使用Tornado异步接入第三方(支付宝)支付

目前国内比较流行的第三方支付主要有支付宝和微信支付,博主最近研究了下如何用Python接入支付宝支付,这里我以Tornado作为web框架,接入支付宝构造支付接口。

使用Tornado异步接入支付宝支付流程:

1. 进入蚂蚁金服开放平台填写开发者信息、应用信息

2. 配置RSA256密钥,生成支付宝和应用的密钥

3. 构造订单接口API,生成订单

4. 构造支付接口

 

1. 进入蚂蚁金服开放平台填写开发者信息、应用信息

这里通过沙箱环境开发测试接口,蚂蚁金服开放平台-->开发者中心-->研发者服务-->沙箱应用,配置沙箱应用信息:

设置授权回调地址,注意:这个地址一定要是外网IP地址(我这里是我的阿里云服务器地址),回调地址是自己支付完回调的api地址,可通过扫码下载沙箱板支付宝钱包进行支付测试:

 设置沙箱账号,设置买家和买家的测试账号,支付宝会默认给买家账户99999元,可用来测试支付接口是否成功:

 

2. 配置RSA256密钥,生成支付宝和应用的密钥

 支付宝默认有两种加密算法生成密钥:RSA(SHA1)和RSA2(SHA256),鉴于安全性支付宝推荐使用RSA2(SHA256)密钥。通过查看密钥生成文档https://docs.open.alipay.com/291/105971得知密钥生成方法,按文档提示下载密钥生成工具,解压后打开生成工具,选择密码格式(Python当然就是选择PKCS1了)和密码长度,生成公钥和私钥:

生成后可在RSA密钥文件夹下查看应用的公钥和私钥,并将应用公钥上传到开放平台的开发者环境中:

 

3. 构造订单接口API,生成订单

查看支付接口文档:https://docs.open.alipay.com/270/alipay.trade.page.pay/可知:

 

 支付接口的必填参数有out_trade_no(订单号)、total_amount(订单金额)、subject(订单标题),所以先构造订单接口,生成订单:

 1 class OrderSnHandler(BaseHandler):
 2     @authenticated
 3     async def post(self, *args, **kwargs):
 4         """
 5         创建订单信息
 6         :param request:
 7         :return:
 8         """
 9         res_data = {}
10         req_data = self.request.body.decode("utf8")
11         req_data = json.loads(req_data)
12         post_script = req_data.get("post_script")
13         order_form = TradeOrderSnForm.from_json(req_data)
14         if order_form.validate():
15             try:
16                 order_mount = order_form.order_mount.data
17                 orders_object = await self.application.objects.create(
18                     OrderInfo,
19                     pay_status=OrderInfo.ORDER_STATUS[4][0],
20                     pay_time=datetime.now(),
21                     order_sn=OrderInfo.generate_order_sn(),
22                     user=self.current_user,
23                     order_mount=order_mount,
24                     post_script=post_script
25                 )
26                 res_data["id"] = orders_object.id
27             except Exception:
28                 self.set_status(400)
29                 res_data["content"] = "订单创建失败"
30         else:
31             res_data["content"] = order_form.errors
32 
33         self.finish(res_data)

 

4. 构造支付接口

(1) 构造支付接口类

流程:RSA导入公钥和私钥-->构造请求参数biz_content-->构造支付宝公共请求参数-->排序并拼接参数为规范字符串-->生成签名后的字符串-->请求支付宝接口-->对支付宝接口返回的数据进行签名比对

