- add callback sign check.

platform/elmapi/callback.go

@@ -1,10 +1,11 @@
 package elmapi
 
 import (
-	"encoding/json"
 	"fmt"
 
 	"git.rosy.net.cn/baseapi/platform/common"
+	"git.rosy.net.cn/baseapi/utils"
+	"github.com/fatih/structs"
 )
 
 const (
@@ -36,7 +37,7 @@ var (
 )
 
 func (e *ELMAPI) unmarshalData(data []byte, msg interface{}) (callbackResponse *ELMCallbackResponse) {
-	err := json.Unmarshal(data, msg)
+	err := utils.UnmarshalUseNumber(data, msg)
 	if err != nil {
 		return &ELMCallbackResponse{
 			Message: fmt.Sprintf(common.CBErrMsgUnmarshal, data, err),
@@ -45,11 +46,22 @@ func (e *ELMAPI) unmarshalData(data []byte, msg interface{}) (callbackResponse *
 	return nil
 }
 
+func (e *ELMAPI) CheckRequestValidation(mapData map[string]interface{}) (callbackResponse *ELMCallbackResponse) {
+	sign := e.signParamsMap(mapData, "")
+	if sign != mapData[signKey].(string) {
+		return &ELMCallbackResponse{Message: "signature is invalid"}
+	}
+	return nil
+}
+
 func (e *ELMAPI) GetMsgFromData(data []byte) (msg *ELMCallbackMsg, callbackResponse *ELMCallbackResponse) {
 	msg = new(ELMCallbackMsg)
 	callbackResponse = e.unmarshalData(data, msg)
 	if callbackResponse != nil {
 		return nil, callbackResponse
 	}
-	return msg, nil
+
+	mapData := structs.Map(msg)
+	callbackResponse = e.CheckRequestValidation(mapData)
+	return msg, callbackResponse
 }

platform/elmapi/elmapi.go

@@ -25,6 +25,7 @@ const (
 const (
 	ELM_API_URL_SANDBOX = "https://open-api-sandbox.shop.ele.me/api/v1/"
 	ELM_API_URL_PROD    = "https://open-api.shop.ele.me/api/v1/"
+	signKey             = "signature"
 )
 
 type ELMResult struct {
@@ -69,25 +70,26 @@ func NewELMAPI(token, appKey, secret string, sugarLogger *zap.SugaredLogger, isP
 	return api
 }
 
-func (e *ELMAPI) signParams(action string, payload *ELMPayload) string {
+func (e *ELMAPI) signParamsMap(mapData map[string]interface{}, prefix string) string {
 	keyValues := make([]string, 0)
-	allData := []map[string]interface{}{
-		payload.Metas,
-		payload.Params,
-	}
-	for _, data := range allData {
-		for k, v := range data {
+	for k, v := range mapData {
+		if k != signKey {
 			vBytes := utils.MustMarshal(v)
 			keyValues = append(keyValues, k+"="+string(vBytes))
 		}
 	}
 
 	sort.Strings(keyValues)
-	finalStr := action + e.token + strings.Join(keyValues, "") + e.secret
+	finalStr := prefix + strings.Join(keyValues, "") + e.secret
 	// e.sugarLogger.Debugf("sign str:%v", finalStr)
 	return fmt.Sprintf("%X", md5.Sum([]byte(finalStr)))
 }
 
+func (e *ELMAPI) signParams(action string, payload *ELMPayload) string {
+	mapData := utils.MergeMaps(payload.Metas, payload.Params)
+	return e.signParamsMap(mapData, action+e.token)
+}
+
 func (e *ELMAPI) AccessELM(action string, params map[string]interface{}) (retVal *ELMResult, err error) {
 	if params == nil {
 		params = make(map[string]interface{}, 0)
@@ -128,11 +130,11 @@ func (e *ELMAPI) AccessELM(action string, params map[string]interface{}) (retVal
 		SugarLogger: e.sugarLogger,
 	}
 
-	err = common.AccessPlatformAPIWithRetry(apiAccess, func(response *http.Response) (result int, err error) {
+	err = common.AccessPlatformAPIWithRetry(apiAccess, func(response *http.Response) (result string, err error) {
 		jsonResult1, err := utils.HttpResponse2Json(response)
 		if err != nil {
 			e.sugarLogger.Warnf("HttpResponse2Json return:%v", err)
-			return 0, err
+			return common.PAErrorLevelGeneralFail, err
 		}
 		resultError, _ := jsonResult1["error"].(map[string]interface{})
 		retVal = &ELMResult{
@@ -151,7 +153,7 @@ func (e *ELMAPI) AccessELM(action string, params map[string]interface{}) (retVal
 		} else if errCode == "SERVER_ERROR" || errCode == "BIZ_SYSTEM_ERROR" || errCode == "BIZ_1006" || errCode == "BUSINESS_ERROR" {
 			return common.PAErrorLevelRecoverable, nil
 		} else {
-			return common.PAErrorLevelFailed, nil
+			return errCode, nil
 		}
 	})