303 lines
10 KiB
Python
303 lines
10 KiB
Python
from db import findUser, findCode, delCode, insertOrderCache, cache2Test, findOrder, insertCode
|
||
from login import getOpenid
|
||
from pay import checkNotify, createOrderParams
|
||
import re
|
||
import json
|
||
import time
|
||
import os
|
||
|
||
# 主函数
|
||
|
||
# 处理登录操作 debug完成
|
||
def manageLogin(request):
|
||
if checkContent(request.form['code'],request.form['sign']): # 校验
|
||
res = getOpenid(request.form['code']) # 获取openid
|
||
if res['errcode'] == 200: # 获取成功返回用户信息
|
||
return {'userInfo': findUser(res['errmsg']['openid']), 'openid': res['errmsg']['openid'], 'errcode': 200}
|
||
else: # 获取失败返回失败信息
|
||
return res
|
||
else:
|
||
return False # 参数不全或者没通过校验
|
||
|
||
# 用户扫描二维码付款 debug完成
|
||
def findQR(request):
|
||
# 这里做不了加密验证,防止攻击
|
||
# 已知ObjectId只包含数字和字母且长度为24位,使用isalnum
|
||
codeId = str(request.args.get('id'))
|
||
if(len(codeId) == 24): # 长度校验
|
||
if(codeId.isalnum()): # 内容校验
|
||
return findCode(codeId) # 返回code信息
|
||
else:
|
||
return False
|
||
else:
|
||
return False
|
||
|
||
# 小程序刷新用户信息 debug完成
|
||
def flash(request):
|
||
# 正常的加解密校验
|
||
# 已知openId只包含-、_、数字和字母且长度为28位,使用正则
|
||
if checkContent(request.form['openId'],request.form['sign']): # 校验
|
||
openId = str(request.form['openId'])
|
||
if(len(openId) == 28): # 长度校验
|
||
pattern = re.compile(r'[^\w-]')
|
||
if(pattern.search(openId)): # 内容校验
|
||
return False
|
||
else:
|
||
return {'userInfo': findUser(openId), 'errcode': 200} # 返回用户信息
|
||
else:
|
||
return False
|
||
else:
|
||
return False # 参数不全或者没通过校验
|
||
|
||
# 用户删除二维码 debug完成
|
||
def delQR(request):
|
||
# 正常加解密校验
|
||
# 和findQR一样,校验objectId
|
||
if checkContent(request.form['id'],request.form['sign']): # 校验
|
||
codeId = str(request.form['id'])
|
||
if(len(codeId) == 24): # 长度校验
|
||
if(codeId.isalnum()): # 内容校验
|
||
res = delCode(codeId) # 返回code信息
|
||
if res:
|
||
path = '{0}{1}.js'.format('/data/qrcode/data/', codeId)
|
||
print(path)
|
||
if os.path.exists(path):
|
||
os.remove(path)
|
||
return res
|
||
else:
|
||
return res
|
||
else:
|
||
return False
|
||
else:
|
||
return False
|
||
else:
|
||
return False
|
||
else:
|
||
return False
|
||
|
||
# 用户上传二维码
|
||
def addQR(request):
|
||
# 流程同createOrder一样,但是直接插入到正式表中,然后返回id
|
||
dataCache = json.loads(request.form['data']) # josn化,应该能当dist用
|
||
checked = checkData(dataCache) # 校验所有用户上传的内容
|
||
if checked:
|
||
res = insertCode(checked)
|
||
if res:
|
||
res = json.loads(res) # res是str 转成json
|
||
res = res['$oid'] # 取到里边的id
|
||
data = findCode(res) # 获取到所有的信息
|
||
try: # 将信息写入文件
|
||
f = open('{0}{1}.js'.format('/data/qrcode/data/', res),'w',encoding="utf-8")
|
||
f.write('{0}{1}'.format('var data = ',data))
|
||
f.close()
