weixin_authorize_superayi 1.6.4

data/lib/weixin_authorize/api/oauth.rb

@@ -0,0 +1,50 @@
+# encoding: utf-8
+module WeixinAuthorize
+  module Api
+    module Oauth
+
+      # 网站应用微信登录授权URL
+      # 文档：http://t.cn/RyZVWEY
+      def qrcode_authorize_url(redirect_uri, scope="snsapi_login", state="web_wx_login")
+        uri = encode_url(redirect_uri)
+        WeixinAuthorize.open_endpoint("/connect/qrconnect?appid=#{app_id}&redirect_uri=#{uri}&response_type=code&scope=#{scope}&state=#{state}#wechat_redirect")
+      end
+
+      # 应用授权作用域: scope
+      # snsapi_base （不弹出授权页面，直接跳转，只能获取用户openid），
+      # snsapi_userinfo （弹出授权页面，可通过openid拿到昵称、性别、所在地。并且，即使在未关注的情况下，只要用户授权，也能获取其信息）
+      # default is snsapi_base
+      # state 重定向后会带上state参数，开发者可以填写a-zA-Z0-9的参数值
+
+      # 如果用户点击同意授权，页面将跳转至 redirect_uri/?code=CODE&state=STATE。若用户禁止授权，则重定向后不会带上code参数，仅会带上state参数redirect_uri?state=STATE
+      def authorize_url(redirect_uri, scope="snsapi_base", state="weixin")
+        uri = encode_url(redirect_uri)
+        WeixinAuthorize.open_endpoint("/connect/oauth2/authorize?appid=#{app_id}&redirect_uri=#{uri}&response_type=code&scope=#{scope}&state=#{state}#wechat_redirect")
+      end
+
+      # 首先请注意，这里通过code换取的网页授权access_token,与基础支持中的access_token不同。公众号可通过下述接口来获取网页授权access_token。如果网页授权的作用域为snsapi_base，则本步骤中获取到网页授权access_token的同时，也获取到了openid，snsapi_base式的网页授权流程即到此为止。
+
+      # 微信通过请求 #authorize_url 方法后，会返回一个code到redirect_uri中
+      def get_oauth_access_token(code)
+        WeixinAuthorize.http_get_without_token("/sns/oauth2/access_token?appid=#{app_id}&secret=#{app_secret}&code=#{code}&grant_type=authorization_code", {}, "api")
+      end
+
+      # refresh_token: 填写通过access_token获取到的refresh_token参数
+      def refresh_oauth2_token(refresh_token)
+        WeixinAuthorize.http_get_without_token("/sns/oauth2/refresh_token?appid=#{app_id}&grant_type=refresh_token&refresh_token=#{refresh_token}", {}, "api")
+      end
+
+      # 如果网页授权作用域为snsapi_userinfo，则此时开发者可以通过access_token和openid拉取用户信息了。
+      def get_oauth_userinfo(openid, oauth_token, lang="zh_CN")
+        WeixinAuthorize.http_get_without_token("/sns/userinfo?access_token=#{oauth_token}&openid=#{openid}&lang=#{lang}", {}, "api")
+      end
+
+      private
+
+        def encode_url(uri)
+          ERB::Util.url_encode(uri)
+        end
+
+    end
+  end
+end

