gfd_wechat 0.0.1

data/lib/wechat/concern/common.rb

@@ -0,0 +1,217 @@
+module Wechat
+  module Concern
+    module Common
+      WXA_BASE    = 'https://api.weixin.qq.com/wxa/'.freeze
+      API_BASE    = 'https://api.weixin.qq.com/cgi-bin/'.freeze
+      OAUTH2_BASE = 'https://api.weixin.qq.com/sns/'.freeze
+
+      def initialize(appid, secret, token_file, timeout, skip_verify_ssl, jsapi_ticket_file)
+        @client = HttpClient.new(API_BASE, timeout, skip_verify_ssl)
+        @access_token = Token::PublicAccessToken.new(@client, appid, secret, token_file)
+        @jsapi_ticket = Ticket::PublicJsapiTicket.new(@client, @access_token, jsapi_ticket_file)
+      end
+
+      def groups
+        get 'groups/get'
+      end
+
+      def group_create(group_name)
+        post 'groups/create', JSON.generate(group: { name: group_name })
+      end
+
+      def group_update(groupid, new_group_name)
+        post 'groups/update', JSON.generate(group: { id: groupid, name: new_group_name })
+      end
+
+      def group_delete(groupid)
+        post 'groups/delete', JSON.generate(group: { id: groupid })
+      end
+
+      def users(nextid = nil)
+        params = { params: { next_openid: nextid } } if nextid.present?
+        get('user/get', params || {})
+      end
+
+      def user(openid)
+        get 'user/info', params: { openid: openid }
+      end
+
+      def user_batchget(openids, lang = 'zh-CN')
+        post 'user/info/batchget', JSON.generate(user_list: openids.collect { |v| { openid: v, lang: lang } })
+      end
+
+      def user_group(openid)
+        post 'groups/getid', JSON.generate(openid: openid)
+      end
+
+      def user_change_group(openid, to_groupid)
+        post 'groups/members/update', JSON.generate(openid: openid, to_groupid: to_groupid)
+      end
+
+      def user_update_remark(openid, remark)
+        post 'user/info/updateremark', JSON.generate(openid: openid, remark: remark)
+      end
+
+      def qrcode_create_scene(scene_id_or_str, expire_seconds = 604800)
+        case scene_id_or_str
+        when 0.class
+          post 'qrcode/create', JSON.generate(expire_seconds: expire_seconds,
+                                              action_name: 'QR_SCENE',
+                                              action_info: { scene: { scene_id: scene_id_or_str } })
+        else
+          post 'qrcode/create', JSON.generate(expire_seconds: expire_seconds,
+                                              action_name: 'QR_STR_SCENE',
+                                              action_info: { scene: { scene_str: scene_id_or_str } })
+        end
+      end
+
+      def qrcode_create_limit_scene(scene_id_or_str)
+        case scene_id_or_str
+        when 0.class
+          post 'qrcode/create', JSON.generate(action_name: 'QR_LIMIT_SCENE',
+                                              action_info: { scene: { scene_id: scene_id_or_str } })
+        else
+          post 'qrcode/create', JSON.generate(action_name: 'QR_LIMIT_STR_SCENE',
+                                              action_info: { scene: { scene_str: scene_id_or_str } })
+        end
+      end
+
+      def shorturl(long_url)
+        post 'shorturl', JSON.generate(action: 'long2short', long_url: long_url)
+      end
+
+      def message_mass_sendall(message)
+        post 'message/mass/sendall', message.to_json
+      end
+
+      def message_mass_delete(msg_id)
+        post 'message/mass/delete', JSON.generate(msg_id: msg_id)
+      end
+
+      def message_mass_preview(message)
+        post 'message/mass/preview', message.to_json
+      end
+
+      def message_mass_get(msg_id)
+        post 'message/mass/get', JSON.generate(msg_id: msg_id)
+      end
+
+      def wxa_get_wxacode(path, width = 430)
+        post 'getwxacode', JSON.generate(path: path, width: width), base: WXA_BASE
+      end
+
+      def wxa_create_qrcode(path, width = 430)
+        post 'wxaapp/createwxaqrcode', JSON.generate(path: path, width: width)
+      end
+
+      def menu
+        get 'menu/get'
+      end
+
+      def menu_delete
+        get 'menu/delete'
+      end
+
+      def menu_create(menu)
+        # 微信不接受7bit escaped json(eg \uxxxx), 中文必须UTF-8编码, 这可能是个安全漏洞
+        post 'menu/create', JSON.generate(menu)
+      end
+
+      def menu_addconditional(menu)
+        # Wechat not accept 7bit escaped json(eg \uxxxx), must using UTF-8, possible security vulnerability?
