Google play支付如何用nodejs驗證訂單完成的合法性
const crypto = require('crypto');
// 把字符串分割爲一連串更小的部分
function chunk_split(paramString, paramLength, paramEnd = '\n') {
let p = [];
let s = paramString;
while (s.length > paramLength) {
let s1 = s.substr(0, paramLength);
let s2 = s.substr(paramLength);
s = s2;
p.push(s1);
}
if (s.length > 0) {
p.push(s);
}
p.push('');
return p.join(paramEnd);
}
// google 公鑰
let googlePublicKey = '在 google console 中的開發工具-》服務和API中可以找到';
/**
* 驗證google支付簽名是否正確
* @param {*} params 支付成功收到的參數
* @param {*} inappDataSignature google 傳入的簽名 字段名和順序與用例保持一致 {
"orderId": "GPA.3341-6034-7995-16517",
"packageName": "com.exchange.demo",
"productId": "1006",
"purchaseTime": 1551281602450,
"purchaseState": 0,
"developerPayload": "Coins Package Pack 1",
"purchaseToken": "jjfbbecohm",
}
*/
function GooglePlayCheck(params, inappDataSignature) {
let verify = crypto.createVerify('RSA-SHA1');//請注意,這裏要用RSA-SHA1
let PHP_EOL = '\n';//實際上就是換行符
let inappPurchaseData = JSON.stringify(params);
//這裏要將公鑰轉換成64個字符一行的文本塊。
let publicKey = "-----BEGIN PUBLIC KEY-----" + PHP_EOL + chunk_split(googlePublicKey, 64, PHP_EOL) + "-----END PUBLIC KEY-----";
verify.update(inappPurchaseData);//
let isSuccess = verify.verify(publicKey, Buffer.from(inappDataSignature, 'base64')); //驗證數據
console.log("result:", isSuccess);
}
測試用例
/**
* 測試用例
*/
GooglePlayCheck({
"orderId": "GPA.3341-6034-7995-16517",
"packageName": "com.exchange.demo",
"productId": "1006",
"purchaseTime": 1551281602450,
"purchaseState": 0,
"developerPayload": "Coins Package Pack 1",
"purchaseToken": "jjfbbecohm",
}, "Ig1zAZJPZ8dH4id\/0zDDY62OlbACgWrb+ApRNXu08W35A+XLTp5N5krGugSUBG5LN1CRdLECGY+F8kczh10KLubCmgSPbBhB1kxJ\/bpMSfeklvCa0L3qJ00h0J8km7xJw6nTlwWtlHZzCQWu0TjeniVT0+hipTV67jkCjpHV+e8iGMxxKy0X+8qVEwQ5XNA==");