data/lib/weixin_authorize/api/qrcode.rb

@@ -0,0 +1,53 @@
+# encoding: utf-8
+module WeixinAuthorize
+  module Api
+    module Qrcode
+    # http://mp.weixin.qq.com/wiki/index.php?title=生成带参数的二维码
+
+      # 临时二维码
+      def create_qr_scene(scene_id, expire_seconds=1800)
+        qrcode_infos = {action_name: "QR_SCENE", expire_seconds: expire_seconds}
+        qrcode_infos.merge!(action_info(scene_id))
+        http_post(qrcode_base_url, qrcode_infos)
+      end
+
+      # 永久二维码
+      # options: scene_id, scene_str
+      def create_qr_limit_scene(options)
+        scene_id = options[:scene_id]
+        qrcode_infos = {action_name: "QR_LIMIT_SCENE"}
+        qrcode_infos.merge!(action_info(scene_id))
+        http_post(qrcode_base_url, qrcode_infos)
+      end
+
+      # 为永久的字符串参数值
+      # options: scene_str
+      def create_qr_limit_str_scene(options)
+        scene_str = options[:scene_str]
+        qrcode_infos = {action_name: "QR_LIMIT_STR_SCENE"}
+        qrcode_infos.merge!(action_info(nil, scene_str))
+        http_post(qrcode_base_url, qrcode_infos)
+      end
+
+
+      # 通过ticket换取二维码, 直接访问即可显示！
+      def qr_code_url(ticket)
+        WeixinAuthorize.mp_endpoint("/showqrcode?ticket=#{ticket}")
+      end
+
+      private
+
+        def qrcode_base_url
+          "/qrcode/create"
+        end
+
+        def action_info(scene_id, scene_str=nil)
+          scene_info = {}
+          scene_info[:scene_id] = scene_id if !scene_id.nil?
+          scene_info[:scene_str] = scene_str if !scene_str.nil?
+          {action_info: {scene: scene_info}}
+        end
+
+    end
+  end
+end

data/lib/weixin_authorize/api/template.rb

@@ -0,0 +1,43 @@
+# encoding: utf-8
+module WeixinAuthorize
+  module Api
+    module Template
+
+      # 设置所属行业
+      # 需要选择公众账号服务所处的2个行业，每月可更改1次所选行业；
+      # 初始化行业时，传入两个，每月更改时，传入一个即可。
+      def set_template_industry(industry_id1, industry_id2="")
+        industries = {industry_id1: industry_id1}
+        if industry_id2 != ""
+          industries.merge!({industry_id2: industry_id2})
+        end
+        http_post("/template/api_set_industry", industries)
+      end
+
+      # 获得模板ID
+      # code: 模板库中模板的编号，有“TM**”和“OPENTMTM**”等形式
+      def add_template(code)
+        http_post("/template/api_add_template", template_id_short: code)
+      end
+
+      # 发送模板消息
+      def send_template_msg(touser, template_id, url, topcolor, data)
+        msg = {
+          touser: touser, template_id: template_id,
+          url: url, topcolor: topcolor, data: data
+        }
+        http_post("/message/template/send", msg)
+      end
+
+      # 发送模板消息(小程序)
+      def send_miniprogram_template_msg(touser, template_id, url, miniprogram, data)
+        msg = {
+          touser: touser, template_id: template_id,
+          url: url, miniprogram: miniprogram, data: data
+        }
+        http_post("/message/template/send", msg)
+      end
+
+    end
+  end
+end

data/lib/weixin_authorize/api/user.rb

@@ -0,0 +1,69 @@
+# encoding: utf-8
+module WeixinAuthorize
+  module Api
+    module User
+
+      # 获取用户基本信息
+      # https://api.weixin.qq.com/cgi-bin/user/info?access_token=ACCESS_TOKEN&openid=OPENID&lang=zh_CN
+      # lang: zh_CN, zh_TW, en
+      def user(openid, lang="zh_CN")
+        user_info_url = "#{user_base_url}/info"
+        http_get(user_info_url, {openid: openid, lang: lang})
+      end
+
+      # 批量获取用户基本信息
+      # https://api.weixin.qq.com/cgi-bin/user/info/batchget?access_token=ACCESS_TOKEN
+      # POST数据格式：JSON
+      # POST数据例子：
+        # {
+        #   "user_list": [
+        #     {
+        #       "openid": "otvxTs4dckWG7imySrJd6jSi0CWE",
+        #       "lang": "zh-CN"
+        #     },
+        #     {
+        #       "openid": "otvxTs_JZ6SEiP0imdhpi50fuSZg",
+        #       "lang": "zh-CN"
+        #     }
+        #   ]
+        # }
+      def users(user_list)
+        user_info_batchget_url = "#{user_base_url}/info/batchget"
+        post_body = user_list
+        http_post(user_info_batchget_url, post_body)
+      end
+
+      # 获取关注者列表
+      # https://api.weixin.qq.com/cgi-bin/user/get?access_token=ACCESS_TOKEN&next_openid=NEXT_OPENID
+      def followers(next_openid="")
+        followers_url = "#{user_base_url}/get"
+        http_get(followers_url, {next_openid: next_openid})
+      end
+
+      # 设置备注名
+      # http请求方式: POST（请使用https协议）
+      # https://api.weixin.qq.com/cgi-bin/user/info/updateremark?access_token=ACCESS_TOKEN
+      # POST数据格式：JSON
+      # POST数据例子：
+      # {
+      #   "openid":"oDF3iY9ffA-hqb2vVvbr7qxf6A0Q",
+      #   "remark":"pangzi"
+      # }
+      def update_remark(openid, remark)
+        update_url = "/user/info/updateremark"
+        post_body = {
+          openid: openid,
+          remark: remark
+        }
+        http_post(update_url, post_body)
+      end
+
+      private
+
+        def user_base_url
+          "/user"
+        end
+
+    end
+  end
+end

