diff --git a/src/controllers/alchemy.controller.ts b/src/controllers/alchemy.controller.ts index 17b7594..a363d6f 100644 --- a/src/controllers/alchemy.controller.ts +++ b/src/controllers/alchemy.controller.ts @@ -84,8 +84,8 @@ class AlchemyController extends BaseController { setImmediate(() => { reportPayResult(record) }) + throw new ZError(payRes.returnCode, payRes.returnMsg) } - return { url: payRes.data.payUrl } } @router('post /pay/alchemy/buypage') diff --git a/src/controllers/alchemyout.controller.ts b/src/controllers/alchemyout.controller.ts index d9bb021..e32b3ec 100644 --- a/src/controllers/alchemyout.controller.ts +++ b/src/controllers/alchemyout.controller.ts @@ -2,13 +2,14 @@ import logger from 'logger/logger' import BaseController, { ROLE_ANON } from 'common/base.controller' import { ZError } from 'common/ZError' import { role, router } from 'decorators/router' -import { checkPayResultSign, checkSimpleSign } from 'service/alchemy.svr' +import { checkPayResultSign, checkSha1Sign, checkSimpleSign } from 'service/alchemy.svr' import { PayRecord, PayStatus } from 'modules/PayRecord' import { TransferQueue } from 'queue/transfer.queue' import { TransferRecord } from 'modules/TransferRecord' import { reportPayResult } from 'service/game.svr' let errorRes = function (msg: string) { + logger.info(`error res: ${msg}`) return { direct: 1, data: null, @@ -25,6 +26,7 @@ class AlchemyOutController extends BaseController { @router('post /pay/out/alchemy/buycb') async alchemyCallback(req, res) { let { orderNo, status, crypto, network, merchantOrderNo } = req.params + logger.info(`alchemy callback: ${orderNo}, ${status}, ${crypto}, ${network}, ${merchantOrderNo}`) if (!merchantOrderNo) { logger.info(`alchemy callback merchantOrderNo not found`) throw new ZError(11, 'alchemy callback merchantOrderNo not found') @@ -75,7 +77,9 @@ class AlchemyOutController extends BaseController { @router('get /pay/out/alchemy/queryprice') async queryToken(req, res) { const { crypto } = req.params + logger.info(`alchemy query price: ${crypto}`) let { appId, appid, timestamp, sign } = req.headers + logger.info(`alchemy query price headers: ${appid}, ${timestamp}, ${sign}`) if (!crypto) { return errorRes('params mismatch') } @@ -83,7 +87,7 @@ class AlchemyOutController extends BaseController { if (!appId || !timestamp || !sign) { return errorRes('headers mismatch') } - if (!checkSimpleSign(req.headers, { crypto })) { + if (!checkSha1Sign(req.headers)) { return errorRes('sign error') } let result = { @@ -92,7 +96,7 @@ class AlchemyOutController extends BaseController { price: '1.0', networkList: [ { - network: 'ETH', + network: 'AGOR', networkFee: '0.037', }, ], @@ -106,22 +110,25 @@ class AlchemyOutController extends BaseController { /** * 通知商户打币 - * TODO::test */ @role(ROLE_ANON) @router('post /pay/out/alchemy/distribute') async distributeToken(req, res) { const { orderNo, crypto, network, address, cryptoAmount, cryptoPrice, usdtAmount } = req.params + logger.info( + `alchemy distributeToken: orderNo: ${orderNo}, crypto: ${crypto}, network: ${network}, address: ${address}, cryptoAmount: ${cryptoAmount}, cryptoPrice: ${cryptoPrice}, usdtAmount: ${usdtAmount}`, + ) let { appId, appid, timestamp, sign } = req.headers + logger.info(`alchemy distributeToken: appId: ${appId || appid}, timestamp: ${timestamp}, sign: ${sign}`) if (!orderNo || !crypto || !network || !address || !cryptoAmount || !cryptoPrice || !usdtAmount) { return errorRes('params mismatch') } appId = appId || appid - if (!appId || !timestamp || !sign) { + if (!timestamp || !sign) { return errorRes('headers mismatch') } - let signData = { orderNo, crypto, network, address, cryptoAmount, cryptoPrice, usdtAmount } - if (!checkSimpleSign(req.headers, signData)) { + // let signData = { orderNo, crypto, network, address, cryptoAmount, cryptoPrice, usdtAmount } + if (!checkSha1Sign(req.headers)) { return errorRes('sign error') } diff --git a/src/modules/Account.ts b/src/modules/Account.ts index 0027215..de979ac 100644 --- a/src/modules/Account.ts +++ b/src/modules/Account.ts @@ -12,6 +12,7 @@ export enum PlatEnum { TWITTER = 4, TELEGRAM = 5, EMAIL = 6, + DISCORD = 7, } /** diff --git a/src/service/alchemy.svr.ts b/src/service/alchemy.svr.ts index def0822..ada991a 100644 --- a/src/service/alchemy.svr.ts +++ b/src/service/alchemy.svr.ts @@ -2,6 +2,7 @@ import axios from 'axios' import { hmacsha256, sha1 } from 'utils/security.util' import crypto from 'crypto' import { generateKVStr } from 'utils/net.util' +import logger from 'logger/logger' export function createSimpleSign(data: any) { let timestamp = Date.now() @@ -40,7 +41,7 @@ export function createSha1Sign() { */ export function checkPayResultSign(data: any) { const { appId, orderNo, crypto, network, address, signature } = data - const sign = hmacsha256(appId + orderNo + crypto + network + address, process.env.ALCHEMY_APP_SECRET) + const sign = sha1(appId + process.env.ALCHEMY_APP_SECRET + appId + orderNo + crypto + network + address) return sign === signature } @@ -55,6 +56,7 @@ export function checkSimpleSign(headers: any, data: any) { .map(key => `${key}=${signData[key]}`) .join('&') const expectedSign = hmacsha256(signStr, process.env.ALCHEMY_APP_SECRET) + logger.info('compare sign: ', sign, expectedSign) // const expectedSign = sha1(appIdToCheck + process.env.ALCHEMY_APP_SECRET + timestamp) return sign === expectedSign } @@ -83,6 +85,12 @@ export function createPageSign(plainText: string) { return null } +export function checkSha1Sign(headers: any) { + const { appid, appId, timestamp, sign } = headers + let appIdToCheck = appId || appid || process.env.ALCHEMY_APPID + const expectedSign = sha1(appIdToCheck + process.env.ALCHEMY_APP_SECRET + timestamp) + return sign === expectedSign +} /** * Refresh token * https://alchemycn.readme.io/docs/获取token