@ddn/egg-wechat 1.0.24

package/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) unclexiao.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,114 @@
+# @ddn/egg-wechat
+
+[![npm version](https://badge.fury.io/js/@ddn/egg-wechat.svg)](https://badge.fury.io/js/@ddn/egg-wechat)
+
+[微信公众平台](https://mp.weixin.qq.com/)常规的后端服务，献给了不起的[EggJS](https://eggjs.org/zh-cn/)。
+
+本项目 fork 自 [egg-mp](https://github.com/unclexiao/egg-mp)，感谢原作者 [unclexiao](https://github.com/unclexiao) 的贡献。
+
+## 特性
+### 微信小程序
+- [X] 小程序登录
+- [X] 小程序授权
+- [X] 小程序支付
+- [X] 推送模板消息
+- [X] 检测是否含有敏感词
+- [ ] 生成二维码/小程序码
+- [ ] 接入在线客服消息
+
+### 微信服务号
+- [X] 网页授权
+- [X] 发送模板消息
+- [X] 获取用户基础信息
+- [X] 获取用户列表
+- [X] 服务号网页支付
+- [X] 前端调用JSSDK
+
+### 微信开放平台 (第三方平台)
+- [X] 获取 Component Access Token
+- [X] 获取预授权码 (PreAuthCode)
+- [X] 获取授权方信息 (QueryAuth)
+- [X] 发送客服消息
+- [X] 获取授权页 URL
+
+## 安装
+
+```bash
+$ npm i @ddn/egg-wechat --save
+```
+
+## 启用插件
+
+```js
+// {app_root}/config/plugin.js
+exports.wechat = {
+  enable: true,
+  package: '@ddn/egg-wechat',
+};
+```
+
+## 应用配置
+
+```js
+// {app_root}/config/config.default.js
+exports.wechat = {
+  appId: '', // 公众平台应用编号
+  appSecret: '', // 公众平台应用密钥
+  mchId: '', // 商户平台商家编号
+  apiKey: '', // 商户支付密钥
+  notifyUrl: '', // 支付结果回调地址
+  
+  // 开放平台第三方平台配置
+  componentAppId: '',
+  componentAppSecret: '',
+  componentToken: '',
+  componentEncodingAESKey: '',
+};
+```
+
+请查看 [doc/CONFIG.md](doc/CONFIG.md) 获取更详细说明.
+
+## 简单实例
+
+### 小程序/公众号
+
+```javascript
+async login() {
+    const { ctx } = this;
+    const { code } = ctx.request.query;
+    // 注意命名空间变为 ctx.service.wechat.mp
+    let res = await ctx.service.wechat.mp.login(code);
+    // {
+    //   session_key: "...",
+    //   openid: "..."
+    // };
+}
+```
+
+### 开放平台 (Component)
+
+```javascript
+async getAuthUrl() {
+    const { ctx } = this;
+    // 获取授权页 URL
+    const url = await ctx.service.wechat.component.getOAuthDomainUrl();
+    // ...
+}
+```
+
+## 基础教程
+- [配置项如何找到？](doc/CONFIG.md)
+- 如何搭建环境？
+- 如何本地调试？
+- 登录与授权（获取用户信息）
+- 微信支付（小程序、服务号）
+- 推送消息（服务通知、模板消息）
+- 生成二维码（或小程序码）
+
+## 问题与建议
+
+请在[这里](https://github.com/ddnlink/egg-wechat/issues)向我提出问题
+
+## 开源协议
+
+[MIT](LICENSE)

package/app/extend/helper.js

@@ -0,0 +1,33 @@
+'use strict';
+const xml = require('xml-js');
+
+module.exports = {
+  xml2json(xmlStr) {
+    let result = xml.xml2json(xmlStr, {
+      compact: true,
+      spaces: 4,
+    });
+    result = JSON.parse(result);
+    return this.deleteCDATA(result.xml);
+  },
+
+  json2xml(json) {
+    const result = xml.json2xml(json, {
+      compact: true,
+      spaces: 4,
+    });
+    return '<xml>\n' + result + '\n</xml>';
+  },
+
+  deleteCDATA(args) {
+    const keys = Object.keys(args);
+    const obj = {};
+    for (let i = 0; i < keys.length; i++) {
+      const k = keys[i];
+      if (typeof args[k] === 'object') {
+        obj[k] = args[k]._cdata;
+      }
+    }
+    return obj;
+  },
+};