  1 class AliPay(object):
  2     """
  3     支付宝支付接口
  4     """
  5 
  6     def __init__(self, appid, app_notify_url, app_private_key_path,
  7                  alipay_public_key_path, return_url, debug=False):
  8         self.appid = appid
  9         self.app_notify_url = app_notify_url
 10         self.app_private_key_path = app_private_key_path
 11         self.app_private_key = None
 12         self.return_url = return_url
 13         with open(self.app_private_key_path) as fp:
 14             self.app_private_key = RSA.importKey(fp.read())
 15 
 16         self.alipay_public_key_path = alipay_public_key_path
 17         with open(self.alipay_public_key_path) as fp:
 18             self.alipay_public_key = RSA.import_key(fp.read())
 19 
 20         if debug is True:
 21             self.__gateway = "https://openapi.alipaydev.com/gateway.do"
 22         else:
 23             self.__gateway = "https://openapi.alipay.com/gateway.do"
 24 
 25     def direct_pay(self, subject, out_trade_no, total_amount, **kwargs):  # NOQA
 26         """
 27         构造请求参数biz_content,
 28         并将其放入公共请求参数中,
 29         返回签名sign的data
 30         :param subject:
 31         :param out_trade_no:
 32         :param total_amount:
 33         :param kwargs:
 34         :return:
 35         """
 36         biz_content = {
 37             "subject": subject,
 38             "out_trade_no": out_trade_no,
 39             "total_amount": total_amount,
 40             "product_code": "FAST_INSTANT_TRADE_PAY",
 41         }
 42 
 43         biz_content.update(kwargs)
 44         data = self.build_body(
 45             "alipay.trade.page.pay",
 46             biz_content,
 47             self.return_url
 48         )
 49         return self.sign_data(data)
 50 
 51     def build_body(self, method, biz_content, return_url=None):
 52         """
 53         构造公共请求参数
 54         :param method:
 55         :param biz_content:
 56         :param return_url:
 57         :return:
 58         """
 59         data = {
 60             "app_id": self.appid,
 61             "method": method,
 62             "charset": "utf-8",
 63             "sign_type": "RSA2",
 64             "timestamp": datetime.now().strftime("%Y-%m-%d %H:%M:%S"),
 65             "version": "1.0",
 66             "biz_content": biz_content
 67         }
 68 
 69         if return_url:
 70             data["notify_url"] = self.app_notify_url
 71             data["return_url"] = self.return_url
 72 
 73         return data
 74 
 75     def sign_data(self, data):
 76         """
 77         拼接排序后的data,以&连接成符合规范的字符串,并对字符串签名,
 78         将签名后的字符串通过quote_plus格式化,
 79         将请求参数中的url格式化为safe的,获得最终的订单信息字符串
 80         :param data:
 81         :return:
 82         """
 83         # 签名中不能有sign字段
 84         if "sign" in data:
 85             data.pop("sign")
 86 
 87         unsigned_items = self.ordered_data(data)
 88         unsigned_string = "&".join("{0}={1}".format(k, v) for k, v in unsigned_items)
 89         sign = self.sign_string(unsigned_string.encode("utf-8"))
 90         quoted_string = "&".join("{0}={1}".format(k, quote_plus(v)) for k, v in unsigned_items)
 91 
 92         signed_string = quoted_string + "&sign=" + quote_plus(sign)
 93         return signed_string
 94 
 95     def ordered_data(self, data):
 96         """
 97         将请求参数字典排序,
 98         支付宝接口要求是拼接的有序参数字符串
 99         :param data:
100         :return:
101         """
102         complex_keys = []
103         for key, value in data.items():
104             if isinstance(value, dict):
105                 complex_keys.append(key)
106 
107         for key in complex_keys:
108             data[key] = json.dumps(data[key], separators=(',', ':'))
109 
110         return sorted([(k, v) for k, v in data.items()])
111 
112     def sign_string(self, unsigned_string):
113         """
114         生成签名,并进行base64 编码,
115         转换为unicode表示并去掉换行符
116         :param unsigned_string:
117         :return:
118         """
119         key = self.app_private_key
120         signer = PKCS1_v1_5.new(key)
121         signature = signer.sign(SHA256.new(unsigned_string))
122         sign = encodebytes(signature).decode("utf8").replace("\n", "")
123         return sign
124 
125     def _verify(self, raw_content, signature):
126         """
127         对支付宝接口返回的数据进行签名比对,
128         验证是否来源于支付宝
129         :param raw_content:
130         :param signature:
131         :return:
132         """
133         key = self.alipay_public_key
134         signer = PKCS1_v1_5.new(key)
135         digest = SHA256.new()
136         digest.update(raw_content.encode("utf8"))
137         if signer.verify(digest, decodebytes(signature.encode("utf8"))):
138             return True
139         return False
140 
141     def verify(self, data, signature):
142         """
143         验证支付宝返回的数据,防止是伪造信息
144         :param data:
145         :param signature:
146         :return:
147         """
148         if "sign_type" in data:
149             data.pop("sign_type")
150         unsigned_items = self.ordered_data(data)
151         message = "&".join(u"{}={}".format(k, v) for k, v in unsigned_items)
152         return self._verify(message, signature)

 (2) 构造支付链接接口

通过步骤3创建的订单信息生成支付链接,这里接口我采用协程+异步的方式,authenticated是自定义的JWT验证装饰器private_key_path和ali_pub_key_path是前面生成的应用私钥和支付宝公钥文件地址

