微信api地址
http://mp.weixin.qq.com/wiki/17/2d4265491f12608cd170a95559800f2d.html#.E7.AC.AC.E4.B8.80.E6.AD.A5.EF.BC.9A.E5.A1.AB.E5.86.99.E6.9C.8D.E5.8A.A1.E5.99.A8.E9.85.8D.E7.BD.AE
微信api說明
開發者通過檢驗signature對請求進行校驗(下面有校驗方式)。若確認此次GET請求來自微信服務器,請原樣返回echostr參數內容,則接入生效,成為開發者成功,否則接入失敗。
加密/校驗流程如下:
1. 將token、timestamp、nonce三個參數進行字典序排序
2. 將三個參數字符串拼接成一個字符串進行sha1加密
3. 開發者獲得加密后的字符串可與signature對比,標識該請求來源于微信
4.
代碼:
~~~
/**
* Created by tangxuelong on 15-10-16.
* validateToken
* 此文件只用于TOKEN驗證
*/
var http = require('http');//內置http modoule
var config = require('./http.config')//配置module
var api = require('wechat-api');//npm wx
var url = require("url");
var crypto = require("crypto");
//微信接口的哈希加密方法
function sha1(str) {
var md5sum = crypto.createHash("sha1");
md5sum.update(str);
str = md5sum.digest("hex");
return str;
}
//微信路徑token驗證
function validate_token(req,res){
//獲取請求的qurey排序以后加密
var query = url.parse(req.url, true).query;
var signature = query.signature;
var echostr = query.echostr;
var timestamp = query['timestamp'];
var nonce = query.nonce;
var oriArray = new Array();
oriArray[0] = nonce;
oriArray[1] = timestamp;
oriArray[2] = "XXXXXX";
oriArray.sort();
var original = oriArray.join('');
var scyptoString = sha1(original);
if (signature == scyptoString) {
res.end(echostr);
console.log("Confirm and send echo back");
} else {
res.end("false");
console.log("Failed!");
}
}
//創建http服務器
http.createServer(function(req,res){
validate_token(req,res);
}).listen(config.port, config.http_ip);
console.log('http server is running');
~~~