package/app/service/wechat/component.js

@@ -0,0 +1,215 @@
+'use strict';
+
+const Service = require('egg').Service;
+
+class ComponentService extends Service {
+  
+  /**
+   * 获取 Component Access Token
+   * 优先从 Redis 获取，过期则刷新
+   */
+  async getComponentAccessToken() {
+    const { ctx, app } = this;
+    const { componentAppId, componentAppSecret } = app.config.wechat;
+    
+    if (!componentAppId || !componentAppSecret) {
+      throw new Error('未配置微信开放平台 Component AppID 或 Secret');
+    }
+
+    const cacheKey = `wechat:component_access_token:${componentAppId}`;
+    let token = await app.redis.get(cacheKey);
+
+    if (token) {
+      return token;
+    }
+
+    // 获取 Component Verify Ticket
+    const ticketKey = `wechat:component_verify_ticket:${componentAppId}`;
+    const ticket = await app.redis.get(ticketKey);
+
+    if (!ticket) {
+      throw new Error('未收到微信推送的 Component Verify Ticket，请等待微信服务器推送');
+    }
+
+    // 请求微信接口获取 Token
+    const url = 'https://api.weixin.qq.com/cgi-bin/component/api_component_token';
+    const result = await ctx.curl(url, {
+      method: 'POST',
+      contentType: 'json',
+      dataType: 'json',
+      data: {
+        component_appid: componentAppId,
+        component_appsecret: componentAppSecret,
+        component_verify_ticket: ticket
+      }
+    });
+
+    if (result.data.errcode) {
+      throw new Error(`获取 Component Access Token 失败: ${result.data.errmsg}`);
+    }
+
+    token = result.data.component_access_token;
+    const expiresIn = result.data.expires_in;
+
+    // 缓存 Token (提前 5 分钟过期)
+    await app.redis.set(cacheKey, token, 'EX', expiresIn - 300);
+
+    return token;
+  }
+
+  /**
+   * 保存 Component Verify Ticket
+   * @param {string} ticket 微信推送的 Ticket
+   */
+  async saveComponentVerifyTicket(ticket) {
+    const { app } = this;
+    const { componentAppId } = app.config.wechat;
+    
+    if (!componentAppId) return;
+
+    const key = `wechat:component_verify_ticket:${componentAppId}`;
+    // Ticket 有效期通常为 12 小时，这里设置 12 小时过期
+    await app.redis.set(key, ticket, 'EX', 12 * 3600);
+    
+    // 兼容旧的 Redis Key
+    await app.redis.set('wechat:component:ticket', ticket, 'EX', 12 * 3600);
+  }
+
+  /**
+   * 获取预授权码 (Pre-Auth Code)
+   */
+  async getPreAuthCode() {
+    const { ctx, app } = this;
+    const { componentAppId } = app.config.wechat;
+    
+    const token = await this.getComponentAccessToken();
+    
+    const url = `https://api.weixin.qq.com/cgi-bin/component/api_create_preauthcode?component_access_token=${token}`;
+    const result = await ctx.curl(url, {
+      method: 'POST',
+      contentType: 'json',
+      dataType: 'json',
+      data: {
+        component_appid: componentAppId
+      }
+    });
+
+    if (result.data.errcode) {
+      throw new Error(`获取预授权码失败: ${result.data.errmsg}`);
+    }
+
+    return result.data.pre_auth_code;
+  }
+
+  /**
+   * 使用授权码换取公众号/小程序的接口调用凭据和授权信息
+   * @param {string} authCode 授权码
+   */
+  async queryAuth(authCode) {
+    const { ctx, app } = this;
+    const { componentAppId } = app.config.wechat;
+
+    const token = await this.getComponentAccessToken();
+    const url = `https://api.weixin.qq.com/cgi-bin/component/api_query_auth?component_access_token=${token}`;
+    
+    const result = await ctx.curl(url, {
+      method: 'POST',
+      contentType: 'json',
+      dataType: 'json',
+      data: {
+        component_appid: componentAppId,
+        authorization_code: authCode
+      }
+    });
+
+    if (result.data.errcode) {
+      throw new Error(`换取授权信息失败: ${result.data.errmsg}`);
+    }
+
+    return result.data.authorization_info;
+  }
+
+  /**
+   * 获取授权方的帐号基本信息
+   * @param {string} authorizerAppId 授权方AppID
+   */
+  async getAuthorizerInfo(authorizerAppId) {
+    const { ctx, app } = this;
+    const { componentAppId } = app.config.wechat;
+
+    const token = await this.getComponentAccessToken();
+    const url = `https://api.weixin.qq.com/cgi-bin/component/api_get_authorizer_info?component_access_token=${token}`;
+    
+    const result = await ctx.curl(url, {
+      method: 'POST',
+      contentType: 'json',
+      dataType: 'json',
+      data: {
+        component_appid: componentAppId,
+        authorizer_appid: authorizerAppId
+      }
+    });
+
+    if (result.data.errcode) {
+      throw new Error(`获取授权方基本信息失败: ${result.data.errmsg}`);
+    }
+
+    return result.data;
+  }
+
+  /**
+   * 发送客服消息 (文本)
+   * @param {string} accessToken 授权方接口调用凭据
+   * @param {string} toUser 接收者OpenID
+   * @param {string} content 文本内容
+   */
+  async sendCustomMessage(accessToken, toUser, content) {
+    const { ctx } = this;
+    const url = `https://api.weixin.qq.com/cgi-bin/message/custom/send?access_token=${accessToken}`;
+    
+    const result = await ctx.curl(url, {
+      method: 'POST',
+      contentType: 'json',
+      dataType: 'json',
+      data: {
+        touser: toUser,
+        msgtype: 'text',
+        text: {
+          content: content
+        }
+      }
+    });
+
+    return result.data;
+  }
+
+  /**
+   * 生成代公众号发起网页授权的链接
+   * @param {string} appid 公众号AppID
+   * @param {string} redirectUri 回调地址
+   * @param {string} scope 作用域
+   * @param {string} state 状态参数
+   */
+  getOAuthDomainUrl(appid, redirectUri, scope = 'snsapi_userinfo', state = 'STATE') {
+    const { app } = this;
+    const { componentAppId } = app.config.wechat;
+    const encodedRedirectUri = encodeURIComponent(redirectUri);
+    return `https://open.weixin.qq.com/connect/oauth2/authorize?appid=${appid}&redirect_uri=${encodedRedirectUri}&response_type=code&scope=${scope}&state=${state}&component_appid=${componentAppId}#wechat_redirect`;
+  }
+
+  /**
+   * 获取授权页 URL (用于公众号/小程序管理员授权给第三方平台)
+   * @param {string} redirectUri 回调地址
+   * @param {number} authType 授权类型 (1: 公众号, 2: 小程序, 3: 两者都可)
+   */
+  async getAuthUrl(redirectUri, authType = 3) {
+    const { app } = this;
+    const { componentAppId } = app.config.wechat;
+    const preAuthCode = await this.getPreAuthCode();
+    const encodedRedirectUri = encodeURIComponent(redirectUri);
+    
+    return `https://mp.weixin.qq.com/cgi-bin/componentloginpage?component_appid=${componentAppId}&pre_auth_code=${preAuthCode}&redirect_uri=${encodedRedirectUri}&auth_type=${authType}`;
+  }
+}
+
+module.exports = ComponentService;

