很多网站里都有金币、积分之类的虚拟货币,获取这些往往需要充值。那么问题来了,如何在Django中对接支付宝实现支付宝充值金币的功能呢?网上很多资料都是电商的,那些都会带有订单系统之类比较复杂,而充值金币功能不需要实现那么多功能。
效果图如下:
现在就来实现Django对接支付宝支付功能吧!
登录支付宝开放平台
点击进入蚂蚁金服开放平台https://open.alipay.com/platform/home.htm
进入支付宝沙箱环境https://openhome.alipay.com/platform/appDaily.htm?tab=info
如图,这里是你沙箱环境的配置,左侧沙箱工具有沙箱支付宝安卓版下载,沙箱账号是你的测试账号。
下载支付宝开放平台开发助手
打开工具,生成密钥,然后妥善保管好!!
保存密钥
把刚刚那个应用公钥2048重命名为:pub_2048.txt,把应用私钥2048重命名为:private_2048.txt,把这两个文件放在项目目录下。
注意:密钥的开始和结束一定要加上如下的字符串!!!
-----BEGIN PRIVATE KEY-----
这里粘贴里面的密钥
-----END PRIVATE KEY-----
复制支付宝的公钥并保存
把这段支付宝公钥复制,重命名为alipay_key_2048.txt,保存到项目目录中,注意加上如下字符串
-----BEGIN PRIVATE KEY-----
这里粘贴里面的密钥
-----END PRIVATE KEY-----
设置公钥
把刚刚的pub_2048.txt里面的字符串复制到如下:
调试支付宝支付接口
from datetime import datetime
from Crypto.PublicKey import RSA
from Crypto.Signature import PKCS1_v1_5
from Crypto.Hash import SHA256
from urllib.parse import quote_plus
from base64 import decodebytes, encodebytes
import json
class AliPay(object):
"""
支付宝支付接口
"""
def __init__(self, appid, app_notify_url, app_private_key_path,
alipay_public_key_path, return_url, debug=False):
self.appid = appid
self.app_notify_url = app_notify_url
self.app_private_key_path = app_private_key_path
self.app_private_key = None
self.return_url = return_url
with open(self.app_private_key_path) as fp:
self.app_private_key = RSA.importKey(fp.read())
self.alipay_public_key_path = alipay_public_key_path
with open(self.alipay_public_key_path) as fp:
self.alipay_public_key = RSA.import_key(fp.read())
if debug is True:
self.__gateway = "https://openapi.alipaydev.com/gateway.do"
else:
self.__gateway = "https://openapi.alipay.com/gateway.do"
def direct_pay(self, subject, out_trade_no, total_amount, return_url=None, **kwargs):
biz_content = {
"subject": subject,
"out_trade_no": out_trade_no,
"total_amount": total_amount,
"product_code": "FAST_INSTANT_TRADE_PAY",
# "qr_pay_mode":4
}
biz_content.update(kwargs)
data = self.build_body("alipay.trade.page.pay", biz_content, self.return_url)
return self.sign_data(data)
def build_body(self, method, biz_content, return_url=None):
data = {
"app_id": self.appid,
"method": method,
"charset": "utf-8",
"sign_type": "RSA2",
"timestamp": datetime.now().strftime("%Y-%m-%d %H:%M:%S"),
"version": "1.0",
"biz_content": biz_content
}
if return_url is not None:
data["notify_url"] = self.app_notify_url
data["return_url"] = self.return_url
return data
def sign_data(self, data):
data.pop("sign", None)
# 排序后的字符串
unsigned_items = self.ordered_data(data)
unsigned_string = "&".join("{0}={1}".format(k, v) for k, v in unsigned_items)
sign = self.sign(unsigned_string.encode("utf-8"))
# ordered_items = self.ordered_data(data)
quoted_string = "&".join("{0}={1}".format(k, quote_plus(v)) for k, v in unsigned_items)
# 获得最终的订单信息字符串
signed_string = quoted_string + "&sign=" + quote_plus(sign)
return signed_string
def ordered_data(self, data):
complex_keys = []
for key, value in data.items():
if isinstance(value, dict):
complex_keys.append(key)
# 将字典类型的数据dump出来
for key in complex_keys:
data[key] = json.dumps(data[key], separators=(',', ':'))
return sorted([(k, v) for k, v in data.items()])
def sign(self, unsigned_string):
# 开始计算签名
key = self.app_private_key
signer = PKCS1_v1_5.new(key)
signature = signer.sign(SHA256.new(unsigned_string))
# base64 编码,转换为unicode表示并移除回车
sign = encodebytes(signature).decode("utf8").replace("
", "")
return sign
def _verify(self, raw_content, signature):
# 开始计算签名
key = self.alipay_public_key
signer = PKCS1_v1_5.new(key)
digest = SHA256.new()
digest.update(raw_content.encode("utf8"))
if signer.verify(digest, decodebytes(signature.encode("utf8"))):
return True
return False
def verify(self, data, signature):
if "sign_type" in data:
sign_type = data.pop("sign_type")
# 排序后的字符串
unsigned_items = self.ordered_data(data)
message = "&".join(u"{}={}".format(k, v) for k, v in unsigned_items)
return self._verify(message, signature)
def get_alipay_url(app_id, order_sn, order_mount):
alipay = AliPay(
appid=app_id,
