xi_wechat_corp 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: a668aecce2c27bf2ecf30019fe33a0a7e03778a9
+  data.tar.gz: 99ea5c52fe837b0e3dc317de78325a6e01566ba6
+SHA512:
+  metadata.gz: 3257dd7d6467d516ba196d8be07f635bf826d6dacfd6d77c17ad21c038b67fdc12c9804ac4d53cd9323f23eb57108d0406788151ea23cc0cd815d43c7f46d059
+  data.tar.gz: 4496688d3f9aa96234d5f538e1d6b69013e44995a924bb8eb1d037109b77292900822f9d04b5da4ec885376d8a27dc92c73a1ce540549c1f9de5a27153c32f64

data/.gitignore

@@ -0,0 +1,14 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in xi_wechat_corp.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2015 Ian Yang
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,86 @@
+# XiWechatCorp
+
+Toolkits for Tencent Wechat Corp development
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'xi_wechat_corp'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install xi_wechat_corp
+
+## Usage
+
+### Rack Middleware
+
+    use XiWechatCorp::Callback::Rack do |request|
+      corp_id 'wx1234'
+      if request.path_info == '/wechat'
+        token 'secret'
+        aes_key 'secret'
+      elsif request.path_info == '/another'
+        token 'secret'
+        aes_key 'secret'
+      end
+    end
+
+The middleware is enabled for requests when `corp_id`, `token` and `aes_key`
+are all configured.
+
+The `GET` request is handled by the middleware directly. Just implement the
+logic for `POST` requests. All post params can be get through rack env
+`xi_wechat_corp.params`, including decrypted params. The handler just return
+the plain XML, The middleware will encrypt response and sign it.
+
+### Handle Callback Manually
+
+Verify and decrypt Request
+
+    cryptor = XiWechatCorp::AesCrypt.new(aes_key, corp_id)
+    signer = XiWechatCorp::SHA1Signer.new(token)
+    request = XiWechatCorp::Callback::Request.new(cryptor, signer, query_params, xml_body)
+    request.verify!
+
+    # Get decrypted echostr for GET
+    request.challenge
+
+    # Decrypt Encrypt field for POST
+    request.decrypt
+
+    # Pack response
+    response = request.build_response
+    response.assign(xml_response)
+    response.to_s
+
+### API
+
+    conn = XiWechatCorp::Client::Connection.new    
+    conn.get_access_token(corp_id, secret)
+    conn.post(
+      'message/send', 
+      touser: 'UserID1|UserID2|UserID3',
+      toparty: ' PartyID1 | PartyID2 ',
+      totag: ' TagID1 | TagID2 ',
+      touser: 'user1|user2',
+      msgtype: 'text',
+      agentid: '1',
+      text: {
+        content: 'Holiday Request for Pony'
+      },
+      safe: 0
+    )
+
+## Contributing
+
+1. Fork it ( https://github.com/3pjgames/xi_wechat_corp/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/Rakefile

@@ -0,0 +1,9 @@
+require "bundler/gem_tasks"
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+end
+
+task :default => [:test]

