<%@ page contentType="text/html; charset=utf-8"%>
<%@ page import="java.util.Date" %>
<%@ page import="java.util.HashMap" %>
<%@ page import="java.util.Iterator" %>
<%@ page import="java.io.PrintWriter" %>
<%@ page import="java.io.BufferedReader" %>
<%@ page import="java.io.InputStreamReader" %>
<%@ page import="java.net.URL" %>
<%@ page import="java.net.HttpURLConnection" %>
<%@ page import="java.text.SimpleDateFormat" %>
<%@ page import="java.security.MessageDigest" %>
<%@ page import="org.json.simple.JSONObject" %>
<%@ page import="org.json.simple.parser.JSONParser" %>
<%@ page import="org.apache.commons.codec.binary.Hex" %>
<%
request.setCharacterEncoding("utf-8");
/*
****************************************************************************************
* <인증 결과 파라미터>
****************************************************************************************
*/
String authResultCode = (String)request.getParameter("AuthResultCode"); // 인증결과 : 0000(성공)
String authResultMsg = (String)request.getParameter("AuthResultMsg"); // 인증결과 메시지
String nextAppURL = (String)request.getParameter("NextAppURL"); // 승인 요청 URL
String txTid = (String)request.getParameter("TxTid"); // 거래 ID
String authToken = (String)request.getParameter("AuthToken"); // 인증 TOKEN
String payMethod = (String)request.getParameter("PayMethod"); // 결제수단
String mid = (String)request.getParameter("MID"); // 상점 아이디
String moid = (String)request.getParameter("Moid"); // 상점 주문번호
String amt = (String)request.getParameter("Amt"); // 결제 금액
String reqReserved = (String)request.getParameter("ReqReserved"); // 상점 예약필드
String netCancelURL = (String)request.getParameter("NetCancelURL"); // 망취소 요청 URL
// String authSignature = (String)request.getParameter("Signature"); // Nicepay에서 내려준 응답값의 무결성 검증 Data
/*
****************************************************************************************
* Signature : 요청 데이터에 대한 무결성 검증을 위해 전달하는 파라미터로 허위 결제 요청 등 결제 및 보안 관련 이슈가 발생할 만한 요소를 방지하기 위해 연동 시 사용하시기 바라며
* 위변조 검증 미사용으로 인해 발생하는 이슈는 당사의 책임이 없음 참고하시기 바랍니다.
****************************************************************************************
*/
DataEncrypt sha256Enc = new DataEncrypt();
String merchantKey = "EYzu8jGGMfqaDEp76gSckuvnaHHu+bC4opsSN6lHv3b2lurNYkVXrZ7Z1AoqQnXI3eLuaUFyoRNC6FkrzVjceg=="; // 상점키
// 인증 응답 Signature = hex(sha256(AuthToken + MID + Amt + MerchantKey)
// String authComparisonSignature = sha256Enc.encrypt(authToken + mid + amt + merchantKey);
/*
****************************************************************************************
* <승인 결과 파라미터 정의>
* 샘플페이지에서는 승인 결과 파라미터 중 일부만 예시되어 있으며,
* 추가적으로 사용하실 파라미터는 연동메뉴얼을 참고하세요.
****************************************************************************************
*/
String ResultCode = ""; String ResultMsg = ""; String PayMethod = "";
String GoodsName = ""; String Amt = ""; String TID = "";
// String Signature = ""; String paySignature = "";
/*
****************************************************************************************
* <인증 결과 성공시 승인 진행>
****************************************************************************************
*/
String resultJsonStr = "";
if(authResultCode.equals("0000")){
/*
****************************************************************************************
* <해쉬암호화> (수정하지 마세요)
* SHA-256 해쉬암호화는 거래 위변조를 막기위한 방법입니다.
****************************************************************************************
*/
String ediDate = getyyyyMMddHHmmss();
String signData = sha256Enc.encrypt(authToken + mid + amt + ediDate + merchantKey);
/*
****************************************************************************************
* <승인 요청>
* 승인에 필요한 데이터 생성 후 server to server 통신을 통해 승인 처리 합니다.
