Comments (4)
commented on May 28, 2024
尝试使用MD5将token值加密
get 'weixin/:encrypted_weixin_token', to: 'weixin#index'
post 'weixin/:encrypted_weixin_token', to: 'weixin#reply'缺点是要在Model里保存MD5值
from weixin_rails_middleware.
lanrion
commented on May 28, 2024
@turristan 一个是由开发者指定secret(自动生成到配置文件也可),通过这个sceret来做“混合”加密,这个是最简单的做法。另外一种可以考虑 "id+created_at+weixin_token" md5加密,同样,也是需要保存到库里,麻烦。第三种方法就是加密后的值,直接保存到用户配置的"token_column"内,页面上再解密显示。 你觉得哪种合适?
from weixin_rails_middleware.
commented on May 28, 2024
暴露在url中暴露token, 风险是程序可能被人盗用。
既然腾讯有一定的验证机制, 所以我们只要不暴露token就行了。
简单(到无脑)的方法是, Model 数据结构改成(rails g model WeiXinConfiguration secret token),将来还要加 app_key和app_secret的。config 将 token_column 改成 secret_column。
get 'weixin/:secret', to: 'weixin#index'
post 'weixin/:secret', to: 'weixin#reply'使用token_string也类似。
觉得加密并不是必须的。
from weixin_rails_middleware.
lanrion
commented on May 28, 2024
Fixed it in v1.1.0 version: https://github.com/lanrion/weixin_rails_middleware/tree/v1.1.0 .
from weixin_rails_middleware.
Related Issues (20)
- 公众平台消息体签名及加解密方案 HOT 1
- 重复的 `private` ? HOT 3
- weixin_token_string 验证失败 HOT 2
- 转发多客服消息 HOT 3
- 小视频消息 HOT 2
- 对weixin_rails_middleware Rspec测试的时候, WeixinRailsMiddleware::WeixinController#default_url_options 报错 HOT 3
- 自动回复功能 HOT 18
- 取消关注 报错 NoMethodError (undefined method `empty?' for true:TrueClass): HOT 10
- reply_transfer_customer_service_message 未提供指定客服参数 HOT 1
- 要对不同微信回复消息XML结构要实现到自动匹配
- 如何在weixin_controller_decorator.rb文件以外使用reply方法 HOT 2
- Rails 5 貌似不支持。 HOT 4
- 貌似 rails 5 开始不鼓励使用 before_filter 了 HOT 2
- 无法看到log HOT 3
- Rails5.1 貌似会取消这个 before_filter HOT 3
- 版本 1.3.2,初始配置校验,报MissTemplate错误 HOT 10
- Filter chain halted as :check_weixin_legality rendered or redirected HOT 3
- message.to_xml的class是Nokogiri::XML::Element Prpcrypt.encrypt加密的时候会undefined method `force_encoding' for #<Nokogiri::XML::Document HOT 1
- Weixin signature NotMatch HOT 4
- NameError: uninitialized constant HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from weixin_rails_middleware.