【问题标题】:How to validate google payment token in nodejs如何在nodejs中验证谷歌支付令牌
【发布时间】:2020-12-07 23:04:17
【问题描述】:

我正在尝试在后端验证我从使用 google-payments 的移动应用程序获得的支付令牌。

令牌如下所示:

"{\"signature\":\"MEUCIFGFWxmw/6WRXAqEoZAT7TspkckP/Rd5DtfVfa7NHqJ9AiEA1cK5O/hUENf+npc3lKyI1DsKYMA5gNP77Gmhkie/Q00\\u003d\",\"intermediateSigningKey\":{\"signedKey\":\"{\\\"keyValue\\\":\\\"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwKVBSYqrKGeBTdL4eXerp+qfUAA3Ie5CINH2aK34iYNpmxn+xDIuD67vthpIRjiKtyGtJvqLHs6MPp3kkru8vg\\\\u003d\\\\u003d\\\",\\\"keyExpiration\\\":\\\"1598399127387\\\"}\",\"signatures\":[\"MEUCIQC0n7zyHhvD8sUJhRa+HOeV6hRl1XscT7wt1G685PxyTAIgTVeq4rR1MFseYZcYJ4nKeNz4BGC9m+ax8i434rCoV6w\\u003d\"]},\"protocolVersion\":\"ECv2\",\"signedMessage\":\"{\\\"encryptedMessage\\\":\\\"nxO5fQEB5MXV+9qBXoCpIlxW+F/e5plpQU2nYM5jIBQipzF9gNU9QOv6NKafJv73FQQsCeKADziRaoJagoRST8NApmnl2wlJAyzWLfJKXWKdVLLwnHdccV0qD2sQypn+mZBu7QyQUK52HEgXPV22ms8/4rLr868gIaA9Lmh5sgal4C78P7qzImRJImK5aGVZlzCwopUfqOVipGqJ2ffTXeKsS44OhF2hgYVpfFSbNIrPJR1J82oPl7sNAYKPIQ3CKySE7Y81VINnIVlq5i8/c7DdxK9zkc1Q0j38tLAnP9rvd0fvuvxEFHjHlJoc3eCZbwLUmPb+PyOoLHVbSJDKAg7f8W8jKLalhMziO5zVPmh3rCjMef7mNHuL4qrSPNSZrQPWWkOZ9T/KC8MCXozzP6YxyIWcmrh0AQzVBTQnMUI/AdWK5xkEJDuSC4sS8DU0VyxDJ0SlQcAr7olDQc5CEdOO57erAYVJcaczgvLhzo4Sz1aoIec3lyQculLNr76qRwdQrXcucKloqLU/anatNVn6ZODJqmo\\\\u003d\\\",\\\"ephemeralPublicKey\\\":\\\"BIi24MIm0uqQ3JoaHQ9mY0tk7z+VV2Uue9zCmxrH+gj/DUwvTRFn0D9g860j7JzsdSTPXKr23CFsKRKvOAypNoU\\\\u003d\\\",\\\"tag\\\":\\\"h41QJdk8uByJnwtKPgZiFQzT4evU4pPDUtpi96tMthk\\\\u003d\\\"}\"}"

关于我应该在后端实施以验证有效负载是否有效并解码据称包含购买详细信息的encryptedMessage 的过程的文档非常广泛。

这些可以在这里找到:https://developers.google.com/pay/api/android/guides/resources/payment-data-cryptography#using-tink

令我惊讶的是,Google Pay 仅提供了如何在 Java 中完成此操作的代码示例(使用 tink libray)。 我真的希望不必将 Java 服务添加到系统中,否则堆栈中不会有它。

理想情况下,我想使用 nodejs 进行验证和解码。但如果需要,我也可以选择 Python。令人惊讶的是,我无法在谷歌上找到解决方案,我已经花了几个小时试图使用crypto 模块来实现它。

有没有人知道可以使用或者可以共享代码示例的库?

