From 637dc11b71676fb6d816c0827cee45b5d7496583 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=AD=90=E9=93=AD?= Date: Thu, 4 Jul 2024 17:46:49 +0800 Subject: [PATCH] =?UTF-8?q?plugin=20=E4=BA=91=E9=97=AA=E4=BB=98=EF=BC=8C?= =?UTF-8?q?=E5=9B=9E=E8=B0=83=E7=AD=BE=E5=90=8D=EF=BC=8C=E7=9B=B8=E5=85=B3?= =?UTF-8?q?=E5=A4=84=E7=90=86,=E6=8F=90=E5=8D=95=E6=9F=A5=E5=9B=BD?= =?UTF-8?q?=E5=AF=86=E5=8A=A0=E5=AF=86=E6=95=B0=E6=8D=AE=E5=A4=84=E7=90=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- plugins/union_pay/internal/union_pay.go | 4 +++- plugins/union_pay/internal/util.go | 9 +++++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/plugins/union_pay/internal/union_pay.go b/plugins/union_pay/internal/union_pay.go index f1d3311..b36648b 100644 --- a/plugins/union_pay/internal/union_pay.go +++ b/plugins/union_pay/internal/union_pay.go @@ -26,6 +26,8 @@ const ( queryBizMethod = "mkt.cpn.couponAcqQuery.v1" ) +const notifyBizMethod = "mkt.CpnStateUpdtNotify" + type UnionPayService struct{} func (p *UnionPayService) Order(ctx context.Context, request *proto.OrderRequest) (*proto.OrderResponse, error) { @@ -77,7 +79,7 @@ func (p *UnionPayService) Notify(_ context.Context, request *proto.NotifyRequest return nil, err } - if err = verify(conf, uv, request); err != nil { + if err = verify(conf, uv, notifyBizMethod); err != nil { return nil, err } diff --git a/plugins/union_pay/internal/util.go b/plugins/union_pay/internal/util.go index 7913093..2104b75 100644 --- a/plugins/union_pay/internal/util.go +++ b/plugins/union_pay/internal/util.go @@ -1,7 +1,6 @@ package internal import ( - "codeup.aliyun.com/6552e56cc3b2728a4557fc18/plugin/proto" "fmt" "net/http" "plugins/union_pay/internal/po" @@ -36,10 +35,16 @@ func headers(config *Config, req po.Req, bizMethod string) map[string][]string { return h } -func verify(config *Config, req *po.Notify, request *proto.NotifyRequest) error { +func verify(config *Config, req *po.Notify, notifyBizMethod string) error { if req.Headers.SignMethod != vo.SignMethod { return fmt.Errorf("签名方式不匹配") } + if req.Headers.AppId != config.Config.AppId { + return fmt.Errorf("appId不匹配") + } + if req.Headers.BizMethod != notifyBizMethod { + return fmt.Errorf("业务方法不匹配") + } encodedHash := utils.Sha(req.Headers.Version, config.Config.AppId, req.Headers.BizMethod, req.GetReId(), string(req.ToJson())) lowerStr := strings.ToLower(encodedHash) if utils.Verify(lowerStr, req.Headers.Sign, utils.FormatPEMPrivateKey(config.Extra.RsaNpk)) {