IAP 对 Receipt 做验证

苹果官方文档对 store receipt 的介绍，根据我在sandbox 下面做的测试，基本符合~

我也觉得挺奇怪的，叫工作室负责内购这块的伙计把 iap 防护做一做，

他说 receipt 的键是变动的，然后就没弄了，当时我也没太在意。

但后来我一想这么马虎了事真心不行，国内破解猖獗，游戏被破解的话不就相当于撒钱么？

而且如果不做处理，当前的 iap free 十有八九是秒内购压力一点儿都不大~

相关链接：https://developer.apple.com/library/ios/#documentation/NetworkingInternet/Conceptual/StoreKitGuide/VerifyingStoreReceipts/VerifyingStoreReceipts.html#//apple_ref/doc/uid/TP40008267-CH104-SW1

原文如下：

The Store Receipt

The receipt data you send to the App Store encodes information about the transaction. When the App Store validates a receipt, the data stored in the receipt data are decoded and returned in the receipt key of the response. The receipt response is a JSON dictionary that includes all of the information returned to your application in theSKPaymentTransaction object. Your server can query these fields to retrieve the details of the purchase. Apple recommends that you send only the receipt data to your server and use receipt validation to retrieve the purchase details. Because the App Store verifies that the receipt data has not been tampered with, retrieving this information from the response is more secure than transmitting both receipt data and the transaction data to your server.

Table 5-1 provides a list of keys that you may use to retrieve information about the purchase. Many of these keys match properties on the SKPaymentTransaction class. All keys not specified in Table 5-1 are reserved for Apple.

Note: Some keys vary depending on whether your application is connected to the App Store or the sandbox testing environment. For more information on the sandbox, see “Testing a Store.”

Table 5-1  Purchase info keys

Key	Description
quantity	The number of items purchased. This value corresponds to the quantity property of the SKPayment object stored in the transaction’s payment property.
product_id	The product identifier of the item that was purchased. This value corresponds to the productIdentifier property of theSKPayment object stored in the transaction’s payment property.
transaction_id	The transaction identifier of the item that was purchased. This value corresponds to the transaction’s transactionIdentifierproperty.
purchase_date	The date and time this transaction occurred. This value corresponds to the transaction’s transactionDate property.
original_transaction_id	For a transaction that restores a previous transaction, this holds the original transaction identifier.
original_purchase_date	For a transaction that restores a previous transaction, this holds the original purchase date.
app_item_id	A string that the App Store uses to uniquely identify the application that created the payment transaction. If your server supports multiple applications, you can use this value to differentiate between them. Applications that are executing in the sandbox do not yet have an app-item-id assigned to them, so this key is missing from receipts created by the sandbox.
version_external_identifier	An arbitrary number that uniquely identifies a revision of your application. This key is missing in receipts created by the sandbox.
bid	The bundle identifier for the application.
bvrs	A version number for the application.