wechat-callback 0.3 → 0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: abe8b742f4d7992685d0be99900192815cf46f4f
-  data.tar.gz: e3f8689b852a2fb649e0d334498b983698982934
+  metadata.gz: ef105a6836e585949081a3fcf3a7de5b1b0f81e1
+  data.tar.gz: 2e6cb59a7cae41d9828772043df9a93fd0e937fa
 SHA512:
-  metadata.gz: 4b2588006ae7d1c992252d1cacaa220c5fd3ea6add64a003cff401851dae98b76461213e1f2830e6c0df206a7de03faaec2eae078a6cd70c6c86fe75a2e66319
-  data.tar.gz: 1d1d278dfdee0101ebc72da2d1be2171ae3d5485b187a04b1f211a59c683d2c62da3908f511e0d4f6d33b9d96a5df67c6d870cf95e4d279c1f276e5c000ad68a
+  metadata.gz: 0cfef766eb57bd9d01016c30a45976e35eb9003b1e10c6a0bf655b27f625f9f77b82910d61829bf4717030b043b8031c780e2a9395f331d3baea3d0844ef44bd
+  data.tar.gz: 5c87cb1b46cd6496ce808e4b1eba4c1788c6917a49f292c9af32a8c1ee063c58bc5b9c78df15984c516cefdac8ee1c7ae2af1d5b1e1ce06121e64c3d1a540229

data/.gitignore

@@ -1,6 +1,5 @@
 /.bundle/
 /.yardoc
-/Gemfile.lock
 /_yardoc/
 /coverage/
 /doc/

data/CHANGELOG.md

@@ -12,3 +12,12 @@
 ## v0.3
 1. Random Byte Array class
 2. Secure Message class
+
+## v0.4
+1. Improve the Message Decryption class for the argument validation
+2. Improve the Message Encryption class for the argument validation
+3. Improve the Message Signature class for the argument validation
+4. Improve the Random Byte Array class for the argument validation
+5. Improve the Secure Message class for the argument validation
+6. Improve the Signature class for the argument validation
+7. Improve the Xml Document class for the argument validation

data/Gemfile.lock

@@ -0,0 +1,35 @@
+PATH
+  remote: .
+  specs:
+    wechat-callback (0.4)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    diff-lcs (1.3)
+    rake (11.3.0)
+    rspec (3.5.0)
+      rspec-core (~> 3.5.0)
+      rspec-expectations (~> 3.5.0)
+      rspec-mocks (~> 3.5.0)
+    rspec-core (3.5.4)
+      rspec-support (~> 3.5.0)
+    rspec-expectations (3.5.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.5.0)
+    rspec-mocks (3.5.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.5.0)
+    rspec-support (3.5.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.11)
+  rake (~> 11.0)
+  rspec (~> 3.0)
+  wechat-callback!
+
+BUNDLED WITH
+   1.13.6

data/README.md

@@ -1,10 +1,22 @@
 # Wechat Callback 微信回调库
 
+[![Documentation](http://img.shields.io/badge/docs-rdoc.info-blue.svg)](http://www.rubydoc.info/gems/wechat-callback/frames)
 [![License](https://img.shields.io/badge/license-MIT-green.svg)](http://opensource.org/licenses/MIT)
+
 [![Gem Version](https://badge.fury.io/rb/wechat-callback.svg)](https://badge.fury.io/rb/wechat-callback)
+[![Dependency Status](https://gemnasium.com/badges/github.com/topbitdu/wechat-callback.svg)](https://gemnasium.com/github.com/topbitdu/wechat-callback)
 
 Wechat Callback Library is a code base to handle the callbacks from the Wechat servers.
-微信回调库用于微信主动向服务器传回事件通知、即时消息等。
+微信回调库用于处理微信主动向服务器传回事件通知、即时消息等。
+
+
+
+## Recent Update
+
+Check out the [Road Map](ROADMAP.md) to find out what's the next.
+Check out the [Change Log](CHANGELOG.md) to find out what's new.
+
+
 
 ## Installation
 
@@ -22,28 +34,88 @@ Or install it yourself as:
 
