public ActionResult CreateOrder(Orders order)
{
order.Id = Guid.NewGuid().ToString().Replace("-", "");
order.CreateTime = DateTime.Now;
if (!entities.NimUser.Any(o => o.Username == order.UserName))
{
return(Json(new { code = 200, desc = "指定用户不存在", info = order }));
}
//order = new StudyOnline.Models.Orders();
//order.Id = "123456789";
//order.Amount = 0.01;
//order.Main = "ChineseChat充值";
//order.Body = "ChineseChat充值1000学币";
String orderString = OrderUtil.getOrderInfo(order);
String sign = RSAFromPkcs8.sign(orderString, Config.Private_key, Config.Input_charset);
//原始订单字符串+URL编码的签名+签名类型
String lastOrderString = orderString + "&sign=\"" + HttpUtility.UrlEncode(sign, Encoding.UTF8) + "\"&sign_type=\"" + Config.Sign_type + "\"";
entities.Orders.Add(order);
entities.SaveChanges();
return(Json(new { code = 200, desc = "订单创建成功", info = new { order.Id, LastOrderString = lastOrderString } }));
}
public ActionResult VerifyAliPay(String orderId, String result)
{
Orders order = entities.Orders.Find(orderId);
if (order == null)
{
return(Json(new { code = 201, desc = "指定订单不存在" }));
}
NimUser user = entities.NimUser.Single(o => o.Username == order.UserName);
//如果异步通知成功,直接返回
if (order.TradeStatus == "TRADE_SUCCESS" || order.TradeStatus == "TRADE_FINISHED")
{
//平衡学币
user.NimUserEx.Coins = order.Coin + (user.NimUserEx.Coins ?? 0);
order.IsBalance = 1;
entities.SaveChanges();
return(Json(new { code = 200, desc = "支付成功", info = new { user.Username, Nickname = user.NimUserEx.Name, user.NimUserEx.Coins } }));
}
//如果服务端没有收到异步通知的时候,则要验证客户端发过来的同步通知(https://doc.open.alipay.com/doc2/detail.htm?spm=0.0.0.0.bsvyrx&treeId=59&articleId=103665&docType=1)
//1、原始数据是否跟商户请求支付的原始数据一致(必须验证这个);
//2、验证这个签名是否能通过。上述1、2通过后,在sign字段中success = true才是可信的。
//构建原始数据,并验证是否一致,比如如果订单号不存在,那么就会验证不成功
String orderString = OrderUtil.getOrderInfo(order);
if (!result.Contains(orderString))
{
return(Json(new { code = 201, desc = "数据验证不通过" }));
}
//验证数据的签名,以[&sign_type="RSA"&sign=]为界,前面的为(原始数据&支付结果),后面的为带双引号的签名结果,在验证签名时,记录把开头和结尾的引号trim掉
String[] a = result.Split(new String[] { "&sign_type=\"RSA\"&sign=" }, StringSplitOptions.None);
bool isPass = RSAFromPkcs8.verify(a[0], a[1].Trim(new char[] { '"' }), Config.Public_key, Config.Input_charset);
if (!isPass)
{
return(Json(new { code = 201, desc = "数据签名不相符" }));
}
//验证是否包含""这样的支付结果
if (!a[0].Contains("&success=\"true\""))
{
return(Json(new { code = 201, desc = "支付失败" }));
}
order.TradeNo = "";
order.TradeStatus = "COMPLETED";//只说明是同步验证成功,应该尽量依靠服务器异步验证
if (order.IsBalance != 1)
{
user.NimUserEx.Coins = order.Coin + (user.NimUserEx.Coins ?? 0);
order.IsBalance = 1;
}
entities.SaveChanges();
return(Json(new { code = 200, desc = "支付成功", info = new { user.Username, Nickname = user.NimUserEx.Name, user.NimUserEx.Coins } }));
}
