From b78c50e72efe98860d78f4b6a81366eecbaefad6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9D=8E=E5=AD=90=E9=93=AD?= <zi__mm@163.com>
Date: Mon, 19 Aug 2024 17:49:13 +0800
Subject: [PATCH] =?UTF-8?q?=E6=8F=92=E4=BB=B6-=E5=BE=AE=E4=BF=A1=E7=AB=8B?=
 =?UTF-8?q?=E5=87=8F=E9=87=91,=E5=9B=9E=E8=B0=83=E9=AA=8C=E7=AD=BE?=
 =?UTF-8?q?=EF=BC=8C=E5=9B=9E=E8=B0=83=E6=98=AF=E7=9B=B4=E8=BF=9E=E5=A4=A9?=
 =?UTF-8?q?=E4=B8=8B=E9=82=A3=E8=BE=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 plugins/weixin_cpn/internal/transform.go      |  4 +-
 plugins/weixin_cpn/internal/util.go           | 10 ++++-
 plugins/weixin_cpn/internal/weixin_cpn.go     |  9 ++++-
 .../weixin_cpn/internal/weixin_cpn_test.go    | 30 ++++++++++++++-
 utils/weixin/instance.go                      | 38 +++++++++++--------
 5 files changed, 70 insertions(+), 21 deletions(-)

diff --git a/plugins/weixin_cpn/internal/transform.go b/plugins/weixin_cpn/internal/transform.go
index 9c0750d..f9dfadd 100644
--- a/plugins/weixin_cpn/internal/transform.go
+++ b/plugins/weixin_cpn/internal/transform.go
@@ -11,8 +11,8 @@ import (
 	"plugins/weixin_cpn/internal/vo"
 )
 
-func transConfig(config []byte) (*weixin.Config, error) {
-	var c weixin.Config
+func transConfig(config []byte) (*weixin.Server, error) {
+	var c weixin.Server
 	err := json.Unmarshal(config, &c)
 	if err != nil {
 		return nil, err
diff --git a/plugins/weixin_cpn/internal/util.go b/plugins/weixin_cpn/internal/util.go
index be3d584..0ca4257 100644
--- a/plugins/weixin_cpn/internal/util.go
+++ b/plugins/weixin_cpn/internal/util.go
@@ -6,7 +6,7 @@ import (
 	"plugins/utils/weixin"
 )
 
-func getApiSrv(ctx context.Context, c *weixin.Config) (*cashcoupons.CouponApiService, error) {
+func getApiSrv(ctx context.Context, c *weixin.Server) (*cashcoupons.CouponApiService, error) {
 	client, err := weixin.New(ctx, c)
 	if err != nil {
 		return nil, err
@@ -14,3 +14,11 @@ func getApiSrv(ctx context.Context, c *weixin.Config) (*cashcoupons.CouponApiSer
 	svc := cashcoupons.CouponApiService{Client: client}
 	return &svc, nil
 }
+
+func verify(ctx context.Context, c *weixin.Server) error {
+	err := c.Verify(ctx, "", "")
+	if err != nil {
+		return err
+	}
+	return nil
+}
diff --git a/plugins/weixin_cpn/internal/weixin_cpn.go b/plugins/weixin_cpn/internal/weixin_cpn.go
index ad28ebf..c0aab09 100644
--- a/plugins/weixin_cpn/internal/weixin_cpn.go
+++ b/plugins/weixin_cpn/internal/weixin_cpn.go
@@ -59,6 +59,13 @@ func (p *WeiXinCpnService) Query(ctx context.Context, request *proto.QueryReques
 	return queryResp(request, resp), nil
 }
 
-func (p *WeiXinCpnService) Notify(_ context.Context, request *proto.NotifyRequest) (*proto.NotifyResponse, error) {
+func (p *WeiXinCpnService) Notify(ctx context.Context, request *proto.NotifyRequest) (*proto.NotifyResponse, error) {
+	config, err := transConfig(request.Config)
+	if err != nil {
+		return nil, err
+	}
+	if err = verify(ctx, config); err != nil {
+		return nil, err
+	}
 	return notifyResp(), nil
 }
diff --git a/plugins/weixin_cpn/internal/weixin_cpn_test.go b/plugins/weixin_cpn/internal/weixin_cpn_test.go
index 93ae531..781c540 100644
--- a/plugins/weixin_cpn/internal/weixin_cpn_test.go
+++ b/plugins/weixin_cpn/internal/weixin_cpn_test.go
@@ -13,7 +13,7 @@ import (
 var server = &WeiXinCpnService{}
 
