api接口定义。签名校验

src/modules/openApi/config.ts → src/modules/api/config.ts

@@ -1,5 +1,5 @@
 // import { BaseLogMiddleware } from './middleware/log';
-// import { BaseAuthorityMiddleware } from './middleware/authority';
+import { BaseAuthorityMiddleware } from './middleware/authority';
 import { ModuleConfig } from '@cool-midway/core';
 
 /**
@@ -12,7 +12,7 @@ export default () => {
     // 模块描述
     description: '所有对外露出的接口',
     // 中间件
-    // globalMiddlewares: [BaseAuthorityMiddleware, BaseLogMiddleware],
+    globalMiddlewares: [BaseAuthorityMiddleware],
     // 模块加载顺序，默认为0，值越大越优先加载
     order: 0,
     // app参数配置允许读取的key

src/modules/openApi/controller/associateBankAccount/index.ts → src/modules/api/controller/associateBankAccount.ts

@@ -8,18 +8,18 @@ import {
   Provide,
   Put,
 } from '@midwayjs/decorator';
-import { BusinessEntity } from '../../../payment/entity/business';
+import { BusinessEntity } from '../../payment/entity/business';
 
 /**
  * 关联银行账户
  */
 @Provide()
-@CoolController('/api/v1/')
-export class CustomerController extends BaseController {
+@CoolController('/api/v1/Fiat')
+export class AssociateBankAccountController extends BaseController {
   /**
    * 获取关联银行账户必填字段
    */
-  @Get('Fiat/AssociateBankAccountRequiredFieldsAsync', {
+  @Get('/AssociateBankAccountRequiredFieldsAsync', {
     summary: '获取关联银行账户必填字段',
   })
   async AssociateBankAccountRequiredFieldsAsync(
@@ -37,7 +37,7 @@ export class CustomerController extends BaseController {
   /**
    * 关联银行账户
    */
-  @Post('Fiat/AssociateBankAccount', { summary: '关联银行账户' })
+  @Post('/AssociateBankAccount', { summary: '关联银行账户' })
   async AssociateBankAccount(@Body(ALL) business: BusinessEntity) {
     // if (!this.allowKeys.includes(key)) {
     //   return this.fail('非法操作');
@@ -52,7 +52,7 @@ export class CustomerController extends BaseController {
    * 获取银行账户信息
    * /api/v3/Fiat/GetAssociateBankAccounts
    */
-  @Post('Fiat/GetAssociateBankAccounts', { summary: '获取银行账户信息' })
+  @Post('/GetAssociateBankAccounts', { summary: '获取银行账户信息' })
   async GetAssociateBankAccounts(@Body(ALL) business: BusinessEntity) {
     // if (!this.allowKeys.includes(key)) {
     //   return this.fail('非法操作');
@@ -67,7 +67,7 @@ export class CustomerController extends BaseController {
    * TODO 关联银行账户回调通知
    *
    */
-  @Put('Fiat/AssociateBankAccounts/callback', {
+  @Put('/AssociateBankAccounts/callback', {
     summary: '关联银行账户回调通知',
   })
   async createCustomerCallback(@Body(ALL) business: BusinessEntity) {

src/modules/openApi/controller/banks/index.ts → src/modules/api/controller/banks.ts

@@ -1,18 +1,18 @@
 import { CoolController, BaseController } from '@cool-midway/core';
 import { ALL, Body, Get, Inject, Post, Provide } from '@midwayjs/decorator';
-import { BusinessEntity } from '../../../payment/entity/business';
+import { BusinessEntity } from '../../payment/entity/business';
 
 /**
  * 支持银行
  */
 @Provide()
-@CoolController('/api/v1/')
-export class CustomerController extends BaseController {
+@CoolController('/api/v1/Fiat')
+export class BanksController extends BaseController {
   /**
    * 获取银行列表
    * /api/v3/Fiat/Banks
    */
-  @Post('Fiat/Banks', { summary: '获取银行列表' })
+  @Post('/Banks', { summary: '获取银行列表' })
   async getBanks(@Body(ALL) business: BusinessEntity) {
     // if (!this.allowKeys.includes(key)) {
     //   return this.fail('非法操作');

src/modules/openApi/controller/beneficiary/index.ts → src/modules/api/controller/beneficiary.ts

