alipay-sdk
Advanced tools
Comparing version 1.0.24-0 to 2.0.1
@@ -7,6 +7,4 @@ declare module 'alipay-sdk' { | ||
execute(method: string, bizContext?: Object, publicArgs?: Object, validateSign?: boolean, log?: object): Promise<AlipaySdkCommonResult>; | ||
// 签名 | ||
sign(params: Object, needEncode?: boolean): string; | ||
// 验签 | ||
checkResponseSign(signArgs: Object, signStr: string): boolean; | ||
checkResponseSign(signArgs: Object, signStr: string, signType?: signType): boolean; | ||
} | ||
@@ -51,3 +49,3 @@ | ||
type signType = 'RSA'; | ||
type signType = 'RSA' | 'RSA2'; | ||
@@ -54,0 +52,0 @@ const sdk: AlipaySdk; |
'use strict'; | ||
const crypto = require('crypto'); | ||
const urllib = require('urllib'); | ||
const { formatParams, formatReqData, decamelize, camelcase } = require('./util'); | ||
const extend = require('extend2'); | ||
const { formatParams, formatReqData, decamelize, camelcase, ALIPAY_ALGORITHM_MAPPING } = require('./util'); | ||
const defaultConfig = { | ||
params: { | ||
signType: 'RSA', | ||
signType: 'RSA2', | ||
charset: 'utf-8', | ||
@@ -27,3 +28,3 @@ version: '1.0', | ||
constructor(config) { | ||
this.config = Object.assign({}, defaultConfig, camelcase(config)); | ||
this.config = extend(true, {}, defaultConfig, camelcase(config)); | ||
} | ||
@@ -46,3 +47,3 @@ | ||
log && log.info('start execute method: %s , params: %s, config: %s,', method, JSON.stringify(params), JSON.stringify(config)); | ||
config.urllib.request(config.getway + '?charset=utf-8', { | ||
config.urllib.request(config.getway, { | ||
data: decamelize(params), | ||
@@ -56,7 +57,18 @@ dataType: 'json', | ||
if (ret.status === 200) { | ||
// 示例响应格式 | ||
// { | ||
// "alipay_trade_precreate_response": { | ||
// "code": "10000", | ||
// "msg": "Success", | ||
// "out_trade_no": "6141161365682511", | ||
// "qr_code": "https:\/\/qr.alipay.com\/bax03206ug0kulveltqc80a8" | ||
// }, | ||
// "sign": "VrgnnGgRMNApB1QlNJimiOt5ocGn4a4pbXjdoqjHtnYMWPYGX9AS0ELt8YikVAl6LPfsD7hjSyGWGjwaAYJjzH1MH7B2/T3He0kLezuWHsikao2ktCjTrX0tmUfoMUBCxKGGuDHtmasQi4yAoDk+ux7og1J5tL49yWiiwgaJoBE=" | ||
// } | ||
const data = ret.data[method.replace(/\./g, '_') + '_response']; | ||
const sign = ret.data.sign; | ||
// 默认不验签 | ||
let validateSuccess = true; | ||
if (validateSign) { | ||
validateSuccess = this.checkResponseSign(data); | ||
validateSuccess = this.checkResponseSign(data, sign, params.signType); | ||
} | ||
@@ -108,3 +120,4 @@ if (validateSuccess) { | ||
// response 参数验签 | ||
checkResponseSign(signArgs, signStr) { | ||
checkResponseSign(signArgs, signStr, signType) { | ||
signType = signType || 'RSA2'; | ||
if (!this.config.alipayPublicKey || this.config.alipayPublicKey === '') { | ||
@@ -126,4 +139,4 @@ // 支付宝公钥不存在时不做验签 | ||
// 参数存在,并且是正常的结果(不包含 sub_code)时才验签 | ||
const verifier = crypto.createVerify('RSA-SHA1'); | ||
verifier.update(new Buffer('' + JSON.stringify(signArgs))); | ||
const verifier = crypto.createVerify(ALIPAY_ALGORITHM_MAPPING[signType]); | ||
verifier.update(JSON.stringify(signArgs), 'utf-8'); | ||
return verifier.verify(this.config.alipayPublicKey, signStr, 'base64'); | ||
@@ -135,3 +148,3 @@ } | ||
const signStr = postData.sign; | ||
const signType = postData.sign_type; | ||
const signType = postData.sign_type || 'RSA2'; | ||
@@ -141,9 +154,3 @@ if (!this.config.alipayPublicKey || !signStr || !signType) { | ||
} | ||
let verifier; | ||
if(signType === 'RSA2') { | ||
verifier = crypto.createVerify('RSA-SHA256'); | ||
} else { | ||
verifier = crypto.createVerify('RSA-SHA1'); | ||
} | ||
const verifier = crypto.createVerify(ALIPAY_ALGORITHM_MAPPING[signType]); | ||
const signArgs = Object.assign({}, postData); | ||
@@ -155,3 +162,3 @@ // 除去sign、sign_type 皆是待验签的参数。 | ||
verifier.update(new Buffer(signData)); | ||
verifier.update(signData, 'utf-8'); | ||
return verifier.verify(this.config.alipayPublicKey, signStr, 'base64'); | ||
