小程序微信支付 + Java后台 详解
第一次做微信支付,遇到了不少坑在这里记录一下,如有不足请大家多指教
微信支付对商户开放的所有面对用户使用的api,都是由appid和mch_id(商户号)成对使用的。
SDK下载地址 》https://pay.weixin.qq.com/wiki/doc/api/jsapi.php?chapter=11_1
大致流程
第一步:小程序端获取到js_code,然后传递到后台,后台请求微信接口 https://api.weixin.qq.com/sns/jscode2session 获取到openid(是表示用户在你的当前应用中的唯一标识这个参数很重要)
获取js_code微信api链接 》https://developers.weixin.qq.com/miniprogram/dev/api/open-api/login/wx.login.html
第二步:通过appid,mch_id,openid等一系列参数生成第一次签名然后请求微信的统一下单接口。(ps统一下单接口请求成功后返回数据给小程序时还要生成第二次签名,此处有坑兄弟们小心,第一次签名是appid是全部小写,第二次签名时appId是驼峰式!!)
统一下单接口api链接 》https://pay.weixin.qq.com/wiki/doc/api/wxa/wxa_api.php?chapter=9_1
微信签名算法链接 》https://pay.weixin.qq.com/wiki/doc/api/wxa/wxa_api.php?chapter=4_3
第三步:生成二次签名返回支付信息给小程序,获取统一下单接口成功返回的 prepay_id(预支付交易会话标识),nonce_str(随机字符串,必须使用统一下单接口返回的),timeStamp(时间戳需要转成字符串)等参数生成签名,具体看下面代码。
第四步:小程序拿到后台返回的预支付信息去请求wx.requestPayment接口拉起小程序支付页面并完成支付。
Controller层
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import org.perf4j.aop.Profiled;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletRequest;
/**
* @Author LK
* @Date 2019/7/24
* @Time 18:32
*/
@Api(value = "WXPay", description = "小程序微信支付")
@RestController
@RequestMapping("/wx")
public class WXPayController{
public static final Logger LOGGER = LoggerFactory.getLogger(WXPayController.class);
@Autowired
private WeixinService weixinService;
/**
* 业主微信支付
* @param inputWXPayVO
* @return
*/
@ApiOperation(value = "业主微信支付")
@PostMapping("/pay")
public Result wxPay(@RequestBody InputWXPayVO inputWXPayVO, HttpServletRequest request) {
return weixinService.pay(inputWXPayVO, request);
}
}service 层
import javax.servlet.http.HttpServletRequest;
/**
* @Author LK
* @Date 2019/7/24
* @Time 18:35
*/
public interface WeixinService {
Result pay(InputWXPayVO inputWXPayVO, HttpServletRequest request);
}impl层
import com.jzez.b2b.config.WechatConfig;
import com.jzez.b2b.service.weixin.WeixinService;
import com.jzez.b2b.util.PayUtil;
import com.jzez.b2b.vo.input.weixin.InputWXPayVO;
import org.apache.http.HttpResponse;
import org.apache.http.HttpStatus;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
/**
* @Author LK
* @Date 2019/7/24
* @Time 18:37
*/
@Service
public class WeixinServiceImpl implements WeixinService {
public static final Logger logger = LoggerFactory.getLogger(WeixinServiceImpl.class);
@Override
public Result pay(InputWXPayVO inputWXPayVO, HttpServletRequest request) throws GlobalException{
String openId = null;
//请求微信接口获取openId
String URL = WechatConfig.OPENID_URL + inputWXPayVO.getCode();
try {
HttpClient client = HttpClientBuilder.create().build();
HttpGet httpGet = new HttpGet(URL);
HttpResponse response = client.execute(httpGet);
if (response.getStatusLine().getStatusCode() == HttpStatus.SC_OK) {
String strResult = EntityUtils.toString(response.getEntity());
org.json.JSONObject jsonResult = new org.json.JSONObject(strResult);
openId = String.valueOf(jsonResult.get("openid"));
}
} catch (IOException e) {
logger.info("获取openId失败");
}
//调用微信支付接口
Map map = wxPay(openId,inputWXPayVO.getTotalFee(),inputWXPayVO.getPayOrderId(), request);
return ResultUtil.success(map);
}
/**
*
* @param openId
* @param totalFee 支付金额 :分
* @param payOrderId 商户订单id
* @param request
* @return
*/
public Map wxPay(String openId,String totalFee,String payOrderId,HttpServletRequest request) {
try {
//生成的随机字符串
String nonce_str = PayUtil.getRandomStringByLength(32);
//获取客户端的ip地址
