企业微信接口配置入坑指南
文件包括https://github.com/sbzhu/weworkapi_python/blob/master/callback/
里面的两个文件,但是WXBizMsgCrypt.py需要修改部分(基于python3)
#!/usr/bin/env python
# -*- encoding:utf-8 -*-
""" 对企业微信发送给企业后台的消息加解密示例代码.
@copyright: Copyright (c) 1998-2014 Tencent Inc.
"""
#TODO(heanny.cn):修改了部分代码,从python2->python3
# ------------------------------------------------------------------------
import base64
import string
import random
import hashlib
import time
import struct
from Crypto.Cipher import AES
import xml.etree.cElementTree as ET
import sys,importlib
import socket
stdi, stdo, stde = sys.stdin, sys.stdout, sys.stderr
# reload(sys)
sys.stdin, sys.stdout, sys.stderr = stdi, stdo, stde
import pyserver.ierror as ierror
# sys.setdefaultencoding('utf-8')
"""
关于Crypto.Cipher模块,ImportError: No module named 'Crypto'解决方案
请到官方网站 https://www.dlitz.net/software/pycrypto/ 下载pycrypto。
下载后,按照README中的“Installation”小节的提示进行pycrypto安装。
"""
class FormatException(Exception):
pass
def throw_exception(message, exception_class=FormatException):
"""my define raise exception function"""
raise exception_class(message)
class SHA1:
"""计算企业微信的消息签名接口"""
def getSHA1(self, token, timestamp, nonce, encrypt):
"""用SHA1算法生成安全签名
@param token: 票据
@param timestamp: 时间戳
@param encrypt: 密文
@param nonce: 随机字符串
@return: 安全签名
"""
try:
encrypt=encrypt.encode()
except:
pass
try:
sortlist = [token, timestamp, nonce, encrypt]
sortlist.sort()
sha = hashlib.sha1()
sha.update((b"".join(sortlist)))
# sha.update(("".join(sortlist)).encode("utf8"))
return ierror.WXBizMsgCrypt_OK, sha.hexdigest()
except Exception as e:
print('getSHA1 Exception',e)
return ierror.WXBizMsgCrypt_ComputeSignature_Error, None
class XMLParse:
"""提供提取消息格式中的密文及生成回复消息格式的接口"""
# xml消息模板
AES_TEXT_RESPONSE_TEMPLATE = """<xml>
<Encrypt><![CDATA[%(msg_encrypt)s]]></Encrypt>
<MsgSignature><![CDATA[%(msg_signaturet)s]]></MsgSignature>
<TimeStamp>%(timestamp)s</TimeStamp>
<Nonce><![CDATA[%(nonce)s]]></Nonce>
</xml>"""
def extract(self, xmltext):
"""提取出xml数据包中的加密消息
@param xmltext: 待提取的xml字符串
@return: 提取出的加密消息字符串
"""
try:
xml_tree = ET.fromstring(xmltext)
encrypt = xml_tree.find("Encrypt")
return ierror.WXBizMsgCrypt_OK, encrypt.text
except Exception as e:
print('e',e)
return ierror.WXBizMsgCrypt_ParseXml_Error, None, None
def generate(self, encrypt, signature, timestamp, nonce):
"""生成xml消息
@param encrypt: 加密后的消息密文
@param signature: 安全签名
@param timestamp: 时间戳
@param nonce: 随机字符串
@return: 生成的xml字符串
"""
resp_dict = {
'msg_encrypt': encrypt.decode(),
'msg_signaturet': signature,
'timestamp': timestamp.decode(),
'nonce': nonce.decode(),
}
resp_xml = self.AES_TEXT_RESPONSE_TEMPLATE % resp_dict
return resp_xml
class PKCS7Encoder():
"""提供基于PKCS7算法的加解密接口"""
block_size = 32
def encode(self, text):
""" 对需要加密的明文进行填充补位
@param text: 需要进行填充补位操作的明文
@return: 补齐明文字符串
"""
text_length = len(text)
# 计算需要填充的位数
amount_to_pad = self.block_size - (text_length % self.block_size)
if amount_to_pad == 0:
amount_to_pad = self.block_size
# 获得补位所用的字符
pad = chr(amount_to_pad).encode("utf-8")
return text + pad * amount_to_pad
def decode(self, decrypted):
"""删除解密后明文的补位字符
@param decrypted: 解密后的明文
@return: 删除补位字符后的明文
"""
pad = ord(decrypted[-1])
if pad < 1 or pad > 32:
