first commit
This commit is contained in:
		
							
								
								
									
										169
									
								
								app/main/api/internal/service/applepayService.go
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										169
									
								
								app/main/api/internal/service/applepayService.go
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,169 @@ | ||||
| package service | ||||
|  | ||||
| import ( | ||||
| 	"context" | ||||
| 	"crypto/ecdsa" | ||||
| 	"crypto/x509" | ||||
| 	"encoding/json" | ||||
| 	"encoding/pem" | ||||
| 	"fmt" | ||||
| 	"io/ioutil" | ||||
| 	"net/http" | ||||
| 	"strconv" | ||||
| 	"time" | ||||
| 	"hm-server/app/main/api/internal/config" | ||||
|  | ||||
| 	"github.com/golang-jwt/jwt/v4" | ||||
| ) | ||||
|  | ||||
| // ApplePayService 是 Apple IAP 支付服务的结构体 | ||||
| type ApplePayService struct { | ||||
| 	config config.ApplepayConfig // 配置项 | ||||
| } | ||||
|  | ||||
| // NewApplePayService 是一个构造函数,用于初始化 ApplePayService | ||||
| func NewApplePayService(c config.Config) *ApplePayService { | ||||
| 	return &ApplePayService{ | ||||
| 		config: c.Applepay, | ||||
| 	} | ||||
| } | ||||
| func (a *ApplePayService) GetIappayAppID(productName string) string { | ||||
| 	return fmt.Sprintf("%s.%s", a.config.BundleID, productName) | ||||
| } | ||||
|  | ||||
| // VerifyReceipt 验证苹果支付凭证 | ||||
| func (a *ApplePayService) VerifyReceipt(ctx context.Context, receipt string) (*AppleVerifyResponse, error) { | ||||
| 	var reqUrl string | ||||
| 	if a.config.Sandbox { | ||||
| 		reqUrl = a.config.SandboxVerifyURL | ||||
| 	} else { | ||||
| 		reqUrl = a.config.ProductionVerifyURL | ||||
| 	} | ||||
|  | ||||
| 	// 读取私钥 | ||||
| 	privateKey, err := loadPrivateKey(a.config.LoadPrivateKeyPath) | ||||
| 	if err != nil { | ||||
| 		return nil, fmt.Errorf("加载私钥失败:%v", err) | ||||
| 	} | ||||
|  | ||||
| 	// 生成 JWT | ||||
| 	token, err := generateJWT(privateKey, a.config.KeyID, a.config.IssuerID) | ||||
| 	if err != nil { | ||||
| 		return nil, fmt.Errorf("生成JWT失败:%v", err) | ||||
| 	} | ||||
|  | ||||
| 	// 构造查询参数 | ||||
| 	queryParams := fmt.Sprintf("?receipt-data=%s", receipt) | ||||
| 	fullUrl := reqUrl + queryParams | ||||
|  | ||||
| 	// 构建 HTTP GET 请求 | ||||
| 	req, err := http.NewRequestWithContext(ctx, http.MethodGet, fullUrl, nil) | ||||
| 	if err != nil { | ||||
| 		return nil, fmt.Errorf("创建 HTTP 请求失败:%v", err) | ||||
| 	} | ||||
| 	req.Header.Set("Content-Type", "application/json") | ||||
| 	req.Header.Set("Authorization", "Bearer "+token) | ||||
|  | ||||
| 	// 发送请求 | ||||
| 	client := &http.Client{Timeout: 10 * time.Second} | ||||
| 	resp, err := client.Do(req) | ||||
| 	if err != nil { | ||||
| 		return nil, fmt.Errorf("请求苹果验证接口失败:%v", err) | ||||
| 	} | ||||
| 	defer resp.Body.Close() | ||||
|  | ||||
| 	// 解析响应 | ||||
| 	body, err := ioutil.ReadAll(resp.Body) | ||||
| 	if err != nil { | ||||
| 		return nil, fmt.Errorf("读取响应体失败:%v", err) | ||||
| 	} | ||||
|  | ||||
| 	var verifyResponse AppleVerifyResponse | ||||
| 	err = json.Unmarshal(body, &verifyResponse) | ||||
| 	if err != nil { | ||||