package/app/service/wechat/mp.js

@@ -0,0 +1,201 @@
+'use strict';
+const Service = require('egg').Service;
+const crypto = require('crypto');
+
+// 微信相关接口常量
+const jscode2sessionUri = 'https://api.weixin.qq.com/sns/jscode2session'; // 微信临时授权码
+const tokenUri = 'https://api.weixin.qq.com/cgi-bin/token'; // 微信凭据
+const msgSecCheck = 'https://api.weixin.qq.com/wxa/msg_sec_check'; // 微信敏感词
+const sendMsgUri =
+  'https://api.weixin.qq.com/cgi-bin/message/wxopen/template/send'; // 微信服务通知
+const payUri = 'https://api.mch.weixin.qq.com/pay/unifiedorder'; // 微信统一下单
+
+class MPService extends Service {
+
+  /**
+  * 登录凭证校验
+  * @param {String} code 临时授权码
+  * @return {Object} 微信返回的数据
+  * @see https://developers.weixin.qq.com/miniprogram/dev/api/code2Session.html?search-key=jscode2session
+  */
+  async login(code) {
+    const {
+      appId,
+      appSecret,
+    } = this.app.config.wechat;
+    const url = `${jscode2sessionUri}?appid=${appId}&secret=${appSecret}&js_code=${code}&grant_type=authorization_code`;
+    const res = await this.ctx.curl(url, {
+      dataType: 'json',
+    });
+    return res.data;
+  }
+
+  /**
+  * 获取Token
+  * @return {Object} 微信返回的数据
+  * @see https://developers.weixin.qq.com/miniprogram/dev/api/getAccessToken.html
+  */
+  async getToken() {
+    const {
+      appId,
+      appSecret,
+    } = this.app.config.wechat;
+    const url = `${tokenUri}?grant_type=client_credential&appid=${appId}&secret=${appSecret}`;
+    const res = await this.ctx.curl(url, {
+      dataType: 'json',
+    });
+    return res.data;
+  }
+
+  /**
+  * 加密数据解密算法
+  * @param {String} sessionKey sessionKey
+  * @param {String} encryptedData encryptedData
+  * @param {String} iv iv
+  * @return {Object} 微信返回的数据
+  * @see https://developers.weixin.qq.com/miniprogram/dev/framework/open-ability/signature.html
+  */
+  async decryptData(sessionKey, encryptedData, iv) {
+    const {
+      appId,
+    } = this.app.config.wechat;
+    const sessionKeyBuffer = new Buffer.from(sessionKey, 'base64');
+    const encryptedDataBuffer = new Buffer.from(encryptedData, 'base64');
+    const ivStr = new Buffer.from(iv, 'base64');
+    const decipher = crypto.createDecipheriv('aes-128-cbc', sessionKeyBuffer, ivStr);
+    let decoded = '';
+    try {
+      decipher.setAutoPadding(true);
+      decoded = decipher.update(encryptedDataBuffer, 'binary', 'utf8');
+      decoded += decipher.final('utf8');
+      decoded = JSON.parse(decoded);
+    } catch (err) {
+      throw new Error('Illegal Buffer');
+    }
+    if (decoded.watermark.appid !== appId) {
+      throw new Error('Illegal Appid');
+    }
+    return decoded;
+  }
+
+  /**
+  * 是否含有敏感内容
+  * @param {String} content 文本内容
+  * @return {Boolean} 是否敏感内容
+  * @see https://developers.weixin.qq.com/miniprogram/dev/api/msgSecCheck.html?search-key=msg_sec_check
+  */
+  async checkIsSensitive(content) {
+    const token = await this.getToken();
+    const access_token = token.access_token;
+    const res = await this.ctx.curl(`${msgSecCheck}?access_token=${access_token}`, {
+      method: 'POST',
+      contentType: 'json',
+      dataType: 'json',
+      data: {
+        content,
+      },
+    });
+    return res.data.errcode === 87014;
+  }
+
+  /**
+  * 推送模板消息
+  * @param {Object} params 推送消息
+  * @return {Boolean} 微信返回的数据
+  * @see https://developers.weixin.qq.com/miniprogram/dev/framework/open-ability/template-message.html
+  */
+  async pushMessage(params) {
+    const body = {
+      touser: params.openid,
+      template_id: params.templateid,
+      page: params.page,
+      form_id: params.formid,
+      data: params.data,
+      emphasis_keyword: params.emphasis_keyword,
+    };
+    const token = await this.getToken();
+    const access_token = token.access_token;
+    const res = await this.ctx.curl(`${sendMsgUri}?access_token=${access_token}`, {
+      method: 'POST',
+      contentType: 'json',
+      dataType: 'json',
+      data: body,
+    });
+    return res.data;
+  }
+
+  /**
+  * 统一下单
+  * @param {String} openid 目标用户
+  * @param {Object} data 推送消息
+  * @return {Object} 用于小程序发起支付
+  * @see https://api.mch.weixin.qq.com/pay/unifiedorder
+  */
+  async createOrder(openid, data) {
+    const {
+      ctx,
+    } = this;
+    const signedParams = this._firstSignOrder(openid, data);
+    const successXml = await ctx.curl(payUri, {
+      method: 'POST',
+      data: ctx.helper.json2xml(signedParams),
+    });
+    const json = ctx.helper.xml2json(successXml.data);
+    if (json.return_code === 'FAIL') {
+      return {
+        code: -1,
+        msg: json.return_msg,
+      };
+    }
+    return this._secondSignOrder(json);
+  }
+
+  // 第一次签名
+  _firstSignOrder(openid, data) {
+    const {
+      app,
+      ctx,
+      service,
+    } = this;
+    const {
+      appId,
+      mchId,
+    } = app.config.wechat;
+    const params = {
+      openid,
+      appid: appId,
+      mch_id: mchId,
+      nonce_str: service.wechat.sign.createNonceStr(),
+      out_trade_no: data.tradeNo || new Date().getTime(), // 内部订单号
+      total_fee: data.totalFee || 1, // 单位为分的标价金额
+      body: data.body || '未知产品-测试商品', // 应用市场上的APP名字-商品概述	
+      spbill_create_ip: ctx.ip, // 支付提交用户端ip
+      notify_url: data.notifyUrl || '', // 异步接收微信支付结果通知
+      trade_type: 'JSAPI',
+    };
+    params.sign = service.wechat.sign.getPaySign(params); // 首次签名，用于验证支付通知
+    return params;
+  }
+
+  // 第二次签名
+  _secondSignOrder(json) {
+    const {
+      app,
+      service,
+    } = this;
+    const {
+      appId,
+    } = app.config.wechat;
+    const res = {
+      appId,
+      timeStamp: service.wechat.sign.createTimestamp(),
+      nonceStr: json.nonce_str,
+      package: `prepay_id=${json.prepay_id}`,
+      signType: 'MD5',
+    }; // 不能随意增减，必须是这些字段
+    res.paySign = service.wechat.sign.getPaySign(res); // 第二次签名，用于提交到微信
+    return res;
+  }
+}
+
+module.exports = MPService;

