前言:苹果的霸道实在是出了名的,因为公司产品是虚拟货币交易,非实物的交易,现在你不给苹果交个过路费,那都是立马被审核处死的节奏。
下面要讲的就是AppStore内购的服务器端验证,在app中支付的过程那是由IOS程序猿完成的,完成支付后前端会获取到相应的支付凭证,那么就需要根据凭证来检验是否真实支付了,进而来完成后续产品的功能的业务逻辑,而校验呢,有两种一种是前端自己去校验,一种是通过后端来校验,可想而知了大部分都会是通过后端来校验了,那么下面就亮出真宝剑:
一、(封装好的获取凭证结构类,这里用的是tp框架,这边若是其他框架修改也很方便,若有不懂可以给我留言)
/**
* 苹果内购Api查询接口
* Class AppleAipController
* @package Pay\Controller
*/
class AppleAipController extends Controller
{
/**
* @var string
*/
private $sandboxCurl = "https://sandbox.itunes.apple.com/verifyReceipt";
private $formalityCurl = "https://buy.itunes.apple.com/verifyReceipt";
/**
* @return array
*/
public function send($encodeStr,$sandboxStatus=0)
{
$ch = curl_init();
$data['receipt-data'] =$encodeStr;
$encodeStr = json_encode($data);
$url = $sandboxStatus?($this->formalityCurl):($this->sandboxCurl);
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
// post数据
curl_setopt($ch, CURLOPT_POST, 0);
// post的变量
curl_setopt($ch, CURLOPT_POSTFIELDS, $encodeStr);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, false);
$output = curl_exec($ch);
curl_close($ch);
$resut = (Array)json_decode($output,true);
return $resut;
}
}
二、因为公司做的产品设计到资金问题的,所以最好需要谨慎点咯,所以之前写的token,和验签就器到作用了,如果需要了解验签和token的实现可以往这里看看哦,
那么下面我也赋上我的调用方法,因为是在tp上使用,若需要使用到其他框架或者原生这边可给我留言协助修改,下面我附上我调用的代码:
<?php
/**
* Created by PhpStorm.
* User: wyb
* Date: 2017/8/14
* Time: 9:57
*/
namespace xxxxxxxx;
use Common\Tools\Attestation;
use Pay\Controller\AppleAipController;
use Think\Controller;
/**
* product苹果API内购验证
* Class CoinApiPayController
*/
class ProductPayController extends Controller
{
protected $response = ['result' => true, 'code' => 10000, 'msg' => '', 'AData' => [], 'OData' => NULL];
/**
* 来源数组
* @var array
*/
private $targetArray = ['a_sysj', 'i_sysj', 'a_lpds', 'i_lpds','a_jjds','i_jjds'];
private $testMember =['9232313'];//定好你们内部测试,人员,若人员比较多的化就做成后台管理的从数据库中取出
/**
* @name 检验凭证并分发后续业务的逻辑
*/
public function credentialsCheckAction()
{
IS_POST ||$this->returnError();//判断是否是POST
$parameters =I('post.');//这里最好的相应的参数进行验证,并且使用验签校验,这里我就省略了这部分,还有下面部分最好也放在你封装或者放在你相应的模型内
$AppleAipController = new AppleAipController();
$sandboxStatus = in_array($parameters['member_id'],$thi->testMember)?1:0;
$checkData = $AppleAipController->send($parameters['encodeStr'],$sandboxStatus);
if($checkData['status']==0){
//校验订单号
if($checkData['receipt']['transaction_id']!=$parameters['trade_id']) {
$this->returnErrorData('20012', '检验错误【01】', '21003');
}
$productId = 'com.ifeimo.'.$orderInfo['product_id'];
//校验商品ID
if($checkData['receipt']['product_id'] != $productId){
$this->returnErrorData('20012', '检验错误【02】', '21003');
}
//校验价格
$checkPrice = intval(str_replace('cxzxxxx_', '', $checkData['receipt']['product_id']));
if($checkPrice!=$orderInfo['price']){
$this->returnErrorData('20012', '检验错误【03】', '21003');
}
$result = self::notifyAdd($orderInfo);
$this->response['msg'] = '支付成功';
$status = $checkData['status'];
}else{
$status = $checkData['status'];
$this->response['status'] = $status;
$this->response['result'] = false;
$this->response['msg'] = '待支付';
}
$this->response['order'] = $orderInfo;
$this->response['encodeStatus'] = $status;
$this->ajaxReturn($this->response);//返回数据给前端
}
/**
* 整合异步发放
* @param $order
* @param $time
* @return int
*/
private function notifyAdd($order)
{
//这里写你相应的分发业务
}
/**
* 错误返回
* @param string $msg 错误提示信息,默认‘请求处理失败’
*/
private function returnErrorData($code = '20000', $msg = '请求处理失败',$status='21003'){
$this->response['result'] = false;
$this->response['status'] = $status;
$this->response['code'] = $code;
$this->response['msg'] = $msg;
$this->ajaxReturn($this->response);
}
}
因为可能包含了tp的写法,若需要协助拆分的可以通过我的博客加入我的群,我这边可协助解决。