|
||
except IOError:
|
||
return False
|
||
return {'errcode': 200, 'id': res, 'data':data}
|
||
else:
|
||
return False
|
||
else:
|
||
return False
|
||
|
||
|
||
# 微信小程序创建订单 debug完成
|
||
def createOrder(request):
|
||
# 先就不加MD5校验了
|
||
# 校验所有内容,目前策略:微信支付宝取网址后边的东西校验,qq转义
|
||
# 需要接收的内容 : data : wxcode alcode qqcode username openId node; totalFee
|
||
# 判断过程:先看是否为空,不是空进行校验,报错返回False
|
||
dataCache = json.loads(request.form['data']) # josn化,应该能当dist用
|
||
checked = checkData(dataCache) # 校验所有用户上传的内容
|
||
if checked:
|
||
params = createOrderParams(request.form['totalFee']) # 获取到订单信息
|
||
dataCache = createOrderCache(dataCache, params) # 处理要放进缓存表的数据
|
||
res = insertOrderCache(dataCache) # 放进缓存表
|
||
if res:
|
||
return {'params': params, 'errcode': 200}
|
||
else:
|
||
return False
|
||
else:
|
||
return False
|
||
|
||
# 处理订单异步通知 debug完成
|
||
def manageNotify(request):
|
||
check = checkNotify(request.form.to_dict()) # 回调验证
|
||
if check:
|
||
res = cache2Test(request.form['out_trade_no'],request.form['payjs_order_id']) # 转移到Test
|
||
if res: # 转移成功返回id
|
||
return True
|
||
else:
|
||
return False
|
||
else:
|
||
return False
|
||
|
||
# 小程序查询订单状况 debug完成
|
||
def checkOrder(request):
|
||
order_id = findOrder(request.form['out_trade_no']) # 查询到的映射id
|
||
if order_id: # 后端还没收到反馈
|
||
order_id = json.loads(order_id)['$oid']
|
||
if order_id: # 查询删除都成功了
|
||
return {'order_id': order_id, 'errcode': 200}
|
||
else:
|
||
return False
|
||
else:
|
||
return False
|
||
|
||
# 工具函数---------------------------------------------------------------------------------
|
||
|
||
# 在这里进行解密对照
|
||
def checkContent(row,rsa):
|
||
# 回头再写,先默认返回true
|
||
# 用那个MD5
|
||
# 应该和MD5放在一个文件里
|
||
return True
|
||
|
||
# 判断str转换完是否为空
|
||
def isKong(arg):
|
||
if arg == 'None' or arg == '' or arg == None:
|
||
return True
|
||
else:
|
||
return False
|
||
|
||
# 上传参数校验
|
||
def checkData(data):
|
||
hrefCount = 0
|
||
usernameCount = 0
|
||
openIdCount = 0
|
||
timeoutCount = 0
|
||
|
||
# 可能的参数
|
||
# wxp://f2f0e4PCkhToyNDT-zfA-Nn6zoAgPKvK9HUl
|
||
# https://qr.alipay.com/fkx03165mn5e2hx4gygpx04
|
||
# HTTPS://QR.ALIPAY.COM/FKX01227ZSFRLWLKZSHL9C
|
||
# https://payapp.weixin.qq.com/qr/AQEGbDUlzvPBxYKSJst3hENW?t=GAAG#wechat_pay
|
||
# https://payapp.weixin.qq.com/qr/AQHoz2ywjCZbBKqDrvUuHDqG?t=GAAG#wechat_pay
|
||
# 微信验证
|
||
# 微信为36位长度,只包含-、_、数字和字母,使用正则
|
||
|
||
wxp = re.compile(r'[^\w-]')
|
||
wxcode = str(data['wxcode'])
|
||
if isKong(wxcode):
|
||
wxcode = ''
|
||
else:
|
||
wxCache1 = re.findall(r"wxp://(.+)",wxcode)
|
||
wxCache2 = re.findall(r"https://payapp.weixin.qq.com/qr/(.+)\?t",wxcode)
|
||
if wxCache1:
|
||
# 第一种
|
||
if(len(wxCache1[0]) == 36):
|
||
if not (wxp.search(wxCache1[0])):
|
