Payments Lite(无服务器):首次购买有效,但第二次总是失败
在Facebook上作为Canvas应用程序托管的文字游戏中,我想销售一个消费品“1年VIP状态”,让玩家可以通过Facebook Payments Lite (serverless)暂时访问游戏中的某些区域。
我的JavaScript代码显示 Pay Dialog ,然后将signed_request传递给我的PHP脚本 -
我的Canvas应用中的JavaScript代码:
function buyVip() {
var obj = {
method: "pay",
action: "purchaseiap",
product_id: "test1"
};
FB.ui(obj, function(data) {
$.post("/payment-lite.php",
{ signed_request: data.signed_request })
.done(function(data) {
location.reload();
});
});
}
我的PHP脚本/payment-lite.php:
const APP_SECRET = 'XXXXXXX';
$request = parse_signed_request($_POST['signed_request'], APP_SECRET);
error_log(print_r($request, TRUE));
// TODO validate $request and set the user VIP status in the game database
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), TRUE);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return NULL;
}
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = TRUE);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return NULL;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
在应用信息中心 - >网络付款我添加了一个测试用户和一个测试产品,其中包含“产品ID”test1,价格为0.01欧元:
最后,我以测试用户身份登录并按下应用程序中的一个按钮,调用buyVip方法 - 导致支付对话框出现:
然后在服务器日志中,我看到payment.php脚本被成功调用:
[30-Jul-2017 14:34:20 Europe/Berlin] Array
(
[algorithm] => HMAC-SHA256
[amount] => 0.01
[app_id] => 376218039240910
[currency] => EUR
[issued_at] => 1501418059
[payment_id] => 1084810821649513
[product_id] => test1
[purchase_time] => 1501418057
[purchase_token] => 498440660497153
[quantity] => 1
[status] => completed
)
但是,当我稍后尝试相同的步骤时,会出现支付对话框,但在按下带有错误的购买按钮后会失败
处理您的付款时遇到问题:抱歉,我们正在处理 无法处理您的付款。你没有被指控这件事 交易。请再试一次。
在浏览器控制台中,我看到了1383001 Unknown错误代码:
{error_code:1383001,error_message:“处理有问题 您的付款:对不起......已收取此笔交易费用。请试试 试。“}
请问,为什么首先购买请求成功,但后续失败?
在我的应用程序中,我当然会在成功购买后隐藏“购买VIP状态”按钮一年,但我仍然想知道,这里发生了什么。
同样在未来我想在我的游戏中销售像“硬币”这样的消费虚拟商品,然后多次购买应该会成功。
更新
我尝试通过向payment.php添加以下代码来consume进行购买(使用APP_ID|APP_SECRET代替所需的用户访问令牌):
$post = [
'access_token' => APP_ID . '|' . APP_SECRET,
];
$ch = curl_init('https://graph.facebook.com/498440660497153/consume');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
$response = curl_exec($ch);
curl_close($ch);
error_log(print_r($response, TRUE));
但不幸的是得到错误:
{“error”:{“message”:“不支持的帖子请求。带ID的对象 '498440660497153'不存在,因缺失无法加载 权限,或不支持此操作。请阅读图表 API文档在 https://developers.facebook.com/docs/graph-api”, “类型”: “GraphMethodException”, “代码”:100, “fbtrace_id”: “HDusTBubydJ”}}
2 个答案:
答案 0 :(得分:2)
在创建具有相同product_id的新用户之前,您应该为该用户使用之前的购买。这样做是为了防止用户为非消耗品多次购买同一物品。
FB.api(
'/' + PURCHASE_TOKEN + '/consume', // Replace the PURCHASE_TOKEN
'post',
{access_token: access_token}, // Replace with a user access token
result => {
console.log('consuming product', productId, 'with purchase token', purchaseToken);
console.log('Result:');
console.log(result);
}
);
https://developers.facebook.com/docs/games_payments/payments_lite#consuming
<强>更新
如果您想通过服务器进行购买,可以将access_token传递给您的php脚本。
$.post("/words/facebook/payment.php", { access_token: access_token })
要获取access_token,您可以使用此功能。
var access_token = '';
FB.getLoginStatus(function(response) {
if (response.status === 'connected') {
access_token = response.authResponse.accessToken;
}
});
答案 1 :(得分:2)
我正在回答我自己的问题,根据Alexey Mukhin的有用回复,分享通过Facebook Payments Lite销售耗材虚拟商品所需的完整源代码 -
您的Facebook Canvas应用中的JavaScript代码(分配给按钮-ONCLICK):
function buyItemLite() {
var payDialog = {
method: "pay",
action: "purchaseiap",
product_id: "test1"