data/lib/xi_wechat_corp/aes_crypt.rb

@@ -0,0 +1,77 @@
+require 'securerandom'
+require 'base64'
+require_relative 'error'
+require_relative 'pkcs7_encoder'
+
+module XiWechatCorp
+  class AesCrypt
+    PKCS7 = PKCS7Encoder.new
+
+    def initialize(aes_key, corp_id)
+      @aes_key = decode64(aes_key + '=')
+      raise ArgumentError if @aes_key.size != 32
+      @corp_id = corp_id
+    end
+
+    def encrypt(text)
+      encode64 cipher_encrypt pad pack text
+    end
+
+    def decrypt(text)
+      unpack unpad cipher_decrypt decode64 text
+    end
+
+    def pack(text)
+      [
+        SecureRandom.random_bytes(16),
+        [text.bytesize].pack('N'),
+        text,
+        @corp_id
+      ].join('')
+    end
+
+    def unpack(text)
+      size, corp_id = text.unpack('@16Na*')
+      output = corp_id.slice!(0, size)
+
+      raise InvalidCorpIDError.new(corp_id) if corp_id != @corp_id
+      output
+    end
+
+    def pad(text)
+      PKCS7.encode(text)
+    end
+
+    def unpad(text)
+      PKCS7.decode(text)
+    end
+
+    def encode64(text)
+      Base64.strict_encode64(text)
+    end
+
+    def decode64(text)
+      Base64.decode64(text)
+    end
+
+    def cipher_encrypt(text)
+      cipher(:encrypt, text)
+    end
+
+    def cipher_decrypt(text)
+      cipher(:decrypt, text)
+    end
+
+    private
+
+    def cipher(action, text)
+      cipher = OpenSSL::Cipher::AES.new(256, :CBC)
+      cipher.send action
+      cipher.padding = 0
+      cipher.key = @aes_key
+      cipher.iv = @aes_key[0...16]
+      cipher.update(text) + cipher.final
+    end
+  end
+end
+

data/lib/xi_wechat_corp/api/access_token.rb

@@ -0,0 +1,42 @@
+module XiWechatCorp
+  module API
+    class AccessToken
+      # Leave 5 minutes buffer
+      EXPIRE_SECONDS = 7200 - 300
+
+      attr_reader :token
+      attr_reader :expired_at
+
+      def initialize(token = nil, expired_at = nil)
+        assign(token, expired_at)
+      end
+
+      def assign(token, expired_at = nil)
+        @token = token.to_s
+        if !@token.empty?
+          @expired_at = expired_at || (token.respond_to?(:expired_at) ? token.expired_at : Time.now.to_i + EXPIRE_SECONDS)
+        else
+          @expired_at = 0
+        end
+      end
+
+      alias_method :refresh, :assign
+
+      def present?
+        @token.size > 0
+      end
+
+      def expired?
+        @token.empty? || @expired_at < Time.now.to_i
+      end
+
+      def valid?
+        !expired?
+      end
+
+      def to_s
+        @token
+      end
+    end
+  end
+end

data/lib/xi_wechat_corp/api/connection.rb

@@ -0,0 +1,99 @@
+require 'faraday'
+require 'faraday_middleware'
+require_relative 'access_token'
+
+module XiWechatCorp
+  module API
+    Error = Faraday::Error
+    class ClientError < Faraday::ClientError
+      def initialize(response)
+        @response = response
+        message = response ? response.values_at('errcode', 'errmsg').compact.join(' ')  : nil
+        super(message)
+      end
+    end
+
+    class RaiseClientError < Faraday::Response::Middleware
+      def parse(body)
+        raise ClientError.new(body) if body.nil? || body.key?('errcode')
+        body
+      end
+    end
+
+    class Connection < Faraday::Connection
+      ENDPOINT = 'https://qyapi.weixin.qq.com/cgi-bin'
+
+      BUILDER = Faraday::RackBuilder.new do |builder|
+        builder.request :json
+        builder.use RaiseClientError
+        builder.response :json
+        builder.response :raise_error
+        builder.adapter Faraday.default_adapter
+      end
+
+      ACCESS_TOKEN_MISSING = [41001, 'Access token is missing']
+      ACCESS_TOKEN_EXPIRED = [40014, 'Access token is expired']
+
+      # Accepts all options supported by Faraday::Connection, as well as:
+      #
+      # -   access_token [AccessToken|String] already acquired access token
+      # -   corp_id
+      # -   secret 
+      #
+      # When both corp_id and secret are specified, access token is fetched and
+      # refreshed automatically.
+      def initialize(options = {}, &block)
+        token = options.delete(:access_token)
+        token = options[:params][:access_token] if token.nil? && options.key?(:params)
+        @access_token = AccessToken.new(options.delete(:access_token))
+
+        @corp_id = options.delete(:corp_id)
+        @secret = options.delete(:secret)
+
+        super(ENDPOINT, { builder: BUILDER }.merge(options), &block)
+      end
+
+      extend Forwardable
+      def_delegator :@access_token, :assign, :access_token=
+
+      def get_access_token(corp_id = nil, secret = nil)
+        @corp_id = corp_id unless corp_id.nil?
+        @secret = secret unless secret.nil?
+        resp = get('gettoken', corpid: @corp_id, corpsecret: @secret)
+        @access_token.assign(resp.body['access_token'])
+        @access_token
+      end
+
+      alias_method :auth, :get_access_token
+
+      def run_request(method, url, body, headers, &block)
+        set_access_token_in_params unless url == 'gettoken'
+        super(method, url, body, headers, &block)
+      end
+
+      private
+      def can_get_access_token?
+        !@corp_id.nil? && !@secret.nil?
+      end
+
+      def error!(code, msg)
+        raise ClientError.new('errcode' => code, 'errmsg' => msg)
+      end
+
+      def set_access_token_in_params
+        if @access_token.expired?
+          if can_get_access_token?
+            get_access_token
+          elsif @access_token.present?
+            error!(*ACCESS_TOKEN_EXPIRED)
+          else
+            error!(*ACCESS_TOKEN_MISSING)
+          end
+        end
+
+        params['access_token'] = @access_token
+      end
+    end
+  end
+end
+

