- callback sign.

platformapi/ebaiapi/callback.go

@@ -15,6 +15,7 @@ type CallbackResponse struct {
 	Sign      string          `json:"sign"`
 	Source    string          `json:"source"`
 	Ticket    string          `json:"ticket"`
+	Encrypt   string          `json:"encrypt"`
 	Timestamp int64           `json:"timestamp"`
 	Version   int             `json:"version"`
 	Body      *ResponseResult `json:"body"`
@@ -54,6 +55,8 @@ func (a *API) Err2CallbackResponse(cmd string, err error, data interface{}) *Cal
 		"ticket":    []string{response.Ticket},
 		"source":    []string{response.Source},
 		"body":      []string{string(utils.MustMarshal(response.Body))},
+		secretKey:   []string{a.secret},
+		"encrypt":   []string{""},
 	}
 	response.Sign = a.signParams(params)
 	return response
@@ -68,7 +71,12 @@ func (a *API) unmarshalData(cmd string, data []byte, msg interface{}) (callbackR
 }
 
 func (a *API) CheckCallbackValidation(request *http.Request) (callbackResponse *CallbackResponse) {
-	sign := a.signParams(request.PostForm)
+	params := make(url.Values)
+	for k, v := range request.PostForm {
+		params[k] = v
+	}
+	params[secretKey] = []string{a.secret}
+	sign := a.signParams(params)
 	if sign != request.FormValue(signKey) {
 		msg := fmt.Sprintf("Signature is not ok, mine:%v, get:%v", sign, request.FormValue(signKey))
 		baseapi.SugarLogger.Info(msg)

platformapi/ebaiapi/ebaiapi.go

@@ -8,6 +8,7 @@ import (
 	"sort"
 	"strings"
 
+	"git.rosy.net.cn/baseapi"
 	"git.rosy.net.cn/baseapi/platformapi"
 	"git.rosy.net.cn/baseapi/utils"
 )
@@ -15,7 +16,8 @@ import (
 const (
 	prodURL = "https://api-be.ele.me/"
 
-	signKey = "sign"
+	signKey   = "sign"
+	secretKey = "secret"
 )
 const (
 	CmdOrderCreate         = "order.create"
@@ -64,6 +66,7 @@ func (a *API) signParams(params url.Values) string {
 
 	sort.Strings(keyValues)
 	finalStr := strings.Join(keyValues, "&")
+	baseapi.SugarLogger.Debug(finalStr)
 	// baseapi.SugarLogger.Debugf("sign str:%v", finalStr)
 	return fmt.Sprintf("%X", md5.Sum([]byte(finalStr)))
 }
@@ -79,7 +82,7 @@ func (a *API) AccessAPI(cmd string, body map[string]interface{}) (retVal *Respon
 		"ticket":    []string{utils.GetUpperUUID()},
 		"source":    []string{a.source},
 		"body":      []string{string(utils.MustMarshal(body))},
-		"secret":    []string{a.secret},
+		secretKey:   []string{a.secret},
 		"encrypt":   []string{a.encrypt},
 	}
 	params[signKey] = []string{a.signParams(params)}

platformapi/ebaiapi/ebaiapi_test.go

@@ -1,6 +1,8 @@
 package ebaiapi
 
 import (
+	"net/url"
+	"strings"
 	"testing"
 
 	"git.rosy.net.cn/baseapi"
@@ -34,6 +36,19 @@ func TestTest(t *testing.T) {
 	sugarLogger.Debug(utils.GetCurTimeStr())
 }
 
+func TestSign(t *testing.T) {
+	reqBody := "cmd=order.status.push&timestamp=1538045409&version=3&ticket=A3DF9D06-F1E3-5C9A-46FF-279C9A19B5ED&source=63032&body={\"order_id\":15380342248732,\"status\":9}&sign=CE817F2599F5E45736BEE6E3B350C086&encrypt="
+	kvs := strings.Split(reqBody, "&")
+	values := make(url.Values, len(kvs))
+	for _, v := range kvs {
+		kv := strings.Split(v, "=")
+		values[kv[0]] = []string{kv[1]}
+	}
+	values["secret"] = []string{api.secret}
+	sign := api.signParams(values)
+	t.Log(sign)
+}
+
 func TestAccessAPI(t *testing.T) {
 	//
 	result, err := api.AccessAPI("shop.get", utils.Params2Map("baidu_shop_id", testShopBaiduID))