follow
/
service-visit


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203
							'use strict';

const assert = require('assert');
const uuid = require('uuid');
const random = require('string-random');
const crypto = require('crypto');
const _ = require('lodash');
const { BusinessError, ErrorCode } = require('naf-core').Error;
const jwt = require('jsonwebtoken');
const { AxiosService } = require('naf-framework-mongoose/lib/service');

class WeixinAuthService extends AxiosService {
  constructor(ctx) {
    super(ctx, {}, _.get(ctx.app.config, 'wxapi'));
    this.prefix = 'visit-auth:';
    this.jsapiKey = 'visit-access_token';
    this.wxInfo = ctx.app.config.wxapi;
  }
  /**
   * 网页授权
   * @param {Object} query 参数
   */
  async auth(query) {
    let { redirect_uri, ...others } = query;
    if (!redirect_uri) {
      redirect_uri = `${this.ctx.app.config.baseUrl}/api/visit/authBack`;
    }
    const { appid } = this.wxInfo;
    if (!appid) {
      throw new BusinessError(ErrorCode.SERVICE_FAULT, '缺少公众号设置');
    }
    // 用于redis
    const state = uuid.v4();
    const key = `${this.prefix}${state}`;
    const val = JSON.stringify({ ...others, redirect_uri });
    await this.app.redis.set(key, val, 'EX', 600);
    const url = `https://open.weixin.qq.com/connect/oauth2/authorize?appid=${appid}&redirect_uri=${redirect_uri}&response_type=code&scope=snsapi_base&state=${state}#wechat_redirect`;
    this.ctx.redirect(url);
  }

  /**
   * 网页授权回调,获取openid
   * @param {Object} query 参数
   */
  async authBack(query) {
    const { code, state } = query;
    if (!code) throw new BusinessError(ErrorCode.SERVICE_FAULT, '授权未成功');
    const { appid, appSecret } = this.wxInfo;
    const url = ` https://api.weixin.qq.com/sns/oauth2/access_token?appid=${appid}&secret=${appSecret}&code=${code}&grant_type=authorization_code`;
    const req = this.ctx.curl(url, { method: 'GET' });
    if (req.status !== 200) throw new BusinessError(ErrorCode.SERVICE_FAULT, 'openid获取失败');
    const openid = _.get(req, 'data.openid');
    if (!openid) {
      this.ctx.logger.error(JSON.stringify(req.data));
      throw new BusinessError(ErrorCode.SERVICE_FAULT, '未获取到openid');
    }
    // 验证获取openid结束,接下来应该返回前端
    const key = `${this.prefix}${state}`;
    let fqueries = await this.app.redis.get(key);
    if (fqueries)fqueries = JSON.parse(fqueries);
    const { redirect_uri } = fqueries;
    this.ctx.redirect(redirect_uri);
  }
  /**
   * JsApi验证
   * @param {Object} query 参数
   */
  async jsapiAuth(query) {
    const { url } = query;
    let jsapi_ticket = await this.app.redis.get(this.jsapiKey);
    const { appid, appSecret } = this.wxInfo;
    if (!jsapi_ticket) {
      // 1,重新获取access_token
      const atUrl = `https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=${appid}&secret=${appSecret}`;
      const req = await this.ctx.curl(atUrl, { method: 'GET' });
      if (req.status !== 200) throw new BusinessError(ErrorCode.SERVICE_FAULT, 'access_token获取失败');
      const access_token = _.get(req, 'data.access_token');
      // 2,获取jsapi_token
      const jtUrl = `https://api.weixin.qq.com/cgi-bin/ticket/getticket?access_token=${access_token}&type=jsapi`;
      const jtReq = await this.ctx.curl(jtUrl, { method: 'GET' });
      if (jtReq.status !== 200) throw new BusinessError(ErrorCode.SERVICE_FAULT, 'jsapi_ticket获取失败');
      jsapi_ticket = _.get(jtReq, 'data.ticket');
      // 实际过期时间是7200s(2h),系统默认设置6000s
      const expiresIn = _.get(jtReq, 'data.expires_in', 6000);
      // 缓存jsapi_ticket,重复使用
      await this.app.redis.set(this.jsapiKey, jsapi_ticket, 'EX', expiresIn);
    }
    const noncestr = random(16);
    const timestamp = new Date().getTime();
    const signStr = `jsapi_ticket=${jsapi_ticket}&noncestr=${noncestr}&timestamp=${timestamp}&url=${url}`;
    const sign = crypto.createHash('sha1').update(signStr).digest('hex');
    return { jsapi_ticket, noncestr, timestamp, signStr, sign, appid };
  }


