3.0如何获取请求返回状态

Question

3.0如何获取请求返回状态

beimusky opened this issue 2 years ago · 10 comments

比如
alipay = Alipay(...)

alipay.client_api(
"alipay.trade.page.pay",
biz_content={
"out_trade_no": "20161112",
"total_amount": 0.01,
"subject": "an order"
},
return_url="https://example.com", # this is optional
)

如何拿到状态，后端确认前端请求的是否正确？

Answer 1 · 2023-03-29T07:45:34.000Z

client_api, server_api 都有返回的

Answer 2 · 2023-03-29T07:46:58.000Z

我看到只返回一个长字符串，不带code
即使请求参数有误，也会正常返回

Answer 3 · 2023-03-29T07:47:30.000Z

有例子吗

Answer 4 · 2023-03-29T07:52:34.000Z

data={
"make_type": "alipay.trade.page.pay",
"total_amount": 0.01,
"subject": "an order",
"product_code":"FAST_INSTANT_TRADE_PAY"
}

message = dc_alipay.client_api(
make_type,
biz_content=data,
return_url="https://www.xxx.com.cn", # this is optional
)

返回参数：
alipay_root_cert_sn=687b59193f3f462dd5336e5abf83c5d8_02941eef3187dddf3d3b83462e1dfcf6&app_cert_sn=db21f9215810f8815836311021f617e5&app_id=2021003183690727&biz_content=%7B%22make_type%22%3A%22alipay.trade.page.pay%22%2C%22total_amount%22%3A0.01%2C%22subject%22%3A%22an+order%22%2C%22product_code%22%3A%22FAST_INSTANT_TRADE_PAY%22%2C%22out_trade_no%22%3A%2220230329_155128_407218_vr7k0NwO%22%7D&charset=utf-8&method=alipay.trade.page.pay&notify_url=https%3A%2F%2F705e2j2074.imdo.co%2Fpay_ali%2Fnotify&return_url=https%3A%2F%2Fwww.hgcm.com.cn&sign_type=RSA2&timestamp=2023-03-29+15%3A51%3A28&version=1.0&sign=Vz5bivXZZZeeu5CUk1sDLvIwdLAsAISoywIbn4HJC6RJzGwSb3t%2FsHpzoeS%2Fex42kY2dgBQ8405MXzY3kiEc2NMPPB892hIJrhPaKmTx93rkPuDhQjzPnZR1RoLUG0hv4Siht43lebe2AgfEu%2Ff3Zj4n%2FLJC7eCy7UExND8NuZ7mqaGzMX54uryVoIR%2FNaSrQWEgyhASkWqO59wulTf28LgFzoD7mzN4Wu677AZzRFE8kTSfjimY3ttTwXqCy24A%2BpwEWYQXUQXVmgasAnZnAEWpbjuUjcQlt8y8kUrUoqP%2Brpq2mmJDEsbKOZEM9m%2B2OfTmkpZxDm18m8wvZwjGdA%3D%3D

Answer 5 · 2023-03-29T07:55:54.000Z

这个不是可以用么，前面加https://openapi.alipay.com/gateway.do? 就好了，网页打开

Answer 6 · 2023-03-29T07:58:44.000Z

是啊，这是正常的，网址没问题，我的意思是参数请求参数随便写，都会返回一个网址
但是无法知道网址能不能用。比如
{
"make_type": "alipay.trade.page.pay",
"total_amount": 0.000001,
"subject": "an order",
"product_code":"FAST_INSTANT_TRADE_PAY"
}
返回为：
https://openapi.alipay.com/gateway.do?alipay_root_cert_sn=687b59193f3f462dd5336e5abf83c5d8_02941eef3187dddf3d3b83462e1dfcf6&app_cert_sn=db21f9215810f8815836311021f617e5&app_id=2021003183690727&biz_content=%7B%22make_type%22%3A%22alipay.trade.page.pay%22%2C%22total_amount%22%3A1e-06%2C%22subject%22%3A%22an+order%22%2C%22product_code%22%3A%22FAST_INSTANT_TRADE_PAY%22%2C%22out_trade_no%22%3A%2220230329_155805_458613_VocCShxI%22%7D&charset=utf-8&method=alipay.trade.page.pay&notify_url=https%3A%2F%2F705e2j2074.imdo.co%2Fpay_ali%2Fnotify&return_url=https%3A%2F%2Fwww.hgcm.com.cn&sign_type=RSA2&timestamp=2023-03-29+15%3A58%3A05&version=1.0&sign=cFKtjGC0vFRotZ4RR1X6vwokIBpQG635K%2Fg%2FiV%2FuFVkOdGxXK3ASZ0E5C%2Fq1VXBBcpI23KNCD%2FYYqos8ZBeINX3T0ncntOLk1FkVwjJSqJ8tiHE7gYMVegnirnL0rF8u%2F1a7BFe8LpPGxBwBw6N3Fq5ajus7t0E%2FxMpJEFFxMt91aRFh%2BvH7hSo5NKBPF0OymvUHWF0dbImd1VBScajKHpFxbiaTzc%2F8FLGWe0Jad1mINGoTXJMXJKCuKkQpIun6SNoYjV5CeKOzhlBsjCZbs%2BbS43Mi0IiI10y0OQoFqhupJ63DLUgh0ritO8lG5KgIqS%2BXuR6MywJDrTrDoNxy1g%3D%3D

但是这个网址是错误的

Answer 7 · 2023-03-29T08:26:31.000Z

这是本地生成的请求，在发送给支付宝之前，支付宝是不会验证的。
目前似乎无解

Answer 8 · 2023-03-29T09:31:07.000Z

那就是无脑转发了呗，无法验证前端传来的参数。
主要问题是，因为无法验证，所以所有请求都要提前入库，哪怕如果被攻击发垃圾请求，不入库后面就不能通过订单验证了

Answer 9 · 2023-03-30T01:17:37.000Z

理论上一个订单的所有请求参数应该是后端组织好的。哪怕就是前端传来的，也需要做一遍合法性验证

Answer 10 · 2023-03-30T01:21:50.000Z

是的，我会验证一次，但是接口参数太多了，如果每一个都会验证。。那就N倍了，而且有时候官方也没有给出详细规则。
比如说，生成订单金额，最大金额是多少，官方没有给出，类似这种没有规则的情况。都不好判断。