- don't present app secret when access ebai api

platformapi/ebaiapi/callback.go

@@ -55,7 +55,6 @@ func (a *API) Err2CallbackResponse(cmd string, err error, data interface{}) *Cal
 		"ticket":    []string{response.Ticket},
 		"source":    []string{response.Source},
 		"body":      []string{string(utils.MustMarshal(response.Body))},
-		secretKey:   []string{a.secret},
 		"encrypt":   []string{""},
 	}
 	response.Sign = a.signParams(params)
@@ -75,7 +74,6 @@ func (a *API) CheckCallbackValidation(request *http.Request) (callbackResponse *
 	for k, v := range request.PostForm {
 		params[k] = v
 	}
-	params[secretKey] = []string{a.secret}
 	sign := a.signParams(params)
 	if sign != request.FormValue(signKey) {
 		msg := fmt.Sprintf("Signature is not ok, mine:%v, get:%v", sign, request.FormValue(signKey))

platformapi/ebaiapi/ebaiapi.go

@@ -75,6 +75,7 @@ func (a *API) signParams(params url.Values) string {
 			keyValues = append(keyValues, k+"="+v[0])
 		}
 	}
+	keyValues = append(keyValues, secretKey+"="+a.secret)
 
 	sort.Strings(keyValues)
 	finalStr := strings.Join(keyValues, "&")
@@ -96,7 +97,6 @@ func (a *API) AccessAPI(cmd string, body map[string]interface{}) (retVal *Respon
 		"ticket":    []string{utils.GetUpperUUID()},
 		"source":    []string{a.source},
 		"body":      []string{string(utils.MustMarshal(body))},
-		secretKey:   []string{a.secret},
 		"encrypt":   []string{a.encrypt},
 	}
 	params[signKey] = []string{a.signParams(params)}