****************************************************************************************
*/
StringBuffer requestData = new StringBuffer();
requestData.append("TID=").append(txTid).append("&");
requestData.append("AuthToken=").append(authToken).append("&");
requestData.append("MID=").append(mid).append("&");
requestData.append("Amt=").append(amt).append("&");
requestData.append("EdiDate=").append(ediDate).append("&");
requestData.append("CharSet=").append("utf-8").append("&");
requestData.append("SignData=").append(signData);
resultJsonStr = connectToServer(requestData.toString(), nextAppURL);
HashMap resultData = new HashMap();
boolean paySuccess = false;
if("9999".equals(resultJsonStr)){
/*
*************************************************************************************
* <망취소 요청>
* 승인 통신중에 Exception 발생시 망취소 처리를 권고합니다.
*************************************************************************************
*/
StringBuffer netCancelData = new StringBuffer();
requestData.append("&").append("NetCancel=").append("1");
String cancelResultJsonStr = connectToServer(requestData.toString(), netCancelURL);
HashMap cancelResultData = jsonStringToHashMap(cancelResultJsonStr);
ResultCode = (String)cancelResultData.get("ResultCode");
ResultMsg = (String)cancelResultData.get("ResultMsg");
/*Signature = (String)cancelResultData.get("Signature");
String CancelAmt = (String)cancelResultData.get("CancelAmt");
paySignature = sha256Enc.encrypt(TID + mid + CancelAmt + merchantKey);*/
}else{
resultData = jsonStringToHashMap(resultJsonStr);
ResultCode = (String)resultData.get("ResultCode"); // 결과코드 (정상 결과코드:3001)
ResultMsg = (String)resultData.get("ResultMsg"); // 결과메시지
PayMethod = (String)resultData.get("PayMethod"); // 결제수단
GoodsName = (String)resultData.get("GoodsName"); // 상품명
Amt = (String)resultData.get("Amt"); // 결제 금액
TID = (String)resultData.get("TID"); // 거래번호
// Signature : Nicepay에서 내려준 응답값의 무결성 검증 Data
// 가맹점에서 무결성을 검증하는 로직을 구현하여야 합니다.
/*Signature = (String)resultData.get("Signature");
paySignature = sha256Enc.encrypt(TID + mid + Amt + merchantKey);*/
/*
*************************************************************************************
* <결제 성공 여부 확인>
*************************************************************************************
*/
if(PayMethod != null){
if(PayMethod.equals("CARD")){
if(ResultCode.equals("3001")) paySuccess = true; // 신용카드(정상 결과코드:3001)
}else if(PayMethod.equals("BANK")){
if(ResultCode.equals("4000")) paySuccess = true; // 계좌이체(정상 결과코드:4000)
}else if(PayMethod.equals("CELLPHONE")){
if(ResultCode.equals("A000")) paySuccess = true; // 휴대폰(정상 결과코드:A000)
}else if(PayMethod.equals("VBANK")){
if(ResultCode.equals("4100")) paySuccess = true; // 가상계좌(정상 결과코드:4100)
}else if(PayMethod.equals("SSG_BANK")){
if(ResultCode.equals("0000")) paySuccess = true; // SSG은행계좌(정상 결과코드:0000)
}else if(PayMethod.equals("CMS_BANK")){
if(ResultCode.equals("0000")) paySuccess = true; // 계좌간편결제(정상 결과코드:0000)
}
}
}
}else/*if(authSignature.equals(authComparisonSignature))*/{
ResultCode = authResultCode;
ResultMsg = authResultMsg;
}/*else{
System.out.println("인증 응답 Signature : " + authSignature);
System.out.println("인증 생성 Signature : " + authComparisonSignature);
}*/
%>
<!DOCTYPE html>
<html>
<head>
<title>NICEPAY PAY RESULT(UTF-8)</title>
<meta charset="utf-8">
</head>
<body>
<table>
<%if("9999".equals(resultJsonStr)){%>
<tr>
<th>승인 통신 실패로 인한 망취소 처리 진행 결과</th>
<td>[<%=ResultCode%>]<%=ResultMsg%></td>
</tr>
<%}else{%>
<tr>
<th>결과 내용</th>
<td>[<%=ResultCode%>]<%=ResultMsg%></td>
</tr>
<tr>
<th>결제수단</th>
<td><%=PayMethod%></td>
</tr>
<tr>
<th>상품명</th>
<td><%=GoodsName%></td>
</tr>
<tr>
<th>결제 금액</th>
<td><%=Amt%></td>
</tr>
<tr>
<th>거래 번호</th>
<td><%=TID%></td>
</tr>
<!-- <%if(Signature.equals(paySignature)){%>
<tr>
<th>Signature</th>
<td><%=Signature%></td>
</tr>
<%}else{%>
<tr>
<th>승인 Signature</th>
<td><%=Signature%></td>
</tr>
<tr>
<th>생성 Signature</th>
<td><%=paySignature%></td>
</tr> -->
<%}%>
</table>
<p>*테스트 아이디인경우 당일 오후 11시 30분에 취소됩니다.</p>
</body>
</html>
<%!
