支付宝接口

cindycinderella 2020-01-14

支付宝支付

# 1、在沙箱环境下实名认证:https://openhome.alipay.com/platform/appDaily.htm?tab=info

# 2、电脑网站支付API:https://docs.open.alipay.com/270/105898/

# 3、完成RSA密钥生成:https://docs.open.alipay.com/291/105971

# 4、在开发中心的沙箱应用下设置应用公钥:填入生成的公钥文件中的内容

# 5、Python支付宝开源框架:https://github.com/fzlee/alipay
# >: pip install python-alipay-sdk --upgrade

# 7、公钥私钥设置
"""
# alipay_public_key.pem
-----BEGIN PUBLIC KEY-----
支付宝公钥
-----END PUBLIC KEY-----

# app_private_key.pem
-----BEGIN RSA PRIVATE KEY-----
用户私钥
-----END RSA PRIVATE KEY-----
"""

# 8、支付宝链接
"""
开发:https://openapi.alipay.com/gateway.do
沙箱:https://openapi.alipaydev.com/gateway.do
"""

支付流程

支付宝接口

aliapy二次封装包

GitHub开源框架
https://github.com/fzlee/alipay
依赖
>: pip install python-alipay-sdk --upgrade
>: pip install pyopenssl
结构
libs
    ├── iPay                            # aliapy二次封装包
    │   ├── __init__.py                 # 包文件
    │   ├── pay.py                      # 支付文件
    └── └── settings.py                 # 应用配置
setting.py
# 应用ID
APP_ID = "2016093000631831"

# 是否是沙箱环境
DEBUG = True

# 签名算法 RSA or RSA2
SIGN = 'RSA2'

# 网关
if DEBUG:
    GATEWAY = 'https://openapi.alipaydev.com/gateway.do?'
else:
    GATEWAY = 'https://openapi.alipay.com/gateway.do?'

# 应用私钥:首行尾行是固定的,中间是一行私钥字符串(不能有其他字符)
APP_PRIVATE_KEY_STRING = """-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAl079YgKIx0BFbZJL+HOWBa4+HBoRIX4+rKZXSxqM29/Up86RI4YJkqpBQNb6JC2G9+5av/p3bwQffTCPaxWV5iWFJjTfN3tC6efupOHCtBejr+id+lYhyaudfripjhTJX/N9hmoGIMRb6aMY8FbjrPbNyHoYBWE6pVa/8AmvqPkRmpZMr/UcSlHIVPoPWADWunKwQXL258LisiPY6u1I7gWiTQNsyG8JFYcMDK3I23ls0hAALO0ogHhSJEflCqjlLDMW8AXloih8Pqys5aink05cpIqOobUtGGaLRNTAZXx5jaqA2rJyQRx1rdU6pwenqZZY9Gf9LGlJAxdzOsofqQIDAQABAoIBAEDx9Kx27gKoQaSwYM95vXEewyYIwkWgDILKuzlPYhqWTo7giUe4Jq+/SFbub1vL9tzAgE9a0JzkJif0CfsqvraUcDxgAVetHqGLndFD3fCzHN1KeVSUV9haQzW7SXvkzDLVLpHdPFggMFtuWCwA/6SkItvkHB9jBmsleykq3y0lX5xu5zRrnNBNFj4AVHjbPINpO/13ZK6Ue5mFaK+xnLh4FjJzw6K7Nm8d2VniWjHJZSmYacxSX4D23na+ZipbkAsrJqPP3mqm2acg8L8Ms6DD9CfghfwdSdBJpSa+ul9v7jHxZkw6Q46dPvxNRKiQVFbuCwf1728M1EEKI0MB4ykCgYEA6wETGvZLZvY0d1H7cedDp8P12aMgaeYYs7GDwR/Ljd4RLfTzZKaMUsyT91D4jgw4ZGv6b7mZksUeYIA9U5j0A19bvn6mszaDgHoALVrTYLWDpl0HHpCTU56Rp1GOPgbzC8ap19W2Ac7gzIS+AU0Ap7n0BflcLdOIKt9oSfdcOMcCgYEApNOpIPx9hdL+/QDSzOX5w0dSTr1zv5spxb6sVyj5d0MXy48tHdLdzil1eF576dTF0ffX53IRrg3/6GFA0VLSU/OUqHJU9z5d1QlJd3Ff6MVen/dZYEMxMZwp/Ha5xHAryXU/FpNxHGc7ci3EIHQ1u3OgMei1brnoWZXypgWy1A8CgYB5UMy0FoFGXcMn9cKAQorCiH7aI0QQZyBJY1JI2EkUq5biypj7VJ8L/2BDRCGL8vMJpFRcaMvG4MuVtZ3zEfql4wxRgsA7s+Ce6lw9Da4hNpMHxu5t8OSdPjai0Y9EpgHCCoSTT1fuBwY1jjEoKsAz1eMLUncrkQ+yUjJcPL328QKBgQCRnp4RkoCjNqIojA2xEIz0xZImFqKoaUEify5rYrvjbdcb9EZ7zsw/U8mAqpj3IRAUTM7mn5SXHa81cpZ9WJqRqOVxXHFMbkEf8bCCYhvF3nmXAkRoE3Tmy30cmxfMQP2uYnN2UpTf7yRJ370inwjJr4GcFmgUhxKL8zoJC4fOaQKBgFXp/rWzgaG3f+VJW2d9BspEGy7LzxnnkPtIxKsHW/SS0pAIqDqQelkSqX+cxFzgxku15TwAOvWPcAAu2ZTM2yzky6JS1jk++ysafWWwcQDlxoNKOczy5cgmESkf3j3979Azqo+ic2EzcFoSs9r4o4x4HoplxqBE48BMrbcN5iIk
-----END RSA PRIVATE KEY-----"""