data/lib/weixin_authorize/api.rb

@@ -0,0 +1,3 @@
+Dir["#{File.dirname(__FILE__)}/api/*.rb"].each do |path|
+  require path
+end

data/lib/weixin_authorize/carrierwave/weixin_uploader.rb

@@ -0,0 +1,4 @@
+module WeixinAuthorize
+  class WeixinUploader < CarrierWave::Uploader::Base
+  end
+end

data/lib/weixin_authorize/client.rb

@@ -0,0 +1,95 @@
+# encoding: utf-8
+require "monitor"
+require "redis"
+require 'digest/md5'
+module WeixinAuthorize
+
+  class Client
+
+    include MonitorMixin
+
+    include Api::User
+    include Api::Menu
+    include Api::Custom
+    include Api::Groups
+    include Api::Qrcode
+    include Api::Media
+    include Api::Mass
+    include Api::Oauth
+    include Api::Template
+
+    attr_accessor :app_id, :app_secret, :expired_at # Time.now + expires_in
+    attr_accessor :access_token, :redis_key, :custom_access_token
+    attr_accessor :jsticket, :jsticket_expired_at, :jsticket_redis_key
+
+    # options: redis_key, custom_access_token
+    def initialize(app_id, app_secret, options={})
+      @app_id = app_id
+      @app_secret = app_secret
+      @jsticket_expired_at = @expired_at = Time.now.to_i
+      @redis_key = security_redis_key(options[:redis_key] || "weixin_#{app_id}")
+      @jsticket_redis_key = security_redis_key("js_sdk_#{app_id}")
+      @custom_access_token = options[:custom_access_token]
+      super() # Monitor#initialize
+    end
+
+    # return token
+    def get_access_token
+      return custom_access_token if !custom_access_token.nil?
+      synchronize{ token_store.access_token }
+    end
+
+    # 检查appid和app_secret是否有效。
+    def is_valid?
+      return true if !custom_access_token.nil?
+      token_store.valid?
+    end
+
+    def token_store
+      Token::Store.init_with(self)
+    end
+
+    def jsticket_store
+      JsTicket::Store.init_with(self)
+    end
+
+    def get_jsticket
+      jsticket_store.jsticket
+    end
+
+    # 获取js sdk 签名包
+    def get_jssign_package(url)
+      timestamp = Time.now.to_i
+      noncestr = SecureRandom.hex(16)
+      str = "jsapi_ticket=#{get_jsticket}&noncestr=#{noncestr}&timestamp=#{timestamp}&url=#{url}";
+      signature = Digest::SHA1.hexdigest(str)
+      {
+        "appId"     => app_id,    "nonceStr"  => noncestr,
+        "timestamp" => timestamp, "url"       => url,
+        "signature" => signature, "rawString" => str
+      }
+    end
+
+    # 暴露出：http_get,http_post两个方法，方便第三方开发者扩展未开发的微信API。
+    def http_get(url, url_params={}, endpoint="plain")
+      url_params = url_params.merge(access_token_param)
+      WeixinAuthorize.http_get_without_token(url, url_params, endpoint)
+    end
+
+    def http_post(url, post_body={}, url_params={}, endpoint="plain")
+      url_params = access_token_param.merge(url_params)
+      WeixinAuthorize.http_post_without_token(url, post_body, url_params, endpoint)
+    end
+
+    private
+
+      def access_token_param
+        {access_token: get_access_token}
+      end
+
+      def security_redis_key(key)
+        Digest::MD5.hexdigest(key.to_s).upcase
+      end
+
+  end
+end