String spbill_create_ip = PayUtil.getIpAddr(request);
//组装参数,用户生成统一下单接口的签名
Map packageParams = new HashMap<>();
packageParams.put("appid", WechatConfig.APPID);
packageParams.put("mch_id", WechatConfig.MCHID);
packageParams.put("nonce_str", nonce_str);
packageParams.put("body", WechatConfig.BODY);
packageParams.put("out_trade_no", payOrderId);
packageParams.put("total_fee", totalFee);
packageParams.put("spbill_create_ip", spbill_create_ip);
packageParams.put("notify_url", WechatConfig.NOTIFY_URL);
packageParams.put("trade_type", WechatConfig.TRADETYPE);
packageParams.put("openid", openId + "");
//MD5运算生成签名,这里是第一次签名,用于调用统一下单接口
String sign1 = PayUtil.generateSignature(packageParams, WechatConfig.KEY, WechatConfig.SIGNTYPE).toUpperCase();
packageParams.put("sign",sign1);
//map转成统一下单接口参数需要xml数据
String xml = PayUtil.mapToXml(packageParams);
//调用统一下单接口,并接受返回的结果
logger.info("-----------------------开始请求微信预支付-------------------------");
String result = PayUtil.httpRequest(WechatConfig.PAY_URL,xml);
//将返回参数转为map
Map map = PayUtil.xmlToMap(result);
String return_code = (String) map.get("return_code");
String result_code = (String) map.get("result_code");
logger.info("-----------------------请求微信预支付结束--------------------------");
//返回给小程序端需要的参数
Map response = new HashMap<>();
if (WechatConfig.SUCCESS.equals(return_code) && return_code.equals(result_code)) {
//组装生成二次签名的参数
//第一次生成签名时appid全部小写,此处appId必须使用驼峰式,要不然小程序支付时会报签名验证失败
response.put("appId", WechatConfig.APPID);
String prepay_id = String.valueOf(map.get("prepay_id"));
response.put("nonceStr",String.valueOf(map.get("nonce_str")));
response.put("package","prepay_id=" + prepay_id);
//这边要将返回的时间戳转化成字符串,不然小程序端调用wx.requestPayment方法会报签名错误
Long timeStamp = System.currentTimeMillis()/1000;
response.put("timeStamp",String.valueOf(timeStamp));
response.put("signType", WechatConfig.SIGNTYPE);
//再次签名,这个签名用于小程序端调用wx.requesetPayment方法
String sign2 = PayUtil.generateSignature(response, WechatConfig.KEY, WechatConfig.SIGNTYPE).toUpperCase();
//加入签名返回给小程序
response.put("paySign", sign2);
}
return response;
} catch (Exception e) {
logger.info("请求微信预支付失败");
}
return null;
}
}
实体类
import io.swagger.annotations.ApiModelProperty;
/**
* @Author LK
* @Date 2019/7/25
* @Time 14:43
*/
public class InputWXPayVO {
@ApiModelProperty(value = "js_code")
private String code;
@ApiModelProperty(value = "付款金额:分")
private String totalFee;
@ApiModelProperty(value = "商家订单id")
private String payOrderId;
public String getCode() {
return code;
}
public void setCode(String code) {
this.code = code;
}
public String getTotalFee() {
return totalFee;
}
public void setTotalFee(String totalFee) {
this.totalFee = totalFee;
}
public String getPayOrderId() {
return payOrderId;
}
public void setPayOrderId(String payOrderId) {
this.payOrderId = payOrderId;
}
}
常量类
/**
* @Author LK
* @Date 2019/7/25
* @Time 11:33
*/
public class WechatConfig {
//微信小程序密钥
public static final String SECRET = "bca7fe5******************5b31f";
//小程序appid 开发者自己拥有的
public static final String APPID = "wx16**********56f";
//grant_type
public static final String GRANT_TYPE = "authorization_code";
//微信支付的商户号
public static final String MCHID = "12345678900";
//微信支付的商户密钥
public static final String KEY = "591***************************giv";
//支付成功后的服务器回调url,这里填PayController里的回调函数地址必须是公网地址
public static final String NOTIFY_URL = "http://abc.natappfree.cc/wx/callback";