# 阿里公钥:首行尾行是固定的,中间是一行公钥字符串(不能有其他字符)
ALIPAY_PUBLIC_KEY_STRING = """-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgCLK/MIs0gsKSk/DqzKwf7F9m8hyGqJM97af5IRkEdVCvFI5U1Y8xZsR8mWj+YhIU9rv48zZn81uJ7OqkkWXc/ENCMqGTiEe4tKPniLibTdpaIgPNn9c3QSa03psvJI8v/n5+0rs+KKXxN8UwLcmMMN5Zfy8Ejvq/rax9EXepxLqSP7xQ8DXHRBCkFHUY6W2vdIKQZFc8wqMqglRjGjfN8OgYwaN2F6TPPPHdoVbpjduEx1RlACItapHNWv21YTr0PYx+edb3Oj+Tjfinzuyb9S0uXDEHOOGeLrerOSJr3rVwDJpFKye6Lojz9H7aV+gki1Mp4W2qykyefYEmkDtYwIDAQAB
-----END PUBLIC KEY-----"""
pay.py
from alipay import AliPay
from .settings import *

alipay = AliPay(
    appid=APP_ID,
    app_notify_url=None,  # 该通知接口一般都设置None
    # 应用私钥
    app_private_key_string=APP_PRIVATE_KEY_STRING,
    # 阿里pay公钥
    alipay_public_key_string=ALIPAY_PUBLIC_KEY_STRING,
    # 签名算法,采用RSA2
    sign_type=SIGN,  # RSA or RSA2
    # 是否是沙箱环境
    debug=DEBUG
)
__init__.py
# 对外提供配置生成好的 alipay 支付对象
from .pay import alipay
# 对外提供alipay的支付网关
from .settings import GATEWAY as alipay_gateway
补充:在自己项目的配置文件中配置支付宝回调接口:settings.py | dev.py | const.py
# 上线后必须换成公网地址
# 后台http根路径
BASE_URL = 'http://127.0.0.1:8000'

# 前台http根路径
LUFFY_URL = 'http://127.0.0.1:8080'

# 订单支付成功的后台异步回调接口
NOTIFY_URL = BASE_URL + '/order/success'

# 订单支付成功的前台同步回调接口
RETURN_URL = LUFFY_URL + '/pay/success'

后台 - 支付接口

路由:order/urls.py
from django.urls import path, re_path
from . import views
urlpatterns = [
    # 支付
    path('pay', views.PayAPIView.as_view()),
    # 支付成功回调
    path('success', views.SuccessAPIView.as_view()),
]
模型表:order/models.py
# 订单表: 主键、商品总名、总价、创建订单时间、支付时间、支付用户、订单号、流水号
# 订单详情表:主键、订单外键、商品(课程)外键

