准入条件
- 营业执照
- 通过ICP备案的网站
- 使用沙箱
沙箱接入:直接使用沙箱提供的开发参数,无需进行应用的创建,绑定,上线和签约
node.js:
- 基于chrome v8引擎的JavaScript运行环境
- 使用了一个事件驱动,非阻塞I/O的模型,使其轻量且高效
引入支付参数:同样将配置文件设置为SpringBoot配置文件。
alipay-sandbox.properties
# 支付宝支付相关参数
# 应用ID,您的APPID,收款账号既是您的APPID对应支付宝账号
alipay.app-id=***
# 商户PID,卖家支付宝账号ID
alipay.seller-id=***
# 支付宝网关
alipay.gateway-url=https://openapi.alipaydev.com/gateway.do
# 商户私钥,您的PKCS8格式RSA2私钥
alipay.merchant-private-key=***
# 支付宝公钥,查看地址:https://openhome.alipay.com/platform/keyManage.htm 对应APPID下的支付宝公钥
alipay.alipay-public-key=***
# 接口内容加密秘钥,对称秘钥
alipay.content-key=***
# 页面跳转同步通知页面路径
alipay.return-url=http://localhost:8080/#/success
# 服务器异步通知页面路径 需http://格式的完整路径,不能加?id=123这类自定义参数,必须外网可以正常访问
# 注意:每次重新启动ngrok,都需要根据实际情况修改这个配置
alipay.notify-url=***/api/ali-pay/trade/notify
AliPayClientConfig.java创建封装了签名和验签功能的客户端对象AlipayClient
package com.pay.paymentdemo.config;
import com.alipay.api.*;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.core.env.Environment;
import javax.annotation.Resource;
@Configuration
@PropertySource("classpath:alipay-sandbox.properties")
public class AliPayClientConfig {
@Resource
private Environment config;
// 官方文档 https://opendocs.alipay.com/common/02kf5q
@Bean
public AlipayClient getAlipayClient() throws AlipayApiException {
AlipayConfig alipayConfig = new AlipayConfig();
//设置网关地址
alipayConfig.setServerUrl(config.getProperty("alipay.gateway-url"));
//设置应用ID
alipayConfig.setAppId(config.getProperty("alipay.app-id"));
//设置应用私钥
alipayConfig.setPrivateKey(config.getProperty("alipay.merchant-private-key"));
//设置请求格式,固定值json
alipayConfig.setFormat(AlipayConstants.FORMAT_JSON);
//设置字符集
alipayConfig.setCharset(AlipayConstants.CHARSET_UTF8);
//设置支付宝公钥
alipayConfig.setAlipayPublicKey(config.getProperty("alipay.alipay-public-key"));
//设置签名类型
alipayConfig.setSignType(AlipayConstants.SIGN_TYPE_RSA2);
//构造client
AlipayClient alipayClient = new DefaultAlipayClient(alipayConfig);
return alipayClient;
}
}
统一收单下单并支付页面接口
- 公共参数:大部分已在AliPayClient中配置好。还有returnUrl和notifyUrl
- 请求参数:商户订单号,订单总额,订单标题,销售产品码等
- 公共响应参数
- 响应参数:支付宝交易号,商户订单号,收款支付宝账号,交易金额,商户原始订单号
AliPayController.java
package com.pay.paymentdemo.controller;
import com.alipay.api.AlipayApiException;
import com.alipay.api.AlipayConstants;
import com.alipay.api.internal.util.AlipaySignature;
import com.pay.paymentdemo.entity.OrderInfo;
import com.pay.paymentdemo.service.AliPayService;
import com.pay.paymentdemo.service.OrderInfoService;
import com.pay.paymentdemo.vo.R;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import lombok.extern.slf4j.Slf4j;
import org.junit.runners.Parameterized;
import org.springframework.core.env.Environment;
import org.springframework.web.bind.annotation.*;
import javax.annotation.Resource;
import java.math.BigDecimal;
import java.util.Map;
@CrossOrigin
@RestController
@RequestMapping("/api/ali-pay")
@Api(tags = "网站支付宝支付")
@Slf4j
public class AliPayController {
@Resource
private AliPayService aliPayService;
@Resource
private Environment config;
@Resource
private OrderInfoService orderInfoService;
@ApiOperation("统一收单下单并支付页面接口的调用")
@PostMapping("/trade/page/pay/{productId}")
public R tradePagePay(@PathVariable Long productId) {
log.info("统一收单下单并支付页面接口的调用");
// 支付宝开放平台接收 request请求对象后
// 会为开放者生成一个html 形式的 form表单, 包含自动提交的脚本
String formStr = aliPayService.tradeCreate(productId);
// 将form表单字符串返回给前端程序:之后前端会调用自动提交脚本,进行表单的提交
// 此时,表单会自动提交到action属性所指的支付宝开放平台中,从而为用户展示一个支付页面
return R.ok().data("formStr", formStr);
}
@ApiOperation("支付通知")
@PostMapping("/trade/notify")
public String tradeNotify(@RequestParam Map<String,String> params) {
log.info("支付通知正在执行");
log.info("通知参数 ===> {}", params);
String result = "failure";
try {
// 异步通知验签
boolean signVerified = AlipaySignature.rsaCheckV1(
params,
config.getProperty("alipay.alipay-public-key"),
AlipayConstants.CHARSET_UTF8,
AlipayConstants.SIGN_TYPE_RSA2); //调用SDK验证签名
if(!signVerified){
// 验签失败则记录异常日志,并在response中返回failure.