public final synchronized String getyyyyMMddHHmmss(){
SimpleDateFormat yyyyMMddHHmmss = new SimpleDateFormat("yyyyMMddHHmmss");
return yyyyMMddHHmmss.format(new Date());
}
// SHA-256 형식으로 암호화
public class DataEncrypt{
MessageDigest md;
String strSRCData = "";
String strENCData = "";
String strOUTData = "";
public DataEncrypt(){ }
public String encrypt(String strData){
String passACL = null;
MessageDigest md = null;
try{
md = MessageDigest.getInstance("SHA-256");
md.reset();
md.update(strData.getBytes());
byte[] raw = md.digest();
passACL = encodeHex(raw);
}catch(Exception e){
System.out.print("암호화 에러" + e.toString());
}
return passACL;
}
public String encodeHex(byte [] b){
char [] c = Hex.encodeHex(b);
return new String(c);
}
}
//server to server 통신
public String connectToServer(String data, String reqUrl) throws Exception{
HttpURLConnection conn = null;
BufferedReader resultReader = null;
PrintWriter pw = null;
URL url = null;
int statusCode = 0;
StringBuffer recvBuffer = new StringBuffer();
try{
url = new URL(reqUrl);
conn = (HttpURLConnection) url.openConnection();
conn.setRequestMethod("POST");
conn.setConnectTimeout(3000);
conn.setReadTimeout(5000);
conn.setDoOutput(true);
pw = new PrintWriter(conn.getOutputStream());
pw.write(data);
pw.flush();
statusCode = conn.getResponseCode();
resultReader = new BufferedReader(new InputStreamReader(conn.getInputStream(), "utf-8"));
for(String temp; (temp = resultReader.readLine()) != null;){
recvBuffer.append(temp).append("\n");
}
if(!(statusCode == HttpURLConnection.HTTP_OK)){
throw new Exception();
}
return recvBuffer.toString().trim();
}catch (Exception e){
return "9999";
}finally{
recvBuffer.setLength(0);
try{
if(resultReader != null){
resultReader.close();
}
}catch(Exception ex){
resultReader = null;
}
try{
if(pw != null) {
pw.close();
}
}catch(Exception ex){
pw = null;
}
try{
if(conn != null) {
conn.disconnect();
}
}catch(Exception ex){
conn = null;
}
}
}
//JSON String -> HashMap 변환
private static HashMap jsonStringToHashMap(String str) throws Exception{
HashMap dataMap = new HashMap();
JSONParser parser = new JSONParser();
try{
Object obj = parser.parse(str);
JSONObject jsonObject = (JSONObject)obj;
Iterator<String> keyStr = jsonObject.keySet().iterator();
while(keyStr.hasNext()){
String key = keyStr.next();
Object value = jsonObject.get(key);
dataMap.put(key, value);
}
}catch(Exception e){
}
return dataMap;
}
%>
<?php
header("Content-Type:text/html; charset=utf-8;");
/*
****************************************************************************************
* <인증 결과 파라미터>
****************************************************************************************
*/
$authResultCode = $_POST['AuthResultCode']; // 인증결과 : 0000(성공)
$authResultMsg = $_POST['AuthResultMsg']; // 인증결과 메시지
$nextAppURL = $_POST['NextAppURL']; // 승인 요청 URL
$txTid = $_POST['TxTid']; // 거래 ID
$authToken = $_POST['AuthToken']; // 인증 TOKEN
$payMethod = $_POST['PayMethod']; // 결제수단
$mid = $_POST['MID']; // 상점 아이디
$moid = $_POST['Moid']; // 상점 주문번호
$amt = $_POST['Amt']; // 결제 금액
$reqReserved = $_POST['ReqReserved']; // 상점 예약필드
$netCancelURL = $_POST['NetCancelURL']; // 망취소 요청 URL
/*
****************************************************************************************
* <승인 결과 파라미터 정의>
* 샘플페이지에서는 승인 결과 파라미터 중 일부만 예시되어 있으며,
* 추가적으로 사용하실 파라미터는 연동메뉴얼을 참고하세요.
