支付寶支付
# 1、在沙箱環境下實名認證:https://openhome.alipay.com/platform/appDaily.htm?tab=info
# 2、電腦網站支付API:https://docs.open.alipay.com/270/105898/
# 3、完成RSA密鑰生成:https://docs.open.alipay.com/291/105971
# 4、在開發中心的沙箱應用下設置應用公鑰:填入生成的公鑰文件中的內容
# 5、Python支付寶開源框架:https://github.com/fzlee/alipay
# >: pip install python-alipay-sdk --upgrade
# 7、公鑰私鑰設置
"""
# alipay_public_key.pem
-----BEGIN PUBLIC KEY-----
支付寶公鑰
-----END PUBLIC KEY-----
# app_private_key.pem
-----BEGIN RSA PRIVATE KEY-----
用戶私鑰
-----END RSA PRIVATE KEY-----
"""
# 8、支付寶鏈接
"""
開發:https://openapi.alipay.com/gateway.do
沙箱:https://openapi.alipaydev.com/gateway.do
"""
支付流程
aliapy二次封裝包
GitHub開源框架
https://github.com/fzlee/alipay
依賴
>: pip install python-alipay-sdk --upgrade
>: pip install pyopenssl
結構
libs
├── iPay # aliapy二次封裝包
│ ├── __init__.py # 包文件
│ ├── pay.py # 支付文件
└── └── settings.py # 應用配置
setting.py
# 應用ID
APP_ID = "2016093000631831"
# 是否是沙箱環境
DEBUG = True
# 簽名算法 RSA or RSA2
SIGN = 'RSA2'
# 網關
if DEBUG:
GATEWAY = 'https://openapi.alipaydev.com/gateway.do?'
else:
GATEWAY = 'https://openapi.alipay.com/gateway.do?'
# 應用私鑰:首行尾行是固定的,中間是一行私鑰字符串(不能有其他字符)
APP_PRIVATE_KEY_STRING = """-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAl079YgKIx0BFbZJL+HOWBa4+HBoRIX4+rKZXSxqM29/Up86RI4YJkqpBQNb6JC2G9+5av/p3bwQffTCPaxWV5iWFJjTfN3tC6efupOHCtBejr+id+lYhyaudfripjhTJX/N9hmoGIMRb6aMY8FbjrPbNyHoYBWE6pVa/8AmvqPkRmpZMr/UcSlHIVPoPWADWunKwQXL258LisiPY6u1I7gWiTQNsyG8JFYcMDK3I23ls0hAALO0ogHhSJEflCqjlLDMW8AXloih8Pqys5aink05cpIqOobUtGGaLRNTAZXx5jaqA2rJyQRx1rdU6pwenqZZY9Gf9LGlJAxdzOsofqQIDAQABAoIBAEDx9Kx27gKoQaSwYM95vXEewyYIwkWgDILKuzlPYhqWTo7giUe4Jq+/SFbub1vL9tzAgE9a0JzkJif0CfsqvraUcDxgAVetHqGLndFD3fCzHN1KeVSUV9haQzW7SXvkzDLVLpHdPFggMFtuWCwA/6SkItvkHB9jBmsleykq3y0lX5xu5zRrnNBNFj4AVHjbPINpO/13ZK6Ue5mFaK+xnLh4FjJzw6K7Nm8d2VniWjHJZSmYacxSX4D23na+ZipbkAsrJqPP3mqm2acg8L8Ms6DD9CfghfwdSdBJpSa+ul9v7jHxZkw6Q46dPvxNRKiQVFbuCwf1728M1EEKI0MB4ykCgYEA6wETGvZLZvY0d1H7cedDp8P12aMgaeYYs7GDwR/Ljd4RLfTzZKaMUsyT91D4jgw4ZGv6b7mZksUeYIA9U5j0A19bvn6mszaDgHoALVrTYLWDpl0HHpCTU56Rp1GOPgbzC8ap19W2Ac7gzIS+AU0Ap7n0BflcLdOIKt9oSfdcOMcCgYEApNOpIPx9hdL+/QDSzOX5w0dSTr1zv5spxb6sVyj5d0MXy48tHdLdzil1eF576dTF0ffX53IRrg3/6GFA0VLSU/OUqHJU9z5d1QlJd3Ff6MVen/dZYEMxMZwp/Ha5xHAryXU/FpNxHGc7ci3EIHQ1u3OgMei1brnoWZXypgWy1A8CgYB5UMy0FoFGXcMn9cKAQorCiH7aI0QQZyBJY1JI2EkUq5biypj7VJ8L/2BDRCGL8vMJpFRcaMvG4MuVtZ3zEfql4wxRgsA7s+Ce6lw9Da4hNpMHxu5t8OSdPjai0Y9EpgHCCoSTT1fuBwY1jjEoKsAz1eMLUncrkQ+yUjJcPL328QKBgQCRnp4RkoCjNqIojA2xEIz0xZImFqKoaUEify5rYrvjbdcb9EZ7zsw/U8mAqpj3IRAUTM7mn5SXHa81cpZ9WJqRqOVxXHFMbkEf8bCCYhvF3nmXAkRoE3Tmy30cmxfMQP2uYnN2UpTf7yRJ370inwjJr4GcFmgUhxKL8zoJC4fOaQKBgFXp/rWzgaG3f+VJW2d9BspEGy7LzxnnkPtIxKsHW/SS0pAIqDqQelkSqX+cxFzgxku15TwAOvWPcAAu2ZTM2yzky6JS1jk++ysafWWwcQDlxoNKOczy5cgmESkf3j3979Azqo+ic2EzcFoSs9r4o4x4HoplxqBE48BMrbcN5iIk
