q-koa 7.7.2

package/core/file/plugins/weixin/controller.js

@@ -0,0 +1,994 @@
+const { lodash, getAppByCtx, getConfig } = require('multiple-quick-koa')
+
+const path = require('path')
+const axios = require('axios')
+const OAuth = require('wechat-oauth')
+const WXPay = require('weixin-pay')
+const WeixinPay = require('../../services/weixinPay')
+const WeixinMp = require('../../services/weixinMP')
+const Weixin = require('../../services/weixin')
+const { jsonToXml } = require('../../services/xml')
+const WXBizDataCrypt = require('../../services/weixinCrypt')
+const weixinArticle = require('../../services/weixinArticle')
+const fxp = require('fast-xml-parser')
+const crypto = require('crypto')
+const OSS = require('ali-oss')
+
+exports.getConfig = async (ctx) => {
+  const { app } = getAppByCtx(ctx)
+
+  const { url } = ctx.request.body
+
+  const appConfig = getConfig(app)
+  const { app_id, app_secrect } = await appConfig.getObject('weixin_h5')
+  const weixin = new Weixin({
+    appid: app_id,
+    secrect: app_secrect,
+  })
+
+  weixin.init()
+  const result = await weixin.sign(url)
+  ctx.SUCCESS({
+    ...result,
+    debugFlag: false,
+    appId: app_id,
+    jsApiList: [
+      'updateAppMessageShareData',
+      'updateTimelineShareData',
+      'getLocation',
+      'scanQRCode',
+    ], // 必填，需要使用的JS接口列表
+  })
+}
+
+exports.mp_getPhone = async (ctx) => {
+  const { app } = getAppByCtx(ctx)
+
+  const { code, iv, encryptedData, config = 'weixin_mp' } = ctx.request.body
+
+  const appConfig = getConfig(app)
+  const { app_id, app_secrect } = await appConfig.getObject(config)
+
+  const weixinLoginUrl = `https://api.weixin.qq.com/sns/jscode2session?appid=${app_id}&secret=${app_secrect}&js_code=${code}&grant_type=authorization_code`
+
+  const weixinResult = await axios.get(weixinLoginUrl).then((res) => res.data)
+
+  const { session_key, openid } = weixinResult
+
+  if (!openid) {
+    throw new Error('微信获取手机失败，请重试')
+  }
+
+  const pc = new WXBizDataCrypt(app_id, session_key)
+
+  const { phoneNumber } = pc.decryptData(encryptedData, iv)
+
+  const exist = await app.model.user.findOne({
+    where: {
+      mobile: phoneNumber,
+    },
+    include: [
+      {
+        model: app.model.mp_user,
+      },
+    ],
+  })
+
+  const mobileExist =
+    exist &&
+    exist.mp_user &&
+    (!exist.mp_user.appid || exist.mp_user.appid === app_id)
+
+  if (mobileExist) {
+    throw new Error('系统已存在该手机号')
+  }
+
+  const userResult = await app.model.mp_user.findOne({
+    where: {
+      openid,
+    },
+  })
+
+  if (!userResult || !userResult.user_id)
+    throw new Error('微信获取手机失败,请重试')
+
+  await app.model.user.upsert({
+    id: userResult.user_id,
+    mobile: phoneNumber,
+  })
+
+  const result = await app.model.user.findOne({
+    where: {
+      id: userResult.user_id,
+    },
+    include: [
+      {
+        model: app.model.h5_user,
+      },
+      {
+        model: app.model.mp_user,
+      },
+      {
+        model: app.model.toutiao_user,
+      },
+      ...app.include.user,
+    ].filter((item) => item.model),
+  })
+
+  const tokenResult = {
+    id: result.id,
+    name: result.name,
+    mobile: result.mobile,
+    h5_user: result.h5_user
+      ? {
+          openid: result.h5_user && result.h5_user.openid,
+        }
+      : null,
+    mp_user: result.mp_user
+      ? {
+          openid: result.mp_user && result.mp_user.openid,
+        }
+      : null,
+    toutiao_user: result.toutiao_user
+      ? {
