Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

alipay-sdk

Package Overview
Dependencies
Maintainers
4
Versions
71
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

alipay-sdk - npm Package Compare versions

Comparing version 1.0.24-0 to 2.0.1

.gitlab-ci.yml

6

index.d.ts

@@ -7,6 +7,4 @@ declare module 'alipay-sdk' {

execute(method: string, bizContext?: Object, publicArgs?: Object, validateSign?: boolean, log?: object): Promise<AlipaySdkCommonResult>;
// 签名
sign(params: Object, needEncode?: boolean): string;
// 验签
checkResponseSign(signArgs: Object, signStr: string): boolean;
checkResponseSign(signArgs: Object, signStr: string, signType?: signType): boolean;
}

@@ -51,3 +49,3 @@

type signType = 'RSA';
type signType = 'RSA' | 'RSA2';

@@ -54,0 +52,0 @@ const sdk: AlipaySdk;

'use strict';
const crypto = require('crypto');
const urllib = require('urllib');
const { formatParams, formatReqData, decamelize, camelcase } = require('./util');
const extend = require('extend2');
const { formatParams, formatReqData, decamelize, camelcase, ALIPAY_ALGORITHM_MAPPING } = require('./util');
const defaultConfig = {
params: {
signType: 'RSA',
signType: 'RSA2',
charset: 'utf-8',

@@ -27,3 +28,3 @@ version: '1.0',

constructor(config) {
this.config = Object.assign({}, defaultConfig, camelcase(config));
this.config = extend(true, {}, defaultConfig, camelcase(config));
}

@@ -46,3 +47,3 @@

log && log.info('start execute method: %s , params: %s, config: %s,', method, JSON.stringify(params), JSON.stringify(config));
config.urllib.request(config.getway + '?charset=utf-8', {
config.urllib.request(config.getway, {
data: decamelize(params),

@@ -56,7 +57,18 @@ dataType: 'json',

if (ret.status === 200) {
// 示例响应格式
// {
// "alipay_trade_precreate_response": {
// "code": "10000",
// "msg": "Success",
// "out_trade_no": "6141161365682511",
// "qr_code": "https:\/\/qr.alipay.com\/bax03206ug0kulveltqc80a8"
// },
// "sign": "VrgnnGgRMNApB1QlNJimiOt5ocGn4a4pbXjdoqjHtnYMWPYGX9AS0ELt8YikVAl6LPfsD7hjSyGWGjwaAYJjzH1MH7B2/T3He0kLezuWHsikao2ktCjTrX0tmUfoMUBCxKGGuDHtmasQi4yAoDk+ux7og1J5tL49yWiiwgaJoBE="
// }
const data = ret.data[method.replace(/\./g, '_') + '_response'];
const sign = ret.data.sign;
// 默认不验签
let validateSuccess = true;
if (validateSign) {
validateSuccess = this.checkResponseSign(data);
validateSuccess = this.checkResponseSign(data, sign, params.signType);
}

@@ -108,3 +120,4 @@ if (validateSuccess) {

// response 参数验签
checkResponseSign(signArgs, signStr) {
checkResponseSign(signArgs, signStr, signType) {
signType = signType || 'RSA2';
if (!this.config.alipayPublicKey || this.config.alipayPublicKey === '') {

@@ -126,4 +139,4 @@ // 支付宝公钥不存在时不做验签

// 参数存在,并且是正常的结果(不包含 sub_code)时才验签
const verifier = crypto.createVerify('RSA-SHA1');
verifier.update(new Buffer('' + JSON.stringify(signArgs)));
const verifier = crypto.createVerify(ALIPAY_ALGORITHM_MAPPING[signType]);
verifier.update(JSON.stringify(signArgs), 'utf-8');
return verifier.verify(this.config.alipayPublicKey, signStr, 'base64');

@@ -135,3 +148,3 @@ }

const signStr = postData.sign;
const signType = postData.sign_type;
const signType = postData.sign_type || 'RSA2';

@@ -141,9 +154,3 @@ if (!this.config.alipayPublicKey || !signStr || !signType) {

}
let verifier;
if(signType === 'RSA2') {
verifier = crypto.createVerify('RSA-SHA256');
} else {
verifier = crypto.createVerify('RSA-SHA1');
}
const verifier = crypto.createVerify(ALIPAY_ALGORITHM_MAPPING[signType]);
const signArgs = Object.assign({}, postData);

@@ -155,3 +162,3 @@ // 除去sign、sign_type 皆是待验签的参数。

verifier.update(new Buffer(signData));
verifier.update(signData, 'utf-8');
return verifier.verify(this.config.alipayPublicKey, signStr, 'base64');