data/lib/weixin_authorize/config.rb

@@ -0,0 +1,35 @@
+module WeixinAuthorize
+
+  class << self
+
+    attr_accessor :config
+
+    def configure
+      yield self.config ||= Config.new
+    end
+
+    def weixin_redis
+      return nil if config.nil?
+      @redis ||= config.redis
+    end
+
+    def key_expired
+      config.key_expired rescue 100
+    end
+
+    # 可选配置: RestClient timeout, etc.
+    # key 必须是符号
+    # 如果出现 RestClient::SSLCertificateNotVerified Exception: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
+    # 这个错，除了改 verify_ssl: true，请参考：http://www.extendi.it/blog/2015/5/23/47-sslv3-read-server-certificate-b-certificate-verify-failed
+    def rest_client_options
+      if config.nil?
+        return {timeout: 5, open_timeout: 5, verify_ssl: true}
+      end
+      config.rest_client_options
+    end
+  end
+
+  class Config
+    attr_accessor :redis, :rest_client_options, :key_expired
+  end
+end

data/lib/weixin_authorize/handler/exceptions.rb

@@ -0,0 +1,5 @@
+# encoding: utf-8
+module WeixinAuthorize
+  class ValidAccessTokenException < RuntimeError;end
+  class MediaTypeException < RuntimeError;end
+end