+          openid: result.toutiao_user && result.toutiao_user.openid,
+        }
+      : null,
+  }
+
+  const token = await app.sign({
+    user: tokenResult,
+  })
+
+  return ctx.SUCCESS({
+    token,
+    user: result,
+  })
+}
+
+exports.getPhone = async (ctx) => {
+  const { app } = getAppByCtx(ctx)
+
+  const { code, iv, encryptedData } = ctx.request.body
+
+  const appConfig = getConfig(app)
+  const { app_id, app_secrect } = await appConfig.getObject('weixin_mp')
+
+  const weixinLoginUrl = `https://api.weixin.qq.com/sns/jscode2session?appid=${app_id}&secret=${app_secrect}&js_code=${code}&grant_type=authorization_code`
+
+  const weixinResult = await axios.get(weixinLoginUrl).then((res) => res.data)
+
+  const { session_key, openid } = weixinResult
+
+  if (!openid) {
+    throw new Error('微信获取手机失败，请重试')
+  }
+
+  const pc = new WXBizDataCrypt(app_id, session_key)
+
+  const { phoneNumber } = pc.decryptData(encryptedData, iv)
+
+  return ctx.SUCCESS({ phoneNumber })
+}
+
+/**
+ * 微信小程序登录
+ */
+exports.mp_login = async (ctx) => {
+  const { app, appName } = getAppByCtx(ctx)
+  const { code, config = 'weixin_mp', ...rest } = ctx.request.body
+
+  const appConfig = getConfig(app)
+  const { app_id, app_secrect } = await appConfig.getObject(config)
+
+  const weixinLoginUrl = `https://api.weixin.qq.com/sns/jscode2session?appid=${app_id}&secret=${app_secrect}&js_code=${code}&grant_type=authorization_code`
+
+  const res = await axios
+    .get(weixinLoginUrl)
+    .then((weixinRes) => weixinRes.data)
+
+  if (!res) throw new Error('微信登录失败')
+  const { openid, unionid } = res
+  if (!openid) {
+    const msg = `找不到openid, errcode:${res.errcode} app_id:${app_id} app_secrect:${app_secrect}`
+
+    throw new Error('微信登录失败')
+  }
+
+  const post = lodash.pickBy(
+    {
+      nick_name: lodash.get(rest, 'nickName', null),
+      avatar: lodash.get(rest, 'avatarUrl', null),
+      openid,
+      unionid: lodash.get(res, 'unionid', null),
+      appid: app_id,
+      user_id: lodash.get(ctx.request, `${appName}-user.id`, null),
+    },
+    (item) => item !== null
+  )
+
+  /**
+   * 查询是否已经有openid
+   *
+   * 如果已经有openid
+   *  更新这条记录
+   *  更新token并返回这条记录
+   *
+   * 如果没有openid
+   *  1.如果token里有uid
+   *   将uid作为user_id 添加一条微信记录
+   *
+   *  2.如果token里没有uid
+   *   user新增一条匿名记录
+   *   获得新匿名记录的uid
+   *   将uid作为user_id 添加一条微信记录
+   *
+   * 更新token并返回这条匿名记录
+   */
+
+  const openIdUser = await app.model.mp_user.findOne({
+    where: {
+      openid: post.openid,
+    },
+  })
+
+  let uid
+  if (openIdUser) {
+    await app.model.mp_user.update(post, {
+      where: {
+        openid: post.openid,
+      },
+    })
+    uid = openIdUser.user_id
+  } else {
+    if (post.user_id) {
+      uid = post.user_id
+      await app.model.mp_user.create({
+        ...post,
+        user_id: uid,
+      })
+    } else {
+      try {
+        await app.sequelize.transaction(async (transaction) => {
+          const user = await app.model.user.create(
+            {},
+            {
+              transaction,
+            }
+          )
+          uid = user.id
+          await app.model.mp_user.create(
+            {
+              ...post,
+              appid: app_id,
+              user_id: uid,
+            },
+            {
+              transaction,
+            }
+          )
+        })
+      } catch (e) {
+        console.log('mp_user.create出错了', { ...post })
+        throw new Error(e)
+      }
+    }
+  }
+
+  const result = await app.model.user.findOne({
+    where: {
+      id: uid,
+    },
