增加token共享功能

2 years ago · 3c5fa5dc48
parent 4f1212ac44
commit 3c5fa5dc48
5 changed files with 77 additions and 22 deletions
--- a/app/functions.php
+++ b/app/functions.php
@ -20,3 +20,18 @@ function error($msg = "操作失败", $code = -1, $data = [], $is_array = false)
        return json(['code' => $code, 'data' => $data, 'msg' => $msg]);
    }
 }
+
+// 加密函数
+function encrypt($data, $key)
+{
+    $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
+    $encrypted = openssl_encrypt($data, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv);
+    return base64_encode($encrypted . '::' . $iv);
+}
+
+// 解密函数
+function decrypt($data, $key)
+{
+    list($encrypted_data, $iv) = explode('::', base64_decode($data), 2);
+    return openssl_decrypt($encrypted_data, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv);
+}
--- a/app/wechat/controller/IndexController.php
+++ b/app/wechat/controller/IndexController.php
@ -5,6 +5,7 @@ namespace app\wechat\controller;
 use app\admin\model\Platform;
 use app\common\model\Authorizers;
 use app\common\service\Forward;
+use app\common\service\wechat\MiniProgram;
 use app\common\service\wechat\OpenPlatform;
 use support\Request;
 use Tinywan\ExceptionHandler\Exception\BadRequestHttpException;
@ -42,9 +43,50 @@ class IndexController
        }
    }

+    /**
+     * 获取授权链接
+     * @param Request $request
+     * @param $url
+     * @return string
+     */
    public function authorizer(Request $request, $url = ''): string
    {
        $url = urldecode($url);
        return "<a href='$url' target='_blank'>点击授权</a>";
    }
+
+    /**
+     * 获取token给第三方平台使用
+     * @param Request $request
+     * @return int
+     * @throws BadRequestHttpException
+     */
+    public function getToken(Request $request)
+    {
+        // 开放平台应用ID
+        $platformAppId = $request->input('platform_appid');
+        // 被授权的应用ID
+        $appid = $request->input('appid');
+        // 校验参数
+        if (empty($platformAppId) || empty($appid)) return '参数错误';
+
+        $platformSetting = Platform::where('app_id', $platformAppId)->find();
+        $app = new MiniProgram($platformSetting->id);
+
+        if (empty($platformSetting->third_secret)) return '请先在wechat-mp开放平台配置外部平台解密secret';
+
+        // 获取 component_access_token
+        $component_access_token = $app->app->access_token->getToken()['component_access_token'];
+
+        // 获取 authorizer_access_token
+        $authorizer_access_token = $app->getToken($appid)['authorizer_access_token'];
+
+        $result = [
+            'platform_id' => $platformAppId,
+            'app_id' => $appid,
+            'component_access_token' => $component_access_token,
+            'authorizer_access_token' => $authorizer_access_token
+        ];
+        return encrypt(json_encode($result), $platformSetting->third_secret);
+    }
 }
--- a/config/route.php
+++ b/config/route.php
@ -14,6 +14,7 @@

 use Webman\Route;

+Route::any('/wechat/getToken', [app\wechat\controller\IndexController::class, 'getToken']);
 // 发起微信授权
 Route::any('/wechat/authorizer/{url}', [app\wechat\controller\IndexController::class, 'authorizer'])->name('wechat.authorizer');
 // 微信授权事件、消息与事件通知回调
--- a/front/src/views/platform/modules/CreateForm.vue
+++ b/front/src/views/platform/modules/CreateForm.vue
@ -37,6 +37,9 @@
          <a-input
            v-decorator="['forward_app', {rules: [{validator: validateForwardApp, message: '转发消息与事件URL需包含$APPID$'}]}]"/>
        </a-form-item>
+        <a-form-item label="外部平台解密secret">
+          <a-input v-decorator="['third_secret']"/>
+        </a-form-item>
        <a-form-item label="设为默认">
          <a-switch v-decorator="['is_default', { valuePropName: 'checked' }]"/>
        </a-form-item>
@ -49,7 +52,7 @@
 import pick from 'lodash.pick'