app_notify_url="http://127.0.0.1:8000/alipay/return/",
app_private_key_path="../trade/keys/private_2048.txt",
alipay_public_key_path="../trade/keys/alipay_key_2048.txt", # 支付宝的公钥,验证支付宝回传消息使用,不是你自己的公钥,
debug=True, # 默认False,
return_url="http://127.0.0.1:8000/alipay/return/"
)
url = alipay.direct_pay(
subject=order_sn,
out_trade_no=order_sn,
total_amount=order_mount,
)
re_url = "https://openapi.alipaydev.com/gateway.do?{data}".format(data=url)
return re_url
if __name__ == "__main__":
url = get_alipay_url(
'2016092600597838',
'201902923423436',
1.00
)
print(url)
如果输出的url能够打开并且使用沙箱账号支付,说明前面的配置成功了,可以进行视图的编写。
设计数据库订单模型
from django.db import models
from django.conf import settings
from django.utils.encoding import python_2_unicode_compatible
from questioning.utils.models import CreatedUpdatedMixin
@python_2_unicode_compatible
class OrderInfo(CreatedUpdatedMixin, models.Model):
'''
充值订单详情
'''
ORDER_STATUS = (
('TRADE_SUCCESS', '交易支付成功'),
('TRADE_CLOSED', '未付款交易超时关闭'),
('WAIT_BUYER_PAY', '交易创建'),
('TRADE_FINISHED', '交易结束'),
('paying', '待支付'),
)
user = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE, verbose_name='用户')
order_sn = models.CharField(max_length=30, null=True, blank=True, unique=True, verbose_name='订单号')
trade_no = models.CharField(max_length=100, unique=True, null=True, blank=True, verbose_name='支付订单号')
pay_status = models.CharField(choices=ORDER_STATUS, max_length=40, verbose_name='订单状态', default='paying')
order_mount = models.DecimalField(verbose_name="充值金额", max_digits=10,
decimal_places=2, default=0.00)
class Meta:
verbose_name = "充值订单"
verbose_name_plural = verbose_name
def __str__(self):
return self.order_sn
注意充值的金额要设置为models.DecimalField货币类型
然后导入到数据库中
视图函数编写
class AlipayView(LoginRequiredMixin, AuthorRequiredMixin, View):
"""
支付宝支付
get方法实现支付宝return_url,如果没有实现也无所谓,post同样可以更新状态
post方法实现支付宝notify_url,异步更新
支付宝返回的url如下:
#http://127.0.0.1:8000/alipay/return/?
# charset=utf-8&
# out_trade_no=201902923423436&
# method=alipay.trade.page.pay.return&
# total_amount=1.00&
# sign=CDBMY9NBsp4KICdQoBEVxGWobd0N8y4%2BU09stzUWwlNtLr7ZpELJdM5js20wXv%2FCPp0FGPbRW1YS9DRx0CnKJULZZMqysBUMH2FL39sS0Fgstgy1ydTs7ySXdHziJV0inI%2BDWAsebQqtjk5gQEweUstc%2B%2BnzjdgAulpvWzfJsbknS%2BqUfktSdF2ZOWGhr1CFlfsMFEDS2nzQv4K3E%2BNaeylkzUnRe9M1sjIL%2FYR0wVZ5A3OfHLPf9HzC2B8%2FLu4g7N5Vctkqp2aerDvIkN5SNmDnRGyjOt2b%2BOsLMqG4X06JSsrZT6Ln8PimsrkSOIGbj0gCqscx7BwZfmCQePlCw%3D%3D&
# trade_no=2019082622001426981000041778&
# auth_app_id=2016092600597838&
# version=1.0&app_id=2016092600597838&
# sign_type=RSA2&
# seller_id=2088102177296610&
# timestamp=2019-08-26+13%3A51%3A01
"""
def dispatch(self, request, *args, **kwargs):
self.alipay = AliPay(
appid=settings.ALIPAY_APPID,
app_notify_url=settings.APP_NOTIFY_URL,
app_private_key_path=settings.APP_PRIVATE_KEY_PATH,
alipay_public_key_path=settings.ALIPAY_PUBLIC_KEY_PATH,
debug=settings.ALIPAY_DEBUG,
return_url=settings.RETURN_URL
)
#处理返回的url参数
callback_data = {}
for key, value in request.GET.items():
callback_data[key] = value
sign = callback_data.pop('sign', None)
self.order_sn = callback_data.get('out_trade_no', None) #订单号
self.trade_no = callback_data.get('trade_no', None) #支付宝订单号
# 验证签名
self.verify = self.alipay.verify(callback_data, sign)
return super(AlipayView, self).dispatch(request, *args, **kwargs)
def get(self, request):
"""处理支付宝return_url返回"""
if self.verify:
self.deposit()
#返回个人中心页面
return redirect(reverse('users:detail', kwargs={
'username': request.user.username
}))
def post(self, request):
"""
处理notify_url
"""
if self.verify:
self.deposit()
return Response('success')
def deposit(self):
"""充值操作
1.更新用户的金币信息
2.更新订单状态为交易成功
"""
# 数据库中查询订单记录
order = OrderInfo.objects.get(order_sn=self.order_sn)
order.trade_no = self.trade_no # 支付宝订单号
# 把人民币转换成对应的金币
rmb = order.order_mount
money = convert_rmb_to_money(rmb)
# 更新用户的金币
order.user.money += Decimal(money)
order.user.save()
# 订单状态置为交易成功
order.pay_status = 'TRADE_SUCCESS'
order.save()
当用户付款成功后,会跳转回来,那个就是return_url,处理这个的是get方法,用来更新用户的金币和订单。