node-easywechat 3.5.12 → 3.5.14

package/CHANGELOG.md

@@ -1,6 +1,17 @@
 # CHANGELOG
 
 
+## v3.5.14 (2023-12-20)
+
+- Fix: 修复个别情况下微信支付的敏感信息加密功能可能使用旧证书的问题 (#57)
+- Fix: 获取微信支付平台证书时，忽略有效期少于1天的证书 (#57)
+
+## v3.5.13 (2023-12-20)
+
+- Feat: 开放平台新增快速注册企业小程序审核事件的支持 (#62)
+
+- Fix: 修复微信支付敏感信息加密方法证书错误的问题 (#57)
+
 ## v3.5.12 (2023-12-19)
 
 - Fix: 修复类型错误

package/dist/Core/Http/Minxins/MessageMixin.js

@@ -63,8 +63,7 @@ class MessageMixin {
     }
     withBody(body) {
         if (Buffer.isBuffer(body)) {
-            this.content = Buffer.from('');
-            this.content.copy(body);
+            this.content = body;
         }
         else if (typeof body === 'string') {
             this.content = Buffer.from(body);

package/dist/OpenPlatform/Message.d.ts

@@ -16,10 +16,12 @@ interface Message {
      * - unauthorized：取消授权
      * - updateauthorized：更新授权
      * - component_verify_ticket：验证票据
+     * - notify_third_fasteregister：快速注册企业小程序审核事件
      * @see [授权变更通知推送](https://developers.weixin.qq.com/doc/oplatform/Third-party_Platforms/2.0/api/Before_Develop/authorize_event.html)
      * @see [验证票据](https://developers.weixin.qq.com/doc/oplatform/Third-party_Platforms/2.0/api/Before_Develop/component_verify_ticket.html)
+     * @see [快速注册企业小程序审核事件](https://developers.weixin.qq.com/doc/oplatform/Third-party_Platforms/2.0/api/Register_Mini_Programs/Fast_Registration_Interface_document.html#三、注册审核事件推送)
      */
-    InfoType?: 'authorized' | 'unauthorized' | 'updateauthorized' | 'component_verify_ticket';
+    InfoType?: 'authorized' | 'unauthorized' | 'updateauthorized' | 'component_verify_ticket' | 'notify_third_fasteregister' | string;
     /**
      * 公众号或小程序的 appid
      */

package/dist/OpenPlatform/Server.d.ts

@@ -44,6 +44,12 @@ declare class Server extends ServerInterface {
      * @returns
      */
     handleVerifyTicketRefreshed(handler: ServerHandlerClosure<Message>): this;
+    /**
+     * 处理快速注册企业小程序审核通知
+     * @param handler
+     * @returns
+     */
+    handleThirdFastRegister(handler: ServerHandlerClosure<Message>): this;
     protected decryptRequestMessage(): ServerHandlerClosure<Message>;
     /**
      * 获取来自微信服务器的推送消息

package/dist/OpenPlatform/Server.js

@@ -102,6 +102,18 @@ class Server extends ServerInterface_1.default {
             });
         });
     }
+    /**
+     * 处理快速注册企业小程序审核通知
+     * @param handler
+     * @returns
+     */
+    handleThirdFastRegister(handler) {
+        return this.with(function (message, next) {
+            return __awaiter(this, void 0, void 0, function* () {
+                return message.InfoType === 'notify_third_fasteregister' ? handler(message, next) : next(message);
+            });
+        });
+    }
     decryptRequestMessage() {
         let query = this.request.getQueryParams();
         return (message, next) => __awaiter(this, void 0, void 0, function* () {

package/dist/Pay/Contracts/MerchantInterface.d.ts

@@ -35,16 +35,21 @@ declare abstract class MerchantInterface {
      */
     setPlatformCertKey(key: string): this;
     /**
-     * 更具证书序列号获取平台证书
+     * 根据证书序列号获取平台证书
      * @param serial
      * @returns
      */
     getPlatformCert(serial: string): Promise<PublicKey>;
     /**
-     * 获取平台证书
+     * 获取所有平台证书
+     * @returns
+     */
+    getPlatformCerts(): Promise<Record<string, PublicKey>>;
+    /**
+     * 从缓存或者接口获取平台证书
      * @param force 是否强制刷新缓存，默认：false
      */
-    loadPlatformCerts(force?: boolean): Promise<void>;
+    loadPlatformCerts(force?: boolean): Promise<Record<string, string>>;
     /**
      * 设置平台证书
      * @param certs 键名：序列号，键值：PublicKey实例或者文件内容字符串