****************************************************************************************
*/
$response = "";
if($authResultCode === "0000"){
/*
****************************************************************************************
* <해쉬암호화> (수정하지 마세요)
* SHA-256 해쉬암호화는 거래 위변조를 막기위한 방법입니다.
****************************************************************************************
*/
$ediDate = date("YmdHis");
$merchantKey = "EYzu8jGGMfqaDEp76gSckuvnaHHu+bC4opsSN6lHv3b2lurNYkVXrZ7Z1AoqQnXI3eLuaUFyoRNC6FkrzVjceg=="; // 상점키
$signData = bin2hex(hash('sha256', $authToken . $mid . $amt . $ediDate . $merchantKey, true));
try{
$data = Array(
'TID' => $txTid,
'AuthToken' => $authToken,
'MID' => $mid,
'Amt' => $amt,
'EdiDate' => $ediDate,
'SignData' => $signData,
'CharSet' => 'utf-8'
);
$response = reqPost($data, $nextAppURL); //승인 호출
jsonRespDump($response); //response json dump example
}catch(Exception $e){
$e->getMessage();
$data = Array(
'TID' => $txTid,
'AuthToken' => $authToken,
'MID' => $mid,
'Amt' => $amt,
'EdiDate' => $ediDate,
'SignData' => $signData,
'NetCancel' => '1',
'CharSet' => 'utf-8'
);
$response = reqPost($data, $netCancelURL); //예외 발생시 망취소 진행
jsonRespDump($response); //response json dump example
}
}else{
//인증 실패 하는 경우 결과코드, 메시지
$ResultCode = $authResultCode;
$ResultMsg = $authResultMsg;
}
// API CALL foreach 예시
function jsonRespDump($resp){
$respArr = json_decode($resp);
foreach ( $respArr as $key => $value ){
echo "$key=". $value."<br />";
}
}
//Post api call
function reqPost(Array $data, $url){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 15); //connection timeout 15
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data)); //POST data
curl_setopt($ch, CURLOPT_POST, true);
$response = curl_exec($ch);
curl_close($ch);
return $response;
}
?>
using System;
using System.Web.UI;
using System.Security.Cryptography;
using System.Text;
using System.Net;
using System.IO;
using System.Web;
public partial class payResult : System.Web.UI.Page{
protected System.Web.UI.WebControls.Literal Res_ResultCode;
protected System.Web.UI.WebControls.Literal Res_ResultMsg;
protected System.Web.UI.WebControls.Literal Res_PayMethod;
protected System.Web.UI.WebControls.Literal Res_GoodsName;
protected System.Web.UI.WebControls.Literal Res_Amt;
protected System.Web.UI.WebControls.Literal Res_TID;
/*protected System.Web.UI.WebControls.Literal Res_Signature1;
protected System.Web.UI.WebControls.Literal Res_Signature2;
protected System.Web.UI.WebControls.Literal Res_paySignature;*/
protected string authResultCode;
protected string authResultMsg;
protected string nextAppURL;
protected string txTid;
protected string authToken;
protected string payMethod;
protected string mid;
protected string moid;
protected string amt;
protected string reqReserved;
protected string netCancelURL;
protected string signData;
protected string ediDate;
protected string merchantKey;
/*protected string Signature;
protected string authSignature;
protected string authComparisonSignature;
protected string paySignature;*/
protected void Page_Load(object sender, EventArgs e){
if (!Page.IsPostBack){
resultData();
}
}
protected void resultData(){
merchantKey = "EYzu8jGGMfqaDEp76gSckuvnaHHu+bC4opsSN6lHv3b2lurNYkVXrZ7Z1AoqQnXI3eLuaUFyoRNC6FkrzVjceg==";
authResultCode = Request.Params["AuthResultCode"];
authResultMsg = Request.Params["AuthResultMsg"];
nextAppURL = Request.Params["NextAppURL"];
txTid = Request.Params["TxTid"];
authToken = Request.Params["AuthToken"];
