diff --git a/bin/wheelserver/config/config.json b/bin/wheelserver/config/config.json index 2c63c085..a5e552cd 100644 --- a/bin/wheelserver/config/config.json +++ b/bin/wheelserver/config/config.json @@ -1,2 +1,3 @@ { + "shop_secret": "iG4Rpsa)6U31$H#^T85$^^3\"" } diff --git a/server/wheelserver/api/v1/inapp_shop/inapp_shop.go b/server/wheelserver/api/v1/inapp_shop/inapp_shop.go index dd1555de..090b5365 100644 --- a/server/wheelserver/api/v1/inapp_shop/inapp_shop.go +++ b/server/wheelserver/api/v1/inapp_shop/inapp_shop.go @@ -25,7 +25,7 @@ func (this *InAppShopApi) Purchase(c *gin.Context) { return } reqJson := struct { - GoodsId int32 `json:"goods_id"` + GoodsId int32 `json:"goods_id"` GoodsNum int32 `json:"goods_num"` }{} if err := c.ShouldBindJSON(&reqJson); err != nil { @@ -67,7 +67,7 @@ func (this *InAppShopApi) OrderInfo(c *gin.Context) { } orderId := c.Param("order_id") orderModel := new(model.InAppOrder) - if err, found := orderModel.Find(s.GetAccountId(), orderId); err != nil { + if err, found := orderModel.Find(s.GetAccountId(), orderId); err != nil { f5.RspErr(c, 500, "server internal error") return } else if !found { @@ -78,7 +78,7 @@ func (this *InAppShopApi) OrderInfo(c *gin.Context) { vo.BaseVo Data struct { OrderId string `json:"order_id"` - Status int32 `json:"status"` + Status int32 `json:"status"` } `json:"data"` }{} rspObj.Data.OrderId = orderModel.OrderId @@ -88,9 +88,9 @@ func (this *InAppShopApi) OrderInfo(c *gin.Context) { func (this *InAppShopApi) Callback(c *gin.Context) { reqObj := struct { - Channel string `json:"channel"` - Records []map[string]interface{} `json:"records"` - Signature string `json:"sign"` + Channel string `json:"channel"` + Records []map[string]interface{} `json:"records"` + Signature string `json:"sign"` }{} if err := c.ShouldBindJSON(&reqObj); err != nil || len(reqObj.Records) == 0 { @@ -115,31 +115,37 @@ func (this *InAppShopApi) Callback(c *gin.Context) { strb.WriteString(q5.SafeToString(rec[k])) } - secret:= `iG4Rpsa)6U31$H#^T85$^^3"` + secret := mt.Table.Config.GetShopSecret() mac := hmac.New(sha256.New, []byte(secret)) - _, _ = mac.Write([]byte(strb.String())) + _, _ = mac.Write([]byte(strb.String())) - sign := string(mac.Sum(nil)) - if sign != reqObj.Signature { + sign := string(mac.Sum(nil)) + if strings.EqualFold(strings.ToLower(sign), strings.ToLower(reqObj.Signature)) { f5.RspErr(c, 401, "invalid sign") return } orderId := q5.SafeToString(rec["orderId"]) orderModel := new(model.InAppOrder) - if err, found := orderModel.FindByOrderId(orderId); err != nil { + if err, found := orderModel.FindByOrderId(orderId); err != nil { f5.RspErr(c, 500, "server internal error") return } else if !found { f5.RspErr(c, 1, "order not found") return } - - orderModel.Status = q5.SafeToInt32(rec["status"]) + + status := q5.SafeToInt32(rec["status"]) + if status <= orderModel.Status { + f5.RspErr(c, 401, "invalid status") + return + } + + orderModel.Status = status if orderModel.UpdateFields([]string{"status"}) != nil { f5.RspErr(c, 500, "server internal error") return } - c.JSON(200,"") + f5.RspErr(c, 0, "") } diff --git a/server/wheelserver/model/inapp_order.go b/server/wheelserver/model/inapp_order.go index 7cc566c5..acf650f4 100644 --- a/server/wheelserver/model/inapp_order.go +++ b/server/wheelserver/model/inapp_order.go @@ -39,12 +39,19 @@ func (this *InAppOrder) UpdateFields(fields []string) error { } func (this *InAppOrder) Find(accountId string, orderId string) (error, bool) { - if result := f5.GetApp().GetOrmDb(constant.WHEEL_DB).Table(this.TableName()).Take( - this, "account_id = ? AND order_id = ?", accountId, orderId); result.Error != nil && - !errors.Is(result.Error, gorm.ErrRecordNotFound) { - return result.Error, false + // if result := f5.GetApp().GetOrmDb(constant.WHEEL_DB).Table(this.TableName()).Take( + // this, "account_id = ? AND order_id = ?", accountId, orderId); result.Error != nil && + // !errors.Is(result.Error, gorm.ErrRecordNotFound) { + // return result.Error, false + // } else { + // return nil, result.RowsAffected > 0 + // } + + err, ok := this.FindByOrderId(orderId) + if err != nil { + return err, false } else { - return nil, result.RowsAffected > 0 + return nil, ok && this.AccountId == accountId } } diff --git a/server/wheelserver/mt/Config.go b/server/wheelserver/mt/Config.go index 2e5d8a0a..8d9289c8 100644 --- a/server/wheelserver/mt/Config.go +++ b/server/wheelserver/mt/Config.go @@ -20,3 +20,7 @@ func (this *ConfigTable) PostInit1() { panic("无法读取config.json") } } + +func (this *ConfigTable) GetShopSecret() string { + return this.selfConf.GetShopSecret() +} diff --git a/server/wheelserver/mtb/mtb.auto_gen.go b/server/wheelserver/mtb/mtb.auto_gen.go index 908d893f..319ad60c 100644 --- a/server/wheelserver/mtb/mtb.auto_gen.go +++ b/server/wheelserver/mtb/mtb.auto_gen.go @@ -116,6 +116,7 @@ type ShopGoods struct { } type Config struct { + shop_secret string _flags1_ uint64 _flags2_ uint64 @@ -481,6 +482,14 @@ func (this *ShopGoods) HasItemId() bool { return (this._flags1_ & (uint64(1) << 3)) > 0 } +func (this *Config) GetShopSecret() string { + return this.shop_secret +} + +func (this *Config) HasShopSecret() bool { + return (this._flags1_ & (uint64(1) << 1)) > 0 +} + func (this *WheelServerCluster) LoadFromKv(kv map[string]interface{}) { f5.ReadMetaTableField(&this.instance_id, "instance_id", &this._flags1_, 1, kv) @@ -561,4 +570,5 @@ func (this *ShopGoods) LoadFromKv(kv map[string]interface{}) { } func (this *Config) LoadFromKv(kv map[string]interface{}) { + f5.ReadMetaTableField(&this.shop_secret, "shop_secret", &this._flags1_, 1, kv) } diff --git a/server/wheelserver/proto/mt.proto b/server/wheelserver/proto/mt.proto index 68710b1c..fda7a0e3 100644 --- a/server/wheelserver/proto/mt.proto +++ b/server/wheelserver/proto/mt.proto @@ -93,4 +93,5 @@ message ShopGoods message Config { + optional string shop_secret = 1; }