     $ gem install wechat-callback
 
+
+
 ## Usage
 
+__Gengerate Signature 生成参数签名__
 ```ruby
 signature = Wechat::Callback::Signature.create token, timestamp, nonce, text_1, text_2, text_3
+```
+
+__Generate Message Signature 生成消息题签名__
+```ruby
 message_signature = Wechat::Callback::MessageSignature.create encoded_message, token, timestamp, nonce
+```
 
+__Parse XML Text into Hash 将XML文本解析成Hash__
+```ruby
 xml_document = Wechat::Callback::XmlDocument.load '<xml><FromUserID>FUID</FromUserID></xml>'
-xml_text = Wechat::Callback::XmlDocument.create FromUserID: 'FUID', ToUserID: 'TUID' # <xml><FromUserID>FUID</FromUserID><ToUserID>TUID</ToUserID></xml>
 ```
 
+__Convert Hash into XML Text 将Hash转换成XML文本__
+```ruby
+xml_text = Wechat::Callback::XmlDocument.create FromUserID: 'FUID', ToUserID: 'TUID'
+```
+The generated xml_text looks like
+```xml
+<xml><FromUserID>FUID</FromUserID><ToUserID>TUID</ToUserID></xml>
+```
+
+
+
+__Real Example for handling Wechat Message for Rails__
+__微信上的“消息加解密方式”必须是“安全模式”，不能是“明文模式”或者“兼容模式”__
+```ruby
+if Wechat::Callback::Signature.create(wechat_token, timestamp, nonce)==params[:signature]
+  encoded_message = Wechat::Callback::XmlDocument.load(request.body.read)['Encrypt']
+  if Wechat::Callback::MessageSignature.create(encoded_message, Rails.application.secrets.wechat_validation_token, params[:timestamp], params[:nonce])==message_signature
+    message = Wechat::Callback::MessageDecryption.create encoded_message, Rails.application.secrets.wechat_encoding_aes_keys
+    random_bytes, xml_size, xml_text, app_id, padding_bytes = Wechat::Callback::SecureMessage.load message
+    if Rails.application.secrets.wechat_app_id==app_id
+      pairs = Wechat::Callback::XmlDocument.load xml_text
+      replying_pairs = {
+          'ToUserName'   => pairs['FromUserName'],
+          'FromUserName' => pairs['ToUserName'],
+          'CreateTime'   => Time.now.to_i,
+          'MsgType'      => 'text',
+          'Content'      => '您好！'
+        }
+      replying_xml_text = Wechat::Callback::XmlDocument.create replying_pairs
+
+      random_bytes       = Wechat::Callback::RandomByteArray.create 16
+      plain_text         = Wechat::Callback::SecureMessage.create random_bytes, replying_xml_text, Rails.application.secrets.wechat_app_id
+      encrypted          = Wechat::Callback::MessageEncryption.create plain_text, Rails.application.secrets.wechat_encoding_aes_keys
+      replying_singature = Wechat::Callback::Signature.create Rails.application.secrets.wechat_validation_token, params[:timestamp], params[:nonce], encrypted
+      encrypted_replying_pairs = {
+          'Encrypt'      => encrypted,
+          'MsgSignature' => replying_singature,
+          'TimeStamp'    => params[:timestamp],
+          'Nonce'        => params[:nonce]
+        }
+      replying_xml_text = Wechat::Callback::XmlDocument.create encrypted_replying_pairs
+      render status: 200, xml: replying_xml_text
+    end
+  end
+end
+```
+
+
+
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
 
 To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
 
+
+
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/topbitdu/wechat-callback. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
 
 
+
 ## License
 
 The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
-

data/ROADMAP.md

@@ -12,3 +12,12 @@
 ## v0.3
 1. Random Byte Array class
 2. Secure Message class
+
+## v0.4
+1. Improve the Message Decryption class for the argument validation
+2. Improve the Message Encryption class for the argument validation
+3. Improve the Message Signature class for the argument validation
+4. Improve the Random Byte Array class for the argument validation
+5. Improve the Secure Message class for the argument validation
+6. Improve the Signature class for the argument validation
+7. Improve the Xml Document class for the argument validation

data/_config.yml

@@ -0,0 +1 @@
+markdown: kramdown

data/bin/console

@@ -1,7 +1,7 @@
 #!/usr/bin/env ruby
 
-require "bundler/setup"
-require "wechat/callback"
+require 'bundler/setup'
+require 'wechat/callback'
 
 # You can add fixtures and/or initialization code here to make experimenting
 # with your gem easier. You can also use a different console, if you like.
@@ -10,5 +10,5 @@ require "wechat/callback"
 # require "pry"
 # Pry.start
 