data/lib/xi_wechat_corp/api.rb

@@ -0,0 +1,2 @@
+require 'xi_wechat_corp/api/access_token'
+require 'xi_wechat_corp/api/connection'

data/lib/xi_wechat_corp/callback/config.rb

@@ -0,0 +1,45 @@
+require 'rack/utils'
+require 'xi_wechat_corp/sha1_signer'
+require 'xi_wechat_corp/aes_crypt'
+require_relative 'request'
+
+module XiWechatCorp
+  module Callback
+    class Config
+      include Rack::Utils
+
+      class Credentials
+        def corp_id(v = nil)
+          v.nil? ? @corp_id : (@corp_id = v)
+        end
+        def token(v = nil)
+          v.nil? ? @token : (@token = v)
+        end
+        def aes_key(v = nil)
+          v.nil? ? @aes_key : (@aes_key = v)
+        end
+
+        def configured?
+          @corp_id && @token && @aes_key
+        end
+      end
+
+      def configure(&block)
+        @block = block
+        self
+      end
+
+      def build_request(rack_request)
+        return if @block.nil?
+        credentials = Credentials.new
+        credentials.instance_exec(rack_request, &@block)
+        if credentials.configured?
+          cryptor = AesCrypt.new(credentials.aes_key, credentials.corp_id)
+          signer = SHA1Signer.new(credentials.token)
+          query_params = parse_query(rack_request.query_string)
+          Request.new(cryptor, signer, query_params, rack_request.body)
+        end
+      end
+    end
+  end
+end

data/lib/xi_wechat_corp/callback/rack.rb

@@ -0,0 +1,63 @@
+require 'rack/utils'
+require 'xi_wechat_corp'
+require 'xi_wechat_corp/error'
+require_relative 'request'
+require_relative 'response'
+require_relative 'config'
+
+module XiWechatCorp
+  module Callback
+    class Rack
+      include ::Rack::Utils
+      CONTENT_TYPE = 'text/html; charset=utf-8'
+
+      def initialize(app, &block)
+        @app = app
+        @config = Config.new.configure(&block)
+      end
+
+      def call(env)
+        rack_request = ::Rack::Request.new(env)
+        if (rack_request.get? || rack_request.post?) &&
+            (request = @config.build_request(rack_request))
+          request.verify!
+          if rack_request.get?
+            ::Rack::Response.new([request.challenge]).finish
+          else
+            request.decrypt
+            env['xi_wechat_corp.params'] = request.params
+            status, headers, body = @app.call(env)
+            rack_response = ::Rack::Response.new([], status, headers)
+            if rack_response.successful?
+              response = request.build_response(read_body(body))
+              xml = response.to_s
+              if !xml.empty?
+                rack_response['Content-Type'] = CONTENT_TYPE
+                rack_response.write xml
+              end
+              rack_response.finish
+            else
+              [status, headers, body]
+            end
+          end
+        else
+          @app.call(env)
+        end
+      rescue XiWechatCorp::Error => e
+        if XiWechatCorp.logger
+          XiWechatCorp.logger.error(e.message)
+        end 
+        [403, {}, []]
+      end
+
+      def read_body(body)
+        ret = ''
+        body.each do |str|
+          ret << str
+        end
+        body.close if body.respond_to?(:close)
+        ret
+      end
+    end
+  end
+end

