diff --git a/mini_program.iml b/mini_program.iml index 1833589..65b528b 100644 --- a/mini_program.iml +++ b/mini_program.iml @@ -1,10 +1,8 @@ - + - - diff --git a/pom.xml b/pom.xml index f3dde24..359a5c1 100644 --- a/pom.xml +++ b/pom.xml @@ -24,6 +24,12 @@ + + + commons-codec + commons-codec + 1.9 + org.springframework.boot diff --git a/src/main/java/com/example/mini_program/aes/AesException.java b/src/main/java/com/example/mini_program/aes/AesException.java new file mode 100644 index 0000000..865a8e0 --- /dev/null +++ b/src/main/java/com/example/mini_program/aes/AesException.java @@ -0,0 +1,59 @@ +package com.example.mini_program.aes; + +@SuppressWarnings("serial") +public class AesException extends Exception { + + public final static int OK = 0; + public final static int ValidateSignatureError = -40001; + public final static int ParseXmlError = -40002; + public final static int ComputeSignatureError = -40003; + public final static int IllegalAesKey = -40004; + public final static int ValidateCorpidError = -40005; + public final static int EncryptAESError = -40006; + public final static int DecryptAESError = -40007; + public final static int IllegalBuffer = -40008; + //public final static int EncodeBase64Error = -40009; + //public final static int DecodeBase64Error = -40010; + //public final static int GenReturnXmlError = -40011; + + private int code; + + private static String getMessage(int code) { + switch (code) { + case ValidateSignatureError: + return "签名验证错误"; + case ParseXmlError: + return "xml解析失败"; + case ComputeSignatureError: + return "sha加密生成签名失败"; + case IllegalAesKey: + return "SymmetricKey非法"; + case ValidateCorpidError: + return "corpid校验失败"; + case EncryptAESError: + return "aes加密失败"; + case DecryptAESError: + return "aes解密失败"; + case IllegalBuffer: + return "解密后得到的buffer非法"; +// case EncodeBase64Error: +// return "base64加密错误"; +// case DecodeBase64Error: +// return "base64解密错误"; +// case GenReturnXmlError: +// return "xml生成失败"; + default: + return null; // cannot be + } + } + + public int getCode() { + return code; + } + + AesException(int code) { + super(getMessage(code)); + this.code = code; + } + +} diff --git a/src/main/java/com/example/mini_program/aes/ByteGroup.java b/src/main/java/com/example/mini_program/aes/ByteGroup.java new file mode 100644 index 0000000..3b200b1 --- /dev/null +++ b/src/main/java/com/example/mini_program/aes/ByteGroup.java @@ -0,0 +1,26 @@ +package com.example.mini_program.aes; + +import java.util.ArrayList; + +class ByteGroup { + ArrayList byteContainer = new ArrayList(); + + public byte[] toBytes() { + byte[] bytes = new byte[byteContainer.size()]; + for (int i = 0; i < byteContainer.size(); i++) { + bytes[i] = byteContainer.get(i); + } + return bytes; + } + + public ByteGroup addBytes(byte[] bytes) { + for (byte b : bytes) { + byteContainer.add(b); + } + return this; + } + + public int size() { + return byteContainer.size(); + } +} diff --git a/src/main/java/com/example/mini_program/aes/PKCS7Encoder.java b/src/main/java/com/example/mini_program/aes/PKCS7Encoder.java new file mode 100644 index 0000000..acb7f7d --- /dev/null +++ b/src/main/java/com/example/mini_program/aes/PKCS7Encoder.java @@ -0,0 +1,67 @@ +/** + * 对企业微信发送给企业后台的消息加解密示例代码. + * + * @copyright Copyright (c) 1998-2014 Tencent Inc. + */ + +// ------------------------------------------------------------------------ + +package com.example.mini_program.aes; + +import java.nio.charset.Charset; +import java.util.Arrays; + +/** + * 提供基于PKCS7算法的加解密接口. + */ +class PKCS7Encoder { + static Charset CHARSET = Charset.forName("utf-8"); + static int BLOCK_SIZE = 32; + + /** + * 获得对明文进行补位填充的字节. + * + * @param count 需要进行填充补位操作的明文字节个数 + * @return 补齐用的字节数组 + */ + static