from django.db import models
from utils.model import BaseModel
from user.models import User
from course.models import Course

class Order(BaseModel):
    """订单模型"""
    status_choices = (
        (0, '未支付'),
        (1, '已支付'),
        (2, '已取消'),
        (3, '超时取消'),
    )
    pay_choices = (
        (1, '支付宝'),
        (2, '微信支付'),
    )
    subject = models.CharField(max_length=150, verbose_name="订单标题")
    total_amount = models.DecimalField(max_digits=10, decimal_places=2, verbose_name="订单总价", default=0)
    out_trade_no = models.CharField(max_length=64, verbose_name="订单号", unique=True)
    trade_no = models.CharField(max_length=64, null=True, verbose_name="流水号")
    order_status = models.SmallIntegerField(choices=status_choices, default=0, verbose_name="订单状态")
    pay_type = models.SmallIntegerField(choices=pay_choices, default=1, verbose_name="支付方式")
    pay_time = models.DateTimeField(null=True, verbose_name="支付时间")
    user = models.ForeignKey(User, related_name='user_orders', on_delete=models.DO_NOTHING, db_constraint=False,
                             verbose_name="下单用户")

    class Meta:
        db_table = "luffy_order"
        verbose_name = "订单记录"
        verbose_name_plural = "订单记录"

    def __str__(self):
        return "%s - ¥%s" % (self.subject, self.total_amount)

    @property
    def courses(self):
        data_list = []
        for item in self.order_courses.all():
            data_list.append({
                "id": item.id,
                "course_name": item.course.name,
                "real_price": item.real_price,
            })

        return data_list


class OrderDetail(BaseModel):
    """订单详情"""
    order = models.ForeignKey(Order, related_name='order_courses', on_delete=models.CASCADE, db_constraint=False,
                              verbose_name="订单")
    course = models.ForeignKey(Course, related_name='course_orders', on_delete=models.CASCADE, db_constraint=False,
                               verbose_name="课程")
    price = models.DecimalField(max_digits=6, decimal_places=2, verbose_name="课程原价")
    real_price = models.DecimalField(max_digits=6, decimal_places=2, verbose_name="课程实价")

    class Meta:
        db_table = "luffy_order_detail"
        verbose_name = "订单详情"
        verbose_name_plural = "订单详情"

    def __str__(self):
        return "%s的订单:%s" % (self.course.name, self.order.out_trade_no)
支付接口类:order/views.py
from rest_framework.views import APIView
from rest_framework.response import Response

from . import serializers

# 需要登录后才能访问
from rest_framework_jwt.authentication import JSONWebTokenAuthentication
from rest_framework.permissions import IsAuthenticated
class PayAPIView(APIView):
    authentication_classes = [JSONWebTokenAuthentication]
    permission_classes = [IsAuthenticated]
    def post(self, request, *args, **kwargs):
        serializer = serializers.OrderModelSerializer(data=request.data, context={'request': request})
        # 信息校验
        serializer.is_valid(raise_exception=True)
        # 订单入库
        serializer.save()
        # 返回一个支付链接
        return Response(serializer.pay_url)
支付接口序列化类:model/serializers
import time
from rest_framework import serializers

from . import models
from course.models import Course

from libs.iPay import alipay, alipay_gateway
from django.conf import settings

class OrderModelSerializer(serializers.ModelSerializer):
    # 商品的主键们:暂定 '1,2,3' 方式传多个主键
    goods_pks = serializers.CharField(max_length=64)

    class Meta:
        model = models.Order
        fields = (
            'subject',
            'total_amount',
            'pay_type',
            'goods_pks',
        )
        extra_kwargs = {
            'total_amount': {
                'required': True
            }
        }

    # 后台要根据所有的主键和总价,校验价格(防止传输中被修改)
    def validate(self, attrs):
        goods_pks = attrs.pop('goods_pks')
        goods_pks = [pk for pk in goods_pks.split(',')]
        goods_objs = []
        for pk in goods_pks:
            try:
                obj = Course.objects.get(pk=pk)
                goods_objs.append(obj)
            except:
                raise serializers.ValidationError({'pk': '课程主键有误'})

        total_price = 0
        for good in goods_objs:
            total_price += good.price