data/lib/xi_wechat_corp/callback/request.rb

@@ -0,0 +1,82 @@
+require 'multi_xml'
+require_relative 'response'
+
+module XiWechatCorp
+  module Callback
+    class Request
+      SIGN_PARAMS = %w(timestamp nonce echostr Encrypt)
+
+      attr_reader :params
+
+      def initialize(cryptor, signer, query_params = {}, xml = nil)
+        @cryptor = cryptor
+        @signer = signer
+        assign(query_params, xml)
+      end
+      
+      def build_response(xml = nil)
+        Response.new(@cryptor, @signer, xml)
+      end
+
+      def assign(query_params, xml = nil)
+        body_params = xml ? parse_xml(xml) : {}
+        @params = body_params.merge(query_params)
+      end
+
+      def [](key)
+        @params[key.to_s]
+      end
+
+      def key?(key)
+        @params.key?(key.to_s)
+      end
+
+      def verify
+        signature = @params['msg_signature']
+        signature && signature == @signer.sign(*@params.values_at(*SIGN_PARAMS))
+      end
+      
+      def verify!
+        raise SignatureVerificationError unless verify
+      end
+
+      def challenge?
+        key?('echostr')
+      end
+
+      def challenge
+        @cryptor.decrypt(@params['echostr'])
+      end
+
+      def decryptable?
+        key?('Encrypt')
+      end
+
+      def decrypt
+        if decryptable?
+          @params.merge!(parse_xml(@cryptor.decrypt(@params['Encrypt'])))
+        end
+        @params
+      end
+
+      def corp_id
+        @params['ToUserName']
+      end
+
+      def agent_id
+        @params['AgentID']
+      end
+
+      private
+
+      def parse_xml(xml)
+        node = MultiXml.parse(xml)
+        while node.key?('xml')
+          node = node['xml']
+        end
+        node
+      end
+    end
+  end
+end
+

data/lib/xi_wechat_corp/callback/response.rb

@@ -0,0 +1,31 @@
+require 'securerandom'
+
+module XiWechatCorp
+  module Callback
+    class Response
+      TEMPLATE = '<xml><Encrypt>%s</Encrypt><MsgSignature>%s</MsgSignature><TimeStamp>%d</TimeStamp><Nonce>%d</Nonce></xml>'
+      NONCE_UPPER = 1 << 32
+
+      def initialize(cryptor, signer, xml = nil)
+        @cryptor = cryptor
+        @signer = signer
+        assign(xml)
+      end
+
+      def assign(xml)
+        @encrypt = xml ? @cryptor.encrypt(xml) : nil
+      end
+
+      def to_s
+        return '' if @encrypt.nil?
+        timestamp = Time.now.to_i
+        nonce = SecureRandom.random_number(NONCE_UPPER)
+        signature = @signer.sign(@encrypt, timestamp, nonce)
+        sprintf(TEMPLATE, @encrypt, signature, timestamp, nonce)
+      end
+
+      alias_method :to_xml, :to_s
+    end
+  end
+end
+

data/lib/xi_wechat_corp/callback.rb

@@ -0,0 +1,7 @@
+module XiWechatCorp
+  module Callback
+  end
+end
+
+require 'xi_wechat_corp/callback/request'
+require 'xi_wechat_corp/callback/response'