log.error("支付成功异步通知验签失败");
return result;
}
// 验签成功后,按照支付结果异步通知中的描述,对支付结果中的业务内容进行二次校验,
log.info("支付成功异步通知验签成功");
// 按照支付结果异步通知中的描述,对支付结果中的业务内容进行二次校验
// 1.商户需要验证该通知数据中的 out_trade_no 是否为商户系统中创建的订单号
String outTradeNo = params.get("out_trade_no");
OrderInfo order = orderInfoService.getOrderByOrderNo(outTradeNo);
if (order == null) {
log.error("订单不存在");
return result;
}
// 2.判断 total_amount 是否确实为该订单的实际金额
String totalAmount = params.get("total_amount");
int totalAmountInt = new BigDecimal(totalAmount).multiply(new BigDecimal("100")).intValue();
int totalFee = order.getTotalFee().intValue();
if(totalAmountInt != totalFee) {
log.error("金额校验失败");
return result;
}
// 3.校验通知中的 seller_id(或者 seller_email) 是否为 out_trade_no 这笔单据的对应的操作方
String sellerId = params.get("seller_id");
String sellerIdProperty = config.getProperty("alipay.seller-id");
if(!sellerId.equals(sellerIdProperty)) {
log.error("商户pid校验失败");
return result;
}
// 4.验证 app_id 是否为该商家本身。
String appId = params.get("app_id");
String appIdProperty = config.getProperty("alipay.app-id");
if(!appId.equals(appIdProperty)) {
log.error("appId校验失败");
return result;
}
// 在支付宝的业务通知中,只有交易通知状态为 TRADE_SUCCESS 或 TRADE_FINISHED 时,
// 支付宝才会认定为买家付款成功。
String tradeStatus = params.get("trade_status");
if (!tradeStatus.equals("TRADE_SUCCESS")) {
log.error("支付未成功");
return result;
}
// 校验成功后在response中返回success并继续商户自身业务处理,校验失败返回failure
// 处理业务: 修改订单状态,记录支付日志
aliPayService.processOrder(params);
// 向支付宝返回支付成功的结果
result = "success";
} catch (AlipayApiException e) {
e.printStackTrace();
}
return result;
}
/**
* 用户取消订单
* @param orderNo
* @return
*/
@ApiOperation("用户取消订单")
@PostMapping("/trade/close/{orderNo}")
public R cancel(@PathVariable String orderNo) {
log.info("取消订单");
aliPayService.cancelOrder(orderNo);
return R.ok().setMessage("订单已取消");
}
/**
* 查询订单
* @param orderNo
* @return
* @throws Exception
*/
@GetMapping("/trade/query/{orderNo}")
public R queryOrder(@PathVariable String orderNo) {
log.info("查询订单");
String result = aliPayService.queryOrder(orderNo);
return R.ok().setMessage("查询成功").data("result", result);
}
@ApiOperation("申请退款")
@PostMapping("/trade/refund/{orderNo}/{reason}")
public R refunds(@PathVariable String orderNo, @PathVariable String reason) {
log.info("申请退款");
aliPayService.refund(orderNo, reason);
return R.ok();
}
/**
* 查询退款
* @param orderNo
* @return
* @throws Exception
*/
@ApiOperation("查询退款:测试用")
@GetMapping("/trade/fastpay/refund/{orderNo}")
public R queryRefund(@PathVariable String orderNo) throws Exception {
log.info("查询退款");
String result = aliPayService.queryRefund(orderNo);
return R.ok().setMessage("查询成功").data("result", result);
}
/**
* 根据账单类型和日期获取账单url地址
*
* @param billDate
* @param type
* @return
*/
@ApiOperation("获取账单url")
@GetMapping("/bill/downloadurl/query/{billDate}/{type}")
public R queryTradeBill(
@PathVariable String billDate,
@PathVariable String type) {
log.info("获取账单url");
String downloadUrl = aliPayService.queryBill(billDate, type);
return R.ok().setMessage("获取账单url成功").data("downloadUrl", downloadUrl);
}
}
AliPayServiceImpl.java
package com.pay.paymentdemo.service.impl;
import com.alibaba.fastjson.JSONObject;
import com.alipay.api.AlipayApiException;
import com.alipay.api.AlipayClient;
import com.alipay.api.request.*;