        # 商品总价
        total_amount = attrs.get('total_amount')
        if total_price != total_amount:
            raise serializers.ValidationError({'total_amount': '价格被恶意篡改'})

        # 生成订单号
        order_on = self._get_order_no()
        # 订单名
        subject = attrs.get('subject')

        # 生成订单链接
        order_params = alipay.api_alipay_trade_page_pay(out_trade_no=order_on,
                                                        total_amount=float(total_amount),
                                                        subject=subject,
                                                        return_url=settings.RETURN_URL,  # 同步回调的前台接口
                                                        notify_url=settings.NOTIFY_URL  # 异步回调的后台接口
                                                        )
        pay_url = alipay_gateway + order_params

        # 将支付链接保存在serializer对象中
        self.pay_url = pay_url

        # 添加额外的入库字段
        attrs['out_trade_no'] = order_on
        # 视图类给序列化类传参
        attrs['user'] = self.context.get('request').user

        # 将所有的商品对象存放在校验数据中,辅助订单详情表商品信息的入库
        attrs['courses'] = goods_objs

        # 代表校验通过
        return attrs


    # 重写create方法,完成订单详情表入库操作
    def create(self, validated_data):
        courses = validated_data.pop('courses')

        order = super().create(validated_data)  # 订单表

        # 关系表操作
        order_detail_list = []
        for course in courses:
            order_detail_list.append(models.OrderDetail(order=order, course=course, price=course.price, real_price=course.price))

        # 将多个订单详情对象,批量入库
        models.OrderDetail.objects.bulk_create(order_detail_list)  # 订单详情表

        return order

    def _get_order_no(self):
        no = '%s' % time.time()
        return no.replace('.', '', 1)

前台 - 支付生成页面

课程主页或是详情页
<template>
    ...
    <span class="buy-now" @click="buy_course(course)">立即购买</span>
</template>
<script>
    export default {
        methods: {
            // 购买课程
            buy_course(course) {
                let token = this.$cookies.get('token');
                if (!token) {
                    this.$message({
                        message: "请先登录",
                        type: 'warning',
                        duration: 1000,
                    });
                    return false
                }
                // 已登录
                this.$axios({
                    url: this.$settings.base_url + '/order/pay',
                    method: 'post',
                    data: {
                        subject: course.name,
                        total_amount: course.price,
                        goods_pks: `${course.id}`
                    },
                    headers: {
                        authorization: `jwt ${token}`
                    }
                }).then(response => {
                    // console.log(response.data)
                    let pay_url = response.data;
                    window.open(pay_url, '_self');
                }).catch(error => {
                    console.log(error.response.data)
                })


            },
        }
    }
</script>

前台 - 支付成功的回调页面

router/index.js
// ...
const routes = [
    // ...
    {
        path: '/pay/success',
        name: 'pay-success',
        component: PaySuccess
    },
];

views/PaySuccess.vue

<template>
    <div class="pay-success">
        <!--如果是单独的页面,就没必要展示导航栏(带有登录的用户)-->
        <!--<Header/>-->
        <div class="main">
            <div class="title">
                <div class="success-tips">
                    <p class="tips">您已成功购买 1 门课程!</p>
                </div>
            </div>
            <div class="order-info">
                <p class="info"><b>订单号:</b><span>{{ result.out_trade_no }}</span></p>
                <p class="info"><b>交易号:</b><span>{{ result.trade_no }}</span></p>
                <p class="info"><b>付款时间:</b><span><span>{{ result.timestamp }}</span></span></p>
            </div>
            <div class="study">
                <span>立即学习</span>
            </div>
        </div>
        <!--<Footer/>-->
    </div>
</template>

<script>
    // import Header from "@/components/Header"
    // import Footer from "@/components/Footer"

    export default {
        name: "Success",
        data() {
            return {
                result: {},
            };
        },
        created() {
            // url后拼接的参数
            console.log(location.search);

            localStorage.this_nav = '/';
            if (!location.search.length) return;