-require "irb"
+require 'irb'
 IRB.start

data/lib/wechat/callback.rb

@@ -12,6 +12,5 @@ require 'wechat/callback/secure_message'
 
 module Wechat
   module Callback
-    # Your code goes here...
   end
 end

data/lib/wechat/callback/message_decryption.rb

@@ -1,5 +1,11 @@
+##
+# Message Decryption 是消息解密类。
+
 class Wechat::Callback::MessageDecryption
 
+  extend Wechat::Core::Common
+
+  ##
   # 消息加解密
   # http://mp.weixin.qq.com/wiki/6/90f7259c0d0739bbb41d9f4c4c8e59a2.html
   #
@@ -9,6 +15,9 @@ class Wechat::Callback::MessageDecryption
   #
   def self.create(encoded_message, encoded_aes_keys)
 
+    assert_present! :encoded_message,  encoded_message
+    assert_present! :encoded_aes_keys, encoded_aes_keys
+
     encrypted_message = Base64.decode64(encoded_message).bytes.inject('') do |buffer, byte| buffer += [ byte ].pack 'C' end
     aes_keys          = encoded_aes_keys.map { |encoded_aes_key| Base64.decode64 "#{encoded_aes_key}=" }
 

data/lib/wechat/callback/message_encryption.rb

@@ -1,5 +1,11 @@
+##
+# Message Encryption 是消息加密类。
+
 class Wechat::Callback::MessageEncryption
 
+  extend Wechat::Core::Common
+
+  ##
   # 消息加解密
   # http://mp.weixin.qq.com/wiki/6/90f7259c0d0739bbb41d9f4c4c8e59a2.html
   #
@@ -7,6 +13,9 @@ class Wechat::Callback::MessageEncryption
   # msg_encrypt=Base64_Encode(AES_Encrypt [random(16B)+ msg_len(4B) + msg + $AppId])
   def self.create(plain_text, encoded_aes_keys)
 
+    assert_present! :plain_text,       plain_text
+    assert_present! :encoded_aes_keys, encoded_aes_keys
+
     cipher = OpenSSL::Cipher::AES.new(256, 'CBC')
     cipher.encrypt
     cipher.padding = 0

data/lib/wechat/callback/message_signature.rb

@@ -1,5 +1,10 @@
+##
+# Message Signature 是消息签名类。
+
 class Wechat::Callback::MessageSignature
 
+  extend Wechat::Core::Common
+
   # 消息加解密 技术方案
   # http://mp.weixin.qq.com/wiki/6/90f7259c0d0739bbb41d9f4c4c8e59a2.html
   #
@@ -12,7 +17,14 @@ class Wechat::Callback::MessageSignature
   # nonce URL上原有参数，随机数
   #
   def self.create(encoded_message, token, timestamp, nonce)
-    Digest::SHA1.hexdigest [ token, timestamp, nonce, encoded_message ].sort.join('')
+
+    assert_present! :encoded_message, encoded_message
+    assert_present! :token,           token
+    assert_present! :timestamp,       timestamp
+    assert_present! :nonce,           nonce
+
+    Digest::SHA1.hexdigest [ token, timestamp, nonce, encoded_message ].sort.join
+
   end
 
 end

data/lib/wechat/callback/random_byte_array.rb

@@ -1,9 +1,20 @@
+##
+# Random Byte Array 用于生成指定长度的随机数组。
+
 class Wechat::Callback::RandomByteArray
 
+  extend Wechat::Core::Common
+
   LENGTH = 16
 
-  def self.create(length)
+  ##
+  # 常见一个指定长度的随机字节数组。
+  def self.create(length = LENGTH)
+
+    assert_present! :length, length
+
     [*0..255].sample length
+
   end
 
 end

data/lib/wechat/callback/secure_message.rb

@@ -1,16 +1,24 @@
+##
+# Secure Message 用于组合或者分解安全消息。
+
 class Wechat::Callback::SecureMessage
 
