add huibo ivyz4y27

2026-04-28 12:25:41 +08:00
parent 4f64c22ebc
commit 3b7bf1052e
12 changed files with 632 additions and 6 deletions
--- a/internal/infrastructure/external/huibo/huibo_factory.go
+++ b/internal/infrastructure/external/huibo/huibo_factory.go
@@ -0,0 +1,45 @@
+package huibo
+
+import (
+	"tyapi-server/internal/config"
+	"tyapi-server/internal/shared/external_logger"
+)
+
+// NewHuiboServiceWithConfig 使用配置创建汇博服务
+func NewHuiboServiceWithConfig(cfg *config.Config) (*HuiboService, error) {
+	loggingConfig := external_logger.ExternalServiceLoggingConfig{
+		Enabled:               cfg.Huibo.Logging.Enabled,
+		LogDir:                cfg.Huibo.Logging.LogDir,
+		ServiceName:           "huibo",
+		UseDaily:              cfg.Huibo.Logging.UseDaily,
+		EnableLevelSeparation: cfg.Huibo.Logging.EnableLevelSeparation,
+		LevelConfigs:          make(map[string]external_logger.ExternalServiceLevelFileConfig),
+	}
+
+	for key, value := range cfg.Huibo.Logging.LevelConfigs {
+		loggingConfig.LevelConfigs[key] = external_logger.ExternalServiceLevelFileConfig{
+			MaxSize:    value.MaxSize,
+			MaxBackups: value.MaxBackups,
+			MaxAge:     value.MaxAge,
+			Compress:   value.Compress,
+		}
+	}
+
+	logger, err := external_logger.NewExternalServiceLogger(loggingConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	service := NewHuiboService(HuiboConfig{
+		URL:           cfg.Huibo.URL,
+		AppID:         cfg.Huibo.AppID,
+		AppKey:        cfg.Huibo.AppKey,
+		XOrderCode:    cfg.Huibo.XOrderCode,
+		SecretID:      cfg.Huibo.SecretID,
+		AESKey:        cfg.Huibo.AESKey,
+		WorkOrderCode: cfg.Huibo.WorkOrderCode,
+		ProductCode:   cfg.Huibo.ProductCode,
+	}, logger)
+
+	return service, nil
+}
--- a/internal/infrastructure/external/huibo/huibo_service.go
+++ b/internal/infrastructure/external/huibo/huibo_service.go
@@ -0,0 +1,414 @@
+package huibo
+
+import (
+	"bytes"
+	"context"
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/hmac"
+	"crypto/rand"
+	"crypto/sha256"
+	"encoding/base64"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"mime/multipart"
+	"net/http"
+	"sort"
+	"strconv"
+	"strings"
+	"time"
+
+	"tyapi-server/internal/shared/external_logger"
+	"tyapi-server/internal/shared/pdfvalidate"
+
+	"go.uber.org/zap"
+)
+
+var (
+	ErrDatasource = errors.New("数据源异常")
+	ErrSystem     = errors.New("系统异常")
+)
+
+const (
+	headerAuthorization       = "Authorization"
+	headerYMDate              = "YmDate"
+	headerOrderCode           = "X-ORDER-CODE"
+	headerResponseType        = "X-RESPONSE-TYPE"
+	headerResponseTypeDataVal = "data"
+)
+
+// 汇博常见状态码
+const (
+	HuiboStatusSuccess           = "0"
+	HuiboStatusException         = "1"
+	HuiboStatusNoData            = "2"
+	HuiboStatusDataEmpty         = "6010001"
+	HuiboStatusSignFailed        = "6010002"
+	HuiboStatusDecryptFailed     = "6010003"
+	HuiboStatusAppIDEmpty        = "6010004"
+	HuiboStatusEncryptedEmpty    = "6010005"
+	HuiboStatusRandomKeyEmpty    = "6010006"
+	HuiboStatusTimestampEmpty    = "6010007"
+	HuiboStatusProductCodeEmpty  = "6010008"
+	HuiboStatusProductNotFound   = "6010010"
+	HuiboStatusProductNotEnabled = "6010013"
+	HuiboStatusBalanceNotEnough  = "6010020"
+	HuiboStatusUsageLimitReached = "6010021"
+)
+
+var huiboStatusMessage = map[string]string{
+	HuiboStatusSuccess:           "操作成功",