//签名方式,固定值
public static final String SIGNTYPE = "MD5";
public static final String BODY = "商品的描述信息";
//交易类型,小程序支付的固定值为JSAPI
public static final String TRADETYPE = "JSAPI";
//获取openId请求地址
public static final String OPENID_URL = "https://api.weixin.qq.com/sns/jscode2session?grant_type=" + GRANT_TYPE + "&appid=" + APPID + "&secret=" + SECRET + "&js_code=";
//微信统一下单接口地址
public static final String PAY_URL = "https://api.mch.weixin.qq.com/pay/unifiedorder";
public static final String SUCCESS = "SUCCESS";
}工具类
import com.jzez.b2b.config.WechatConfig;
import java.io.*;
import java.security.MessageDigest;
import java.util.*;
import org.apache.commons.lang.StringUtils;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import javax.servlet.http.HttpServletRequest;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
/**
* @Author LK
* @Date 2019/7/25
* @Time 11:17
*/
public class PayUtil {
/**
* 微信SDK中的生成签名方法
* 生成签名. 注意,若含有sign_type字段,必须和signType参数保持一致。
*
* @param data 待签名数据
* @param key API密钥
* @param signType 签名方式
* @return 签名
*/
public static String generateSignature(final Map data, String key, String signType) throws Exception {
Set keySet = data.keySet();
String[] keyArray = keySet.toArray(new String[keySet.size()]);
Arrays.sort(keyArray);
StringBuilder sb = new StringBuilder();
for (String k : keyArray) {
if (k.equals(WechatConfig.SIGNTYPE)) {
continue;
}
if (data.get(k).trim().length() > 0){
sb.append(k).append("=").append(data.get(k).trim()).append("&");
}
}
sb.append("key=").append(key);
if (WechatConfig.SIGNTYPE.equals(signType)) {
return MD5(sb.toString()).toUpperCase();
}
else {
throw new Exception(String.format("Invalid sign_type: %s", signType));
}
}
/**
* 生成 MD5
* 微信SDK中的生成MD5方法
* @param data 待处理数据
* @return MD5结果
*/
private static String MD5(String data) throws Exception {
java.security.MessageDigest md = MessageDigest.getInstance("MD5");
byte[] array = md.digest(data.getBytes("UTF-8"));
StringBuilder sb = new StringBuilder();
for (byte item : array) {
sb.append(Integer.toHexString((item & 0xFF) | 0x100).substring(1, 3));
}
return sb.toString().toUpperCase();
}
/**
* @param requestUrl 请求地址
* @param outputStr 参数
*/
public static String httpRequest(String requestUrl, String outputStr) {
try {
HttpClient httpClient = HttpClientBuilder.create().build();
HttpPost httpPost = new HttpPost(requestUrl);
StringEntity postEntity = new StringEntity(outputStr, "UTF-8");
httpPost.addHeader("Content-Type", "text/xml");
httpPost.setEntity(postEntity);
HttpResponse httpResponse = httpClient.execute(httpPost);
HttpEntity httpEntity = httpResponse.getEntity();
return EntityUtils.toString(httpEntity, "UTF-8");
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
/**
* XML格式字符串转换为Map
* 微信SDK中的方法
* @param strXML XML字符串
* @return XML数据转换后的Map
* @throws Exception
*/
public static Map xmlToMap(String strXML) throws Exception {
try {
Map data = new HashMap();
DocumentBuilder documentBuilder = newDocumentBuilder();
InputStream stream = new ByteArrayInputStream(strXML.getBytes("UTF-8"));
Document doc = documentBuilder.parse(stream);
doc.getDocumentElement().normalize();
NodeList nodeList = doc.getDocumentElement().getChildNodes();
for (int idx = 0; idx < nodeList.getLength(); ++idx) {
Node node = nodeList.item(idx);
if (node.getNodeType() == Node.ELEMENT_NODE) {
Element element = (Element) node;
