tj

fe15f1cc · 宋毅 · d66e662f · fe15f1cc · fe15f1cc · fe15f1cc
Commit fe15f1cc authored Oct 29, 2020 by 宋毅
Showing with 54 additions and 9 deletions

center-channel/app/base/api/api.base.js
+1 -0

center-channel/app/base/service/app.base.js
+37 -0

center-channel/app/config/businessConfig.js
+4 -3

center-channel/app/config/routes/api.js
+12 -6

No files found.
--- a/center-channel/app/base/api/api.base.js
+++ b/center-channel/app/base/api/api.base.js
@@ -24,6 +24,7 @@ class APIBase {
    //-----------------------新的模式------------------开始
    async doexecMethod(gname, methodname, pobj, query, req) {
        req.requestId = this.getUUID();
        try {
            var shaStr = await sha256(JSON.stringify(pobj));

--- a/center-channel/app/base/service/app.base.js
+++ b/center-channel/app/base/service/app.base.js
@@ -463,5 +463,42 @@ class AppServiceBase {
    const result = await this.execClientNew.execPostTimeOutByBusiness('sve.base', params, url, ContentType, headData, timeOut, req);
    return result;
  }
+  /**
+* 验证签名
+* @param {*} params 要验证的参数 
+* @param {*} app_secret 应用的校验key
+*/
+  async verifySign(params, app_secret) {
+    if (!params) {
+      return system.getResult(null, "请求参数为空");
+    }
+    if (!params.sign) {
+      return system.getResult(null, "请求参数sign为空");
+    }
+    var signArr = [];
+    var keys = Object.keys(params).sort();
+    if (keys.length == 0) {
+      return system.getResult(null, "请求参数信息为空");
+    }
+    for (let k = 0; k < keys.length; k++) {
+      const tKey = keys[k];
+      if (tKey != "sign" && params[tKey]) {
+        let tmpKeyValue = params[tKey];
+        if (tmpKeyValue instanceof Array || tmpKeyValue instanceof Object) {
+          tmpKeyValue = JSON.stringify(tmpKeyValue);
+        }
+        signArr.push(tKey + "=" + tmpKeyValue);
+      }
+    }
+    if (signArr.length == 0) {
+      return system.getResult(null, "请求参数组装签名参数信息为空");
+    }
+    var resultSignStr = signArr.join("&") + "&key=" + app_secret;
+    var resultTmpSign = md5(resultSignStr).toUpperCase();
+    if (params.sign != resultTmpSign) {
+      return system.getResult(null, "返回值签名验证失败");
+    }
+    return system.getResultSuccess();
+  }
 }
 module.exports = AppServiceBase;
--- a/center-channel/app/config/businessConfig.js
+++ b/center-channel/app/config/businessConfig.js
@@ -15,9 +15,10 @@ module.exports = {
            "getItemByNeedNo", "opNeedDetailByChannelNo", "getNeedListUser", "manualEvaluation", "diagnosisInfo", "check", "enterpriseInfo", "diagnosisDetail",
            "submitIcpIntention", "queryIntentionList", "confirmIcpIntention", "tmAccept", "tmStatus", "needBatchUpload",
            "serviceSubmitOption", "submitWangwenSolution", "closeNeed", "recordLog", "recordLogList", "foodServiceSubmitOption", "submitFoodSolution",
-            "foodCloseNeed", "foodRecordLog", "foodRecordLogList", "getParamsFor360", "addOrderWeb", "getPayRecords", "getLoginInfo","putUserMobileByVcode",
+            "foodCloseNeed", "foodRecordLog", "foodRecordLogList", "getParamsFor360", "addOrderWeb", "getPayRecords", "getLoginInfo", "putUserMobileByVcode",
-            "putUserPwdByMobile","icpNotifyNew"
+            "putUserPwdByMobile", "icpNotifyNew"
        ],
-        apiMustUserpinList: ["submitNeed", "paySuccess", "icpNotify", "getLoginInfo","icpNotifyNew"]
+        apiMustUserpinList: ["submitNeed", "paySuccess", "icpNotify", "getLoginInfo", "icpNotifyNew"],
+        apiSecretPathList: ["/baidu/icp"]
    }
 }
--- a/center-channel/app/config/routes/api.js
+++ b/center-channel/app/config/routes/api.js
@@ -203,9 +203,9 @@ module.exports = function (app) {
 	app.use('/orderNotify/channelPayNotify', async function (req, res) {
 		try {
 			var client_ip = system.get_client_ip(req);
-			if(req.body.orderNo.startWith('CN')){
+			if (req.body.orderNo.startWith('CN')) {
-				var result = await utilsOrderSve.channelOrdersPayNotify(req.body,client_ip);
+				var result = await utilsOrderSve.channelOrdersPayNotify(req.body, client_ip);
-			}else{
+			} else {
 				var result = await utilsOrderSve.channelPayNotify(req.body, client_ip);
 			}
 			logCtl.info({
@@ -403,6 +403,12 @@ module.exports = function (app) {
 			res.end(JSON.stringify(result));
 			return;
 		}
+		if (PDICT.apiSecretPathList.indexOf(req.originalUrl) >= 0) {
+			//TODO:验证数据签名
+			next();
+			return;
+		}
 		if (["getAppTokenByHosts", "getAppTokenByAppKey", "getTmNclFilterSearch"].indexOf(req.body.actionType) >= 0) {
 			req.body.actionBody.appHosts = req.host;
 			next();
@@ -614,7 +620,7 @@ module.exports = function (app) {
 	//icp需求推送
 	app.post('/icp/consultation/submit', function (req, res) {
 		var p = null;
-		var params = ["icpnotify","icpSubmitNeed",req.body,req.query,req];
+		var params = ["icpnotify", "icpSubmitNeed", req.body, req.query, req];
 		// gname, methodname, pobj, query, req
 		var invokeObj = system.getObject("api.action.icpnotify");
 		if (invokeObj["doexecMethod"]) {
@@ -628,7 +634,7 @@ module.exports = function (app) {
 	app.post('/icp/feedback/submit', function (req, res) {
 		var p = null;
 		req.body.action_type = "icpFeedbackSubmit";
-		var params = ["icpnotify","icpFeedbackSubmit",req.body,req.query,req];
+		var params = ["icpnotify", "icpFeedbackSubmit", req.body, req.query, req];
 		// gname, methodname, pobj, query, req
 		var invokeObj = system.getObject("api.action.icpnotify");
 		if (invokeObj["doexecMethod"]) {
@@ -642,7 +648,7 @@ module.exports = function (app) {
 	app.post('/icp/order/notify', function (req, res) {
 		var p = null;
 		req.body.action_type = "icpNotify";
-		var params = ["icpnotify","icpNotify",req.body,req.query,req];
+		var params = ["icpnotify", "icpNotify", req.body, req.query, req];
 		// gname, methodname, pobj, query, req
 		var invokeObj = system.getObject("api.action.icpnotify");
 		if (invokeObj["doexecMethod"]) {