byte[] encode(int count) { + // 计算需要填充的位数 + int amountToPad = BLOCK_SIZE - (count % BLOCK_SIZE); + if (amountToPad == 0) { + amountToPad = BLOCK_SIZE; + } + // 获得补位所用的字符 + char padChr = chr(amountToPad); + String tmp = new String(); + for (int index = 0; index < amountToPad; index++) { + tmp += padChr; + } + return tmp.getBytes(CHARSET); + } + + /** + * 删除解密后明文的补位字符 + * + * @param decrypted 解密后的明文 + * @return 删除补位字符后的明文 + */ + static byte[] decode(byte[] decrypted) { + int pad = (int) decrypted[decrypted.length - 1]; + if (pad < 1 || pad > 32) { + pad = 0; + } + return Arrays.copyOfRange(decrypted, 0, decrypted.length - pad); + } + + /** + * 将数字转化成ASCII码对应的字符,用于对明文进行补码 + * + * @param a 需要转化的数字 + * @return 转化得到的字符 + */ + static char chr(int a) { + byte target = (byte) (a & 0xFF); + return (char) target; + } + +} diff --git a/src/main/java/com/example/mini_program/aes/SHA1.java b/src/main/java/com/example/mini_program/aes/SHA1.java new file mode 100644 index 0000000..6171dc8 --- /dev/null +++ b/src/main/java/com/example/mini_program/aes/SHA1.java @@ -0,0 +1,61 @@ +/** + * 对企业微信发送给企业后台的消息加解密示例代码. + * + * @copyright Copyright (c) 1998-2014 Tencent Inc. + */ + +// ------------------------------------------------------------------------ + +package com.example.mini_program.aes; + +import java.security.MessageDigest; +import java.util.Arrays; + +/** + * SHA1 class + * + * 计算消息签名接口. + */ +class SHA1 { + + /** + * 用SHA1算法生成安全签名 + * @param token 票据 + * @param timestamp 时间戳 + * @param nonce 随机字符串 + * @param encrypt 密文 + * @return 安全签名 + * @throws AesException + */ + public static String getSHA1(String token, String timestamp, String nonce, String encrypt) throws AesException + { + try { + String[] array = new String[] { token, timestamp, nonce, encrypt }; + StringBuffer sb = new StringBuffer(); + // 字符串排序 + Arrays.sort(array); + for (int i = 0; i < 4; i++) { + sb.append(array[i]); + } + String str = sb.toString(); + // SHA1签名生成 + MessageDigest md = MessageDigest.getInstance("SHA-1"); + md.update(str.getBytes()); + byte[] digest = md.digest(); + + StringBuffer hexstr = new StringBuffer(); + String shaHex = ""; + for (int i = 0; i < digest.length; i++) { + shaHex = Integer.toHexString(digest[i] & 0xFF); + if (shaHex.length() < 2) { + hexstr.append(0); + } + hexstr.append(shaHex); + } + return hexstr.toString(); + } catch (Exception e) { + e.printStackTrace(); + throw new AesException(AesException.ComputeSignatureError); + } + } +} diff --git a/src/main/java/com/example/mini_program/aes/WXBizMsgCrypt.java b/src/main/java/com/example/mini_program/aes/WXBizMsgCrypt.java new file mode 100644 index 0000000..f453b71 --- /dev/null +++ b/src/main/java/com/example/mini_program/aes/WXBizMsgCrypt.java @@ -0,0 +1,288 @@ +/** + * 对企业微信发送给企业后台的消息加解密示例代码. + * + * @copyright Copyright (c) 1998-2014 Tencent Inc. + */ + +// ------------------------------------------------------------------------ + +/** + * 针对org.apache.commons.codec.binary.Base64, + * 需要导入架包commons-codec-1.9(或commons-codec-1.8等其他版本) + * 官方下载地址:http://commons.apache.org/proper/commons-codec/download_codec.cgi + */ +package com.example.mini_program.aes; + +import org.apache.commons.codec.binary.Base64; + +import javax.crypto.Cipher; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.SecretKeySpec; +import java.nio.charset.Charset; +import java.util.Arrays; +import java.util.Random; + +/** + * 提供接收和推送给企业微信消息的加解密接口(UTF8编码的字符串). + *
    + *
  1. 第三方回复加密消息给企业微信
    2. + *
  2. 第三方收到企业微信发送的消息,验证消息的安全性,并对消息进行解密。
    3. + *
+ * 说明:异常java.security.InvalidKeyException:illegal Key Size的解决方案 + *
    + *
  1. 在官方网站下载JCE无限制权限策略文件(JDK7的下载地址: + * http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
    2. + *