import com.alipay.api.response.*;
import com.google.gson.Gson;
import com.google.gson.internal.LinkedTreeMap;
import com.pay.paymentdemo.entity.OrderInfo;
import com.pay.paymentdemo.entity.RefundInfo;
import com.pay.paymentdemo.enums.OrderStatus;
import com.pay.paymentdemo.enums.PayType;
import com.pay.paymentdemo.enums.alipay.AliPayTradeState;
import com.pay.paymentdemo.enums.wxpay.WxApiType;
import com.pay.paymentdemo.enums.wxpay.WxTradeState;
import com.pay.paymentdemo.service.AliPayService;
import com.pay.paymentdemo.service.OrderInfoService;
import com.pay.paymentdemo.service.PaymentInfoService;
import com.pay.paymentdemo.service.RefundInfoService;
import lombok.extern.slf4j.Slf4j;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.util.EntityUtils;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import javax.annotation.Resource;
import java.io.IOException;
import java.math.BigDecimal;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.locks.ReentrantLock;
@Service
@Slf4j
public class AliPayServiceImpl implements AliPayService {
@Resource
private OrderInfoService orderInfoService;
@Resource
private AlipayClient alipayClient;
@Resource
private Environment config;
@Resource
private PaymentInfoService paymentInfoService;
private ReentrantLock lock = new ReentrantLock();
@Resource
private RefundInfoService refundInfoService;
@Transactional
@Override
public String tradeCreate(Long productId) {
try {
// 生成订单
log.info("生成订单");
OrderInfo orderInfo = orderInfoService.createOrderByProductId(productId, PayType.ALIPAY.getType());
// 调用支付宝接口
AlipayTradePagePayRequest request = new AlipayTradePagePayRequest();
// 配置需要的公共请求参数
request.setNotifyUrl(config.getProperty("alipay.notify-url"));
request.setReturnUrl(config.getProperty("alipay.return-url"));
// 组装当前业务方法的请求参数
JSONObject bizContent = new JSONObject();
bizContent.put("out_trade_no", orderInfo.getOrderNo());
BigDecimal total = new BigDecimal(orderInfo.getTotalFee().toString()).divide(new BigDecimal("100"));
bizContent.put("total_amount", total);
bizContent.put("subject", orderInfo.getTitle());
bizContent.put("product_code", "FAST_INSTANT_TRADE_PAY");
request.setBizContent(bizContent.toString());
// 执行请求,调用支付宝接口
AlipayTradePagePayResponse response = alipayClient.pageExecute(request);
if(response.isSuccess()){
log.info("调用成功,返回结果 ===> {}", response.getBody());
return response.getBody();
} else {
log.info("调用失败,返回码 ===> {}, 返回描述 ===> {}", response.getCode(), response.getMsg());
throw new RuntimeException("创建支付交易失败");
}
} catch (AlipayApiException e) {
e.printStackTrace();
throw new RuntimeException("创建支付交易失败");
}
}
/**
* 处理订单
* @param params
*/
@Transactional(rollbackFor = Exception.class)
@Override
public void processOrder(Map<String, String> params) {
log.info("处理订单");
// 获取订单号
String orderNo = params.get("out_trade_no");
// 在对业务数据进行状态检查和处理前,要才有数据锁进行并发控制
// 以避免函数重入造成的数据混乱
// 处理重复通知
// 接口调用的幂等性:无论接口调用多少次,以下业务执行一次
if(lock.tryLock()) {
try {
String orderStatus = orderInfoService.getOrderStatus(orderNo);
if (!OrderStatus.NOTPAY.getType().equals(orderStatus)) {
return;
}
// 更新订单状态
orderInfoService.updateStatusByOrderNo(orderNo, OrderStatus.SUCCESS);
// 记录支付日志
paymentInfoService.createPaymentInfoForAliPay(params);
} finally {
lock.unlock();
