awesome-wechat-sdk - npm Package Compare versions

Comparing version 2.5.1 to 2.5.2

lib/pay.js

@@ -177,3 +177,17 @@ "use strict";
         };
-        const sign = await this.getSign(params, signType);
+        const stringPaySignTemp = Object.keys(params).sort().map(k => [k, params[k]].join('=')).join('&');
+        debug('stringPaySignTemp: %s', stringPaySignTemp);
+        let hash;
+        if (signType === 'MD5') {
+            hash = crypto.createHash('md5');
+        }
+        else if (signType === 'HMAC-SHA256') {
+            hash = crypto.createHmac('sha256', await this.getKey());
+        }
+        else {
+            throw new Error('unsupported signType, only support MD5 or HMAC-SHA256');
+        }
+        hash.update(stringPaySignTemp);
+        const paySign = hash.digest('hex').toUpperCase();
+        debug('paySign: %s', paySign);
         return {
@@ -184,3 +198,3 @@ timestamp: timeStamp,
             signType,
-            paySign: sign
+            paySign
         };
@@ -187,0 +201,0 @@ }

package.json

 {
   "name": "awesome-wechat-sdk",
-  "version": "2.5.1",
+  "version": "2.5.2",
   "description": "an awesome sdk for wechat oauth, api and message middleware",
@@ -5,0 +5,0 @@ "scripts": {

src/pay.ts

@@ -289,3 +289,15 @@ import * as crypto from 'crypto';
     };
-    const sign = await this.getSign(params, signType);
+    const stringPaySignTemp = Object.keys(params).sort().map(k => [k, params[k]].join('=')).join('&');
+    debug('stringPaySignTemp: %s', stringPaySignTemp);
+    let hash;
+    if (signType === 'MD5') {
+      hash = crypto.createHash('md5');
+    } else if (signType === 'HMAC-SHA256') {
+      hash = crypto.createHmac('sha256', await this.getKey());
+    } else {
+      throw new Error('unsupported signType, only support MD5 or HMAC-SHA256');
+    }
+    hash.update(stringPaySignTemp);
+    const paySign = hash.digest('hex').toUpperCase();
+    debug('paySign: %s', paySign);
     return {
@@ -296,3 +308,3 @@ timestamp: timeStamp,
       signType,
-      paySign: sign
+      paySign
     };
@@ -299,0 +311,0 @@ }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

308937

increased by0.36%

Lines of code

4565

increased by0.57%

No dependency changes