支付服务统一退款添加退款前签名校验，保证资金安全

3 years ago · 88caf1747a
9 changed files with 248 additions and 13 deletions
--- a/bnyer-common/bnyer-common-core/src/main/java/com/bnyer/common/core/enums/ResponseEnum.java
+++ b/bnyer-common/bnyer-common-core/src/main/java/com/bnyer/common/core/enums/ResponseEnum.java
@ -11,26 +11,24 @@ public enum ResponseEnum {
    SERVER_ERROR(500, "系统繁忙,请稍候重试!"),
    NOT_AUTH(500, "未登录!"),
    PARAM_ERROR(400, "参数异常！"),
-    NOT_EXIST(110001, "查询为空"),
-    PAY_CONFIG_ERROR(110002, "支付配置未启用或未配置！"),


-    //======================订单异常========================
-
+    //======================业务异常========================
+    NOT_EXIST(110001, "查询为空"),
+    PAY_CONFIG_ERROR(110002, "支付配置未启用或未配置！"),
    /**
     * 订单已过期，当前端看到该状态码的时候，提示订单信息已过期，请重新确认后提交，此时用户点击确定，前端刷新页面。
     */
-    ORDER_EXPIRED(210001, "订单已过期"),
-
+    ORDER_EXPIRED(110003, "订单已过期"),
    /**
     * 请勿重复提交订单，
     * 1.当前端遇到该异常时，说明前端防多次点击没做好
     * 2.提示用户 订单已发生改变，请勿重复下单
     */
-    REPEAT_ORDER(210002,"请勿重复提交订单"),
-
-    ORDER_CANCEL(210003, "该订单已取消，请重新下单！"),
-    ORDER_REPEAT_PAY(210004, "该订单已支付，请勿重复支付！"),
+    REPEAT_ORDER(110004,"请勿重复提交订单"),
+    ORDER_CANCEL(110005, "该订单已取消，请重新下单！"),
+    ORDER_REPEAT_PAY(110006, "该订单已支付，请勿重复支付！"),
+    REFUND_SING_ERROR(110007, "签名错误！"),



--- a/bnyer-common/bnyer-common-core/src/main/java/com/bnyer/common/core/utils/MD5Util.java
+++ b/bnyer-common/bnyer-common-core/src/main/java/com/bnyer/common/core/utils/MD5Util.java
@ -0,0 +1,140 @@
+package com.bnyer.common.core.utils;
+
+import org.apache.commons.codec.digest.DigestUtils;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+/**
+ * @author :WXC
+ * @Date :2023/05/12
+ * @description :
+ */
+public class MD5Util {
+
+    /**
+     * 默认的密码字符串组合，用来将字节转换成 16 进制表示的字符,apache校验下载的文件的正确性用的就是默认的这个组合
+     */
+    protected static char hexDigits[] = { '0', '1', '2', '3', '4', '5', '6',
+            '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
+
+    protected static MessageDigest messagedigest = null;
+    static {
+        try {
+            messagedigest = MessageDigest.getInstance("MD5");
+        } catch (NoSuchAlgorithmException nsaex) {
+            System.err.println(MD5Util.class.getName()
+                    + "初始化失败，MessageDigest不支持MD5Util。");
+            nsaex.printStackTrace();
+        }
+    }
+
+    /**
+     * 生成字符串的md5校验值
+     *
+     * @param s
+     * @return
+     */
+    public static String getMD5String(String s) {
+        return getMD5String(s.getBytes());
+    }
+    public static String getStaffMD5String(String staffId,String s) {
+
+        return getMD5String((staffId+s).getBytes());
+    }
+    public static String getUserMD5String(String userId,String s) {
+        return getMD5String(s.getBytes());
+    }
+
+    /**
+     * 判断字符串的md5校验码是否与一个已知的md5码相匹配
+     *
+     * @param password 要校验的字符串
+     * @param md5PwdStr 已知的md5校验码
+     * @return
+     */
+    public static boolean checkPassword(String password, String md5PwdStr) {
+        String s = getMD5String(password);
+        return s.equals(md5PwdStr);
+    }
+
+    /**
+     * 生成文件的md5校验值
+     *
+     * @param file
+     * @return
+     * @throws IOException
+     */
+    public static String getFileMD5String(File file) throws IOException {
+        InputStream fis;
+        fis = new FileInputStream(file);
+        byte[] buffer = new byte[1024];
+        int numRead = 0;
+        while ((numRead = fis.read(buffer)) > 0) {
+            messagedigest.update(buffer, 0, numRead);
+        }
+        fis.close();
+        return bufferToHex(messagedigest.digest());
+    }
+    public static String getFileMD5String(InputStream fis) throws IOException {
+        byte[] buffer = new byte[1024];
+        int numRead = 0;
+        while ((numRead = fis.read(buffer)) > 0) {
+            messagedigest.update(buffer, 0, numRead);
+        }
+        fis.close();
+        return bufferToHex(messagedigest.digest());
+    }
+
+    public static String getMD5String(byte[] bytes) {
+        messagedigest.update(bytes);
+        return bufferToHex(messagedigest.digest());
+    }
+
+    private static String bufferToHex(byte bytes[]) {
+        return bufferToHex(bytes, 0, bytes.length);
+    }
+
+    private static String bufferToHex(byte bytes[], int m, int n) {
+        StringBuffer stringbuffer = new StringBuffer(2 * n);
+        int k = m + n;
+        for (int l = m; l < k; l++) {
+            appendHexPair(bytes[l], stringbuffer);
+        }
+        return stringbuffer.toString();
+    }
+
+    private static void appendHexPair(byte bt, StringBuffer stringbuffer) {
+        char c0 = hexDigits[(bt & 0xf0) >> 4];// 取字节中高 4 位的数字转换, >>> 为逻辑右移，将符号位一起右移,此处未发现两种符号有何不同
+        char c1 = hexDigits[bt & 0xf];// 取字节中低 4 位的数字转换
+        stringbuffer.append(c0);
+        stringbuffer.append(c1);
+    }
+
+
+    /**
+     * MD5方法
+     *
+     * @param text 明文
+     * @param key 密钥
+     * @return 密文
+     * @throws Exception
+     */
+    public static String md5(String text, String key) throws Exception {
+        //加密后的字符串
+        System.out.println("text + key  "+text + key);
+        String encodeStr= DigestUtils.md5Hex(text + key);
+        System.out.println("MD5加密后的字符串为:encodeStr="+encodeStr);
+        return encodeStr;
+    }
+
+    public static void main(String[] args) throws IOException {
+        System.out.println(MD5Util.getMD5String("RVWU202305121022211042vip"));
+
+    }
+
+}
--- a/bnyer-services/bnyer-pay/src/main/java/com/bnyer/pay/bean/dto/RefundDto.java
+++ b/bnyer-services/bnyer-pay/src/main/java/com/bnyer/pay/bean/dto/RefundDto.java
@ -1,9 +1,13 @@
 package com.bnyer.pay.bean.dto;