data/lib/xi_wechat_corp/error.rb

@@ -0,0 +1,13 @@
+module XiWechatCorp
+  class Error < StandardError; end
+  class DecodeError < Error; end
+  class PKCS7DecodeError < DecodeError; end
+  class InvalidCorpIDError < Error
+    attr_reader :corpid
+    def initialize(corpid)
+      @corpid = corpid
+      super "Invalid corpid: #{@corpid}"
+    end
+  end
+  class SignatureVerificationError < Error; end
+end

data/lib/xi_wechat_corp/pkcs7_encoder.rb

@@ -0,0 +1,28 @@
+require_relative 'error'
+
+module XiWechatCorp
+  # This file is modified from offical python example
+  #
+  #     http://qydev.weixin.qq.com/python.zip
+  class PKCS7Encoder
+    BLOCK_SIZE = 32
+
+    # Pad the text so the length is divisable by BLOCK_SIZE. Save the padding length as padding chracter itself. 
+    def encode(text)
+      return 32.chr * BLOCK_SIZE if text.nil? || text.empty?
+
+      text_length = text.bytesize
+      amount_to_pad = BLOCK_SIZE - (text_length % BLOCK_SIZE)
+      pad = amount_to_pad.chr
+      text + pad * amount_to_pad
+    end
+
+    def decode(decrypted)
+      return decrypted if decrypted.nil? || decrypted.empty?
+
+      pad = decrypted[-1].ord
+      raise PKCS7DecodeError if pad < 1 or pad > BLOCK_SIZE
+      decrypted.byteslice(0...-pad)
+    end
+  end
+end

data/lib/xi_wechat_corp/sha1_signer.rb

@@ -0,0 +1,14 @@
+module XiWechatCorp
+  # Sign and verify the signature
+  class SHA1Signer
+    def initialize(token)
+      @token = token
+    end
+
+    def sign(*args)
+      sha1 = Digest::SHA1.new
+      [@token, *(args.compact)].map(&:to_s).sort.each {|s| sha1 << s }
+      sha1.hexdigest
+    end
+  end
+end

data/lib/xi_wechat_corp/version.rb

@@ -0,0 +1,3 @@
+module XiWechatCorp
+  VERSION = '1.0.0'
+end

data/lib/xi_wechat_corp.rb

@@ -0,0 +1,12 @@
+require "xi_wechat_corp/version"
+
+module XiWechatCorp
+  autoload :API, 'xi_wechat_corp/api'
+  autoload :Callback, 'xi_wechat_corp/callback'
+  autoload :SHA1Signer, 'xi_wechat_corp/sha1_signer'
+  autoload :AesCrypt, 'xi_wechat_corp/aes_crypt'
+
+  class << self
+    attr_accessor :logger
+  end
+end

data/test/test_helper.rb

@@ -0,0 +1,12 @@
+require 'xi_wechat_corp'
+require 'minitest'
+require 'minitest/unit'
+require 'minitest/autorun'
+require 'minitest/pride'
+require 'webmock/minitest'
+
+class << Minitest::Test
+  def test(name, &block)
+    define_method("test_#{name.gsub(/[^_a-zA-Z0-9]/, '_')}", &block)
+  end
+end

