Patrick
/
wechat_hitxy
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
96 Commits
1 Branch
9.4MB
Tree: f321d24e15
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f321d24e15'
${ noResults }
wechat_hitxy/server.go

165 lines
4.4KB
Raw Blame History 

  1. package main

  2. 

  3. import (

  4. 	"crypto/sha1"

  5. 	"fmt"

  6. 	"io/ioutil"

  7. 	"log"

  8. 	"net/http"

  9. 	"net/http/httputil"

  10. 	"net/url"

  11. 	"sort"

  12. 	"strings"

  13. )

  14. 

  15. //apiV1Main  version 1 main entry for all wechat callbacks

  16. //

  17. func apiV1Main(w http.ResponseWriter, r *http.Request) {

  18. 	logRequestDebug(httputil.DumpRequest(r, true))

  19. 	if checkSignature(r) == false {

  20. 		log.Println("signature of URL incorrect")

  21. 		w.Header().Set("Content-Type", "text/xml; charset=utf-8")

  22. 		w.WriteHeader(http.StatusUnauthorized)

  23. 		fmt.Fprintf(w, "") //empty string

  24. 		return

  25. 	}

  26. 

  27. 	switch r.Method {

  28. 	case "POST":

  29. 		//answerWechatPostEcho(w, r)

  30. 		answerWechatPost(w, r)

  31. 	case "GET":

  32. 		answerInitialAuth(w, r)

  33. 	default:

  34. 		log.Fatalln(fmt.Sprintf("Unhandled HTTP %s", r.Method))

  35. 		fmt.Fprintf(w, "Protocol Error: Expect GET or POST only")

  36. 	}

  37. }

  38. 

  39. //

  40. //answerInitialAuth,  when wechat first verify our URL for API hooks

  41. //

  42. func answerInitialAuth(w http.ResponseWriter, r *http.Request) {

  43. 	rq := r.URL.RawQuery

  44. 	m, _ := url.ParseQuery(rq)

  45. 

  46. 	echostr, eok := m["echostr"]

  47. 	if checkSignature(r) && eok {

  48. 		fmt.Fprintf(w, echostr[0])

  49. 	} else {

  50. 		fmt.Fprintf(w, "wtf is wrong with the Internet")

  51. 	}

  52. }

  53. 

  54. //answerWechatPost  distribute PostRequest according to xml body info

  55. //

  56. func answerWechatPost(w http.ResponseWriter, r *http.Request) {

  57. 	body, _ := ioutil.ReadAll(r.Body)

  58. 	d := decryptToXML(string(body))

  59. 	fmt.Printf("decrypt as: %s\n", d)

  60. 	h := ReadCommonHeader(d)

  61. 	reply, _ := BuildTextMsg(h.MsgType, h.FromUserName)

  62. 	if h.MsgType == "voice" {

  63. 		a := ReadVoiceMsg(d)

  64. 		reply, _ = BuildTextMsg(a.Recognition, h.FromUserName)

  65. 	}

  66. 	if h.MsgType == "event" {

  67. 		a := ReadEventMsg(d)

  68. 		if a.Event == "LOCATION" {

  69. 			reply = BuildLocationMsg(0, 0, 0, h.FromUserName)

  70. 			fmt.Printf("output %s", reply)

  71. 		} else {

  72. 			reply, _ = BuildTextMsg(a.Event+"/"+a.EventKey, h.FromUserName)

  73. 		}

  74. 		//mediaID := "cU8BYvAEp3H25V-yGO3WBtMVk2bZcEBgf_kje7V-EPkRA_U4x-OAWb_ONg6Y-Qxt" //video

  75. 		//mediaID := "e2iNEiSxCX5TV1WbFd0TQPTdMx8WbvpkOs_iNhSVQHY" // 236 second mp3

  76. 		//mediaID := "e2iNEiSxCX5TV1WbFd0TQDVyk970GxTcBWMnqc2RzF0" //5 sec mp3

  77. 		//mediaID := "e2iNEiSxCX5TV1WbFd0TQMqvVrqFDbDOacdjgQ-OAuE" //news

  78. 		//reply = buildVideoMsg(h.FromUserName, mediaID, "标题", a.Event+"/"+a.EventKey)

  79. 