package/app/service/wechat/security.js

@@ -0,0 +1,114 @@
+'use strict';
+
+const Service = require('egg').Service;
+
+const MSG_SEC_CHECK_URL = 'https://api.weixin.qq.com/wxa/msg_sec_check';
+const MEDIA_CHECK_ASYNC_URL = 'https://api.weixin.qq.com/wxa/media_check_async';
+
+class SecurityService extends Service {
+
+  async _getAccessToken(providedAccessToken) {
+    if (providedAccessToken) return providedAccessToken;
+
+    const tokenRes = await this.ctx.service.wechat.mp.getToken();
+    const accessToken = tokenRes && tokenRes.access_token;
+    if (!accessToken) {
+      const errMsg = tokenRes && tokenRes.errmsg ? tokenRes.errmsg : 'missing access_token';
+      throw new Error(`wechat getToken failed: ${errMsg}`);
+    }
+    return accessToken;
+  }
+
+  /**
+   * 文本内容安全识别（2.0）
+   * @param {Object} params
+   * @param {string} params.content 需检测的文本内容（<=2500字）
+   * @param {number} params.version 固定为 2
+   * @param {number} params.scene 场景（1资料；2评论；3论坛；4社交日志）
+   * @param {string} params.openid 用户 openid（近两小时访问过小程序）
+   * @param {string} [params.title] 文本标题
+   * @param {string} [params.nickname] 用户昵称
+   * @param {string} [params.signature] 个性签名（仅 scene=1）
+   * @param {Object} [options]
+   * @param {string} [options.accessToken] access_token 或 authorizer_access_token
+   */
+  async msgSecCheck(params, options = {}) {
+    const {
+      content,
+      openid,
+      version = 2,
+      scene = 2,
+      title,
+      nickname,
+      signature,
+    } = params || {};
+
+    if (!content || typeof content !== 'string') throw new Error('content is required');
+    if (!openid || typeof openid !== 'string') throw new Error('openid is required');
+
+    const accessToken = await this._getAccessToken(options.accessToken);
+
+    const data = {
+      content,
+      version,
+      scene,
+      openid,
+    };
+    if (title) data.title = title;
+    if (nickname) data.nickname = nickname;
+    if (signature) data.signature = signature;
+
+    const res = await this.ctx.curl(`${MSG_SEC_CHECK_URL}?access_token=${accessToken}`, {
+      method: 'POST',
+      contentType: 'json',
+      dataType: 'json',
+      data,
+    });
+
+    return res.data;
+  }
+
+  /**
+   * 多媒体内容安全识别（异步，2.0）
+   * @param {Object} params
+   * @param {string} params.mediaUrl 要检测的媒体 URL
+   * @param {number} params.mediaType 1:音频 2:图片
+   * @param {number} params.version 固定为 2
+   * @param {number} params.scene 场景（1资料；2评论；3论坛；4社交日志）
+   * @param {string} params.openid 用户 openid（近两小时访问过小程序）
+   * @param {Object} [options]
+   * @param {string} [options.accessToken] access_token 或 authorizer_access_token
+   */
+  async mediaCheckAsync(params, options = {}) {
+    const {
+      mediaUrl,
+      mediaType,
+      openid,
+      version = 2,
+      scene = 2,
+    } = params || {};
+
+    if (!mediaUrl || typeof mediaUrl !== 'string') throw new Error('mediaUrl is required');
+    if (mediaType !== 1 && mediaType !== 2) throw new Error('mediaType must be 1 or 2');
+    if (!openid || typeof openid !== 'string') throw new Error('openid is required');
+
+    const accessToken = await this._getAccessToken(options.accessToken);
+
+    const res = await this.ctx.curl(`${MEDIA_CHECK_ASYNC_URL}?access_token=${accessToken}`, {
+      method: 'POST',
+      contentType: 'json',
+      dataType: 'json',
+      data: {
+        media_url: mediaUrl,
+        media_type: mediaType,
+        version,
+        scene,
+        openid,
+      },
+    });
+
+    return res.data;
+  }
+}
+
+module.exports = SecurityService;

