diff --git a/platformapi/ebaiapi/callback.go b/platformapi/ebaiapi/callback.go index 2dd1f6e9..5892239a 100644 --- a/platformapi/ebaiapi/callback.go +++ b/platformapi/ebaiapi/callback.go @@ -15,6 +15,7 @@ type CallbackResponse struct { Sign string `json:"sign"` Source string `json:"source"` Ticket string `json:"ticket"` + Encrypt string `json:"encrypt"` Timestamp int64 `json:"timestamp"` Version int `json:"version"` Body *ResponseResult `json:"body"` @@ -54,6 +55,8 @@ func (a *API) Err2CallbackResponse(cmd string, err error, data interface{}) *Cal "ticket": []string{response.Ticket}, "source": []string{response.Source}, "body": []string{string(utils.MustMarshal(response.Body))}, + secretKey: []string{a.secret}, + "encrypt": []string{""}, } response.Sign = a.signParams(params) return response @@ -68,7 +71,12 @@ func (a *API) unmarshalData(cmd string, data []byte, msg interface{}) (callbackR } func (a *API) CheckCallbackValidation(request *http.Request) (callbackResponse *CallbackResponse) { - sign := a.signParams(request.PostForm) + params := make(url.Values) + for k, v := range request.PostForm { + params[k] = v + } + params[secretKey] = []string{a.secret} + sign := a.signParams(params) if sign != request.FormValue(signKey) { msg := fmt.Sprintf("Signature is not ok, mine:%v, get:%v", sign, request.FormValue(signKey)) baseapi.SugarLogger.Info(msg) diff --git a/platformapi/ebaiapi/ebaiapi.go b/platformapi/ebaiapi/ebaiapi.go index b6e9b287..418d33f0 100644 --- a/platformapi/ebaiapi/ebaiapi.go +++ b/platformapi/ebaiapi/ebaiapi.go @@ -8,6 +8,7 @@ import ( "sort" "strings" + "git.rosy.net.cn/baseapi" "git.rosy.net.cn/baseapi/platformapi" "git.rosy.net.cn/baseapi/utils" ) @@ -15,7 +16,8 @@ import ( const ( prodURL = "https://api-be.ele.me/" - signKey = "sign" + signKey = "sign" + secretKey = "secret" ) const ( CmdOrderCreate = "order.create" @@ -64,6 +66,7 @@ func (a *API) signParams(params url.Values) string { sort.Strings(keyValues) finalStr := strings.Join(keyValues, "&") + baseapi.SugarLogger.Debug(finalStr) // baseapi.SugarLogger.Debugf("sign str:%v", finalStr) return fmt.Sprintf("%X", md5.Sum([]byte(finalStr))) } @@ -79,7 +82,7 @@ func (a *API) AccessAPI(cmd string, body map[string]interface{}) (retVal *Respon "ticket": []string{utils.GetUpperUUID()}, "source": []string{a.source}, "body": []string{string(utils.MustMarshal(body))}, - "secret": []string{a.secret}, + secretKey: []string{a.secret}, "encrypt": []string{a.encrypt}, } params[signKey] = []string{a.signParams(params)} diff --git a/platformapi/ebaiapi/ebaiapi_test.go b/platformapi/ebaiapi/ebaiapi_test.go index 0bde63e1..42a7bf8e 100644 --- a/platformapi/ebaiapi/ebaiapi_test.go +++ b/platformapi/ebaiapi/ebaiapi_test.go @@ -1,6 +1,8 @@ package ebaiapi import ( + "net/url" + "strings" "testing" "git.rosy.net.cn/baseapi" @@ -34,6 +36,19 @@ func TestTest(t *testing.T) { sugarLogger.Debug(utils.GetCurTimeStr()) } +func TestSign(t *testing.T) { + reqBody := "cmd=order.status.push×tamp=1538045409&version=3&ticket=A3DF9D06-F1E3-5C9A-46FF-279C9A19B5ED&source=63032&body={\"order_id\":15380342248732,\"status\":9}&sign=CE817F2599F5E45736BEE6E3B350C086&encrypt=" + kvs := strings.Split(reqBody, "&") + values := make(url.Values, len(kvs)) + for _, v := range kvs { + kv := strings.Split(v, "=") + values[kv[0]] = []string{kv[1]} + } + values["secret"] = []string{api.secret} + sign := api.signParams(values) + t.Log(sign) +} + func TestAccessAPI(t *testing.T) { // result, err := api.AccessAPI("shop.get", utils.Params2Map("baidu_shop_id", testShopBaiduID))