payMethod = Request.Params["PayMethod"];
mid = Request.Params["MID"];
moid = Request.Params["Moid"];
amt = Request.Params["Amt"];
reqReserved = Request.Params["ReqReserved"];
netCancelURL = Request.Params["NetCancelURL"];
//authSignature = Request.Params["Signature"];
ediDate = String.Format("{0:yyyyMMddHHmmss}", DateTime.Now);
signData = stringToSHA256(authToken + mid + amt + ediDate + merchantKey);
//authComparisonSignature = stringToSHA256(Request.Params["AuthToken"] + Request.Params["MID"] + Request.Params["Amt"] + merchantKey);
var postData = "TID=" + Uri.EscapeDataString(txTid);
postData += "&AuthToken=" + Uri.EscapeDataString(authToken);
postData += "&MID=" + Uri.EscapeDataString(mid);
postData += "&Amt=" + Uri.EscapeDataString(amt);
postData += "&EdiDate=" + ediDate;
postData += "&EdiType=" + "KV";
postData += "&SignData=" + Uri.EscapeDataString(stringToSHA256(authToken + mid + amt + ediDate + merchantKey));
if (authResultCode.Equals("0000")/* && authSignature.Equals(authComparisonSignature)*/)
{
//API Call
var result = apiRequest(nextAppURL, postData);
//Stream encode
var queryStr = streamEncode(result);
//ParseQueryString
var response = HttpUtility.ParseQueryString(queryStr);
//Response data
Res_ResultCode.Text = response["ResultCode"];
Res_ResultMsg.Text = response["ResultMsg"];
Res_PayMethod.Text = response["PayMethod"];
Res_GoodsName.Text = response["GoodsName"];
Res_Amt.Text = response["Amt"];
Res_TID.Text = response["TID"];
/*Res_Signature1.Text = response["Signature"];
Res_Signature2.Text = response["Signature"];
Signature = response["Signature"];
paySignature = stringToSHA256(response["TID"] + response["MID"] + response["Amt"] + merchantKey);
Res_paySignature.Text = paySignature; */
}
else /*if(authSignature.Equals(authComparisonSignature))*/
{
//Add parameters for Net cancel
postData += "&NetCancel=1";
//API Call to CancelURL
var result = apiRequest(netCancelURL, postData);
var queryStr = streamEncode(result);
//ParseQueryString
var response = HttpUtility.ParseQueryString(queryStr);
//Response data
Res_ResultCode.Text = response["ResultCode"];
Res_ResultMsg.Text = response["ResultMsg"];
}/*else
{
Console.WriteLine("authSignature : " + authSignature);
Console.WriteLine("authComparisonSignature : " + authComparisonSignature);
}*/
}
public String stringToSHA256(String plain)
{
SHA256Managed SHA256 = new SHA256Managed();
String getHashString = BitConverter.ToString(SHA256.ComputeHash(Encoding.UTF8.GetBytes(plain))).ToLower();
return getHashString.Replace("-", "");
}
public HttpWebResponse apiRequest(String url, String postData)
{
var request = (HttpWebRequest)WebRequest.Create(url);
System.Text.Encoding euckr = System.Text.Encoding.GetEncoding(51949);
var data = euckr.GetBytes(postData);
request.Method = "POST";
request.ContentType = "application/x-www-form-urlencoded";
request.ContentLength = data.Length;
using (var stream = request.GetRequestStream())
{
stream.Write(data, 0, data.Length);
}
var result = (HttpWebResponse)request.GetResponse();
return result;
}
public String streamEncode(HttpWebResponse result)
{
Stream ReceiveStream = result.GetResponseStream();
Encoding encode = System.Text.Encoding.GetEncoding(51949);
StreamReader sr = new StreamReader(ReceiveStream, encode);
Char[] read = new Char[8096];
int count = sr.Read(read, 0, 8096);
Char[] chTemp = new Char[count];
for (int i = 0; i < count; ++i)
chTemp[i] = read[i];
Byte[] buffer = encode.GetBytes(chTemp);
String strOut = encode.GetString(buffer);