+    include: [
+      {
+        model: app.model.h5_user,
+      },
+      {
+        model: app.model.mp_user,
+      },
+      {
+        model: app.model.toutiao_user,
+      },
+      ...app.include.user,
+    ].filter((item) => item.model),
+  })
+
+  if (!result.id) throw new Error('登录失败')
+
+  const tokenResult = {
+    id: result.id,
+    name: result.name,
+    mobile: result.mobile,
+    h5_user: result.h5_user
+      ? {
+          openid: result.h5_user && result.h5_user.openid,
+        }
+      : null,
+    mp_user: result.mp_user
+      ? {
+          openid: result.mp_user && result.mp_user.openid,
+        }
+      : null,
+    toutiao_user: result.toutiao_user
+      ? {
+          openid: result.toutiao_user && result.toutiao_user.openid,
+        }
+      : null,
+  }
+
+  const token = await app.sign({
+    user: tokenResult,
+  })
+
+  return ctx.SUCCESS({
+    token,
+    user: result,
+  })
+}
+
+/**
+ * 微信公众号H5登录
+ */
+exports.h5_login = async (ctx) => {
+  const { app, appName } = getAppByCtx(ctx)
+  const { return_uri } = ctx.query
+  const scope = 'snsapi_userinfo'
+  // const scope = 'snsapi_base'
+  const h5_login_callback_url =
+    scope === 'snsapi_base' ? 'h5_login_callback' : 'h5_login_info_callback'
+  /**
+   * upyun要开启query
+   */
+  const appConfig = getConfig(app)
+  const { app_id, host_link } = await appConfig.getObject('weixin_h5')
+
+  console.log(
+    'user_id========================',
+    lodash.get(ctx.request, `${appName}-user.id`, 0)
+  )
+  const redirect_uri = lodash.get(ctx.request, `${appName}-user.id`, 0)
+    ? encodeURIComponent(
+        `${host_link}/${appName}/weixin/${h5_login_callback_url}?url=${encodeURIComponent(
+          return_uri
+        )}&user_id=${ctx.request[`${appName}-user`].id}`
+      )
+    : encodeURIComponent(
+        `${host_link}/${appName}/weixin/${h5_login_callback_url}?url=${encodeURIComponent(
+          return_uri
+        )}`
+      )
+
+  const url = `https://open.weixin.qq.com/connect/oauth2/authorize?appid=${app_id}&redirect_uri=${redirect_uri}&response_type=code&scope=${scope}#wechat_redirect`
+
+  return ctx.redirect(url)
+}
+
+exports.h5_login_callback = async (ctx) => {
+  const { app, appName } = getAppByCtx(ctx)
+  const { code, url, user_id } = ctx.query
+
+  const appConfig = getConfig(app)
+  const { app_id, app_secrect } = await appConfig.getObject('weixin_h5')
+
+  const client = new OAuth(app_id, app_secrect)
+
+  const getAccessToken = (c) =>
+    new Promise((resolve, reject) => {
+      client.getAccessToken(c, (err, result) => {
+        if (err) {
+          console.log('err===', err)
+          return reject(err.data)
+        }
+        return resolve(result.data)
+      })
+    })
+  const data = await getAccessToken(`${code}`)
+
+  const post = lodash.pickBy(
+    {
+      nick_name: lodash.get(data, 'nickname', null),
+      avatar: lodash.get(data, 'headimgurl', null),
+      openid: data.openid,
+      appid: app_id,
+      user_id: user_id ? Number(user_id) : null,
+    },
+    (item) => item !== null
+  )
+  console.log('post', post)
+  /**
+   * 查询是否已经有openid
+   *
+   * 如果已经有openid
+   *  更新这条记录
+   *  更新token并返回这条记录
+   *
+   * 如果没有openid
+   *  1.如果token里有uid
+   *   将uid作为user_id 添加一条微信记录
+   *
+   *  2.如果token里没有uid
+   *   user新增一条匿名记录
+   *   获得新匿名记录的uid
+   *   将uid作为user_id 添加一条微信记录
+   *   更新token并返回这条匿名记录
+   */
+
+  const openIdUser = await app.model.h5_user.findOne({
+    where: {
+      openid: post.openid,
+    },
+  })
+  let uid
