package wxpaycli import ( "context" "crypto" cryptorand "crypto/rand" "crypto/rsa" "crypto/sha256" "crypto/sha512" "crypto/x509" "encoding/base64" "encoding/pem" "errors" "fmt" "net/http" "os" "time" "github.com/go-pay/gopay" wxpayv2 "github.com/go-pay/gopay/wechat" wxpayv3 "github.com/go-pay/gopay/wechat/v3" "service/bizcommon/util" "service/library/configcenter" "service/library/logger" ) const ( DefaultOrderTimeoutSeconds = 900 // 默认订单超时时间,单位: s ) var defaultWxpayClient *WxpayClient type WxpayClient struct { clientV3 *wxpayv3.ClientV3 AppSecret string `json:"app_secret"` AppId string `json:"app_id"` NotifyUrl string `json:"notify_url"` PrivateKeyPath string `json:"private_key_path"` } func GetDefaultWxpayClient() *WxpayClient { return defaultWxpayClient } func Init(cfg *configcenter.WxpayClientConfig) (err error) { // private key bs, err := os.ReadFile(cfg.PrivateKeyPath) if err != nil { logger.Error("real PrivateKeyPath fail, cfg: %v, err: %v", util.ToJson(cfg), err) return } privateKey := string(bs) wxpayCliV3, err := wxpayv3.NewClientV3(cfg.MchId, cfg.SerialNo, cfg.ApiV3Key, privateKey) if err != nil { logger.Error("NewClientV3 fail, cfg: %v, err: %v", util.ToJson(cfg), err) return } defaultWxpayClient = &WxpayClient{ clientV3: wxpayCliV3, AppSecret: cfg.AppSecret, AppId: cfg.AppId, NotifyUrl: cfg.NotifyUrl, PrivateKeyPath: cfg.PrivateKeyPath, } return } // 验签 func (c *WxpayClient) ParseNotify(req *http.Request) (notify *wxpayv3.V3DecryptResult, err error) { notifyReq, err := wxpayv3.V3ParseNotify(req) if err != nil { logger.Error("V3ParseNotify fail, notifyReq: %v, err: %v", util.ToJson(notifyReq), err) return } if notifyReq == nil { logger.Error("V3ParseNotify nil, err: %v", err) return } notifyTmp, err := notifyReq.DecryptCipherText(string(c.clientV3.ApiV3Key)) if err != nil { logger.Error("DecryptCipherText fail, notifyTmp: %v, err: %v", util.ToJson(notifyTmp), err) return } if notifyTmp == nil { logger.Error("DecryptCipherText nil, err: %v", err) return } logger.Info("Wxpay ParseNotify, %v", util.ToJson(notifyTmp)) notify = notifyTmp return } // 微信支付 native支付 type NativePayParam struct { Description string OutTradeNo string // 商家订单id,我们自己的订单id TotalAmount int64 // 金额,单位:分 TimeOutSeconds int // 订单有效时间,单位:秒 } func (c *WxpayClient) NativePay(ctx context.Context, param *NativePayParam) (wxpayNativeParamStr string, err error) { if param.TimeOutSeconds <= 0 { param.TimeOutSeconds = DefaultOrderTimeoutSeconds } bm := gopay.BodyMap{ "appid": c.AppId, "description": param.Description, "out_trade_no": param.OutTradeNo, "time_expire": time.Now().Add(time.Second * time.Duration(param.TimeOutSeconds)).Format(time.RFC3339), "notify_url": c.NotifyUrl, "amount": gopay.BodyMap{ "total": param.TotalAmount, "currency": "CNY", }, } resp, err := c.clientV3.V3TransactionNative(ctx, bm) if err != nil { return } if resp.Code != wxpayv3.Success { logger.Info("wxpayv3 NativePay fail, code: %v, error: %v, response: %v", resp.Code, resp.Error, util.ToJson(resp.Response)) return } wxpayNativeParamStr = resp.Response.CodeUrl logger.Info("wxpayv3 NativePay