data/test/xi_wechat_corp/aes_crypt_test.rb

@@ -0,0 +1,24 @@
+require 'test_helper'
+require 'xi_wechat_corp/aes_crypt'
+
+module XiWechatCorp
+  class AesCryptTest < Minitest::Test
+    TOKEN = "QDG6eK"
+    AES_KEY = "jWmYm7qr5nMoAUwZRjGtBxmz3KA1tkAj3ykkR6q2B2C"
+    CORP_ID = "wx5823bf96d3bd56c7"
+    ENCRYPTED = 'RypEvHKD8QQKFhvQ6QleEB4J58tiPdvo+rtK1I9qca6aM/wvqnLSV5zEPeusUiX5L5X/0lWfrf0QADHHhGd3QczcdCUpj911L3vg3W/sYYvuJTs3TUUkSUXxaccAS0qhxchrRYt66wiSpGLYL42aM6A8dTT+6k4aSknmPj48kzJs8qLjvd4Xgpue06DOdnLxAUHzM6+kDZ+HMZfJYuR+LtwGc2hgf5gsijff0ekUNXZiqATP7PF5mZxZ3Izoun1s4zG4LUMnvw2r+KqCKIw+3IQH03v+BCA9nMELNqbSf6tiWSrXJB3LAVGUcallcrw8V2t9EL4EhzJWrQUax5wLVMNS0+rUPA3k22Ncx4XXZS9o0MBH27Bo6BpNelZpS+/uh9KsNlY6bHCmJU9p8g7m3fVKn28H3KDYA5Pl/T8Z1ptDAVe0lXdQ2YoyyH2uyPIGHBZZIs2pDBS8R07+qN+E7Q=='
+    EXPECT = "<xml><ToUserName><![CDATA[wx5823bf96d3bd56c7]]></ToUserName>\n<FromUserName><![CDATA[mycreate]]></FromUserName>\n<CreateTime>1409659813</CreateTime>\n<MsgType><![CDATA[text]]></MsgType>\n<Content><![CDATA[hello]]></Content>\n<MsgId>4561255354251345929</MsgId>\n<AgentID>218</AgentID>\n</xml>"
+
+    def test_decrypt_sample_request
+      crypt = AesCrypt.new(AES_KEY, CORP_ID)
+      text = crypt.decrypt(ENCRYPTED)
+      assert_equal EXPECT, text
+    end
+
+    def test_encrypt_and_decrypt
+      crypt = AesCrypt.new(AES_KEY, CORP_ID)
+      text = crypt.decrypt(crypt.encrypt(EXPECT))
+      assert_equal EXPECT, text
+    end
+  end
+end

data/test/xi_wechat_corp/api/access_token_test.rb

@@ -0,0 +1,22 @@
+require 'test_helper'
+require 'xi_wechat_corp/api/access_token'
+
+module XiWechatCorp
+  module API
+    class AccessTokenTest < Minitest::Test
+      def test_assign_access_token_to_another
+        @src = AccessToken.new('test', 123)
+        @dest = AccessToken.new
+        @dest.assign @src
+        assert_equal 'test', @dest.token
+        assert_equal 123, @dest.expired_at
+      end
+      def test_assign_nil
+        @token = AccessToken.new('test', 123)
+        @token.assign nil
+        assert_equal '', @token.token
+        assert_equal 0, @token.expired_at
+      end
+    end
+  end
+end

data/test/xi_wechat_corp/api/connection_test.rb

@@ -0,0 +1,36 @@
+require 'test_helper'
+require 'xi_wechat_corp/api/access_token'
+
+module XiWechatCorp
+  module API
+    class ConnectionTest < Minitest::Test
+      def setup
+        stub_request(:any, %r{https://qyapi.weixin.qq.com/cgi-bin/.*}).to_return(body: '{"access_token":"at"}')
+      end
+
+      def conn
+        @conn ||= Connection.new
+      end
+
+      def test_that_access_token_is_set
+        conn.access_token = '123'
+        conn.get 'test'
+        assert_requested :get, 'https://qyapi.weixin.qq.com/cgi-bin/test',
+          query: { 'access_token' => '123' }
+      end
+
+      test 'raise when access token is not available' do
+        assert_raises ClientError do
+          conn.get 'test'
+        end
+      end
+
+      test 'auto get access token' do
+        conn = Connection.new corp_id: 'corptest', secret: 'secret'
+        conn.get 'test'
+        assert_requested :get, 'https://qyapi.weixin.qq.com/cgi-bin/test',
+          query: { 'access_token' => 'at' }
+      end
+    end
+  end
+end