  2. 下载后解压,可以看到local_policy.jar和US_export_policy.jar以及readme.txt
    3. + *
  3. 如果安装了JRE,将两个jar文件放到%JRE_HOME%\lib\security目录下覆盖原来的文件
    4. + *
  4. 如果安装了JDK,将两个jar文件放到%JDK_HOME%\jre\lib\security目录下覆盖原来文件
    5. + *
+ */ +public class WXBizMsgCrypt { + static Charset CHARSET = Charset.forName("utf-8"); + Base64 base64 = new Base64(); + byte[] aesKey; + String token; + String receiveid; + + /** + * 构造函数 + * @param token 企业微信后台,开发者设置的token + * @param encodingAesKey 企业微信后台,开发者设置的EncodingAESKey + * @param receiveid, 不同场景含义不同,详见文档 + * + * @throws AesException 执行失败,请查看该异常的错误码和具体的错误信息 + */ + public WXBizMsgCrypt(String token, String encodingAesKey, String receiveid) throws AesException { + if (encodingAesKey.length() != 43) { + throw new AesException(AesException.IllegalAesKey); + } + + this.token = token; + this.receiveid = receiveid; + aesKey = Base64.decodeBase64(encodingAesKey + "="); + } + + // 生成4个字节的网络字节序 + byte[] getNetworkBytesOrder(int sourceNumber) { + byte[] orderBytes = new byte[4]; + orderBytes[3] = (byte) (sourceNumber & 0xFF); + orderBytes[2] = (byte) (sourceNumber >> 8 & 0xFF); + orderBytes[1] = (byte) (sourceNumber >> 16 & 0xFF); + orderBytes[0] = (byte) (sourceNumber >> 24 & 0xFF); + return orderBytes; + } + + // 还原4个字节的网络字节序 + int recoverNetworkBytesOrder(byte[] orderBytes) { + int sourceNumber = 0; + for (int i = 0; i < 4; i++) { + sourceNumber <<= 8; + sourceNumber |= orderBytes[i] & 0xff; + } + return sourceNumber; + } + + // 随机生成16位字符串 + String getRandomStr() { + String base = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; + Random random = new Random(); + StringBuffer sb = new StringBuffer(); + for (int i = 0; i < 16; i++) { + int number = random.nextInt(base.length()); + sb.append(base.charAt(number)); + } + return sb.toString(); + } + + /** + * 对明文进行加密. + * + * @param text 需要加密的明文 + * @return 加密后base64编码的字符串 + * @throws AesException aes加密失败 + */ + String encrypt(String randomStr, String text) throws AesException { + ByteGroup byteCollector = new ByteGroup(); + byte[] randomStrBytes = randomStr.getBytes(CHARSET); + byte[] textBytes = text.getBytes(CHARSET); + byte[] networkBytesOrder = getNetworkBytesOrder(textBytes.length); + byte[] receiveidBytes = receiveid.getBytes(CHARSET); + + // randomStr + networkBytesOrder + text + receiveid + byteCollector.addBytes(randomStrBytes); + byteCollector.addBytes(networkBytesOrder); + byteCollector.addBytes(textBytes); + byteCollector.addBytes(receiveidBytes); + + // ... + pad: 使用自定义的填充方式对明文进行补位填充 + byte[] padBytes = PKCS7Encoder.encode(byteCollector.size()); + byteCollector.addBytes(padBytes); + + // 获得最终的字节流, 未加密 + byte[] unencrypted = byteCollector.toBytes(); + + try { + // 设置加密模式为AES的CBC模式 + Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding"); + SecretKeySpec keySpec = new SecretKeySpec(aesKey, "AES"); + IvParameterSpec iv = new IvParameterSpec(aesKey, 0, 16); + cipher.init(Cipher.ENCRYPT_MODE, keySpec, iv); + + // 加密 + byte[] encrypted = cipher.doFinal(unencrypted); + + // 使用BASE64对加密后的字符串进行编码 + String base64Encrypted = base64.encodeToString(encrypted); + + return base64Encrypted; + } catch (Exception e) { + e.printStackTrace(); + throw new AesException(AesException.EncryptAESError); + } + } + + /** + * 对密文进行解密. + * + * @param text 需要解密的密文 + * @return 解密得到的明文 + * @throws AesException aes解密失败 + */ + String decrypt(String text) throws AesException { + byte[] original; + try { + // 设置解密模式为AES的CBC模式 + Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding"); + SecretKeySpec key_spec = new SecretKeySpec(aesKey, "AES"); + IvParameterSpec iv = new IvParameterSpec(Arrays.copyOfRange(aesKey, 0, 16)); + cipher.init(Cipher.DECRYPT_MODE, key_spec, iv); + + // 使用BASE64对密文进行解码 + byte[] encrypted = Base64.decodeBase64(text); + + // 