@@ -158,0 +165,0 @@ } |
@@ -9,2 +9,7 @@ 'use strict'; | ||
const ALIPAY_ALGORITHM_MAPPING = { | ||
RSA: 'RSA-SHA1', | ||
RSA2: 'RSA-SHA256', | ||
}; | ||
function camelcaseFn(o) { | ||
@@ -33,11 +38,11 @@ if (isPlainObject(o)) { | ||
function sign(params, privateKey, needEncode) { | ||
function sign(params, privateKey) { | ||
// 驼峰转下划线后对参数排序 | ||
const payload = getOrderedParamString(decamelizeFn(params, needEncode)); | ||
return signOriginal(payload, privateKey); | ||
const payload = getOrderedParamString(decamelizeFn(params)); | ||
return signOriginal(payload, privateKey, params.signType); | ||
} | ||
function signOriginal(params, privateKey) { | ||
const sig = crypto.createSign('RSA-SHA1'); | ||
sig.update(new Buffer(params)); | ||
function signOriginal(params, privateKey, signType) { | ||
const sig = crypto.createSign(ALIPAY_ALGORITHM_MAPPING[signType || 'RSA2']); | ||
sig.update(params, 'utf-8'); | ||
return sig.sign(privateKey, 'base64'); | ||
@@ -66,11 +71,11 @@ } | ||
Object.keys(params).sort().forEach(key => { | ||
let value = params[key]; | ||
if (value === "" || value === undefined) { | ||
return; | ||
} | ||
if (Array.prototype.toString.call(value) !== '[object String]') { | ||
value = JSON.stringify(value); | ||
} | ||
decode.push(`${key}=${decodeURIComponent(value)}`); | ||
encode.push(`${key}=${encodeURIComponent(value)}`); | ||
let value = params[key]; | ||
if (value === '' || value === undefined) { | ||
return; | ||
} | ||
if (Array.prototype.toString.call(value) !== '[object String]') { | ||
value = JSON.stringify(value); | ||
} | ||
decode.push(`${key}=${decodeURIComponent(value)}`); | ||
encode.push(`${key}=${encodeURIComponent(value)}`); | ||
}); | ||
@@ -97,2 +102,3 @@ return { decode: decode.join('&'), encode: encode.join('&') }; | ||
}, | ||
ALIPAY_ALGORITHM_MAPPING, | ||
}; |
{ | ||
"name": "alipay-sdk", | ||
"version": "1.0.24-0", | ||
"version": "2.0.1", | ||
"description": "", | ||
@@ -8,5 +8,4 @@ "main": "index.js", | ||
"pub": "npm version patch && git push origin && git push origin --tag && npm publish && tnpm sync", | ||
"pub-pre": "npm version prerelease && npm publish && tnpm sync", | ||
"test": "node node_modules/.bin/_mocha test", | ||
"cov": "node --harmony node_modules/.bin/istanbul cover node_modules/.bin/_mocha test" | ||
"test": "mocha", | ||
"ci": "istanbul cover _mocha" | ||
}, | ||
@@ -18,2 +17,3 @@ "author": "", | ||
"decamelize": "^1.2.0", | ||
"extend2": "^1.0.0", | ||
"is-plain-object": "^2.0.1", | ||
@@ -23,3 +23,7 @@ "moment": "^2.16.0", | ||
}, | ||
"ci": { | ||
"version": "8" | ||
}, | ||
"devDependencies": { | ||
"@ali/ci": "^3.11.0", | ||
"eslint": "^3.10.2", | ||
@@ -26,0 +30,0 @@ "eslint-config-egg": "^3.2.0", |
@@ -5,2 +5,9 @@ ### alipay sdk | ||
- 按[蚂蚁开放平台公告](https://open.alipay.com/platform/announcement.htm?id=2), alipay-sdk@2 默认将加密加密升级到了 RSA2, | ||
- 升级成 RSA2 之后,验签的时候支付宝公钥需要改成可配置的,因为RSA2的支付宝公钥每个商户都不一样,不能统一默认。 [秘钥问题](https://tech.open.alipay.com/support/knowledge/index.htm?knowledgeId=201602242782&categoryId=20069#/?_k=7qr2ui)。 | ||
- 如果仍需要使用 RSA1, 请传入 `signType = RSA` 参数。 | ||
### API | ||
@@ -13,5 +20,10 @@ | ||
const sdk = new AlipaySdk({ | ||
getway: 'https://openapi.alipaydev.com/gateway.do', | ||
getway: 'https://openapi.alipaydev.com/gateway.do', // 网关 | ||
appId: '2016101300678716', | ||
privateKey: fs.readFileSync(__dirname + '/fixtures/alipay-private-key.pem', 'ascii'), | ||
privateKey: fs.readFileSync(__dirname + '/fixtures/alipay-private-key.pem', 'ascii'), // 商户私钥 | ||
alipayPublicKey: fs.readFileSync(__dirname + '/fixtures/alipay-public-key.pem', 'ascii'); // 支付宝公钥 | ||
params: { | ||
signType: 'RSA2', // 加密算法 | ||
charset: 'utf-8', // 编码 | ||
}, | ||
}); | ||
@@ -18,0 +30,0 @@ |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
102454
22
697
1
58
6
8
+ Addedextend2@^1.0.0
+ Addedextend2@1.0.1(transitive)