From 9c32918e2d2db0dcc8b3a3af2be72831252019d9 Mon Sep 17 00:00:00 2001
From: liurunyu <lry9898@163.com>
Date: 星期六, 08 二月 2025 09:28:02 +0800
Subject: [PATCH] 涉嫌偷水功能完善代码

---
 pipIrr-platform/pipIrr-web/pipIrr-web-wechat/src/main/java/com/dy/pipIrrWechat/wechatpay/PaymentCtrl.java |  133 ++++++++++++++++++++++++++++++-------------
 1 files changed, 92 insertions(+), 41 deletions(-)

diff --git a/pipIrr-platform/pipIrr-web/pipIrr-web-wechat/src/main/java/com/dy/pipIrrWechat/wechatpay/PaymentCtrl.java b/pipIrr-platform/pipIrr-web/pipIrr-web-wechat/src/main/java/com/dy/pipIrrWechat/wechatpay/PaymentCtrl.java
index b6043c0..7c77eb6 100644
--- a/pipIrr-platform/pipIrr-web/pipIrr-web-wechat/src/main/java/com/dy/pipIrrWechat/wechatpay/PaymentCtrl.java
+++ b/pipIrr-platform/pipIrr-web/pipIrr-web-wechat/src/main/java/com/dy/pipIrrWechat/wechatpay/PaymentCtrl.java
@@ -3,9 +3,11 @@
 import com.alibaba.fastjson2.JSON;
 import com.alibaba.fastjson2.JSONObject;
 import com.dy.common.multiDataSource.DataSourceContext;
+import com.dy.common.util.AES;
 import com.dy.common.webUtil.BaseResponse;
 import com.dy.common.webUtil.BaseResponseUtils;
 import com.dy.common.webUtil.ResultCodeMsg;
+import com.dy.pipIrrGlobal.cert.WxCertUtil;
 import com.dy.pipIrrGlobal.pojoSe.*;
 import com.dy.pipIrrGlobal.voSe.VoClient;
 import com.dy.pipIrrWechat.result.WechatResultCode;
@@ -16,10 +18,7 @@
 import com.dy.pipIrrWechat.virtualCard.dto.DtoVirtualCard;
 import com.dy.pipIrrWechat.virtualCard.enums.LastOperateENUM;
 import com.dy.pipIrrWechat.virtualCard.enums.RefundItemStateENUM;
-import com.dy.pipIrrWechat.wechatpay.dto.Code2Session;
-import com.dy.pipIrrWechat.wechatpay.dto.DtoOrder;
-import com.dy.pipIrrWechat.wechatpay.dto.NotifyResource;
-import com.dy.pipIrrWechat.wechatpay.dto.OrderNotify;
+import com.dy.pipIrrWechat.wechatpay.dto.*;
 import com.dy.pipIrrWechat.wechatpay.enums.RefundStatusENUM;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.media.Content;
@@ -32,13 +31,13 @@
 import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.core.io.ResourceLoader;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.*;
 
-import javax.crypto.NoSuchPaddingException;
 import java.io.BufferedReader;
 import java.io.IOException;
 import java.security.GeneralSecurityException;
@@ -47,10 +46,7 @@
 import java.security.SignatureException;
 import java.security.spec.InvalidKeySpecException;
 import java.text.SimpleDateFormat;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Objects;
+import java.util.*;
 
