Phong

7 bundles
1 file9 days ago
1

const confirm = (req) => {

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162
const confirm = (req) => { console.log("header", req.headers); const ts = req.headers.ts; const bank_code = req.get("bank_code"); const sig = req.headers.sig; const secret = req.headers.secret; const currentTime = moment().valueOf(); console.log(currentTime); console.log(config.auth.partnerRSA); console.log("m partCode", bank_code); console.log("m partCode2", JSON.stringify(req.body)); console.log("m partCode3", secret); if (currentTime - ts > config.auth.expireTime) { console.log("return 1"); return 1; } if (bank_code != config.auth.partnerRSA && bank_code != config.auth.partnerPGP) { console.log("return 2"); return 2; } const comparingSign = hash.MD5(ts + JSON.stringify(req.body) + config.auth.secret); // const comparingSign = "8685a1e0c9a64edb138216e66188fb17"; if (sig != comparingSign) { console.log(comparingSign); console.log("return 3"); return 3; } // if (!req.body.transferer) { // console.log("return 4"); // return 4; // } // hashSecretKey = md5(config.auth.secret); // sig = md5(bank_code + ts + JSON.stringify(testbody) + hashSecretKey); }; module.exports = { transfer: async function (req, res) { const privateKeyArmored = fs.readFileSync("my_rsa_private.key", "utf8"); const myKeyPrivate = new NodeRSA().importKey(privateKeyArmored); let body = req.body; const bank_code = "PPNBank"; const ts = Date.now(); const hashString = hash.MD5( bank_code + ts.toString() + JSON.stringify(req.body) + config.auth.secretPartnerRSA ); // const hashString = hash.MD5(config.auth.secretPartnerRSA); var sig = myKeyPrivate.sign(hashString, "hex", "hex"); const headers = { ts, bank_code, sig }; const { content, amount, transferer, receiver, payFee } = req.body; await accountModel.findOne("checking_account_number", transferer).then((rows) => { row = rows[0]; console.log(row.checking_account_amount); }); if (row.checking_account_amount > amount) { superagent .post(`${config.auth.apiRoot}/money-transfer`) .send(body) .set(headers) .end((err, result) => { accountModel.updateCheckingMoney(transferer, 0 - amount); //log //history log let transactionHistory = { sender_account_number: body.transferer, sender_bank_code: bank_code, receiver_account_number: body.receiver, //don't have bankcode of receiver receiver_bank_code: "", amount: body.amount, transaction_fee: 5000, log: body.transferer + " đã gửi " + body.amount + " cho " + body.receiver, message: body.content, }; transactionModel.add(transactionHistory); res.status(200).json(result.text); }); } else { res.status(400).json({ message: "Tài khoản không đủ tiền", receiver, }); } }, receive: async function (req, res) { const { ts, bank_code, sig } = req.headers; const private = fs.readFileSync("partner_RSA_private.key", "utf8"); const privateKey = new NodeRSA().importKey(private); const body = req.body; const ts2 = moment().valueOf(); const hashString3 = hash.MD5(bank_code + ts + JSON.stringify(req.body) + config.auth.secret); const mySign = privateKey.sign(hashString3, "hex", "hex"); const public = fs.readFileSync("partner_RSA_public.key", "utf8"); const publicKey = new NodeRSA().importKey(public); const hashString = hash.MD5(bank_code + ts + JSON.stringify(req.body) + config.auth.secret); var veri = publicKey.verify(hashString, mySign, "hex", "hex"); const currentTime = moment().valueOf(); console.log("ts", ts2); console.log("sig", hashString); if (currentTime - ts > config.auth.expireTime) { console.log("return 1"); return 1; } if (bank_code != config.auth.partnerRSA && bank_code != config.auth.partnerPGP) { console.log("return 2"); return 2; } if (!req.body.transferer) { console.log("return 4"); return 4; } if (veri != true) { return res.status(400).send({ message: "Wrong sign.", }); } switch (bank_code) { case "TUB": const { content, amount, transferer, receiver, payFee } = req.body; if (accountModel.findOne("checking_account_number", receiver)) { accountModel.updateCheckingMoney(receiver, amount); //log let transactionHistory = { sender_account_number: body.transferer, sender_bank_code: bank_code, receiver_account_number: body.receiver, //don't have bankcode of receiver receiver_bank_code: "", amount: body.amount, transaction_fee: 5000, log: body.transferer + " đã gửi " + body.amount + " cho " + body.receiver, message: body.content, }; transactionModel.add(transactionHistory); } else { res.status(400).json({ message: "Veri successont have this account", receiver, }); } case "ABC": } return res.status(200).json({ message: "Chuyển tiền thành công", }); },