};
FB.ui(payDialog, function(payResponse) {
FB.getLoginStatus(function(loginResponse) {
if (loginResponse.status === "connected") {
$.post("/payment-lite.php", {
signed_request: payResponse.signed_request,
access_token: loginResponse.authResponse.accessToken
})
.done(function(consumeResponse) {
location.reload();
});
}
});
});
}
您的网络服务器上托管的payment-lite.php脚本中的PHP代码:
const APP_ID = 'replace by your app id';
const APP_SECRET = 'replace by your app secret';
const SIGNED_REQUEST = 'signed_request';
const STATUS = 'status';
const COMPLETED = 'completed';
const PRODUCT_ID = 'product_id';
const PURCHASE_TOKEN = 'purchase_token';
const ACCESS_TOKEN = 'access_token';
const CONSUME_URL = 'https://graph.facebook.com/%d/consume';
$request = parse_signed_request($_REQUEST[SIGNED_REQUEST], APP_SECRET);
error_log('pay dialog request: ' . print_r($request, TRUE));
if ($request[STATUS] === COMPLETED && $request[PRODUCT_ID] === 'test1') {
# perform POST request to consume the purchase_token
$url = sprintf(CONSUME_URL, $request[PURCHASE_TOKEN]);
$fields = array(ACCESS_TOKEN => $_REQUEST[ACCESS_TOKEN]);
$client = curl_init($url);
curl_setopt($client, CURLOPT_RETURNTRANSFER, true);
curl_setopt($client, CURLOPT_POSTFIELDS, $fields);
$response = curl_exec($client);
curl_close($client);
error_log('consume response: ' . print_r($response, TRUE));
# TODO give the player the newly purchased consumable "test1" product
}
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), TRUE);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return NULL;
}
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = TRUE);
if ($sig !== $expected_sig) { // or better use hash_equals
error_log('Bad Signed JSON signature!');
return NULL;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
注意:如果您碰巧拥有最新的PHP版本,请在上面的代码中更好地使用hash_equals,以缓解计时攻击。
不要忘记在应用的Facebook Dashboard中启用 Payments Lite ,并添加&#34; test1&#34;那里的产品:
如果您按照上述说明操作,则可以购买&#34; test1&#34; item多次,你将在PHP日志中得到的输出如下:
pay dialog request: Array
(
[algorithm] => HMAC-SHA256
[amount] => 0.01
[app_id] => 376218039240910
[currency] => EUR
[issued_at] => 1501674845
[payment_id] => 1041009052696057
[product_id] => test1
[purchase_time] => 1501674843
[purchase_token] => 499658830375336
[quantity] => 1
[status] => completed
)
consume response: {"success":true}
最后,我将在非精简版Facebook Payments的 webhook 代码下面分享,因为这实际上是我最终使用的(它处理退款并且不需要标记项目购买后消耗品 -
您的Facebook Canvas应用中的JavaScript代码(分配给按钮-ONCLICK):
function buyItemFull() {
var payDialog = {
method: "pay",
action: "purchaseitem",
product: "https://myserver/test1.html"
};
FB.ui(payDialog, function(data) {
location.reload();
});
}
您的网络服务器上托管的payment-full.php脚本中的PHP代码:
const APP_ID = 'replace by your app id';
const APP_SECRET = 'replace by your app secret';
const HUB_MODE = 'hub_mode';
const HUB_CHALLENGE = 'hub_challenge';
const HUB_VERIFY_TOKEN = 'hub_verify_token';
const SUBSCRIBE = 'subscribe';
const ENTRY = 'entry';
const CHANGED_FIELDS = 'changed_fields';
const ID = 'id';
const USER = 'user';
const ACTIONS = 'actions';
const ITEMS = 'items';
const PRODUCT = 'product';
const AMOUNT = 'amount';
# payment status can be initiated, failed, completed
const STATUS = 'status';
const COMPLETED = 'completed';
# possible payment event types are listed below
const TYPE = 'type';
const CHARGE = 'charge';
const CHARGEBACK_REVERSAL = 'chargeback_reversal';