解密 + original = cipher.doFinal(encrypted); + } catch (Exception e) { + e.printStackTrace(); + throw new AesException(AesException.DecryptAESError); + } + + String xmlContent, from_receiveid; + try { + // 去除补位字符 + byte[] bytes = PKCS7Encoder.decode(original); + + // 分离16位随机字符串,网络字节序和receiveid + byte[] networkOrder = Arrays.copyOfRange(bytes, 16, 20); + + int xmlLength = recoverNetworkBytesOrder(networkOrder); + + xmlContent = new String(Arrays.copyOfRange(bytes, 20, 20 + xmlLength), CHARSET); + from_receiveid = new String(Arrays.copyOfRange(bytes, 20 + xmlLength, bytes.length), + CHARSET); + } catch (Exception e) { + e.printStackTrace(); + throw new AesException(AesException.IllegalBuffer); + } + + // receiveid不相同的情况 + if (!from_receiveid.equals(receiveid)) { + throw new AesException(AesException.ValidateCorpidError); + } + return xmlContent; + + } + + /** + * 将企业微信回复用户的消息加密打包. + *
    + *
  1. 对要发送的消息进行AES-CBC加密
    2. + *
  2. 生成安全签名
    3. + *
  3. 将消息密文和安全签名打包成xml格式
    4. + *
+ * + * @param replyMsg 企业微信待回复用户的消息,xml格式的字符串 + * @param timeStamp 时间戳,可以自己生成,也可以用URL参数的timestamp + * @param nonce 随机串,可以自己生成,也可以用URL参数的nonce + * + * @return 加密后的可以直接回复用户的密文,包括msg_signature, timestamp, nonce, encrypt的xml格式的字符串 + * @throws AesException 执行失败,请查看该异常的错误码和具体的错误信息 + */ + public String EncryptMsg(String replyMsg, String timeStamp, String nonce) throws AesException { + // 加密 + String encrypt = encrypt(getRandomStr(), replyMsg); + + // 生成安全签名 + if (timeStamp == "") { + timeStamp = Long.toString(System.currentTimeMillis()); + } + + String signature = SHA1.getSHA1(token, timeStamp, nonce, encrypt); + + // System.out.println("发送给平台的签名是: " + signature[1].toString()); + // 生成发送的xml + String result = XMLParse.generate(encrypt, signature, timeStamp, nonce); + return result; + } + + /** + * 检验消息的真实性,并且获取解密后的明文. + *
    + *
  1. 利用收到的密文生成安全签名,进行签名验证
    2. + *
  2. 若验证通过,则提取xml中的加密消息
    3. + *
  3. 对消息进行解密
    4. + *
+ * + * @param msgSignature 签名串,对应URL参数的msg_signature + * @param timeStamp 时间戳,对应URL参数的timestamp + * @param nonce 随机串,对应URL参数的nonce + * @param postData 密文,对应POST请求的数据 + * + * @return 解密后的原文 + * @throws AesException 执行失败,请查看该异常的错误码和具体的错误信息 + */ + public String DecryptMsg(String msgSignature, String timeStamp, String nonce, String postData) + throws AesException { + + // 密钥,公众账号的app secret + // 提取密文 + Object[] encrypt = XMLParse.extract(postData); + + // 验证安全签名 + String signature = SHA1.getSHA1(token, timeStamp, nonce, encrypt[1].toString()); + + // 和URL中的签名比较是否相等 + // System.out.println("第三方收到URL中的签名:" + msg_sign); + // System.out.println("第三方校验签名:" + signature); + if (!signature.equals(msgSignature)) { + throw new AesException(AesException.ValidateSignatureError); + } + + // 解密 + String result = decrypt(encrypt[1].toString()); + return result; + } + + /** + * 验证URL + * @param msgSignature 签名串,对应URL参数的msg_signature + * @param timeStamp 时间戳,对应URL参数的timestamp + * @param nonce 随机串,对应URL参数的nonce + * @param echoStr 随机串,对应URL参数的echostr + * + * @return 解密之后的echostr + * @throws AesException 执行失败,请查看该异常的错误码和具体的错误信息 + */ + public String VerifyURL(String msgSignature, String timeStamp, String nonce, String echoStr) + throws AesException { + String signature = SHA1.getSHA1(token, timeStamp, nonce, echoStr); + + if (!signature.equals(msgSignature)) { + throw new AesException(AesException.ValidateSignatureError); + } + + String result = decrypt(echoStr); + return result; + } + +} \ No newline at end of file diff --git a/src/main/java/com/example/mini_program/aes/XMLParse.java b/src/main/java/com/example/mini_program/aes/XMLParse.java new file mode 100644 index 0000000..6821dfc --- /dev/null +++ b/src/main/java/com/example/mini_program/aes/XMLParse.java @@ -0,0 +1,103 @@ +/** + * 