wechat-offiaccount 0.1.0-alpha.0

package/.github/FUNDING.yml

@@ -0,0 +1,12 @@
+# These are supported funding model platforms
+
+github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: # Replace with a single Ko-fi username
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+custom: ['https://zxl20070701.github.io/notebook/home.html']

package/.mailmap

@@ -0,0 +1 @@
+zxl20070701 <1904314465@qq.com>

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) zxl20070701 走一步，再走一步
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,113 @@
+# [WeChat-offiaccount](https://github.com/fragement-contrib/WeChat-offiaccount)
+微信公众号辅助调试服务器
+
+<p>
+    <a href="https://www.npmjs.com/package/wechat-offiaccount?activeTab=versions">
+        <img src="https://img.shields.io/npm/dm/wechat-offiaccount.svg" alt="downloads">
+    </a>
+    <a href="https://www.npmjs.com/package/wechat-offiaccount">
+        <img src="https://img.shields.io/npm/v/wechat-offiaccount.svg" alt="Version">
+    </a>
+    <a href="https://github.com/fragement-contrib/WeChat-offiaccount" target='_blank'>
+        <img alt="GitHub repo stars" src="https://img.shields.io/github/stars/fragement-contrib/WeChat-offiaccount?style=social">
+    </a>
+</p>
+
+本项目用于搭建一个微信公众号本地测试环境，都是基于[测试号](http://mp.weixin.qq.com/debug/cgi-bin/sandboxinfo?action=showinfo&t=sandbox/index)来说明。
+
+## 如何本地调试？
+
+首先需要在```./offiaccount.config.js```中填入自己的appID和appsecret。
+
+### 接入微信公众平台开发
+
+为了接入你首先需要的是“接口配置信息”，这里需要填入```./offiaccount.config.js```中的token，和“测试号管理”页面的保持一致即可。
+
+然后你把这个项目在外网可以访问的服务器上运行后，配置后即可通过验证，然后就可以依据接口文档实现业务逻辑。
+
+### JS-SDK使用
+
+比如你启动后，手机可以通过```http://192.168.0.6:20000/wxConfig.html```（无需外网可以访问，如果电脑和手机连同一个wifi，像这里的例子，用局域网ip即可）访问，那么，“JS接口安全域名”中的域名配置成```192.168.0.6:20000```即可。
+
+然后在微信中打开上面的html页面即可（到此为止，你就可以在你的html页面使用[JS-SDK](https://developers.weixin.qq.com/doc/offiaccount/OA_Web_Apps/JS-SDK.html)能力了）。
+
+## 如何在项目中使用？
+为了方便随时随地使用，我们发布了npm包，只需要项目中安装后就可以按照下面说明使用需要的能力了：
+
+```
+npm install --save wechat-offiaccount
+```
+
+### JS-SDK使用
+
+首先，准备一份配置文件，比如在当前目录下有一个文件```offiaccount.config.js```，内容如下：
+
+```js
+// 具体的改为自己的即可
+const config = {
+    port:8080,
+    appID: "",
+    appsecret: ""
+};
+module.exports = config;
+```
+
+然后，在```package.json```中配置启动命令：
+
+```js
+{
+    "scripts": {
+        "offiaccount": "offiaccount-cli --config offiaccount.config.js"
+    }
+}
+```
+
+然后执行启动命令：
+
+```
+npm run offiaccount
+```
+
+接着，我们用浏览器最新的fetch举例子：
+
+```js
+fetch("http://" + window.location.hostname + ":8080/JsApiSignature?url=" + window.location.href.split('#')[0], {
+    method: "get"
+}).then(function (response) {
+    response.json()
+        .then(function (res) {
+
+            wx.config({
+                debug: true,
+                appId: res.appId, 
+                timestamp: res.timestamp,
+                nonceStr: res.nonceStr,
+                signature: res.signature,
+                jsApiList: ['chooseImage'] // 必填，需要使用的JS接口列表
+            });
+
+            wx.error(function (res) {
+                console.error(res);
+            });
+
+        });
+});
+```
+
+上面已经配置好了，并且申请了```wx.chooseImage```权限，后续用的时候，只需要：
+
+```js
+ wx.ready(function () {
+    console.log('准备好了！');
+
+    // todo
+});
+```
+
+比如访问的地址是：```http://192.168.0.6:20000/index.html```
+
+## 版权
+
+MIT License
+
+Copyright (c) [zxl20070701](https://zxl20070701.github.io/notebook/home.html) 走一步，再走一步

