Skip to content

Releases: cloud2c/gopay

v1.5.121

26 May 09:36
@Xiphin Xiphin
v1.5.121
57c788b

Choose a tag to compare

View all tags
v1.5.121 Latest
Latest

Changelog

v1.5.121

Feat: Sync Alipay APIs from upstream

Added 4 new API modules with 25 new Alipay APIs:

  • Ad API (ad_api.go): Conversion data upload, ad report query, promotion page management, task ad query
  • Fee API (fee_api.go): Special fee rate application
  • Risk API (risk_api.go): Consumer complaint processing, marketing risk identification, industry risk identification, content risk detection
  • Subscription API (subscription_api.go): Product/price/customer/subscription CRUD operations

Chore: Replace import paths from go-pay to cloud2c

Updated all documentation examples to use github.com/cloud2c/gopay.

Full Changelog: v1.5.120...v1.5.121

Assets 2
Loading

v1.5.120

26 May 08:27
@Xiphin Xiphin
v1.5.120
30164b5

Choose a tag to compare

View all tags
v1.5.120

Changelog

v1.5.120

Feat: Add WithoutAES and Clone methods for Alipay V3 Client

Different Alipay APIs have different AES encryption requirements:

  • Face verification/OCR APIs require AES encryption for biz_content
  • Payment APIs (TradeCreate, TradePay, etc.) do NOT support content encryption, setting AES key causes parameter errors

Added thread-safe methods to handle mixed encryption scenarios:

  • WithoutAES(): Returns a new Client instance without AES encryption, original client unaffected
  • Clone(): Returns an independent Client copy without inheriting AES config

Usage

// Option A: Separate clients (recommended)
faceClient := alipay.NewClientV3(...).SetAESKey(aesKey)
payClient := alipay.NewClientV3(...)

// Option B: Thread-safe temporary switch
client.SetAESKey(aesKey)
client.FaceVerificationInitialize(...)
client.WithoutAES().TradeCreate(...)  // original client still has AES

Files Changed

  • alipay/v3/client.go

Full Changelog: v1.5.119...v1.5.120

Loading

v1.5.119

11 Apr 01:17
@Xiphin Xiphin
v1.5.119
f20bce1

Choose a tag to compare

View all tags
v1.5.119

Changelog

v1.5.119

Fix: Alipay V3 Signature Verification Failure with AES Encryption

When aesKey is set for content encryption, Alipay signs the ciphertext response, but the SDK was verifying the signature against the decrypted plaintext, causing crypto/rsa: verification error.

What Changed

  • client.go: Added rawBodyForSign field to preserve the original response body before decryption.
  • request.go: Save the raw ciphertext before AES decryption; removed dependency on the alipay-content-encrypt response header (some APIs return encrypted content without this header, causing decryption to be skipped).
  • sign.go: autoVerifySignByCert now uses the raw ciphertext for signature verification when AES encryption is enabled, instead of the decrypted plaintext.

Correct Verification Flow

Alipay returns: ciphertext body + signature (signed over ciphertext)
    ↓
doPost: save ciphertext → rawBodyForSign, decrypt → plaintext body
    ↓
autoVerifySignByCert: verify signature using rawBodyForSign (ciphertext) ✅
    ↓
API method: json.Unmarshal(plaintext body) to parse business data

Files Changed

  • alipay/v3/client.go
  • alipay/v3/request.go
  • alipay/v3/sign.go

Full Changelog: v1.5.118...v1.5.119

Loading

v1.5.118

09 Apr 04:09
@Xiphin Xiphin
v1.5.118
735eb3c

Choose a tag to compare

View all tags
v1.5.118

Changelog

v1.5.118

Refactor: Unified do* Method Signatures & Auto-Encryption

Breaking Change — All internal do* methods no longer accept authorization parameter; authorization is computed automatically.

Core Changes

  • doPost auto-encryption: When aesKey is set, doPost automatically encrypts the request body and signs the ciphertext (encrypt-then-sign). No need to call doPostWithEncrypt anymore.
  • Removed doPostWithEncrypt: Logic merged into doPost.
  • Unified authorization method: Merged authorizationWithEncryptBody into authorization with an encryptedBody parameter.
  • doProdPostFile fully internalized: File separation, data field encoding, and signing are now handled internally. Callers only pass the original BodyMap (including file fields) — no more tempFile/signMap boilerplate.

Method Signature Changes

Method Before After
doPost (ctx, bm, uri, authorization, aat) (ctx, bm, uri, aat)
doGet (ctx, uri, authorization, aat) (ctx, uri, aat)
doPatch (ctx, bm, uri, authorization, aat) (ctx, bm, uri, aat)
doPut (ctx, bm, uri, authorization, aat) (ctx, bm, uri, aat)
doDelete (ctx, bm, uri, authorization, aat) (ctx, bm, uri, aat)
doProdPostFile (ctx, bm, uri, authorization, aat) or (ctx, bm, uri, aat, signBm) (ctx, bm, uri, aat)

Files Changed

  • alipay/v3/request.godoPost auto-encryption; doProdPostFile internalized; removed doPostWithEncrypt
  • alipay/v3/sign.go — Unified authorization method
  • alipay/v3/face_verify_api.go — Removed all if/else encryption branches
  • 15 API files — Removed authorization declarations and parameter from do* calls
  • 5 file upload APIs — Removed tempFile/signMap/data boilerplate (~28 lines each)

Migration

No external API changes. All public method signatures remain the same. This is only an internal refactoring.

Full Changelog: https://github.com/cloud2c/gopay/commits/v1.5.118

Loading