This article is participating in node.js advanced technology essay, click to see more details

preface

During a while ago began to have taken to the public, grope for development are also exposed to the public, will grope experiences were written and share in the process, because there is no experienced a backend system of study, so the following steps and ideas and thinking are groped for personal online, do not guarantee the authenticity, for reference only, if there are any errors or can be improved, welcome.

Access process – wechat

First, we log in the background of the official account and find the basic Settings in the menu on the left

After clicking modify configuration, we will enter the parameter filling page

Let’s analyze each of these parameters.

Parameters that

URL

It must start with http:// or https:// and supports port 80 and port 443 respectively. Here we are required to fill in our back-end address, wechat will forward the user’s operation class request to this address, it should be noted that this address only supports port 80 and port 443, so we have two methods

  • A separate subdomain (level 2 or level 3) will be assigned to the back-end service, which is the approach taken in this article
  • Use Nginx as a proxy. If your backend service does not use port 80 or 443, you can use Nginx to forward requests to the backend address.

Token

Token can be filled in by us arbitrarily, mainly used to generate signatures. When we access wechat, we will use Token to generate secret keys and send them to the server. The server will verify the secret keys.

EncodingAESKey

EncodingAESKey can be generated by our handwriting or by clicking the random generation button. We will talk about the encryption and decryption of the message body sent to the server by wechat of the main user in the later period.

Message encryption and decryption

  • Plaintext mode: no encryption
  • Compatible mode: Encryption and non-encryption coexist
  • Security mode: Encryption

Since this article does not cover subsequent message processing, it will be covered later in message processing. We can choose compatibility mode when developing

Access process – Server

Server authentication

After all the information was filled in, we clicked Submit and found an error popup in the system telling us that the token verification failed

This is because we only configured on wechat side, but did not respond on the server side. Let’s first see if the server has received the message

It can be seen that we have received the verification message from wechat. Now we just need to make a correct response to wechat.

First of all, we need to know what parameters are covered by the message sent by wechat, what are the meanings, and how we need to respond.

The wechat server will send a GET request to the filled server address URL, and the parameters of the GET request are shown in the following table

parameter describe
signature Wechat encryption signature and signature combine token parameters filled in by the developer with timestamp parameters and nonce parameters in the request.
timestamp The time stamp
nonce The random number
echostr Random string

Signature is encrypted by combining the token we filled in before with timestamp and nonce in the wechat GET request. After receiving the token, we need to decode signature and verify the decoded token. After verification, return echostr parameter to wechat to complete access.

Signature encryption rules are as follows:

  1. The token, TIMESTAMP, and nonce parameters are sorted lexicographically
  2. The three parameter strings are concatenated into one string for SHA1 encryption

Lexicographical sort is an alphabetical sort, we use the js array sort method.

Next we complete the access process by processing the request on the server side.

Since the server address we filled in wechat before was domain name /wx, we first put the request of route /wx into the whitelist without permission verification.

Signature encryption uses SHA1 encryption. You can use node.js to implement sha1 encryption

// encryption.js
const crypto = require('crypto')

module.exports = {
  md5: (str) = > {
    return crypto.createHash('md5').update(str).digest('hex')},sha1: (str) = > {
    return crypto.createHash('sha1').update(str).digest('hex')}}Copy the code

Then we can verify and process the verification message of wechat

const encryption = require('.. /utils/encryption')
class WxController {
  async index(ctx) {
    let {signature = ' ', timestamp = ' ', nonce = ' ', echostr = ' '} = ctx.query
    let token = process.env.wx_token

    / / authentication token
    let str = [token, timestamp, nonce].sort().join(' ')
    let sha1 = encryption.sha1(str)
    if(sha1 ! == signature) { ctx.body ='Token authentication failed'
      return
    } else {
      ctx.body = echostr
    }
  }
}

module.exports = new WxController()
Copy the code

After the modification, we deployed to the server, and then went to the wechat side to click submit. It can be seen that the submission has been successful.

After we click the Enable button, it will prompt us to enable the public platform’s custom menu and automatic reply will be disabled, all requests will be forwarded to our own server

Then we went to the public account to test it

We will find that wechat informs us that the public account service is faulty, because we have not done any processing to the message sent, and then we go to the server to have a look

It can be seen that we have successfully received the request forwarded by wechat, indicating that we have been successfully connected. We only need to process the information according to the provisions of wechat, and then return the necessary information. These will be put in the following article.

By the way, the authority of the individual public number is really little ah