牛骨文教育服务平台(让学习变的简单)

微信api地址

http://mp.weixin.qq.com/wiki/17/2d4265491f12608cd170a95559800f2d.html#.E7.AC.AC.E4.B8.80.E6.AD.A5.EF.BC.9A.E5.A1.AB.E5.86.99.E6.9C.8D.E5.8A.A1.E5.99.A8.E9.85.8D.E7.BD.AE

微信api说明

开发者通过检验signature对请求进行校验(下面有校验方式)。若确认此次GET请求来自微信服务器,请原样返回echostr参数内容,则接入生效,成为开发者成功,否则接入失败。

加密/校验流程如下:

  1. 将token、timestamp、nonce三个参数进行字典序排序
  2. 将三个参数字符串拼接成一个字符串进行sha1加密
  3. 开发者获得加密后的字符串可与signature对比,标识该请求来源于微信
  4. 代码:

/**
 * Created by tangxuelong on 15-10-16.
 * validateToken
 * 此文件只用于TOKEN验证
 */
var http = require("http");//内置http modoule
var config = require("./http.config")//配置module
var api = require("wechat-api");//npm wx
var url = require("url");
var crypto = require("crypto");

//微信接口的哈希加密方法
function sha1(str) {
    var md5sum = crypto.createHash("sha1");
    md5sum.update(str);
    str = md5sum.digest("hex");
    return str;
}
//微信路径token验证
function validate_token(req,res){
    //获取请求的qurey排序以后加密
    var query = url.parse(req.url, true).query;
    var signature = query.signature;
    var echostr = query.echostr;
    var timestamp = query["timestamp"];
    var nonce = query.nonce;
    var oriArray = new Array();
    oriArray[0] = nonce;
    oriArray[1] = timestamp;
    oriArray[2] = "XXXXXX";
    oriArray.sort();
    var original = oriArray.join("");
    var scyptoString = sha1(original);
    if (signature == scyptoString) {
        res.end(echostr);
        console.log("Confirm and send echo back");
    } else {
        res.end("false");
        console.log("Failed!");
    }
}
//创建http服务器
http.createServer(function(req,res){
    validate_token(req,res);
}).listen(config.port, config.http_ip);
console.log("http server is running");