+        post 'menu/addconditional', JSON.generate(menu)
+      end
+
+      def menu_trymatch(user_id)
+        post 'menu/trymatch', JSON.generate(user_id: user_id)
+      end
+
+      def menu_delconditional(menuid)
+        post 'menu/delconditional', JSON.generate(menuid: menuid)
+      end
+
+      def material(media_id)
+        get 'material/get', params: { media_id: media_id }, as: :file
+      end
+
+      def material_count
+        get 'material/get_materialcount'
+      end
+
+      def material_list(type, offset, count)
+        post 'material/batchget_material', JSON.generate(type: type, offset: offset, count: count)
+      end
+
+      def material_add(type, file)
+        post_file 'material/add_material', file, params: { type: type }
+      end
+
+      def material_delete(media_id)
+        post 'material/del_material', JSON.generate(media_id: media_id)
+      end
+
+      def custom_message_send(message)
+        post 'message/custom/send', message.is_a?(Wechat::Message) ? message.to_json : JSON.generate(message), content_type: :json
+      end
+
+      def customservice_getonlinekflist
+        get 'customservice/getonlinekflist'
+      end
+
+      def tags
+        get 'tags/get'
+      end
+
+      def tag_create(tag_name)
+        post 'tags/create', JSON.generate(tag: { name: tag_name })
+      end
+
+      def tag_update(tagid, new_tag_name)
+        post 'tags/update', JSON.generate(tag: { id: tagid, name: new_tag_name })
+      end
+
+      def tag_delete(tagid)
+        post 'tags/delete', JSON.generate(tag: { id: tagid })
+      end
+
+      def tag_add_user(tagid, openids)
+        post 'tags/members/batchtagging', JSON.generate(openid_list: openids, tagid: tagid)
+      end
+
+      def tag_del_user(tagid, openids)
+        post 'tags/members/batchuntagging', JSON.generate(openid_list: openids, tagid: tagid)
+      end
+
+      def tag(tagid, next_openid = '')
+        post 'user/tag/get', JSON.generate(tagid: tagid, next_openid: next_openid)
+      end
+
+      def web_access_token(code)
+        params = {
+          appid: access_token.appid,
+          secret: access_token.secret,
+          code: code,
+          grant_type: 'authorization_code'
+        }
+        client.get 'oauth2/access_token', params: params, base: OAUTH2_BASE
+      end
+
+      def web_auth_access_token(web_access_token, openid)
+        client.get 'auth', params: { access_token: web_access_token, openid: openid }, base: OAUTH2_BASE
+      end
+
+      def web_refresh_access_token(user_refresh_token)
+        params = {
+          appid: access_token.appid,
+          grant_type: 'refresh_token',
+          refresh_token: user_refresh_token
+        }
+        client.get 'oauth2/refresh_token', params: params, base: OAUTH2_BASE
+      end
+
+      def web_userinfo(web_access_token, openid, lang = 'zh_CN')
+        client.get 'userinfo', params: { access_token: web_access_token, openid: openid, lang: lang }, base: OAUTH2_BASE
+      end
+    end
+  end
+end

data/lib/wechat/controller_api.rb

@@ -0,0 +1,96 @@
+module Wechat
+  module ControllerApi
+    extend ActiveSupport::Concern
+
+    module ClassMethods
+      attr_accessor :wechat_api_client, :wechat_cfg_account, :token, :appid, :corpid, :agentid, :encrypt_mode, :timeout,
+                    :skip_verify_ssl, :encoding_aes_key, :trusted_domain_fullname, :oauth2_cookie_duration
+    end
+
+    def wechat(account = nil)
+      # Make sure user can continue access wechat at instance level similar to class level
+      self.class.wechat(account)
+    end
+
+    def wechat_oauth2(scope = 'snsapi_base', page_url = nil, account = nil, &block)
+      # ensure wechat initialization
+      self.class.corpid || self.class.appid || self.class.wechat
+
+      api = wechat(account)
+      if account
+        config = Wechat.config(account)
+        appid = config.corpid || config.appid
+        is_crop_account = !!config.corpid
+      else
+        appid = self.class.corpid || self.class.appid
+        is_crop_account = !!self.class.corpid
+      end
+
+      raise 'Can not get corpid or appid, so please configure it first to using wechat_oauth2' if appid.blank?