pad = 0
return decrypted[:-pad]
class Prpcrypt(object):
"""提供接收和推送给企业微信消息的加解密接口"""
def __init__(self, key):
# self.key = base64.b64decode(key+"=")
self.key = key
# 设置加解密模式为AES的CBC模式
self.mode = AES.MODE_CBC
def encrypt(self, text, receiveid):
"""对明文进行加密
@param text: 需要加密的明文
@return: 加密得到的字符串
"""
# 16位随机字符串添加到明文开头
text = self.get_random_str().encode('utf-8') +\
struct.pack("I", socket.htonl(len(text))) +\
text + \
receiveid
# 使用自定义的填充方式对明文进行补位填充
pkcs7 = PKCS7Encoder()
text = pkcs7.encode(text)
# 加密
cryptor = AES.new(self.key, self.mode, self.key[:16])
try:
ciphertext = cryptor.encrypt(text)
# 使用BASE64对加密后的字符串进行编码
# return ierror.WXBizMsgCrypt_OK, ciphertext.decode("ISO-8859-1")
return ierror.WXBizMsgCrypt_OK, base64.b64encode(ciphertext)
except Exception as e:
print(e)
return ierror.WXBizMsgCrypt_EncryptAES_Error, None
def decrypt(self, text, receiveid):
"""对解密后的明文进行补位删除
@param text: 密文
@return: 删除填充补位后的明文
"""
try:
cryptor = AES.new(self.key, self.mode, self.key[:16])
# 使用BASE64对密文进行解码,然后AES-CBC解密
plain_text = cryptor.decrypt(base64.b64decode(text))
except Exception as e:
print(e)
return ierror.WXBizMsgCrypt_DecryptAES_Error, None
try:
pad = ord(str(plain_text, encoding='ISO-8859-1')[-1])
# pad = ord(str(plain_text[-1]))
# 去掉补位字符串
# pkcs7 = PKCS7Encoder()
# plain_text = pkcs7.encode(plain_text)
# 去除16位随机字符串
content = plain_text[16:-pad]
xml_len = socket.ntohl(struct.unpack("I", content[: 4])[0])
xml_content = content[4: xml_len + 4]
from_receiveid = content[xml_len + 4:]
except Exception as e:
print('Exception',e)
return ierror.WXBizMsgCrypt_IllegalBuffer, None
if from_receiveid != receiveid:
return ierror.WXBizMsgCrypt_ValidateCorpid_Error, None
return 0, xml_content
def get_random_str(self):
""" 随机生成16位字符串
@return: 16位字符串
"""
# rule = string.letters + string.digits #TODO:python2
rule = string.ascii_letters + string.digits
str = random.sample(rule, 16)
return "".join(str)
class WXBizMsgCrypt(object):
# 构造函数
def __init__(self, sToken, sEncodingAESKey, sReceiveId):
try:
self.key = base64.b64decode(sEncodingAESKey + "=")
assert len(self.key) == 32
except:
throw_exception("[error]: EncodingAESKey unvalid !", FormatException)
# return ierror.WXBizMsgCrypt_IllegalAesKey,None
self.m_sToken = sToken
self.m_sReceiveId = sReceiveId.encode()
# 验证URL
# @param sMsgSignature: 签名串,对应URL参数的msg_signature
# @param sTimeStamp: 时间戳,对应URL参数的timestamp
# @param sNonce: 随机串,对应URL参数的nonce
# @param sEchoStr: 随机串,对应URL参数的echostr
# @param sReplyEchoStr: 解密之后的echostr,当return返回0时有效
# @return:成功0,失败返回对应的错误码
def VerifyURL(self, sMsgSignature, sTimeStamp, sNonce, sEchoStr):
sha1 = SHA1()
ret, signature = sha1.getSHA1(self.m_sToken, sTimeStamp, sNonce, sEchoStr)
if ret != 0:
return ret, None
if not signature == sMsgSignature.decode():
return ierror.WXBizMsgCrypt_ValidateSignature_Error, None
pc = Prpcrypt(self.key)
ret, sReplyEchoStr = pc.decrypt(sEchoStr, self.m_sReceiveId)
return ret, sReplyEchoStr
def EncryptMsg(self, sReplyMsg, sNonce, timestamp=None):
# 将企业回复用户的消息加密打包
# @param sReplyMsg: 企业号待回复用户的消息,xml格式的字符串
# @param sTimeStamp: 时间戳,可以自己生成,也可以用URL参数的timestamp,如为None则自动用当前时间
# @param sNonce: 随机串,可以自己生成,也可以用URL参数的nonce
# sEncryptMsg: 加密后的可以直接回复用户的密文,包括msg_signature, timestamp, nonce, encrypt的xml格式的字符串,
# return:成功0,sEncryptMsg,失败返回对应的错误码None
pc = Prpcrypt(self.key)
