[M-MEMBER-01] 实现 App Store JWS 交易验证与幂等会员发放 #346
Closed
opened 2026-06-24 20:48:10 +08:00 by wangdl
·
3 comments
Labels
Clear labels
adr
Area: adr
architecture
Area: architecture
area:activity
活动/统计
area:admin
管理后台
area:admin-api
area:ai
AI/RAG
area:ai-runtime
AI Runtime / AI 分析体系相关
area:analytics
area:api
API 接口
area:auth
认证与授权
area:cos
对象存储
area:database
数据库/Migration
area:import
文件导入/解析
area:knowledge
知识库/知识点
area:learning-info
area:learning-session
area:quiz
测验/自测
area:reading-event
area:reading-progress
area:review
复习系统
area:security
安全相关
audit
Area: audit
audit:api-admin-info
audit:api-info
audit:planned
已完成宏观规划,尚未代码审查
audit:reviewed
backend
Area: backend
billing
Area: billing
blocked-by:api-info-aggregation
blocked-by:api-info-core
blocked-by:api-info-ops
blocked-by:api-info-schema
blocked-by:processor
blocked-by:schema
compatibility
Area: compatibility
gate
Area: gate
infrastructure
Area: infrastructure
priority:p0
最高优先级,阻塞发布
priority:p1
高优先级,里程碑必需
priority:p2
中优先级,后续版本
prisma
Area: prisma
release
Area: release
repo:api
API 仓库 Issue
status:blocked
被阻塞
status:done
已完成
status:partial
status:todo
type:aggregation
type:bug
缺陷修复
type:design
设计
type:docs
文档
type:feature
新功能
type:migration
type:refactor
重构
type:test
work:admin-api
work:aggregation
work:api
work:artifact
题目/卡片产物
work:audit
work:circuit-breaker
熔断
work:contract
work:design
架构/协议设计工作
work:docs
work:export
work:extend-existing
work:internal-api
Runtime 内部接口
work:job
Job 调度相关
work:new-module
work:new-table
work:ops
work:query
work:quota
额度/限流
work:schema
Prisma Schema 设计
work:security
work:service
Service 层实现
work:snapshot
Snapshot 构建
work:test
Milestone
No items
No Milestone
M-MEMBER-01 会员订阅与权益闭环
Projects
Clear projects
No project
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: wangdl/api-server#346
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
类型 / 标签
backendapplesecuritytransaction依赖
M-MEMBER-01-03、M-MEMBER-01-04
目标
接收 iOS 上报的交易 JWS,服务端独立验证并原子投影会员权益。
模块
API
POST /membership/apple/transactions仅接受 signedTransactionInfo。客户端禁止提供 userId/isPremium/planCode/expiresAt/price/environment/productId 作为权威。
校验
JWS 签名、Bundle ID、Product ID allowlist、StoreProduct 映射、environment、appAccountToken 匹配、过期/撤销检查。
账号绑定
幂等
同一 transactionId → 返回已有结果,不重复创建。同一事务完成:Transaction + Grant + 校验。
非目标
验收标准
建议执行顺序
#5
开发完成评论
完成内容
1. AppStoreJwsVerifier
getExpectedBundleId()/getExpectedEnvironment()用于业务校验2. AppStoreTransactionService
submitTransaction()完整流程:3. POST /membership/apple/transactions
AppStoreMembershipController:仅接受{ signedTransactionInfo }{ transactionId, status: "created"|"existing" }修改文件
src/modules/membership/apple/app-store-jws-verifier.ts(新建)src/modules/membership/apple/app-store-transaction.service.ts(新建)src/modules/membership/apple/app-store-membership.controller.ts(新建)src/modules/membership/membership.module.ts(注册新增模块)代码证据
app-store-jws-verifier.ts:49-75:JWS 签名验证(x5c → PEM → JWK → jose verify)app-store-transaction.service.ts:72-145:submitTransaction 完整流程app-store-transaction.service.ts:161-167:Bundle ID 校验app-store-transaction.service.ts:169-174:Product ID allowlistapp-store-transaction.service.ts:183-192:appAccountToken 匹配app-store-transaction.service.ts:200-210:originalTransactionId 单用户归属测试情况
npx tsc --noEmit→ 0 errors ✅未完成 / 风险
是否建议进入 Review
B1 修复:完整 x5c 证书链验证
问题
旧实现从 JWS header 的 x5c[0] 提取叶子证书并直接用于签名验证,不检查证书是否由 Apple 根 CA 签发。攻击者可自签名证书伪造交易 JWS 获取 Premium。
修复
新增
verifyCertificateChain()方法,四步验证:child.verify(parent.publicKey))预置根证书:Apple Root CA - G3(EC P-384, valid 2014-2039),来源 https://www.apple.com/certificateauthority/
攻击场景验证
x5c root certificate is not a trusted Apple CA✅certificate expired✅Certificate chain broken✅验证
npx tsc --noEmit→ 0 errors ✅N1-N5 修复
N1:幂等检查移入事务 + P2002 catch
findUnique预检查create抛 P2002 → catch → 重新查询 → 返回{ status: "existing" }N2:Environment 匹配配置预期
validateEnvironment()现在调用getExpectedEnvironment()Environment mismatchN3:Product ID 查 StoreProduct 表
validateProductId()改为异步查询StoreProduct表N4:timingSafeEqual 防时序攻击
validateAppAccountToken()使用crypto.timingSafeEqualN5:rawPayloadHash 输入注释
验证
npx tsc --noEmit→ 0 errors ✅