Writing in the front

Write this article, mainly want to record me in the public number development study stepped on the pit.

Access the public number test environment

Access to the process

First of all, let’s take a look at the steps that the user has gone through in the process of accessing the public account and seeing the feedback message from the public account

First of all, you need to have an entrance to the public account (here, we temporarily use the wechat public account test account instead). After the user visits, the first step is to send a request to the wechat background, and the wechat background will forward the message to our wechat public account server.

In general, we are in the development of this machine in a local area network (LAN), located in the public WeChat backend server code is not access our local area network, so we need to use some tools to realize: will the machine set port service is mapped to the tool to generate virtual domain, this domain name can be direct access to the outside network. Several common tools are listed below

  • Ngrok (invalid)
  • www.tunnel.mobl (expired)
  • Localtunnel module (Virtual domain name)
  • QQ browser agent (feasible! However, the connection may be automatically disconnected if you do not access it for a long time.)
  • Peanut shell (paid software, more stable, walkthrough)

Apply for a test account

After understanding the access process, we need to create an entrance. Here, we first use the wechat public account to test the account for development.

First of all, click me and scan the QR code with wechat to enter the test account management interface

There are several caveats to this interface

  • appID

    A unique string assigned by the system as a parameter in the request URL to verify whether the request is from the wechat server

  • appsecret

    A unique string assigned by the system as a parameter in the request URL to verify whether the request is from the wechat server

  • URL

    The virtual URL generated by the tool mentioned above is accessible to the public network

  • Token

    An arbitrary string filled in by ourselves is used by the local server to verify whether the request is from the wechat server

After we have filled in the configuration information, we can click the submit button to see if the configuration is successful.

Identity check

On said [identity] (https://mp.weixin.qq.com/wiki?t=resource/res_main&id=mp1421135319&token=&lang=zh_CN) it. After clicking the submit button on the configuration page, wechat server will send a GET request to the URL filled in, and the server will put some parameters such as AppSecret and appID at the end of the request as verification parameters (token will not be spliced in the request, which is used for verification locally), as shown in the following figure

The local server receives the parameters, verifies the parameters according to the convention, and returns a message to the wechat server. After receiving the message, the wechat server confirms that the relationship is established with the local server. The message “Configuration succeeded” is displayed. The verification rule of the local server is as follows

Local server

The local HTTP server runs on the specified port to validate wechat requests, using Nodejs in this example

'use strict'

var Koa = require('koa')

var sha1 = require('sha1')

var config = {
    wechat: {
        appID:'wx1tttddddxxxxxxx',
        appsecret:'ae405ssddddfff2afffb7b',
        token:'xxx'
    }
}

var app = new Koa();

app.use(function *(next) {
    console.log(this.query)

    var token = config.wechat.token
    var signature = this.query.signature
    var nonce = this.query.nonce
    var timestamp = this.query.timestamp
    var echostr = this.query.echostr
    var str = [token, timestamp, nonce].sort().join('')
    var sha = sha1(str)

    if (sha === signature) {
        this.body = echostr + ''
    } else {
        this.body = 'wrong'
    }
})

app.listen(8081)

console.log('Listening 8081')
Copy the code

### Test results

Peanut shell use basic