data/test/xi_wechat_corp/callback/rack_test.rb

@@ -0,0 +1,73 @@
+require 'test_helper'
+require 'xi_wechat_corp/callback/rack'
+require 'rack'
+require 'rack/test'
+require 'multi_xml'
+
+module XiWechatCorp
+  module Callback
+    class RackTest < Minitest::Test
+      include ::Rack::Test::Methods
+      class App
+        def call(env)
+        end
+      end
+
+      RESPONSE_XML = '<xml><test>1</test></xml>'
+      CORP_ID = 'corp_id'
+      AES_KEY = Base64.strict_encode64('a' * 32).chop
+      TOKEN = 'token'
+
+      def app
+        ::Rack::Builder.app do
+          use Rack do |req|
+            if req.path_info == '/wechat'
+              corp_id CORP_ID
+              aes_key AES_KEY
+              token TOKEN
+            end
+          end
+
+          run lambda { |env|
+            response = if env['xi_wechat_corp.params']
+                         env['xi_wechat_corp.params']['response']
+                       else
+                         RESPONSE_XML
+                       end
+            [200, {'Content-Type' => 'text/xml'}, [response]]
+          }
+        end
+      end
+
+      def cryptor
+        @cryptor ||= AesCrypt.new(AES_KEY, CORP_ID)
+      end
+
+      def signer
+        @signer ||= SHA1Signer.new(TOKEN)
+      end
+
+      test 'GET not configured path' do
+        get '/test'
+        assert_equal RESPONSE_XML, last_response.body
+      end
+
+      test 'GET configured path' do
+        echostr = cryptor.encrypt('echostr')
+        signature = signer.sign(1, 2, echostr)
+        get '/wechat', timestamp: 1, nonce: 2, msg_signature: signature, echostr: echostr
+        assert_equal 'echostr', last_response.body
+      end
+
+      test 'POST configured path' do
+        encrypt = cryptor.encrypt('<response>secret</response>')
+        signature = signer.sign(1, 2, encrypt)
+        post "/wechat?timestamp=1&nonce=2&msg_signature=#{signature}", "<xml><Encrypt>#{encrypt}</Encrypt></xml>"
+        response = MultiXml.parse(last_response.body).fetch('xml')
+        assert_equal 'secret', cryptor.decrypt(response['Encrypt'])
+        assert_equal response['MsgSignature'], signer.sign(response['Encrypt'], response['Nonce'], response['TimeStamp'])
+      end
+    end
+  end
+end
+

data/test/xi_wechat_corp/pkcs7_encoder_test.rb

@@ -0,0 +1,29 @@
+require 'test_helper'
+require 'xi_wechat_corp/pkcs7_encoder'
+
+module XiWechatCorp
+  class PKCS7EncoderTest < Minitest::Test
+    def encoder
+      @encoder ||= XiWechatCorp::PKCS7Encoder.new
+    end
+
+    CASES = {
+      '' => 32.chr * 32,
+      'a' => 'a' + 31.chr * 31,
+      'a' * 31 => 'a' * 31 + 1.chr,
+      'a' * 32 => 'a' * 32 + 32.chr * 32,
+    }
+
+    def test_encode
+      CASES.each_pair do |raw, encoded|
+        assert_equal encoded, encoder.encode(raw)
+      end
+    end
+
+    def test_decode
+      CASES.each_pair do |raw, encoded|
+        assert_equal raw, encoder.decode(encoded)
+      end
+    end
+  end
+end

data/test/xi_wechat_corp/sha1_signer_test.rb

@@ -0,0 +1,19 @@
+require 'test_helper'
+require 'xi_wechat_corp/sha1_signer'
+
+module XiWechatCorp
+  class SHA1SignerTest < Minitest::Test
+    TEST_TOKEN = 'QDG6eK'
+    TEST_TIME_STAMP = '1409659589'
+    TEST_NONCE = '263014780'
+    TEST_ECHO_STR = 'P9nAzCzyDtyTWESHep1vC5X9xho/qYX3Zpb4yKa9SKld1DsH3Iyt3tP3zNdtp+4RPcs8TgAE7OaBO+FZXvnaqQ=='
+    TEST_SIGNATURE = '5c45ff5e21c57e6ad56bac8758b79b1d9ac89fd3'
+    def signer
+      SHA1Signer.new(TEST_TOKEN)
+    end
+
+    def test_sign_example
+      assert_equal TEST_SIGNATURE, signer.sign(TEST_TIME_STAMP, TEST_NONCE, TEST_ECHO_STR)
+    end
+  end
+end

