Playing snake in the memory of the use of Python to realize the fast payment interface

Now many of these fast-pay channels, easy to support the channel is very comprehensive, just recently need to integrate the payment channel to the platform, so write a paste to record, by the way despise the domestic payment platform, API support did very bad, yeepay example code is wrong, so embarrassing things can appear, It can be seen that the domestic competition is not fierce enough ah.

Into the subject, today's task is to get through the payment and payment notification interface, according to the general rules, the general design of the payment interface through the HTTP protocol is to pass the data through N field or query parameters, one of which is to verify the string, and to prevent tampering with the data, each user who has applied for the payment interface is given a number, Equivalent to the user name, a key, equivalent to the password, used to encrypt tamper-resistant fields of the salt value.

Yeepay's field definition is in the document, this document is everywhere, there is nothing wrong with the document that initiated the request here, but the example in the document is post, the data is placed in a hidden form, where I send the data by constructing the querystring of Get.

According to the document, first define the data as follows: #用的测试平台的数据

data=[
"",
("p0_Cmd","Buy"),
("p1_MerId","10000432521"),
("p2_Order",transid),
("p3_Amt",str(fee)),
("p4_Cur","CNY"),
("p5_Pid","测试一下嘛"),
("p6_Pcat","test"),
("p7_Pdesc","test"),
("p8_Url","http://"),
("p9_SAF","1"),
("pa_MP","None"),
("pd_FrpId","ICBC-NET"),
("pr_NeedResponse","1"),
]

The first "" is not soy sauce, in the following operation is useful, do not when I write wrong ignore.

First, we need to build the authentication source string to be encrypted according to the data, according to the document description is to link the value of each field, notice, without any spacer, look at the document that makes people vomit blood

Look at this description, can you guess how to construct this string? Most of the people who wrote this document have been rebuilt 10 times.

According to this document the only useful word to see the source code, so the source of a big piece of the confucianism、the to change a line of codes, to fix

Origin_str=reduce (lambda x,y: "%s%s"% (x,y[1)), data

Here we use the reduce function, which is to take out the data in the list and the next data accumulation, the method is to pass the result of the previous operation and the next item as parameters to reduce the first parameter, here is a lambda expression, X is the result of the previous operation, Y is the next item, because the result of the first operation in the expression is the string, so that's the origin of the first soy sauce on the data list.

Then you need to use HMAC to encrypt the string, and thanks to the greatness of the great Python aunt, I enter the import HMAC in the shell.

Return to actually have this library, save trouble a lot of, so

mac=hmac.new ("8UPp0KE8sq73zVP370vko7C39403rtK1YwX40Td6irH216036H27Eb12792t")
mac.update(origin_str)
hash_key=mac.hexdigest()

After you get the key, you need to build the string for the query, and this traversal operation becomes supported by the Python function. It's cool, it's a line.

query=　"".join (["http://tech.yeepay.com:8080/robot/debug.action?",reduce(lambda　 x,y:"%s&%s=%s"%(x,y[0],y[1]),data).lstrip ("&"),"&hmac=",hmac_key])

And here we are again offering to reduce aunt

Then there is a very important step, is the Chinese encoding processing, Yi Bao support GBK, so we need to convert this string into GBK encoding:

Query=unicode (query, "UTF8"). Encode ("GBK")

Here we default to your file head is

#-*-coding:utf-8–*-and your source file is UTF8 encoded.

The rest is very simple, redirect to this address can see the test success of the page.

It should be noted that I use the id,key, and interface of the address is a test-specific, to use the formal environment to use the formal environment of the key,id, and interface address to replace

The next thing you need to fix is a callback address program, the most important thing here is to parse the arguments and hash parameters of the tamper-proof string, that is, the value of the parameter named HMAC, where the Yeepay in the document and the sample program are guilty of unforgivable sins, in the document and code only say to detect R0~R9 at the beginning of the parameters, But in fact there is a p1_merid parameter to be counted, otherwise you can never get the right results.

The verification section is the same as the front, where we assume that all querystring are frame-resolved and placed in a dict.

keys=['p1_MerId',　'r0_Cmd',　'r1_Code',　'r2_TrxId', 　'r3_Amt',　'r4_Cur',　'r5_Pid',　'r6_Order',　'r7_Uid',　'r8_MP', 　'r9_BType']　
origin=reduce(lambda　x,y:"%s%s"%(x,y),[dic[k]　for　k　in　keys])
mac=hmac.new ("8UPp0KE8sq73zVP370vko7C39403rtK1YwX40Td6irH216036H27Eb12792t")
mac.update(origin)
hmac_key=mac.hexdigest()

In fact, these are very simple features, but the use of Python, the head does not hurt, the waist is not sour, upstairs also strong.