return strOut;
}
}
const express = require('express')
const app = express()
const port = 3000
const iconv = require('iconv-lite')
const request = require('request')
const bodyParser = require("body-parser")
const CryptoJS = require("crypto-js")
const format = require('date-format')
const fs = require('fs')
const ejs = require('ejs')
var payRequest = fs.readFileSync('./public/payRequest.ejs', 'utf-8');
var cancelRequest = fs.readFileSync('./public/cancelRequest.ejs', 'utf-8');
const merchantKey = "EYzu8jGGMfqaDEp76gSckuvnaHHu+bC4opsSN6lHv3b2lurNYkVXrZ7Z1AoqQnXI3eLuaUFyoRNC6FkrzVjceg==";
const merchantID = "nicepay00m";
var ediDate = format.asString('yyyyMMddhhmmss', new Date());
var amt = '1004';
var returnURL = 'http://localhost:3000/authReq';
var goodsName = "나이스상품";
var moid = 'nice_api_test_3.0';
var buyerName = '구매자';
var buyerEmail = 'happy@day.com';
var buyerTel = '00000000000';
app.use(express.static('public'))
app.use(bodyParser.urlencoded({ extended: false }))
//route for payment
app.get('/payment', function(req, res) {
var index = ejs.render(payRequest, {
goodsName : goodsName,
amt : amt,
moid : moid,
buyerName : buyerName,
buyerEmail : buyerEmail,
buyerTel : buyerTel,
merchantID: merchantID,
ediDate: ediDate,
hashString : getSignData(ediDate + merchantID + amt + merchantKey).toString(),
returnURL: returnURL
})
res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' })
res.write(index)
res.end()
})
//route for cancel
app.get('/cancel', function(req, res) {
var index = ejs.render(cancelRequest, {
})
res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' })
res.write(index)
res.end()
})
//authentication from client
app.post('/authReq', function(req, res) {
var authResultCode = req.body.AuthResultCode;
var authResultMsg = req.body.AuthResultMsg;
var txTid = req.body.TxTid;
var authToken = req.body.AuthToken;
var payMethod = req.body.PayMethod;
var mid = req.body.MID;
var moid = req.body.Moid;
var amt = req.body.Amt;
var reqReserved = req.body.ReqReserved;
var nextAppURL = req.body.NextAppURL; //승인 API URL
var netCancelURL = req.body.NetCancelURL; //API 응답이 없는 경우 망취소 API 호출
//var authSignature = req.body.Signature; //Nicepay에서 내려준 응답값의 무결성 검증 Data
//인증 응답 Signature = hex(sha256(AuthToken + MID + Amt + MerchantKey)
//var authComparisonSignature = getSignData(req.body.AuthToken + req.body.MID + req.body.Amt + merchantKey).toString();
var signData = getSignData(authToken + mid + amt + ediDate + merchantKey).toString();
/*
****************************************************************************************
* Signature : 요청 데이터에 대한 무결성 검증을 위해 전달하는 파라미터로 허위 결제 요청 등 결제 및 보안 관련 이슈가 발생할 만한 요소를 방지하기 위해 연동 시 사용하시기 바라며
* 위변조 검증 미사용으로 인해 발생하는 이슈는 당사의 책임이 없음 참고하시기 바랍니다.
****************************************************************************************
*/
// Configure the request
var options = {
url: nextAppURL,
method: 'POST',
headers: {
'User-Agent': 'Super Agent/0.0.1',
'Content-Type': 'application/x-www-form-urlencoded'
},
encoding: null,
form: { 'TID': txTid,
'AuthToken': authToken,
'Amt': amt,
'MID': mid,
'SignData': signData,
'EdiDate': ediDate,
}
}
//인증 응답으로 받은 Signature 검증을 통해 무결성 검증을 진행하여야 합니다.
/*if(authSignature === authComparisonSignature){
authRequest(options); //authResultCode가 0000인 경우만 승인 API 호출 합니다.
}
else{
console.log("authSignature : " + authSignature)
console.log("authComparisonSignature : " + authComparisonSignature)
}*/
authRequest(options); //authResultCode가 0000인 경우만 승인 API 호출 합니다.