  80. 		//reply = buildUploadPicMsg(h.FromUserName, "media_for_test/640x480.jpg")

  81. 		//reply = buildUploadVoiceMsg(h.FromUserName, "media_for_test/music.mp3")

  82. 		//reply = buildVoiceMsg(h.FromUserName, mediaID)

  83. 		reply = buildSampleMusicMsg(h.FromUserName)

  84. 	}

  85. 	w.Header().Set("Content-Type", "text/xml; charset=utf-8")

  86. 	fmt.Fprint(w, reply)

  87. 	return

  88. }

  89. 

  90. func answerWechatPostEcho(w http.ResponseWriter, r *http.Request) {

  91. 	body, _ := ioutil.ReadAll(r.Body)

  92. 	//fmt.Printf("get body: %s", string(body))

  93. 	s := ReadEncryptedMsg(string(body))

  94. 	//fmt.Printf("to decrypt %s", s.Encrypt)

  95. 	d := Decode(s.Encrypt)

  96. 	fmt.Printf("echo as: \n%s", d)

  97. 

  98. 	e := strings.Replace(d, "ToUserName", "FDDD20170506xyzunique", 2)

  99. 	f := strings.Replace(e, "FromUserName", "ToUserName", 2)

  100. 	g := strings.Replace(f, "FDDD20170506xyzunique", "FromUserName", 2)

  101. 	fmt.Fprint(w, g)

  102. }

  103. 

  104. //

  105. func checkSignature(r *http.Request) bool {

  106. 	rq := r.URL.RawQuery

  107. 	m, _ := url.ParseQuery(rq)

  108. 

  109. 	signature, sok := m["signature"]

  110. 	timestamp, tok := m["timestamp"]

  111. 	nonce, nok := m["nonce"]

  112. 	token := APIConfig.Token

  113. 	if sok && tok && nok {

  114. 		//sort token, timestamp, nonce  and join them

  115. 		strs := []string{token, timestamp[0], nonce[0]}

  116. 		sort.Strings(strs)

  117. 		s := strings.Join(strs, "")

  118. 

  119. 		//calculate sha1

  120. 		h := sha1.New()

  121. 		h.Write([]byte(s))

  122. 		calculated := fmt.Sprintf("%x", h.Sum(nil))

  123. 		return signature[0] == calculated

  124. 	}

  125. 	return false

  126. }

  127. 

  128. func checkSignature1() bool {

  129. 	s1 := "e39de9f2e28079c01ebb4b803dfc3442b819545c"

  130. 	t1 := "1492970761"

  131. 	n1 := "1850971833"

  132. 	token := APIConfig.Token

  133. 

  134. 	strs := []string{token, t1, n1}

  135. 	sort.Strings(strs)

  136. 	s := strings.Join(strs, "")

  137. 

  138. 	h := sha1.New()

  139. 	h.Write([]byte(s))

  140. 	us := fmt.Sprintf("%x", h.Sum(nil))

  141. 	return s1 == us

  142. }

  143. 

  144. //webrootHandler sending contents to client when request "/"

  145. //      essentially to prove the webserver is still alive

  146. //      echo query string to the client

  147. func webrootHandler(w http.ResponseWriter, r *http.Request) {

  148. 	fmt.Fprintf(w, "Hi there, I love %s!", r.URL.Path[1:])

  149. 	rq := r.URL.RawQuery

  150. 	m, _ := url.ParseQuery(rq)

  151. 	for index, element := range m {

  152. 		fmt.Fprintf(w, "\n%s => %s", index, element)

  153. 	}

  154. 	logRequestDebug(httputil.DumpRequest(r, true))

  155. 

  156. }

  157. 

  158. func logRequestDebug(data []byte, err error) {

  159. 	if err == nil {

  160. 		fmt.Printf("%s\n\n", data)

  161. 	} else {

  162. 		log.Fatalf("%s\n\n", err)

  163. 	}

  164. }