+  extend Wechat::Core::Common
+
   RANDOM_LENGTH   = 16
   XML_SIZE_LENGTH = 4
 
+  ##
   # 消息加解密
   # http://mp.weixin.qq.com/wiki/6/90f7259c0d0739bbb41d9f4c4c8e59a2.html
   #
   # random(16B) + msg_len(4B) + msg + $AppId + padding
-  # padding: AES采用CBC模式，秘钥长度为32个字节，数据采用PKCS#7填充；PKCS#7：K为秘钥字节数（采用32），buf为待加密的内容，N为其字节数。Buf需要被填充为K的整数倍。在buf的尾部填充(K-N%K)个字节，每个字节的内容是(K- N%K)； 
+  # padding: AES采用CBC模式，秘钥长度为32个字节，数据采用PKCS#7填充；PKCS#7：K为秘钥字节数（采用32），buf为待加密的内容，N为其字节数。Buf需要被填充为K的整数倍。在buf的尾部填充(K-N%K)个字节，每个字节的内容是(K- N%K)；
   # 去掉rand_msg头部的16个随机字节，4个字节的msg_len,和尾部的$AppId即为最终的xml消息体
   def self.load(message_decryption)
 
+    assert_present! :message_decryption, message_decryption
+
     random_bytes = message_decryption[0..(RANDOM_LENGTH-1)].bytes
     xml_size     = message_decryption[RANDOM_LENGTH..(RANDOM_LENGTH+XML_SIZE_LENGTH-1)].reverse.unpack('l').first
 
@@ -27,11 +35,16 @@ class Wechat::Callback::SecureMessage
 
   # 消息加解密
   # http://mp.weixin.qq.com/wiki/6/90f7259c0d0739bbb41d9f4c4c8e59a2.html
-  # 
+  #
   # random(16B) + msg_len(4B) + msg + $AppId + padding
-  # padding: AES采用CBC模式，秘钥长度为32个字节，数据采用PKCS#7填充；PKCS#7：K为秘钥字节数（采用32），buf为待加密的内容，N为其字节数。Buf需要被填充为K的整数倍。在buf的尾部填充(K-N%K)个字节，每个字节的内容是(K- N%K)； 
+  # padding: AES采用CBC模式，秘钥长度为32个字节，数据采用PKCS#7填充；PKCS#7：K为秘钥字节数（采用32），buf为待加密的内容，N为其字节数。Buf需要被填充为K的整数倍。在buf的尾部填充(K-N%K)个字节，每个字节的内容是(K- N%K)；
   # 去掉rand_msg头部的16个随机字节，4个字节的msg_len,和尾部的$AppId即为最终的xml消息体
   def self.create(random_bytes, xml_text, app_id)
+
+    assert_present! :random_bytes, random_bytes
+    assert_present! :xml_text,     xml_text
+    assert_present! :app_id,       app_id
+
     xml_size_bytes = [ xml_text.bytes.length ].pack('l').reverse.bytes
     buffer         = random_bytes+xml_size_bytes+xml_text.bytes+app_id.bytes
     padding_length = 32-buffer.length%32
@@ -40,6 +53,10 @@ class Wechat::Callback::SecureMessage
   end
 
   def self.byte_array_to_string(bytes)
+
+    assert_present! :bytes, bytes
+    #raise ArgumentError.new('The bytes argument is required.') if bytes.blank?
+
     bytes.inject('') do |buffer, byte| buffer += [ byte ].pack 'C' end
   end
 

data/lib/wechat/callback/signature.rb

@@ -1,5 +1,11 @@
+##
+# Singature 用于生成参数签名。
+
 class Wechat::Callback::Signature
 
+  extend Wechat::Core::Common
+
+  ##
   # 验证服务器地址的有效性
   # http://mp.weixin.qq.com/wiki/17/2d4265491f12608cd170a95559800f2d.html#.E7.AC.AC.E4.BA.8C.E6.AD.A5.EF.BC.9A.E9.AA.8C.E8.AF.81.E6.9C.8D.E5.8A.A1.E5.99.A8.E5.9C.B0.E5.9D.80.E7.9A.84.E6.9C.89.E6.95.88.E6.80.A7
   #
@@ -13,7 +19,13 @@ class Wechat::Callback::Signature
   # 3. 开发者获得加密后的字符串可与signature对比，标识该请求来源于微信
   #
   def self.create(token, timestamp, nonce, *args)
-    Digest::SHA1.hexdigest [ token, nonce, timestamp, *args ].sort.join('')
+
+    assert_present! :token,     token
+    assert_present! :timestamp, timestamp
+    assert_present! :nonce,     nonce
+
+    Digest::SHA1.hexdigest [ token, nonce, timestamp, *args ].sort.join
+
   end
 
 end

data/lib/wechat/callback/version.rb

@@ -1,5 +1,5 @@
 module Wechat
   module Callback
-    VERSION = '0.3'.freeze
+    VERSION = '0.4'.freeze
   end
 end

data/lib/wechat/callback/xml_document.rb

@@ -1,20 +1,34 @@
+##
+# XML Document 用于转换 Hash 格式的数据结构和 XML 文档。
+
 class Wechat::Callback::XmlDocument
 