@@ -9,19 +9,19 @@ import {
   Provide,
   Put,
 } from '@midwayjs/decorator';
-import { BusinessEntity } from '../../../payment/entity/business';
+import { BusinessEntity } from '../../payment/entity/business';
 
 /**
  * 受益人
  */
 @Provide()
-@CoolController('/api/v1/')
-export class CustomerController extends BaseController {
+@CoolController('/api/v1/Fiat')
+export class BeneficiaryController extends BaseController {
   /**
    * 创建受益人
    * /api/v3/Fiat/Beneficiary
    */
-  @Post('Fiat/Beneficiary', { summary: '创建受益人' })
+  @Post('/Beneficiary', { summary: '创建受益人' })
   async createCustomer(@Body(ALL) business: BusinessEntity) {
     // if (!this.allowKeys.includes(key)) {
     //   return this.fail('非法操作');
@@ -35,7 +35,7 @@ export class CustomerController extends BaseController {
   /**
    * 获取受益人
    */
-  @Get('Fiat/Beneficiary/:id', { summary: '获取受益人' })
+  @Get('/Beneficiary/:id', { summary: '获取受益人' })
   async beneficiaryForId(@Body(ALL) business: BusinessEntity) {
     // if (!this.allowKeys.includes(key)) {
     //   return this.fail('非法操作');
@@ -50,7 +50,7 @@ export class CustomerController extends BaseController {
    * 获取受益人列表
    * /api/v3/Fiat/Beneficiary
    */
-  @Get('Fiat/Beneficiary', { summary: '获取受益人列表' })
+  @Get('/Beneficiary', { summary: '获取受益人列表' })
   async getBeneficiary(@Body(ALL) business: BusinessEntity) {
     // if (!this.allowKeys.includes(key)) {
     //   return this.fail('非法操作');
@@ -64,7 +64,7 @@ export class CustomerController extends BaseController {
   /**
    * 修改受益人
    */
-  @Put('Fiat/Beneficiary', { summary: '修改受益人' })
+  @Put('/Beneficiary', { summary: '修改受益人' })
   async updateBeneficiary(@Body(ALL) business: BusinessEntity) {
     // if (!this.allowKeys.includes(key)) {
     //   return this.fail('非法操作');
@@ -79,7 +79,7 @@ export class CustomerController extends BaseController {
    * 删除受益人
    * /api/v3/Fiat/Beneficiary/{id}
    */
-  @Del('Fiat/Beneficiary', { summary: '删除受益人' })
+  @Del('/Beneficiary', { summary: '删除受益人' })
   async deleteBeneficiaryForId(@Body(ALL) business: BusinessEntity) {
     // if (!this.allowKeys.includes(key)) {
     //   return this.fail('非法操作');

src/modules/openApi/controller/beneficiaryAddress/index.ts → src/modules/api/controller/beneficiaryAddress.ts

@@ -8,19 +8,19 @@ import {
   Provide,
   Put,
 } from '@midwayjs/decorator';
-import { BusinessEntity } from '../../../payment/entity/business';
+import { BusinessEntity } from '../../payment/entity/business';
 
