支付密码

1 year ago · 74c65a4f95
2 changed files with 47 additions and 9 deletions
--- a/pages/order/pay/index.js
+++ b/pages/order/pay/index.js
@ -271,7 +271,7 @@ Page({
    })
  },
  // 电子钱包支付
-  walletPay:function(password){
+  walletPay:function(otherData){
    let item = this.data.payList[this.data.numIndex];
    commonApi.user_post("order/pay",{
      order_id:this.data.id,
@ -279,8 +279,7 @@ Page({
      pay_platform:"MINI",
      app_name:"WxXcxConfig",
      ins_no:item.ins_no,
-      password: password,
-      type: 1,
+      ...otherData
    }).then(res=>{
      let data = res.data?JSON.parse(res.data):{};
      if(data && data.RESULT && data.RESULT=='Y'){
@ -377,15 +376,18 @@ Page({
    if (val.length==6) {
        let password = pwEncode.handleEncrypt(val)
        // 验证密码
-        commonApi.user_post("pay_password/verifyPassword",{password:password})
-        .then(res=>{
+        commonApi.user_post("pay_password/verifyPassword",{password:password}).then(res =>{
            // 密码校验成功
            if (res.code == 1) {
-                this.setData({
-                    vcode: '',
-                    SBMask: false,
+                this.setData({vcode: '',SBMask: false})
+                commonApi.user_post('pay_password/getNonce',{}).then(nonceRes =>{
+                    if (nonceRes.code == 1) {
+                        let pwSign =  pwEncode.getPWSignature(password, nonceRes.data)
+                        pwSign.password = password
+                        pwSign.type = 1
+                        this.walletPay(pwSign)
+                    }
                })
-                this.walletPay(password)
            } else {
                this.setData({
                    vcode: '',
--- a/utils/passwordEncode.js
+++ b/utils/passwordEncode.js
@ -1,4 +1,5 @@
 const JSEncrypt = require('./jsencrypt.min.js');
+import CryptoJS from "crypto-js";


 // 支付密码加密
@ -16,6 +17,41 @@ const handleEncrypt = (str) => {
    return jsencrypt.encrypt(str); // 对数据进行加密
 }

+// 生成支付加密参数
+const getPWSignature = (password,nonce) => {
+    const salt = generateRandomSalt(16)
+   // 使用 PBKDF2 派生密钥
+   const iterations = 10000;
+   const keySize = 256 / 32; // 256 位密钥
+   const clientKey = CryptoJS.PBKDF2(password, salt, {
+     keySize: keySize,
+     iterations: iterations
+   }).toString(CryptoJS.enc.Base64);
+   // 生成 signature
+   const signature = CryptoJS.HmacSHA256(nonce, clientKey).toString(CryptoJS.enc.Base64)
+
+   return {
+      //  nonce: nonce,
+       signature: signature,
+       client_salt: salt,
+      //  clientKey: clientKey,
+   }
+}
+
+  // 生成指定长度的随机 Salt
+  const generateRandomSalt = (length)=> {
+    const charset = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+    let salt = '';
+    for (let i = 0; i < length; i++) {
+      const randomIndex = Math.floor(Math.random() * charset.length);
+      salt += charset.charAt(randomIndex);
+    }
+    return salt;
+  }
+
+
+
 module.exports = {
    handleEncrypt: handleEncrypt,
+    getPWSignature: getPWSignature
 }