+  if (openIdUser) {
+    await app.model.h5_user.update(post, {
+      where: {
+        openid: post.openid,
+      },
+    })
+    uid = openIdUser.user_id
+  } else {
+    if (post.user_id) {
+      uid = post.user_id
+    } else {
+      // 新增空记录
+      const user = await app.model.user.create()
+      uid = user.id
+    }
+
+    await app.model.h5_user.create({
+      ...post,
+      user_id: uid,
+    })
+  }
+
+  const result = await app.model.user.findOne({
+    where: {
+      id: uid,
+    },
+    include: [
+      {
+        model: app.model.h5_user,
+      },
+      {
+        model: app.model.mp_user,
+      },
+      {
+        model: app.model.toutiao_user,
+      },
+      ...app.include.user,
+    ].filter((item) => item.model),
+  })
+
+  const tokenResult = {
+    id: result.id,
+    name: result.name,
+    mobile: result.mobile,
+    h5_user: result.h5_user
+      ? {
+          openid: result.h5_user && result.h5_user.openid,
+        }
+      : null,
+    mp_user: result.mp_user
+      ? {
+          openid: result.mp_user && result.mp_user.openid,
+        }
+      : null,
+    toutiao_user: result.toutiao_user
+      ? {
+          openid: result.toutiao_user && result.toutiao_user.openid,
+        }
+      : null,
+  }
+
+  const token = await app.sign({
+    user: tokenResult,
+  })
+
+  ctx.cookies.set(`${appName}-token`, token, {
+    httpOnly: false,
+  })
+
+  return ctx.redirect(url)
+}
+
+exports.h5_login_info_callback = async (ctx) => {
+  const { app, appName } = getAppByCtx(ctx)
+  const { code, url, user_id } = ctx.query
+
+  const appConfig = getConfig(app)
+  const { app_id, app_secrect } = await appConfig.getObject('weixin_h5')
+
+  const client = new OAuth(app_id, app_secrect)
+
+  const getUserByCode = (c) =>
+    new Promise((resolve, reject) => {
+      client.getUserByCode(c, (err, result) => {
+        if (err) {
+          console.log('err===', err)
+          return reject(err.data)
+        }
+        return resolve(result)
+      })
+    })
+  const data = await getUserByCode(`${code}`)
+  console.log('========', data)
+
+  const post = lodash.pickBy(
+    {
+      nick_name: lodash.get(data, 'nickname', null),
+      avatar: lodash.get(data, 'headimgurl', null),
+      openid: data.openid,
+      appid: app_id,
+      user_id: user_id ? Number(user_id) : null,
+    },
+    (item) => item !== null
+  )
+  console.log('post', post)
+  /**
+   * 查询是否已经有openid
+   *
+   * 如果已经有openid
+   *  更新这条记录
+   *  更新token并返回这条记录
+   *
+   * 如果没有openid
+   *  1.如果token里有uid
+   *   将uid作为user_id 添加一条微信记录
+   *
+   *  2.如果token里没有uid
+   *   user新增一条匿名记录
+   *   获得新匿名记录的uid
+   *   将uid作为user_id 添加一条微信记录
+   *   更新token并返回这条匿名记录
+   */
+
+  const openIdUser = await app.model.h5_user.findOne({
+    where: {
+      openid: post.openid,
+    },
+  })
+  let uid
+  if (openIdUser) {
+    await app.model.h5_user.update(post, {
+      where: {
+        openid: post.openid,
+      },
+    })
+    uid = openIdUser.user_id
+  } else {
+    if (post.user_id) {
+      uid = post.user_id
+    } else {
+      // 新增空记录
+      const user = await app.model.user.create({
+        nick_name: post.nick_name,
+        avatar: post.avatar,
+      })
+      uid = user.id
+    }
+
+    await app.model.h5_user.create({
+      ...post,
+      user_id: uid,
+    })
+  }
+  const result = await app.model.user.findOne({
+    where: {
+      id: uid,
+    },
+    include: [
+      {
+        model: app.model.h5_user,
+      },
+      {
