Patrick
/
wechat_hitxy
關注 1
收藏 0
複製 0
程式碼 問題 0 合併請求 0 版本發佈 0 Wiki 活動
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
292 提交
1 分支
9.4MB
目錄樹: 8ab694dd19
分支列表 標籤
${ item.name }
建立分支 ${ searchTerm }
從 '8ab694dd19'
${ noResults }
wechat_hitxy/server.go

303 line
7.3KB
原始文件 Blame 歷史記錄 

  1. package main

  2. 

  3. import (

  4. 	"crypto/sha1"

  5. 	"fmt"

  6. 	"io"

  7. 	"io/ioutil"

  8. 	"log"

  9. 	"net/http"

  10. 	"net/http/httputil"

  11. 	"net/url"

  12. 	"os"

  13. 	"sort"

  14. 	"strconv"

  15. 	"strings"

  16. 	"time"

  17. )

  18. 

  19. //apiV1Main  version 1 main entry for all wechat callbacks

  20. //

  21. func apiV1Main(w http.ResponseWriter, r *http.Request) {

  22. 	logRequestDebug(httputil.DumpRequest(r, true))

  23. 	if checkSignature(r) == false {

  24. 		log.Println("signature of URL incorrect")

  25. 		w.Header().Set("Content-Type", "text/xml; charset=utf-8")

  26. 		w.WriteHeader(http.StatusUnauthorized)

  27. 		fmt.Fprintf(w, "") //empty string

  28. 		return

  29. 	}

  30. 

  31. 	switch r.Method {

  32. 	case "POST":

  33. 		//answerWechatPostEcho(w, r)

  34. 		answerWechatPost(w, r)

  35. 	case "GET":

  36. 		answerInitialAuth(w, r)

  37. 	default:

  38. 		log.Println(fmt.Sprintf("FATAL: Unhandled HTTP %s", r.Method))

  39. 		response404Handler(w)

  40. 		//fmt.Fprintf(w, "Protocol Error: Expect GET or POST only")

  41. 	}

  42. }

  43. 

  44. //

  45. //answerInitialAuth,  when wechat first verify our URL for API hooks

  46. //

  47. func answerInitialAuth(w http.ResponseWriter, r *http.Request) {

  48. 	rq := r.URL.RawQuery

  49. 	m, _ := url.ParseQuery(rq)

  50. 

  51. 	echostr, eok := m["echostr"]

  52. 	if checkSignature(r) && eok {

  53. 		fmt.Fprintf(w, echostr[0])

  54. 	} else {

  55. 		fmt.Fprintf(w, "wtf is wrong with the Internet")

  56. 	}

  57. }

  58. 

  59. //

  60. //answerWechatPost  distribute PostRequest according to xml body info

  61. func answerWechatPost(w http.ResponseWriter, r *http.Request) {

  62. 	in, valid := readWechatInput(r)

  63. 	reply := "" //nothing

  64. 	w.Header().Set("Content-Type", "text/xml; charset=utf-8")

  65. 

  66. 	if !valid {

  67. 		log.Println("Error:  Invalid Input ")

  68. 	} else {

  69. 		//put into user session based pipeline

  70. 		AllInMessage <- in

  71. 	}

  72. 

  73. 	//read instant response

  74. 	reply = <-in.instantResponse

  75. 	in.destroy()

  76. 	//uncomment the followin two lines to enable echo test

  77. 	// state, _ := echoCommand(in.header.FromUserName, in)

  78. 	// reply = state.response

  79. 	fmt.Fprint(w, reply)

  80. }

  81. 

  82. func readWechatInput(r *http.Request) (result InWechatMsg, valid bool) {

  83. 	body, err := ioutil.ReadAll(r.Body)

  84. 	if err != nil {

  85. 		log.Println(err)

  86. 		valid = false

  87. 		return

  88. 	}

  89. 	d := decryptToXML(string(body))

  90. 	if d == "" {

  91. 		log.Println("Cannot decode Message : \r\n" + string(body))

  92. 		valid = false

  93. 		return

  94. 	}

  95. 	valid = true

  96. 	fmt.Printf("decrypt as: %s\n", d)

  97. 	result.init()

  98. 	result.header = ReadCommonHeader(d)