+
+      oauth2_params = {
+        appid: appid,
+        redirect_uri: page_url || generate_redirect_uri(account),
+        scope: scope,
+        response_type: 'code',
+        state: api.jsapi_ticket.oauth2_state
+      }
+
+      return generate_oauth2_url(oauth2_params) unless block_given?
+      is_crop_account ? wechat_corp_oauth2(oauth2_params, account, &block) : wechat_public_oauth2(oauth2_params, account, &block)
+    end
+
+    private
+
+    def wechat_public_oauth2(oauth2_params, account = nil)
+      openid  = cookies.signed_or_encrypted[:we_openid]
+      unionid = cookies.signed_or_encrypted[:we_unionid]
+      we_token = cookies.signed_or_encrypted[:we_access_token]
+      if openid.present?
+        yield openid, { 'openid' => openid, 'unionid' => unionid, 'access_token' => we_token}
+      elsif params[:code].present? && params[:state] == oauth2_params[:state]
+        access_info = wechat(account).web_access_token(params[:code])
+        cookies.signed_or_encrypted[:we_openid] = { value: access_info['openid'], expires: self.class.oauth2_cookie_duration.from_now }
+        cookies.signed_or_encrypted[:we_unionid] = { value: access_info['unionid'], expires: self.class.oauth2_cookie_duration.from_now }
+        cookies.signed_or_encrypted[:we_access_token] = { value: access_info['access_token'], expires: self.class.oauth2_cookie_duration.from_now }
+        yield access_info['openid'], access_info
+      else
+        redirect_to generate_oauth2_url(oauth2_params)
+      end
+    end
+
+    def wechat_corp_oauth2(oauth2_params, account = nil)
+      userid   = cookies.signed_or_encrypted[:we_userid]
+      deviceid = cookies.signed_or_encrypted[:we_deviceid]
+      if userid.present? && deviceid.present?
