shanshanzhong
3c6dd5058b
All checks were successful
Build docker and publish / build (20.15.1) (push) Successful in 6m41s
新增通过transaction_id附加苹果交易的功能,包括: 1. 添加AttachAppleTransactionByIdRequest类型和对应路由 2. 实现AppleIAPConfig配置模型 3. 添加ServerAPI获取交易信息的实现 4. 优化JWS解析逻辑,增加cleanB64函数处理空格 5. 完善苹果通知处理逻辑的日志和注释
113 lines
2.9 KiB
Go
113 lines
2.9 KiB
Go
package apple
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/ecdsa"
|
|
"crypto/rand"
|
|
"crypto/sha256"
|
|
"crypto/x509"
|
|
"encoding/base64"
|
|
"encoding/json"
|
|
"encoding/pem"
|
|
"fmt"
|
|
"net/http"
|
|
"time"
|
|
)
|
|
|
|
type ServerAPIConfig struct {
|
|
KeyID string
|
|
IssuerID string
|
|
PrivateKey string
|
|
Sandbox bool
|
|
}
|
|
|
|
func buildAPIToken(cfg ServerAPIConfig) (string, error) {
|
|
header := map[string]string{
|
|
"alg": "ES256",
|
|
"kid": cfg.KeyID,
|
|
"typ": "JWT",
|
|
}
|
|
now := time.Now().Unix()
|
|
payload := map[string]interface{}{
|
|
"iss": cfg.IssuerID,
|
|
"iat": now,
|
|
"exp": now + 1800,
|
|
"aud": "appstoreconnect-v1",
|
|
}
|
|
hb, _ := json.Marshal(header)
|
|
pb, _ := json.Marshal(payload)
|
|
enc := func(b []byte) string {
|
|
return base64.RawURLEncoding.EncodeToString(b)
|
|
}
|
|
unsigned := fmt.Sprintf("%s.%s", enc(hb), enc(pb))
|
|
block, _ := pem.Decode([]byte(cfg.PrivateKey))
|
|
if block == nil {
|
|
return "", fmt.Errorf("invalid private key")
|
|
}
|
|
keyAny, err := x509.ParsePKCS8PrivateKey(block.Bytes)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
priv, ok := keyAny.(*ecdsa.PrivateKey)
|
|
if !ok {
|
|
return "", fmt.Errorf("private key is not ECDSA")
|
|
}
|
|
hash := unsigned // ES256 signs SHA-256 of input; jwt libs do hashing, we implement manually
|
|
digest := sha256Sum([]byte(hash))
|
|
sig, err := ecdsa.SignASN1(rand.Reader, priv, digest)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
return unsigned + "." + base64.RawURLEncoding.EncodeToString(sig), nil
|
|
}
|
|
|
|
func sha256Sum(b []byte) []byte {
|
|
h := sha256.New()
|
|
h.Write(b)
|
|
return h.Sum(nil)
|
|
}
|
|
|
|
func GetTransactionInfo(cfg ServerAPIConfig, transactionId string) (string, error) {
|
|
token, err := buildAPIToken(cfg)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
try := func(host string) (string, int, string, error) {
|
|
url := fmt.Sprintf("%s/inApps/v1/transactions/%s", host, transactionId)
|
|
req, _ := http.NewRequest("GET", url, nil)
|
|
req.Header.Set("Authorization", "Bearer "+token)
|
|
resp, err := http.DefaultClient.Do(req)
|
|
if err != nil {
|
|
return "", 0, "", err
|
|
}
|
|
defer resp.Body.Close()
|
|
buf := new(bytes.Buffer)
|
|
_, _ = buf.ReadFrom(resp.Body)
|
|
if resp.StatusCode != 200 {
|
|
return "", resp.StatusCode, buf.String(), fmt.Errorf("apple api error: %d", resp.StatusCode)
|
|
}
|
|
var body struct {
|
|
SignedTransactionInfo string `json:"signedTransactionInfo"`
|
|
}
|
|
if err := json.Unmarshal(buf.Bytes(), &body); err != nil {
|
|
return "", resp.StatusCode, buf.String(), err
|
|
}
|
|
return body.SignedTransactionInfo, resp.StatusCode, buf.String(), nil
|
|
}
|
|
primary := "https://api.storekit.itunes.apple.com"
|
|
secondary := "https://api.storekit-sandbox.itunes.apple.com"
|
|
if cfg.Sandbox {
|
|
primary, secondary = secondary, primary
|
|
}
|
|
jws, code, body, err := try(primary)
|
|
if err == nil && jws != "" {
|
|
return jws, nil
|
|
}
|
|
// Fallback to the other environment if primary failed (common when env mismatches)
|
|
jws2, code2, body2, err2 := try(secondary)
|
|
if err2 == nil && jws2 != "" {
|
|
return jws2, nil
|
|
}
|
|
return "", fmt.Errorf("apple api error, primary[%d:%s], secondary[%d:%s]", code, body, code2, body2)
|
|
}
|