package/app/service/wechat/sign.js

@@ -0,0 +1,66 @@
+'use strict';
+const crypto = require('crypto');
+
+const Service = require('egg').Service;
+
+class SignService extends Service {
+  // 生成随机字符串，用于微信支付
+  createNonceStr() {
+    return Math.random()
+      .toString(36)
+      .substr(2, 15);
+  }
+
+  // 生成时间戳，单位为秒，用于微信支付
+  createTimestamp() {
+    return parseInt(new Date().getTime() / 1000) + '';
+  }
+
+  // 序列化字符串
+  raw(args) {
+    const keys = Object.keys(args).sort(); // 参数名ASCII码从小到大排序（字典序）；
+    let string = '';
+    for (let i = 0; i < keys.length; i++) {
+      const k = keys[i];
+      if (k === 'sign' || !args[k]) {
+        continue; // 如果参数的值为空不参与签名
+      }
+      if (typeof args[k] === 'array') {
+        // 兼容xml场景，值为数组
+        args[k] = args[k][0];
+      }
+      string += '&' + k + '=' + args[k];
+    }
+    string = string.substr(1);
+    return string;
+  }
+
+  // 生成加密SHA1字符串
+  sha1(str) {
+    return crypto.createHash('sha1').update(str).digest('hex');
+  }
+
+  // 生成配置签名
+  getConfigSign(args) {
+    const rawStr = this.raw(args);
+    const shaStr = this.sha1(rawStr);
+    return shaStr.toLocaleLowerCase();
+  }
+
+  // 生成加密MD5字符串
+  md5(str) {
+    return crypto.createHash('md5').update(str).digest('hex');
+  }
+
+  // 生成支付签名
+  getPaySign(args) {
+    const {
+      apiKey,
+    } = this.app.config.wechat;
+    const rawStr = this.raw(args);
+    const md5Str = this.md5(rawStr + '&key=' + apiKey);
+    return md5Str.toUpperCase();
+  }
+}
+
+module.exports = SignService;