package/dist/Pay/Contracts/MerchantInterface.js

@@ -34,16 +34,21 @@ class MerchantInterface {
      */
     setPlatformCertKey(key) { return this; }
     /**
-     * 更具证书序列号获取平台证书
+     * 根据证书序列号获取平台证书
      * @param serial
      * @returns
      */
     getPlatformCert(serial) { return null; }
     /**
-     * 获取平台证书
+     * 获取所有平台证书
+     * @returns
+     */
+    getPlatformCerts() { return null; }
+    /**
+     * 从缓存或者接口获取平台证书
      * @param force 是否强制刷新缓存，默认：false
      */
-    loadPlatformCerts(force = false) { return; }
+    loadPlatformCerts(force = false) { return null; }
     /**
      * 设置平台证书
      * @param certs 键名：序列号，键值：PublicKey实例或者文件内容字符串

package/dist/Pay/Merchant.d.ts

@@ -7,6 +7,7 @@ declare class Merchant implements MerchantInterface {
     protected secretKey: string;
     protected v2SecretKey: string;
     protected app: Application;
+    protected isConfigPlatformCerts: boolean;
     protected platformCerts: Record<string, PublicKey>;
     protected privateKey: PrivateKey;
     protected certificate: PublicKey;
@@ -24,9 +25,10 @@ declare class Merchant implements MerchantInterface {
     getV2SecretKey(): string;
     getCertificate(): PublicKey;
     getPlatformCert(serial: string): Promise<PublicKey>;
+    getPlatformCerts(): Promise<Record<string, PublicKey>>;
     setPlatformCerts(certs: Record<string, PublicKey | string>): void;
     getPlatformCertKey(): string;
     setPlatformCertKey(key: string): this;
-    loadPlatformCerts(force?: boolean): Promise<void>;
+    loadPlatformCerts(force?: boolean): Promise<Record<string, string>>;
 }
 export = Merchant;

package/dist/Pay/Merchant.js

@@ -17,6 +17,7 @@ class Merchant {
         this.secretKey = secretKey;
         this.v2SecretKey = v2SecretKey;
         this.app = app;
+        this.isConfigPlatformCerts = false;
         this.platformCerts = {};
         if (!(privateKey instanceof PrivateKey_1.PrivateKey)) {
             this.privateKey = new PrivateKey_1.PrivateKey(privateKey);
@@ -50,6 +51,9 @@ class Merchant {
             }
             certs[isArray ? publicKey.getSerialNo() : key] = publicKey;
         }
+        if (Object.keys(certs).length > 0) {
+            this.isConfigPlatformCerts = true;
+        }
         return certs;
     }
     getMerchantId() {
@@ -70,17 +74,30 @@ class Merchant {
     getPlatformCert(serial) {
         var _a;
         return __awaiter(this, void 0, void 0, function* () {
-            if (!this.platformCerts || Object.keys(this.platformCerts).length === 0) {
-                yield this.loadPlatformCerts();
+            if (!this.isConfigPlatformCerts) {
+                // 如果不是通过配置文件设置的平台证书，则每次都从缓存或者接口获取证书
+                let certs = yield this.loadPlatformCerts();
+                this.setPlatformCerts(certs);
             }
             return (_a = this.platformCerts[serial]) !== null && _a !== void 0 ? _a : null;
         });
     }
+    getPlatformCerts() {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!this.isConfigPlatformCerts) {
+                // 如果不是通过配置文件设置的平台证书，则每次都从缓存或者接口获取证书
+                let certs = yield this.loadPlatformCerts();
+                this.setPlatformCerts(certs);
+            }
+            return this.platformCerts;
+        });
+    }
     setPlatformCerts(certs) {
         let newCerts = {};
         for (let key of Object.keys(certs)) {
             let cert = certs[key];
             if (typeof cert === 'string') {
+                // 将证书内容封装为 PublicKey
                 newCerts[key] = PublicKey_1.PublicKey.createByCertificateContent(cert, key);
             }
             else {
@@ -109,14 +126,21 @@ class Merchant {
                 let response = yield this.app.getClient().get('/v3/certificates');
                 let data = response.toObject();
                 if (data && data.data && data.data.length > 0) {
+                    let nowTime = Math.round((new Date()).getTime() / 1000);
                     data.data.forEach((item) => {
+                        // 跳过有效期少于1天的证书
+                        let expireTime = Math.round((new Date(item.expire_time)).getTime() / 1000) - 86400;
+                        if (expireTime < nowTime)
+                            return;
                         let content = AES_1.AES_GCM.decrypt(item.encrypt_certificate.ciphertext, this.app.getConfig().get('secret_key'), item.encrypt_certificate.nonce, item.encrypt_certificate.associated_data).toString();
                         certs[item.serial_no] = content;
                     });
-                    yield cache.set(cacheKey, certs, 36000); // 缓存10小时
+                    if (Object.keys(certs).length > 0) {
+                        yield cache.set(cacheKey, certs, 36000); // 缓存10小时
+                    }
                 }
             }
-            this.setPlatformCerts(certs);
+            return certs;
         });
     }
 }