-----END RSA PRIVATE KEY-----"""
# 阿里公鑰:首行尾行是固定的,中間是一行公鑰字符串(不能有其他字符)
ALIPAY_PUBLIC_KEY_STRING = """-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgCLK/MIs0gsKSk/DqzKwf7F9m8hyGqJM97af5IRkEdVCvFI5U1Y8xZsR8mWj+YhIU9rv48zZn81uJ7OqkkWXc/ENCMqGTiEe4tKPniLibTdpaIgPNn9c3QSa03psvJI8v/n5+0rs+KKXxN8UwLcmMMN5Zfy8Ejvq/rax9EXepxLqSP7xQ8DXHRBCkFHUY6W2vdIKQZFc8wqMqglRjGjfN8OgYwaN2F6TPPPHdoVbpjduEx1RlACItapHNWv21YTr0PYx+edb3Oj+Tjfinzuyb9S0uXDEHOOGeLrerOSJr3rVwDJpFKye6Lojz9H7aV+gki1Mp4W2qykyefYEmkDtYwIDAQAB
-----END PUBLIC KEY-----"""
pay.py
from alipay import AliPay
from .settings import *
alipay = AliPay(
appid=APP_ID,
app_notify_url=None, # 該通知接口一般都設置None
# 應用私鑰
app_private_key_string=APP_PRIVATE_KEY_STRING,
# 阿里pay公鑰
alipay_public_key_string=ALIPAY_PUBLIC_KEY_STRING,
# 簽名算法,采用RSA2
sign_type=SIGN, # RSA or RSA2
# 是否是沙箱環境
debug=DEBUG
)
_init_.py
# 對外提供配置生成好的 alipay 支付對象
from .pay import alipay
# 對外提供alipay的支付網關
from .settings import GATEWAY as alipay_gateway
補充:在自己項目的配置文件中配置支付寶回調接口:settings.py | dev.py | const.py
# 上線后必須換成公網地址
# 后台http根路徑
BASE_URL = 'http://127.0.0.1:8000'
# 前台http根路徑
LUFFY_URL = 'http://127.0.0.1:8080'
# 訂單支付成功的后台異步回調接口
NOTIFY_URL = BASE_URL + '/order/success'
# 訂單支付成功的前台同步回調接口
RETURN_URL = LUFFY_URL + '/pay/success'
后台 - 支付接口
路由:order/urls.py
from django.urls import path, re_path
from . import views
urlpatterns = [
# 支付
path('pay', views.PayAPIView.as_view()),
# 支付成功回調
path('success', views.SuccessAPIView.as_view()),
]
模型表:order/models.py
# 訂單表: 主鍵、商品總名、總價、創建訂單時間、支付時間、支付用戶、訂單號、流水號
# 訂單詳情表:主鍵、訂單外鍵、商品(課程)外鍵
from django.db import models
from utils.model import BaseModel
from user.models import User
from course.models import Course
class Order(BaseModel):
"""訂單模型"""
status_choices = (
(0, '未支付'),
(1, '已支付'),
(2, '已取消'),
(3, '超時取消'),
)
pay_choices = (
(1, '支付寶'),
(2, '微信支付'),
)
subject = models.CharField(max_length=150, verbose_name="訂單標題")
total_amount = models.DecimalField(max_digits=10, decimal_places=2, verbose_name="訂單總價", default=0)
out_trade_no = models.CharField(max_length=64, verbose_name="訂單號", unique=True)
trade_no = models.CharField(max_length=64, null=True, verbose_name="流水號")
