增加微信支付通知处理器 #105
增加微信支付通知处理器 #105
Conversation
| throw new IllegalArgumentException("serialNumber为空"); | ||
| } | ||
| if (message == null || message.length == 0) { | ||
| throw new IllegalArgumentException("message为空"); |
There was a problem hiding this comment.
这种都是实时的外部不可控输入,不应该用IllegalArgumentException这样的 RuntimeException 的,而是 ValidationException 的。切记不能因为外部输入导致程序直接异常呀。
There was a problem hiding this comment.
另外,如果只能从 builder 构造,参数检查不是做过一遍了吗?很多参数都是自己可控的,难道你是想别人扩展NotifyHandler 吗
| @@ -0,0 +1,75 @@ | |||
| package com.wechat.pay.contrib.apache.httpclient.auth; | |||
There was a problem hiding this comment.
感觉不应该放在 auth 下,只是 auth 的一个应用场景 ?
There was a problem hiding this comment.
可以新建notify,放到notify下
| /** | ||
| * @author lianup | ||
| */ | ||
| public class WechatPayNotifyHandler { |
There was a problem hiding this comment.
名字要加 wechatpay 前缀吗,除了最外层的 builder 其他地方都没加呢
There was a problem hiding this comment.
我觉得应该叫做 NotificationHandler
| this.verifyMessage = verifyMessage; | ||
| this.body = body; | ||
| // 获取请求体需要信息 | ||
| parseBody(); |
There was a problem hiding this comment.
先验签再解析吧,只有是微信支付的回调,才有解析的意义
| /** | ||
| * @author lianup | ||
| */ | ||
| public class WechatPayNotifyRequest { |
There was a problem hiding this comment.
我担心这样直接暴露实现给开发者,不利于未来的扩展,就像图片上传一样。而是提供 interface,interface只包含验签所需要的字段,即
serialnomessagesignature
而没有timestamp和nonce。
再针对接口提供实现会更好。
There was a problem hiding this comment.
可以修改为:
- 增加Request接口,包括getSerialNumber()、getMessage()、getSignature()方法。
- 增加NotifyRequest类,实现Request接口。
There was a problem hiding this comment.
1还可以增加getBody()方法,也属于request的一部分。
lianup
force-pushed
the
master
branch
2 times, most recently
from
569e513 to
e502cdf
Compare
| getAssociatedData, new String(bodyNonce), ciphertext); | ||
| throw new DecryptionException(errorMessage, e); | ||
| } | ||
| return data; |
There was a problem hiding this comment.
这里返回一个完整的回调结构体,而不仅仅是加密的部分吧。还有id/type/summary等等对商户可能有价值信息。
There was a problem hiding this comment.
可以返回一个parseResult,包括id、create_time、event_type、data(解密后的数据)、summary。
| package com.wechat.pay.contrib.apache.httpclient.notification; | ||
|
|
||
| /** | ||
| * @author lianup |
打算在bump version时添加 |
lianup
force-pushed
the
master
branch
4 times, most recently
from
d2e41a5 to
04e2e82
Compare
src/main/java/com/wechat/pay/contrib/apache/httpclient/notification/ParseResult.java
Outdated
Show resolved
Hide resolved
src/main/java/com/wechat/pay/contrib/apache/httpclient/notification/NotificationRequest.java
Show resolved
Hide resolved
src/main/java/com/wechat/pay/contrib/apache/httpclient/notification/NotificationHandler.java
Outdated
Show resolved
Hide resolved
src/main/java/com/wechat/pay/contrib/apache/httpclient/notification/NotificationHandler.java
Show resolved
Hide resolved
| } | ||
|
|
||
| @Override | ||
| public String toString() { |
There was a problem hiding this comment.
使用 ObjectMapper 来代替手写?
There was a problem hiding this comment.
此处用到toString的地方为拼接错误信息,在错误中抛出,商户测试和使用时也可以直接用toString打印。
| private String decryptData; | ||
|
|
||
| @Override | ||
| public String toString() { |
There was a problem hiding this comment.
使用 ObjectMapper 来代替手写?
There was a problem hiding this comment.
此处用到toString的地方为拼接错误信息,在错误中抛出,商户测试和使用时也可以直接用toString打印。
src/main/java/com/wechat/pay/contrib/apache/httpclient/notification/NotificationHandler.java
Show resolved
Hide resolved
src/main/java/com/wechat/pay/contrib/apache/httpclient/notification/NotificationHandler.java
Show resolved
Hide resolved
| try { | ||
| decryptData = aesUtil.decryptToString(associatedData, bodyNonce, ciphertext); | ||
| } catch (GeneralSecurityException e) { | ||
| String errorMessage = String.format("aes解密失败 apiV3Key[%s], associatedData[%s] bodyNonce[%s] ciphertext[%s]", |
There was a problem hiding this comment.
Resource也有tostring方法,可以直接用?
lianup
force-pushed
the
master
branch
2 times, most recently
from
2fbcd18 to
72fbae1
Compare
4 participants
No description provided.