data/xi_wechat_corp.gemspec

@@ -0,0 +1,31 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'xi_wechat_corp/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'xi_wechat_corp'
+  spec.version       = XiWechatCorp::VERSION
+  spec.authors       = ['Ian Yang']
+  spec.email         = ['ian@3pjgames.com']
+  spec.summary       = %q{Wechat Corp development toolkits}
+  spec.description   = %q{Wechat Corp development toolkits}
+  spec.homepage      = 'https://github.com/3pjgames/xi_wechat_corp'
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'faraday', '~> 0.9.1'
+  spec.add_dependency 'faraday_middleware', '~> 0.9.1'
+  spec.add_dependency 'multi_xml', '~> 0.5.5'
+  spec.add_dependency 'multi_json', '~> 1.10.1'
+  spec.add_dependency 'rack', '~> 1.6.0'
+  spec.add_development_dependency 'bundler', '~> 1.7'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'minitest', '~> 5.5.1'
+  spec.add_development_dependency 'webmock'
+  spec.add_development_dependency 'rack-test'
+end

metadata

@@ -0,0 +1,218 @@
+--- !ruby/object:Gem::Specification
+name: xi_wechat_corp
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Ian Yang
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-02-08 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.1
+- !ruby/object:Gem::Dependency
+  name: faraday_middleware
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.1
+- !ruby/object:Gem::Dependency
+  name: multi_xml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.5
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.5
+- !ruby/object:Gem::Dependency
+  name: multi_json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.10.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.10.1
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.6.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.6.0
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.5.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.5.1
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Wechat Corp development toolkits
+email:
+- ian@3pjgames.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/xi_wechat_corp.rb
+- lib/xi_wechat_corp/aes_crypt.rb
+- lib/xi_wechat_corp/api.rb
+- lib/xi_wechat_corp/api/access_token.rb
+- lib/xi_wechat_corp/api/connection.rb
+- lib/xi_wechat_corp/callback.rb
+- lib/xi_wechat_corp/callback/config.rb
+- lib/xi_wechat_corp/callback/rack.rb
+- lib/xi_wechat_corp/callback/request.rb
+- lib/xi_wechat_corp/callback/response.rb
+- lib/xi_wechat_corp/error.rb
+- lib/xi_wechat_corp/pkcs7_encoder.rb
+- lib/xi_wechat_corp/sha1_signer.rb
+- lib/xi_wechat_corp/version.rb
+- test/test_helper.rb
+- test/xi_wechat_corp/aes_crypt_test.rb
+- test/xi_wechat_corp/api/access_token_test.rb
+- test/xi_wechat_corp/api/connection_test.rb
+- test/xi_wechat_corp/callback/rack_test.rb
+- test/xi_wechat_corp/pkcs7_encoder_test.rb
+- test/xi_wechat_corp/sha1_signer_test.rb
+- xi_wechat_corp.gemspec
+homepage: https://github.com/3pjgames/xi_wechat_corp
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: Wechat Corp development toolkits
+test_files:
+- test/test_helper.rb
+- test/xi_wechat_corp/aes_crypt_test.rb
+- test/xi_wechat_corp/api/access_token_test.rb
+- test/xi_wechat_corp/api/connection_test.rb
+- test/xi_wechat_corp/callback/rack_test.rb
+- test/xi_wechat_corp/pkcs7_encoder_test.rb
+- test/xi_wechat_corp/sha1_signer_test.rb