  99. 	switch result.header.MsgType {

  100. 	case "text":

  101. 		result.body = ReadTextMsg(d)

  102. 	case "image":

  103. 		result.body = ReadPicMsg(d)

  104. 	case "voice":

  105. 		result.body = ReadVoiceMsg(d)

  106. 	case "video":

  107. 		result.body = ReadVideoMsg(d)

  108. 	case "shortvideo":

  109. 		result.body = ReadShortVideoMsg(d)

  110. 	case "location":

  111. 		result.body = ReadLocationMsg(d)

  112. 	case "link":

  113. 		result.body = ReadLinkMsg(d)

  114. 	case "event":

  115. 		result.body = ReadEventMsg(d)

  116. 	default:

  117. 		log.Println("Fatal: unknown incoming message type" + result.header.MsgType)

  118. 		valid = false

  119. 	}

  120. 	return

  121. }

  122. 

  123. func answerWechatPostEcho(w http.ResponseWriter, r *http.Request) {

  124. 	body, _ := ioutil.ReadAll(r.Body)

  125. 	//fmt.Printf("get body: %s", string(body))

  126. 	s := ReadEncryptedMsg(string(body))

  127. 	//fmt.Printf("to decrypt %s", s.Encrypt)

  128. 	d := Decode(s.Encrypt)

  129. 	fmt.Printf("echo as: \r\n%s", d)

  130. 

  131. 	e := strings.Replace(d, "ToUserName", "FDDD20170506xyzunique", 2)

  132. 	f := strings.Replace(e, "FromUserName", "ToUserName", 2)

  133. 	g := strings.Replace(f, "FDDD20170506xyzunique", "FromUserName", 2)

  134. 	fmt.Fprint(w, g)

  135. }

  136. 

  137. //

  138. func checkSignature(r *http.Request) bool {

  139. 	return checkSignatureByToken(r, APIConfig.Token)

  140. }

  141. 

  142. func checkSignatureByToken(r *http.Request, token string) bool {

  143. 	rq := r.URL.RawQuery

  144. 	m, _ := url.ParseQuery(rq)

  145. 

  146. 	signature, sok := m["signature"]

  147. 	timestamp, tok := m["timestamp"]

  148. 	nonce, nok := m["nonce"]

  149. 	token = strings.TrimSpace(token)

  150. 	if sok && tok && nok && token != "" {

  151. 		return verifySignature(signature[0], timestamp[0], nonce[0], token)

  152. 	}

  153. 	return false

  154. }

  155. 

  156. func checkCookieSignatureBytoken(r *http.Request, token string) bool {

  157. 	signature := ""

  158. 	nonce := ""

  159. 	timestamp := ""

  160. 	for _, c := range r.Cookies() {

  161. 		switch c.Name {

  162. 		case "signature":

  163. 			signature = c.Value

  164. 		case "nonce":

  165. 			nonce = c.Value

  166. 		case "timestamp":

  167. 			timestamp = c.Value

  168. 		}

  169. 	}

  170. 	if signature != "" && nonce != "" && timestamp != "" {

  171. 		return verifySignature(signature, timestamp, nonce, IntraAPIConfig.CRMSecrete)

  172. 	}

  173. 	return false

  174. }

  175. 

  176. func verifySignature(signature, timestamp, nonce, token string) bool {

  177. 	if timestampTooOldStr(timestamp) {

  178. 		return false

  179. 	}

  180. 	return signature == calculateSignature(timestamp, nonce, token)

  181. }

  182. 

  183. func calculateSignature(timestamp, nonce, token string) (signature string) {

  184. 	//sort token, timestamp, nonce  and join them

  185. 	strs := []string{token, timestamp, nonce}

  186. 	sort.Strings(strs)

  187. 	s := strings.Join(strs, "")

  188. 

  189. 	//calculate sha1

  190. 	h := sha1.New()

  191. 	h.Write([]byte(s))

  192. 	calculated := fmt.Sprintf("%x", h.Sum(nil))

  193. 	signature = calculated

  194. 	return

  195. }

  196. 

  197. func timestampTooOldStr(timestamp string) bool {

  198. 	ts, err := strconv.Atoi(timestamp)

  199. 	if err != nil {

  200. 		return true

  201. 	}

  202. 	return timestampTooOld(int32(ts))

  203. }

  204. 