 /**
  * @author ZhuBaoMin
@@ -65,20 +61,20 @@
 @RequestMapping(path="payment")
 @RequiredArgsConstructor
 public class PaymentCtrl {
+    private final ResourceLoader resourceLoader;
     private final PaymentSv paymentSv;
     private final RestTemplateUtil restTemplateUtil;
     private final PayHelper payHelper;
     private final VirtualCardSv virtualCardSv;
-    private final String privateCertFileName = com.dy.pipIrrWechat.wechatpay.PayInfo.privateCertFileName;
-    private final String appid = com.dy.pipIrrWechat.wechatpay.PayInfo.appid;
-    private final String secret = com.dy.pipIrrWechat.wechatpay.PayInfo.secret;
-    private final String mchid = com.dy.pipIrrWechat.wechatpay.PayInfo.mchid;
-    private final String schema = com.dy.pipIrrWechat.wechatpay.PayInfo.schema;
-    private final String signType = com.dy.pipIrrWechat.wechatpay.PayInfo.signType;
-    private final String description = com.dy.pipIrrWechat.wechatpay.PayInfo.description;
-    private final String loginUrl = com.dy.pipIrrWechat.wechatpay.PayInfo.loginUrl;
-    private final String notifyUrl = com.dy.pipIrrWechat.wechatpay.PayInfo.notifyUrl;
-    private final String grantType = com.dy.pipIrrWechat.wechatpay.PayInfo.grantType;
+    //private final String appid = com.dy.pipIrrWechat.wechatpay.PayInfo.appid;
+    //private final String secret = com.dy.pipIrrWechat.wechatpay.PayInfo.secret;
+    //private final String mchid = com.dy.pipIrrWechat.wechatpay.PayInfo.mchid;
+    //private final String schema = com.dy.pipIrrWechat.wechatpay.PayInfo.schema;
+    //private final String signType = com.dy.pipIrrWechat.wechatpay.PayInfo.signType;
+    //private final String description = com.dy.pipIrrWechat.wechatpay.PayInfo.description;
+    //private final String loginUrl = com.dy.pipIrrWechat.wechatpay.PayInfo.loginUrl;
+    //private final String notifyUrl = com.dy.pipIrrWechat.wechatpay.PayInfo.notifyUrl;
+    //private final String grantType = com.dy.pipIrrWechat.wechatpay.PayInfo.grantType;
 
     // 骞冲彴璇佷功鍏挜
     private final Map CERTIFICATE_MAP = new HashMap();
@@ -110,12 +106,12 @@
         String jsCode = code2Session.getJs_code();
 
         Map<String, Object> queryParams = new HashMap<>();
-        queryParams.put("appid", appid);
-        queryParams.put("secret", secret);
+        queryParams.put("appid", PayInfo.appid);
+        queryParams.put("secret", PayInfo.secret);
         queryParams.put("js_code", jsCode);
-        queryParams.put("grant_type", grantType);
+        queryParams.put("grant_type", com.dy.pipIrrWechat.wechatpay.PayInfo.grantType);
         Map<String, String> headerParams = new HashMap<>();
-        JSONObject job = restTemplateUtil.get(loginUrl, queryParams, headerParams);
+        JSONObject job = restTemplateUtil.get(com.dy.pipIrrWechat.wechatpay.PayInfo.loginUrl, queryParams, headerParams);
 
         if(job.getLong("errcode") != null && job.getLong("errcode") >= -1) {
             return BaseResponseUtils.buildFail("鐧诲綍鍑瘉鏍¢獙澶辫触");
@@ -166,7 +162,8 @@
         String nonceStr = payHelper.generateRandomString();
         Long timestamp = System.currentTimeMillis() / 1000;
 
-        String header = schema + " " + payHelper.getToken(method, httpUrl, "", nonceStr, timestamp, privateCertFileName);
+        byte[] certFileBs = WxCertUtil.getKey_pemBytes(resourceLoader) ;
+        String header = com.dy.pipIrrWechat.wechatpay.PayInfo.schema + " " + payHelper.getToken(method, httpUrl, "", nonceStr, timestamp, certFileBs);
 
         Map<String, String> headers = new HashMap<>();
         headers.put("Authorization", header);
@@ -184,7 +181,7 @@
         // 鏋勯�犻獙绛惧悕涓�
         String signatureStr = payHelper.responseSign(wechatpayTimestamp, wechatpayNonce, job_body.toJSONString());
         // 楠岃瘉绛惧悕
-        Boolean valid = payHelper.responseSignVerify(wechatpaySerial, signatureStr, wechatpaySignature);
+        Boolean valid = payHelper.responseSignVerify(wechatpaySerial, signatureStr, wechatpaySignature, certFileBs);
 
         return BaseResponseUtils.buildSuccess();
     }
@@ -197,15 +194,15 @@
      */
     @PostMapping(path = "placeOrder")
     @Transactional(rollbackFor = Exception.class)
-    public BaseResponse<Boolean> placeOrder(@RequestBody @Valid DtoOrder order, BindingResult bindingResult) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeySpecException, IOException, SignatureException, InvalidKeyException {
+    public BaseResponse<Boolean> placeOrder(@RequestBody @Valid DtoOrder order, BindingResult bindingResult) throws NoSuchAlgorithmException, InvalidKeySpecException, IOException, SignatureException, InvalidKeyException, Exception {
         if(bindingResult != null && bindingResult.hasErrors()){
             return BaseResponseUtils.buildFail(Objects.requireNonNull(bindingResult.getFieldError()).getDefaultMessage());
         }
 