+	HuiboStatusException:         "异常",
+	HuiboStatusNoData:            "数据未查得",
+	HuiboStatusDataEmpty:         "请求体 data 为空",
+	HuiboStatusSignFailed:        "验证签名失败",
+	HuiboStatusDecryptFailed:     "使用 AES/SM4 加解密失败",
+	HuiboStatusAppIDEmpty:        "appId 不能为空",
+	HuiboStatusEncryptedEmpty:    "AES/SM4 加密后的内容不可为空",
+	HuiboStatusRandomKeyEmpty:    "随机 AES/SM4 加密密钥不可为空",
+	HuiboStatusTimestampEmpty:    "请求时间戳不可为空",
+	HuiboStatusProductCodeEmpty:  "产品 code 不能为空",
+	HuiboStatusProductNotFound:   "产品不存在",
+	HuiboStatusProductNotEnabled: "企业未开通产品",
+	HuiboStatusBalanceNotEnough:  "企业账户余额不足",
+	HuiboStatusUsageLimitReached: "产品使用次数到达限制",
+}
+
+type HuiboConfig struct {
+	URL           string
+	AppID         string
+	AppKey        string
+	XOrderCode    string
+	SecretID      string
+	AESKey        string
+	WorkOrderCode string
+	ProductCode   string
+}
+
+type HuiboService struct {
+	config HuiboConfig
+	logger *external_logger.ExternalServiceLogger
+}
+
+type responseWrapper struct {
+	Code json.RawMessage `json:"code"`
+	Msg  string          `json:"msg"`
+	Data struct {
+		Status json.RawMessage `json:"status"`
+		Data   string          `json:"data"`
+	} `json:"data"`
+}
+
+func NewHuiboService(config HuiboConfig, logger *external_logger.ExternalServiceLogger) *HuiboService {
+	return &HuiboService{config: config, logger: logger}
+}
+
+// CallEducationBackgroundDetailed 教育背景（详细）查询
+func (s *HuiboService) CallEducationBackgroundDetailed(ctx context.Context, name, idCard, authPDFBase64 string) ([]byte, error) {
+	requestID := s.generateRequestID()
+	startTime := time.Now()
+	transactionID := ""
+	if v, ok := ctx.Value("transaction_id").(string); ok {
+		transactionID = v
+	}
+
+	if s.logger != nil {
+		s.logger.LogRequest(requestID, transactionID, "huibo_bg_check_ssw", s.config.URL)
+	}
+
+	if err := s.validateConfig(); err != nil {
+		return nil, errors.Join(ErrSystem, err)
+	}
+
+	pdfBytes, err := decodeAndValidatePDF(authPDFBase64)
+	if err != nil {
+		return nil, errors.Join(ErrDatasource, err)
+	}
+
+	bizParam := map[string]string{
+		"productCode": s.getProductCode(),
+		"name":        name,
+		"idCard":      idCard,
+	}
+
+	rawJSON, err := json.Marshal(bizParam)
+	if err != nil {
+		return nil, errors.Join(ErrSystem, err)
+	}
+
+	encryptedData, err := encryptAESGCMBase64(string(rawJSON), s.config.AESKey)
+	if err != nil {
+		return nil, errors.Join(ErrSystem, fmt.Errorf("AES-GCM加密失败: %w", err))
+	}
+
+	sortedParam := generateSortedParam(bizParam)
+	signature := hmacSHA256Base64(sortedParam, s.config.AESKey)
+
+	reqInner := map[string]string{
+		"data":      encryptedData,
+		"requestId": requestID,
+		"secretId":  s.config.SecretID,
+		"signature": signature,
+	}
+	reqInnerBytes, err := json.Marshal(reqInner)
+	if err != nil {
+		return nil, errors.Join(ErrSystem, err)
+	}
+	reqOuter := map[string]string{"data": string(reqInnerBytes)}
+	reqOuterBytes, err := json.Marshal(reqOuter)
+	if err != nil {
+		return nil, errors.Join(ErrSystem, err)
+	}
+
+	respBody, err := s.callAPI(ctx, reqOuterBytes, pdfBytes)
+	if err != nil {
+		if s.logger != nil {
+			s.logger.LogError(requestID, transactionID, "huibo_bg_check_ssw", err, map[string]interface{}{"name": name, "id_card": idCard})
+		}
+		return nil, err
+	}
+
+	if s.logger != nil {
+		s.logger.LogResponse(requestID, transactionID, "huibo_bg_check_ssw", http.StatusOK, time.Since(startTime))