data/lib/weixin_authorize/handler/global_code.rb

@@ -0,0 +1,127 @@
+# encoding: utf-8
+module WeixinAuthorize
+
+  GLOBAL_CODES = {
+    -1    => "系统繁忙",
+    0     => "请求成功",
+    40001 => "获取access_token时AppSecret错误，或者access_token无效",
+    40002 => "不合法的凭证类型",
+    40003 => "不合法的OpenID",
+    40004 => "不合法的媒体文件类型",
+    40005 => "不合法的文件类型",
+    40006 => "不合法的文件大小",
+    40007 => "不合法的媒体文件id",
+    40008 => "不合法的消息类型",
+    40009 => "不合法的图片文件大小",
+    40010 => "不合法的语音文件大小",
+    40011 => "不合法的视频文件大小",
+    40012 => "不合法的缩略图文件大小",
+    40013 => "不合法的APPID",
+    40014 => "不合法的access_token",
+    40015 => "不合法的菜单类型",
+    40016 => "不合法的按钮个数",
+    40017 => "不合法的按钮个数",
+    40018 => "不合法的按钮名字长度",
+    40019 => "不合法的按钮KEY长度",
+    40020 => "不合法的按钮URL长度",
+    40021 => "不合法的菜单版本号",
+    40022 => "不合法的子菜单级数",
+    40023 => "不合法的子菜单按钮个数",
+    40024 => "不合法的子菜单按钮类型",
+    40025 => "不合法的子菜单按钮名字长度",
+    40026 => "不合法的子菜单按钮KEY长度",
+    40027 => "不合法的子菜单按钮URL长度",
+    40028 => "不合法的自定义菜单使用用户",
+    40029 => "不合法的oauth_code",
+    40030 => "不合法的refresh_token",
+    40031 => "不合法的openid列表",
+    40032 => "不合法的openid列表长度",
+    40033 => "不合法的请求字符，不能包含xxxx格式的字符",
+    40035 => "不合法的参数",
+    40038 => "不合法的请求格式",
+    40039 => "不合法的URL长度",
+    40050 => "不合法的分组id",
+    40051 => "分组名字不合法",
+    41001 => "缺少access_token参数",
+    41002 => "缺少appid参数",
+    41003 => "缺少refresh_token参数",
+    41004 => "缺少secret参数",
+    41005 => "缺少多媒体文件数据",
+    41006 => "缺少media_id参数",
+    41007 => "缺少子菜单数据",
+    41008 => "缺少oauth code",
+    41009 => "缺少openid",
+    42001 => "access_token超时",
+    42002 => "refresh_token超时",
+    42003 => "oauth_code超时",
+    43001 => "需要GET请求",
+    43002 => "需要POST请求",
+    43003 => "需要HTTPS请求",
+    43004 => "需要接收者关注",
+    43005 => "需要好友关系",
+    44001 => "多媒体文件为空",
+    44002 => "POST的数据包为空",
+    44003 => "图文消息内容为空",
+    44004 => "文本消息内容为空",
+    45001 => "多媒体文件大小超过限制",
+    45002 => "消息内容超过限制",
+    45003 => "标题字段超过限制",
+    45004 => "描述字段超过限制",
+    45005 => "链接字段超过限制",
+    45006 => "图片链接字段超过限制",
+    45007 => "语音播放时间超过限制",
+    45008 => "图文消息超过限制",
+    45009 => "接口调用超过限制",
+    45010 => "创建菜单个数超过限制",
+    45015 => "回复时间超过限制",
+    45016 => "系统分组，不允许修改",
+    45017 => "分组名字过长",
+    45018 => "分组数量超过上限",
+    46001 => "不存在媒体数据",
+    46002 => "不存在的菜单版本",
+    46003 => "不存在的菜单数据",
+    46004 => "不存在的用户",
+    47001 => "解析JSON/XML内容错误",
+    48001 => "api功能未授权",
+    50001 => "用户未授权该api",
+    50002 => "用户受限，可能是违规后接口被封禁",
+    61451 => "参数错误(invalid parameter)",
+    61452 => "无效客服账号(invalid kf_account)",
+    61453 => "客服帐号已存在(kf_account exsited)",
+    61454 => "客服帐号名长度超过限制(仅允许10个英文字符，不包括@及@后的公众号的微信号)(invalid kf_acount length)",
+    61455 => "客服帐号名包含非法字符(仅允许英文+数字)(illegal character in kf_account)",
+    61456 => "客服帐号个数超过限制(10个客服账号)(kf_account count exceeded)",
+    61457 => "无效头像文件类型(invalid file type)",
+    61450 => "系统错误(system error)",
+    61500 => "日期格式错误",
+    61501 => "日期范围错误",
+    9001001 => "POST数据参数不合法",
+    9001002 => "远端服务不可用",
+    9001003 => "Ticket不合法",
+    9001004 => "获取摇周边用户信息失败",
+    9001005 => "获取商户信息失败",
+    9001006 => "获取OpenID失败",
+    9001007 => "上传文件缺失",
+    9001008 => "上传素材的文件类型不合法",
+    9001009 => "上传素材的文件尺寸不合法",
+    9001010 => "上传失败",
+    9001020 => "帐号不合法",
+    9001021 => "已有设备激活率低于50%，不能新增设备",
+    9001022 => "设备申请数不合法，必须为大于0的数字",
+    9001023 => "已存在审核中的设备ID申请",
+    9001024 => "一次查询设备ID数量不能超过50",
+    9001025 => "设备ID不合法",
+    9001026 => "页面ID不合法",
+    9001027 => "页面参数不合法",
+    9001028 => "一次删除页面ID数量不能超过10",
+    9001029 => "页面已应用在设备中，请先解除应用关系再删除",
+    9001030 => "一次查询页面ID数量不能超过50",
+    9001031 => "时间区间不合法",
+    9001032 => "保存设备与页面的绑定关系参数错误",
+    9001033 => "门店ID不合法",
+    9001034 => "设备备注信息过长",
+    9001035 => "设备申请参数不合法",
+    9001036 => "查询起始值begin不合法"
+  }unless defined?(GLOBAL_CODES)
+
+end

data/lib/weixin_authorize/handler/result_handler.rb

@@ -0,0 +1,52 @@
+# encoding: utf-8
+module WeixinAuthorize
+
+  class ResultHandler
+
+    attr_accessor :code, :cn_msg, :en_msg, :result
+
+    def initialize(code, en_msg, result={})
+      @code   = code   || OK_CODE
+      @en_msg = en_msg || OK_MSG
+      @cn_msg = GLOBAL_CODES[@code.to_i]
+      @result = package_result(result)
+    end
+
+    # This method is to valid the current request if is true or is false
+    def is_ok?
+      code == OK_CODE
+    end
+    alias_method :ok?, :is_ok?
+
+    # e.g.:
+    # 45009: api freq out of limit(接口调用超过限制)
+    def full_message
+      "#{code}: #{en_msg}(#{cn_msg})."
+    end
+    alias_method :full_messages, :full_message
+
+    def full_error_message
+      full_message if !is_ok?
+    end
+    alias_method :full_error_messages, :full_error_message
+    alias_method :errors, :full_error_message
+
+    private
+
+      # if define Rails constant
+      # result = WeixinAuthorize::ResultHandler.new("0", "success", {:ok => "true"})
+      # result.result["ok"] #=> true
+      # result.result[:ok] #=> true
+      # result.result['ok'] #=> true
+      def package_result(result)
+        return result if !result.is_a?(Hash)
+        if defined?(Rails)
+          ActiveSupport::HashWithIndifferentAccess.new(result)
+        else
+          result
+        end
+      end
+
+  end
+
+end

