苹果IOS内购验单完整流程,in

// 收据格式处理val data = JsonObject()data.addProperty("receipt-data", receipt.replace(" ", "+"))val entity = StringEntity(data.toString())entity.setContentEncoding("UTF-8")entity.setContentType("application/json")// 发送苹果校验val request = if  HttpPost(PURCHASE_CALLBACK_APPSTORE) request.entity = entityval client = HttpClientBuilder.create().build()// 解析校验结果val response = JsonParser().parse(EntityUtils.toString(client.execute(request).entity, "UTF-8")).asJsonObjectclient.close()
if(response["status"].asInt==0){
val re = response["receipt"].asJsonObjectval inApp = re["in_app"].asJsonArray// 判定inApp是否为空 inApp为空认为订单无效if (inApp.size() == 0) return false// 循环验证inAPP内的购买收据inApp.forEach {                    // 判定productId是否符合项目中的内购IDval productId = it.asJsonObject["product_id"].asString// 项目中不存在该内购ID收据无效，跳过本次校验val product = mProductRepo.findByIapId(productId) ?: return@forEach// 判断transactionId是否验证过val transactionId = it.asJsonObject["transaction_id"].asStringval tradeLog = mTradeLogRepo.findByTransactionId(transactionId)// transactionId校验过，跳过本次校验if (tradeLog != null) return@forEachtry { // 购买异常处理// 购买逻辑，内部校验服务订单内的商品ID是否和购买收据内的ID匹配purchaseSuccess(number, product.id)// 记录验单结果，以便跟踪addTradeLog(userId, number, receipt, response.toString(), transactionId, 0)} catch (e: Exception) {// 记录内部校验失败的记录，以便跟踪addTradeLog(userId, number, receipt, response.toString(), transactionId, 1)return@forEach}}
}else{// 记录验证失败的收据mRedisRepo.put(RedisRepo.KeyType.REJECT_RECEIPT, number, receipt)
}

目前网上大部分内购验单是粗暴的检验收据是否通过苹果校验，容易产生恶意刷单和漏单的情况，本人开发过程中也踩了不少坑。总结了自己认为较为完善的内购验单流程，由于技术有限，流程仅供参考，内部方法，类之类的就不贴出来了，如果有遗漏或者错误的地方，欢迎指正。