 1 class GenPayLinkHandler(BaseHandler):
 2     @authenticated
 3     async def get(self, *args, **kwargs):
 4         """
 5         通过订单生成支付链接
 6         :param args:
 7         :param kwargs:
 8         :return:
 9         """
10         res_data = {}
11         order_id = get_int_or_none(self.get_argument("id", None))
12         if not order_id:
13             self.set_status(400)
14             self.write({"content": "缺少order_id参数"})
15 
16         try:
17             order_obj = await self.application.objects.get(
18                 OrderInfo, id=order_id,
19                 pay_status=OrderInfo.ORDER_STATUS[4][0]
20             )
21             out_trade_no = order_obj.order_sn
22             order_mount = order_obj.order_mount
23             subject = order_obj.post_script
24             alipay = AliPay(
25                 appid=settings["ALI_APPID"],
26                 app_notify_url="{}/alipay/return/".format(settings["SITE_URL"]),
27                 app_private_key_path=settings["private_key_path"],
28                 alipay_public_key_path=settings["ali_pub_key_path"],
29                 debug=True,
30                 return_url="{}/alipay/return/".format(settings["SITE_URL"])
31             )
32             url = alipay.direct_pay(
33                 subject=subject,
34                 out_trade_no=out_trade_no,
35                 total_amount=order_mount,
36                 return_url="{}/alipay/return/".format(settings["SITE_URL"])
37             )
38             re_url = settings["RETURN_URI"].format(data=url)
39             res_data["re_url"] = re_url
40         except OrderInfo.DoesNotExist:
41             self.set_status(400)
42             res_data["content"] = "订单不存在"
43 
44         self.finish(res_data)

返回结果:

打开支付链接可以看到:

(3) 构造支付的回调接口

在支付完成后,支付宝会调用在开发者信息中配置的回调url,通过GET方法回调return_ul,通过POST方法发送notify主动通知商户返回服务器里指定的页面,这里分别实现return_ul和notify_url对应的接口,支付宝返回的notify_url是个异步的所以我这里也以异步的方式实现这个接口:

 1 class AlipayHandler(BaseHandler):
 2     def get(self, *args, **kwargs):
 3         """
 4         处理支付宝的return_url返回
 5         :param request:
 6         :return:
 7         """
 8         res_data = {}
 9         processed_dict = {}
10         req_data = self.request.arguments
11         req_data = format_arguments(req_data)
12         for key, value in req_data.items():
13             processed_dict[key] = value[0]
14 
15         sign = processed_dict.pop("sign", None)
16         alipay = AliPay(
17             appid=settings["ALI_APPID"],
18             app_notify_url="{}/alipay/return/".format(settings["SITE_URL"]),
19             app_private_key_path=settings["private_key_path"],
20             alipay_public_key_path=settings["ali_pub_key_path"],
21             debug=True,
22             return_url="{}/alipay/return/".format(settings["SITE_URL"])
23         )
24 
25         verify_re = alipay.verify(processed_dict, sign)
26 
27         if verify_re is True:
28             res_data["content"] = "success"
29         else:
30             res_data["content"] = "Failed"
31 
32         self.finish(res_data)
33 
34     async def post(self, *args, **kwargs):
35         """
36         处理支付宝的notify_url
37         :param request:
38         :return:
39         """
40         processed_dict = {}
41         req_data = self.request.body_arguments
42         req_data = format_arguments(req_data)
43         for key, value in req_data.items():
44             processed_dict[key] = value[0]
45 
46         sign = processed_dict.pop("sign", None)
47         alipay = AliPay(
48             appid=settings["ALI_APPID"],
49             app_notify_url="{}/alipay/return/".format(settings["SITE_URL"]),
50             app_private_key_path=settings["private_key_path"],
51             alipay_public_key_path=settings["ali_pub_key_path"],
52             debug=True, 
53             return_url="{}/alipay/return/".format(settings["SITE_URL"])
54         )
55 
56         verify_re = alipay.verify(processed_dict, sign)
57 
58         if verify_re is True:
59             order_sn = processed_dict.get('out_trade_no')
60             trade_no = processed_dict.get('trade_no')
61             trade_status = processed_dict.get('trade_status')
62 
63             orders_query = OrderInfo.update(
64                 pay_status=trade_status,
65                 trade_no=trade_no,
66                 pay_time=datetime.now()
67             ).where(
68                 OrderInfo.order_sn == order_sn
69             )
70             await self.application.objects.execute(
71                 orders_query
72             )
73 
74         self.finish("success")

测试支付结果:

 

posted @ 2018-12-16 00:00  HarvardFly  阅读(1296)  评论(2编辑  收藏  举报