sd4324530 / fastweixin Goto Github PK
View Code? Open in Web Editor NEW极其方便的实现微信公众平台服务端开发,2行代码完成服务器绑定,3行代码实现用户消息监听
Home Page: https://github.com/sd4324530/fastweixin
License: Apache License 2.0
fastweixin's People
Contributors
Stargazers
Watchers
Forkers
shenjiefeng blueantst neoyoung yaole koujun2012 smartcloud2025 chen147 louishe yangzilong1986 se777en hqm1988 bitted linuxsky zhaozw dearest hellsam rucky2013 seem-sky xiaoma- penghaozhong gouchao morcal loman zhouyongtao slacrey jaware cywhfe sebinson lautnerlee coloren yndongyong luyongfugx fanqinghui qixiaobo huanglongdejia hqtc123 harrydlee msdgwzhy6 2307856559 zhaolong1990ok dotw yupengyan yylex wljcom fysoft2006 pccheerwin yantao bysunexus cloudliu liulxiang hesling findabottle valjzp nandychen immime dcb2002 devenfan gitter-badger justpoet gumutianqi 272029252 mambablack chujiang gkbattle13 2015oo erlangzhang twentwo mengyou658 szpaddy plokij74 danian-hn eonezhang alertisme javalixue hinadong newtonker overcls jifenbao jamesliang arrayadd nboat yangqinglei26 yuanqixun tylerteea agangdundan xfnet mavoncmc citysir wuhanqing keeleys bobierbo tmallcaptain wuyongwen talkvip lovecode2011 liusir008 yimuniao lzwgit zuohl kenchen1101fastweixin's Issues
消息处理逻辑
偶然看到这个项目,mvc的挺有兴趣就看了下
WeixinSupport类里面处理消息的逻辑感觉有点不对:
msg = handleTextMsg(textReqMsg);
if (isNull(msg)) {
msg = processMessageHandle(textReqMsg);
}
private BaseMsg processMessageHandle(BaseReqMsg msg) {
if (isEmpty(messageHandles)) {
synchronized (lock) {
messageHandles = this.getMessageHandles();
}
}
if (isNotEmpty(messageHandles)) {
for (MessageHandle messageHandle : messageHandles) {
BaseMsg resultMsg = messageHandle.handle(msg);
if (nonNull(resultMsg)) {
return resultMsg;
}
}
}
return null;
}
这几行的意思是先处理消息,要是没有处理就交给messageHandles,而开始在controller复写的这个方法会返回一个list,也就是每次请求不管是什么类型都要走一遍所有的MessageHandle ?这块感觉有误,不知道我理解的对不对
accessToken不支持手动刷新?
目前系统中较多应用使用微信token,最好把fastweixin单独部署成服务。(之前部分系统存在实现获取token的逻辑)
但是基于现状,尚未实现。因此希望可以accessToken可以手动刷新。
比如场景:用户手动操作了刷新accessToken之后,fastweixin报错,但是对于报错后不支持直接刷新,反而等到7100s之后才会刷新
public String getAccessToken() {
long now = System.currentTimeMillis();
long time = now - this.weixinTokenStartTime;
try {
/*
* 判断优先顺序:
* 1.官方给出的超时时间是7200秒,这里用7100秒来做,防止出现已经过期的情况
* 2.刷新标识判断,如果已经在刷新了,则也直接跳过,避免多次重复刷新,如果没有在刷新,则开始刷新
*/
if (time > 7100000 && this.tokenRefreshing.compareAndSet(false, true)) {
LOG.debug("准备刷新token.............");
initToken(now);
}
} catch (Exception e) {
LOG.warn("刷新Token出错.", e);
//刷新工作出现有异常,将标识设置回false
this.tokenRefreshing.set(false);
}
return accessToken;
}
线程安全问题
toUserName 是 WeixinSupport 的成员变量,但是这个变量不是线程安全的。
我们都知道 Servlet 是单实例的,多个请求链接(http)访问同一个 Servlet 实例的方法是走多线程的,processRequest 方法处好事件后,会将结果返回给客户端,如果 toUserName 不是线程安全的,那么返回客户端的时候有可能(大并发)返回的消息是串的,换句话说应该返给A的消息会返给B。
这个问题只有在大并发下会出现。
建议名字改成读完代码之后,可以快速搭建服务器
没有文档和Demo,只能读代码,基于这个之后,才可能快速起来啦。
NPE at com.github.sd4324530.fastweixin.util.NetWorkCenter:246
com.github.sd4324530.fastweixin.util.CollectionUtil.newArrayList(T... ele) 会产生含有空元素的ArrayList.