||
hrefCount = hrefCount + 1
|
||
else:
|
||
return False
|
||
else:
|
||
return False
|
||
elif wxCache2:
|
||
# 第二种
|
||
if(len(wxCache2[0]) == 24):
|
||
if not (wxp.search(wxCache2[0])):
|
||
hrefCount = hrefCount + 1
|
||
else:
|
||
return False
|
||
else:
|
||
return False
|
||
else:
|
||
# 都不是
|
||
return False
|
||
|
||
# openId验证
|
||
# openId为28位长度,只包含-、_、数字和字母,使用正则
|
||
openId = str(data['openId'])
|
||
if isKong(openId):
|
||
openId = ''
|
||
else:
|
||
if(len(openId) == 28):
|
||
if not (wxp.search(openId)):
|
||
openIdCount = 1
|
||
else:
|
||
return False
|
||
else:
|
||
return False
|
||
|
||
# 支付宝验证
|
||
# 支付宝为23位或22位长度,只有数字和字母,使用isalnum
|
||
alcode = str(data['alcode'])
|
||
alCache1 = re.findall(r"https://qr.alipay.com/(.+)",alcode)
|
||
alCache2 = re.findall(r"HTTPS://QR.ALIPAY.COM/(.+)",alcode)
|
||
if isKong(alcode):
|
||
alcode = ''
|
||
else:
|
||
if alCache1:
|
||
# 第一种
|
||
if len(alCache1[0]) == 23:
|
||
if alCache1[0].isalnum():
|
||
hrefCount = hrefCount + 1
|
||
else:
|
||
return False
|
||
else:
|
||
return False
|
||
elif alCache2:
|
||
# 第二种
|
||
if len(alCache2[0]) == 22:
|
||
if alCache2[0].isalnum():
|
||
hrefCount = hrefCount + 1
|
||
else:
|
||
return False
|
||
else:
|
||
return False
|
||
else:
|
||
return False
|
||
|
||
# QQ验证
|
||
# QQ 一定包含 'qianbao.qq.com',使用正则
|
||
# *!()_-.% 字母 数字 ,正则写不明白了,woc
|
||
qqp = re.compile(r'qianbao.qq.com')
|
||
qqcode = str(data['qqcode'])
|
||
if isKong(qqcode):
|
||
qqcode = ''
|
||
else:
|
||
if(qqp.search(qqcode)):
|
||
hrefCount = hrefCount + 1
|
||
else:
|
||
return False
|
||
|
||
# 用户名验证
|
||
# 正则替换掉引号,$
|
||
username = str(data['username'])
|
||
if(not isKong(username)):
|
||
username = username.replace('"','')
|
||
username = username.replace("'",'')
|
||
username = username.replace('$','')
|
||
usernameCount = 1
|
||
else:
|
||
return False
|
||
|
||
# 备注验证
|
||
# 正则替换掉引号,$
|
||
node = str(data['node'])
|
||
if(not isKong(node)):
|
||
node = node.replace('"','')
|
||
node = node.replace("'",'')
|
||
node = node.replace('$','')
|
||
else:
|
||
node = ''
|
||
|
||
# 过期时间验证
|
||
timeout = str(data['timeout'])
|
||
if(not isKong(timeout)):
|
||
if len(timeout) == 13:
|
||
timeoutCount = 1
|
||
else:
|
||
return False
|
||
else:
|
||
return False
|
||
|
||
if hrefCount >= 2 and usernameCount and openIdCount and timeoutCount:
|
||
return {'username': username, 'node': node, 'wxcode': wxcode, 'alcode': alcode, 'qqcode': qqcode, 'openId': openId, 'timeout': timeout, 'create_time':int(time.time())}
|
||
else:
|
||
return False
|
||
|
||
# 创建订单详情 Cache
|
||
def createOrderCache(data,params):
|
||
data['out_trade_no'] = params['out_trade_no']
|
||
data['create_time'] = int(time.time())
|
||
return data
|