对企业微信发送给企业后台的消息加解密示例代码. + * + * @copyright Copyright (c) 1998-2014 Tencent Inc. + */ + +// ------------------------------------------------------------------------ + +package com.example.mini_program.aes; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.NodeList; +import org.xml.sax.InputSource; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import java.io.StringReader; + +/** + * XMLParse class + * + * 提供提取消息格式中的密文及生成回复消息格式的接口. + */ +class XMLParse { + + /** + * 提取出xml数据包中的加密消息 + * @param xmltext 待提取的xml字符串 + * @return 提取出的加密消息字符串 + * @throws AesException + */ + public static Object[] extract(String xmltext) throws AesException { + Object[] result = new Object[3]; + try { + DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); + + String FEATURE = null; + // This is the PRIMARY defense. If DTDs (doctypes) are disallowed, almost all XML entity attacks are prevented + // Xerces 2 only - http://xerces.apache.org/xerces2-j/features.html#disallow-doctype-decl + FEATURE = "http://apache.org/xml/features/disallow-doctype-decl"; + dbf.setFeature(FEATURE, true); + + // If you can't completely disable DTDs, then at least do the following: + // Xerces 1 - http://xerces.apache.org/xerces-j/features.html#external-general-entities + // Xerces 2 - http://xerces.apache.org/xerces2-j/features.html#external-general-entities + // JDK7+ - http://xml.org/sax/features/external-general-entities + FEATURE = "http://xml.org/sax/features/external-general-entities"; + dbf.setFeature(FEATURE, false); + + // Xerces 1 - http://xerces.apache.org/xerces-j/features.html#external-parameter-entities + // Xerces 2 - http://xerces.apache.org/xerces2-j/features.html#external-parameter-entities + // JDK7+ - http://xml.org/sax/features/external-parameter-entities + FEATURE = "http://xml.org/sax/features/external-parameter-entities"; + dbf.setFeature(FEATURE, false); + + // Disable external DTDs as well + FEATURE = "http://apache.org/xml/features/nonvalidating/load-external-dtd"; + dbf.setFeature(FEATURE, false); + + // and these as well, per Timothy Morgan's 2014 paper: "XML Schema, DTD, and Entity Attacks" + dbf.setXIncludeAware(false); + dbf.setExpandEntityReferences(false); + + // And, per Timothy Morgan: "If for some reason support for inline DOCTYPEs are a requirement, then + // ensure the entity settings are disabled (as shown above) and beware that SSRF attacks + // (http://cwe.mitre.org/data/definitions/918.html) and denial + // of service attacks (such as billion laughs or decompression bombs via "jar:") are a risk." + + // remaining parser logic + DocumentBuilder db = dbf.newDocumentBuilder(); + StringReader sr = new StringReader(xmltext); + InputSource is = new InputSource(sr); + Document document = db.parse(is); + + Element root = document.getDocumentElement(); + NodeList nodelist1 = root.getElementsByTagName("Encrypt"); + result[0] = 0; + result[1] = nodelist1.item(0).getTextContent(); + return result; + } catch (Exception e) { + e.printStackTrace(); + throw new AesException(AesException.ParseXmlError); + } + } + + /** + * 生成xml消息 + * @param encrypt 加密后的消息密文 + * @param signature 安全签名 + * @param timestamp 时间戳 + * @param nonce 随机字符串 + * @return 生成的xml字符串 + */ + public static String generate(String encrypt, String signature, String timestamp, String nonce) { + + String format = "\n" + "\n" + + "\n" + + "%3$s\n" + "\n" + ""; + return String.format(format, encrypt, signature, timestamp, nonce); + + } +} diff --git a/src/main/java/com/example/mini_program/controller/VisitorApprovalController.java b/src/main/java/com/example/mini_program/controller/VisitorApprovalController.java new file mode 100644 index 0000000..c41ae1b --- /dev/null +++ b/src/main/java/com/example/mini_program/controller/VisitorApprovalController.java @@ -0,0 +1,101 @@ +package com.example.mini_program.controller; + +import com.example.mini_program.aes.WXBizMsgCrypt; +import com.example.mini_program.mapper.VisitApplicationMapper; +import org.json.JSONObject; +import org.json.XML; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.scheduling.annotation.Async; +import org.springframework.web.bind.annotation.