data.put(element.getNodeName(), element.getTextContent());
}
}
try {
stream.close();
} catch (Exception ex) {
// do nothing
}
return data;
} catch (Exception ex) {
throw ex;
}
}
/**
* 将Map转换为XML格式的字符串
* 微信SDK中的方法
* @param data Map类型数据
* @return XML格式的字符串
* @throws Exception
*/
public static String mapToXml(Map data) throws Exception {
Document document = newDocument();
Element root = document.createElement("xml");
document.appendChild(root);
for (String key: data.keySet()) {
String value = data.get(key);
if (value == null) {
value = "";
}
value = value.trim();
Element filed = document.createElement(key);
filed.appendChild(document.createTextNode(value));
root.appendChild(filed);
}
TransformerFactory tf = TransformerFactory.newInstance();
Transformer transformer = tf.newTransformer();
DOMSource source = new DOMSource(document);
transformer.setOutputProperty(OutputKeys.ENCODING, "UTF-8");
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
StringWriter writer = new StringWriter();
StreamResult result = new StreamResult(writer);
transformer.transform(source, result);
String output = writer.getBuffer().toString();
try {
writer.close();
}
catch (Exception ex) {
}
return output;
}
/**
* 微信SDK中的方法
* @return Document
* @throws ParserConfigurationException
*/
private static Document newDocument() throws ParserConfigurationException {
return newDocumentBuilder().newDocument();
}
/**
* 微信SDK中的方法
* @return DocumentBuilder
* @throws ParserConfigurationException
*/
private static DocumentBuilder newDocumentBuilder() throws ParserConfigurationException {
DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
documentBuilderFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
documentBuilderFactory.setFeature("http://xml.org/sax/features/external-general-entities", false);
documentBuilderFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
documentBuilderFactory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
documentBuilderFactory.setXIncludeAware(false);
documentBuilderFactory.setExpandEntityReferences(false);
return documentBuilderFactory.newDocumentBuilder();
}
//获取随机字符串
public static String getRandomStringByLength(int length) {
String base = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
Random random = new Random();
StringBuffer sb = new StringBuffer();
for (int i = 0; i < length; i++) {
int number = random.nextInt(base.length());
sb.append(base.charAt(number));
}
return sb.toString();
}
//获取IP
public static String getIpAddr(HttpServletRequest request) {
String ip = request.getHeader("X-Forwarded-For");
if (StringUtils.isNotEmpty(ip) && !"unKnown".equalsIgnoreCase(ip)) {
//多次反向代理后会有多个ip值,第一个ip才是真实ip
int index = ip.indexOf(",");
if (index != -1) {
return ip.substring(0, index);
} else {
return ip;
}
}
ip = request.getHeader("X-Real-IP");
if (StringUtils.isNotEmpty(ip) && !"unKnown".equalsIgnoreCase(ip)) {
return ip;
}
return request.getRemoteAddr();
}
} 小程序请求 wx.requestPayment
obj为后台返回的支付信息
requestPayment:function(obj){
console.log("拉起微信支付页面并发送支付请求" + obj)
wx.requestPayment(
{
'timeStamp': obj.data.timeStamp,
'nonceStr': obj.data.nonceStr,
'package': obj.data.package,
'signType': 'MD5',
'paySign': obj.data.paySign,
'success': function (res) {
console.log("支付成功返回参数"+res)
console.log("支付成功")
},
'fail': function (res) {
console.log("支付失败")
}
})
}效果图
哈哈哈看到这个图是不是感觉很可爱,如果后台返回数据没问题的话到这基本就成功了,拿开发者账号对应的微信来扫码就可以付款啦,快去调试一把吧……
支付成功后的回调问题下一篇再做介绍……嘿嘿