order_status = models.SmallIntegerField(choices=status_choices, default=0, verbose_name="訂單狀態")
pay_type = models.SmallIntegerField(choices=pay_choices, default=1, verbose_name="支付方式")
pay_time = models.DateTimeField(null=True, verbose_name="支付時間")
user = models.ForeignKey(User, related_name='user_orders', on_delete=models.DO_NOTHING, db_constraint=False,
verbose_name="下單用戶")
class Meta:
db_table = "luffy_order"
verbose_name = "訂單記錄"
verbose_name_plural = "訂單記錄"
def __str__(self):
return "%s - ¥%s" % (self.subject, self.total_amount)
@property
def courses(self):
data_list = []
for item in self.order_courses.all():
data_list.append({
"id": item.id,
"course_name": item.course.name,
"real_price": item.real_price,
})
return data_list
class OrderDetail(BaseModel):
"""訂單詳情"""
order = models.ForeignKey(Order, related_name='order_courses', on_delete=models.CASCADE, db_constraint=False,
verbose_name="訂單")
course = models.ForeignKey(Course, related_name='course_orders', on_delete=models.CASCADE, db_constraint=False,
verbose_name="課程")
price = models.DecimalField(max_digits=6, decimal_places=2, verbose_name="課程原價")
real_price = models.DecimalField(max_digits=6, decimal_places=2, verbose_name="課程實價")
class Meta:
db_table = "luffy_order_detail"
verbose_name = "訂單詳情"
verbose_name_plural = "訂單詳情"
def __str__(self):
return "%s的訂單:%s" % (self.course.name, self.order.out_trade_no)
支付接口類:order/views.py
from rest_framework.views import APIView
from rest_framework.response import Response
from . import serializers
# 需要登錄后才能訪問
from rest_framework_jwt.authentication import JSONWebTokenAuthentication
from rest_framework.permissions import IsAuthenticated
class PayAPIView(APIView):
authentication_classes = [JSONWebTokenAuthentication]
permission_classes = [IsAuthenticated]
def post(self, request, *args, **kwargs):
serializer = serializers.OrderModelSerializer(data=request.data, context={'request': request})
# 信息校驗
serializer.is_valid(raise_exception=True)
# 訂單入庫
serializer.save()
# 返回一個支付鏈接
return Response(serializer.pay_url)
支付接口序列化類:model/serializers
import time
from rest_framework import serializers
from . import models
from course.models import Course
from libs.iPay import alipay, alipay_gateway
from django.conf import settings
class OrderModelSerializer(serializers.ModelSerializer):
# 商品的主鍵們:暫定 '1,2,3' 方式傳多個主鍵
goods_pks = serializers.CharField(max_length=64)
class Meta:
model = models.Order
fields = (
'subject',
