386 lines
13 KiB
Go
386 lines
13 KiB
Go
package certification
|
|
|
|
import (
|
|
"context"
|
|
"crypto/hmac"
|
|
"crypto/sha256"
|
|
"encoding/hex"
|
|
"encoding/json"
|
|
"fmt"
|
|
"sort"
|
|
"strings"
|
|
|
|
"go.uber.org/zap"
|
|
|
|
"tyapi-server/internal/domains/certification/entities"
|
|
"tyapi-server/internal/domains/certification/enums"
|
|
"tyapi-server/internal/domains/certification/services"
|
|
user_services "tyapi-server/internal/domains/user/services"
|
|
"tyapi-server/internal/shared/database"
|
|
esign_service "tyapi-server/internal/shared/esign"
|
|
)
|
|
|
|
// EsignCallbackData e签宝回调数据结构
|
|
type EsignCallbackData struct {
|
|
Action string `json:"action"`
|
|
Timestamp int64 `json:"timestamp"`
|
|
AuthFlowId string `json:"authFlowId,omitempty"`
|
|
SignFlowId string `json:"signFlowId,omitempty"`
|
|
CustomBizNum string `json:"customBizNum,omitempty"`
|
|
SignOrder int `json:"signOrder,omitempty"`
|
|
OperateTime int64 `json:"operateTime,omitempty"`
|
|
SignResult int `json:"signResult,omitempty"`
|
|
ResultDescription string `json:"resultDescription,omitempty"`
|
|
AuthType string `json:"authType,omitempty"`
|
|
SignFlowStatus string `json:"signFlowStatus,omitempty"`
|
|
Operator *EsignOperator `json:"operator,omitempty"`
|
|
PsnInfo *EsignPsnInfo `json:"psnInfo,omitempty"`
|
|
Organization *EsignOrganization `json:"organization,omitempty"`
|
|
}
|
|
|
|
// EsignOperator 签署人信息
|
|
type EsignOperator struct {
|
|
PsnId string `json:"psnId"`
|
|
PsnAccount *EsignPsnAccount `json:"psnAccount"`
|
|
}
|
|
|
|
// EsignPsnInfo 个人认证信息
|
|
type EsignPsnInfo struct {
|
|
PsnId string `json:"psnId"`
|
|
PsnAccount *EsignPsnAccount `json:"psnAccount"`
|
|
}
|
|
|
|
// EsignPsnAccount 个人账户信息
|
|
type EsignPsnAccount struct {
|
|
AccountMobile string `json:"accountMobile"`
|
|
AccountEmail string `json:"accountEmail"`
|
|
}
|
|
|
|
// EsignOrganization 企业信息
|
|
type EsignOrganization struct {
|
|
OrgName string `json:"orgName"`
|
|
// 可以根据需要添加更多企业信息字段
|
|
}
|
|
|
|
// EsignCallbackApplicationServiceImpl e签宝回调应用服务实现
|
|
type EsignCallbackApplicationServiceImpl struct {
|
|
certManagementService *services.CertificationManagementService
|
|
certWorkflowService *services.CertificationWorkflowService
|
|
certificationEsignService *services.CertificationEsignService
|
|
enterpriseService *user_services.EnterpriseService
|
|
esignService *esign_service.Client
|
|
enterpriseRecordService *services.EnterpriseInfoSubmitRecordService
|
|
txManager *database.TransactionManager
|
|
logger *zap.Logger
|
|
}
|
|
|
|
// NewEsignCallbackApplicationService 创建e签宝回调应用服务
|
|
func NewEsignCallbackApplicationService(
|
|
certManagementService *services.CertificationManagementService,
|
|
certWorkflowService *services.CertificationWorkflowService,
|
|
certificationEsignService *services.CertificationEsignService,
|
|
enterpriseService *user_services.EnterpriseService,
|
|
esignService *esign_service.Client,
|
|
enterpriseRecordService *services.EnterpriseInfoSubmitRecordService,
|
|
txManager *database.TransactionManager,
|
|
logger *zap.Logger,
|
|
) EsignCallbackApplicationService {
|
|
return &EsignCallbackApplicationServiceImpl{
