node-easywechat 3.5.8 → 3.5.9

package/CHANGELOG.md

@@ -1,6 +1,11 @@
 # CHANGELOG
 
 
+## v3.5.9 (2023-12-18)
+
+- Feat: 微信支付增加读取平台证书的方法loadPlatformCerts，并自动写入商户配置 (#57)
+- Feat: 微信支付增加v2版本的消息验证方法validateV2 (#56)
+
 ## v3.5.8 (2023-12-18)
 
 - Feat: thirdpartyCode2Session方法重命名为code2Session (#54)

package/dist/Core/Support/AES.js

@@ -82,8 +82,8 @@ class AES_GCM {
         else {
             buf = Buffer.from(ciphertext);
         }
-        let tag = buf.slice(-16);
-        let payload = buf.slice(0, -16);
+        let tag = buf.subarray(-16);
+        let payload = buf.subarray(0, -16);
         let decipher = (0, crypto_1.createDecipheriv)(method, key, iv).setAuthTag(tag).setAAD(Buffer.from(aad));
         return Buffer.concat([
             decipher.update(payload),

package/dist/Core/Support/PublicKey.d.ts

@@ -1,7 +1,8 @@
 /// <reference types="node" />
 export declare class PublicKey {
     protected certificate: Buffer;
-    constructor(certificate: string);
+    protected serialNo: string;
+    constructor(certificate: string, serialNo?: string);
     /**
      * 获取公钥的序列号
      * @returns
@@ -17,4 +18,10 @@ export declare class PublicKey {
      * @returns
      */
     toString(): string;
+    /**
+     * 通过内容创建实例
+     * @param content 证书内容
+     * @param serialNo 证书序列号
+     */
+    static createByCertificateContent(content: string, serialNo: string): PublicKey;
 }

package/dist/Core/Support/PublicKey.js

@@ -7,8 +7,15 @@ exports.PublicKey = void 0;
 const fs_1 = __importDefault(require("fs"));
 const crypto_1 = require("crypto");
 class PublicKey {
-    constructor(certificate) {
-        if (fs_1.default.existsSync(certificate)) {
+    constructor(certificate, serialNo = '') {
+        if (serialNo) {
+            if (!certificate) {
+                throw new Error('Invalid PublicKey content');
+            }
+            this.certificate = Buffer.from(certificate);
+            this.serialNo = serialNo;
+        }
+        else if (fs_1.default.existsSync(certificate)) {
             this.certificate = fs_1.default.readFileSync(certificate) || Buffer.from('');
         }
         else {
@@ -20,12 +27,15 @@ class PublicKey {
      * @returns
      */
     getSerialNo() {
-        try {
-            return new crypto_1.X509Certificate(this.certificate).serialNumber;
-        }
-        catch (e) {
-            throw new Error('Read the $certificate failed, please check it whether or nor correct');
+        if (!this.serialNo) {
+            try {
+                this.serialNo = new crypto_1.X509Certificate(this.certificate).serialNumber;
+            }
+            catch (e) {
+                throw new Error('Read the $certificate failed, please check it whether or nor correct');
+            }
         }
+        return this.serialNo;
     }
     /**
      * 获取证书内容
@@ -41,5 +51,13 @@ class PublicKey {
     toString() {
         return this.certificate.toString();
     }
+    /**
+     * 通过内容创建实例
+     * @param content 证书内容
+     * @param serialNo 证书序列号
+     */
+    static createByCertificateContent(content, serialNo) {
+        return new PublicKey(content, serialNo);
+    }
 }
 exports.PublicKey = PublicKey;

package/dist/Pay/Application.d.ts

@@ -60,6 +60,11 @@ declare class Application implements ApplicationInterface {
      * @returns
      */
     protected getHttpClientDefaultOptions(): Record<string, any>;
+    /**
+     * 如果未配置平台证书，则尝试从接口读取
+     * @param force 是否强制读取，默认：false
+     */
+    loadPlatformCerts(force?: boolean): Promise<void>;
 }
 interface Application extends ConfigMixin, CacheMixin, ServerRequestMixin, HttpClientMixin {
 }

package/dist/Pay/Application.js

@@ -1,4 +1,13 @@
 'use strict';
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -15,6 +24,8 @@ const Utils_2 = __importDefault(require("./Utils"));
 const Config_1 = __importDefault(require("../OfficialAccount/Config"));
 const Client_1 = __importDefault(require("./Client"));
 const Validator_1 = __importDefault(require("./Validator"));
+const PublicKey_1 = require("../Core/Support/PublicKey");
+const AES_1 = require("../Core/Support/AES");
 /**
  * 微信支付应用
  */
@@ -117,6 +128,28 @@ class Application {
             baseURL: 'https://api.mch.weixin.qq.com',
         }, this.getConfig().get('http'));
     }
+    /**
+     * 如果未配置平台证书，则尝试从接口读取
+     * @param force 是否强制读取，默认：false
+     */
+    loadPlatformCerts(force = false) {
+        return __awaiter(this, void 0, void 0, function* () {
+            let exists_certs = this.config.get('platform_certs', []);
+            if (force || !exists_certs || exists_certs.length === 0) {
+                let response = yield this.getClient().get('/v3/certificates');
+                let data = response.toObject();
+                if (data && data.length > 0) {
+                    let certs = {};
+                    let key = this.config.get('secret_key');
+                    data.forEach((item) => {
+                        let content = AES_1.AES_GCM.decrypt(item.encrypt_certificate.ciphertext, key, item.encrypt_certificate.nonce, item.encrypt_certificate.associated_data).toString();
+                        certs[item.serial_no] = PublicKey_1.PublicKey.createByCertificateContent(content, item.serial_no);
+                    });
+                    this.getMerchant().setPlatformCerts(certs);
+                }
+            }
+        });
+    }
 }
 ;
 ;

