From 4effa9ed0d043735591ac89548bdcafce524cd80 Mon Sep 17 00:00:00 2001
From: yangduo <yangduo@kingsome.cn>
Date: Wed, 12 Feb 2025 11:32:00 +0800
Subject: [PATCH] adjust

---
 .../api/v1/mainservice/mainservice.go         | 210 ++++++++++++++++--
 server/payserver/service/wxpaybase.go         |  12 +-
 2 files changed, 198 insertions(+), 24 deletions(-)

diff --git a/server/payserver/api/v1/mainservice/mainservice.go b/server/payserver/api/v1/mainservice/mainservice.go
index 8f86892..9fdfccc 100644
--- a/server/payserver/api/v1/mainservice/mainservice.go
+++ b/server/payserver/api/v1/mainservice/mainservice.go
@@ -99,7 +99,7 @@ func (this *MainServiceApi) WxNotifyPurchase(c *gin.Context) {
 			return
 		}
 
-		smsg, appid := service.Wxpay.DecryptMsg(msg_signature, timestamp, nonce, postObj.Encrypt)
+		smsg, appid := service.Wxpay.DecryptMsg(msg_signature, timestamp, nonce, postObj.Encrypt, mt.Table.Config.GetWxNotifyToken(), mt.Table.Config.GetWxNotifyEncodingAesKey())
 		if len(smsg) == 0 || len(appid) == 0 {
 			f5.GetSysLog().Debug("decrypt data error")
 			c.JSON(200, rspObj)
@@ -291,25 +291,199 @@ func (this *MainServiceApi) WxMsgTNotify(c *gin.Context) {
 func (this *MainServiceApi) WxMsgNotify(c *gin.Context) {
 	f5.GetSysLog().Debug("wx msg notify:%s", c.Request.URL.RawQuery)
 
-	signature := c.Query("signature")
 	timestamp := c.Query("timestamp")
 	nonce := c.Query("nonce")
-	echostr := c.Query("echostr")
-	strs := []string{mt.Table.Config.GetWxMsgNotifyToken(), timestamp, nonce}
-	sort.Strings(strs)
-	sb := strings.Builder{}
-	sb.WriteString(strs[0])
-	sb.WriteString(strs[1])
-	sb.WriteString(strs[2])
-	m := sha1.New()
-	io.WriteString(m, sb.String())
-	sign := string(hex.EncodeToString(m.Sum(nil)))
 