+        model: app.model.mp_user,
+      },
+      {
+        model: app.model.toutiao_user,
+      },
+      ...app.include.user,
+    ].filter((item) => item.model),
+  })
+
+  const tokenResult = {
+    id: result.id,
+    name: result.name,
+    mobile: result.mobile,
+    h5_user: result.h5_user
+      ? {
+          openid: result.h5_user && result.h5_user.openid,
+        }
+      : null,
+    mp_user: result.mp_user
+      ? {
+          openid: result.mp_user && result.mp_user.openid,
+        }
+      : null,
+    toutiao_user: result.toutiao_user
+      ? {
+          openid: result.toutiao_user && result.toutiao_user.openid,
+        }
+      : null,
+  }
+
+  const token = await app.sign({
+    user: tokenResult,
+  })
+
+  ctx.cookies.set(`${appName}-token`, token, {
+    httpOnly: false,
+  })
+
+  return ctx.redirect(url)
+}
+
+exports.h5_pay = async (ctx) => {
+  const { app, appName } = getAppByCtx(ctx)
+  const {
+    name,
+    order_id,
+    price,
+    return_url,
+    type,
+    is_admin = false,
+  } = ctx.request.body
+
+  const appConfig = getConfig(app)
+  const { appId, key, mchId } = await appConfig.getObject('weixin_pay')
+  const { is_dev, site_host } = await appConfig.getObject('base')
+
+  const payObj = new WeixinPay({
+    appId,
+    key,
+    mchId,
+  })
+  const result = await payObj.run({
+    body: name,
+    out_trade_no: `${appName}_${order_id}_${type}`,
+    total_fee: is_admin || is_dev ? 1 : Math.round(price * 100),
+    notify_url: `https://${
+      site_host || 'api.kuashou.com'
+    }/${appName}/weixin/notify`,
+    scene_info: `{"h5_info": {"type":"Wap","wap_url": ${
+      site_host || 'https://api.kuashou.com'
+    },"wap_name": "腾讯充值"}}`,
+  })
+  if (result.result_code === 'FAIL') throw new Error(result.err_code_des)
+
+  ctx.SUCCESS(
+    return_url
+      ? `${result.mweb_url}&redirect_url=${encodeURIComponent(return_url)}`
+      : result.mweb_url
+  )
+}
+
+exports.mp_pay = async (ctx) => {
+  const { app, appName } = getAppByCtx(ctx)
+  const {
+    name,
+    order_id,
+    price,
+    return_url,
+    prefix = '',
+    type,
+    out_trade_no,
+    is_admin = false,
+    config = 'weixin_mp',
+  } = ctx.request.body
+
+  if (price === 0) throw new Error('价格不能为0')
+
+  if (type === 'H5-WEIXIN') {
+    if (
+      !ctx.request[`${appName}-user`] ||
+      !ctx.request[`${appName}-user`].h5_user
+    ) {
+      throw new Error('请先微信登录')
+    }
+  } else if (
+    !ctx.request[`${appName}-user`] ||
+    !ctx.request[`${appName}-user`].mp_user
+  ) {
+    throw new Error('请先小程序登录')
+  }
+  const appConfig = getConfig(app)
+
+  const { mchId, key } = await appConfig.getObject('weixin_pay')
+  const { is_dev, site_host } = await appConfig.getObject('base')
+  // 公众号支付用 服务号 appid，其他用小程序 appid
+  const app_id =
+    type === 'H5-WEIXIN'
+      ? (await appConfig.getObject('weixin_h5')).app_id
+      : (await appConfig.getObject(config)).app_id
+
+  const wxpay = WXPay({
+    appid: app_id,
+    mch_id: mchId,
+    partner_key: key, // 微信商户平台API密钥
+  })
+
+  const pay = (options) =>
+    new Promise((resolve, reject) => {
+      wxpay.getBrandWCPayRequestParams(options, (err, result) => {
+        if (err) return reject(err)
+        return resolve(result)
+      })
+    })
+
+  const userDetail =
+    type === 'H5-WEIXIN'
+      ? ctx.request[`${appName}-user`].h5_user
+      : ctx.request[`${appName}-user`].mp_user
+  const {
+    appId: appid,
+    nonceStr: nonce_str,
+    package: prepay_id,
+    paySign: sign,
+    signType,