+        yield userid, { 'UserId' => userid, 'DeviceId' => deviceid }
+      elsif params[:code].present? && params[:state] == oauth2_params[:state]
+        userinfo = wechat(account).getuserinfo(params[:code])
+        cookies.signed_or_encrypted[:we_userid] = { value: userinfo['UserId'], expires: self.class.oauth2_cookie_duration.from_now }
+        cookies.signed_or_encrypted[:we_deviceid] = { value: userinfo['DeviceId'], expires: self.class.oauth2_cookie_duration.from_now }
+        yield userinfo['UserId'], userinfo
+      else
+        redirect_to generate_oauth2_url(oauth2_params)
+      end
+    end
+
+    def generate_redirect_uri(account = nil)
+      domain_name = if account
+        Wechat.config(account).trusted_domain_fullname
+      else
+        self.class.trusted_domain_fullname
+      end
+      page_url = domain_name ? "#{domain_name}#{request.original_fullpath}" : request.original_url
+      safe_query = request.query_parameters.reject { |k, _| %w(code state access_token).include? k }.to_query
+      page_url.sub(request.query_string, safe_query)
+    end
+
+    def generate_oauth2_url(oauth2_params)
+      if oauth2_params[:scope] == 'snsapi_login'
+        "https://open.weixin.qq.com/connect/qrconnect?#{oauth2_params.to_query}#wechat_redirect"
+      else
+        "https://open.weixin.qq.com/connect/oauth2/authorize?#{oauth2_params.to_query}#wechat_redirect"
+      end
+    end
+  end
+end

data/lib/wechat/corp_api.rb

@@ -0,0 +1,168 @@
+require 'wechat/api_base'
+require 'wechat/http_client'
+require 'wechat/token/corp_access_token'
+require 'wechat/ticket/corp_jsapi_ticket'
+
+module Wechat
+  class CorpApi < ApiBase
+    attr_reader :agentid
+
+    API_BASE = 'https://qyapi.weixin.qq.com/cgi-bin/'.freeze
+
+    def initialize(appid, secret, token_file, agentid, timeout, skip_verify_ssl, jsapi_ticket_file)
+      @client = HttpClient.new(API_BASE, timeout, skip_verify_ssl)
+      @access_token = Token::CorpAccessToken.new(@client, appid, secret, token_file)
+      @agentid = agentid
+      @jsapi_ticket = Ticket::CorpJsapiTicket.new(@client, @access_token, jsapi_ticket_file)
+    end
+
+    def agent_list
+      get 'agent/list'
+    end
+
+    def agent(agentid)
+      get 'agent/get', params: { agentid: agentid }
+    end
+
+    def user(userid)
+      get 'user/get', params: { userid: userid }
+    end
+
+    def getuserinfo(code)
+      get 'user/getuserinfo', params: { code: code }
+    end
+
+    def convert_to_openid(userid)
+      post 'user/convert_to_openid', JSON.generate(userid: userid, agentid: agentid)
+    end
+
+    def invite_user(userid)
+      post 'invite/send', JSON.generate(userid: userid)
+    end
+
+    def user_auth_success(userid)
+      get 'user/authsucc', params: { userid: userid }
+    end
+
+    def user_create(user)
+      post 'user/create', JSON.generate(user)
+    end
+
+    def user_delete(userid)
+      get 'user/delete', params: { userid: userid }
+    end
+
+    def user_batchdelete(useridlist)
+      post 'user/batchdelete', JSON.generate(useridlist: useridlist)
+    end
+
+    def batch_job_result(jobid)
+      get 'batch/getresult', params: { jobid: jobid }
+    end
+
+    def batch_replaceparty(media_id)
+      post 'batch/replaceparty', JSON.generate(media_id: media_id)
+    end
+
+    def batch_syncuser(media_id)
+      post 'batch/syncuser', JSON.generate(media_id: media_id)
+    end
+
+    def batch_replaceuser(media_id)
+      post 'batch/replaceuser', JSON.generate(media_id: media_id)
+    end
+
+    def department_create(name, parentid)
+      post 'department/create', JSON.generate(name: name, parentid: parentid)
+    end
+
+    def department_delete(departmentid)
+      get 'department/delete', params: { id: departmentid }
+    end
+
+    def department_update(departmentid, name = nil, parentid = nil, order = nil)
+      post 'department/update', JSON.generate({ id: departmentid, name: name, parentid: parentid, order: order }.reject { |_k, v| v.nil? })
+    end
+
+    def department(departmentid = 1)
