我正在尝试在我的服务器上接收来自 Apple 的应用内购买交易通知。
我发现了一个带有实现的SO问题 Appstore服务器通知设置【接收App Store服务器通知版本2】,
但苹果似乎创建了一个库来使这变得更容易。以下是服务器库的 GitHub 和文档:
Github:https://github.com/apple/app-store-server-library-node
我的具体问题是当我运行生产线时
const verifiedNotification =
await signedDataVerifier.verifyAndDecodeNotification(signedPayload)
console.log('data:', verifiedNotification.data)
它不会抛出错误,但它也不会解码签名的Payload。当我记录verifiedNotification时,我仍然得到这样的信息:
ZDJSeVp6WXVaR1Z5TURFR0NDc0dBUVVGQnpBQmhpVm9kSFJ3T2k4dmIyTnpjQzVoY0hCc1pTNWpiMjB2YjJOemNEQXpMWGQzWkhKbk5qQXlNSUlCSGdZRFZSMGdCSUlCRlRDQ0FSRXdnZ0VOQmdvcWhraUc5Mk5rQlFZQk1JSCtNSUhEQmdnckJnRUZCUWNDQWpDQnRneUJzMUpsYkdsaGJtTmxJRzl1SUhSb2FYTWdZMlZ5ZEdsbWFXTmhkR1VnWW5rZ1lXNTVJSEJoY25SNUlHRnpjM1Z0WlhNZ1lXTmpaWEIwWVc1alpTQnZaaUIwYUdVZ2RHaGxiaUJoY0hCc2FXTmhZbXhsSUhOMFlXNWtZWEprSUhSbGNtMXpJR0Z1WkNCamIyNWthWFJwYjI
我的实现是在 next.js api 路由中。我可以验证我是否收到了来自苹果的签名有效负载。这是我的完整实现:
import {
Environment,
SignedDataVerifier
} from '@apple/app-store-server-library'
import fs from 'fs'
import path from 'path'
export default async function handler(req, res) {
const signedPayload = req.body.signedPayload
//app data
const bundleId = 'com.myappname.www'
const environment = Environment.SANDBOX
const enableOnlineChecks = true
const appAppleId = **********
//join the certifications required from apple, could order here matter?
const rootCAs = [
fs.readFileSync(
path.join(
process.cwd(),
'src/pages/api/webhooks/AppleComputerRootCertificate.cer'
)
),
fs.readFileSync(
path.join(
process.cwd(),
'src/pages/api/webhooks/AppleIncRootCertificate.cer'
)
),
fs.readFileSync(
path.join(process.cwd(), 'src/pages/api/webhooks/AppleRootCA-G2.cer')
),
fs.readFileSync(
path.join(process.cwd(), 'src/pages/api/webhooks/AppleRootCA-G3.cer')
)
]
try {
const signedDataVerifier = new SignedDataVerifier(
rootCAs,
enableOnlineChecks,
environment,
bundleId,
appAppleId
)
const verifiedNotification =
await signedDataVerifier.verifyAndDecodeNotification(signedPayload)
console.log('data:', verifiedNotification.data)
res.status(200).json({ message: 'Notification processed successfully' })
} catch (error) {
console.error('Error processing notification:', error)
res.status(500).json({ error: 'Error processing notification' })
}
}
有什么想法吗?感谢您的帮助。
上述实现有效,但 Vercel 切断了我日志的第一部分,唯一显示的部分是加密的signedTransactionInfo。我将其解释为一个错误。谢谢维塞尔。