标签:
这几天我们的IOS游戏上架了.然后收到了很多的用户充值.但是itunesconnet上面却只有2个人确实是交了钱.肯定有人骗了我们.
先介绍下我们的验证流程:
手机发起充值->购买成功->获取到base64的收据->发送给游戏服务器进行验证->如果成功则算玩家充值成功下发充值结果
乍一看好像没有问题.也确实应该没问题.但是偏偏就有了问题.给你们看个神奇的base64收据.鬼知道怎么倒持出来的.骇客大神们饶命.
有几个账户.根据服务器的日志会看到这些人发送的请求.base64就不方便拿出来贴了.就贴出来结果
"D:\Program Files (x86)\JetBrains\WebStorm 140.2753\bin\runnerw.exe" "C:\Program Files\iojs\node.exe" main.js statusCode: 200 headers: { 'x-apple-jingle-correlation-key': 'L4AZATKFKDNN7WI2P3UEX3P3YY', pod: '2', 'x-apple-translated-wo-url': '/WebObjects/MZFinance.woa/wa/verifyReceipt', 'x-apple-orig-url': 'http://buy.itunes.apple.com/WebObjects/MZFinance.woa/wa/verifyReceipt', 'x-apple-application-site': 'ST11', 'edge-control': 'no-store, cache-maxage=0', date: 'Wed, 11 Mar 2015 06:03:14 GMT', 'set-cookie': [ 'itspod=2; version="1"; expires=Sat, 11-Apr-2015 06:03:14 GMT; path=/; domain=.apple.com', 'mzf_in=022393; version="1"; path=/WebObjects; domain=.apple.com; secure; HttpOnly', 'mzf_dr=0; version="1"; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/WebObjects; domain=.apple.com', 'ns-mzf-inst=36-60-80-109-96-8269-22393-2-st11; version=1; Max-Age=1800; path=/; domain=.apple.com; httponly', 'NSC_nagjobodf-bopo-qppm*0=ffffffff12a53a2d45525d5f4f58455e445a4a423660;path=/;secure;httponly' ], 'apple-timing-app': '9 ms', 'cache-control': 'private, no-cache, no-store, no-transform, must-revalidate, max-age=0', expires: 'Wed, 11 Mar 2015 06:03:14 GMT', 'x-apple-lokamai-no-cache': 'true', 'x-apple-application-instance': '22393', 'x-frame-options': 'SAMEORIGIN', itspod: '2', 'x-webobjects-loadaverage': '23', connection: 'keep-alive', 'content-length': '631' } {"status":0, "environment":"Production", "receipt":{"receipt_type":"Production", "adam_id":958813739, "app_item_id":958813739, "bundle_id":"com.tsgame.godlike", "application_version":"2.2", "download_id":80011053156383, "version_external_identifier":811584718, "request_date":"2015-03-11 06:03:14 Etc/GMT", "request_date_ms":"1426053794658", "request_date_pst":"2015-03-10 23:03:14 America/Los_Angeles", "original_purchase_date":"2015-03-07 18:22:23 Etc/GMT", "original_purchase_date_ms":"1425752543000", "original_purchase_date_pst":"2015-03-07 10:22:23 America/Los_Angeles", "original_application_version":"2.2", "in_app":[]}} Process finished with exit code 0这是这些不知道是不是故意的人发的base64.提交给itc之后返回的验证信息.
是的 status返回的是 0;
但是如果知道IOS6之后的新格式的人肯定会发现. In_App字段怎么没有.......
我也很奇怪.为啥没有呢.估计是什么先进技术吧...网路上面几乎所有的内购验证帖子都说返回0就ok了..但是我们这个情况.返回个0肯定是不能说明问题了.
"D:\Program Files (x86)\JetBrains\WebStorm 140.2753\bin\runnerw.exe" "C:\Program Files\iojs\node.exe" main.js statusCode: 200 headers: { 'x-apple-jingle-correlation-key': 'F6CPKDZP4ZVKJKKMOFLMRLY354', pod: '54', 'x-apple-translated-wo-url': '/WebObjects/MZFinance.woa/wa/verifyReceipt', 'x-apple-orig-url': 'http://buy.itunes.apple.com/WebObjects/MZFinance.woa/wa/verifyReceipt', 'x-apple-application-site': 'ST13', 'edge-control': 'no-store, cache-maxage=0', date: 'Wed, 11 Mar 2015 06:10:34 GMT', 'set-cookie': [ 'itspod=54; version="1"; expires=Sat, 11-Apr-2015 06:10:34 GMT; path=/; domain=.apple.com', 'mzf_in=542401; version="1"; path=/WebObjects; domain=.apple.com; secure; HttpOnly', 'mzf_dr=0; version="1"; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/WebObjects; domain=.apple.com', 'ns-mzf-inst=183-23-80-220-13-8162-542401-54-st13; version=1; Max-Age=1800; path=/; domain=.apple.com; httponly', 'NSC_nagjobodf-bopo-qppm*0=ffffffff12a5a90645525d5f4f58455e445a4a423660;path=/;secure;httponly' ], 'apple-timing-app': '9 ms', 'cache-control': 'private, no-cache, no-store, no-transform, must-revalidate, max-age=0', expires: 'Wed, 11 Mar 2015 06:10:34 GMT', 'x-apple-lokamai-no-cache': 'true', 'x-apple-application-instance': '542401', 'x-frame-options': 'SAMEORIGIN', itspod: '54', 'x-webobjects-loadaverage': '16', connection: 'keep-alive', 'content-length': '1099' } {"status":0, "environment":"Production", "receipt":{"receipt_type":"Production", "adam_id":958813739, "app_item_id":958813739, "bundle_id":"com.tsgame.godlike", "application_version":"2.2", "download_id":74004963679107, "version_external_identifier":811584718, "request_date":"2015-03-11 06:10:34 Etc/GMT", "request_date_ms":"1426054234103", "request_date_pst":"2015-03-10 23:10:34 America/Los_Angeles", "original_purchase_date":"2015-03-08 07:26:30 Etc/GMT", "original_purchase_date_ms":"1425799590000", "original_purchase_date_pst":"2015-03-07 23:26:30 America/Los_Angeles", "original_application_version":"2.2", "in_app":[ {"quantity":"1", "product_id":"Gifts1", "transaction_id":"340000061439445", "original_transaction_id":"340000061439445", "purchase_date":"2015-03-08 07:38:35 Etc/GMT", "purchase_date_ms":"1425800315000", "purchase_date_pst":"2015-03-07 23:38:35 America/Los_Angeles", "original_purchase_date":"2015-03-08 07:38:35 Etc/GMT", "original_purchase_date_ms":"1425800315000", "original_purchase_date_pst":"2015-03-07 23:38:35 America/Los_Angeles", "is_trial_period":"false"}]}} Process finished with exit code 0
"in_app" 这个才是关键所在. 我不知道为什么没有内购的账单会出现.这个真的很奇怪.
一般在不懂不明白的时候才会相信鬼神. 一般在不知道服务器怎么出现bug的时候才会去怪别人黑了我们. 如果是真有人黑.希望看到本篇的人呵呵了之.
如果知道是我们客户端那块写的不对了.出现这个万能state=0的结果的base64的收据.还望指点迷津.沙盒环境下测试过程中.根本就没有出现过这种没有in_app的收据.
看到本篇的大神们.有明白的.给个解释.~
IOS游戏上架 玩家iap充值 base64码发到苹果验证收据 返回值里面没有 in_app 段的奇怪问题.
标签:
原文地址:http://blog.csdn.net/spiritring/article/details/44197883