首先这里硬编码的session_key和open_id是由客户端发出请求，得到code，然后后端通过接口调用得到的openid和对应desession_key.

var appsecret = “1234567890xxxxxxxxxxx”;

var session_key = “1234567890xxxxxxxxxxx”;

var openid =“1234567890xxxxxxxxxxx”;

var appid = “1234567890xxxxxxxxxxx”;

var offer_id =“1234567890xxxxxxxxxxx”;

var ts = parseInt(Date.now()/1000);

var zone_id = “1”;

var pf =  “android”;

var amt = 10;

var bill_no = “angus123”;

var misecret = “1234567890xxxxxxxxxxx”;  // 米大师密钥

var apiUrl = “/cgi-bin/midas/sandbox/pay?access_token=”;

var sig;

var mp_sig;

function makeSig(amt, appid, bill_no, offer_id, openid, pf, ts, zone_id, access_token, session_key) {

console.log(’-----------------begin to makeSig ---------------\n’);

var stringA = “”

stringA += “amt=” + amt + “&”;

stringA += “appid=” + appid + “&”;

stringA += “bill_no=” + bill_no + “&”;

stringA += “offer_id=” + offer_id + “&”;

stringA += “openid=” + openid + “&”;

stringA += “pf=” + pf + “&”;

stringA += “ts=” + ts + “&”;

stringA += “zone_id=” + zone_id;

console.log("---------stringA is:\n" + stringA);

var stringSignTemp = stringA + “&org_loc=”+ apiUrl + access_token + “&method=POST&secret=” + misecret;

console.log("---------stringSignTemp is :\n" + stringSignTemp);

var signer = cryptImp.createHmac(‘sha256’, misecret);

sig = signer.update(stringSignTemp).digest(‘hex’);

console.log("---------sig is:\n" + sig);

//-----------------------------------------------------

var stringB = “access_token=” + access_token + “&”;

stringB += “amt=” + amt + “&”;

stringB += “appid=” + appid + “&”;

stringB += “bill_no=” + bill_no + “&”;

stringB += “offer_id=” + offer_id + “&”;

stringB += “openid=” + openid + “&”;

stringB += “pf=” + pf + “&”;

stringB += “sig=” + sig + “&”;

stringB += “ts=” + ts + “&”;

stringB += “zone_id=” + zone_id;

console.log("-----------stringB is:\n" + stringB);

var stringSignTempB = stringB + “&org_loc=” + apiUrl + access_token + “&method=POST&session_key=” + session_key;

console.log("-----------stringSignTempB is:\n" + stringSignTempB);

var signer2 = cryptImp.createHmac(‘sha256’, session_key);

mp_sig = signer2.update(stringSignTempB).digest(‘hex’);

console.log("-----------mp_sig is :" + mp_sig);

};

const get_access_token_options = {

hostname: ‘api.weixin.qq.com’,

port: 443,

path: ‘/cgi-bin/token?grant_type=client_credential&appid=’+appid+’&secret=’+appsecret,

method: ‘GET’

};

const req = https.request(get_access_token_options, function (res) {

res.on(‘data’, function (d) {

var access_token = JSON.parse(d).access_token;  /*这里得到access_token*/

console.log("----------the access_token is : \n" + access_token);

{

makeSig(amt, appid, bill_no, offer_id, openid, pf, ts, zone_id, access_token, session_key);

post_sandbox_body = JSON.stringify({

“access_token”: access_token,

“amt”: amt,

“appid”: appid,

“bill_no”: bill_no,

“offer_id”: offer_id,

“openid”: openid,

“pf”: pf,

“ts”: ts,

“zone_id”: zone_id,

“sig”: sig,

“mp_sig”: mp_sig

});

const post_sandbox_options = {

hostname: ‘api.weixin.qq.com’,

port: 443,

path: ‘/cgi-bin/midas/sandbox/pay?access_token=’ + access_token,

method: ‘POST’,

headers: {

‘Content-Type’:‘application/octet-stream’,/* 使用application/json也出错 */

‘Content-Length’:Buffer.byteLength(post_sandbox_body),

}

};

console.log("---------post_sandbox_options is:"+JSON.stringify(post_sandbox_options));

console.log("---------post_sandbox_body is :"+ post_sandbox_body);

console.log("---------post_path is:" + post_sandbox_options.path);

var post_req = https.request(post_sandbox_options,function(res){

//res.setEncoding(‘utf8’);

var _data="";

res.on(‘data’,function(thunk){

_data+=thunk;

});

res.on(‘end’,function(){

console.log(JSON.parse(_data));

});

});

post_req.write(post_sandbox_body);

post_req.end();

}

});

});

req.on(‘error’, function (e) {

console.error(e);

});

req.end();

返回错误：

{ errcode: 90009,

  errmsg: ‘mp_sig error hint: [d5I4Fa05393037]’ }

请官方或者各路大神帮忙看看，是否由问题。

项目马上要收费了，迫在眉睫啊。

再次跪求，谢谢！