|
|
certManagementService: certManagementService,
|
|
certWorkflowService: certWorkflowService,
|
|
certificationEsignService: certificationEsignService,
|
|
enterpriseService: enterpriseService,
|
|
esignService: esignService,
|
|
enterpriseRecordService: enterpriseRecordService,
|
|
txManager: txManager,
|
|
logger: logger,
|
|
}
|
|
}
|
|
|
|
// HandleCallback 处理e签宝回调
|
|
func (s *EsignCallbackApplicationServiceImpl) HandleCallback(ctx context.Context, callbackData map[string]interface{}, headers map[string]string, queryParams map[string]string) error {
|
|
s.logger.Info("开始处理e签宝回调", zap.Any("callback_data", callbackData))
|
|
|
|
// 1. 验签
|
|
if err := s.verifySignature(callbackData, headers, queryParams); err != nil {
|
|
s.logger.Error("e签宝回调验签失败", zap.Error(err))
|
|
return fmt.Errorf("验签失败: %w", err)
|
|
}
|
|
|
|
// 2. 解析回调数据为结构体
|
|
var callback EsignCallbackData
|
|
jsonBytes, err := json.Marshal(callbackData)
|
|
if err != nil {
|
|
return fmt.Errorf("序列化回调数据失败: %w", err)
|
|
}
|
|
|
|
if err := json.Unmarshal(jsonBytes, &callback); err != nil {
|
|
return fmt.Errorf("解析回调数据失败: %w", err)
|
|
}
|
|
|
|
// 3. 记录回调信息
|
|
s.logger.Info("e签宝回调信息解析",
|
|
zap.String("action", callback.Action),
|
|
zap.String("auth_flow_id", callback.AuthFlowId),
|
|
zap.String("sign_flow_id", callback.SignFlowId),
|
|
zap.String("auth_type", callback.AuthType),
|
|
zap.String("sign_flow_status", callback.SignFlowStatus),
|
|
zap.Int64("timestamp", callback.Timestamp),
|
|
)
|
|
|
|
// 4. 根据回调类型处理业务逻辑
|
|
switch callback.Action {
|
|
case "AUTH_PASS":
|
|
// 只处理企业认证通过
|
|
if callback.AuthType == "ORG" {
|
|
return s.handleEnterpriseAuthPass(ctx, &callback)
|
|
}
|
|
s.logger.Info("忽略非企业认证通过回调", zap.String("auth_type", callback.AuthType))
|
|
return nil
|
|
case "AUTH_FAIL":
|
|
// 只处理企业认证失败
|
|
if callback.AuthType == "ORG" {
|
|
return s.handleEnterpriseAuthFail(ctx, &callback)
|
|
}
|
|
s.logger.Info("忽略非企业认证失败回调", zap.String("auth_type", callback.AuthType))
|
|
return nil
|
|
case "SIGN_FLOW_COMPLETE":
|
|
// 合同签署流程完成
|
|
return s.handleContractSignFlowComplete(ctx, &callback)
|
|
default:
|
|
s.logger.Info("忽略未知的回调动作", zap.String("action", callback.Action))
|
|
return nil
|
|
}
|
|
}
|
|
|
|
// verifySignature 验证e签宝回调签名
|
|
func (s *EsignCallbackApplicationServiceImpl) verifySignature(callbackData map[string]interface{}, headers map[string]string, queryParams map[string]string) error {
|
|
// 1. 获取签名相关参数
|
|
signature, ok := headers["X-Tsign-Open-Signature"]
|
|
if !ok {
|
|
return fmt.Errorf("缺少签名头: X-Tsign-Open-Signature")
|
|
}
|
|
|
|
timestamp, ok := headers["X-Tsign-Open-Timestamp"]
|
|
if !ok {
|
|
return fmt.Errorf("缺少时间戳头: X-Tsign-Open-Timestamp")
|
|
}
|
|
|
|
// 2. 构建查询参数字符串
|
|
var queryKeys []string
|
|
for key := range queryParams {
|
|
queryKeys = append(queryKeys, key)
|
|
}
|
|
sort.Strings(queryKeys) // 按ASCII码升序排序
|
|
|
|
var queryValues []string
|
|
for _, key := range queryKeys {
|
|
queryValues = append(queryValues, queryParams[key])
|
|
}
|
|
queryString := strings.Join(queryValues, "")
|
|
|
|
// 3. 获取请求体数据
|
|
bodyData, err := s.getRequestBodyString(callbackData)
|
|
if err != nil {
|
|
