From dcb4b59b0c62e50a96d913c5fe65102c88d0870e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=82=B9=E5=AE=97=E6=A5=A0?= <zouzongnan1995@icloud.com>
Date: Thu, 29 Jun 2023 17:41:43 +0800
Subject: [PATCH] 1

---
 controllers/taobao_vegetable.go | 28 ++++++++++++++++------------
 1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/controllers/taobao_vegetable.go b/controllers/taobao_vegetable.go
index 2f064f383..17570c62d 100644
--- a/controllers/taobao_vegetable.go
+++ b/controllers/taobao_vegetable.go
@@ -104,11 +104,11 @@ func (c *TaoBaoVegetableController) OrderStatus() {
 		c.Data["json"] = tao_vegetable.CallBackResultSign(fmt.Errorf("非法签名"))
 		c.ServeJSON()
 		return
-	} else {
+	} /*else {
 		c.Data["json"] = tao_vegetable.CallBackResultSign(nil)
 		c.ServeJSON()
 		return
-	}
+	}*/
 
 	callbackResponse := taoVegetable.OnCallbackMsg(tao_vegetable.OrderStatusChange, utils.Int64ToStr(order.BizOrderId), order)
 	c.Data["json"] = callbackResponse
@@ -142,15 +142,15 @@ func (c *TaoBaoVegetableController) ApplyCancelOrder() {
 
 	// 验签
 	sign := Sign(values, utils.Format4Output(afsOrder, false), api.TaoVegetableApi.GetAppSecret())
-	if sign != values.Get("sign") {
+	if sign != values.Get("sign") { // 76626F983F0F7E4A159AD64F9B13B332
 		c.Data["json"] = tao_vegetable.CallBackResultSign(fmt.Errorf("非法签名"))
 		c.ServeJSON()
 		return
-	} else {
+	} /*else {
 		c.Data["json"] = tao_vegetable.CallBackResultSign(nil)
 		c.ServeJSON()
 		return
-	}
+	}*/
 
 	callbackResponse := taoVegetable.OnCallbackMsg(tao_vegetable.OrderStatusApplyAfs, afsOrder.OutOrderId, afsOrder)
 	c.Data["json"] = callbackResponse
@@ -188,11 +188,11 @@ func (c *TaoBaoVegetableController) UserCancelRefund() {
 		c.Data["json"] = tao_vegetable.CallBackResultSign(fmt.Errorf("非法签名"))
 		c.ServeJSON()
 		return
-	} else {
+	} /*else {
 		c.Data["json"] = tao_vegetable.CallBackResultSign(nil)
 		c.ServeJSON()
 		return
-	}
+	}*/
 
 	callbackResponse := taoVegetable.OnCallbackMsg(tao_vegetable.OrderStatusCancelAfs, afsOrder.OutOrderId, afsOrder)
 	c.Data["json"] = callbackResponse
@@ -230,11 +230,11 @@ func (c *TaoBaoVegetableController) CancelOnSaleRefundOrder() {
 		c.Data["json"] = tao_vegetable.CallBackResultSign(fmt.Errorf("非法签名"))
 		c.ServeJSON()
 		return
-	} else {
+	} /*else {
 		c.Data["json"] = tao_vegetable.CallBackResultSign(nil)
 		c.ServeJSON()
 		return
-	}
+	}*/
 
 	callbackResponse := taoVegetable.OnCallbackMsg(tao_vegetable.OrderStatusOnSaleCancel, utils.Int64ToStr(afsOrder.PartCancelRequest.BizOrderId), afsOrder)
 	c.Data["json"] = callbackResponse
@@ -271,11 +271,11 @@ func (c *TaoBaoVegetableController) RefundOrderSuccess() {
 		c.Data["json"] = tao_vegetable.CallBackResultSign(fmt.Errorf("非法签名"))
 		c.ServeJSON()
 		return
-	} else {
+	} /*else {
 		c.Data["json"] = tao_vegetable.CallBackResultSign(nil)
 		c.ServeJSON()
 		return
-	}
+	}*/
 
 	callbackResponse := taoVegetable.OnCallbackMsg(tao_vegetable.OrderStatusRefundSuccess, refundSuccess.OutSubOrderId, refundSuccess)
 	c.Data["json"] = callbackResponse
@@ -293,6 +293,10 @@ func Sign(param url.Values, data, secret string) string {
 	}
 
 	sort.Strings(publicParam)
-	cc := secret + strings.Join(publicParam, "") + strings.ReplaceAll(strings.ReplaceAll(strings.ReplaceAll(data, "\n", ""), "\t", ""), " ", "") + secret
+	resultParam := strings.ReplaceAll(strings.ReplaceAll(strings.ReplaceAll(data, "\n", ""), "\t", ""), " ", "")
+	if strings.Contains(resultParam, `\u0026`) {
+		resultParam = strings.ReplaceAll(resultParam, `\u0026`, "&")
+	}
+	cc := secret + strings.Join(publicParam, "") + resultParam + secret
 	return fmt.Sprintf("%X", md5.Sum([]byte(cc)))
 }