- add callback sign check.

2018-06-19 18:41:58 +08:00
parent 143a929c8c
commit 27919a36fc
11 changed files with 324 additions and 95 deletions
--- a/platform/jdapi/callback.go
+++ b/platform/jdapi/callback.go
@@ -1,12 +1,12 @@
 package jdapi

 import (
-	"encoding/json"
 	"fmt"
 	"net/http"
 	"net/url"

 	"git.rosy.net.cn/baseapi/platform/common"
+	"git.rosy.net.cn/baseapi/utils"
 )

 type JDCallbackResponse struct {
@@ -43,7 +43,7 @@ var (
 )

 func (j *JDAPI) unmarshalData(strData string, msg interface{}) (callbackResponse *JDCallbackResponse) {
-	err := json.Unmarshal([]byte(strData), msg)
+	err := utils.UnmarshalUseNumber([]byte(strData), msg)
 	if err != nil {
 		return &JDCallbackResponse{
 			Code: JDerrorCodeAbnormalParam,
@@ -54,7 +54,32 @@ func (j *JDAPI) unmarshalData(strData string, msg interface{}) (callbackResponse
 	return nil
 }

+func (j *JDAPI) CheckRequestValidation(request *http.Request) (callbackResponse *JDCallbackResponse) {
+	mapData := make(map[string]string)
+	mapData["token"] = request.FormValue("token")
+	mapData["app_key"] = request.FormValue("app_key")
+	mapData["timestamp"] = request.FormValue("timestamp")
+	mapData["format"] = request.FormValue("format")
+	mapData["app_secret"] = j.appSecret
+	mapData["v"] = request.FormValue("token")
+	mapData[JD_PARAM_JSON] = request.FormValue(JD_PARAM_JSON)
+
+	sign := j.signParams(mapData)
+	if sign != request.FormValue(signKey) {
+		return &JDCallbackResponse{
+			Code: JDerrorCodeInvalidSign,
+			Msg:  "signature is invalid",
+			Data: string(utils.MustMarshal(mapData)),
+		}
+	}
+	return nil
+}
+
 func (j *JDAPI) GetOrderMsg(request *http.Request) (msg *JDOrderMsg, callbackResponse *JDCallbackResponse) {
+	if callbackResponse = j.CheckRequestValidation(request); callbackResponse != nil {
+		return nil, callbackResponse
+	}
+
 	msg = new(JDOrderMsg)
 	jdParamJSON := request.FormValue(JD_PARAM_JSON)
 	callbackResponse = j.unmarshalData(jdParamJSON, msg)
@@ -65,8 +90,11 @@ func (j *JDAPI) GetOrderMsg(request *http.Request) (msg *JDOrderMsg, callbackRes
 }

 func (j *JDAPI) GetOrderDeliveryMsg(request *http.Request) (msg *JDDeliveryStatusMsg, callbackResponse *JDCallbackResponse) {
-	msg = new(JDDeliveryStatusMsg)
+	if callbackResponse = j.CheckRequestValidation(request); callbackResponse != nil {
+		return nil, callbackResponse
+	}

+	msg = new(JDDeliveryStatusMsg)
 	jdParamJSON := request.FormValue(JD_PARAM_JSON)
 	jdParamJSON2, err := url.QueryUnescape(jdParamJSON)
 	if err != nil {
--- a/platform/jdapi/jdapi.go
+++ b/platform/jdapi/jdapi.go
@@ -3,7 +3,6 @@ package jdapi
 import (
 	"crypto/md5"
 	"encoding/json"
-	"errors"
 	"fmt"
 	"net/http"
 	"net/url"
@@ -51,6 +50,7 @@ const (

 const (
 	jdAPIURL        = "https://openo2o.jd.com/djapi/%s"
+	signKey         = "sign"
 	AllPage         = 0
 	DefaultPageSize = 50
 )
@@ -64,7 +64,7 @@ type JDAPI struct {
 }

 var (
-	ErrInnerCodeIsNotOk = errors.New("JD result inner code is not ok")
+	ErrStrInnerCodeIsNotOk = "JD result inner code is not ok"

 	exceedLimitCodes = map[string]int{
 		JDErrorCodeExceedLimit: 1,
@@ -97,10 +97,10 @@ var (

 type PageResultParser func(map[string]interface{}, int) ([]interface{}, int)

-func signParams(jdParams map[string]string) string {
+func (j *JDAPI) signParams(jdParams map[string]string) string {
 	var keys []string
 	for k := range jdParams {
-		if k != "app_secret" {
+		if k != "app_secret" && k != signKey {
 			keys = append(keys, k)
 		}
 	}
@@ -154,8 +154,8 @@ func (j *JDAPI) AccessJDQuery(apiStr string, jdParams map[string]string) (retVal
 	}
 	params["jd_param_json"] = string(jdParamStr)
 	params["timestamp"] = utils.GetCurTimeStr()
-	sign := signParams(params)
-	params["sign"] = sign
+	sign := j.signParams(params)
+	params[signKey] = sign

 	url, _ := url.Parse(genGetURL(jdAPIURL, apiStr, params))

@@ -171,16 +171,16 @@ func (j *JDAPI) AccessJDQuery(apiStr string, jdParams map[string]string) (retVal
 		SugarLogger: j.sugarLogger,
 	}

-	err = common.AccessPlatformAPIWithRetry(apiAccess, func(response *http.Response) (errLevel int, err error) {
+	err = common.AccessPlatformAPIWithRetry(apiAccess, func(response *http.Response) (errLevel string, err error) {
 		jsonResult1, err := utils.HttpResponse2Json(response)

 		if err != nil {
 			j.sugarLogger.Warnf("HttpResponse2Json return:%v", err)
-			return 0, err
+			return common.PAErrorLevelGeneralFail, err
 		}

 		code := jsonResult1["code"].(string)
-		if code == "0" {
+		if code == JDErrorCodeSuccess {
 			retVal = jsonResult1
 			return common.PAErrorLevelSuccess, nil
 		}
@@ -190,7 +190,7 @@ func (j *JDAPI) AccessJDQuery(apiStr string, jdParams map[string]string) (retVal
 		} else if _, ok := canRetryCodes[code]; ok {
 			return common.PAErrorLevelRecoverable, nil
 		} else {
-			return common.PAErrorLevelFailed, nil
+			return code, nil
 		}

 	})
@@ -227,7 +227,7 @@ func (j *JDAPI) AccessJDQueryNoPage(apiStr string, jdParams map[string]string, k
 		}
 		panic("Can not find inner data")
 	} else {
-		return jsonResult, ErrInnerCodeIsNotOk
+		return jsonResult, utils.NewErrorCode(ErrStrInnerCodeIsNotOk, innerCode)
 	}
 }

@@ -323,7 +323,7 @@ func (j *JDAPI) AccessJDQueryHavePage(apiStr string, jdParams map[string]string,

 		innerCode := forceInnerCode2Str(data["code"])
 		if innerCode != "0" && innerCode != "200" {
-			return nil, ErrInnerCodeIsNotOk
+			return nil, utils.NewErrorCode(ErrStrInnerCodeIsNotOk, innerCode)
 		}

 		inResult, totalCount2 := pageResultParser(data, totalCount)