+      get 'department/list', params: { id: departmentid }
+    end
+
+    def user_simplelist(department_id, fetch_child = 0, status = 0)
+      get 'user/simplelist', params: { department_id: department_id, fetch_child: fetch_child, status: status }
+    end
+
+    def user_list(department_id, fetch_child = 0, status = 0)
+      get 'user/list', params: { department_id: department_id, fetch_child: fetch_child, status: status }
+    end
+
+    def tag_create(tagname, tagid = nil)
+      post 'tag/create', JSON.generate(tagname: tagname, tagid: tagid)
+    end
+
+    def tag_update(tagid, tagname)
+      post 'tag/update', JSON.generate(tagid: tagid, tagname: tagname)
+    end
+
+    def tag_delete(tagid)
+      get 'tag/delete', params: { tagid: tagid }
+    end
+
+    def tags
+      get 'tag/list'
+    end
+
+    def tag(tagid)
+      get 'tag/get', params: { tagid: tagid }
+    end
+
+    def tag_add_user(tagid, userids = nil, departmentids = nil)
+      post 'tag/addtagusers', JSON.generate(tagid: tagid, userlist: userids, partylist: departmentids)
+    end
+
+    def tag_del_user(tagid, userids = nil, departmentids = nil)
+      post 'tag/deltagusers', JSON.generate(tagid: tagid, userlist: userids, partylist: departmentids)
+    end
+
+    def menu
+      get 'menu/get', params: { agentid: agentid }
+    end
+
+    def menu_delete
+      get 'menu/delete', params: { agentid: agentid }
+    end
+
+    def menu_create(menu)
+      # 微信不接受7bit escaped json(eg \uxxxx), 中文必须UTF-8编码, 这可能是个安全漏洞
+      post 'menu/create', JSON.generate(menu), params: { agentid: agentid }
+    end
+
+    def material_count
+      get 'material/get_count', params: { agentid: agentid }
+    end
+
+    def material_list(type, offset, count)
+      post 'material/batchget', JSON.generate(type: type, agentid: agentid, offset: offset, count: count)
+    end
+
+    def material(media_id)
+      get 'material/get', params: { media_id: media_id, agentid: agentid }, as: :file
+    end
+
+    def material_add(type, file)
+      post_file 'material/add_material', file, params: { type: type, agentid: agentid }
+    end
+
+    def material_delete(media_id)
+      get 'material/del', params: { media_id: media_id, agentid: agentid }
+    end
+
+    def message_send(userid, message)
+      post 'message/send', Message.to(userid).text(message).agent_id(agentid).to_json, content_type: :json
+    end
+
+    def custom_message_send(message)
+      post 'message/send', message.is_a?(Wechat::Message) ? message.agent_id(agentid).to_json : JSON.generate(message.merge(agent_id: agentid)), content_type: :json
+    end
+  end
+end

data/lib/wechat/helpers.rb

@@ -0,0 +1,47 @@
+module Wechat
+  module Helpers
+    def wechat_config_js(config_options = {})
+      account = config_options[:account]
+
+      # Get domain_name, api and app_id
+      if account.blank? || account == controller.class.wechat_cfg_account
+        # default account
+        domain_name = controller.class.trusted_domain_fullname
+        api = controller.wechat
+        app_id = controller.class.corpid || controller.class.appid
+      else
+        # not default account
+        config = Wechat.config(account)
+        domain_name = config.trusted_domain_fullname
+        api = controller.wechat(account)
+        app_id = config.corpid || config.appid
+      end
+
+      page_url = if domain_name
+                   "#{domain_name}#{controller.request.original_fullpath}"
+                 else
+                   controller.request.original_url
+                 end
+      page_url = page_url.split('#').first if is_ios? 
+      js_hash = api.jsapi_ticket.signature(page_url)
+
+      config_js = <<-WECHAT_CONFIG_JS
+wx.config({
+  debug: #{config_options[:debug]},
+  appId: "#{app_id}",
+  timestamp: "#{js_hash[:timestamp]}",
+  nonceStr: "#{js_hash[:noncestr]}",
+  signature: "#{js_hash[:signature]}",
+  jsApiList: ['#{config_options[:api].join("','")}']
+});
+WECHAT_CONFIG_JS
+      javascript_tag config_js, type: 'application/javascript'
+    end
+
+    private
+
+    def is_ios?
