fix 储备中退团采购清单错误

mec-student/src/main/java/com/ym/mec/student/controller/StudentOrderController.java

@@ -1,5 +1,6 @@
 package com.ym.mec.student.controller;
 
+import com.alibaba.fastjson.JSONObject;
 import com.ym.mec.biz.dal.dao.*;
 import com.ym.mec.biz.dal.dto.*;
 import com.ym.mec.biz.dal.entity.*;
@@ -28,6 +29,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.scheduling.annotation.EnableScheduling;
+import org.springframework.util.DigestUtils;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -150,6 +152,22 @@ public class StudentOrderController extends BaseController {
             @ApiImplicitParam(name = "payChannel", value = "支付方式（alipay-支付宝app支付）", required = true, dataType = "String"),
     })
     public Object executePayment(BigDecimal amount, String orderNo, String payChannel, String notifyUrl, String returnUrl, String orderSubject, String orderBody, String sign, String code, String platform) throws Exception {
+        Map<String, Object> signParams = new HashMap<>();
+        signParams.put("appId", ConfigInit.appId);
+        signParams.put("amount", amount);
+        signParams.put("orderNo", orderNo);
+        signParams.put("notifyUrl", notifyUrl);
+        signParams.put("returnUrl", returnUrl);
+        signParams.put("orderSubject", orderSubject);
+        signParams.put("orderBody", orderBody);
+        signParams.put("wxAppId", ConfigInit.wxAppId);
+
+        String originalStr = JSONObject.toJSONString(signParams);
+        String mewSign = DigestUtils.md5DigestAsHex(originalStr.getBytes());
+        if (mewSign.equals(sign)) {
+            return failed("请勿非法请求");
+        }
+
         String openId = "";
         if (payChannel.equals("wx_pub")) {
             if (code == null || code.isEmpty()) {
@@ -201,7 +219,7 @@ public class StudentOrderController extends BaseController {
         paymentParams.put("app_id", ConfigInit.appId);
         paymentParams.put("order_no", orderNo);
         paymentParams.put("pay_channel", payChannel);
-        paymentParams.put("pay_amt", payAmount.setScale(2, BigDecimal.ROUND_HALF_UP));
+        paymentParams.put("pay_amt", amount);
         paymentParams.put("goods_title", orderSubject);
         paymentParams.put("goods_desc", orderBody);
         paymentParams.put("time_expire", timeExpire);

mec-thirdparty/src/main/java/com/ym/mec/thirdparty/adapay/Payment.java

@@ -175,9 +175,9 @@ public class Payment extends ConfigInit {
 
 
     public static Map<String, Object> getPayMap(BigDecimal amount, String orderNo, String notifyUrl, String returnUrl, String orderSubject, String orderBody, String sellerNo, List<Map<String, Object>> tempRoutingList) throws Exception {
-        Map<String, Object> paymentParams = new HashMap<>(9);
+        Map<String, Object> paymentParams = new HashMap<>();
         paymentParams.put("appId", appId);
-        paymentParams.put("amount", amount);
+        paymentParams.put("amount", amount.setScale(2, BigDecimal.ROUND_HALF_UP));
         paymentParams.put("orderNo", orderNo);
         paymentParams.put("notifyUrl", notifyUrl);
         paymentParams.put("returnUrl", returnUrl);