  205. func timestampTooOld(ts int32) bool {

  206. 	//diff > 3min from now

  207. 	now := int32(time.Now().Unix())

  208. 	diff := now - ts

  209. 	if diff < 0 {

  210. 		diff = -diff

  211. 	}

  212. 	return diff > 180 //3 minutes, 180 seconds

  213. }

  214. 

  215. // func checkSignature1() bool {

  216. // 	s1 := "e39de9f2e28079c01ebb4b803dfc3442b819545c"

  217. // 	t1 := "1492970761"

  218. // 	n1 := "1850971833"

  219. // 	token := APIConfig.Token

  220. 

  221. // 	strs := []string{token, t1, n1}

  222. // 	sort.Strings(strs)

  223. // 	s := strings.Join(strs, "")

  224. 

  225. // 	h := sha1.New()

  226. // 	h.Write([]byte(s))

  227. // 	us := fmt.Sprintf("%x", h.Sum(nil))

  228. // 	return s1 == us

  229. // }

  230. 

  231. //webrootHandler sending contents to client when request "/"

  232. //      essentially to prove the webserver is still alive

  233. //      echo query string to the client

  234. func webrootHandler(w http.ResponseWriter, r *http.Request) {

  235. 	fmt.Fprintf(w, "Hi there, I love %s!", r.URL.Path[1:])

  236. 	rq := r.URL.RawQuery

  237. 	m, _ := url.ParseQuery(rq)

  238. 	for index, element := range m {

  239. 		fmt.Fprintf(w, "\n%s => %s", index, element)

  240. 	}

  241. 	logRequestDebug(httputil.DumpRequest(r, true))

  242. 

  243. }

  244. 

  245. func logRequestDebug(data []byte, err error) {

  246. 	if err == nil {

  247. 		fmt.Printf("%s\n\n", string(data))

  248. 	} else {

  249. 		log.Fatalf("%s\n\n", err)

  250. 	}

  251. }

  252. 

  253. //save uploaded 'file' into temporary location

  254. func uploadHandler(w http.ResponseWriter, r *http.Request) {

  255. 	r.ParseMultipartForm(32 << 20)           //32MB memory

  256. 	file, handler, err := r.FormFile("file") //form-field 'file'

  257. 	if err != nil {

  258. 		fmt.Println(err)

  259. 		return

  260. 	}

  261. 	defer file.Close()

  262. 	fmt.Fprintf(w, "%v", handler.Header)

  263. 	f, err := os.OpenFile("/tmp/wechat_hitxy_"+handler.Filename, os.O_WRONLY|os.O_CREATE, 0666)

  264. 	if err != nil {

  265. 		fmt.Println(err)

  266. 		return

  267. 	}

  268. 	defer f.Close()

  269. 	io.Copy(f, file)

  270. }

  271. 

  272. //when user requst an attachment from our server, we get the file from CRM server and reply it back

  273. //in this way, user has no 'direct-access' to the CRM server.

  274. func crmAttachmentHandler(w http.ResponseWriter, r *http.Request) {

  275. 	fileID := getCrmFileID(r.URL.Path)

  276. 	saveAs := CRMConfig.AttachmentCache + "crm_attach_" + fileID //add prefix for easy deleting

  277. 	if isFileExist(saveAs) {

  278. 		http.ServeFile(w, r, saveAs)

  279. 		return

  280. 	}

  281. 	if fileID == "" {

  282. 		log.Println("invalid fileID")

  283. 		response404Handler(w)

  284. 		return

  285. 	}

  286. 	log.Printf("download %s => %s", fileID, saveAs)

  287. 	crmDownloadAttachmentAs(fileID, saveAs)

  288. 	if !isFileExist(saveAs) {

  289. 		response404Handler(w)

  290. 		return

  291. 	}

  292. 	http.ServeFile(w, r, saveAs)

  293. }

  294. 

  295. func getCrmFileID(urlPath string) string {

  296. 	return strings.TrimPrefix(urlPath, "/crmfiles/")

  297. }

  298. 

  299. func response404Handler(w http.ResponseWriter) {

  300. 	w.WriteHeader(http.StatusNotFound)

  301. 	fmt.Fprintf(w, "not found")

  302. }