package/bin/run

@@ -0,0 +1,31 @@
+#!/usr/bin/env node
+
+'use strict';
+
+process.title = 'offiaccount-cli'
+const { log } = require('devby')
+
+const fs = require('fs')
+const path = require('path')
+
+const jsonfile = JSON.parse(fs.readFileSync(path.join(__dirname, '../package.json')))
+
+// 命令行传递的参数
+const parsed = require("devby").options({
+    "-c": "--config"
+}, process.argv)
+
+if (parsed.config && parsed.config.length > 0) {
+
+    // 读取配置
+    let configFile = require(path.join(process.cwd(), parsed.config[0]))
+
+    // 启动
+    require('../nodejs/index')(configFile)
+
+} else {
+    log(`
+offiaccount-cli@v${jsonfile.version}
+`)
+}
+

package/nodejs/index.js

@@ -0,0 +1,24 @@
+const express = require('express')
+const path = require('path')
+const auth = require('./libs/auth')
+const JsApiSignature = require('./libs/JsApiSignature')
+
+module.exports = (config) => {
+    const app = express()
+
+    // 静态资源
+    app.use(express.static(path.resolve(__dirname, '../html')))
+
+    // 获取微信签名
+    app.get("/JsApiSignature", JsApiSignature(config))
+
+    /**
+     * 我们这里使用测试号，通过”接口配置信息“来验证
+     * https://mp.weixin.qq.com/debug/cgi-bin/sandboxinfo?action=showinfo&t=sandbox/index
+     */
+    app.use(auth(config))
+
+    app.listen(config.port, () => {
+        console.log(">>> 服务器启动成功")
+    })
+}

package/nodejs/libs/JsApiSignature.js

@@ -0,0 +1,47 @@
+const sha1 = require('sha1')
+
+module.exports = (config) => {
+    return (req, res) => {
+
+        const { url } = req.query
+        const { appID } = config
+
+        /**
+         * 生成js-sdk的签名
+         * 1、组合参与签名的四个参数：jsapi_ticket（临时票据）、noncestr（随机字符串）、timestamp（时间戳）、url（当前服务器地址）
+         * 2、将其进行字典序排序，以‘&’拼接在一起
+         * 3、进行sha1加密，最终生成signature
+         */
+
+        require('./getJsapiTicket')(config).then(jsapi_ticket => {
+
+            // 获取随机字符串
+            const noncestr = (Math.random() + "").split('.')[1]
+
+            // 获取时间戳
+            const timestamp = new Date().valueOf()
+
+            // 排序并拼接
+            const str = [
+                `jsapi_ticket=${jsapi_ticket}`,
+                `noncestr=${noncestr}`,
+                `timestamp=${timestamp}`,
+                `url=${url}`
+            ].sort().join("&")
+
+            // sha1加密
+            const sha1Str = sha1(str)
+
+            res.setHeader('Access-Control-Allow-Origin', '*')
+            res.send(JSON.stringify({
+                appId: appID,
+                timestamp,
+                nonceStr: noncestr,
+                signature: sha1Str
+            }))
+
+        })
+
+    }
+
+}

package/nodejs/libs/auth.js

@@ -0,0 +1,44 @@
+const sha1 = require('sha1')
+
+module.exports = (config) => {
+    const { token } = config
+
+    return (req, res) => {
+
+        /**
+         * 如何验证信息来自微信服务器？
+         * 1、req.query.timestamp、req.query.nonce、token按照字典顺序排列成一个数组
+         * 2、把上述数组拼接成字符串，然后使用sha1加密
+         * 3、上面加密完成的结果和req.query.signature进行对比，如果一样，就通过
+         * 
+         * 通过的话，返回 req.query.echostr
+         * 不通过的话，返回 'error'
+         */
+        const { timestamp, nonce, signature, echostr } = req.query
+
+        // 排序并拼接
+        const str = [nonce, timestamp, token].sort().join("")
+
+        // sha1加密
+        const sha1Str = sha1(str)
+
+        if (sha1Str == signature) {
+
+            // 如果是服务器验证
+            if (req.method == 'GET') {
+                res.send(echostr)
+            }
+
+            // 如果是数据请求
+            else if (req.method == 'POST') {
+
+                // todo
+
+            }
+
+        } else {
+            res.end('error')
+        }
+
+    }
+}

