集成支付平台时,缺乏目标语言的文档往往令人头疼。最近,我协助吉隆坡一家旅行社ZFB Travel在其Ruby on Rails后端集成了马来西亚本地支付平台Bayarcash。Bayarcash文档虽然提供了PHP示例,却缺少Ruby版本,给Rails开发者带来了挑战。
本文将逐步指导您如何在Rails中验证Bayarcash校验和。
Bayarcash文档中提供了用于生成校验和的PHP代码片段:
<?php $secretkey = 'xxxxx'; // Bayarcash门户网站提供的API密钥
$payloaddata = [
"payment_channel" => 1,
"order_number" => "ord-0060",
"amount" => "60.00",
"payer_name" => "mohd ali",
"payer_email" => "mohd.ali@gmail.com"
];
ksort($payloaddata); // 按键排序有效负载数据
$payloadstring = implode('|', $payloaddata); // 使用'|'连接值
$checksum = hash_hmac('sha256', $payloadstring, $secretkey); // 生成HMAC SHA256校验和代码逻辑清晰:排序有效负载,用管道符连接值,最后使用HMAC SHA256生成校验和。
然而,直接将此PHP代码转换为Ruby并非易事。
许多Rails开发者都曾为此类集成问题而苦恼。为了避免重复劳动,我分享一个简洁的Ruby on Rails Bayarcash校验和验证方案。
具体实现如下:
# BayarcashService类
def valid_checksum?(params)
received_checksum = params['checksum'] # 获取接收到的校验和
payload_data = {
'record_type' => params['record_type'],
'transaction_id' => params['transaction_id'],
'exchange_reference_number' => params['exchange_reference_number'],
'exchange_transaction_id' => params['exchange_transaction_id'],
'order_number' => params['order_number'],
'currency' => params['currency'],
'amount' => params['amount'],
'payer_name' => params['payer_name'],
'payer_email' => params['payer_email'],
'payer_bank_name' => params['payer_bank_name'],
'status' => params['status'],
'status_description' => params['status_description'],
'datetime' => params['datetime']
}
sorted_payload = payload_data.sort.to_h # 按键排序
payload_string = sorted_payload.values.join('|') # 使用'|'连接值
generated_checksum = OpenSSL::HMAC.hexdigest('sha256', SECRET_KEY, payload_string) # 生成校验和
ActiveSupport::SecurityUtils.secure_compare(generated_checksum.downcase, received_checksum.downcase) # 安全比较校验和
rescue => e
Rails.logger.error "校验和验证错误: #{e.message}"
false
endhash.sort.to_h实现与PHP ksort相同的按键排序功能。OpenSSL::HMAC.hexdigest和SHA256算法以及您的密钥生成校验和。ActiveSupport::SecurityUtils.secure_compare进行安全比较,防止定时攻击。此方案确保了Rails应用中Bayarcash校验和的可靠验证,节省调试时间,并提高集成安全性。希望此方法能为您的Rails开发带来便利。