 /**
  * 受益人地址
  */
 @Provide()
-@CoolController('/api/v1/')
-export class CustomerController extends BaseController {
+@CoolController('/api/v1/Fiat')
+export class BeneficiaryAddressController extends BaseController {
   /**
    * 创建受益人地址
    * /api/v3/Fiat/BeneficiaryAddress
    */
-  @Post('Fiat/BeneficiaryAddress', { summary: '创建受益人地址' })
+  @Post('/BeneficiaryAddress', { summary: '创建受益人地址' })
   async createBeneficiaryAddress(@Body(ALL) business: BusinessEntity) {
     // if (!this.allowKeys.includes(key)) {
     //   return this.fail('非法操作');
@@ -35,7 +35,7 @@ export class CustomerController extends BaseController {
    * 获取受益人地址必填字段
    * /api/v3/Fiat/BeneficiaryAddressRequiredFields
    */
-  @Get('Fiat/BeneficiaryAddressRequiredFields', {
+  @Get('/BeneficiaryAddressRequiredFields', {
     summary: '获取受益人地址必填字段',
   })
   async getBeneficiaryAddressRequiredFields(
@@ -54,7 +54,7 @@ export class CustomerController extends BaseController {
    * 验证受益人地址必填字段
    * /api/v3/Fiat/BeneficiaryAddress/Validate
    */
-  @Post('Fiat/BeneficiaryAddress/Validate', {
+  @Post('/BeneficiaryAddress/Validate', {
     summary: '验证受益人地址必填字段',
   })
   async BeneficiaryAddressValidate(@Body(ALL) business: BusinessEntity) {
@@ -71,7 +71,7 @@ export class CustomerController extends BaseController {
    * 修改受益人地址
    * /api/v3/Fiat/BeneficiaryAddress
    */
-  @Put('Fiat/BeneficiaryAddress', {
+  @Put('/BeneficiaryAddress', {
     summary: '修改受益人地址',
   })
   async updateBeneficiaryAddress(@Body(ALL) business: BusinessEntity) {
@@ -88,7 +88,7 @@ export class CustomerController extends BaseController {
    * 获取受益人地址
    * /api/v3/Fiat/BeneficiaryAddress/{id}
    */
-  @Put('Fiat/BeneficiaryAddress/:id', {
+  @Put('/BeneficiaryAddress/:id', {
     summary: '修改受益人地址',
   })
   async getBeneficiaryAddressForId(@Body(ALL) business: BusinessEntity) {
@@ -105,7 +105,7 @@ export class CustomerController extends BaseController {
    * 获取受益人地址列表
    * /api/v3/Fiat/BeneficiaryAddress
    */
-  @Get('Fiat/BeneficiaryAddress', {
+  @Get('/BeneficiaryAddress', {
     summary: '获取受益人地址列表',
   })
   async getBeneficiaryAddress(@Body(ALL) business: BusinessEntity) {
@@ -122,7 +122,7 @@ export class CustomerController extends BaseController {
    * 删除受益人地址
    * /api/v3/Fiat/BeneficiaryAddress/{id}
    */
-  @Get('Fiat/BeneficiaryAddress/:id', {
+  @Get('/BeneficiaryAddress/:id', {
     summary: '删除受益人地址',
   })
   async deleteBeneficiaryAddressForId(@Body(ALL) business: BusinessEntity) {

src/modules/openApi/controller/customer/index.ts → src/modules/api/controller/customer.ts

@@ -1,3 +1,4 @@
+0;
 import { CoolController, BaseController } from '@cool-midway/core';
 import {
   ALL,
@@ -8,18 +9,18 @@ import {
   Provide,
   Put,
 } from '@midwayjs/decorator';
-import { BusinessEntity } from '../../../payment/entity/business';
+import { BusinessEntity } from '../../payment/entity/business';
 
 /**
  * 客户管理
  */
 @Provide()
-@CoolController('/api/v1/')
+@CoolController('/api/v1/Fiat')
 export class CustomerController extends BaseController {
   /**
    * 创建客户
    */
-  @Post('Fiat/Customer', { summary: '创建客户' })
+  @Post('/CreateCustomer', { summary: '创建客户' })
   async createCustomer(@Body(ALL) business: BusinessEntity) {
     // if (!this.allowKeys.includes(key)) {
     //   return this.fail('非法操作');
@@ -33,7 +34,7 @@ export class CustomerController extends BaseController {
   /**
    * 获取创建客户必填字段
    */
-  @Get('Fiat/CustomerRequiredFields', { summary: '获取创建客户必填字段' })
+  @Get('/CustomerRequiredFields', { summary: '获取创建客户必填字段' })
   async getCustomerRequiredFields(@Body(ALL) business: BusinessEntity) {
     // if (!this.allowKeys.includes(key)) {
     //   return this.fail('非法操作');
@@ -48,7 +49,7 @@ export class CustomerController extends BaseController {
    * 验证客户必填字段
    * /api/v3/Fiat/Customer/Validate
    */
-  @Post('Fiat/Customer/Validate', { summary: '验证客户必填字段' })
+  @Post('/Customer/Validate', { summary: '验证客户必填字段' })
   async param(@Body(ALL) business: BusinessEntity) {
     // if (!this.allowKeys.includes(key)) {
     //   return this.fail('非法操作');
@@ -60,10 +61,10 @@ export class CustomerController extends BaseController {
     return this.ok('hello, cool-admin!!!');
   }
   /**
-   * 验证客户必填字段
+   * 修改客户
    * /api/v3/Fiat/Customer
    */
-  @Put('Fiat/Customer', { summary: '验证客户必填字段' })
+  @Put('/updateCustomer', { summary: '修改客户' })
   async updateCustomer(@Body(ALL) business: BusinessEntity) {
     // if (!this.allowKeys.includes(key)) {
     //   return this.fail('非法操作');
@@ -78,7 +79,7 @@ export class CustomerController extends BaseController {
    * TODO 创建客户回调通知
    *
    */
-  @Post('Fiat/callback', { summary: '创建客户回调通知' })
+  @Post('/callback', { summary: '创建客户回调通知' })
   async createCustomerCallback(@Body(ALL) business: BusinessEntity) {
     // if (!this.allowKeys.includes(key)) {
     //   return this.fail('非法操作');