+    timeStamp,
+  } = await pay({
+    openid: userDetail.openid,
+    body: name,
+    detail: '公众号支付测试',
+    out_trade_no: out_trade_no
+      ? out_trade_no
+      : prefix
+      ? `${appName}_${prefix}-${order_id}_${type}`
+      : `${appName}_${order_id}_${type}`,
+    total_fee: is_admin || is_dev ? 1 : Math.round(price * 100),
+    spbill_create_ip: '192.168.2.210',
+    notify_url: `http://${
+      site_host || 'api.kuashou.com'
+    }/${appName}/weixin/notify`,
+  })
+
+  if (prepay_id.includes('undefined')) {
+    const model = type === 'H5-WEIXIN' ? 'h5_user' : 'mp_user'
+    const userTarget = await app.model[model].findOne({
+      where: {
+        openid: userDetail.openid,
+      },
+    })
+    if (app_id !== userTarget.appid)
+      throw new Error(
+        `appid不符，用户appid${userTarget.appid},付款appid${app_id}`
+      )
+    throw new Error(`支付失败，请重试`)
+  }
+  return ctx.SUCCESS({
+    debug: false,
+    appid,
+    timeStamp,
+    nonce_str,
+    prepay_id,
+    sign,
+    signType,
+    jsApiList: ['chooseWXPay'],
+    return_url,
+  })
+}
+
+exports.notify = async (ctx) => {
+  const { app } = getAppByCtx(ctx)
+  const result = ctx.request.xmlBody
+  let prefix = ''
+  let order_id = result.xml.out_trade_no.split('_')[1]
+  const order_price = Number(result.xml.total_fee) / 100
+  if (order_id.includes('-')) {
+    const arr = order_id.split('-')
+    order_id = Number(arr[1])
+    ;[prefix] = arr
+  } else {
+    order_id = Number(order_id)
+  }
+  const model = prefix ? `${prefix}_order` : 'order'
+  let transactionid = ''
+  try {
+    transactionid = result.xml.transaction_id
+  } catch (e) {}
+
+  console.log(order_id, '微信支付回调-----', model, order_price, transactionid)
+  if (app.service[model] && app.service[model].notify) {
+    await app.service[model].notify({
+      app,
+      order_id,
+      order: model,
+      order_price,
+      transactionid,
+    })
+  }
+
+  ctx.status = 200
+  ctx.res.setHeader('Content-Type', 'application/xml')
+  const returnResult = jsonToXml({
+    xml: {
+      return_code: 'SUCCESS',
+    },
+  })
+  ctx.res.end(returnResult)
+}
+
+exports.qr_code = async (ctx) => {
+  const { app } = getAppByCtx(ctx)
+
+  const { page, is_hyaline, scene, is_oss = false } = ctx.request.body
+
+  // if (!lodash.get(ctx.request, `${appName}-user.id`, null)) throw new Error('没有登录')
+
+  const appConfig = getConfig(app)
+  const { app_id, app_secrect } = await appConfig.getObject('weixin_mp')
+
+  const { site_host } = await appConfig.getObject('base')
+  const weixinMp = new WeixinMp({
+    appid: app_id,
+    secrect: app_secrect,
+    targetPath: `${path.resolve(__dirname, `${process.cwd()}/public/upload`)}`,
+  })
+  weixinMp.init()
+  if (!is_oss) {
+    const result = await weixinMp.createQR({
+      page,
+      is_hyaline,
+      scene,
+    })
+    const qr_image = `https://${
+      site_host || 'api.kuashou.com'
+    }/upload/${result}`
+
+    ctx.SUCCESS(qr_image)
+  } else {
+    const {
+      accessKeyId,
+      accessKeySecret,
+      bucket,
+      region,
+    } = await appConfig.getObject('oss')
+    if (!(accessKeyId && accessKeySecret && bucket && region)) {
+      throw new Error('没有配置oss设置')
+    }
+    const buffer = await weixinMp.createQRBuffer({
+      page,
+      is_hyaline,
+      scene,
+    })
+    const client = new OSS({
+      accessKeyId,
+      accessKeySecret,
+      bucket,
+      region,
+      secure: true,
+    })
+    const fileName = `${