package/app/service/wechat/wcs.js

@@ -0,0 +1,219 @@
+'use strict';
+
+const Service = require('egg').Service;
+
+const tokenUri = 'https://api.weixin.qq.com/cgi-bin/token'; // 换取统一令牌
+const ticketUri = 'https://api.weixin.qq.com/cgi-bin/ticket/getticket'; // Web端临时票据
+const templateUri = 'https://api.weixin.qq.com/cgi-bin/message/template/send'; // 推送模板消息
+const usersUri = 'https://api.weixin.qq.com/cgi-bin/user/get'; // 获取用户信息
+const userInfoBatch = 'https://api.weixin.qq.com/cgi-bin/user/info/batchget'; // 批量获取用户信息
+const authUri = 'https://api.weixin.qq.com/sns/oauth2/access_token'; // 微信网页授权
+const payUri = 'https://api.mch.weixin.qq.com/pay/unifiedorder'; // 微信统一下单
+
+const jsonType = {
+  dataType: 'json',
+};
+
+class WCSService extends Service {
+  /**
+  * 获取Token
+  * @return {String} 令牌
+  * @see https://mp.weixin.qq.com/wiki?t=resource/res_main&id=mp1421140183
+  */
+  async getToken() {
+    const {
+      appId,
+      appSecret,
+    } = this.app.config.wechat;
+    const url = `${tokenUri}?grant_type=client_credential&appid=${appId}&secret=${appSecret}`;
+    const res = await this.ctx.curl(url, jsonType);
+    if (res.data.errcode){
+      throw new Error(res.data.errmsg)
+    }
+    return res.data;
+  }
+
+  /**
+  * 获取Ticket
+  * @param {String} token 令牌
+  * @return {Object} 票据信息
+  * @see https://mp.weixin.qq.com/wiki?t=resource/res_main&id=mp1421141115
+  */
+  async getTicket(token) {
+    const url = `${ticketUri}?access_token=${token}&type=jsapi`;
+    const res = await this.ctx.curl(url, jsonType);
+    if (res.data.errcode){
+      throw new Error(res.data.errmsg)
+    }
+    return res.data;
+  }
+
+  /**
+  * 获取权限验证配置
+  * @param {String} url 调用JSAPI的网址
+  * @return {Object} JSSDK初始化配置
+  * @see https://mp.weixin.qq.com/wiki?t=resource/res_main&id=mp1421141115
+  */
+  async getConfig(url) {
+    const tokenRes = await this.getToken();
+    const ticketRes = await this.getTicket(tokenRes.access_token);
+    const params = this._createConfigSign(ticketRes.ticket, url);
+    params.appId = this.app.config.wechat.appId;
+    return params;
+  }
+
+  /**
+  * 微信网页授权
+  * @param {String} code 临时授权码
+  * @return {Object} 微信返回的授权信息
+  * @see https://mp.weixin.qq.com/wiki?t=resource/res_main&id=mp1421140842
+  */
+  async auth(code) {
+    const {
+      appId,
+      appSecret,
+    } = this.app.config.wechat;
+    const url = `${authUri}?grant_type=authorization_code&appid=${appId}&secret=${appSecret}&code=${code}`;
+    const res = await this.ctx.curl(url, jsonType);
+    return res.data;
+  }
+
+  /**
+  * 发送模板消息
+  * @param {String} accessToken accessToken
+  * @param {Object} data 模板消息数据
+  * @return {Object} 微信返回的推送结果
+  * @see https://mp.weixin.qq.com/wiki?t=resource/res_main&id=mp1433751277
+  */
+  async sendTemplateMsg(accessToken, data) {
+    const url = `${templateUri}?access_token=${accessToken}`;
+    const res = await this.ctx.curl(url, {
+      method: 'POST',
+      dataType: 'json',
+      data: JSON.stringify(data),
+    });
+    return res.data;
+  }
+
+  /**
+  * 获取用户列表
+  * @param {String} accessToken accessToken
+  * @return {Object} 用户列表