res.send('Result data is in Terminal');
})
//cancel request
app.post('/cancelReq', function(req, res) {
var tid = req.body.TID;
var moid = "nicepay_api_3.0_test";
var cancelAmt = req.body.CancelAmt;
var CancelMsg = "test"; //취소 메시지 한글 처리하는경우 인코딩 EUC-KR로 요청, iconv-lite 사용 불가
var partialCancelCode = req.body.PartialCancelCode;
var signData = getSignData(merchantID + cancelAmt + ediDate + merchantKey).toString();
// Configure the request
var options = {
url: "https://webapi.nicepay.co.kr/webapi/cancel_process.jsp",
method: 'POST',
headers: {
'User-Agent': 'Super Agent/0.0.1',
'Content-Type': 'application/x-www-form-urlencoded'
},
encoding: null,
form: { 'TID': tid,
'MID': merchantID,
'Moid': moid,
'CancelAmt': cancelAmt,
'CancelMsg': CancelMsg,
'PartialCancelCode': partialCancelCode,
'EdiDate': ediDate,
'SignData': signData,
}
}
authRequest(options);
res.send('Result data is in Terminal');
})
function authRequest(options){
// Start the request
request(options, function(error, response, body) {
if (!error && response.statusCode == 200) {
var strContents = new Buffer(body)
var returnObj = JSON.parse(iconv.decode(strContents, 'EUC-KR').toString())
//var Signature = JSON.parse(strContents).Signature.toString()
console.log(returnObj)
//가맹점은 승인응답으로 전달된 TID, Amt 값을 활용하여 위변조 대조 해쉬값을 생성하여 전달받은 Signature 값과 대조를 진행합니다. 대조가 일치할 경우 정상승인을 진행합니다.
/*if (options.url === "https://webapi.nicepay.co.kr/webapi/pay_process.jsp"){
var paySignature = getSignData(JSON.parse(strContents).TID.toString() + JSON.parse(strContents).MID.toString() + JSON.parse(strContents).Amt.toString() + merchantKey).toString();
console.log(returnObj)
if (Signature === paySignature) {
console.log("Signature : " + Signature)
}
else {
console.log("Signature : " + Signature)
console.log("paySignature : " + paySignature)
}
}
else { //취소 응답 시 위변조 대조 해쉬값을 생성하여 전달받은 Signature 값과 대조를 진행합니다. 대조가 일치할 경우 취소를 진행합니다.
var cancelSignature = getSignData(JSON.parse(strContents).TID.toString() + JSON.parse(strContents).MID.toString() + JSON.parse(strContents).CancelAmt.toString() + merchantKey).toString();
console.log(returnObj)
if (Signature === cancelSignature) {
console.log("Signature : " + Signature)
}
else {
console.log("Signature : " + Signature)
console.log("cancelSignature : " + cancelSignature)
}
}*/
}
})
}
function getSignData(str) {
var encrypted = CryptoJS.SHA256(str);
return encrypted;
}
app.listen(port, () => console.log('**\n\nPAYMENT TEST URL:: localhost:3000/payment\nCANCEL TEST URL:: localhost:3000/cancel \n\n**'))
from flask import Flask, render_template, request
from datetime import datetime
import hashlib, requests, sys, json
from base64 import b64encode, b64decode
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad, unpad
from Crypto.Random import get_random_bytes
app = Flask(__name__)
def getSignData(str):
encoded_str = str.encode()
EncryptData = hashlib.sha256(encoded_str).hexdigest()
return EncryptData
def getEdiDate():
YYYYmmddHHMMSS = datetime.today().strftime("%Y%m%d%H%M%S")
return str(YYYYmmddHHMMSS)
def authRequest(url, data):
headers = {
'Content-type' : 'application/x-www-form-urlencoded', 'charset': 'euc-kr'
}
response = requests.post(
url=url,
data=data,
headers=headers
)
resDict = json.loads(response.text)
print(resDict)
return resDict
##Req variables
Amt = "1004" # 결제상품금액
BuyerEmail = "happy@day.co.kr" # 구매자메일주소
BuyerName = "나이스" # 구매자명
BuyerTel = "01000000000" # 구매자연락처
EdiDate = getEdiDate() # 거래 날짜
GoodsName = "상품" # 결제상품명
MerchantKey = "EYzu8jGGMfqaDEp76gSckuvnaHHu+bC4opsSN6lHv3b2lurNYkVXrZ7Z1AoqQnXI3eLuaUFyoRNC6FkrzVjceg==" #상점키