  async createJwt({ openid, nickname, subscribe }) {
    const { secret, expiresIn = '1d', issuer = 'weixin' } = this.config.jwt;
    const subject = openid;
    const userinfo = { nickname, subscribe };
    const token = await jwt.sign(userinfo, secret, { expiresIn, issuer, subject });
    return token;
  }
  /**
   * 创建二维码
   * 随机生成二维码，并保存在Redis中，状态初始为pending
   * 状态描述：
   * pending - 等待扫码
   * consumed - 使用二维码登录完成
   * scand:token - Jwt登录凭证
   */
  async createQrcode() {
    const qrcode = uuid();
    const key = `visit:qrcode:group:${qrcode}`;
    await this.app.redis.set(key, 'pending', 'EX', 600);
    return qrcode;
  }

  /**
   * 创建二维码
   * 生成群二维码
   * 状态描述：
   * pending - 等待扫码
   * consumed - 使用二维码登录完成
   * scand:token - Jwt登录凭证
   */
  async createQrcodeGroup({ groupid }) {
    const { authUrl = this.ctx.path } = this.app.config;
    let backUrl;
    if (authUrl.startsWith('http')) {
      backUrl = encodeURI(`${authUrl}?state=${groupid}`);
    } else {
      backUrl = encodeURI(`${this.ctx.protocol}://${this.ctx.host}${authUrl}?state=${groupid}`);
    }
    console.log(backUrl);
    return backUrl;
  }

  /**
   * 扫码登录确认
   */
  async scanQrcode({ qrcode, token }) {
    assert(qrcode, 'qrcode不能为空');
    assert(token, 'token不能为空');
    const key = `smart:qrcode:login:${qrcode}`;
    const status = await this.app.redis.get(key);
    if (!status) {
      throw new BusinessError(ErrorCode.SERVICE_FAULT, '二维码已过期');
    }
    if (status !== 'pending') {
      throw new BusinessError(ErrorCode.SERVICE_FAULT, '二维码状态无效');
    }

    // 验证Token
    const { secret } = this.config.jwt;
    const decoded = jwt.verify(token, secret, { issuer: 'weixin' });
    this.ctx.logger.debug(`[weixin] qrcode login - ${decoded}`);

    // TODO: 修改二维码状态，登录凭证保存到redis
    await this.app.redis.set(key, `scaned:${token}`, 'EX', 600);

    // TODO: 发布扫码成功消息
    const { mq } = this.ctx;
    const ex = 'qrcode.login';
    if (mq) {
      await mq.topic(ex, qrcode, 'scaned', { durable: true });
    } else {
      this.ctx.logger.error('!!!!!!没有配置MQ插件!!!!!!');
    }
  }

  // 使用二维码换取登录凭证
  async qrcodeLogin(qrcode) {
    assert(qrcode, 'qrcode不能为空');
    const key = `smart:qrcode:login:${qrcode}`;
    const val = await this.app.redis.get(key);
    if (!val) {
      throw new BusinessError(ErrorCode.SERVICE_FAULT, '二维码已过期');
    }
    const [ status, token ] = val.split(':', 2);
    if (status !== 'scaned' || !token) {
      throw new BusinessError(ErrorCode.SERVICE_FAULT, '二维码状态无效');
    }

    // TODO: 修改二维码状态
    await this.app.redis.set(key, 'consumed', 'EX', 600);

    return { token };
  }

  // 检查二维码状态
  async checkQrcode(qrcode) {
    assert(qrcode, 'qrcode不能为空');
    const key = `smart:qrcode:login:${qrcode}`;
    const val = await this.app.redis.get(key);
    if (!val) {
      throw new BusinessError(ErrorCode.SERVICE_FAULT, '二维码已过期');
    }
    const [ status ] = val.split(':', 2);
    return { status };
  }
}

module.exports = WeixinAuthService;