+  * @see  https://mp.weixin.qq.com/wiki?t=resource/res_main&id=mp1421140840
+  */
+  async getUserList(accessToken) {
+    const url = `${usersUri}?access_token=${accessToken}`;
+    const res = await this.ctx.curl(url, jsonType);
+    const openids = res.data.data.openid;
+    return openids;
+  }
+
+  /**
+  * 批量获取用户信息
+  * @param {String} accessToken accessToken
+  * @param {Array} openids 用户数据
+  * @return {Object} 批量用户信息
+  * @see https://mp.weixin.qq.com/wiki?t=resource/res_main&id=mp1421140839
+  */
+  async getBatchUserInfo(accessToken, openids) {
+    const url = `${userInfoBatch}?access_token=${accessToken}`;
+    const res = await this.ctx.curl(url, {
+      method: 'POST',
+      dataType: 'json',
+      data: JSON.stringify(openids),
+    });
+    return res.data;
+  }
+
+  /**
+  * 统一下单
+  * @param {String} openid 开放平台编号
+  * @param {Object} order 订单数据
+  * @return {Object} 用于JSSDK调用支付接口
+  * @see https://api.mch.weixin.qq.com/pay/unifiedorder
+  */
+  async createOrder(openid, order) {
+    const {
+      ctx,
+    } = this;
+    const signedParams = this._firstSignOrder(openid, order);
+    const successXml = await ctx.curl(payUri, {
+      method: 'POST',
+      data: ctx.helper.json2xml(signedParams),
+    });
+    const json = ctx.helper.xml2json(successXml.data);
+    if (json.return_code === 'FAIL') {
+      return {
+        code: -1,
+        msg: json.return_msg,
+      };
+    }
+    return this._secondSignOrder(json);
+  }
+
+  // 生成配置签名
+  _createConfigSign(ticket, url) {
+    const {
+      service,
+    } = this;
+    const timestamp = parseInt(new Date().getTime() / 1000);
+    const params = {
+      jsapi_ticket: ticket,
+      url,
+      timestamp,
+      noncestr: service.wechat.sign.createNonceStr(),
+    };
+    params.signature = service.wechat.sign.getConfigSign(params); // 配置签名，用于Web端调用接口
+    return params;
+  }
+
+  // 生成支付签名
+  _firstSignOrder(openid, order) {
+    const {
+      app,
+      ctx,
+      service,
+    } = this;
+    const {
+      appId,
+      mchId,
+      notifyUrl,
+    } = app.config.wechat;
+    const params = {
+      openid: openid || '',
+      appid: appId,
+      mch_id: mchId,
+      nonce_str: service.wechat.sign.createNonceStr(),
+      body: order.body || '我是测试商品',
+      out_trade_no: order.tradeNo || new Date().getTime(), // 内部订单号
+      total_fee: order.totalFee || 1, // 单位为分的标价金额
+      spbill_create_ip: ctx.ip || '127.0.0.1', // 支付提交用户端ip
+      notify_url: notifyUrl, // 异步接收微信支付结果通知
+      trade_type: 'JSAPI',
+    };
+    params.sign = service.wechat.sign.getPaySign(params); // 订单签名，用于验证支付通知
+    return params;
+  }
+
+  // 第二次签名
+  _secondSignOrder(json) {
+    const {
+      app,
+      service,
+    } = this;
+    const {
+      appId,
+    } = app.config.wechat;
+    const res = {
+      appId,
+      timeStamp: service.wechat.sign.createTimestamp(),
+      nonceStr: json.nonce_str,
+      package: `prepay_id=${json.prepay_id}`,
+      signType: 'MD5',
+    }; // 不能随意增减，必须是这些字段
+    res.paySign = service.wechat.sign.getPaySign(res); // 第二次签名，用于提交到微信
+    return res;
+  }
+}
+
+module.exports = WCSService;