+	}
+
+	var wrapper responseWrapper
+	if err = json.Unmarshal(respBody, &wrapper); err != nil {
+		return nil, errors.Join(ErrDatasource, fmt.Errorf("响应解析失败: %w", err))
+	}
+
+	outerCode := normalizeStatus(wrapper.Code)
+	outerMsg := strings.TrimSpace(wrapper.Msg)
+	if outerCode != "" && outerCode != "200" {
+		return nil, errors.Join(ErrDatasource, fmt.Errorf("汇博外层响应异常(code=%s,msg=%s)", outerCode, outerMsg))
+	}
+
+	status := normalizeStatus(wrapper.Data.Status)
+	// status=2「数据未查得」：产品约定按调用成功计费，对外返回 {}（与外层 code=200 成功一致，走应用层异步扣款）
+	if status == HuiboStatusNoData {
+		if s.logger != nil {
+			s.logger.LogInfo(
+				"汇博教育背景：数据未查得(status=2)，返回空 JSON 并按成功计费",
+				zap.String("request_id", requestID),
+				zap.String("transaction_id", transactionID),
+				zap.String("name", name),
+				zap.String("id_card", idCard),
+			)
+		}
+		return []byte("{}"), nil
+	}
+
+	if status != HuiboStatusSuccess {
+		msg := wrapper.Data.Data
+		if strings.TrimSpace(msg) == "" {
+			msg = getHuiboStatusMessage(status)
+		}
+		if outerMsg != "" && !strings.Contains(msg, outerMsg) {
+			msg = msg + " | 外层消息: " + outerMsg
+		}
+		return nil, errors.Join(ErrDatasource, fmt.Errorf("汇博业务状态异常(status=%s,msg=%s)", status, msg))
+	}
+
+	if wrapper.Data.Data == "" {
+		return nil, errors.Join(ErrDatasource, errors.New("响应缺少加密数据"))
+	}
+
+	decrypted, err := decryptAESGCMBase64(wrapper.Data.Data, s.config.AESKey)
+	if err != nil {
+		return nil, errors.Join(ErrDatasource, fmt.Errorf("响应解密失败: %w", err))
+	}
+	return []byte(decrypted), nil
+}
+
+func (s *HuiboService) callAPI(ctx context.Context, reqOuterJSON []byte, pdfBytes []byte) ([]byte, error) {
+	var body bytes.Buffer
+	writer := multipart.NewWriter(&body)
+	if err := writer.WriteField("req", string(reqOuterJSON)); err != nil {
+		return nil, errors.Join(ErrSystem, err)
+	}
+	part, err := writer.CreateFormFile("file", "authorization.pdf")
+	if err != nil {
+		return nil, errors.Join(ErrSystem, err)
+	}
+	if _, err = part.Write(pdfBytes); err != nil {
+		return nil, errors.Join(ErrSystem, err)
+	}
+	if err = writer.Close(); err != nil {
+		return nil, errors.Join(ErrSystem, err)
+	}
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, s.config.URL, &body)
+	if err != nil {
+		return nil, errors.Join(ErrSystem, err)
+	}
+	req.Header.Set(headerAuthorization, s.config.AppID+"::"+s.config.AppKey)
+	req.Header.Set(headerYMDate, strconv.FormatInt(time.Now().UnixMilli(), 10))
+	req.Header.Set(headerOrderCode, s.config.XOrderCode)
+	req.Header.Set(headerResponseType, headerResponseTypeDataVal)
+	req.Header.Set("Content-Type", writer.FormDataContentType())
+
+	client := &http.Client{Timeout: 60 * time.Second}
+	resp, err := client.Do(req)
+	if err != nil {
+		return nil, errors.Join(ErrDatasource, err)
+	}
+	defer resp.Body.Close()
+
+	respBody, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, errors.Join(ErrSystem, err)
+	}
+	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
+		return nil, errors.Join(ErrDatasource, fmt.Errorf("HTTP状态码异常: %d, body: %s", resp.StatusCode, string(respBody)))
+	}
+	return respBody, nil
+}
+
+func (s *HuiboService) validateConfig() error {
+	if strings.TrimSpace(s.config.URL) == "" ||
+		strings.TrimSpace(s.config.AppID) == "" ||
+		strings.TrimSpace(s.config.AppKey) == "" ||