+      String(new Date().getTime()).split('').reverse().join('') + Math.random()
+    }.png`
+    const result = await client.put(fileName, buffer)
+    if (result.res && result.res.status === 200) {
+      const url = result.url
+      return ctx.SUCCESS(url)
+    } else {
+      throw new Error(result.res.statusMessage)
+    }
+  }
+}
+
+exports.sendMessage = async (ctx) => {
+  const { app } = getAppByCtx(ctx)
+
+  const { openid, template_id, data, page } = ctx.request.body
+
+  const appConfig = getConfig(app)
+  const { app_id, app_secrect } = await appConfig.getObject('weixin_mp')
+
+  const weixinMp = new WeixinMp({
+    appid: app_id,
+    secrect: app_secrect,
+  })
+  weixinMp.init()
+  await weixinMp.sendMessage({
+    touser: openid,
+    template_id,
+    miniprogram_state: 'developer',
+    data,
+    page,
+  })
+
+  ctx.SUCCESS('发送成功')
+}
+
+exports.refund = async (ctx) => {
+  const { app, appName } = getAppByCtx(ctx)
+  const appConfig = getConfig(app)
+  const { id, prefix = '', price } = ctx.request.body
+
+  await app.service.weixin.refund({
+    ctx,
+    id,
+    prefix: '',
+    price,
+  })
+  ctx.SUCCESS('ok')
+}
+
+const decryption = function (data, key, iv) {
+  if (!data) {
+    return ''
+  }
+  iv = iv || ''
+  var clearEncoding = 'utf8'
+  var cipherEncoding = 'base64'
+  var cipherChunks = []
+  var decipher = crypto.createDecipheriv('aes-256-ecb', key, iv)
+  decipher.setAutoPadding(true)
+  cipherChunks.push(decipher.update(data, cipherEncoding, clearEncoding))
+  cipherChunks.push(decipher.final(clearEncoding))
+  return cipherChunks.join('')
+}
+
+const getRefundResultJson = async ({ req_info, app_key }) => {
+  const result = Buffer.from(req_info, 'base64')
+
+  const key = await crypto.createHash('md5').update(app_key).digest('hex')
+  const iv = Buffer.alloc(0) // 设置偏移量
+  let decxml = decryption(result, key, iv)
+  const reg = new RegExp('root>', 'g')
+  decxml = decxml.replace(reg, 'xml>') // 转化为xml格式
+  const xml2json = fxp.parse(decxml) // xml转对象
+  return xml2json.xml
+}
+
+exports.refund_notify = async (ctx) => {
+  const { app } = getAppByCtx(ctx)
+  const result = ctx.request.xmlBody
+
+  const appConfig = getConfig(app)
+  const { key } = await appConfig.getObject('weixin_pay')
+
+  const { req_info } = result.xml
+  const refundResult = await getRefundResultJson({
+    req_info,
+    app_key: key,
+  })
+
+  const { out_refund_no, out_trade_no, total_fee, refund_fee } = refundResult
+
+  const refund_price = Number(refund_fee) / 100
+
+  const prefix =
+    out_trade_no.split('_').length === 4 ? out_trade_no.split('_')[1] : ''
+
+  const order_id = Number(out_refund_no)
+  const model = prefix ? `${prefix}_order` : 'order'
+  console.log(out_refund_no, '微信支付回调-----', model)
+  if (app.service[model] && app.service[model].refund_notify) {
+    await app.service[model].refund_notify({
+      app,
+      order_id,
+      order: model,
+      refund_price,
+    })
+  }
+
+  ctx.status = 200
+  ctx.res.setHeader('Content-Type', 'application/xml')
+  const returnResult = jsonToXml({
+    xml: {
+      return_code: 'SUCCESS',
+    },
+  })
+  ctx.res.end(returnResult)
+}
+
+exports.article = async (ctx) => {
+  const { app } = getAppByCtx(ctx)
+
+  const { url } = ctx.request.body
+
+  if (!url) throw new Error('没有url')
+  if (!url.includes('//mp.weixin.qq.com/s')) throw new Error('非法url')
+
+  const content = await axios.get(url).then((res) => res.data)
+
+  const result = await weixinArticle.handleHtml(content)
+
+  return ctx.SUCCESS(result)
+}