success, code: %v, error: %v, response: %v", resp.Code, resp.Error, util.ToJson(resp.Response)) return } // 通过authcode获取openid func (c *WxpayClient) GetOpenIdByAuthCode(ctx context.Context, authCode string) (openid string, err error) { at, err := wxpayv2.GetOauth2AccessToken(ctx, c.AppId, c.AppSecret, authCode) if err != nil { return } if len(at.Openid) <= 0 { err = errors.New(fmt.Sprintf("fail, %s", util.ToJson(at))) return } openid = at.Openid return } // 微信支付 jsapi支付 type JsapiPayParam struct { Description string OutTradeNo string // 商家订单id,我们自己的订单id TotalAmount int64 // 金额,单位:分 TimeOutSeconds int // 订单有效时间,单位:秒 OpenId string } type JsapiPayResp struct { PrepayId string `json:"-"` AppId string `json:"appId"` TimeStamp string `json:"timeStamp"` NonceStr string `json:"nonceStr"` Package string `json:"package"` SignType string `json:"signType"` PaySign string `json:"paySign"` } func (c *WxpayClient) JsapiPay(ctx context.Context, param *JsapiPayParam) (wxpayJsapiResp JsapiPayResp, err error) { if param.TimeOutSeconds <= 0 { param.TimeOutSeconds = DefaultOrderTimeoutSeconds } bm := gopay.BodyMap{ "appid": c.AppId, "description": param.Description, "out_trade_no": param.OutTradeNo, "time_expire": time.Now().Add(time.Second * time.Duration(param.TimeOutSeconds)).Format(time.RFC3339), "notify_url": c.NotifyUrl, "amount": gopay.BodyMap{ "total": param.TotalAmount, "currency": "CNY", }, "payer": gopay.BodyMap{ "openid": param.OpenId, }, } resp, err := c.clientV3.V3TransactionJsapi(ctx, bm) if err != nil { return } if resp.Code != wxpayv3.Success { logger.Info("wxpayv3 NativePay fail, code: %v, error: %v, response: %v", resp.Code, resp.Error, util.ToJson(resp.Response)) return } r := JsapiPayResp{ PrepayId: resp.Response.PrepayId, AppId: c.AppId, TimeStamp: fmt.Sprintf("%d", time.Now().Unix()), NonceStr: util.RandomString(32), Package: "prepay_id=" + resp.Response.PrepayId, SignType: "RSA", PaySign: resp.SignInfo.SignBody, } var ( cipherText = fmt.Sprintf("%s\n%s\n%s\n%s\n", r.AppId, r.TimeStamp, r.NonceStr, r.Package) keyBytes, _ = os.ReadFile(c.PrivateKeyPath) ) paySignBytes, err := rsaSign(keyBytes, crypto.SHA256, []byte(cipherText)) if err != nil { return } r.PaySign = base64.StdEncoding.EncodeToString(paySignBytes) wxpayJsapiResp = r logger.Info("wxpayv3 JsapiPay success, code: %v, error: %v, response: %v", resp.Code, resp.Error, util.ToJson(wxpayJsapiResp)) return } func rsaSign(prvkey []byte, hash crypto.Hash, data []byte) ([]byte, error) { block, _ := pem.Decode(prvkey) if block == nil { return nil, errors.New("decode private key error") } privateKey, err := x509.ParsePKCS8PrivateKey(block.Bytes) if err != nil { return nil, err } // MD5 and SHA1 are not supported as they are not secure. var hashed []byte switch hash { case crypto.SHA224: h := sha256.Sum224(data) hashed = h[:] case crypto.SHA256: h := sha256.Sum256(data) hashed = h[:] case crypto.SHA384: h := sha512.Sum384(data) hashed = h[:] case crypto.SHA512: h := sha512.Sum512(data) hashed = h[:] } return rsa.SignPKCS1v15(cryptorand.Reader, privateKey.(*rsa.PrivateKey), hash, hashed) }