'total_amount',
'pay_type',
'goods_pks',
)
extra_kwargs = {
'total_amount': {
'required': True
}
}
# 后台要根據所有的主鍵和總價,校驗價格(防止傳輸中被修改)
def validate(self, attrs):
goods_pks = attrs.pop('goods_pks')
goods_pks = [pk for pk in goods_pks.split(',')]
goods_objs = []
for pk in goods_pks:
try:
obj = Course.objects.get(pk=pk)
goods_objs.append(obj)
except:
raise serializers.ValidationError({'pk': '課程主鍵有誤'})
total_price = 0
for good in goods_objs:
total_price += good.price
# 商品總價
total_amount = attrs.get('total_amount')
if total_price != total_amount:
raise serializers.ValidationError({'total_amount': '價格被惡意篡改'})
# 生成訂單號
order_on = self._get_order_no()
# 訂單名
subject = attrs.get('subject')
# 生成訂單鏈接
order_params = alipay.api_alipay_trade_page_pay(out_trade_no=order_on,
total_amount=float(total_amount),
subject=subject,
return_url=settings.RETURN_URL, # 同步回調的前台接口
notify_url=settings.NOTIFY_URL # 異步回調的后台接口
)
pay_url = alipay_gateway + order_params
# 將支付鏈接保存在serializer對象中
self.pay_url = pay_url
# 添加額外的入庫字段
attrs['out_trade_no'] = order_on
# 視圖類給序列化類傳參
attrs['user'] = self.context.get('request').user
# 將所有的商品對象存放在校驗數據中,輔助訂單詳情表商品信息的入庫
attrs['courses'] = goods_objs
# 代表校驗通過
return attrs
# 重寫create方法,完成訂單詳情表入庫操作
def create(self, validated_data):
courses = validated_data.pop('courses')
order = super().create(validated_data) # 訂單表
# 關系表操作
order_detail_list = []
for course in courses:
order_detail_list.append(models.OrderDetail(order=order, course=course, price=course.price, real_price=course.price))
# 將多個訂單詳情對象,批量入庫
models.OrderDetail.objects.bulk_create(order_detail_list) # 訂單詳情表
return order
def _get_order_no(self):
no = '%s' % time.time()
return no.replace('.', '', 1)
前台 - 支付生成頁面
課程主頁或是詳情頁
<template>
...
<span class="buy-now" @click="buy_course(course)">立即購買</span>
</template>
<script>
export default {
methods: {
// 購買課程
buy_course(course) {
let token = this.$cookies.get('token');
if (!token) {
this.$message({
message: "請先登錄",
type: 'warning',
duration: 1000,
});
return false
}
// 已登錄
this.$axios({
url: this.$settings.base_url + '/order/pay',
method: 'post',
data: {
subject: course.name,
total_amount: course.price,
goods_pks: `${course.id}`
},
headers: {
authorization: `jwt ${token}`
}
}).then(response => {
// console.log(response.data)
let pay_url = response.data;
window.open(pay_url, '_self');
}).catch(error => {
console.log(error.response.data)
})
},
}
}
</script>
前台 - 支付成功的回調頁面
router/index.js
// ...
const routes = [
// ...