MID = "nicepay00m" # 상점아이디
Moid = "mnoid1234567890" # 상품주문번호
CancelPwd = "123456" # 취소비밀번호
ReturnURL = "http://localhost:5000/authReq" # Mobile only
@app.route('/payment')
def reqPc():
return render_template(
'payRequest.html',
MID=MID,
Amt=Amt,
GoodsName=GoodsName,
BuyerEmail=BuyerEmail,
BuyerName=BuyerName,
BuyerTel=BuyerTel,
Moid=Moid,
EdiDate=EdiDate,
EncryptData=getSignData(EdiDate + MID + Amt + MerchantKey),
returnURL=ReturnURL
)
@app.route('/cancel')
def reqCancel():
return render_template(
'cancelRequest.html',
title="hello world"
)
@app.route('/authReq', methods=['POST'])
def getReq():
AuthResultCode=request.form['AuthResultCode']
AuthResultMsg=request.form['AuthResultMsg']
TxTid=request.form['TxTid']
AuthToken=request.form['AuthToken']
PayMethod=request.form['PayMethod']
MID=request.form['MID']
Moid=request.form['Moid']
Amt=request.form['Amt']
ReqReserved=request.form['ReqReserved']
NextAppURL=request.form['NextAppURL'] #승인 API URL
NetCancelURL=request.form['NetCancelURL'] #API 응답이 없는 경우 망취소 API 호출
EdiDate=getEdiDate()
SignData=getSignData(AuthToken + MID + Amt + EdiDate + MerchantKey)
# authSignature=request.form['Signature'] #Nicepay에서 내려준 응답값의 무결성 검증 Data
# #인증 응답 Signature = hex(sha256(AuthToken + MID + Amt + MerchantKey))indentation
# authComparisonSignature = getSignData(request.form['AuthToken'] + request.form['MID'] + request.form['Amt'] + MerchantKey)
data = {
'TID': TxTid,
'AuthToken': AuthToken,
'Amt': Amt,
'MID': MID,
'SignData': SignData,
'EdiDate': EdiDate
}
# #인증 응답으로 받은 Signature 검증을 통해 무결성 검증을 진행하여야 합니다.
# if(authSignature == authComparisonSignature):
# resDict = authRequest(NextAppURL, data)
# else:
# print("authSignature : " + authSignature)
# print("authComparisonSignature : " + authComparisonSignature)
#AuthResultCode가 0000인경우 승인 API 호출
resDict = authRequest(NextAppURL, data)
# Signature = resDict['Signature']
# #가맹점은 승인응답으로 전달된 TID, Amt 값을 활용하여 위변조 대조 해쉬값을 생성하여 전달받은 Signature 값과 대조를 진행합니다. 대조가 일치할 경우 정상승인을 진행합니다.
# paySignature = getSignData(resDict['TID'] + resDict['MID'] + resDict['Amt'] + MerchantKey)
# if(Signature == paySignature):
# print("Signature : " + Signature)
# return render_template(
# 'result.html',
# result=resDict
# )
# else:
# print("Signature : " + Signature)
# print("paySignature : " + paySignature)
return render_template(
'result.html',
result=resDict
)
#Cancel
@app.route('/cancelReq', methods=['POST'])
def cancelReq():
TID=request.form['TID']
CancelAmt=request.form['CancelAmt']
PartialCancelCode=request.form['PartialCancelCode']
Moid="test"
CancelMsgKr="고객요청"
CancelMsg=CancelMsgKr.encode("euc-kr","ignore")
EdiDate=getEdiDate()
SignData=getSignData(MID + CancelAmt + EdiDate + MerchantKey)
data = {
'TID': TID,
'MID': MID,
'Moid': Moid,
'CancelAmt': CancelAmt,
'CancelMsg': CancelMsg, #취소 메시지 한글 처리하는경우 인코딩 EUC-KR로 요청
'PartialCancelCode': PartialCancelCode,
'EdiDate': EdiDate,
'SignData': SignData
}
resDict = authRequest("https://webapi.nicepay.co.kr/webapi/cancel_process.jsp", data)
# Signature = resDict['Signature']
# #취소 응답 시 위변조 대조 해쉬값을 생성하여 전달받은 Signature 값과 대조를 진행합니다. 대조가 일치할 경우 취소를 진행합니다.
# cancelSignature = getSignData(resDict['TID'] + resDict['MID'] + resDict['CancelAmt'] + MerchantKey)
# if(Signature == cancelSignature):
# print("Signature : " + Signature)
# return render_template(
# 'result.html',
# result=resDict
# )
# else:
# print("Signature : " + Signature)
# print("cancelSignature : " + cancelSignature)
return render_template(
'result.html',
result=resDict
)
if __name__ == '__main__':
app.run(debug=True)