 // 表单字段
-const fields = ['id', 'name', 'app_id', 'secret', 'token', 'aes_key', 'forward_platform', 'forward_app', 'is_default']
+const fields = ['id', 'name', 'app_id', 'secret', 'token', 'aes_key', 'forward_platform', 'forward_app', 'third_secret', 'is_default']

 export default {
  props: {
@ -84,11 +87,7 @@ export default {
  methods: {
    validateForwardApp(rule, value, callback) {
      // 校验新密码和原始密码是否相等
-      console.log(value)
-      console.log(value.indexOf('$APPID$'))
-      // callback();
-
-      if (value.indexOf('$APPID$') === -1) {
+      if (value && value.indexOf('$APPID$') === -1) {
        callback('转发消息与事件URL需包含$APPID$');
      } else {
        callback();
--- a/install.sql
+++ b/install.sql
@ -25,7 +25,6 @@ CREATE TABLE `authorizers`
    PRIMARY KEY (`id`) USING BTREE,
    UNIQUE KEY `appid` (`appid`)
 ) ENGINE = InnoDB
-  AUTO_INCREMENT = 79
  DEFAULT CHARSET = utf8;

 -- 存储ticket、第三方信息等
@ -42,19 +41,21 @@ CREATE TABLE `comm`
 -- 存储平台信息
 CREATE TABLE `platform`
 (
-    `id`          int(10) unsigned                    NOT NULL AUTO_INCREMENT,
-    `name`        varchar(50) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
-    `app_id`      varchar(20) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
-    `secret`      varchar(32) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
-    `token`       varchar(20) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
-    `aes_key`     varchar(50) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
-    `is_default`  tinyint(1) unsigned                 NOT NULL DEFAULT '0',
-    `create_time` int(11) unsigned                    NOT NULL,
-    `update_time` int(11) unsigned                    NOT NULL,
+    `id`               int(10) unsigned                    NOT NULL AUTO_INCREMENT,
+    `name`             varchar(50) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
+    `app_id`           varchar(20) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
+    `secret`           varchar(32) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
+    `token`            varchar(20) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
+    `aes_key`          varchar(50) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
+    `forward_platform` varchar(50) COLLATE utf8_unicode_ci          DEFAULT NULL COMMENT '转发授权事件：授权事件推送包括：验证票据、授权成功、取消授权、授权更新、快速注册企业小程序、快速注册个人小程序、注册试用小程序、试用小程序快速认证、发起小程序管理员人脸核身、申请小程序备案',
+    `forward_app`      varchar(50) COLLATE utf8_unicode_ci          DEFAULT NULL COMMENT '消息与事件推送包括：设置小程序名称、添加类目、提交代码审核。审核结果会向消息与事件接收 URL 进行事件推送',
+    `third_secret`     char(32) COLLATE utf8_unicode_ci             DEFAULT NULL COMMENT '外部平台解密数据时的secret',
+    `is_default`       tinyint(1) unsigned                 NOT NULL DEFAULT '0',
+    `create_time`      int(11) unsigned                    NOT NULL,
+    `update_time`      int(11) unsigned                    NOT NULL,
    PRIMARY KEY (`id`),
    UNIQUE KEY `app_id` (`app_id`) USING BTREE
-) ENGINE = MyISAM
-  AUTO_INCREMENT = 6
+) ENGINE = InnoDB
  DEFAULT CHARSET = utf8
  COLLATE = utf8_unicode_ci;

@ -69,7 +70,6 @@ CREATE TABLE `user`
    PRIMARY KEY (`id`),
    UNIQUE KEY `user_username_uindex` (`username`)
 ) ENGINE = InnoDB
-  AUTO_INCREMENT = 3
  DEFAULT CHARSET = utf8;

 -- 推送给消息与事件URL的消息
@ -103,7 +103,6 @@ CREATE TABLE `wxcallback_component`
    PRIMARY KEY (`id`),
    KEY `receivetime` (`create_time`)
 ) ENGINE = InnoDB
-  AUTO_INCREMENT = 78
  DEFAULT CHARSET = utf8;

 -- component_access_token和authorizer_access_token
@ -134,5 +133,4 @@ CREATE TABLE `wxcallback_forward`
    PRIMARY KEY (`id`),
    KEY `receivetime` (`create_time`)
 ) ENGINE = InnoDB
-  AUTO_INCREMENT = 240
  DEFAULT CHARSET = utf8 COMMENT ='请求转发日志';