 func config() []byte {
-	c := &weixin.Config{
+	c := &weixin.Server{
 		MchID:                      "1605446142",
 		MchCertificateSerialNumber: "4D081089DEB385316CBDCB55C070287E4920AC76",
 		MchAPIv3Key:                "ChengDuLanSeXiongDi1234567890123",
@@ -74,7 +74,33 @@ func TestNotify(t *testing.T) {
 		Config:  config(),
 		Queries: []byte(``),
 		Headers: []byte(``),
-		Body:    []byte(``),
+		Body: []byte(`{
+  "id": "240fd59e-13a3-5e8b-84a8-6608d535f606",
+  "create_time": "2024-08-19T17:29:15+08:00",
+  "resource_type": "encrypt-resource",
+  "event_type": "COUPON.USE",
+  "summary": "代金券核销通知",
+  "original_type": "coupon",
+  "associated_data": "coupon",
+  "plain_text": {
+    "stock_creator_mchid": "1652465541",
+    "stock_id": "19345605",
+    "coupon_id": "71916331907",
+    "coupon_name": "三湘银行200元立减",
+    "description": "",
+    "status": "USED",
+    "create_time": "2024-08-19T17:28:11+08:00",
+    "coupon_type": "NORMAL",
+    "no_cash": false,
+    "singleitem": false,
+    "consume_information": {
+      "consume_time": "2024-08-19T17:29:15+08:00",
+      "consume_mchid": "1319713401",
+      "transaction_id": "4200002399202408192628783906"
+    }
+  }
+}
+`),
 	}
 	t.Run("TestNotify", func(t *testing.T) {
 		got, err := server.Notify(context.Background(), in)
diff --git a/utils/weixin/instance.go b/utils/weixin/instance.go
index 6527ff5..fc8335c 100644
--- a/utils/weixin/instance.go
+++ b/utils/weixin/instance.go
@@ -4,12 +4,14 @@ import (
 	"context"
 	"fmt"
 	"github.com/wechatpay-apiv3/wechatpay-go/core"
+	"github.com/wechatpay-apiv3/wechatpay-go/core/auth"
+	"github.com/wechatpay-apiv3/wechatpay-go/core/auth/verifiers"
 	"github.com/wechatpay-apiv3/wechatpay-go/core/option"
 	"github.com/wechatpay-apiv3/wechatpay-go/utils"
 	"sync"
 )
 
-type Config struct {
+type Server struct {
 	MchID                      string `json:"mch_id"`
 	MchCertificateSerialNumber string `json:"mch_certificate_serial_number"`
 	MchAPIv3Key                string `json:"mch_ap_iv_3_key"`
@@ -31,7 +33,22 @@ func init() {
 	}
 }
 
-func New(ctx context.Context, c *Config) (*core.Client, error) {
+func client(ctx context.Context, c *Server) (*core.Client, error) {
+	mchPrivateKey, err := utils.LoadPrivateKey(c.PrivateKey)
+	if err != nil {
+		return nil, fmt.Errorf("MchID[%s] load merchant private key error:%v", c.MchID, err)
+	}
+	opts := []core.ClientOption{
+		option.WithWechatPayAutoAuthCipher(c.MchID, c.MchCertificateSerialNumber, mchPrivateKey, c.MchAPIv3Key),
+	}
+	cl, err := core.NewClient(ctx, opts...)
+	if err != nil {
+		return nil, fmt.Errorf("MchID[%s]  new wechat pay client err:%v", c.MchID, err)
+	}
+	return cl, nil
+}
+
+func New(ctx context.Context, c *Server) (*core.Client, error) {
 	instance.mutex.Lock()
 	defer instance.mutex.Unlock()
 	if instance.clients[c.MchID] != nil {
@@ -47,17 +64,8 @@ func New(ctx context.Context, c *Config) (*core.Client, error) {
 	return instance.clients[c.MchID], nil
 }
 
-func client(ctx context.Context, c *Config) (*core.Client, error) {
-	mchPrivateKey, err := utils.LoadPrivateKey(c.PrivateKey)
-	if err != nil {
-		return nil, fmt.Errorf("MchID[%s] load merchant private key error:%v", c.MchID, err)
-	}
-	opts := []core.ClientOption{
-		option.WithWechatPayAutoAuthCipher(c.MchID, c.MchCertificateSerialNumber, mchPrivateKey, c.MchAPIv3Key),
-	}
-	cl, err := core.NewClient(ctx, opts...)
-	if err != nil {
-		return nil, fmt.Errorf("MchID[%s]  new wechat pay client err:%v", c.MchID, err)
-	}
-	return cl, nil
+func (s *Server) Verify(ctx context.Context, message, signature string) error {
+	var verifier auth.Verifier
+	verifier = verifiers.NewSHA256WithRSAVerifier(nil)
+	return verifier.Verify(ctx, s.MchCertificateSerialNumber, message, signature)
 }