-	f5.GetSysLog().Debug("wx msg sign:%s, %s", sign, signature)
-
-	if sign != signature {
-		c.String(200, "wrong")
-		return
+	rspObj := struct {
+		ErrorCode int32  `json:"ErrCode"`
+		ErrMsg    string `json:"ErrMsg"`
+	}{
+		ErrorCode: 99999,
+		ErrMsg:    "internal error",
 	}
-	c.String(200, echostr)
+
+	msg_signature := c.Query("msg_signature")
+	if msg_signature != "" {
+		postObj := struct {
+			ToUserName string `json:"ToUserName"` //小程序的原始 ID
+			Encrypt    string `json:"Encrypt"`
+			// FromUserName string `json:"FromUserName"` //发送者的 openid
+			// CreateTime   int64  `json:"CreateTime"`
+			// MsgType      string `json:"MsgType"`
+			// Content      string `json:"Content"`
+			// MediaId      string `json:"MediaId"`
+			// PicUrl       string `json:"PicUrl"`
+			// MsgId        int64  `json:"MsgId"`
+			// Event        string `json:"Event"`
+			// SessionFrom  string `json:"SessionFrom"`
+		}{}
+
+		if err := c.ShouldBindJSON(&postObj); err != nil {
+			rspObj.ErrorCode = 401
+			rspObj.ErrMsg = "msg post data error"
+			c.JSON(200, rspObj)
+			return
+		}
+
+		smsg, appid := service.Wxpay.DecryptMsg(msg_signature, timestamp, nonce, postObj.Encrypt, mt.Table.Config.GetWxMsgNotifyToken(), mt.Table.Config.GetWxMsgNotifyEncodingAesKey())
+		if len(smsg) == 0 || len(appid) == 0 {
+			f5.GetSysLog().Debug("decrypt msg data error")
+			c.JSON(200, rspObj)
+			return
+		}
+
+		f5.GetSysLog().Debug("wx msg decrypt msg:%s", smsg)
+
+		// wxnotifyobj := service.WxPurchaseNotify{}
+		// if json.Unmarshal(smsg, &wxnotifyobj) != nil {
+		// 	f5.GetSysLog().Debug("unmarshal data error")
+		// 	c.JSON(200, rspObj)
+		// 	return
+		// }
+
+		// gameid := int64(0)
+		// appkey := ""
+		// notifyurl := ""
+		// mt.Table.Wxconfig.Traverse(func(w *mt.Wxconfig) bool {
+		// 	if w.GetAppid() == string(appid) {
+		// 		gameid = w.GetGameid()
+		// 		appkey = w.GetAppkey()
+		// 		notifyurl = w.GetNotifyurl()
+		// 		return false
+		// 	}
+		// 	return true
+		// })
+
+		// if appkey == "" {
+		// 	f5.GetSysLog().Error("wx app config error:%s", appid)
+		// 	c.JSON(200, rspObj)
+		// 	return
+		// }
+
+		// oristr := wxnotifyobj.Event + "&" + wxnotifyobj.MiniGame.Payload
+		// sig := service.Wxpay.GenSHA256Signature(oristr, appkey)
+		// if sig != wxnotifyobj.MiniGame.PayEventSig {
+		// 	f5.GetSysLog().Error("pay event sig error:%s, %s, %s", appid, sig, wxnotifyobj.MiniGame.PayEventSig)
+		// 	c.JSON(200, rspObj)
+		// 	return
+		// }
+
+		// if wxnotifyobj.MiniGame.IsMock {
+		// 	rspObj.ErrorCode = 0
+		// 	rspObj.ErrMsg = "Success"
+		// 	c.JSON(200, rspObj)
+		// 	return
+		// }
+
+		// payloadobj := new(service.WxPayload)
+		// if json.Unmarshal([]byte(wxnotifyobj.MiniGame.Payload), &payloadobj) != nil {
+		// 	c.JSON(200, rspObj)
+		// 	return
+		// }
+
+		// envpass := true
+		// if f5.IsOnlineEnv() {
+		// 	if payloadobj.Env != 0 {
+		// 		f5.GetSysLog().Error("notify test info to prod url")
+		// 		envpass = false
+		// 	}
+		// } else {
+		// 	if payloadobj.Env != 1 {
+		// 		f5.GetSysLog().Error("notify prod info to test url")
+		// 		envpass = false
+		// 	}
+		// }
+
+		// if !envpass {
+		// 	c.JSON(200, rspObj)
+		// 	return
+		// }
+
+		// orderModel := new(model.InAppOrder)
+		// if err, found := orderModel.FindByOrderId(payloadobj.OutTradeNo); err != nil {
+		// 	c.JSON(200, rspObj)
+		// 	return
+		// } else if !found {
+		// 	c.JSON(200, rspObj)
+		// 	return
+		// }
+
+		// if orderModel.ItemId != q5.SafeToInt32(payloadobj.GoodsInfo.ProductId) {
+		// 	c.JSON(200, rspObj)
+		// 	return
+		// }
+
+		// if orderModel.Status > 1 {
+		// 	rspObj.ErrorCode = 0
+		// 	rspObj.ErrMsg = "Success"
+		// 	c.JSON(200, rspObj)
+		// 	return
+		// }
+
+		// rediskey := "ls:accountid:" + orderModel.AccountId
+		// str, err := service.Redis.Get(constant.LOGIN_REDIS, rediskey)
+		// if err != nil {
+		// 	c.JSON(200, rspObj)
+		// 	return
+		// }
+
+		// data := map[string]interface{}{}
+		// if json.Unmarshal([]byte(str), &data) != nil {
+		// 	c.JSON(200, rspObj)
+		// 	return
+		// }
+
+		// openid := q5.SafeToString(data["openid"])
+		// if openid != payloadobj.OpenId {
+		// 	c.JSON(200, rspObj)
+		// 	return
+		// }
+
+		// orderModel.GameId = int32(gameid)
+		// f5.GetSysLog().Debug("notify url:%s, %s", appid, notifyurl)
+
+		// nowtimestr := q5.SafeToString(f5.GetApp().GetRealSeconds())
+		// originstr := "account_id=" + orderModel.AccountId
+		// originstr += "&goodsid=" + payloadobj.GoodsInfo.ProductId
+		// originstr += "&orderid=" + orderModel.OrderId
+		// originstr += "&amount=" + q5.SafeToString(payloadobj.GoodsInfo.ActualPrice)
+		// originstr += ":" + nowtimestr + constant.NOFITY_GAMESERVER_SALT
+		// params := map[string]string{
+		// 	"c":          "Recharge",
+		// 	"a":          "purchaseNotify",
+		// 	"account_id": orderModel.AccountId,
+		// 	"orderid":    orderModel.OrderId,
+		// 	"timestamp":  nowtimestr,
+		// 	"goodsid":    payloadobj.GoodsInfo.ProductId,
+		// 	"amount":     q5.SafeToString(payloadobj.GoodsInfo.ActualPrice),
+		// 	"sign":       q5.Md5Str(originstr),
+		// }
+		// f5.GetHttpCliMgr().SendGoStyleRequest(
+		// 	notifyurl,
+		// 	params,
+		// 	func(hcr f5.HttpCliResponse) {
+		// 		if hcr.GetErr() != nil {
+		// 			return
+		// 		}
+
+		// 		gamerspObj := struct {
+		// 			ErrCode int64  `json:"errcode"`
+		// 			ErrMsg  string `json:"errmsg"`
+		// 		}{}
+
+		// 		f5.GetSysLog().Debug("get game rsp:%s", hcr.GetRawData())
+		// 		if json.Unmarshal([]byte(hcr.GetRawData()), &gamerspObj) != nil {
+		// 			return
+		// 		}
+
+		// 		if gamerspObj.ErrCode == 0 {
+		// 			orderModel.Status = 2
+		// 			orderModel.UpdateFields([]string{"status"})
+		// 			rspObj.ErrorCode = 0
+		// 			rspObj.ErrMsg = "Success"
+		// 		}
+		// 	})
+	}
+
+	// c.JSON(200, rspObj)
 }
diff --git a/server/payserver/service/wxpaybase.go b/server/payserver/service/wxpaybase.go
index c5d39c7..5803941 100644
--- a/server/payserver/service/wxpaybase.go
+++ b/server/payserver/service/wxpaybase.go
@@ -34,10 +34,10 @@ func (wp *wxpay) GetPurchaseSig(gameid int64, data string, sessionkey string) (p
 