data/lib/weixin_authorize/handler.rb

@@ -0,0 +1,3 @@
+require "weixin_authorize/handler/global_code"
+require "weixin_authorize/handler/result_handler"
+require "weixin_authorize/handler/exceptions"

data/lib/weixin_authorize/js_ticket/object_store.rb

@@ -0,0 +1,21 @@
+module WeixinAuthorize
+  module JsTicket
+    class ObjectStore < Store
+
+      def jsticket_expired?
+        # 如果当前token过期时间小于现在的时间，则重新获取一次
+        client.jsticket_expired_at <= Time.now.to_i
+      end
+
+      def jsticket
+        super
+        client.jsticket
+      end
+
+      def refresh_jsticket
+        super
+      end
+
+    end
+  end
+end

data/lib/weixin_authorize/js_ticket/redis_store.rb

@@ -0,0 +1,41 @@
+module WeixinAuthorize
+  module JsTicket
+    class RedisStore < Store
+      JSTICKET = "jsticket"
+      EXPIRED_AT = "expired_at"
+
+      def jsticket_expired?
+        weixin_redis.hvals(client.jsticket_redis_key).empty?
+      end
+
+      def refresh_jsticket
+        super
+        weixin_redis.hmset(
+          client.jsticket_redis_key,
+          JSTICKET,
+          client.jsticket,
+          EXPIRED_AT,
+          client.jsticket_expired_at
+        )
+        weixin_redis.expireat(
+          client.jsticket_redis_key,
+          client.jsticket_expired_at.to_i
+        )
+      end
+
+      def jsticket
+        super
+        client.jsticket = weixin_redis.hget(client.jsticket_redis_key, JSTICKET)
+        client.jsticket_expired_at = weixin_redis.hget(
+          client.jsticket_redis_key,
+          EXPIRED_AT
+        )
+        client.jsticket
+      end
+
+      def weixin_redis
+        WeixinAuthorize.weixin_redis
+      end
+    end
+  end
+end

data/lib/weixin_authorize/js_ticket/store.rb

@@ -0,0 +1,40 @@
+# encoding: utf-8
+module WeixinAuthorize
+  module JsTicket
+    class Store
+
+      attr_accessor :client
+
+      def initialize(client)
+        @client = client
+      end
+
+      def self.init_with(client)
+        if WeixinAuthorize.weixin_redis.nil?
+          ObjectStore.new(client)
+        else
+          RedisStore.new(client)
+        end
+      end
+
+      def jsticket_expired?
+        raise NotImplementedError, "Subclasses must implement a jsticket_expired? method"
+      end
+
+      def refresh_jsticket
+        set_jsticket
+      end
+
+      def jsticket
+        refresh_jsticket if jsticket_expired?
+      end
+
+      def set_jsticket
+        result = client.http_get("/ticket/getticket", {type: 1}).result
+        client.jsticket = result["ticket"]
+        client.jsticket_expired_at = WeixinAuthorize.calculate_expire(result["expires_in"])
+      end
+
+    end
+  end
+end

data/lib/weixin_authorize/token/object_store.rb

@@ -0,0 +1,25 @@
+# encoding: utf-8
+module WeixinAuthorize
+  module Token
+    class ObjectStore < Store
+
+      def valid?
+        super
+      end
+
+      def token_expired?
+        # 如果当前token过期时间小于现在的时间，则重新获取一次
+        client.expired_at <= Time.now.to_i
+      end
+
+      def refresh_token
+        super
+      end
+
+      def access_token
+        super
+        client.access_token
+      end
+    end
+  end
+end