            // 解析支付宝回调的url参数
            let params = location.search.substring(1);
            let items = params.length ? params.split('&') : [];
            //逐个将每一项添加到args对象中
            for (let i = 0; i < items.length; i++) {
                let k_v = items[i].split('=');
                //解码操作,因为查询字符串经过编码的
                let k = decodeURIComponent(k_v[0]);
                let v = decodeURIComponent(k_v[1]);
                // let k = k_v[0];
                // let v = k_v[1];
                this.result[k] = v;
                // this.result[k_v[0]] = k_v[1];
            }
            console.log(this.result);

            // 把地址栏上面的支付结果,转发给后端
            this.$axios({
                url: this.$settings.base_url + '/order/success' + location.search,
                method: 'patch',
                headers: {
                    Authorization: token
                }
            }).then(response => {
                console.log(response.data);
            }).catch(() => {
                console.log('支付结果同步失败');
            })
        },
        components: {
            // Header,
            // Footer,
        }
    }
</script>

<style scoped>
    .main {
        padding: 60px 0;
        margin: 0 auto;
        width: 1200px;
        background: #fff;
    }

    .main .title {
        display: flex;
        -ms-flex-align: center;
        align-items: center;
        padding: 25px 40px;
        border-bottom: 1px solid #f2f2f2;
    }

    .main .title .success-tips {
        box-sizing: border-box;
    }

    .title img {
        vertical-align: middle;
        width: 60px;
        height: 60px;
        margin-right: 40px;
    }

    .title .success-tips {
        box-sizing: border-box;
    }

    .title .tips {
        font-size: 26px;
        color: #000;
    }


    .info span {
        color: #ec6730;
    }

    .order-info {
        padding: 25px 48px;
        padding-bottom: 15px;
        border-bottom: 1px solid #f2f2f2;
    }

    .order-info p {
        display: -ms-flexbox;
        display: flex;
        margin-bottom: 10px;
        font-size: 16px;
    }

    .order-info p b {
        font-weight: 400;
        color: #9d9d9d;
        white-space: nowrap;
    }

    .study {
        padding: 25px 40px;
    }

    .study span {
        display: block;
        width: 140px;
        height: 42px;
        text-align: center;
        line-height: 42px;
        cursor: pointer;
        background: #ffc210;
        border-radius: 6px;
        font-size: 16px;
        color: #fff;
    }
</style>

后台 - 支付成功的回调接口

from . import models
from utils.logging import logger
from rest_framework.response import Response
class SuccessAPIView(APIView):
    # 不能认证,支付宝异步回调访问该接口,肯定不知道登录认证信息,订单号就是关键的关联信息
    # authentication_classes = [authentications.JWTAuthentication]
    # permission_classes = [IsAuthenticated]
    def patch(self, request, *args, **kwargs):
        # 默认是QueryDict类型,不能使用pop方法
        request_data = request.query_params.dict()
        # 必须将 sign、sign_type(内部有安全处理) 从数据中取出,拿sign与剩下的数据进行校验
        sign = request_data.pop('sign')
        result = alipay.verify(request_data, sign)
        if result:  # 同步回调:修改订单状态
            try:
                out_trade_no = request_data.get('out_trade_no')
                order = models.Order.objects.get(out_trade_no=out_trade_no)
                if order.order_status != 1:
                    order.order_status = 1
                    order.save()
            except:
                pass
            return APIResponse(0, '支付成功')
        return APIResponse(1, '支付失败')

    # 支付宝异步回调
    def post(self, request, *args, **kwargs):
        # 默认是QueryDict类型,不能使用pop方法
        request_data = request.data.dict()
        # 必须将 sign、sign_type(内部有安全处理) 从数据中取出,拿sign与剩下的数据进行校验
        sign = request_data.pop('sign')
        result = alipay.verify(request_data, sign)
        # 异步回调:修改订单状态
        if result and request_data["trade_status"] in ("TRADE_SUCCESS", "TRADE_FINISHED" ):
            out_trade_no = request_data.get('out_trade_no')
            logger.critical('%s支付成功' % out_trade_no)
            try:
                order = models.Order.objects.get(out_trade_no=out_trade_no)
                if order.order_status != 1:
                    order.order_status = 1
                    order.save()
            except:
                pass
            # 支付宝八次异步通知,订单成功一定要返回 success
            return Response('success')
        return Response('failed')

相关推荐