update inapp_shop callback

bin/wheelserver/config/config.json

@@ -1,2 +1,3 @@
 {
+    "shop_secret": "iG4Rpsa)6U31$H#^T85$^^3\""
 }

server/wheelserver/api/v1/inapp_shop/inapp_shop.go

@@ -115,12 +115,12 @@ func (this *InAppShopApi) Callback(c *gin.Context) {
 		strb.WriteString(q5.SafeToString(rec[k]))
 	}
 
-	secret:= `iG4Rpsa)6U31$H#^T85$^^3"`
+	secret := mt.Table.Config.GetShopSecret()
 	mac := hmac.New(sha256.New, []byte(secret))
 	_, _ = mac.Write([]byte(strb.String()))
 
 	sign := string(mac.Sum(nil))
-	if sign != reqObj.Signature {
+	if strings.EqualFold(strings.ToLower(sign), strings.ToLower(reqObj.Signature)) {
 		f5.RspErr(c, 401, "invalid sign")
 		return
 	}
@@ -135,11 +135,17 @@ func (this *InAppShopApi) Callback(c *gin.Context) {
 		return
 	}
 
-	orderModel.Status = q5.SafeToInt32(rec["status"])
+	status := q5.SafeToInt32(rec["status"])
+	if status <= orderModel.Status {
+		f5.RspErr(c, 401, "invalid status")
+		return
+	}
+
+	orderModel.Status = status
 	if orderModel.UpdateFields([]string{"status"}) != nil {
 		f5.RspErr(c, 500, "server internal error")
 		return
 	}
 
-	c.JSON(200,"")
+	f5.RspErr(c, 0, "")
 }

server/wheelserver/model/inapp_order.go

@@ -39,12 +39,19 @@ func (this *InAppOrder) UpdateFields(fields []string) error {
 }
 
 func (this *InAppOrder) Find(accountId string, orderId string) (error, bool) {
-	if result := f5.GetApp().GetOrmDb(constant.WHEEL_DB).Table(this.TableName()).Take(
+	// if result := f5.GetApp().GetOrmDb(constant.WHEEL_DB).Table(this.TableName()).Take(
-		this, "account_id = ? AND order_id = ?", accountId, orderId); result.Error != nil &&
+	// 	this, "account_id = ? AND order_id = ?", accountId, orderId); result.Error != nil &&
-		!errors.Is(result.Error, gorm.ErrRecordNotFound) {
+	// 	!errors.Is(result.Error, gorm.ErrRecordNotFound) {
-		return result.Error, false
+	// 	return result.Error, false
+	// } else {
+	// 	return nil, result.RowsAffected > 0
+	// }
+
+	err, ok := this.FindByOrderId(orderId)
+	if err != nil {
+		return err, false
 	} else {
-		return nil, result.RowsAffected > 0
+		return nil, ok && this.AccountId == accountId
 	}
 }
 

server/wheelserver/mt/Config.go

@@ -20,3 +20,7 @@ func (this *ConfigTable) PostInit1() {
 		panic("无法读取config.json")
 	}
 }
+
+func (this *ConfigTable) GetShopSecret() string {
+	return this.selfConf.GetShopSecret()
+}

server/wheelserver/mtb/mtb.auto_gen.go

@@ -116,6 +116,7 @@ type ShopGoods struct {
 }
 
 type Config struct {
+        shop_secret string
 
         _flags1_ uint64
         _flags2_ uint64
@@ -481,6 +482,14 @@ func (this *ShopGoods) HasItemId() bool {
         return (this._flags1_ & (uint64(1) << 3)) > 0
 }
 
+func (this *Config) GetShopSecret() string {
+        return this.shop_secret
+}
+
+func (this *Config) HasShopSecret() bool {
+        return (this._flags1_ & (uint64(1) << 1)) > 0
+}
+
 
 func (this *WheelServerCluster) LoadFromKv(kv map[string]interface{}) {
         f5.ReadMetaTableField(&this.instance_id, "instance_id", &this._flags1_, 1, kv)
@@ -561,4 +570,5 @@ func (this *ShopGoods) LoadFromKv(kv map[string]interface{}) {
 }
 
 func (this *Config) LoadFromKv(kv map[string]interface{}) {
+        f5.ReadMetaTableField(&this.shop_secret, "shop_secret", &this._flags1_, 1, kv)
 }

server/wheelserver/proto/mt.proto

@@ -93,4 +93,5 @@ message ShopGoods
 
 message Config
 {
+    optional string shop_secret = 1;
 }