open_qq 3.0.1 → 3.0.2

data/README.md

@@ -11,7 +11,7 @@ gem install open_qq
 
 ## 使用
 
-使用非常简单，传入应用的appid, appkey和环境地址env _http://openapi.tencentyun.com_ 或者 _http://119.147.19.43_ 即可
+使用非常简单，传入应用的`appid`, `appkey`和环境地址`env`
 
 ```ruby
 require 'rubygems'
@@ -19,6 +19,9 @@ require 'open_qq'
 
 OpenQq.setup(:appid => '123', :appkey => '456', :env => 'http://119.147.19.43')
 
+# 或者https
+OpenQq.setup(:appid => '123', :appkey => '456', :env => 'https://119.147.19.43')
+
 # get请求
 user_info = OpenQq.get('/v3/user/get_info', :openid => '111',:openkey => '222')
 
@@ -42,7 +45,7 @@ puts user_info
 ```ruby
 options   = {:appid => 'newappid', :appkey => 'newappkey', :env => 'http://newenv'}
 
-user_info = OpenQq.start('/v3/user/get_info', options) do |request|
+user_info = OpenQq.call('/v3/user/get_info', options) do |request|
   
   request.get {:openid => '111',:openkey => '222'}
 
@@ -55,6 +58,29 @@ user_info.nickname
 # => 'foo'
 ```
 
+回调协议签名验证
+
+```ruby
+params = {openid: 'test001', appid: '33758', sig: 'VvKwcaMqUNpKhx0XfCvOqPRiAnU%3D'}
+OpenQq.verify_callback_sig(:get, '/cgi-bin/temp.py', params)
+# => true or false
+
+#指定特定的appkey
+OpenQq.verify_callback_sig(:get, '/cgi-bin/temp.py', params, 'xxxxxx')
+
+# 在rails中使用
+class OpenQqController < ApplicationController
+  include OpenQq::Rails::ActionController
+
+  def index
+    if verify_callback_sig
+      ...do something
+    end
+  end
+end
+
+```
+
 ## 在rails中使用
 
 首先在Gemfile中添加
@@ -107,4 +133,11 @@ puts sig # 与联调结果比对
 * 测试基本覆盖，可以下载下来执行`rake`
 * bug反馈[Issue](https://github.com/zires/open_qq/issues)
 
-#### This project rocks and uses MIT-LICENSE.
+## Changelog
+
+* 2012/09/11 
+增加对https的支持
+支持支付回调协议签名验证
+
+
+## This project rocks and uses MIT-LICENSE.

data/lib/open_qq/gateway.rb

@@ -7,7 +7,7 @@
 require 'open_qq/signature'
 require 'open_qq/error'
 require 'ostruct'
-require 'net/http'
+require 'net/https'
 
 module OpenQq
   class Gateway
@@ -18,7 +18,11 @@ module OpenQq
 
     # @param [String] appid
     # @param [String] appkey
-    # @param [String] env 调用的环境地址.生产环境: <http://openapi.tencentyun.com> 测试环境: <http://119.147.19.43>
+    # @param [String] env 调用的环境地址
+    #
+    # @example
+    #   OpenQq::Gateway.new('1111', '2222', 'http://119.147.19.43')
+    #   OpenQq::Gateway.new('1111', '2222', 'https://openapi.tencentyun.com')
     def initialize(appid, appkey, env)
       @appid   = appid
       @appkey  = appkey
@@ -30,6 +34,11 @@ module OpenQq
       @env  = env
       uri   = URI.parse(env)
       @http = Net::HTTP.new(uri.host, uri.port)
+      # HTTPS
+      if uri.scheme == "https"
+        @http.use_ssl     = true
+        @http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      end
     end
 
     # @param [String] url which api you want to call
@@ -46,28 +55,33 @@ module OpenQq
     #   user_info = gateway.get('/v3/user/get_info', {:openid => '11'}, {:raw => true} )
     #   user_info.nickname # => '{"nickname":"foo"}'
     #
-    # @return (@see #call)
+    # @return (see #call)
     def get(url, params = {}, options = {})
-      parsed_params = each_pair_escape( wrap(:get, url, params) ).map{|k,v| "#{k}=#{v}"}.join('&')