java.lang.NullPointerException
com.github.sd4324530.fastweixin.util.NetWorkCenter.doRequest(NetWorkCenter.java:246)
com.github.sd4324530.fastweixin.util.NetWorkCenter.post(NetWorkCenter.java:134)
com.github.sd4324530.fastweixin.util.NetWorkCenter.post(NetWorkCenter.java:139)
com.github.sd4324530.fastweixin.api.BaseAPI.executePost(BaseAPI.java:102)
com.github.sd4324530.fastweixin.api.BaseAPI.executePost(BaseAPI.java:83)
com.github.sd4324530.fastweixin.api.MessageAPI.sendCustomMessage(MessageAPI.java:99)
MessageUtil.java解析xml存在xxe漏洞
你好,麻烦修复下解析xml的漏洞问题
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
String FEATURE = null;
FEATURE = "http://javax.xml.XMLConstants/feature/secure-processing";
dbf.setFeature(FEATURE, true);
FEATURE = "http://apache.org/xml/features/disallow-doctype-decl";
dbf.setFeature(FEATURE, true);
FEATURE = "http://xml.org/sax/features/external-parameter-entities";
dbf.setFeature(FEATURE, false);
FEATURE = "http://xml.org/sax/features/external-general-entities";
dbf.setFeature(FEATURE, false);
FEATURE = "http://apache.org/xml/features/nonvalidating/load-external-dtd";
dbf.setFeature(FEATURE, false);
dbf.setXIncludeAware(false);
dbf.setExpandEntityReferences(false);
DocumentBuilder builder = dbf.newDocumentBuilder();
// 读取xml文件内容
FileInputStream fis = new FileInputStream("path/to/xxexml");
InputSource is = new InputSource(fis);
Document doc = builder.parse(is);
将一条长链接转成短链接
能否支持这个接口呢?
多节点ApiConfig同步问题
我的服务需要部署多个节点,但是多个节点就会产生ApiConfig不一致的情况,会使之前获取的token失效,这种情况应该怎么处理
微信服务器返回了ResultType中不包含的错误码,会导致BaseResponse.getErrMsg()异常
如题,getErrMsg会抛出NullPointerException.
返回示例如下:
{"errcode":48003,"errmsg":"user not agree mass-send protocol"}
建议修改为,返回码不包含在ResultType中时,直接返回原始errmsg.
NetWorkCenter bug
源码
public static BaseResponse post(String url, String paramData, List fileList) {
final BaseResponse[] response = new BaseResponse[]{null};
post(url, paramData, fileList, new ResponseCallback() {
@OverRide
public void onResponse(int resultCode, String resultJson) {
if (200 == resultCode) {
BaseResponse r = JSONUtil.toBean(resultJson, BaseResponse.class);
if(StrUtil.isBlank(r.getErrcode())) {
r.setErrcode("0");
}
r.setErrmsg(resultJson);
response[0] = r;
} else {//请求本身就失败了
response[0] = new BaseResponse();
response[0].setErrcode(String.valueOf(resultCode));
response[0].setErrmsg("请求失败");
}
}
});
return response[0];
}
当请求失败的时候errmsg为"请求失败",导致外层API调用时,在请求异常时,json解析失败
例如 BaseResponse r = executePost(url, null, file);
response = JSONUtil.toBean(r.getErrmsg(), UploadMediaResponse.class);
可以将上面的请求失败的时候errmsg设置成返回数据,方法2,在所有调用的api处,检查errcode分别处理正常和异常的情况
明文模式下的问题
明文模式下 aesKey是为空的,如果把空值传入 parseXml 函数
parseXml(HttpServletRequest request, String token, String appId, String aesKey)
那么 inputStream 成员就没有数据下面的代码就会抛出异常。
有些情况不能用兼容模式或者安全模式(服务器没有打安全策略补丁),只可以用明文模式也是很常见的,我觉得这是个重大 BUG。
关于微信调度实现方式
我建议对于微信调用控制方式的实现不要太多的依赖于其他框架,特别是web框架,微信API的控制我想不应该和web程序有任何关系吧?
