在尝试验证 Node JS 中的 Authorize.net webhook 通知时,我遇到了以下与小数/尾随零有关的问题:
Authorize.net 使用 HMAC-SHA512 以及 Webhook 通知正文和商家的签名密钥形成哈希。该哈希值和我生成的哈希值不匹配。
以下是 Postman 中测试事务的 JSON 响应,对于输入“300”,它返回“authAmount”的十进制数:
{
"_links": {
"self": {
"href": "/rest/v1/notifications/92782537-6a15-4e8f-8e2f-0710b1e6105d"
}
},
"notificationId": "92782537-6a15-4e8f-8e2f-0710b1e6105d",
"deliveryStatus": "Delivered",
"eventType": "net.authorize.payment.authcapture.created",
"eventDate": "2022-08-19T15:34:56.467",
"webhookId": "a8a17f6f-79eb-49f4-a047-436db0938bbb",
"payload": {
"responseCode": 1,
"authCode": "PYSH10",
"avsResponse": "Y",
"authAmount": 300.00, // <-- note the decimal number
"merchantReferenceId": "123456",
"entityName": "transaction",
"id": "60198731341"
},
"notificationDate": "2022-08-19T15:35:05.07"
}
这是我的代码:
app.post('/notification', (req, res) => {
const authNetHash = req.header('X-ANET-Signature')
// req.body.payload.authAmount = req.body.payload.authAmount.toFixed(2)
const notificationBody = JSON.stringify(req.body);
const notificationHash = crypto.createHmac('sha512', config.AUTHORIZENET.signature_key)
.update(notificationBody)
.digest('hex');
console.log(req.body)
console.log(notificationBody)
console.log(`authorizenet_hash--> ${authNetHash}`)
console.log(`my_hash--> sha512=${notificationHash.toUpperCase()}`)
res.status(200).end()
})
以及由此产生的控制台日志输出:
{
notificationId: '92782537-6a15-4e8f-8e2f-0710b1e6105d',
eventType: 'net.authorize.payment.authcapture.created',
eventDate: '2022-08-19T15:34:56.4671136Z',
webhookId: 'a8a17f6f-79eb-49f4-a047-436db0938bbb',
payload: {
responseCode: 1,
authCode: 'PYSH10',
avsResponse: 'Y',
authAmount: 300,
merchantReferenceId: '123456',
entityName: 'transaction',
id: '60198731341'
}
}
{"notificationId":"92782537-6a15-4e8f-8e2f-0710b1e6105d","eventType":"net.authorize.payment.authcapture.created","eventDate":"2022-08-19T15:34:56.4671136Z","webhookId":"a8a17f6f-79eb-49f4-a047-436db0938bbb","payload":{"responseCode":1,"authCode":"PYSH10","avsResponse":"Y","authAmount":300,"merchantReferenceId":"123456","entityName":"transaction","id":"60198731341"}}
authorizenet_hash--> sha512=4ACA3F76717FBFB3E1FA38587A5057D62B2A6D70123D5B254804CBA461D1D9175CBC915B4DE6F13C43C78CF330DFFF3DC8579662C6CAFBEA7AC58D5D98E5A8DF
my_hash--> sha512=814C18B2A505E9B6385716E49D8C5AC143463741945F6E1FFE8C4450281C093C6D38308D06B1A41587D7E5EAEC1E8417BCC50D1D7039B47E3CEA2D0EE845455C
当解析的数据从“authAmount”中删除小数值时,就会发生哈希不匹配,因为没有小数值。当然,如果存在小数值,但只有一个小数值(即 300.10 将被解析为 300.1),也会发生这种情况。我意识到这就是 javascript 处理小数的方式。使用toFixed(2)
该值没有帮助,因为这会返回一个字符串,在这种情况下,引号会导致散列消失。
我要么错过了显而易见的事情,要么以一种非常愚蠢的方式处理这个问题,或者两者兼而有之。我确信这一点,因为我似乎找不到任何人遇到这个问题。
预先感谢您的任何帮助。