fix some bugs (#277)

* fix payRequset xml marshal: root element should be xml * support HMAC-SHA256 for unifiedorder api * support HMAC-SHA256 for PaidVerifySign * fix SignType is nil * fix code style * constantize SignType * add comments * fix code style
2026-02-08 14:42:26 +08:00 · 2020-06-14 23:23:58 +08:00
parent fe31f04640
commit c14c020a3c
6 changed files with 97 additions and 95 deletions
--- a/pay/notify/paid.go
+++ b/pay/notify/paid.go
@@ -85,8 +85,15 @@ func (notify *Notify) PaidVerifySign(notifyRes PaidResult) bool {
 	// STEP3, 在键值对的最后加上key=API_KEY
 	signStrings = signStrings + "key=" + notify.Key

-	// STEP4, 进行MD5签名并且将所有字符转为大写.
-	sign := util.MD5Sum(signStrings)
+	// STEP4, 根据SignType计算出签名
+	var signType string
+	if notifyRes.SignType != nil {
+		signType = *notifyRes.SignType
+	}
+	sign, err := util.CalculateSign(signStrings, signType, notify.Key)
+	if err != nil {
+		return false
+	}
 	if sign != *notifyRes.Sign {
 		return false
 	}
--- a/pay/order/pay.go
+++ b/pay/order/pay.go
@@ -1,13 +1,8 @@
 package order

 import (
-	"crypto/hmac"
-	"crypto/md5"
-	"crypto/sha256"
-	"encoding/hex"
 	"encoding/xml"
 	"errors"
-	"hash"
 	"strconv"
 	"strings"
 	"time"
@@ -96,13 +91,14 @@ type payRequest struct {
 	LimitPay       string `xml:"limit_pay,omitempty"`   //
 	OpenID         string `xml:"openid,omitempty"`      // 用户标识
 	SceneInfo      string `xml:"scene_info,omitempty"`  // 场景信息
+
+	XMLName struct{} `xml:"xml"`
 }

 // BridgeConfig get js bridge config
 func (o *Order) BridgeConfig(p *Params) (cfg Config, err error) {
 	var (
 		buffer    strings.Builder
-		h         hash.Hash
 		timestamp = strconv.FormatInt(time.Now().Unix(), 10)
 	)
 	order, err := o.PrePayOrder(p)
@@ -121,14 +117,13 @@ func (o *Order) BridgeConfig(p *Params) (cfg Config, err error) {
 	buffer.WriteString(timestamp)
 	buffer.WriteString("&key=")
 	buffer.WriteString(o.Key)
-	if p.SignType == "MD5" {
-		h = md5.New()
-	} else {
-		h = hmac.New(sha256.New, []byte(o.Key))
+
+	sign, err := util.CalculateSign(buffer.String(), p.SignType, o.Key)
+	if err != nil {
+		return
 	}
-	h.Write([]byte(buffer.String()))
 	// 签名
-	cfg.PaySign = strings.ToUpper(hex.EncodeToString(h.Sum(nil)))
+	cfg.PaySign = sign
 	cfg.NonceStr = order.NonceStr
 	cfg.Timestamp = timestamp
 	cfg.PrePayID = order.PrePayID
@@ -143,13 +138,13 @@ func (o *Order) PrePayOrder(p *Params) (payOrder PreOrder, err error) {
 	notifyURL := o.NotifyURL
 	// 签名类型
 	if p.SignType == "" {
-		p.SignType = "MD5"
+		p.SignType = util.SignTypeMD5
 	}
 	// 通知地址
 	if p.NotifyURL != "" {
 		notifyURL = p.NotifyURL
 	}
-	param := make(map[string]interface{})
+	param := make(map[string]string)
 	param["appid"] = o.AppID
 	param["body"] = p.Body
 	param["mch_id"] = o.MchID
@@ -165,9 +160,10 @@ func (o *Order) PrePayOrder(p *Params) (payOrder PreOrder, err error) {
 	param["goods_tag"] = p.GoodsTag
 	param["notify_url"] = notifyURL

-	bizKey := "&key=" + o.Key
-	str := util.OrderParam(param, bizKey)
-	sign := util.MD5Sum(str)
+	sign, err := util.ParamSign(param, o.Key)
+	if err != nil {
+		return
+	}
 	request := payRequest{
 		AppID:          o.AppID,
 		MchID:          o.MchID,
@@ -202,7 +198,7 @@ func (o *Order) PrePayOrder(p *Params) (payOrder PreOrder, err error) {
 		err = errors.New(payOrder.ErrCode + payOrder.ErrCodeDes)
 		return
 	}
-	err = errors.New("[msg : xmlUnmarshalError] [rawReturn : " + string(rawRet) + "] [params : " + str + "] [sign : " + sign + "]")
+	err = errors.New("[msg : xmlUnmarshalError] [rawReturn : " + string(rawRet) + "] [sign : " + sign + "]")
 	return
 }

--- a/pay/refund/refund.go
+++ b/pay/refund/refund.go
@@ -73,7 +73,7 @@ type Response struct {
 //Refund 退款申请
 func (refund *Refund) Refund(p *Params) (rsp Response, err error) {
 	nonceStr := util.RandomStr(32)
-	param := make(map[string]interface{})
+	param := make(map[string]string)
 	param["appid"] = refund.AppID
 	param["mch_id"] = refund.MchID
 	param["nonce_str"] = nonceStr
@@ -81,18 +81,20 @@ func (refund *Refund) Refund(p *Params) (rsp Response, err error) {
 	param["refund_desc"] = p.RefundDesc
 	param["refund_fee"] = p.RefundFee
 	param["total_fee"] = p.TotalFee
-	param["sign_type"] = "MD5"
+	param["sign_type"] = util.SignTypeMD5
 	param["transaction_id"] = p.TransactionID

-	bizKey := "&key=" + refund.Key
-	str := util.OrderParam(param, bizKey)
-	sign := util.MD5Sum(str)
+	sign, err := util.ParamSign(param, refund.Key)
+	if err != nil {
+		return
+	}
+
 	request := request{
 		AppID:         refund.AppID,
 		MchID:         refund.MchID,
 		NonceStr:      nonceStr,
 		Sign:          sign,
-		SignType:      "MD5",
+		SignType:      util.SignTypeMD5,
 		TransactionID: p.TransactionID,
 		OutRefundNo:   p.OutRefundNo,
 		TotalFee:      p.TotalFee,
@@ -115,7 +117,6 @@ func (refund *Refund) Refund(p *Params) (rsp Response, err error) {
 		err = fmt.Errorf("refund error, errcode=%s,errmsg=%s", rsp.ErrCode, rsp.ErrCodeDes)
 		return
 	}
-	err = fmt.Errorf("[msg : xmlUnmarshalError] [rawReturn : %s] [params : %s] [sign : %s]",
-		string(rawRet), str, sign)
+	err = fmt.Errorf("[msg : xmlUnmarshalError] [rawReturn : %s] [sign : %s]", string(rawRet), sign)
 	return
 }