const REFUND = 'refund';
const CHARGEBACK = 'chargeback';
const DECLINE = 'decline';
const GRAPH = 'https://graph.facebook.com/v2.10/%d?access_token=%s|%s&fields=user,actions,items';
const TEST1 = 'https://myserver/test1.html';
# called by Facebook Dashboard when "Test Callback URL" button is pressed
if (isset($_GET[HUB_MODE]) && $_GET[HUB_MODE] === SUBSCRIBE) {
print($_GET[HUB_CHALLENGE]);
exit(0);
}
# called when there is an update on a payment (NOTE: better use hash_equals)
$body = file_get_contents('php://input');
if ('sha1=' . hash_hmac('sha1', $body, APP_SECRET) != $_SERVER['HTTP_X_HUB_SIGNATURE']) {
error_log('payment sig=' . $_SERVER['HTTP_X_HUB_SIGNATURE'] . ' does not match body=' . $body);
exit(1);
}
# find the updated payment id and what has changed: actions or disputes
$update = json_decode($body, TRUE);
error_log('payment update=' . print_r($update, TRUE));
$entry = array_shift($update[ENTRY]);
$payment_id = $entry[ID];
$changed_fields = $entry[CHANGED_FIELDS];
if (!in_array(ACTIONS, $changed_fields)) {
error_log('payment actions has not changed');
exit(0);
}
# fetch the updated payment details: user, actions, items
$graph = sprintf(GRAPH, $payment_id, APP_ID, APP_SECRET);
$payment = json_decode(file_get_contents($graph), TRUE);
error_log('payment details=' . print_r($payment, TRUE));
# find the user id who has paid
$uid = $payment[USER][ID];
# find the last action and its status and type
$actions = $payment[ACTIONS];
$action = array_pop($actions);
$status = $action[STATUS];
$type = $action[TYPE];
$price = $action[AMOUNT];
# find which product was purchased
$items = $payment[ITEMS];
$item = array_pop($items);
$product = $item[PRODUCT];
error_log("payment uid=$uid status=$status type=$type product=$product price=$price");
if ($status != COMPLETED) {
error_log('payment status is not completed');
exit(0);
}
# money has been received, update the player record in the database
if ($type === CHARGE || $type === CHARGEBACK_REVERSAL) {
if ($product === TEST1) {
# TODO give the player the purchased "test1" product
}
} else if ($type === REFUND || $type === CHARGEBACK || $type === DECLINE) {
# TODO take away from the player the "test1" product
}
不要忘记在应用的Facebook Dashboard中停用 Payments Lite ,并添加&#34; payment-full.php&#34; webhook那里:
最后添加&#34; test1.html&#34;您的网络服务器上的产品文件:
<!DOCTYPE html><html>
<head prefix=
"og: http://ogp.me/ns#
fb: http://ogp.me/ns/fb#
product: http://ogp.me/ns/product#">
<meta property="og:type" content="og:product" />
<meta property="og:title" content="Test1" />
<meta property="og:image" content="https://myserver/icon-50x50.png" />
<meta property="og:description" content="Test1" />
<meta property="og:url" content="https://myserver/test1.html" />
<meta property="product:price:amount" content="0.01"/>
<meta property="product:price:currency" content="EUR"/>
</head>
</html>
目前在网上发现的Facebook付款示例并不多。
如果您发现我的源代码(公共域许可证)很有用,那么请提出问题和答案,以帮助其他开发人员发现它。
相关问题
- 第一个HttpWebResponse.GetResponseStream()失败,第二个工作?
- PowerShell脚本第一次失败但第二次失败
- Everyauth,第一次登录工作,第二次失败
- BackgroundWorker第一次工作,但第二次失败
- Rails后台工作者总是第一次失败,第二次工作
- 第一次运行失败,第二次运行在Asynctask中
- Jenkins / Tomcat - 第一次部署/启动总是失败,第二次部署/启动工作
- Payments Lite(无服务器):首次购买有效,但第二次总是失败
- 快速无服务器api无法正常工作。但离线运行良好(无服务器离线)
- 在RStudio中,`knit`始终有效,但是`rmarkdown :: render`在第二次运行时会失败(但不是第一次!)
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?