*; + +import java.util.Set; +import java.util.concurrent.ConcurrentHashMap; + +@RestController +@RequestMapping("/visitor") +public class VisitorApprovalController { + + private static final Logger log = LoggerFactory.getLogger(VisitorApprovalController.class); + //发起文件审批时的审批编号,唯一标识一次审批 + private static final Set processedSet = ConcurrentHashMap.newKeySet(); + + @Value("${wx.corp.corpid:}") + private String corpId; + + @Value("${wx.corp.token:}") + private String token; + + @Value("${wx.corp.encodingAESKey:}") + private String encodingAESKey; + + @Value("${wx.corp.approval-template-id:}") + private String templateId; + + @Autowired + private VisitApplicationMapper visitApplicationMapper; + + /** + * 验证URL有效性(GET请求) + */ + @GetMapping("/approval/callback") + public String verifyUrl(@RequestParam(value = "msg_signature", required = false) String msgSignature, @RequestParam(value = "timestamp", required = false) String timestamp, @RequestParam(value = "nonce", required = false) String nonce, @RequestParam(value = "echostr", required = false) String echostr) { + + log.info("URL验证请求: msgSignature={}, timestamp={}, nonce={}", msgSignature, timestamp, nonce); + + + try { + WXBizMsgCrypt wxcpt = new WXBizMsgCrypt(token, encodingAESKey, corpId); + return wxcpt.VerifyURL(msgSignature, timestamp, nonce, echostr); + } catch (Exception e) { + log.error("URL验证失败", e); + return "error: " + e.getMessage(); + } + } + + /** + * 接收企业微信消息(POST请求) + */ + @PostMapping("/approval/callback") + public String receiveMessage(@RequestParam(value = "msg_signature", required = false) String msgSignature, + @RequestParam(value = "timestamp", required = false) String timestamp, + @RequestParam(value = "nonce", required = false) String nonce, + @RequestBody String requestBody) { + System.out.println("----------------------------------"); + // 异步处理,立即返回 + processApprovalAsync(msgSignature, timestamp, nonce, requestBody); + return "success"; + } + /** + * 异步处理审批(解密 + 解析 + 处理) + */ + @Async + public void processApprovalAsync(String msgSignature, String timestamp, String nonce, String requestBody) { + try { + WXBizMsgCrypt wxcpt = new WXBizMsgCrypt(token, encodingAESKey, corpId); + String sMsg = wxcpt.DecryptMsg(msgSignature, timestamp, nonce, requestBody); + JSONObject jsonObject = XML.toJSONObject(sMsg).getJSONObject("xml"); + JSONObject approvalInfo = jsonObject.getJSONObject("ApprovalInfo"); + // 检查是否是目标审批模板且已通过 + if (!templateId.equals(approvalInfo.getString("TemplateId"))) { + log.info("模板【{}】非目标审批模板",approvalInfo.getString("TemplateId") ); + return; + } + log.info("审批回调报文: {}", jsonObject); + //审批编号(唯一标识每次发起的审批) + String spNo = approvalInfo.getString("SpNoStr"); + //审批状态 + int spStatus = approvalInfo.getInt("SpStatus"); + //审批同意 + if (2 == spStatus) { + visitApplicationMapper.updateStatusBySpNo(spNo, "approved", "审批同意"); + }else if(3 == spStatus){ + visitApplicationMapper.updateStatusBySpNo(spNo, "rejected", "审批拒绝"); + } + } catch (Exception e) { + log.error("处理审批失败", e); + } + } +} diff --git a/src/main/java/com/example/mini_program/controller/WxLoginController.java b/src/main/java/com/example/mini_program/controller/WxLoginController.java index 63aed8f..e7364d4 100644 --- a/src/main/java/com/example/mini_program/controller/WxLoginController.java +++ b/src/main/java/com/example/mini_program/controller/WxLoginController.java @@ -1,6 +1,7 @@ package com.example.mini_program.controller; import com.example.mini_program.common.Result; +import com.example.mini_program.domain.WxLoginResult; import com.example.mini_program.service.WxLoginService; import lombok.RequiredArgsConstructor; import org.springframework.web.bind.annotation.