-        // 鎺ユ敹鍙傛暟锛氱櫥褰曟�両D銆佽櫄鎷熷崱ID銆佸厖鍊奸噾棰濓紙鍒嗭級
+        // 鎺ユ敹鍙傛暟锛氱櫥褰曟�両D銆佽櫄鎷熷崱ID銆佸厖鍊奸噾棰�(鍗曚綅鍏�)
         Long sessionId = order.getSessionId();
         Long virtualId = order.getVcId();
-        Integer rechargeAmount = order.getRechargeAmount();
+        //Integer rechargeAmount = (int)(order.getRechargeAmount()*100);
 
         String prepayId = "";
 
@@ -236,23 +233,42 @@
         virtualCard.setVirtualId(virtualId);
         virtualCard.setClientId(clientId);
         virtualCard.setOrderNumber(orderNumber);
-        virtualCard.setRechargeAmount(rechargeAmount);
-        BaseResponse result = virtualCardSv.insertVCRecharge(virtualCard);
-        if(!result.getCode().equals("0001")) {
+        //virtualCard.setRechargeAmount(rechargeAmount);
+        virtualCard.setRechargeAmount(order.getRechargeAmount());
+
+        // -1锛氳櫄鎷熷崱涓嶅瓨鍦紝0锛氭坊鍔犲厖鍊艰褰曞け璐�
+        Long rechargeId = virtualCardSv.insertVCRecharge(virtualCard);
+        if(rechargeId.equals(-1)) {
+            return BaseResponseUtils.buildFail(WechatResultCode.NO_ACCOUNT.getMessage());
+        }
+        if(rechargeId.equals(0)) {
+            return BaseResponseUtils.buildFail(WechatResultCode.RECHARGE_FAIL.getMessage());
+        }
+
+        // 鐢熸垚鍏呭�兼搷浣滆褰曪紝鍏呭�兼搷浣滀汉涓哄啘鎴�
+        SeVcOperate seVcOperate = new SeVcOperate();
+        seVcOperate.setVcId(virtualId);
+        seVcOperate.setClientId(clientId);
+        seVcOperate.setOperateType(LastOperateENUM.RECHARGE.getCode());
+        seVcOperate.setRechargeId(rechargeId);
+        seVcOperate.setOperator(clientId);
+        seVcOperate.setOperateTime(new Date());
+        Long vcOperateId = virtualCardSv.insertVcOperate(seVcOperate);
+        if(vcOperateId == null) {
             return BaseResponseUtils.buildErrorMsg(WechatResultCode.RECHARGE_ADD_FAIL.getMessage());
         }
 
         JSONObject job_body = new JSONObject();
-        job_body.put("appid", appid);
-        job_body.put("mchid", mchid);
-        job_body.put("description", description);
+        job_body.put("appid", PayInfo.appid);
+        job_body.put("mchid", PayInfo.mchid);
+        job_body.put("description", com.dy.pipIrrWechat.wechatpay.PayInfo.description);
         job_body.put("out_trade_no", orderNumber);
         job_body.put("attach", DataSourceContext.get());
-        job_body.put("notify_url", notifyUrl);
+        job_body.put("notify_url", com.dy.pipIrrWechat.wechatpay.PayInfo.notifyUrl);
 
         //璁㈠崟閲戦
         JSONObject job_amount = new JSONObject();
-        job_amount.put("total", rechargeAmount);
+        job_amount.put("total", (int)(order.getRechargeAmount()*100));
         job_amount.put("currency", "CNY");
         job_body.put("amount", job_amount);
 
@@ -269,7 +285,8 @@
         String httpUrl = "/v3/pay/transactions/jsapi";
 
         String body = job_body.toJSONString();
-        String header = schema + " " + payHelper.getToken(method, httpUrl, body, nonceStr, timestamp, privateCertFileName);
+        byte[] certFileBs = WxCertUtil.getKey_pemBytes(resourceLoader) ;
+        String header = com.dy.pipIrrWechat.wechatpay.PayInfo.schema + " " + payHelper.getToken(method, httpUrl, body, nonceStr, timestamp, certFileBs);
 