+      parsed_params = Gateway.each_pair_escape( wrap(:get, url, params) ).map{|k,v| "#{k}=#{v}"}.join('&')
       get_request   = Net::HTTP::Get.new("#{url}?#{parsed_params}")
       self.call( get_request, options.merge(:format => params[:format]) )
     end
 
     # @param (see #get)
     #
-    # @return (@see #call)
+    # @return (see #call)
     def post(url, params = {}, options = {})
       post_request = Net::HTTP::Post.new(url)
       post_request.set_form_data wrap(:post, url, params)
       self.call( post_request, options.merge(:format => params[:format]) )
     end
 
+    # wrap `http_method`, `url`, `params` together
     def wrap(http_method, url, params)
       params = params.merge(:appid => @appid)
-      params[:sig] = signature( "#{@appkey}&", make_source(http_method.to_s.upcase, url, params) )
+      params[:sig] = Gateway.signature( "#{@appkey}&", Gateway.make_source(http_method.to_s.upcase, url, params) )
       params
     end
 
+    class << self
+      include Signature
+    end
+
     protected
 
     # Call the request and format the output
@@ -87,9 +101,5 @@ module OpenQq
       OpenStruct.new( JSON.parse(response.body) )
     end
 
-    private
-
-    include Signature
-
   end
 end

data/lib/open_qq/rails/action_controller.rb

@@ -0,0 +1,32 @@
+# encoding: utf-8
+#
+# --
+# @author zires
+# @email  zshuaibin@gmail.com
+#
+module OpenQq
+  module Rails
+    module ActionController
+      extend ActiveSupport::Concern
+
+      private
+      # @example
+      #   class OpenQqController < ApplicationController
+      #     include OpenQq::Rails::ActionController
+      #
+      #     def index
+      #       if verify_callback_sig
+      #          ...do something
+      #       end
+      #     end
+      #   end
+      # @return [Boolean]
+      def verify_callback_sig(key = nil)
+        logger.debug "Appkey: #{key ||= OpenQq.appkey} method: #{request.method} url: #{request.fullpath.split("?")[0]}"
+        logger.debug "params: #{params.slice!(:action, :controller).inspect}"
+        OpenQq.verify_callback_sig(request.method, request.fullpath.split("?")[0], params.slice!(:action, :controller), key)
+      end
+
+    end
+  end
+end

data/lib/open_qq/railtie.rb

@@ -17,7 +17,13 @@ module OpenQq
           puts e.message
         end
       end
-    end 
+    end
+
+    initializer "load open_qq controller method" do
+      ActiveSupport.on_load(:action_controller) do
+        require 'open_qq/rails/action_controller'
+      end
+    end
 
   end
 end

data/lib/open_qq/signature.rb

@@ -28,5 +28,17 @@ module OpenQq
       "#{http_method}&#{url_escape(url)}&#{escape_opt}"
     end
 
+    def make_callback_source(http_method, url, options)
+      escape_opt = options.sort_by{|k,v| k.to_s}.map do |kv|
+        value = URI.escape(kv.last, /[^0-9a-zA-Z!*()]/)
+        "#{kv.first}=#{value}"
+      end.join('&')
+      "#{http_method}&#{url_escape(url)}&#{url_escape(escape_opt)}"
+    end
+
+    def verify_sig(sig, key, http_method, url, options)
+      sig == url_escape( signature(key, make_callback_source(http_method, url, options)) )
+    end
+
   end
