使用 Firebase 函数验证购买 [英] Verify a Purchase using Firebase Functions

问题描述

我想使用 Firebase 函数和 在我的应用中验证购买Purchases.products:获取但我不知道如何使用链接中的授权范围或如何在 Firebase Functions 中构建请求.这是我目前所拥有的:

I want to verify purchases in my app using Firebase Functions and Purchases.products: get But I don't know how to use the authorization Scope from the link or how to build the request in Firebase Functions. This is what I have so far:

const functions = require('firebase-functions');
const admin = require('firebase-admin');
const google = require("googleapis");
const publisher = google.androidpublisher('v2');
admin.initializeApp(functions.config().firebase);

exports.validatePurchases = functions.database
    .ref('/purchases/{uId}/{orderId}')
    .onWrite((event) => {
        const purchase = event.data.val();
        const token = purchase.token;
        const packageName = purchase.package_name;
        const sku = purchase.sku;
        const signature = purchase.signature;
        const uri = "https://www.googleapis.com/androidpublisher/v2/applications/" + packageName + "/purchases/products/" + sku + "/tokens/" + token;

        return TODO;
    });

我已经设置了几乎所有东西，但我的 JavaScript 知识非常有限，不知道如何构建请求并在 Firebase 函数中获取结果

I have setup mostly everything but my JavaScript knowledge is very limited and don't know how to build the Request and get the Result in Firebase Functions

推荐答案

我对 JavaScript 的了解不多，我对这个函数的了解部分来自我读过的所有内容，我将不胜感激，我知道还有空间改进，但它会进行验证.

I have not much knowledge with JavaScript, I got to this function partly guessing from all that I have read, I will appreciate corrections, I know there is room for improvement but it does the validation.

这是我用来验证购买的功能:

This is the function I'm using to validate my purchases:

const functions = require('firebase-functions');
const admin = require('firebase-admin');
const {google} = require("googleapis");
const publisher = google.androidpublisher('v2');
const authClient = new google.auth.JWT({
    email: 'Service Account Email',
    key: '-----BEGIN PRIVATE KEY-----
**********************************************************************************==
-----END PRIVATE KEY-----
',
    scopes: ['https://www.googleapis.com/auth/androidpublisher']
});
admin.initializeApp();

exports.validatePurchases = functions.database
    .ref('/purchases/{uId}/{orderId}')
    .onCreate((event, context) => {
        const purchase = event.val();
        if (purchase.is_processed === true) {
            console.log('Purchase already processed!, exiting');
            return null;
        }
        const orderId = context.params.orderId;
        const dbRoot = event.ref.root;
        const package_name = purchase.package_name;
        const sku = purchase.sku;
        const my_token = purchase.token;

        authClient.authorize((err, result) => {
            if (err) {
                console.log(err);
            }
            publisher.purchases.products.get({
                auth: authClient,
                packageName: package_name,
                productId: sku,
                token: my_token
            }, (err, response) => {
                if (err) {
                    console.log(err);
                }
                // Result Status must be equals to 200 so that the purchase is valid
                if (response.status === 200) {
                    return event.ref.child('is_validated').set(true);
                } else {
                    return event.ref.child('is_validated').set(false);
                }
            });
        });
        return null;
    });

更新:我刚刚发现使用 Promo Codes 时会失败，因为 Promo Codes 的 orderId 为空.

UPDATE: I just found out that when using Promo Codes this will fail as orderId is empty for Promo Codes.

使用承诺

return authClient.authorize()
        // authClient.authorize() returns a credentials Object
        .then(credentials => {
            return publisher.purchases.products.get({
                auth: authClient,
                packageName: packageName,
                productId: sku,
                token: token
            });
        })
        // publisher.purchases.products.get() Returns a axiosResponse object with Purchase data within and the status that should be enough for the validation
        .then(axiosResponse => {
                if (axiosResponse.status === 200 && axiosResponse.data.purchaseState === 0) {
                // Your purchase is valid, do your thing
                } else {
                    return event.ref.set(null);
                }
            })
            .catch(reason => {
                console.log(`Rejection Code: ${reason.code}`);
                console.log(`Rejection Message: ${reason.message}`);
                return event.ref.set(null);
            });

据我了解，axiosResponse.status === 200 应该足以验证购买，但请注意 axiosResponse.data 保存来自 购买 Schema$ProductPurchase 你可以在哪里检查购买的其他值.如果您使用许可测试"或促销代码"，我会觉得这很有趣.在此示例中，我使用 axiosResponse.data.purchaseState 来检查购买是否仍然有效(可能是不必要的......)

It is my understanding that axiosResponse.status === 200 should be enough for verifying a purchase, note however that axiosResponse.data holds the data from the purchase Schema$ProductPurchase where you can check other values from the Purchase. Which I find interesting if you are using "Licensing Testing" or "Promo Codes". In this sample I'm using axiosResponse.data.purchaseState to check that the purchase is still valid(maybe unnecesary...)

这篇关于使用 Firebase 函数验证购买的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！