}
}
}
/**
* 用户取消订单
* @param orderNo
*/
@Override
public void cancelOrder(String orderNo) {
// 调用支付宝提供的统一收单交易关闭接口
this.closeOrder(orderNo);
// 更新用户订单状态
orderInfoService.updateStatusByOrderNo(orderNo, OrderStatus.CANCEL);
}
/**
* 查询订单
* @param orderNo
* @return 返回订单查询结果,若返回null则表示支付宝端尚未创建订单
*/
@Override
public String queryOrder(String orderNo) {
try {
log.info("查单接口调用 ====> {}", orderNo);
AlipayTradeQueryRequest request = new AlipayTradeQueryRequest();
JSONObject bizContent = new JSONObject();
bizContent.put("out_trade_no", orderNo);
request.setBizContent(bizContent.toString());
AlipayTradeQueryResponse response = alipayClient.execute(request);
if(response.isSuccess()){
log.info("调用成功,返回结果 ===> {}", response.getBody());
return response.getBody();
} else {
log.info("调用失败,返回码 ===> {}, 返回描述 ===> {}", response.getCode(), response.getMsg());
// throw new RuntimeException("查单接口调用失败");
return null; // 订单不存在
}
} catch (AlipayApiException e) {
e.printStackTrace();
throw new RuntimeException("查单接口调用失败");
}
}
/**
* 根据订单号调用支付宝查单接口,核实订单状态
* 若订单未创建,则更新商户端订单状态
* 如果订单已支付,则更新商户端订单状态,并记录支付日志
* 若订单未支付,则调用关单接口关闭订单,并更新商户端订单状态
* @param orderNo
*/
@Override
public void checkOrderStatus(String orderNo) {
log.warn("根据订单号核实订单状态 ===> {}", orderNo);
// 调用支付宝查单接口
String result = this.queryOrder(orderNo);
if(result == null) {
log.warn("核实订单未创建 ====> {}", orderNo);
// 更新本地订单状态
orderInfoService.updateStatusByOrderNo(orderNo, OrderStatus.CLOSED);
}
// 解析查单响应结果
Gson gson = new Gson();
HashMap<String, LinkedTreeMap> resultMap = gson.fromJson(result, HashMap.class);
LinkedTreeMap alipayTradeQueryResponse = resultMap.get("alipay_trade_query_response");
// 获取支付宝支付端的订单状态
String tradeStatus = (String) alipayTradeQueryResponse.get("trade_status");
// 判断订单状态
if(AliPayTradeState.NOTPAY.getType().equals(tradeStatus)) {
log.warn("核实订单未支付 ===> {}", orderNo);
// 若确认订单未支付,则调用关单接口
this.closeOrder(orderNo);
// 记录本地订单状态
orderInfoService.updateStatusByOrderNo(orderNo, OrderStatus.CLOSED);
}
if(AliPayTradeState.SUCCESS.getType().equals(tradeStatus)) {
log.warn("核实订单已支付 ===> {}", orderNo);
// 若确认订单已支付,则更新本地订单状态
orderInfoService.updateStatusByOrderNo(orderNo, OrderStatus.SUCCESS);
// 记录支付日志
paymentInfoService.createPaymentInfoForAliPay(alipayTradeQueryResponse);
}
}
@Transactional(rollbackFor = Exception.class)
@Override
public void refund(String orderNo, String reason) {
try {
log.info("调用退款API");
// 创建退款单
RefundInfo refundInfo = refundInfoService.createRefundByOrderNoForAliPay(orderNo, reason);
// 调用统一收单交易退款接口
AlipayTradeRefundRequest request = new AlipayTradeRefundRequest();
// 组装当前业务方法的请求参数
JSONObject bizContent = new JSONObject();
bizContent.put("out_trade_no", orderNo);
BigDecimal refund = new BigDecimal(refundInfo.getRefund().toString()).divide(new BigDecimal("100"));
// 退款失败模拟
// BigDecimal refund = new BigDecimal(refundInfo.getRefund().toString()).divide(new BigDecimal("50"));
bizContent.put("refund_amount", refund);
bizContent.put("refund_reason", reason);
request.setBizContent(bizContent.toString());
// 执行请求,调用支付宝接口
AlipayTradeRefundResponse response = alipayClient.execute(request);
if(response.isSuccess()){
log.info("调用成功,返回结果 ===> " + response.getBody());
// 更新订单状态
orderInfoService.updateStatusByOrderNo(orderNo, OrderStatus.REFUND_SUCCESS);
