feat(): openapi签名

src/modules/api/middleware/authority.ts

@@ -1,5 +1,5 @@
 import { App, Config, Inject, Middleware } from '@midwayjs/decorator';
-import { CoolUrlTagData,  } from '@cool-midway/core';
+import { CoolUrlTagData } from '@cool-midway/core';
 import { NextFunction, Context } from '@midwayjs/koa';
 import {
   IMiddleware,
@@ -10,6 +10,9 @@ import {
 import { CachingFactory, MidwayCache } from '@midwayjs/cache-manager';
 import { SunPayAdapter } from '../../payment/adapter/sunpay.adapter';
 import * as crypto from 'crypto';
+import { InjectEntityModel } from '@midwayjs/typeorm';
+import { MerchantEntity } from '../../payment/entity/merchant';
+import { Repository } from 'typeorm';
 
 /**
  * 签名验证
@@ -27,6 +30,9 @@ export class BaseAuthorityMiddleware
   @InjectClient(CachingFactory, 'default')
   midwayCache: MidwayCache;
 
+  @InjectEntityModel(MerchantEntity)
+  merchantEntity: Repository<MerchantEntity>;
+
   @Inject()
   coolUrlTagData: CoolUrlTagData;
 
@@ -51,6 +57,22 @@ export class BaseAuthorityMiddleware
         const params =
           ctx?.req.method === 'GET' ? ctx?.request.query : ctx?.request.body;
 
+        const merchantInfo = await this.merchantEntity.findOne({
+          where: {
+            apiSecret: `${vaKey}`,
+          },
+        });
+
+        // 商户不存在或者说商户被禁用都提示失败
+        if (!merchantInfo || merchantInfo.status != 1) {
+          ctx.status = 401;
+          ctx.body = {
+            code: ctx.status,
+            message: '签名不匹配,认证失败',
+          };
+          return;
+        }
+
         // 2. 生成签名
         const sign = this.generateSignature(
           `${vaTimestamp}`,
@@ -58,7 +80,6 @@ export class BaseAuthorityMiddleware
           JSON.stringify(params),
           `${vaKey}`
         );
-        console.log(6363636, {sign, vaSign})
         if (sign !== vaSign) {
           ctx.status = 401;
           ctx.body = {