src/modules/openApi/controller/payIn/index.ts → src/modules/api/controller/payIn.ts

@@ -1,18 +1,18 @@
 import { CoolController, BaseController } from '@cool-midway/core';
 import { ALL, Body, Get, Inject, Post, Provide } from '@midwayjs/decorator';
-import { BusinessEntity } from '../../../payment/entity/business';
+import { BusinessEntity } from '../../payment/entity/business';
 
 /**
  * 入金
  */
 @Provide()
-@CoolController('/api/v1/')
-export class CustomerController extends BaseController {
+@CoolController('/api/v1/Fiat')
+export class PayInController extends BaseController {
   /**
    * 创建订单
    * /api/v3/Fiat/PayIn
    */
-  @Post('Fiat/PayIn', { summary: '创建订单' })
+  @Post('/PayIn', { summary: '创建订单' })
   async createPayInOrder(@Body(ALL) business: BusinessEntity) {
     // if (!this.allowKeys.includes(key)) {
     //   return this.fail('非法操作');
@@ -27,7 +27,7 @@ export class CustomerController extends BaseController {
    * 查询订单
    * /api/v3/Fiat/PayIn/{orderNo}
    */
-  @Get('Fiat/PayIn/:orderNo', { summary: '查询订单' })
+  @Get('/PayIn/:orderNo', { summary: '查询订单' })
   async getPayInForOrderNo(@Body(ALL) business: BusinessEntity) {
     // if (!this.allowKeys.includes(key)) {
     //   return this.fail('非法操作');
@@ -42,7 +42,7 @@ export class CustomerController extends BaseController {
    * 取消订单
    * /api/v3/Fiat/PayIn/{orderNo}/Cancel
    */
-  @Post('Fiat/PayIn/:orderNo/Cancel', { summary: '取消订单' })
+  @Post('/PayIn/:orderNo/Cancel', { summary: '取消订单' })
   async cancelPayInOrderForOrderNo(@Body(ALL) business: BusinessEntity) {
     // if (!this.allowKeys.includes(key)) {
     //   return this.fail('非法操作');

src/modules/openApi/controller/payOut/index.ts → src/modules/api/controller/payOut.ts

@@ -1,18 +1,18 @@
 import { CoolController, BaseController } from '@cool-midway/core';
 import { ALL, Body, Get, Inject, Post, Provide } from '@midwayjs/decorator';
-import { BusinessEntity } from '../../../payment/entity/business';
+import { BusinessEntity } from '../../payment/entity/business';
 