+  extend Wechat::Core::Common
+
+  ##
   # 消息加解密 技术方案
   # http://mp.weixin.qq.com/wiki/6/90f7259c0d0739bbb41d9f4c4c8e59a2.html
   def self.load(xml_text)
+
+    assert_present! :xml_text, xml_text
+
     pairs = {}
-    ::Nokogiri::XML(xml_text).xpath('/xml').first.children.each do |element| pairs[element.name] = element.text end
+    Nokogiri::XML(xml_text).xpath('/xml').first.children.each do |element| pairs[element.name] = element.text end
     pairs
+
   end
 
   # 消息加解密 技术方案
   # http://mp.weixin.qq.com/wiki/6/90f7259c0d0739bbb41d9f4c4c8e59a2.html
   def self.create(pairs)
+
+    assert_present! :pairs, pairs
+
     xml = '<xml>'
     pairs.each do |name, value| xml << "<#{name}><![CDATA[#{value}]]></#{name}>" end
     xml << '</xml>'
     xml
+
   end
 
 end

data/wechat-callback.gemspec

@@ -4,16 +4,14 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'wechat/callback/version'
 
 Gem::Specification.new do |spec|
-
-  spec.name          = 'wechat-callback'
-  spec.version       = Wechat::Callback::VERSION
-  spec.authors       = [ 'Topbit Du' ]
-  spec.email         = [ 'topbit.du@gmail.com' ]
-
-  spec.summary       = %q{Wechat Callback Library}
-  spec.description   = %q{The Wechat Callback Library is a code base to handle the remote calls from the Wechat servers.}
-  spec.homepage      = "https://github.com/topbitdu/wechat-callback"
-  spec.license       = 'MIT'
+  spec.name        = 'wechat-callback'
+  spec.version     = Wechat::Callback::VERSION
+  spec.authors     = [ 'Topbit Du' ]
+  spec.email       = [ 'topbit.du@gmail.com' ]
+  spec.summary     = 'Wechat Callback Library 微信回调库'
+  spec.description = 'Wechat Callback Library is a code base to handle the remote calls from the Wechat servers. 微信回调库用于处理微信服务器发出的请求。'
+  spec.homepage    = 'https://github.com/topbitdu/wechat-callback'
+  spec.license     = 'MIT'
 
   # Prevent pushing this gem to RubyGems.org by setting 'allowed_push_host', or
   # delete this section to allow pushing this gem to any host.
@@ -29,9 +27,7 @@ Gem::Specification.new do |spec|
   spec.require_paths = [ 'lib' ]
 
   spec.add_development_dependency 'bundler', '~> 1.11'
-  spec.add_development_dependency 'rake', '~> 10.0'
-  spec.add_development_dependency 'rspec', '~> 3.0'
-
-  spec.add_dependency 'httpclient', '~> 2.7'
+  spec.add_development_dependency 'rake',    '~> 11.0'
+  spec.add_development_dependency 'rspec',   '~> 3.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: wechat-callback
 version: !ruby/object:Gem::Version
-  version: '0.3'
+  version: '0.4'
 platform: ruby
 authors:
 - Topbit Du
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2016-02-17 00:00:00.000000000 Z
+date: 2017-05-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '11.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '11.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -52,22 +52,8 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
-- !ruby/object:Gem::Dependency
-  name: httpclient
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.7'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.7'
-description: The Wechat Callback Library is a code base to handle the remote calls
-  from the Wechat servers.
+description: Wechat Callback Library is a code base to handle the remote calls from
+  the Wechat servers. 微信回调库用于处理微信服务器发出的请求。
 email:
 - topbit.du@gmail.com
 executables: []
@@ -80,10 +66,12 @@ files:
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - Gemfile
+- Gemfile.lock
 - LICENSE.txt
 - README.md
 - ROADMAP.md
 - Rakefile
+- _config.yml
 - bin/console
 - bin/setup
 - lib/wechat/callback.rb
@@ -116,8 +104,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5.1
+rubygems_version: 2.6.4
 signing_key: 
 specification_version: 4
-summary: Wechat Callback Library
+summary: Wechat Callback Library 微信回调库
 test_files: []