// 更新退款单
refundInfoService.updateRefundForAliPay(
refundInfo.getRefundNo(),
response.getBody(),
AliPayTradeState.REFUND_SUCCESS.getType()
); // 退款成功
} else {
log.info("调用失败,返回码 ===> " + response.getCode() + ", 返回描述 ===> " + response.getMsg());
// 更新订单状态
orderInfoService.updateStatusByOrderNo(orderNo, OrderStatus.REFUND_ABNORMAL);
// 更新退款单
refundInfoService.updateRefundForAliPay(
refundInfo.getRefundNo(),
response.getBody(),
AliPayTradeState.REFUND_ERROR.getType()
); // 退款失败
}
} catch (AlipayApiException e) {
e.printStackTrace();
}
}
/**
* 关单接口的调用
* @param orderNo
*/
private void closeOrder(String orderNo) {
try {
log.info("关单接口的调用 ===> {}", orderNo);
AlipayTradeCloseRequest request = new AlipayTradeCloseRequest();
JSONObject bizContent = new JSONObject();
bizContent.put("out_trade_no", orderNo);
request.setBizContent(bizContent.toString());
AlipayTradeCloseResponse response = alipayClient.execute(request);
if(response.isSuccess()){
log.info("调用成功,返回结果 ===> {}", response.getBody());
} else {
log.info("调用失败,返回码 ===> {}, 返回描述 ===> {}", response.getCode(), response.getMsg());
// throw new RuntimeException("关单接口调用失败");
}
} catch (AlipayApiException e) {
e.printStackTrace();
throw new RuntimeException("关单接口调用失败");
}
}
/**
* 查询退款
* @param orderNo
* @return
*/
@Override
public String queryRefund(String orderNo) {
try {
log.info("查询退款接口调用 ===> {}", orderNo);
AlipayTradeFastpayRefundQueryRequest request = new AlipayTradeFastpayRefundQueryRequest();
JSONObject bizContent = new JSONObject();
bizContent.put("out_trade_no", orderNo);
bizContent.put("out_request_no", orderNo);
request.setBizContent(bizContent.toString());
AlipayTradeFastpayRefundQueryResponse response = alipayClient.execute(request);
if(response.isSuccess()){
log.info("调用成功,返回结果 ===> " + response.getBody());
return response.getBody();
} else {
log.info("调用失败,返回码 ===> " + response.getCode() + ", 返回描述 ===> " + response.getMsg());
//throw new RuntimeException("查单接口的调用失败");
return null;//订单不存在
}
} catch (AlipayApiException e) {
e.printStackTrace();
throw new RuntimeException("查单接口的调用失败");
}
}
/**
* 申请账单
* @param billDate
* @param type
* @return
*/
@Override
public String queryBill(String billDate, String type) {
try {
AlipayDataDataserviceBillDownloadurlQueryRequest request = new AlipayDataDataserviceBillDownloadurlQueryRequest();
JSONObject bizContent = new JSONObject();
bizContent.put("bill_type", type);
bizContent.put("bill_date", billDate);
request.setBizContent(bizContent.toString());
AlipayDataDataserviceBillDownloadurlQueryResponse response = alipayClient.execute(request);
if(response.isSuccess()){
log.info("调用成功,返回结果 ===> " + response.getBody());
//获取账单下载地址
Gson gson = new Gson();
HashMap<String, LinkedTreeMap> resultMap = gson.fromJson(response.getBody(), HashMap.class);
LinkedTreeMap billDownloadurlResponse = resultMap.get("alipay_data_dataservice_bill_downloadurl_query_response");
String billDownloadUrl = (String)billDownloadurlResponse.get("bill_download_url");
return billDownloadUrl;
} else {
log.info("调用失败,返回码 ===> " + response.getCode() + ", 返回描述 ===> " + response.getMsg());
throw new RuntimeException("申请账单失败");
}
} catch (AlipayApiException e) {
e.printStackTrace();
throw new RuntimeException("申请账单失败");
}
}
}