+      controller.request.user_agent.match(/\(i[^;]+;( U;)? CPU.+Mac OS X/)
+    end
+  end
+end

data/lib/wechat/http_client.rb

@@ -0,0 +1,112 @@
+require 'http'
+
+module Wechat
+  class HttpClient
+    attr_reader :base, :ssl_context, :httprb
+
+    def initialize(base, timeout, skip_verify_ssl)
+      @base = base
+      @httprb = HTTP.timeout(:global, write: timeout, connect: timeout, read: timeout)
+      @ssl_context = OpenSSL::SSL::SSLContext.new
+      @ssl_context.ssl_version = :TLSv1
+      @ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE if skip_verify_ssl
+    end
+
+    def get(path, get_header = {})
+      request(path, get_header) do |url, header|
+        params = header.delete(:params)
+        httprb.headers(header).get(url, params: params, ssl_context: ssl_context)
+      end
+    end
+
+    def post(path, payload, post_header = {})
+      request(path, post_header) do |url, header|
+        params = header.delete(:params)
+        httprb.headers(header).post(url, params: params, body: payload, ssl_context: ssl_context)
+      end
+    end
+
+    def post_file(path, file, post_header = {})
+      request(path, post_header) do |url, header|
+        params = header.delete(:params)
+        form_file = file.is_a?(HTTP::FormData::File) ? file : HTTP::FormData::File.new(file)
+        httprb.headers(header)
+          .post(url, params: params,
+                     form: { media: form_file,
+                             hack: 'X' }, # Existing here for http-form_data 1.0.1 handle single param improperly
+                     ssl_context: ssl_context)
+      end
+    end
+
+    private
+
+    def request(path, header = {}, &_block)
+      url_base = header.delete(:base) || base
+      as = header.delete(:as)
+      access_token = header.delete(:access_token)
+      token = access_token.present? ? "?access_token=#{access_token}" : nil
+      header['Accept'] ||= 'application/json'
+      response = yield("#{url_base}#{path}#{token}", header)
+
+      raise "Request not OK, response status #{response.status}" if response.status != 200
+      parse_response(response, as || :json) do |parse_as, data|
+        break data unless parse_as == :json && data['errcode'].present?
+
+        case data['errcode']
+        when 0 # for request didn't expect results
+          data
+        # 42001: access_token timeout
+        # 40014: invalid access_token
+        # 40001, invalid credential, access_token is invalid or not latest hint
+        # 48001, api unauthorized hint, should not handle here # GH-230
+        when 42001, 40014, 40001
+          raise AccessTokenExpiredError
+        # 40029, invalid code for mp # GH-225
+        # 43004, require subscribe hint # GH-214
+        else
+          raise ResponseError.new(data['errcode'], data['errmsg'])
+        end
+      end
+    end
+
+    def parse_response(response, as)
+      content_type = response.headers[:content_type]
+      parse_as = {
+        %r{^application\/json} => :json,
+        %r{^image\/.*}         => :file,
+        %r{^audio\/.*}         => :file,
+        %r{^voice\/.*}         => :file,
+        %r{^text\/html}        => :xml,
+        %r{^text\/plain}       => :probably_json
+      }.each_with_object([]) { |match, memo| memo << match[1] if content_type =~ match[0] }.first || as || :text
+
+      # try to parse response as json, fallback to user-specified format or text if failed
+      if parse_as == :probably_json
+        data = JSON.parse response.body.to_s.gsub(/[\u0000-\u001f]+/, '') rescue nil
+        if data
+          return yield(:json, data)
+        else
+          parse_as = as || :text
+        end
+      end
+
+      case parse_as
+      when :file
+        file = Tempfile.new('tmp')
+        file.binmode
+        file.write(response.body)
+        file.close
+        data = file
+
+      when :json
+        data = JSON.parse response.body.to_s.gsub(/[\u0000-\u001f]+/, '')
+      when :xml
+        data = Hash.from_xml(response.body.to_s)
+      else
+        data = response.body
+      end
+
+      yield(parse_as, data)
+    end
+  end
+end