【问题讨论】:

    标签: node.js cryptography google-pay


    【解决方案1】:

    您无法验证有效负载数据,但使用 nodejs 您可以使用 joi 验证有效负载结构。

    // https://npmjs.com/package/joi
    const joi = require('joi');
    
    const payload = '{"signature":"MEUCIFGFWxmw/6WRXAqEoZAT7TspkckP/Rd5DtfVfa7NHqJ9AiEA1cK5O/hUENf+npc3lKyI1DsKYMA5gNP77Gmhkie/Q00\\u003d","intermediateSigningKey":{"signedKey":"{\\"keyValue\\":\\"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwKVBSYqrKGeBTdL4eXerp+qfUAA3Ie5CINH2aK34iYNpmxn+xDIuD67vthpIRjiKtyGtJvqLHs6MPp3kkru8vg\\\\u003d\\\\u003d\\",\\"keyExpiration\\":\\"1598399127387\\"}","signatures":["MEUCIQC0n7zyHhvD8sUJhRa+HOeV6hRl1XscT7wt1G685PxyTAIgTVeq4rR1MFseYZcYJ4nKeNz4BGC9m+ax8i434rCoV6w\\u003d"]},"protocolVersion":"ECv2","signedMessage":"{\\"encryptedMessage\\":\\"nxO5fQEB5MXV+9qBXoCpIlxW+F/e5plpQU2nYM5jIBQipzF9gNU9QOv6NKafJv73FQQsCeKADziRaoJagoRST8NApmnl2wlJAyzWLfJKXWKdVLLwnHdccV0qD2sQypn+mZBu7QyQUK52HEgXPV22ms8/4rLr868gIaA9Lmh5sgal4C78P7qzImRJImK5aGVZlzCwopUfqOVipGqJ2ffTXeKsS44OhF2hgYVpfFSbNIrPJR1J82oPl7sNAYKPIQ3CKySE7Y81VINnIVlq5i8/c7DdxK9zkc1Q0j38tLAnP9rvd0fvuvxEFHjHlJoc3eCZbwLUmPb+PyOoLHVbSJDKAg7f8W8jKLalhMziO5zVPmh3rCjMef7mNHuL4qrSPNSZrQPWWkOZ9T/KC8MCXozzP6YxyIWcmrh0AQzVBTQnMUI/AdWK5xkEJDuSC4sS8DU0VyxDJ0SlQcAr7olDQc5CEdOO57erAYVJcaczgvLhzo4Sz1aoIec3lyQculLNr76qRwdQrXcucKloqLU/anatNVn6ZODJqmo\\\\u003d\\",\\"ephemeralPublicKey\\":\\"BIi24MIm0uqQ3JoaHQ9mY0tk7z+VV2Uue9zCmxrH+gj/DUwvTRFn0D9g860j7JzsdSTPXKr23CFsKRKvOAypNoU\\\\u003d\\",\\"tag\\":\\"h41QJdk8uByJnwtKPgZiFQzT4evU4pPDUtpi96tMthk\\\\u003d\\"}"}';
    
    const parsedPayload = JSON.parse(payload);
    const payloadSchema = joi.object(
      {
        signature: joi.number().string().required("'signature' is missing from the payload"),
        intermediateSigningKey: joi.object().required("'intermediateSigningKey' is a required param and it must be an object."),
        protocolVersion: joi.string().trim().required("'protocolVersion' is a required param."),
        signedMessage: joi.string().trim().required("'signedMessage' is a required param."),
      },
    );
    
    const payloadValidationResult = payloadSchema.validate(paymentData);
    
    if (payloadValidationResult.error) {
      console.log(payloadValidationResult.error.details[0]);
    }
    

    【讨论】:

      猜你喜欢
      • 2013-11-18
      • 2020-12-24
      • 1970-01-01
      • 2021-10-11
      • 1970-01-01
      • 2020-08-18
      • 2019-02-17
      • 1970-01-01
      • 2016-02-07
      相关资源
      最近更新 更多