package/dist/Pay/Contracts/MerchantInterface.d.ts

@@ -31,5 +31,10 @@ declare abstract class MerchantInterface {
      * @returns
      */
     getPlatformCert(serial: string): PublicKey;
+    /**
+     * 设置平台证书
+     * @param certs 键名：序列号，键值：PublicKey实例
+     */
+    setPlatformCerts(certs: Record<string, PublicKey>): void;
 }
 export = MerchantInterface;

package/dist/Pay/Contracts/MerchantInterface.js

@@ -30,6 +30,11 @@ class MerchantInterface {
      * @returns
      */
     getPlatformCert(serial) { return null; }
+    /**
+     * 设置平台证书
+     * @param certs 键名：序列号，键值：PublicKey实例
+     */
+    setPlatformCerts(certs) { }
 }
 ;
 module.exports = MerchantInterface;

package/dist/Pay/Contracts/ValidatorInterface.d.ts

@@ -1,8 +1,13 @@
 import Request from "../../Core/Http/Request";
+import Message from "../Message";
 declare abstract class ValidatorInterface {
     /**
      * 验证请求是否正确
      */
     validate(request: Request): boolean;
+    /**
+     * 验证请求是否正确（v2）
+     */
+    validateV2(message: Message): boolean;
 }
 export = ValidatorInterface;

package/dist/Pay/Contracts/ValidatorInterface.js

@@ -4,6 +4,10 @@ class ValidatorInterface {
      * 验证请求是否正确
      */
     validate(request) { return true; }
+    /**
+     * 验证请求是否正确（v2）
+     */
+    validateV2(message) { return true; }
 }
 ;
 module.exports = ValidatorInterface;

package/dist/Pay/Merchant.d.ts

@@ -21,5 +21,6 @@ declare class Merchant implements MerchantInterface {
     getV2SecretKey(): string;
     getCertificate(): PublicKey;
     getPlatformCert(serial: string): PublicKey;
+    setPlatformCerts(certs: Record<string, PublicKey>): void;
 }
 export = Merchant;

package/dist/Pay/Merchant.js

@@ -60,5 +60,8 @@ class Merchant {
         var _a;
         return (_a = this.platformCerts[serial]) !== null && _a !== void 0 ? _a : null;
     }
+    setPlatformCerts(certs) {
+        this.platformCerts = certs;
+    }
 }
 module.exports = Merchant;

package/dist/Pay/Validator.d.ts

@@ -1,6 +1,7 @@
 import ValidatorInterface from "./Contracts/ValidatorInterface";
 import MessageInterface from "../Core/Http/Contracts/MessageInterface";
 import MerchantInterface from "./Contracts/MerchantInterface";
+import Message from "./Message";
 declare class Validator implements ValidatorInterface {
     protected merchant: MerchantInterface;
     static MAX_ALLOWED_CLOCK_OFFSET: number;
@@ -10,5 +11,6 @@ declare class Validator implements ValidatorInterface {
     static HEADER_SIGNATURE: string;
     constructor(merchant: MerchantInterface);
     validate(request: MessageInterface): boolean;
+    validateV2(message: Message): boolean;
 }
 export = Validator;

package/dist/Pay/Validator.js

@@ -4,6 +4,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 const Utils_1 = require("../Core/Support/Utils");
 const RSA_1 = __importDefault(require("../Core/Support/RSA"));
+const Utils_2 = __importDefault(require("./Utils"));
 class Validator {
     constructor(merchant) {
         this.merchant = merchant;
@@ -39,6 +40,18 @@ class Validator {
         }
         return true;
     }
+    validateV2(message) {
+        let messageSign = (message.get('sign') + '' || '').toUpperCase();
+        if (!messageSign) {
+            throw new Error('Missing Signature');
+        }
+        const utils = new Utils_2.default(this.merchant);
+        let calculateSign = utils.createV2Signature(message.toObject());
+        if (messageSign !== calculateSign) {
+            throw new Error('Invalid Signature');
+        }
+        return true;
+    }
 }
 Validator.MAX_ALLOWED_CLOCK_OFFSET = 300;
 Validator.HEADER_TIMESTAMP = 'Wechatpay-Timestamp';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "node-easywechat",
-  "version": "3.5.8",
+  "version": "3.5.9",
   "description": "EasyWechat SDK for Node.js (NOT OFFICIAL)",
   "main": "dist/index.js",
   "scripts": {