package/dist/Pay/Server.js

@@ -125,6 +125,10 @@ class Server extends ServerInterface_1.default {
      */
     handlePaid(handler) {
         this.with((message, next) => __awaiter(this, void 0, void 0, function* () {
+            let isV2Message = message.getOriginalContents().startsWith('<xml');
+            if (isV2Message) {
+                return handler(message, next);
+            }
             return message.getEventType() === 'TRANSACTION.SUCCESS' && message.trade_state === 'SUCCESS'
                 ? handler(message, next) : next(message);
         }));

package/dist/Pay/Utils.d.ts

@@ -1,23 +1,21 @@
-/// <reference types="node" />
+import { PublicKey } from '../Core/Support/PublicKey';
+import RSA from '../Core/Support/RSA';
 import { PayAppConfig, PayBridgeConfig, PaySdkConfig } from '../Types/global';
 import MerchantInterface from './Contracts/MerchantInterface';
 declare class Utils {
     protected merchant: MerchantInterface;
     constructor(merchant: MerchantInterface);
     /**
-     * 加密字符串
-     * @param plaintext 原文
-     * @param encoding 密文的编码格式，默认：base64
-     * @param hashType 哈希算法，默认：sha256
+     * 获取加密所用的平台证书
+     * @returns
      */
-    encrypt(plaintext: string, encoding?: BufferEncoding, hashType?: string): string;
+    getPlatformCert(): Promise<PublicKey>;
     /**
-     * 解密字符串
-     * @param ciphertext 密文
-     * @param encoding 密文的编码格式，默认：base64
-     * @param hashType 哈希算法，默认：sha256
+     * 获取敏感信息加密机
+     * @param platformCert PublicKey封装过的平台证书
+     * @returns
      */
-    decrypt(ciphertext: string, encoding?: BufferEncoding, hashType?: string): string;
+    getEncryptor(platformCert?: PublicKey): Promise<RSA>;
     /**
      * 创建签名（V3），并返回签名字符串
      * @param params 参数集合

package/dist/Pay/Utils.js

@@ -1,7 +1,17 @@
 'use strict';
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
+const PublicKey_1 = require("../Core/Support/PublicKey");
 const RSA_1 = __importDefault(require("../Core/Support/RSA"));
 const Utils_1 = require("../Core/Support/Utils");
 class Utils {
@@ -9,26 +19,33 @@ class Utils {
         this.merchant = merchant;
     }
     /**
-     * 加密字符串
-     * @param plaintext 原文
-     * @param encoding 密文的编码格式，默认：base64
-     * @param hashType 哈希算法，默认：sha256
+     * 获取加密所用的平台证书
+     * @returns
      */
-    encrypt(plaintext, encoding = 'base64', hashType = 'sha256') {
-        let rsa = new RSA_1.default;
-        rsa.setPublicKey(this.merchant.getCertificate().toString());
-        return rsa.encrypt(plaintext, encoding, hashType);
+    getPlatformCert() {
+        return __awaiter(this, void 0, void 0, function* () {
+            let certs = yield this.merchant.getPlatformCerts();
+            if (!certs || Object.keys(certs).length === 0) {
+                throw new Error('Fail to get platform certs');
+            }
+            return certs[Object.keys(certs)[0]];
+        });
     }
     /**
-     * 解密字符串
-     * @param ciphertext 密文
-     * @param encoding 密文的编码格式，默认：base64
-     * @param hashType 哈希算法，默认：sha256
+     * 获取敏感信息加密机
+     * @param platformCert PublicKey封装过的平台证书
+     * @returns
      */
-    decrypt(ciphertext, encoding = 'base64', hashType = 'sha256') {
-        let rsa = new RSA_1.default;
-        rsa.setPrivateKey(this.merchant.getPrivateKey().toString());
-        return rsa.decrypt(ciphertext, encoding, hashType);
+    getEncryptor(platformCert = null) {
+        return __awaiter(this, void 0, void 0, function* () {
+            let rsa = new RSA_1.default;
+            if (!platformCert || !(platformCert instanceof PublicKey_1.PublicKey)) {
+                platformCert = yield this.getPlatformCert();
+            }
+            rsa.setPublicKey(platformCert.toString());
+            rsa.setPrivateKey(this.merchant.getPrivateKey().toString());
+            return rsa;
+        });
     }
     /**
      * 创建签名（V3），并返回签名字符串

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "node-easywechat",
-  "version": "3.5.12",
+  "version": "3.5.14",
   "description": "EasyWechat SDK for Node.js (NOT OFFICIAL)",
   "main": "dist/index.js",
   "scripts": {