%22%3A%22%E7%B1%B3%E5%85%9C%E8%B4%A6%E6%88%B7%E5%85%85%E5%80%BC%22%2C%22out_trade_no%22%3A%22592647955ad2b1452073ef7f%22%2C%22timeout_express%22%3A%2210m%22%2C%22total_amount%22%3A20%2C%22product_code%22%3A%22QUICK_MSECURITY_PAY%22%2C%22goods_type%22%3A%22balance%22%7D&charset=utf-8&format=JSON&method=alipay.trade.app.pay&notify_url=https%3A%2F%2Fwxu.midoull.com%2Fapi%2Fwebhooks%2Falipay&sign_type=RSA2&timestamp=2017-05-25%2010%3A56%3A24&version=1.0&sign=RG2rgWeDtMEX89W0gYCkRlpQItggqpzF8aBVofE62CQtq%2BCgT9ly%2BD4AG5b27DaWrdDDG6VFuqBhQ9wzb4BS%2BJUrKdrRJLLz1ohmAQrHGKij%2FzBO6hdFdsp9UnqlJUiNyYXEjmz2ANvA8K%2FnfDaraS0ZpRIaOu%2FcYKbLWprho4b2Jhdh4oqrZdzcdc2B1b%2BRCebwSHU7ahUxxQciB44C5XGeLK7aBq%2ByD5Is2Ha63%2F2RPavTLApjpFE22G%2Fwp7SIBnIO7cLFoTCbnR4RgsgS2Kax7K7lMwFpU0EhXUSndYof4zUK5JfMpuK8IPgdTyJGHzSzApODiOQY3saapsdeQg%3D%3D

以上是我得到的,但希望是JSON格式的。

fym201 commented 7 years ago

这是支付宝需要的格式,在客户端可以直接使用,客户端应该没有使用里面具参数的需求,如果确实需要的话可以在客户端解析一下,解析url编码的功能各个平台都有相应方法支持,也比较方便

kuyoonjo commented 7 years ago 
{"app_id":"2017051707267063","biz_content":"{\"body\":\"米兜账户充值20元\",\"subject\":\"米兜账户充值\",\"out_trade_no\":\"59265129b71dac5f9a693790\",\"timeout_express\":\"10m\",\"total_amount\":20,\"product_code\":\"QUICK_MSECURITY_PAY\",\"goods_type\":\"balance\"}","charset":"utf-8","format":"JSON","method":"alipay.trade.app.pay","notify_url":"https://wxu.midoull.com/api/webhooks/alipay","sign_type":"RSA2","timestamp":"2017-05-25 11:36:21","version":"1.0","sign":"N4dcCOTLjYAA7lYmbvZNetjppqgcE9GhY+1sNgm2SC4EsNFzWNerEbWrI0qdeGnhq1JIpxFqp8KCn7pIa64uNifu5lx1DSpWgr/B0OesY12PkwC9hSxlNmNDUPYfXY30Tvx7Dk7FrwbThlpC1JqXSaj2ZlaO4VGN/zgALUz3BLFvEp/WBQauzrNIAOtJaAOeTVaYnDxcX9p5L0DdgxJc8CccfJiSFRfl48flG9a7aLGD/xsXIkMlpeB6PVTagoHwiL5LOYqryeFgg9Om7MhR/XAVPWngkdLWMTqiLiBLtJ9wnloNaT8S7ZsKxyX0BCVN0/tVXbJ3ykJzrLFjPEdIGw=="}

这是正确的JSON吗?以下是处理代码

  async alipay(ctx: Utils.BetterContext): Promise<any> {
    try {
      let entity = await this.model.findById(ctx.params.id).exec();
      Utils.validateEntity(entity);
      let body = Alipay.pay({
        subject: '米兜账户充值',
        body: `米兜账户充值${entity.balance / 100}元`,
        outTradeId: entity._id,
        timeout: '10m',
        amount: entity.balance / 100,
        goodsType: 'balance'
      })
      let json = {};
      for(let pair of body.split('&')) {
        let [k, v] = pair.split('=').map(x => decodeURIComponent(x));
        json[k] = v;
      }
      ctx.status = 200;
      ctx.body = json;
    } catch (e) {
      Utils.handleError(ctx, e);
    }
  }
fym201 commented 7 years ago

是的,如果客户端需要读取biz_content的内容,最好在客户端单独解析,因为解析成对象后biz_content中的字段顺序很可能会发生变化,这会导致在客户端重新进行参数组装后与签名不一致

kuyoonjo commented 7 years ago

^^ 明白了,谢谢。顺便问下有对noticefy_url返回的处理吗? 就是支付成功后Alipay给我们服务器POST的处理。好像也要验证签名的吧?

fym201 commented 7 years ago

可以将支付宝发过来的body解析后使用signVerify方法进行验签,验证通过后再比较交易信息是否和用户下单信息一致

kuyoonjo commented 7 years ago 
let ali = new Alipay({
  // ...
})
if(ali. signVerify(params)) {
  // ...
}

是这样子吗?

fym201 commented 7 years ago

对,一般来说只要你支付宝公钥没有泄露的话,对通知消息验签就可以保证信息安全了,当然如果安全要求比较高的话可以再使用query方法查询一次订单信息,使用支付宝返回的数据作为订单依据

kuyoonjo commented 7 years ago

^^,明白了,谢谢。 signVerify方法建议写入README。

fym201 commented 7 years ago

好的,稍后加上