user info avatar url now protected with signature.

crm_config.json

@@ -3,5 +3,5 @@
     "UserName": "wechat",
     "UserPass": "crmwechat.api",
     "AttachmentCache" : "/tmp/",
-    "CacheSiteURL": "http://wechat.hitxy.org.au/crmcache"
+    "CacheSiteURL": "http://192.168.1.39:65500/crmcache"
 }

crmcache.go

@@ -7,10 +7,12 @@ import (
 )
 
 func crmcache(w http.ResponseWriter, r *http.Request) {
-	// if !checkSignature(r) {
-	// 	w.WriteHeader(http.StatusUnauthorized)
-	// 	fmt.Fprintf(w, "Expired or invalid link")
-	// }
+	debugDumpHTTPRequest(r)
+	if !checkSignatureByToken(r, IntraAPIConfig.CRMSecrete) {
+		w.WriteHeader(http.StatusUnauthorized)
+		fmt.Fprintf(w, "Expired or invalid link")
+		return
+	}
 
 	v, err := url.ParseQuery(r.URL.RawQuery)
 	if err != nil {

procGetBasicUserInfo.go

@@ -61,7 +61,8 @@ func (m crmdLead) getBasicUserInfoPhoto() (ret sendNewsArticle) {
 	a.Description = ""
 	a.PicURL = m.avatarCacheURL()
 	a.Title = m.Name
-	a.URL = ""
+	a.URL = m.avatarCacheURL()
+	log.Println(a.URL)
 	return a
 }