*; @@ -17,17 +18,16 @@ public class WxLoginController { * 接收wx.login的code,换取openid */ @GetMapping("/login") - public Result login(@RequestParam String code) { + public Result login(@RequestParam String code) { if (code == null || code.trim().isEmpty()) { return Result.error("code不能为空"); } + WxLoginResult loginResult = wxLoginService.code2Session(code); - WxLoginService.WxLoginResult result = wxLoginService.code2Session(code); - - if ("0".equals(result.getErrcode()) || "".equals(result.getErrcode())) { - return Result.success(result); + if ("0".equals(loginResult.getErrcode()) || "".equals(loginResult.getErrcode())) { + return Result.success(loginResult); } else { - return Result.error(result.getErrcode(), result.getErrmsg()); + return Result.error(loginResult.getErrcode(), loginResult.getErrmsg()); } } } diff --git a/src/main/java/com/example/mini_program/domain/WxLoginResult.java b/src/main/java/com/example/mini_program/domain/WxLoginResult.java new file mode 100644 index 0000000..e3f2f33 --- /dev/null +++ b/src/main/java/com/example/mini_program/domain/WxLoginResult.java @@ -0,0 +1,19 @@ +package com.example.mini_program.domain; + +import com.fasterxml.jackson.annotation.JsonProperty; +import lombok.Data; + +@Data +public class WxLoginResult { + //会话密钥 + @JsonProperty("session_key") + private String sessionKey; + //用户在开放平台的唯一标识符,若当前小程序已绑定到微信开放平台帐号下会返回 + private String unionid; + //用户唯一标识 + private String openid; + //错误码,请求失败时返回 + private String errcode; + //错误信息,请求失败时返回 + private String errmsg; +} diff --git a/src/main/java/com/example/mini_program/mapper/VisitApplicationMapper.java b/src/main/java/com/example/mini_program/mapper/VisitApplicationMapper.java index 3a0231f..88909a0 100644 --- a/src/main/java/com/example/mini_program/mapper/VisitApplicationMapper.java +++ b/src/main/java/com/example/mini_program/mapper/VisitApplicationMapper.java @@ -68,4 +68,13 @@ public interface VisitApplicationMapper { * @return 影响行数 */ int updateStatus(@Param("id") String id, @Param("status") String status, @Param("statusText") String statusText); + /** + * 根据审批单号更新审批状态 + * + * @param spNo 审批编号 + * @param status 状态值 + * @param statusText 状态文本 + * @return 影响行数 + */ + int updateStatusBySpNo(@Param("spNo") String spNo, @Param("status") String status, @Param("statusText") String statusText); } diff --git a/src/main/java/com/example/mini_program/service/AppointmentService.java b/src/main/java/com/example/mini_program/service/AppointmentService.java index d362d61..365ef0f 100644 --- a/src/main/java/com/example/mini_program/service/AppointmentService.java +++ b/src/main/java/com/example/mini_program/service/AppointmentService.java @@ -59,15 +59,8 @@ public class AppointmentService { if (record.getVisitTime() != null && !record.getVisitTime().isEmpty()) { visitTime = record.getVisitDate() + " " + record.getVisitTime(); } - String spNo = wxApprovalService.submitApproval( - creatorUserId, - record.getName(), - record.getPhone(), - record.getCompany(), - record.getReason(), - visitTime, - record.getHostName(), - record.getArea() + String spNo = wxApprovalService.submitApproval(creatorUserId, record.getName(), record.getPhone(), + record.getCompany(), record.getReason(), visitTime, record.getHostName(), record.getArea() ); record.setSpNo(spNo); log.info("企业微信审批提交成功, spNo: {}", spNo); diff --git a/src/main/java/com/example/mini_program/service/WxLoginService.java