@@ -158,0 +165,0 @@ }

@@ -9,2 +9,7 @@ 'use strict';

const ALIPAY_ALGORITHM_MAPPING = {
RSA: 'RSA-SHA1',
RSA2: 'RSA-SHA256',
};
function camelcaseFn(o) {

@@ -33,11 +38,11 @@ if (isPlainObject(o)) {

function sign(params, privateKey, needEncode) {
function sign(params, privateKey) {
// 驼峰转下划线后对参数排序
const payload = getOrderedParamString(decamelizeFn(params, needEncode));
return signOriginal(payload, privateKey);
const payload = getOrderedParamString(decamelizeFn(params));
return signOriginal(payload, privateKey, params.signType);
}
function signOriginal(params, privateKey) {
const sig = crypto.createSign('RSA-SHA1');
sig.update(new Buffer(params));
function signOriginal(params, privateKey, signType) {
const sig = crypto.createSign(ALIPAY_ALGORITHM_MAPPING[signType || 'RSA2']);
sig.update(params, 'utf-8');
return sig.sign(privateKey, 'base64');

@@ -66,11 +71,11 @@ }

Object.keys(params).sort().forEach(key => {
let value = params[key];
if (value === "" || value === undefined) {
return;
}
if (Array.prototype.toString.call(value) !== '[object String]') {
value = JSON.stringify(value);
}
decode.push(`${key}=${decodeURIComponent(value)}`);
encode.push(`${key}=${encodeURIComponent(value)}`);
let value = params[key];
if (value === '' || value === undefined) {
return;
}
if (Array.prototype.toString.call(value) !== '[object String]') {
value = JSON.stringify(value);
}
decode.push(`${key}=${decodeURIComponent(value)}`);
encode.push(`${key}=${encodeURIComponent(value)}`);
});

@@ -97,2 +102,3 @@ return { decode: decode.join('&'), encode: encode.join('&') };

},
ALIPAY_ALGORITHM_MAPPING,
};
{
"name": "alipay-sdk",
"version": "1.0.24-0",
"version": "2.0.1",
"description": "",

@@ -8,5 +8,4 @@ "main": "index.js",

"pub": "npm version patch && git push origin && git push origin --tag && npm publish && tnpm sync",
"pub-pre": "npm version prerelease && npm publish && tnpm sync",
"test": "node node_modules/.bin/_mocha test",
"cov": "node --harmony node_modules/.bin/istanbul cover node_modules/.bin/_mocha test"
"test": "mocha",
"ci": "istanbul cover _mocha"
},

@@ -18,2 +17,3 @@ "author": "",

"decamelize": "^1.2.0",
"extend2": "^1.0.0",
"is-plain-object": "^2.0.1",

@@ -23,3 +23,7 @@ "moment": "^2.16.0",

},
"ci": {
"version": "8"
},
"devDependencies": {
"@ali/ci": "^3.11.0",
"eslint": "^3.10.2",

@@ -26,0 +30,0 @@ "eslint-config-egg": "^3.2.0",

@@ -5,2 +5,9 @@ ### alipay sdk

- 按[蚂蚁开放平台公告](https://open.alipay.com/platform/announcement.htm?id=2), alipay-sdk@2 默认将加密加密升级到了 RSA2,
- 升级成 RSA2 之后,验签的时候支付宝公钥需要改成可配置的,因为RSA2的支付宝公钥每个商户都不一样,不能统一默认。 [秘钥问题](https://tech.open.alipay.com/support/knowledge/index.htm?knowledgeId=201602242782&categoryId=20069#/?_k=7qr2ui)。
- 如果仍需要使用 RSA1, 请传入 `signType = RSA` 参数。
### API

@@ -13,5 +20,10 @@

const sdk = new AlipaySdk({
getway: 'https://openapi.alipaydev.com/gateway.do',
getway: 'https://openapi.alipaydev.com/gateway.do', // 网关
appId: '2016101300678716',
privateKey: fs.readFileSync(__dirname + '/fixtures/alipay-private-key.pem', 'ascii'),
privateKey: fs.readFileSync(__dirname + '/fixtures/alipay-private-key.pem', 'ascii'), // 商户私钥
alipayPublicKey: fs.readFileSync(__dirname + '/fixtures/alipay-public-key.pem', 'ascii'); // 支付宝公钥
params: {
signType: 'RSA2', // 加密算法
charset: 'utf-8', // 编码
},
});

@@ -18,0 +30,0 @@

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc