const API = require("../../lib/API.js") const db = require("../../plugin/DataBase/db.js") const { BaseStdResponse } = require("../../BaseStdResponse.js") const config = require('../../config.json') const crypto = require("crypto") const PAYMENT_KEY = config.pay.key class CallBack extends API { constructor() { super() this.setPath('/Order/CallBack') this.setMethod('GET') } async onRequest(req, res) { const { pid, trade_no, out_trade_no, type, name, money, trade_status, sign, sign_type } = req.query // 参数校验 if ([pid, trade_no, out_trade_no, type, name, money, trade_status, sign, sign_type].some(v => v === undefined)) return res.json({ ...BaseStdResponse.MISSING_PARAMETER }) // 签名校验 const rawParams = { money, name, out_trade_no, pid, trade_no, trade_status, type } const sortedKeys = Object.keys(rawParams).sort() const preSignStr = sortedKeys.map(key => `${key}=${rawParams[key]}`).join('&') + `&key=${PAYMENT_KEY}` const localSign = crypto.createHash('md5').update(preSignStr, 'utf8').digest('hex') if (localSign !== sign) return res.json({ ...BaseStdResponse.ERR, msg: '签名验证失败' }) // 判断支付状态 if (trade_status !== 'TRADE_SUCCESS') { const sql = 'UPDATE orders SET \`state\` = 2, pay_id = ? WHERE orderId = ?' await db.query(sql, [trade_no, out_trade_no]) } try { // 更新订单状态 const sql = 'UPDATE orders SET \`state\` = 1, pay_type = ?, pay_id = ? WHERE orderId = ? AND \`state\` = 0' const result = await db.query(sql, [type, trade_no, out_trade_no]) if (result.affectedRows > 0) { return res.send('success') } else { return res.send('订单不存在或已处理') } } catch (err) { this.logger.error(`支付回调异常:${err.stack}`) return res.send('服务器错误') } } } module.exports.CallBack = CallBack