 /**
  * 入金
  */
 @Provide()
-@CoolController('/api/v1/')
+@CoolController('/api/v1/Fiat')
 export class CustomerController extends BaseController {
   /**
    * 创建订单
    * /api/v3/Fiat/Payout
    */
-  @Post('Fiat/PayOut', { summary: '创建订单' })
+  @Post('/PayOut', { summary: '创建订单' })
   async createPayOutOrder(@Body(ALL) business: BusinessEntity) {
     // if (!this.allowKeys.includes(key)) {
     //   return this.fail('非法操作');
@@ -27,8 +27,8 @@ export class CustomerController extends BaseController {
    * 查询订单
    * /api/v3/Fiat/PayOut/{orderNo}
    */
-  @Get('Fiat/PayOut/:orderNo', { summary: '查询订单' })
-  async getPayOutForOrderNo(@Body(ALL) business: BusinessEntity) {
+  @Get('/PayOut/:orderNo', { summary: '查询订单' })
+  async PayOutOutForOrderNo(@Body(ALL) business: BusinessEntity) {
     // if (!this.allowKeys.includes(key)) {
     //   return this.fail('非法操作');
     // }
@@ -42,7 +42,7 @@ export class CustomerController extends BaseController {
    * 取消订单
    * /api/v3/Fiat/PayOut/{orderNo}/Cancel
    */
-  @Post('Fiat/PayOut/:orderNo/Cancel', { summary: '取消订单' })
+  @Post('/PayOut/:orderNo/Cancel', { summary: '取消订单' })
   async cancelPayOutOrderForOrderNo(@Body(ALL) business: BusinessEntity) {
     // if (!this.allowKeys.includes(key)) {
     //   return this.fail('非法操作');

src/modules/openApi/controller/wallet/index.ts → src/modules/api/controller/wallet.ts

@@ -1,19 +1,19 @@
 import { CoolController, BaseController } from '@cool-midway/core';
 import { ALL, Body, Get, Inject, Post, Provide } from '@midwayjs/decorator';
-import { BusinessEntity } from '../../../payment/entity/business';
+import { BusinessEntity } from '../../payment/entity/business';
 
 /**
  * 钱包
  */
 @Provide()
-@CoolController('/api/v1/')
-export class CustomerController extends BaseController {
+@CoolController('/api/v1/Fiat')
+export class WalletController extends BaseController {
   /**
    * 创建钱包
    * /api/v3/Fiat/Wallet
    */
-  @Post('Fiat/Wallet', { summary: '创建钱包' })
-  async createCustomer(@Body(ALL) business: BusinessEntity) {
+  @Post('/Wallet', { summary: '创建钱包' })
+  async createWallet(@Body(ALL) business: BusinessEntity) {
     // if (!this.allowKeys.includes(key)) {
     //   return this.fail('非法操作');
     // }
@@ -27,7 +27,7 @@ export class CustomerController extends BaseController {
    * TODO 创建钱包回调通知
    *
    */
-  @Post('Fiat/wallet/callback', { summary: '创建钱包回调通知' })
+  @Post('/wallet/callback', { summary: '创建钱包回调通知' })
   async createWalletCallback(@Body(ALL) business: BusinessEntity) {
     // if (!this.allowKeys.includes(key)) {
     //   return this.fail('非法操作');
@@ -42,7 +42,7 @@ export class CustomerController extends BaseController {
    * 获取钱包信息
    *
    */
-  @Get('Fiat/GetWalletAccounts', { summary: '获取钱包信息' })
+  @Get('/GetWalletAccounts', { summary: '获取钱包信息' })
   async GetWalletAccounts(@Body(ALL) business: BusinessEntity) {
     // if (!this.allowKeys.includes(key)) {
     //   return this.fail('非法操作');
@@ -57,7 +57,7 @@ export class CustomerController extends BaseController {
   /**
    * 获取账户币种余额
    */
-  @Get('Fiat/AccountBalance', { summary: '获取账户币种余额' })
+  @Get('/AccountBalance', { summary: '获取账户币种余额' })
   async AccountBalance(@Body(ALL) business: BusinessEntity) {
     // if (!this.allowKeys.includes(key)) {
     //   return this.fail('非法操作');