package/config/config.default.js

@@ -0,0 +1,23 @@
+'use strict';
+
+/**
+ * 微信公众平台的相关配置
+ * @member Config Egg配置
+ * @property {String}  appId - 应用号
+ * @property {number}  appSecret  - 应用密钥
+ * @property {number}  mchId  - 商户平台商家编号
+ * @property {number}  apiKey  - 商户支付接口密钥
+ * @property {number}  notifyUrl  - 支付结果回调地址
+ */
+exports.wechat = {
+  appId: '',
+  appSecret: '',
+  mchId: '',
+  apiKey: '',
+  notifyUrl: '',
+  // 开放平台第三方平台配置
+  componentAppId: '',
+  componentAppSecret: '',
+  componentToken: '',
+  componentEncodingAESKey: '',
+};

package/index.d.ts

@@ -0,0 +1,18 @@
+import MPService = require('./app/service/wechat/mp');
+import WCSService = require('./app/service/wechat/wcs');
+import SignService = require('./app/service/wechat/sign');
+import ComponentService = require('./app/service/wechat/component');
+import SecurityService = require('./app/service/wechat/security');
+
+declare module 'egg' {
+  // extend service
+  interface IService {
+    wechat: {
+      mp: MPService;
+      wcs: WCSService;
+      sign: SignService;
+      component: ComponentService;
+      security: SecurityService;
+    }
+  }
+}

package/package.json

@@ -0,0 +1,65 @@
+{
+  "name": "@ddn/egg-wechat",
+  "version": "1.0.24",
+  "description": "Eggjs plugin for wechat",
+  "types": "./index.d.ts",
+  "eggPlugin": {
+    "name": "wechat"
+  },
+  "keywords": [
+    "egg",
+    "egg-plugin",
+    "egg-wx",
+    "egg-weixin",
+    "egg-wechat",
+    "wechat",
+    "wxapp"
+  ],
+  "dependencies": {
+    "xml-js": "^1.6.11"
+  },
+  "peerDependencies": {
+    "egg": ">=3.0.0"
+  },
+  "devDependencies": {
+    "autod": "^3.1.0",
+    "autod-egg": "^1.1.0",
+    "egg": "^3.0.0",
+    "egg-bin": "^6.13.0",
+    "egg-ci": "^1.13.0",
+    "egg-mock": "^5.15.2",
+    "eslint": "^6.2.1",
+    "eslint-config-egg": "^7.4.1",
+    "lodash": "^4.17.14"
+  },
+  "engines": {
+    "node": ">=8.0.0"
+  },
+  "scripts": {
+    "test": "npm run lint -- --fix && egg-bin pkgfiles && npm run test-local",
+    "test-local": "egg-bin test",
+    "cov": "egg-bin cov",
+    "lint": "eslint .",
+    "ci": "egg-bin pkgfiles --check && npm run lint && npm run cov",
+    "pkgfiles": "egg-bin pkgfiles",
+    "autod": "autod"
+  },
+  "files": [
+    "app",
+    "config",
+    "index.d.ts"
+  ],
+  "ci": {
+    "version": "8, 10"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/ddnlink/egg-wechat.git"
+  },
+  "bugs": {
+    "url": "https://github.com/ddnlink/egg-wechat/issues"
+  },
+  "homepage": "https://github.com/ddnlink/egg-wechat#readme",
+  "author": "ddnlink <kubying@qq.com>",
+  "license": "MIT"
+}