Home Esplora Aiuto
Registrati Accedi
gatsby
/
payment-platform
1
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Sfoglia il codice sorgente

feat: 更新最新的签名算法

gatsby 1 mese fa
parent
5f4394d856
commit
da9c344f7d
1 ha cambiato i file con 49 aggiunte e 7 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 49 7
      frontend/src/views/module_payment/apikey/index.vue

+ 49 - 7
frontend/src/views/module_payment/apikey/index.vue
Vedi File 

@@ -307,17 +307,57 @@ Signature: {signature}</code></pre>
 
                 <h2>2. 签名验证</h2>
 
                 <p>签名用于验证请求数据的完整性,防止数据被篡改。签名生成步骤:</p>
 
                 <ol>
 
-                  <li>将请求数据(JSON格式)按参数名升序排序</li>
 
+                  <li>过滤请求参数:排除 <code>sign</code> 参数、<code>null</code> 值、空字符串、空数组、空对象</li>
 
+                  <li>将过滤后的参数按参数名ASCII码升序排序</li>
 
+                  <li>对字典或列表类型的值进行JSON序列化(<code>sort_keys=true</code>,<code>separators=(',', ':')</code>)</li>
 
+                  <li>对每个参数值进行URL编码(<code>UTF-8</code>编码)</li>
 
                   <li>将排序后的参数拼接为字符串:<code>key1=value1&amp;key2=value2</code></li>
 
                   <li>使用API Secret作为密钥,通过HMAC-SHA256算法生成签名</li>
 
                   <li>将签名添加到请求头 <code>Signature</code> 中</li>
 
                 </ol>
 
                 <h3>2.1 签名计算示例</h3>
 
-                <pre><code># 签名计算方式
 
-# 1. 对请求体字典按参数名升序排序
 
-# 2. 拼接为 key1=value1&amp;key2=value2 格式
 
-# 3. 使用HMAC-SHA256算法,密钥为API Secret
 
-# 4. 将计算结果作为Signature请求头的值</code></pre>
 
+                <pre><code># 原始请求数据
 
+{
 
+  "account_book_id": "123456",
 
+  "amount": 100.00,
 
+  "payee_info": {
 
+    "identity_type": "ALIPAY_ACCOUNT",
 
+    "name": "张三",
 
+    "identity": "zhangsan@example.com"
 
+  },
 
+  "sign": "不需要参与签名",
 
+  "empty_param": "",
 
+  "null_param": null
 
+}
 
+
 
+# 1. 过滤后(排除sign、空字符串、null)
 
+{
 
+  "account_book_id": "123456",
 
+  "amount": 100.00,
 
+  "payee_info": {
 
+    "identity_type": "ALIPAY_ACCOUNT",
 
+    "name": "张三",
 
+    "identity": "zhangsan@example.com"
 
+  }
 
+}
 
+
 
+# 2. 按参数名升序排序
 
+account_book_id, amount, payee_info
 
+
 
+# 3. JSON序列化嵌套对象
 
+payee_info={"identity":"zhangsan@example.com","identity_type":"ALIPAY_ACCOUNT","name":"张三"}
 
+
 
+# 4. URL编码(处理中文)
 
+name=%E5%BC%A0%E4%B8%89
 
+
 
+# 5. 拼接字符串
 
+account_book_id=123456&amount=100.0&payee_info=%7B%22identity%22%3A%22zhangsan%40example.com%22%2C%22identity_type%22%3A%22ALIPAY_ACCOUNT%22%2C%22name%22%3A%22%E5%BC%A0%E4%B8%89%22%7D
 
+
 
+# 6. HMAC-SHA256签名(密钥为API Secret)
 
+signature = HMAC-SHA256(api_secret, sign_str)
 
+
 
+# 7. 请求头中添加签名
 
+Signature: {signature}</code></pre>
 
               </div>
 
               
               <div v-else-if="activeSection === 'notes'" class="section-content">
 
@@ -326,7 +366,9 @@ Signature: {signature}</code></pre>
 
                   <li>API Key和Secret请妥善保管,不要泄露给他人</li>
 
                   <li>签名验证是<strong>必填</strong>的,未带签名或签名错误将返回401</li>
 
                   <li>签名使用HMAC-SHA256算法,密钥为API Secret</li>
 
-                  <li>签名对象是请求体字典排序后的键值对字符串(key1=value1&amp;key2=value2)</li>
 
+                  <li>签名计算前会自动过滤:<code>sign</code>参数、<code>null</code>值、空字符串、空数组、空对象</li>
 
+                  <li>嵌套对象(如<code>payee_info</code>)会先进行JSON序列化再参与签名</li>
 
+                  <li>参数值会进行URL编码(UTF-8),确保中文字符正确处理</li>
 
                   <li>定期更新API Key,建议每3-6个月更换一次</li>
 
                   <li>如发现API Key泄露,请立即禁用并重新生成</li>
 
                   <li>API Key有过期时间,请在过期前及时更新</li>