Skip to content

fix: resolve EPay signature verification failure caused by missing POST data #122

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
hainingning wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix: resolve EPay signature verification failure caused by missing POST data #122

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 23 additions & 18 deletions internal/logic/notify/ePayNotifyLogic.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ package notify

import (
"encoding/json"
"net/url"

"github.com/perfect-panel/server/pkg/constant"

Expand Down Expand Up @@ -37,14 +36,13 @@ func NewEPayNotifyLogic(ctx *gin.Context, svcCtx *svc.ServiceContext) *EPayNotif
}

func (l *EPayNotifyLogic) EPayNotify(req *types.EPayNotifyRequest) error {

// Find payment config
data, ok := l.ctx.Request.Context().Value(constant.CtxKeyPayment).(*payment.Payment)
if !ok {
l.Logger.Error("[EPayNotify] Payment not found in context")
return errors.Wrapf(xerr.NewErrCode(xerr.ERROR), "payment config not found")
}
l.Infof("[EPayNotify] Payment config: %+v", data)

orderInfo, err := l.svcCtx.OrderModel.FindOneByOrderNo(l.ctx, req.OutTradeNo)
if err != nil {
l.Logger.Error("[EPayNotify] Find order failed", logger.Field("error", err.Error()), logger.Field("orderNo", req.OutTradeNo))
Expand All @@ -56,12 +54,30 @@ func (l *EPayNotifyLogic) EPayNotify(req *types.EPayNotifyRequest) error {
l.Logger.Errorw("[EPayNotify] Unmarshal config failed", logger.Field("error", err.Error()))
return err
}
// Verify sign

// Verify sign: must include all parameters from both Query and Body (Form)
if err := l.ctx.Request.ParseForm(); err != nil {
l.Logger.Errorw("[EPayNotify] ParseForm failed", logger.Field("error", err.Error()))
}

params := make(map[string]string)
// Collect GET and POST parameters
for k, v := range l.ctx.Request.Form {
if len(v) > 0 {
params[k] = v[0]
}
}

client := epay.NewClient(config.Pid, config.Url, config.Key, config.Type)
if !client.VerifySign(urlParamsToMap(l.ctx.Request.URL.RawQuery)) && !l.svcCtx.Config.Debug {
l.Logger.Error("[EPayNotify] Verify sign failed")
return nil
if !client.VerifySign(params) && !l.svcCtx.Config.Debug {
l.Logger.Error("[EPayNotify] Verify sign failed",
logger.Field("orderNo", req.OutTradeNo),
logger.Field("receivedParams", params),
logger.Field("method", l.ctx.Request.Method),
)
return errors.New("verify sign failed")
}

if req.TradeStatus != "TRADE_SUCCESS" {
l.Logger.Error("[EPayNotify] Trade status is not success", logger.Field("orderNo", req.OutTradeNo), logger.Field("tradeStatus", req.TradeStatus))
return nil
Expand Down Expand Up @@ -93,14 +109,3 @@ func (l *EPayNotifyLogic) EPayNotify(req *types.EPayNotifyRequest) error {
l.Logger.Info("[EPayNotify] Enqueue task success", logger.Field("taskInfo", taskInfo))
return nil
}

func urlParamsToMap(query string) map[string]string {
params := make(map[string]string)
values, _ := url.ParseQuery(query)
for k, v := range values {
if len(v) > 0 {
params[k] = v[0]
}
}
return params
}