b/src/main/java/com/example/mini_program/service/WxLoginService.java index b862649..ee4f1a0 100644 --- a/src/main/java/com/example/mini_program/service/WxLoginService.java +++ b/src/main/java/com/example/mini_program/service/WxLoginService.java @@ -1,6 +1,7 @@ package com.example.mini_program.service; import com.example.mini_program.config.WxMiniAppConfig; +import com.example.mini_program.domain.WxLoginResult; import com.fasterxml.jackson.annotation.JsonProperty; import lombok.Data; import org.json.JSONObject; @@ -12,7 +13,7 @@ import org.springframework.web.client.RestTemplate; @Service public class WxLoginService { - private static final Logger logger = LoggerFactory.getLogger(WxLoginService.class); + private static final Logger log = LoggerFactory.getLogger(WxLoginService.class); private static final String JSCODE2SESSION_URL = "https://api.weixin.qq.com/sns/jscode2session?appid=%s&secret=%s&js_code=%s&grant_type=authorization_code"; @@ -28,16 +29,11 @@ public class WxLoginService { * 调用微信接口用code换取openid */ public WxLoginResult code2Session(String code) { - String url = String.format(JSCODE2SESSION_URL, - wxMiniAppConfig.getAppid(), - wxMiniAppConfig.getSecret(), - code); - - logger.info("调用微信jscode2session接口, code: {}", code); - + String url = String.format(JSCODE2SESSION_URL, wxMiniAppConfig.getAppid(), wxMiniAppConfig.getSecret(), code); + log.info("调用微信jscode2session接口, code: {}", code); try { String response = restTemplate.getForObject(url, String.class); - logger.info("微信返回原始结果: {}", response); + log.info("微信返回原始结果: {}", response); JSONObject json = new JSONObject(response); WxLoginResult result = new WxLoginResult(); @@ -47,11 +43,11 @@ public class WxLoginService { result.setErrcode(json.optString("errcode")); result.setErrmsg(json.optString("errmsg")); - logger.info("解析后结果: openid={}, unionid={}, errcode={}", + log.info("解析后结果: openid={}, unionid={}, errcode={}", result.getOpenid(), result.getUnionid(), result.getErrcode()); return result; } catch (Exception e) { - logger.error("调用微信接口失败", e); + log.error("调用微信接口失败", e); WxLoginResult errorResult = new WxLoginResult(); errorResult.setErrcode("-1"); errorResult.setErrmsg("系统错误: " + e.getMessage()); @@ -59,15 +55,15 @@ public class WxLoginService { } } - @Data - public static class WxLoginResult { - - @JsonProperty("session_key") - private String sessionKey; - - private String unionid; - private String openid; - private String errcode; - private String errmsg; - } +// @Data +// public static class WxLoginResult { +// +// @JsonProperty("session_key") +// private String sessionKey; +// +// private String unionid; +// private String openid; +// private String errcode; +// private String errmsg; +// } } diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index a4c56dd..a3573f9 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -26,7 +26,18 @@ wx: # 审批回调URL(可选) callback-url: http://your-domain.com/api/wx-corp/approval-callback # 审批申请人用户ID(提交审批的企微用户) - creator-userid: i + creator-userid: ChengLiJuan + + # 【访客预约】】应用ID + agentId: 1000006 + # 【访客预约】Secret + secret: y05BBs2pxgwT0n0__cbYd5GRthlrzfDyrKQPOLtiWkg + # 【访客预约】token + token: V4fj9vnzfrCaEza4MWB4IOUhgJ0p2c + # 【访客预约】EncodingAESKey + encodingAESKey: PTQGH2kHgA8QFPswNrVBknWVKwljNt7NjzRARSd6DOU + + # MyBatis配置 mybatis: diff --git a/src/main/resources/mapper/VisitApplicationMapper.xml b/src/main/resources/mapper/VisitApplicationMapper.xml index 96619ac..a6429f3 100644 --- a/src/main/resources/mapper/VisitApplicationMapper.xml +++ b/src/main/resources/mapper/VisitApplicationMapper.xml @@ -76,4 +76,10 @@ WHERE id = #{id} AND status = 'pending' + + UPDATE visit_application + SET status = #{status}, status_text = #{statusText} + WHERE sp_no = #{spNo} AND status = 'pending' + +