package cn.huge.module.wechat.miniapp.controller; import cn.binarywang.wx.miniapp.bean.WxMaMessage; import cn.binarywang.wx.miniapp.constant.WxMaConstants; import cn.huge.module.wechat.miniapp.service.WeixinMaService; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.*; import java.util.Objects; /** * @title: 微信请求验证控制器 * @description: 微信请求验证控制器 * @company: hugeinfo * @author: liyj * @time: 2021/02/02 * @version: 1.0.0 **/ @RestController @RequestMapping("/wechat/ma/portal") public class WxMaPortalController { @Autowired private WeixinMaService wxService; private final Logger logger = LoggerFactory.getLogger(this.getClass()); @GetMapping("text/plain;charset=utf-8") public String authGet(@RequestParam(value = "signature", required = false) String signature, @RequestParam(value = "timestamp", required = false) String timestamp, @RequestParam(value = "nonce", required = false) String nonce, @RequestParam(value = "echostr", required = false) String echostr) { this.logger.info("\n接收到来自微信服务器的认证消息:[{}, {}, {}, {}]", signature, timestamp, nonce, echostr); if (StringUtils.isAnyBlank(signature, timestamp, nonce, echostr)) { throw new IllegalArgumentException("请求参数非法,请核实!"); } if (this.getWxService().checkSignature(timestamp, nonce, signature)) { return echostr; } return "非法请求"; } @PostMapping("application/xml; charset=UTF-8") public String post(@RequestBody String requestBody, @RequestParam(value = "signature") String signature, @RequestParam(value = "encrypt_type", required = false) String encType, @RequestParam(value = "msg_signature", required = false) String msgSignature, @RequestParam(value = "timestamp") String timestamp, @RequestParam(value = "nonce") String nonce) { this.logger.info( "\n接收微信请求:[signature=[{}], encType=[{}], msgSignature=[{}]," + " timestamp=[{}], nonce=[{}], requestBody=[\n{}\n] ", signature, encType, msgSignature, timestamp, nonce, requestBody); if (!this.wxService.checkSignature(timestamp, nonce, signature)) { throw new IllegalArgumentException("非法请求,可能属于伪造的请求!"); } final boolean isJson = Objects.equals(this.wxService.getWxMaConfig().getMsgDataFormat(), WxMaConstants.MsgDataFormat.JSON); if (StringUtils.isBlank(encType)) { // 明文传输的消息 WxMaMessage inMessage; if (isJson) { inMessage = WxMaMessage.fromJson(requestBody); } else {//xml inMessage = WxMaMessage.fromXml(requestBody); } this.wxService.route(inMessage); return "success"; } if ("aes".equals(encType)) { // 是aes加密的消息 WxMaMessage inMessage; if (isJson) { inMessage = WxMaMessage.fromEncryptedJson(requestBody, this.wxService.getWxMaConfig()); } else {//xml inMessage = WxMaMessage.fromEncryptedXml(requestBody, this.wxService.getWxMaConfig(), timestamp, nonce, msgSignature); } this.wxService.route(inMessage); return "success"; } throw new RuntimeException("不可识别的加密类型:" + encType); } protected WeixinMaService getWxService() { return this.wxService; } } /** * -------------------_ooOoo_------------------- * ------------------o8888888o------------------ * ------------------88" . "88------------------ * ------------------(| -_- |)------------------ * ------------------O\ = /O------------------ * ---------------____/`---'\____--------------- * -------------.' \\| |// `.------------- * ------------/ \\||| : |||// \------------ * -----------/ _||||| -:- |||||- \----------- * -----------| | \\\ - /// | |----------- * -----------| \_| ''\---/'' | |----------- * -----------\ .-\__ `-` ___/-. /----------- * ---------___`. .' /--.--\ `. . __---------- * ------."" '< `.___\_<|>_/___.' >'"".------- * -----| | : `- \`.;`\ _ /`;.`/ - ` : | |----- * -----\ \ `-. \_ __\ /__ _/ .-` / /----- * ======`-.____`-.___\_____/___.-`____.-'====== * -------------------`=---=' * ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * ---------佛祖保佑---hugeinfo---永无BUG---------- */