Merge remote-tracking branch 'origin/master'

2 months ago · 3c08f6eb45
4 changed files with 64 additions and 2 deletions
--- a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/weixin/WeChatController.java
+++ b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/weixin/WeChatController.java
@ -1,11 +1,14 @@
 package cn.iocoder.yudao.module.system.controller.admin.weixin;

+import cn.iocoder.yudao.module.system.service.weixin.TokenValidatorService;
 import cn.iocoder.yudao.module.system.service.weixin.WeChatService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;

+import javax.annotation.Resource;
 import javax.annotation.security.PermitAll;

@RestController
@ -13,9 +16,15 @@ import javax.annotation.security.PermitAll;
@PermitAll
 public class WeChatController {

-    @Autowired
+    @Resource
    private WeChatService weChatService;

+    @Resource
+    private TokenValidatorService tokenValidatorService;
+
+
+    private static final String TOKEN = "hbts";
+
    @GetMapping("/send")
    @PermitAll
    public String sendMessage() {
@ -30,4 +39,18 @@ public class WeChatController {
            return "Failed to send message";
        }
    }
+
+
+
+    @GetMapping("/push")
+    @PermitAll
+    public String validate(@RequestParam("signature") String signature,
+                           @RequestParam("timestamp") String timestamp,
+                           @RequestParam("nonce") String nonce,
+                           @RequestParam("echostr") String echostr) {
+        if (tokenValidatorService.validateToken(TOKEN, signature, timestamp, nonce)) {
+            return echostr;
+        }
+        return "";
+    }
 }
--- a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/service/weixin/TokenValidatorService.java
+++ b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/service/weixin/TokenValidatorService.java
@ -0,0 +1,38 @@
+package cn.iocoder.yudao.module.system.service.weixin;
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Arrays;
+public class TokenValidatorService {
+    public static boolean validateToken(String token, String signature, String timestamp, String nonce) {
+        String[] arr = new String[]{token, timestamp, nonce};
+        // 对 token、timestamp 和 nonce 按字典序排序
+        Arrays.sort(arr);
+        StringBuilder content = new StringBuilder();
+        for (String s : arr) {
+            content.append(s);
+        }
+        String tempStr = sha1Encode(content.toString());
+        // 将加密后的字符串与 signature 进行对比
+        return tempStr!= null && tempStr.equals(signature);
+    }
+    private static String sha1Encode(String str) {
+        try {
+            MessageDigest digest = MessageDigest.getInstance("SHA-1");
+            digest.update(str.getBytes());
+            byte[] bytes = digest.digest();
+            StringBuilder hexStr = new StringBuilder();
+            for (byte b : bytes) {
+                String hex = Integer.toHexString(0xFF & b);
+                if (hex.length() == 1) {
+                    hexStr.append('0');
+                }
+                hexStr.append(hex);
+            }
+            return hexStr.toString();
+        } catch (NoSuchAlgorithmException e) {
+            e.printStackTrace();
+        }
+        return null;
+    }
+}
--- a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/service/weixin/WeChatService.java
+++ b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/service/weixin/WeChatService.java
@ -47,7 +47,7 @@ public class WeChatService {
        ObjectNode data = objectMapper.createObjectNode();
        data.put("touser", openId); // 用户的 OpenID
        data.put("template_id", templateId); // 订阅消息模板 ID
-        data.put("page", "pages/index/index"); // 点击消息跳转的小程序页面
+        data.put("page", "/sub/common/waiting"); // 点击消息跳转的小程序页面
        data.put("data", objectMapper.createObjectNode()
                .put("thing1", objectMapper.createObjectNode().put("value", "Hello, World!"))
                .at("thing2"));
--- a/yudao-server/src/main/resources/application.yaml
+++ b/yudao-server/src/main/resources/application.yaml
@ -259,6 +259,7 @@ yudao:
      - /admin-api/pay/notify/** # 支付回调通知，不携带租户编号
      - /jmreport/* # 积木报表，无法携带租户编号
      - /admin-api/mp/open/** # 微信公众号开放平台，微信回调接口，无法携带租户编号
+      - /admin-api/system/wechat/**
    ignore-tables:
      - system_tenant
      - system_tenant_package