 }
 
-func (wp *wxpay) DecryptMsg(sMsgSignature string, sTimeStamp string, sNonce string, sEncryptMsg string) (sMsg []byte, msgappid []byte) {
+func (wp *wxpay) DecryptMsg(sMsgSignature string, sTimeStamp string, sNonce string, sEncryptMsg string, token string, aeskey string) (sMsg []byte, msgappid []byte) {
 
 	// 2.validate signature
-	if !wp.ValidateSignature(sMsgSignature, sTimeStamp, sNonce, sEncryptMsg) {
+	if !wp.ValidateSignature(sMsgSignature, sTimeStamp, sNonce, sEncryptMsg, token) {
 		return
 	}
 
@@ -48,7 +48,7 @@ func (wp *wxpay) DecryptMsg(sMsgSignature string, sTimeStamp string, sNonce stri
 	}
 
 	//4.decode aes
-	sAesKey := wp.GenAesKeyFromEncodingKey(mt.Table.Config.GetWxNotifyEncodingAesKey())
+	sAesKey := wp.GenAesKeyFromEncodingKey(aeskey)
 	if len(sAesKey) == 0 {
 		return
 	}
@@ -72,8 +72,8 @@ func (wp *wxpay) DecryptMsg(sMsgSignature string, sTimeStamp string, sNonce stri
 	return
 }
 
-func (wp *wxpay) ValidateSignature(sMsgSignature string, sTimeStamp string, sNonce string, sEncryptMsg string) bool {
-	sSignature := wp.ComputeSignature(mt.Table.Config.GetWxNotifyToken(), sTimeStamp, sNonce, sEncryptMsg)
+func (wp *wxpay) ValidateSignature(sMsgSignature string, sTimeStamp string, sNonce string, sEncryptMsg string, token string) bool {
+	sSignature := wp.ComputeSignature(token, sTimeStamp, sNonce, sEncryptMsg)
 	if sSignature == "" {
 		return false
 	}
@@ -106,7 +106,7 @@ func (wp *wxpay) ComputeSignature(sToken string, sTimeStamp string, sNonce strin
 }
 
 func (wp *wxpay) GenAesKeyFromEncodingKey(sEncodingKey string) (aeskey []byte) {
-	if len(sEncodingKey) != len(mt.Table.Config.GetWxNotifyEncodingAesKey()) {
+	if len(sEncodingKey) != constant.WX_ENCODING_KEY_SIZE {
 		return
 	}