return fmt.Errorf("获取请求体数据失败: %w", err)
|
|
}
|
|
|
|
// 4. 构建验签数据
|
|
data := timestamp + queryString + bodyData
|
|
|
|
// 5. 计算签名
|
|
expectedSignature := s.calculateSignature(data, s.esignService.GetConfig().AppSecret)
|
|
|
|
// 6. 比较签名
|
|
if strings.ToLower(expectedSignature) != strings.ToLower(signature) {
|
|
s.logger.Error("签名验证失败",
|
|
zap.String("expected", strings.ToLower(expectedSignature)),
|
|
zap.String("received", strings.ToLower(signature)),
|
|
zap.String("data", data),
|
|
)
|
|
return fmt.Errorf("签名验证失败")
|
|
}
|
|
|
|
s.logger.Info("e签宝回调验签成功")
|
|
return nil
|
|
}
|
|
|
|
// calculateSignature 计算HMAC-SHA256签名
|
|
func (s *EsignCallbackApplicationServiceImpl) calculateSignature(data, secret string) string {
|
|
h := hmac.New(sha256.New, []byte(secret))
|
|
h.Write([]byte(data))
|
|
return strings.ToUpper(hex.EncodeToString(h.Sum(nil)))
|
|
}
|
|
|
|
// getRequestBodyString 获取请求体字符串
|
|
func (s *EsignCallbackApplicationServiceImpl) getRequestBodyString(callbackData map[string]interface{}) (string, error) {
|
|
// 将map转换为JSON字符串
|
|
jsonBytes, err := json.Marshal(callbackData)
|
|
if err != nil {
|
|
return "", fmt.Errorf("JSON序列化失败: %w", err)
|
|
}
|
|
return string(jsonBytes), nil
|
|
}
|
|
|
|
// handleEnterpriseAuthPass 处理企业认证通过回调
|
|
func (s *EsignCallbackApplicationServiceImpl) handleEnterpriseAuthPass(ctx context.Context, callback *EsignCallbackData) error {
|
|
s.logger.Info("处理企业认证通过回调")
|
|
|
|
if callback.Organization == nil {
|
|
return fmt.Errorf("回调数据中缺少organization字段")
|
|
}
|
|
|
|
if callback.AuthFlowId == "" {
|
|
return fmt.Errorf("回调数据中缺少authFlowId字段")
|
|
}
|
|
|
|
// 查找对应的认证申请
|
|
certification, err := s.certManagementService.GetCertificationByAuthFlowID(ctx, callback.AuthFlowId)
|
|
if err != nil {
|
|
return fmt.Errorf("查找认证申请失败: %w", err)
|
|
}
|
|
if certification.Status != enums.StatusInfoSubmitted {
|
|
s.logger.Warn("当前状态不允许完成企业认证", zap.String("status", string(certification.Status)))
|
|
return nil
|
|
}
|
|
if err := s.completeEnterpriseAuth(ctx, certification); err != nil {
|
|
return fmt.Errorf("完成企业认证失败: %w", err)
|
|
}
|
|
|
|
s.logger.Info("企业认证通过处理完成",
|
|
zap.String("user_id", certification.UserID),
|
|
zap.String("certification_id", certification.ID),
|
|
zap.String("org_name", callback.Organization.OrgName),
|
|
)
|
|
|
|
return nil
|
|
}
|
|
|
|
// handleEnterpriseAuthFail 处理企业认证失败回调
|
|
func (s *EsignCallbackApplicationServiceImpl) handleEnterpriseAuthFail(ctx context.Context, callback *EsignCallbackData) error {
|
|
s.logger.Info("处理企业认证失败回调")
|
|
|
|
if callback.Organization == nil {
|
|
return fmt.Errorf("回调数据中缺少organization字段")
|
|
}
|
|
|
|
// 暂时忽略
|
|
|
|
return nil
|
|
}
|
|
|
|
// handleContractSignFlowComplete 处理合同签署流程完成回调
|
|
func (s *EsignCallbackApplicationServiceImpl) handleContractSignFlowComplete(ctx context.Context, callback *EsignCallbackData) error {
|
|
s.logger.Info("处理合同签署流程完成回调")
|
|
|
|
if callback.SignFlowId == "" {
|
|
return fmt.Errorf("回调数据中缺少signFlowId字段")
|
|
}
|
|
|
|
if callback.SignFlowStatus == "" {
|
|
return fmt.Errorf("回调数据中缺少signFlowStatus字段")
|
|
}
|
|
|
|
// 查找对应的认证申请
|
|
certification, err := s.certManagementService.GetCertificationByEsignFlowID(ctx, callback.SignFlowId)