+import io.swagger.annotations.ApiModelProperty;
 import lombok.Getter;
 import lombok.NoArgsConstructor;
 import lombok.Setter;

+import javax.validation.constraints.NotBlank;
+import java.math.BigDecimal;
+
 /**
 * @author :WXC
 * @Date :2023/05/08
@ -14,4 +18,16 @@ import lombok.Setter;
@NoArgsConstructor
 public class RefundDto {

+    @NotBlank(message = "支付订单号不能为空")
+    @ApiModelProperty(value = "支付订单号")
+    private String payId;
+
+    @ApiModelProperty(value = " 退款金额(元) ,如果不传则全额退款", example = "0.01")
+    private BigDecimal refundAmount;
+
+    @NotBlank(message = "签名不能为空")
+    @ApiModelProperty(value = "签名")
+    private String sign;
+
+
 }
--- a/bnyer-services/bnyer-pay/src/main/java/com/bnyer/pay/bean/vo/UnifiedOrderVo.java
+++ b/bnyer-services/bnyer-pay/src/main/java/com/bnyer/pay/bean/vo/UnifiedOrderVo.java
@ -13,9 +13,6 @@ import lombok.NoArgsConstructor;
@NoArgsConstructor
 public class UnifiedOrderVo {

-    @ApiModelProperty(value = "应用id")
-    private String appId;
-
    @ApiModelProperty(value = "内部系统支付单号/开发者测单号")
    private String outOrderNo;

--- a/bnyer-services/bnyer-pay/src/main/java/com/bnyer/pay/controller/UnifiedPayController.java
+++ b/bnyer-services/bnyer-pay/src/main/java/com/bnyer/pay/controller/UnifiedPayController.java
@ -1,11 +1,16 @@
 package com.bnyer.pay.controller;

 import com.bnyer.common.core.domain.R;
+import com.bnyer.common.core.enums.ResponseEnum;
+import com.bnyer.common.core.exception.ServiceException;
+import com.bnyer.pay.bean.dto.RefundDto;
 import com.bnyer.pay.bean.dto.UnifiedOrderDto;
 import com.bnyer.pay.bean.dto.QueryOrderDto;
+import com.bnyer.pay.bean.vo.ThirdRefundVo;
 import com.bnyer.pay.service.UnifiedPayService;
 import com.bnyer.pay.bean.vo.UnifiedOrderVo;
 import com.bnyer.pay.bean.vo.QueryOrderVo;
+import com.bnyer.pay.utils.PaymentRefundUtil;
 import io.swagger.annotations.Api;
 import io.swagger.v3.oas.annotations.Operation;
 import lombok.extern.slf4j.Slf4j;
@ -46,4 +51,14 @@ public class UnifiedPayController {
        return R.ok(queryOrderVo);
    }