| 		return nil, fmt.Errorf("解析响应体失败:%v", err) | ||||
| 	} | ||||
|  | ||||
| 	// 根据实际响应处理逻辑 | ||||
| 	if verifyResponse.Status != 0 { | ||||
| 		return nil, fmt.Errorf("验证失败,状态码:%d", verifyResponse.Status) | ||||
| 	} | ||||
|  | ||||
| 	return &verifyResponse, nil | ||||
| } | ||||
|  | ||||
| func loadPrivateKey(path string) (*ecdsa.PrivateKey, error) { | ||||
| 	data, err := ioutil.ReadFile(path) | ||||
| 	if err != nil { | ||||
| 		return nil, err | ||||
| 	} | ||||
| 	block, _ := pem.Decode(data) | ||||
| 	if block == nil || block.Type != "PRIVATE KEY" { | ||||
| 		return nil, fmt.Errorf("无效的私钥数据") | ||||
| 	} | ||||
| 	key, err := x509.ParsePKCS8PrivateKey(block.Bytes) | ||||
| 	if err != nil { | ||||
| 		return nil, err | ||||
| 	} | ||||
| 	ecdsaKey, ok := key.(*ecdsa.PrivateKey) | ||||
| 	if !ok { | ||||
| 		return nil, fmt.Errorf("私钥类型错误") | ||||
| 	} | ||||
| 	return ecdsaKey, nil | ||||
| } | ||||
|  | ||||
| func generateJWT(privateKey *ecdsa.PrivateKey, keyID, issuerID string) (string, error) { | ||||
| 	now := time.Now() | ||||
| 	claims := jwt.RegisteredClaims{ | ||||
| 		Issuer:    issuerID, | ||||
| 		IssuedAt:  jwt.NewNumericDate(now), | ||||
| 		ExpiresAt: jwt.NewNumericDate(now.Add(1 * time.Hour)), | ||||
| 		Audience:  jwt.ClaimStrings{"appstoreconnect-v1"}, | ||||
| 	} | ||||
| 	token := jwt.NewWithClaims(jwt.SigningMethodES256, claims) | ||||
| 	token.Header["kid"] = keyID | ||||
| 	tokenString, err := token.SignedString(privateKey) | ||||
| 	if err != nil { | ||||
| 		return "", err | ||||
| 	} | ||||
| 	return tokenString, nil | ||||
| } | ||||
|  | ||||
| // GenerateOutTradeNo 生成唯一订单号 | ||||
| func (a *ApplePayService) GenerateOutTradeNo() string { | ||||
| 	length := 16 | ||||
| 	timestamp := time.Now().UnixNano() | ||||
| 	timeStr := strconv.FormatInt(timestamp, 10) | ||||
| 	randomPart := strconv.Itoa(int(timestamp % 1e6)) | ||||
| 	combined := timeStr + randomPart | ||||
|  | ||||
| 	if len(combined) >= length { | ||||
| 		return combined[:length] | ||||
| 	} | ||||
|  | ||||
| 	for len(combined) < length { | ||||
| 		combined += strconv.Itoa(int(timestamp % 10)) | ||||
| 	} | ||||
|  | ||||
| 	return combined | ||||
| } | ||||
|  | ||||
| // AppleVerifyResponse 定义苹果验证接口的响应结构 | ||||
| type AppleVerifyResponse struct { | ||||
| 	Status  int      `json:"status"`  // 验证状态码:0 表示收据有效 | ||||
| 	Receipt *Receipt `json:"receipt"` // 收据信息 | ||||
| } | ||||
|  | ||||
| // Receipt 定义收据的精简结构 | ||||
| type Receipt struct { | ||||
| 	BundleID string      `json:"bundle_id"` // 应用的 Bundle ID | ||||
| 	InApp    []InAppItem `json:"in_app"`    // 应用内购买记录 | ||||
| } | ||||
|  | ||||
| // InAppItem 定义单条交易记录 | ||||
| type InAppItem struct { | ||||
| 	ProductID       string `json:"product_id"`              // 商品 ID | ||||
| 	TransactionID   string `json:"transaction_id"`          // 交易 ID | ||||
| 	PurchaseDate    string `json:"purchase_date"`           // 购买日期 (ISO 8601) | ||||
| 	OriginalTransID string `json:"original_transaction_id"` // 原始交易 ID | ||||
| } | ||||
		Reference in New Issue
	
	Block a user