|
|
if err != nil {
|
|
return fmt.Errorf("查找认证申请失败: %w", err)
|
|
}
|
|
|
|
// 根据签署流程状态处理
|
|
switch callback.SignFlowStatus {
|
|
case "2": // 已完成(所有签署方完成签署)
|
|
s.logger.Info("合同签署流程已完成,所有签署方完成签署")
|
|
|
|
// 完成合同签署
|
|
if err := s.certWorkflowService.CompleteContractSign(ctx, certification.ID, "所有签署方完成签署"); err != nil {
|
|
return fmt.Errorf("完成合同签署失败: %w", err)
|
|
}
|
|
|
|
// 自动完成认证
|
|
if err := s.certWorkflowService.CompleteCertification(ctx, certification.ID); err != nil {
|
|
return fmt.Errorf("完成认证失败: %w", err)
|
|
}
|
|
|
|
s.logger.Info("合同签署流程完成处理成功",
|
|
zap.String("user_id", certification.UserID),
|
|
zap.String("certification_id", certification.ID),
|
|
zap.String("sign_flow_id", callback.SignFlowId),
|
|
zap.String("sign_flow_status", callback.SignFlowStatus),
|
|
)
|
|
|
|
case "3": // 已撤销(发起方撤销签署任务)
|
|
s.logger.Info("合同签署流程已撤销")
|
|
|
|
// 可以在这里添加撤销处理逻辑
|
|
s.logger.Info("合同签署流程撤销处理完成",
|
|
zap.String("user_id", certification.UserID),
|
|
zap.String("certification_id", certification.ID),
|
|
zap.String("sign_flow_id", callback.SignFlowId),
|
|
zap.String("sign_flow_status", callback.SignFlowStatus),
|
|
)
|
|
|
|
// 暂无撤销业务逻辑
|
|
|
|
case "5": // 已过期(签署截止日到期后触发)
|
|
s.logger.Info("合同签署流程已过期")
|
|
|
|
// 可以在这里添加过期处理逻辑
|
|
s.logger.Info("合同签署流程过期处理完成",
|
|
zap.String("user_id", certification.UserID),
|
|
zap.String("certification_id", certification.ID),
|
|
zap.String("sign_flow_id", callback.SignFlowId),
|
|
zap.String("sign_flow_status", callback.SignFlowStatus),
|
|
)
|
|
|
|
// 暂无过期业务逻辑
|
|
|
|
case "7": // 已拒签(签署方拒绝签署)
|
|
s.logger.Info("合同签署流程已拒签")
|
|
|
|
// 可以在这里添加拒签处理逻辑
|
|
s.logger.Info("合同签署流程拒签处理完成",
|
|
zap.String("user_id", certification.UserID),
|
|
zap.String("certification_id", certification.ID),
|
|
zap.String("sign_flow_id", callback.SignFlowId),
|
|
zap.String("sign_flow_status", callback.SignFlowStatus),
|
|
)
|
|
|
|
default:
|
|
s.logger.Warn("未知的签署流程状态",
|
|
zap.String("sign_flow_status", callback.SignFlowStatus),
|
|
zap.String("sign_flow_id", callback.SignFlowId),
|
|
)
|
|
|
|
// 暂无拒签业务逻辑
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// 企业认证成功后操作
|
|
func (s *EsignCallbackApplicationServiceImpl) completeEnterpriseAuth(ctx context.Context, certification *entities.Certification) error {
|
|
err := s.txManager.ExecuteInTx(ctx, func(txCtx context.Context) error {
|
|
// 1. 获取企业信息提交记录
|
|
enterpriseRecord, err := s.enterpriseRecordService.GetLatestByUserID(txCtx, certification.UserID)
|
|
if err != nil {
|
|
return fmt.Errorf("获取企业信息失败: %w", err)
|
|
}
|
|
// 2. 转换状态
|
|
if err := s.certWorkflowService.CompleteEnterpriseVerification(txCtx, certification.ID); err != nil {
|
|
return err
|
|
}
|
|
// 3. 创建企业信息
|
|
_, err = s.enterpriseService.CreateEnterpriseInfo(txCtx, certification.UserID, enterpriseRecord.CompanyName, enterpriseRecord.UnifiedSocialCode, enterpriseRecord.LegalPersonName, enterpriseRecord.LegalPersonID)
|
|
if err != nil {
|
|
s.logger.Warn("创建用户企业信息失败", zap.Error(err))
|
|
return err
|
|
}
|
|
return nil
|
|
})
|
|
if err != nil {
|
|
return fmt.Errorf("完成企业认证失败: %w", err)
|
|
}
|
|
return nil
|
|
}
|