         Map<String, String> headers = new HashMap<>();
         headers.put("Authorization", header);
@@ -310,13 +327,14 @@
         String nonceStr = payHelper.generateRandomString();
         String pkg = "prepay_id=" + prepayId;
         String message = payHelper.buildMessage_signAgain(appid, timeStamp, nonceStr, pkg);
-        String paySign = payHelper.sign(message.getBytes("utf-8"), privateCertFileName);
+        byte[] certFileBs = WxCertUtil.getKey_pemBytes(resourceLoader) ;
+        String paySign = payHelper.sign(message.getBytes("utf-8"), certFileBs);
 
         JSONObject job_result = new JSONObject();
         job_result.put("timeStamp", timeStamp);
         job_result.put("nonceStr", nonceStr);
         job_result.put("package", pkg);
-        job_result.put("signType", signType);
+        job_result.put("signType", com.dy.pipIrrWechat.wechatpay.PayInfo.signType);
         job_result.put("paySign", paySign);
 
         return BaseResponseUtils.buildSuccess(job_result) ;
@@ -342,7 +360,7 @@
     })
     @PostMapping(path = "orderNotify", consumes = MediaType.APPLICATION_JSON_VALUE)
     @Transactional(rollbackFor = Exception.class)
-    public JSONObject orderNotify(@RequestHeader HttpHeaders headers, HttpServletRequest request, HttpServletResponse response) throws IOException, GeneralSecurityException {
+    public JSONObject orderNotify(@RequestHeader HttpHeaders headers, HttpServletRequest request, HttpServletResponse response) throws IOException, GeneralSecurityException, Exception {
         JSONObject result = new JSONObject();
 
         /**
@@ -380,8 +398,9 @@
 
         // 鏋勯�犻獙绛惧悕涓�
         String signatureStr = payHelper.responseSign(wechatpayTimestamp, wechatpayNonce, bodyStr);
+        byte[] certFileBs = WxCertUtil.getKey_pemBytes(resourceLoader) ;
         // 楠岃瘉绛惧悕
-        Boolean valid = payHelper.responseSignVerify(wechatpaySerial, signatureStr, wechatpaySignature);
+        Boolean valid = payHelper.responseSignVerify(wechatpaySerial, signatureStr, wechatpaySignature, certFileBs);
         if(!valid) {
             response.setStatus(500);
             result.put("code", "FAIL");
@@ -512,4 +531,36 @@
         result.put("message", "鎴愬姛");
         return  result;
     }
+
+    /**
+     * 娣诲姞寰俊鏀粯淇℃伅
+     * @param po
+     * @param bindingResult
+     * @return
+     */
+    @PostMapping(path = "add_wechatpay", consumes = MediaType.APPLICATION_JSON_VALUE)
+    public BaseResponse<Boolean> addWechatpay(@RequestBody @Valid Wechatpay po, BindingResult bindingResult) throws Exception {
+        if(bindingResult != null && bindingResult.hasErrors()){
+            return BaseResponseUtils.buildFail(Objects.requireNonNull(bindingResult.getFieldError()).getDefaultMessage());
+        }
+
+        if(paymentSv.getWechatpayByAppId(po.getAppId()) != null) {
+            return BaseResponseUtils.buildErrorMsg("璇ュ井淇℃敮浠樹俊鎭凡缁忓瓨鍦�");
+        }
+
+        SeWechatpay seWechatpay = new SeWechatpay();
+        seWechatpay.setAppId(AES.encrypt(po.getAppId()));
+        seWechatpay.setAppSecret(AES.encrypt(po.getAppSecret()));
+        seWechatpay.setMchId(AES.encrypt(po.getMchId()));
+        seWechatpay.setMchKey(AES.encrypt(po.getMchKey()));
+        seWechatpay.setSerialNo((AES.encrypt(po.getSerialNo())));
+        seWechatpay.setNotifyUrl(AES.encrypt(po.getNotifyUrl()));
+        seWechatpay.setRemarks(po.getRemarks());
+
+        Long rec = Optional.ofNullable(paymentSv.addWechatpay(seWechatpay)).orElse(0L);
+        if(rec == 0) {
+            return BaseResponseUtils.buildFail("娣诲姞寰俊鏀粯淇℃伅澶辫触");
+        }
+        return BaseResponseUtils.buildSuccess(true) ;
+    }
 }
\ No newline at end of file

--
Gitblit v1.8.0