+		strings.TrimSpace(s.config.SecretID) == "" ||
+		strings.TrimSpace(s.config.AESKey) == "" ||
+		strings.TrimSpace(s.config.XOrderCode) == "" {
+		return errors.New("汇博配置不完整")
+	}
+	return nil
+}
+
+func (s *HuiboService) getProductCode() string {
+	pc := strings.TrimSpace(s.config.ProductCode)
+	if pc == "" {
+		return "22089"
+	}
+	return pc
+}
+
+func (s *HuiboService) generateRequestID() string {
+	return "ssw_" + time.Now().Format("060102150405000") + randomDigits(6)
+}
+
+func decodeAndValidatePDF(base64PDF string) ([]byte, error) {
+	raw, err := base64.StdEncoding.DecodeString(strings.TrimSpace(base64PDF))
+	if err != nil {
+		return nil, fmt.Errorf("授权书文件base64格式错误: %w", err)
+	}
+	if err := pdfvalidate.ValidateDecodedPDFBinary(raw); err != nil {
+		return nil, err
+	}
+	return raw, nil
+}
+
+func generateSortedParam(m map[string]string) string {
+	keys := make([]string, 0, len(m))
+	for k, v := range m {
+		if strings.TrimSpace(v) == "" {
+			continue
+		}
+		keys = append(keys, k)
+	}
+	sort.Strings(keys)
+
+	parts := make([]string, 0, len(keys))
+	for _, k := range keys {
+		parts = append(parts, k+"="+m[k])
+	}
+	return strings.Join(parts, "&")
+}
+
+func hmacSHA256Base64(data, secret string) string {
+	m := hmac.New(sha256.New, []byte(secret))
+	_, _ = m.Write([]byte(data))
+	return base64.StdEncoding.EncodeToString(m.Sum(nil))
+}
+
+func encryptAESGCMBase64(plainText, base64Key string) (string, error) {
+	key, err := base64.StdEncoding.DecodeString(base64Key)
+	if err != nil {
+		return "", err
+	}
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return "", err
+	}
+	gcm, err := cipher.NewGCM(block)
+	if err != nil {
+		return "", err
+	}
+
+	iv := make([]byte, 12)
+	if _, err = io.ReadFull(rand.Reader, iv); err != nil {
+		return "", err
+	}
+	ciphertext := gcm.Seal(nil, iv, []byte(plainText), nil)
+	out := append(iv, ciphertext...)
+	return base64.StdEncoding.EncodeToString(out), nil
+}
+
+func decryptAESGCMBase64(encryptedBase64, base64Key string) (string, error) {
+	key, err := base64.StdEncoding.DecodeString(base64Key)
+	if err != nil {
+		return "", err
+	}
+	raw, err := base64.StdEncoding.DecodeString(encryptedBase64)
+	if err != nil {
+		return "", err
+	}
+	if len(raw) < 13 {
+		return "", errors.New("密文长度非法")
+	}
+
+	iv := raw[:12]
+	ciphertext := raw[12:]
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return "", err
+	}
+	gcm, err := cipher.NewGCM(block)
+	if err != nil {
+		return "", err
+	}
+	plain, err := gcm.Open(nil, iv, ciphertext, nil)
+	if err != nil {
+		return "", err
+	}
+	return string(plain), nil
+}
+
+func normalizeStatus(raw json.RawMessage) string {
+	s := strings.TrimSpace(string(raw))
+	if s == "" {
+		return ""
+	}
+	if strings.HasPrefix(s, "\"") && strings.HasSuffix(s, "\"") {
+		return strings.Trim(s, "\"")
+	}
+	return s
+}
+
+func getHuiboStatusMessage(status string) string {
+	if msg, ok := huiboStatusMessage[status]; ok {
+		return msg
+	}
+	if status == "" {
+		return "数据源返回失败"
+	}
+	return "未知状态码: " + status
+}
+
+func randomDigits(n int) string {
+	if n <= 0 {
+		return ""
+	}
+	raw := make([]byte, n)
+	if _, err := io.ReadFull(rand.Reader, raw); err != nil {
+		return strconv.FormatInt(time.Now().UnixNano(), 10)
+	}
+	b := make([]byte, n)
+	for i := 0; i < n; i++ {
+		b[i] = byte('0' + int(raw[i])%10)
+	}
+	return string(b)
+}