为啥没有api文档???
不明白..
企业号文件上传API中不支持普通文件(file)
企业号文件上传API中,MediaType枚举没有 普通文件(file)
代码在QYMediaAPI.java 54行
菜单管理,不支持添加小程序到菜单栏,希望能更新下,谢谢🙏
demo
您好,问一下集成有公众支付吗?
发现一个bug ,Menu类的setButton少了一行代码
/**
-
菜单对象,包含所有菜单按钮
-
@author peiyu
*/
public class Menu implements Model {/**
- 一级菜单列表,最多3个
*/
private List button;
public List getButton() {
return button;
}public void setButton(List button) {
if(null == button || button.size() > 3) {
throw new RuntimeException("主菜单最多3个");
}
}@OverRide
public String toJsonString() {
return JSONUtil.toJson(this);
}
} - 一级菜单列表,最多3个
set方法少了一行this.button = button
ResultType缺少45047错误码
ResultType中缺少错误码为45047的值,所以会导致微信接口返回这个码时,fastweixin相关接口会返回NULL
TemplateMsgAPI模版api中setUrl无需必填
topcolor字段微信开发平台无对应的字段,设置无效,可以在设置了的情况下作为没有设置消息字段的颜色的默认颜色值
请问有可能提供 access token,js token 的持久化吗
或者提供接口自己实现
MessageUtil XML解析出现异常
v1.3.11
加密模式
微信服务器绑定验证失败,返回给官方的响应应设置为xml格式
验证token、appid、appsecret都通过,代码也返回true,但是微信开发者服务器绑定却总提示失败,排查后的解决方案是:
com.github.sd4324530.fastweixin.servlet.WeixinControllerSupport:line 27加上
(produces = "application/xml;charset=UTF-8")
特殊情况会造成jsApiTicket刷新失败
在刷新jsApiTicket的时候没有考虑accessToken的有效性,会造成jsApiTicket刷新失败,返回的还是旧的jsApiTicket
private void initJSToken() {
LOG.debug("初始化 jsapi_ticket........");
String url = "https://api.weixin.qq.com/cgi-bin/ticket/getticket?access_token=" + accessToken + "&type=jsapi";
NetWorkCenter.get(url, null, new NetWorkCenter.ResponseCallback() {
@Override
public void onResponse(int resultCode, String resultJson) {
if (HttpStatus.SC_OK == resultCode) {
GetJsApiTicketResponse response = JSONUtil.toBean(resultJson, GetJsApiTicketResponse.class);
LOG.debug("获取jsapi_ticket:{}", response.getTicket());
ApiConfig.this.jsApiTicket = response.getTicket();
jsTokenStartTime = System.currentTimeMillis();
}
}
});
}请支持mass/delete,群发消息删除接口
请支持mass/delete,群发消息删除接口
https://mp.weixin.qq.com/wiki?action=doc&id=mp1481187827_i0l21#4
http请求方式: POST
https://api.weixin.qq.com/cgi-bin/message/mass/delete
经常出现40001的错误
该问题的出现一直没有发现规律,也不知道如何解决?
2016-12-25 09:49:26 DEBUG [com.github.sd4324530.fastweixin.util.NetWorkCenter.doRequest:273] - [-----------------请求成功-----------------]
2016-12-25 09:49:26 DEBUG [com.github.sd4324530.fastweixin.util.NetWorkCenter.doRequest:274] - [响应结果:]
2016-12-25 09:49:26 DEBUG [com.github.sd4324530.fastweixin.util.NetWorkCenter.doRequest:275] - [{"errcode":40001,"errmsg":"invalid credential, access_token is invalid or not latest hint: [dLTTea0566vr46!]"}]
TemplateMsgAPI getLogger
public class TemplateMsgAPI extends BaseAPI {
private static final Logger LOG = LoggerFactory.getLogger(CustomAPI.class);
ApiConfig.java accessToken, jsApiTicket变量增加volatile
多线程环境下,保证这两个变量的线程可见性
请增加QrcodeType:QR_STR_SCENE
现在微信可以生成带字符串参数的临时二维码,请增加这个枚举值:QR_STR_SCENE
参考: https://mp.weixin.qq.com/wiki?t=resource/res_main&id=mp1443433542
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.