{
path: '/pay/success',
name: 'pay-success',
component: PaySuccess
},
];
views/PaySuccess.vue
<template>
<div class="pay-success">
<Header/>
<div class="main">
<div class="title">
<div class="success-tips">
<p class="tips">您已成功購買 1 門課程!</p>
</div>
</div>
<div class="order-info">
<p class="info"><b>訂單號:</b><span>{{ result.out_trade_no }}</span></p>
<p class="info"><b>交易號:</b><span>{{ result.trade_no }}</span></p>
<p class="info"><b>付款時間:</b><span><span>{{ result.timestamp }}</span></span></p>
</div>
<div class="study">
<span>立即學習</span>
</div>
</div>
<!--<Footer/>-->
</div>
</template>
<script>
import Header from "@/components/Header"
// import Footer from "@/components/Footer"
export default {
name: "Success",
data() {
return {
result: {},
};
},
created() {
// 判斷登錄狀態
let token = this.$cookies.get('token');
if (!token) {
this.$message({
message: '非法請求',
type: 'error',
onClose: ()=> {
this.$router.push('/');
}
});
}
// url后拼接的參數
console.log(location.search);
localStorage.this_nav = '/';
if (!location.search.length) return;
// 解析支付寶回調的url參數
let params = location.search.substring(1);
let items = params.length ? params.split('&') : [];
//逐個將每一項添加到args對象中
for (let i = 0; i < items.length; i++) {
let k_v = items[i].split('=');
//解碼操作,因為查詢字符串經過編碼的
let k = decodeURIComponent(k_v[0]);
let v = decodeURIComponent(k_v[1]);
// let k = k_v[0];
// let v = k_v[1];
this.result[k] = v;
// this.result[k_v[0]] = k_v[1];
}
console.log(this.result);
// 把地址欄上面的支付結果,轉發給后端
this.$axios({
url: this.$settings.base_url + '/order/success' + location.search,
method: 'patch',
headers: {
Authorization: token
}
}).then(response => {
console.log(response.data);
}).catch(() => {
console.log('支付結果同步失敗');
})
},
components: {
Header,
// Footer,
}
}
</script>
<style scoped>
.main {
padding: 60px 0;
margin: 0 auto;
width: 1200px;
background: #fff;
}
.main .title {
display: flex;
-ms-flex-align: center;
align-items: center;
padding: 25px 40px;
border-bottom: 1px solid #f2f2f2;
}
.main .title .success-tips {
box-sizing: border-box;
}
.title img {
vertical-align: middle;
width: 60px;
height: 60px;
margin-right: 40px;
}
.title .success-tips {
box-sizing: border-box;
}
.title .tips {
font-size: 26px;
color: #000;
}
.info span {
color: #ec6730;
}
.order-info {
padding: 25px 48px;
padding-bottom: 15px;
border-bottom: 1px solid #f2f2f2;
}
.order-info p {
display: -ms-flexbox;
display: flex;
margin-bottom: 10px;
font-size: 16px;
}
.order-info p b {
font-weight: 400;
color: #9d9d9d;
white-space: nowrap;
}
.study {
padding: 25px 40px;
}
.study span {
display: block;
width: 140px;
height: 42px;
text-align: center;
line-height: 42px;
cursor: pointer;
background: #ffc210;
border-radius: 6px;
font-size: 16px;
color: #fff;
}
</style>
后台 - 支付成功的回調接口
from . import models
from utils.logging import logger
from rest_framework.response import Response
class SuccessAPIView(APIView):
# 不能認證,支付寶異步回調訪問該接口,肯定不知道登錄認證信息,訂單號就是關鍵的關聯信息
# authentication_classes = [authentications.JWTAuthentication]
# permission_classes = [IsAuthenticated]
def patch(self, request, *args, **kwargs):
# 默認是QueryDict類型,不能使用pop方法
request_data = request.query_params.dict()
# 必須將 sign、sign_type(內部有安全處理) 從數據中取出,拿sign與剩下的數據進行校驗
sign = request_data.pop('sign')
result = alipay.verify(request_data, sign)
if result: # 同步回調:修改訂單狀態
try:
out_trade_no = request_data.get('out_trade_no')
order = models.Order.objects.get(out_trade_no=out_trade_no)
if order.order_status != 1:
order.order_status = 1
order.save()
except:
pass
return APIResponse(0, '支付成功')
return APIResponse(1, '支付失敗')
# 支付寶異步回調
def post(self, request, *args, **kwargs):
# 默認是QueryDict類型,不能使用pop方法
request_data = request.data.dict()
# 必須將 sign、sign_type(內部有安全處理) 從數據中取出,拿sign與剩下的數據進行校驗
sign = request_data.pop('sign')
result = alipay.verify(request_data, sign)
# 異步回調:修改訂單狀態
if result and request_data["trade_status"] in ("TRADE_SUCCESS", "TRADE_FINISHED" ):
out_trade_no = request_data.get('out_trade_no')
logger.critical('%s支付成功' % out_trade_no)
try:
order = models.Order.objects.get(out_trade_no=out_trade_no)
if order.order_status != 1:
order.order_status = 1
order.save()
except:
pass
# 支付寶八次異步通知,訂單成功一定要返回 success
return Response('success')
return Response('failed')