 end

data/lib/open_qq/version.rb

@@ -6,5 +6,5 @@
 #
 module OpenQq
   # 3.0表示OpenAPI版本, 小数点第二位表示SDK版本
-  VERSION = "3.0.1"
+  VERSION = "3.0.2"
 end

data/lib/open_qq.rb

@@ -23,10 +23,10 @@ module OpenQq
     delegate :appid, :appkey, :env, :get, :post, :wrap, :to => :@gateway
 
     # @example
-    #   OpenQq.start('/v3/user/get_info', { :appid => 123 }) do |request|
+    #   OpenQq.call('/v3/user/get_info', { :appid => 123 }) do |request|
     #     request.get({:openid => '111'})
     #   end
-    def start(url, options)
+    def call(url, options)
       request = OpenQq::Request.new(options.with_indifferent_access)
       if block_given?
         yield request
@@ -35,6 +35,22 @@ module OpenQq
       end
     end
 
+    alias start call
+
+    # @example
+    #   params = {openid: 'test001', appid: '33758', sig: 'VvKwcaMqUNpKhx0XfCvOqPRiAnU%3D'}
+    #   OpenQq.verify_callback_sig(:get, '/cgi-bin/temp.py', params)
+    #   #diffenert key
+    #   OpenQq.verify_callback_sig(:get, '/cgi-bin/temp.py', params, 'xxxxxx')
+    #
+    # @return [Boolean]
+    def verify_callback_sig(http_method, url, params, key = nil)
+      key  ||= appkey
+      params = params.dup
+      sig    = params.delete('sig') || params.delete(:sig)
+      Gateway.verify_sig(sig, "#{key}&", http_method.to_s.upcase, url, params)
+    end
+    
   end
 end
 

data/test/open_qq/gateway_test.rb

@@ -50,4 +50,12 @@ class OpenQq::GatewayTest < MiniTest::Unit::TestCase
     assert_equal 2001, gateway.get('/v3/user/get_info', params).ret
   end
 
+  def test_https_request
+    gateway = OpenQq::Gateway.new(@appid, @appkey, 'https://119.147.19.43')
+    http = gateway.instance_variable_get(:@http)
+    assert_equal 443, http.port
+    assert_equal '119.147.19.43', http.address
+    assert http.use_ssl?
+  end
+
 end

data/test/open_qq/signature_test.rb

@@ -44,4 +44,28 @@ class OpenQq::SignatureTest < MiniTest::Unit::TestCase
     assert_equal( 'o/nGo1QkVEiiN6Bqn/fRJtEJwLc=', @foo.signature("#{@appkey}&", source) )
   end
 
+  #测试用例通过http://wiki.open.qq.com/wiki/回调发货URL的协议说明_V3获得
+  def test_make_callback_source
+    params = 'openid=test001&appid=33758&ts=1328855301&payitem=323003*8*1&token=53227955F80B805B50FFB511E5AD51E025360&billno=-APPDJT18700-20120210-1428215572&version=v3&zoneid=1&providetype=0&amt=80&payamt_coins=20&pubacct_payamt_coins=10'
+    options = {}
+    params.split('&').each do |param|
+      param = param.split('=')
+      options[param.first] = param.last
+    end
+    expect = 'GET&%2Fcgi-bin%2Ftemp.py&amt%3D80%26appid%3D33758%26billno%3D%252DAPPDJT18700%252D20120210%252D1428215572%26openid%3Dtest001%26payamt_coins%3D20%26payitem%3D323003%2A8%2A1%26providetype%3D0%26pubacct_payamt_coins%3D10%26token%3D53227955F80B805B50FFB511E5AD51E025360%26ts%3D1328855301%26version%3Dv3%26zoneid%3D1'
+    assert_equal expect, @foo.make_callback_source(:GET, '/cgi-bin/temp.py', options)
+  end
+
+  def test_verify_sig
+    key = '12345f9a47df4d1eaeb3bad9a7e54321&'
+    sig = 'VvKwcaMqUNpKhx0XfCvOqPRiAnU%3D'