src/modules/api/middleware/authority.ts

@@ -0,0 +1,88 @@
+import { App, Config, Inject, Middleware } from '@midwayjs/decorator';
+import * as _ from 'lodash';
+import { CoolUrlTagData, RESCODE, TagTypes } from '@cool-midway/core';
+import * as jwt from 'jsonwebtoken';
+import { NextFunction, Context } from '@midwayjs/koa';
+import {
+  IMiddleware,
+  IMidwayApplication,
+  Init,
+  InjectClient,
+} from '@midwayjs/core';
+import { CachingFactory, MidwayCache } from '@midwayjs/cache-manager';
+import { SunPayAdapter } from '../../payment/adapter/sunpay.adapter';
+import * as crypto from 'crypto';
+
+/**
+ * 签名验证
+ */
+@Middleware()
+export class BaseAuthorityMiddleware
+  implements IMiddleware<Context, NextFunction>
+{
+  @Config('koa.globalPrefix')
+  prefix;
+
+  @Config('module.base')
+  jwtConfig;
+
+  @InjectClient(CachingFactory, 'default')
+  midwayCache: MidwayCache;
+
+  @Inject()
+  coolUrlTagData: CoolUrlTagData;
+
+  @App()
+  app: IMidwayApplication;
+
+  ignoreUrls: string[] = [];
+
+  resolve() {
+    return async (ctx: Context, next: NextFunction) => {
+      // 签名校验
+      let { header } = ctx;
+      const {
+        'va-key': vaKey = '',
+        'va-timestamp': vaTimestamp = '',
+        'va-nonce': vaNonce = '',
+        'va-sign': vaSign = '',
+      } = header;
+      const params =
+        ctx?.req.method === 'GET' ? ctx?.request.query : ctx?.request.body;
+
+      // 2. 生成签名
+      const sign = this.generateSignature(
+        `${vaTimestamp}`,
+        `${vaNonce}`,
+        JSON.stringify(params),
+        `${vaKey}`
+      );
+
+      if (sign !== vaSign) {
+        ctx.status = 401;
+        ctx.body = {
+          code: RESCODE.AUTHFAIL,
+          message: '签名不匹配,认证失败',
+        };
+        return;
+      }
+
+      await next();
+    };
+  }
+
+  /**
+   * 生成签名
+   * @see https://docs-merchant.sunpay.pro/guide
+   */
+  generateSignature(timestamp, nonce, body = '', secret = '') {
+    const payload = `${timestamp}${nonce}${body}`;
+    const signature = crypto
+      .createHmac('sha256', secret)
+      .update(payload)
+      .digest('hex')
+      .toUpperCase();
+
+    return signature;
+  }
+}

src/modules/api/service/customer.ts

@@ -0,0 +1,8 @@
+import { BaseService } from '@cool-midway/core';
+import { Provide } from '@midwayjs/core';
+
+/**
+ * 描述
+ */
+@Provide()
+export class CustomerService extends BaseService {}

src/modules/openApi/middleware/authority.ts

@@ -1,51 +0,0 @@
-import { App, Config, Inject, Middleware } from '@midwayjs/decorator';
-import * as _ from 'lodash';
-import { CoolUrlTagData, RESCODE, TagTypes } from '@cool-midway/core';
-import * as jwt from 'jsonwebtoken';
-import { NextFunction, Context } from '@midwayjs/koa';
-import {
-  IMiddleware,
-  IMidwayApplication,
-  Init,
-  InjectClient,
-} from '@midwayjs/core';
-import { CachingFactory, MidwayCache } from '@midwayjs/cache-manager';
-
-/**
- * 签名验证
- */
-@Middleware()
-export class BaseAuthorityMiddleware
-  implements IMiddleware<Context, NextFunction>
-{
-  @Config('koa.globalPrefix')
-  prefix;
-
-  @Config('module.base')
-  jwtConfig;
-
-  @InjectClient(CachingFactory, 'default')
-  midwayCache: MidwayCache;
-
-  @Inject()
-  coolUrlTagData: CoolUrlTagData;
-
-  @App()
-  app: IMidwayApplication;
-
-  ignoreUrls: string[] = [];
-
-  resolve() {
-    return async (ctx: Context, next: NextFunction) => {
-      // 签名校验
-      // 读取
-      let statusCode = 200;
-      let { url } = ctx;
-      url = url.replace(this.prefix, '').split('?')[0];
-      const token = ctx.get('Authorization');
-      const adminUrl = '/admin/';
-
-      await next();
-    };
-  }
-}