package/nodejs/libs/getAccessToken.js

@@ -0,0 +1,58 @@
+const { get } = require('devby')
+const fs = require('fs')
+const path = require('path')
+
+const accessTokenPath = path.resolve(process.cwd(), './access_token.json')
+
+// 获取access_token
+function getAccessToken(config) {
+    const { appID, appsecret } = config
+
+    return new Promise((resolve, reject) => {
+        // 定义请求地址
+        const url = `https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=${appID}&secret=${appsecret}`
+
+        // 发送请求
+        get(url, {
+            json: true
+        }).then(res => {
+
+            console.log('>>> 获取新的 access_token')
+
+            // 添加过期时间
+            res.endtime = new Date().valueOf() + (res.expires_in - 300) * 1000
+
+            // 写入文件
+            fs.writeFileSync(accessTokenPath, JSON.stringify(res, null, 4))
+
+            resolve(res.access_token)
+        }).catch(err => {
+
+            console.log(err)
+
+            reject(err)
+        })
+    })
+}
+
+module.exports = (config) => {
+
+    // 如果文件不存在，一定需要重新获取
+    if (!fs.existsSync(accessTokenPath)) {
+        return getAccessToken(config)
+    } else {
+        let data = JSON.parse(fs.readFileSync(accessTokenPath, 'utf-8'))
+
+        // 没有过期，直接返回
+        if (data.endtime > new Date().valueOf()) {
+            return Promise.resolve(data.access_token)
+        }
+
+        // 过期了，重新获取
+        else {
+            return getAccessToken(config)
+        }
+
+    }
+
+}

package/nodejs/libs/getJsapiTicket.js

@@ -0,0 +1,62 @@
+const { get } = require('devby')
+const fs = require('fs')
+const path = require('path')
+
+const jsapiTicketPath = path.resolve(process.cwd(), './jsapi_ticket.json')
+
+const getAccessToken = require('./getAccessToken')
+
+// 获取access_token
+function getJsapiTicket(config) {
+    return new Promise((resolve, reject) => {
+        getAccessToken(config).then(accessToken => {
+
+            // 定义请求地址
+            const url = `https://api.weixin.qq.com/cgi-bin/ticket/getticket?access_token=${accessToken}&type=jsapi`
+
+            // 发送请求
+            get(url, {
+                json: true
+            }).then(res => {
+
+                console.log('>>> 获取新的 jsapi_ticket')
+
+                // 添加过期时间
+                res.endtime = new Date().valueOf() + (res.expires_in - 300) * 1000
+
+                // 写入文件
+                fs.writeFileSync(jsapiTicketPath, JSON.stringify(res, null, 4))
+
+                resolve(res.ticket)
+            }).catch(err => {
+
+                console.log(err)
+
+                reject(err)
+            })
+
+        })
+    })
+}
+
+module.exports = (config) => {
+
+    // 如果文件不存在，一定需要重新获取
+    if (!fs.existsSync(jsapiTicketPath)) {
+        return getJsapiTicket(config)
+    } else {
+        let data = JSON.parse(fs.readFileSync(jsapiTicketPath, 'utf-8'))
+
+        // 没有过期，直接返回
+        if (data.endtime > new Date().valueOf()) {
+            return Promise.resolve(data.ticket)
+        }
+
+        // 过期了，重新获取
+        else {
+            return getJsapiTicket(config)
+        }
+
+    }
+
+}

package/package.json

@@ -0,0 +1,19 @@
+{
+  "name": "wechat-offiaccount",
+  "version": "0.1.0-alpha.0",
+  "sideEffects": false,
+  "scripts": {
+    "dev": "node ./bin/run --config offiaccount.config.js"
+  },
+  "bin": {
+    "offiaccount-cli": "bin/run"
+  },
+  "description": "微信公众号辅助调试服务器",
+  "author": "zxl20070701",
+  "license": "MIT",
+  "dependencies": {
+    "devby": "^0.4.4",
+    "express": "^4.18.2",
+    "sha1": "^1.1.1"
+  }
+}