+    @PostMapping("/refund")
+    @Operation(summary = "统一退款" , description = "统一退款")
+    public R refund(@Valid @RequestBody RefundDto dto){
+        if (!PaymentRefundUtil.checkSign(dto)){
+            throw new ServiceException(ResponseEnum.REFUND_SING_ERROR);
+        }
+        ThirdRefundVo unifiedOrderVo = unifiedPayService.refund(dto);
+        return R.ok(unifiedOrderVo);
+    }
+
 }
--- a/bnyer-services/bnyer-pay/src/main/java/com/bnyer/pay/enums/EnumVerificationKey.java
+++ b/bnyer-services/bnyer-pay/src/main/java/com/bnyer/pay/enums/EnumVerificationKey.java
@ -0,0 +1,20 @@
+package com.bnyer.pay.enums;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+
+/**
+ * @author :WXC
+ * @Date :2023/05/12
+ * @description :
+ */
+@Getter
+@NoArgsConstructor
+@AllArgsConstructor
+public enum EnumVerificationKey {
+    VIP("vip", "VipInOrder20230512Key"),
+    ;
+    private String key;
+    private String value;
+}
--- a/bnyer-services/bnyer-pay/src/main/java/com/bnyer/pay/service/UnifiedPayService.java
+++ b/bnyer-services/bnyer-pay/src/main/java/com/bnyer/pay/service/UnifiedPayService.java
@ -1,7 +1,9 @@
 package com.bnyer.pay.service;

+import com.bnyer.pay.bean.dto.RefundDto;
 import com.bnyer.pay.bean.dto.UnifiedOrderDto;
 import com.bnyer.pay.bean.dto.QueryOrderDto;
+import com.bnyer.pay.bean.vo.ThirdRefundVo;
 import com.bnyer.pay.bean.vo.UnifiedOrderVo;
 import com.bnyer.pay.bean.vo.QueryOrderVo;

@ -28,4 +30,6 @@ public interface UnifiedPayService {
     * @return
     */
    QueryOrderVo queryOrder(QueryOrderDto dto);
+
+    ThirdRefundVo refund(RefundDto dto);
 }
--- a/bnyer-services/bnyer-pay/src/main/java/com/bnyer/pay/service/impl/UnifiedPayServiceImpl.java
+++ b/bnyer-services/bnyer-pay/src/main/java/com/bnyer/pay/service/impl/UnifiedPayServiceImpl.java
@ -18,6 +18,7 @@ import com.bnyer.pay.bean.bo.QueryOrderBo;
 import com.bnyer.pay.bean.bo.UnifiedOrderBo;
 import com.bnyer.pay.bean.dto.AddPayInfoDto;
 import com.bnyer.pay.bean.dto.QueryOrderDto;
+import com.bnyer.pay.bean.dto.RefundDto;
 import com.bnyer.pay.bean.dto.UnifiedOrderDto;
 import com.bnyer.pay.bean.vo.*;
 import com.bnyer.pay.constant.KSPayConstants;
@ -222,6 +223,11 @@ public class UnifiedPayServiceImpl implements UnifiedPayService {
        return queryOrderVo;
    }

+    @Override
+    public ThirdRefundVo refund(RefundDto dto) {
+        return null;
+    }
+
    /**
     * 通过第三方系统支付状态构建业务系统对应支付状态
     * @param payType
--- a/bnyer-services/bnyer-pay/src/main/java/com/bnyer/pay/utils/PaymentRefundUtil.java
+++ b/bnyer-services/bnyer-pay/src/main/java/com/bnyer/pay/utils/PaymentRefundUtil.java
@ -0,0 +1,39 @@
+package com.bnyer.pay.utils;
+
+import com.bnyer.common.core.utils.MD5Util;
+import com.bnyer.pay.bean.dto.RefundDto;
+import com.bnyer.pay.enums.EnumVerificationKey;
+
+/**
+ * @author :WXC
+ * @Date :2023/05/12
+ * @description : 退款工具类
+ */
+public class PaymentRefundUtil {
+
+    /**
+     * 获取签名
+     * @param dto
+     * @return
+     */
+    public static String getSign(RefundDto dto) {
+        return MD5Util.getMD5String(dto.getPayId() + EnumVerificationKey.VIP.getValue());
+    }
+
+    /**
+     * 校验签名
+     * @param dto
+     * @return
+     */
+    public static boolean checkSign(RefundDto dto) {
+
+        return MD5Util.getMD5String(dto.getPayId() + EnumVerificationKey.VIP.getValue()).equals(dto.getSign());
+    }
+
+    public static void main(String[] args) {
+        String sign = MD5Util.getMD5String("RVWU202305121022211042" + EnumVerificationKey.VIP.getValue());
+        System.out.println(sign);
+        System.out.println(MD5Util.getMD5String("RVWU202305121022211042" + EnumVerificationKey.VIP.getValue()).equals(sign));
+    }
+
+}