+    params = 'openid=test001&appid=33758&ts=1328855301&payitem=323003*8*1&token=53227955F80B805B50FFB511E5AD51E025360&billno=-APPDJT18700-20120210-1428215572&version=v3&zoneid=1&providetype=0&amt=80&payamt_coins=20&pubacct_payamt_coins=10'
+    options = {}
+    params.split('&').each do |param|
+      param = param.split('=')
+      options[param.first] = param.last
+    end
+    assert @foo.verify_sig(sig, key, :GET, '/cgi-bin/temp.py', options), 'Verify sig failure'
+  end
+
 end

data/test/open_qq_test.rb

@@ -13,7 +13,7 @@ class OpenQqTest < MiniTest::Unit::TestCase
 
   def teardown
     # Need setup back for the rest test
-    OpenQq.setup{|c| c.appid = 12345}
+    OpenQq.setup{|c| c.appid = 12345;c.appkey ='228bf094169a40a3bd188ba37ebe8723'}
   end
 
   def test_OpenQq_is_a_module
@@ -74,11 +74,32 @@ class OpenQqTest < MiniTest::Unit::TestCase
     assert_equal 2001, OpenQq.get('/v3/user/get_info', params).ret
   end
 
-  def test_start_wont_change_get_and_post_method
+  def test_call_wont_change_get_and_post_method
+    params  = { :openid => 1111, 'openkey' => '2222', :pf => :pengyou, :format => 'json' }
+    respond = OpenQq.call('/v3/user/get_info', @options){|r| r.get(params) }
+    assert_equal 'foo', OpenQq.get('/v3/user/get_info', params).nickname
+    assert_equal 'foo', respond.nickname
+  end
+
+  def test_call_has_alise_method_start
     params  = { :openid => 1111, 'openkey' => '2222', :pf => :pengyou, :format => 'json' }
     respond = OpenQq.start('/v3/user/get_info', @options){|r| r.get(params) }
     assert_equal 'foo', OpenQq.get('/v3/user/get_info', params).nickname
     assert_equal 'foo', respond.nickname
   end
 
+  def test_verify_callback_sig
+    key = '12345f9a47df4d1eaeb3bad9a7e54321'
+    params = 'openid=test001&appid=33758&ts=1328855301&payitem=323003*8*1&token=53227955F80B805B50FFB511E5AD51E025360&billno=-APPDJT18700-20120210-1428215572&version=v3&zoneid=1&providetype=0&amt=80&payamt_coins=20&pubacct_payamt_coins=10'
+    options = {:sig => 'VvKwcaMqUNpKhx0XfCvOqPRiAnU%3D'}
+    params.split('&').each do |param|
+      param = param.split('=')
+      options[param.first] = param.last
+    end
+    assert OpenQq.verify_callback_sig(:GET, '/cgi-bin/temp.py', options, key), 'Verify sig failure 1'
+    OpenQq.setup{|c| c.appkey = key }
+    assert OpenQq.verify_callback_sig(:GET, '/cgi-bin/temp.py', options), 'Verify sig failure 2'
+    assert OpenQq.verify_callback_sig(:get, '/cgi-bin/temp.py', options), 'Verify sig failure 3'
+  end
+
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: open_qq
 version: !ruby/object:Gem::Version
-  version: 3.0.1
+  version: 3.0.2
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-09-09 00:00:00.000000000 Z
+date: 2012-09-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -107,7 +107,7 @@ dependencies:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
-description: see http://open.qq.com/
+description: 腾讯开放平台ruby版SDK(v3版本)http://open.qq.com/
 email:
 - zshuaibin@gmail.com
 executables: []
@@ -118,6 +118,7 @@ files:
 - lib/generators/templates/open_qq.yml
 - lib/open_qq/error.rb
 - lib/open_qq/gateway.rb
+- lib/open_qq/rails/action_controller.rb
 - lib/open_qq/railtie.rb
 - lib/open_qq/request.rb
 - lib/open_qq/signature.rb