ret, encrypt = pc.encrypt(sReplyMsg, self.m_sReceiveId)
if ret != 0:
return ret, None
if timestamp is None:
timestamp = str(int(time.time()))
timestamp=timestamp.encode()
# 生成安全签名
sha1 = SHA1()
ret, signature = sha1.getSHA1(self.m_sToken, timestamp, sNonce, encrypt)
if ret != 0:
return ret, None
xmlParse = XMLParse()
return ret, xmlParse.generate(encrypt, signature, timestamp, sNonce)
def DecryptMsg(self, sPostData, sMsgSignature, sTimeStamp, sNonce):
# 检验消息的真实性,并且获取解密后的明文
# @param sMsgSignature: 签名串,对应URL参数的msg_signature
# @param sTimeStamp: 时间戳,对应URL参数的timestamp
# @param sNonce: 随机串,对应URL参数的nonce
# @param sPostData: 密文,对应POST请求的数据
# xml_content: 解密后的原文,当return返回0时有效
# @return: 成功0,失败返回对应的错误码
# 验证安全签名
xmlParse = XMLParse()
ret, encrypt = xmlParse.extract(sPostData)
if ret != 0:
return ret, None
sha1 = SHA1()
ret, signature = sha1.getSHA1(self.m_sToken, sTimeStamp, sNonce, encrypt)
if ret != 0:
return ret, None
if not signature == sMsgSignature.decode():
return ierror.WXBizMsgCrypt_ValidateSignature_Error, None
pc = Prpcrypt(self.key)
ret, xml_content = pc.decrypt(encrypt, self.m_sReceiveId)
return ret, xml_contentview.py方法demo
def Function_work_wechat_do(req):
'''基于python3 django的demo'''
from urllib.parse import unquote
from pyserver.WXBizMsgCrypt import WXBizMsgCrypt
import xml.etree.cElementTree as ET
'''定量'''
sToken = '2fVE********************'.encode()
sEncodingAESKey = '********************'
sCorpID = 'ww377********************'
wxcpt = WXBizMsgCrypt(sToken, sEncodingAESKey, sCorpID)
AgentID = '10********************'
Secret = 'fGq********************'
# 变量
sVerifyMsgSig = req.GET.get('msg_signature').encode()
sVerifyTimeStamp = req.GET.get('timestamp').encode()
sVerifyEchoStr = req.GET.get('echostr')
sVerifyNonce = req.GET.get('nonce').encode()
if sVerifyEchoStr != '' and sVerifyEchoStr is not None:
'''验证URL函数'''
# TODO(heanny.cn): 添加api接收消息配置的时候使用
ret, sEchoStr = wxcpt.VerifyURL(sVerifyMsgSig, sVerifyTimeStamp, sVerifyNonce, unquote(sVerifyEchoStr).encode())
if (ret != 0):
print("ERR: VerifyURL ret: " + str(ret))
return HttpResponse('ret error')
return HttpResponse(sEchoStr)
'''消息回复'''
sReqData = req.body
ret, sMsg = wxcpt.DecryptMsg(sReqData, sVerifyMsgSig, sVerifyTimeStamp, sVerifyNonce)
if (ret != 0):
print("ERR: DecryptMsg ret: " + str(ret))
return HttpResponse('ret error')
# 解密成功,sMsg即为xml格式的明文
# TODO: 对明文的处理
xml_tree = ET.fromstring(sMsg)
MsgType = xml_tree.find("MsgType").text
if MsgType == 'text':
'''文本对话'''
content = xml_tree.find("Content").text
return HttpResponse(content)
elif MsgType == 'event':
'''菜单处理'''
Event = xml_tree.find('Event').text
EventKey = xml_tree.find('EventKey').text
# TODO(heanny.cn):event消息类型
'''
if Event == 'subscribe': # 关注事件(包括普通关注事件和扫描二维码造成的关注事件)
# 如果 key 和 ticket 均不为空,则是扫描二维码造成的关注事件
if EventKey and xml_tree.find('ticket'):
return HttpResponse( '来源:扫描二维码关注')
else:
return HttpResponse('来源:搜索名称关注')
elif Event == 'unsubscribe':
reply_text = '取消关注事件'
elif Event == 'scan':
reply_text = '已关注用户扫描二维码!'
elif Event == 'location':
reply_text = '上报地理位置'
elif Event == 'click':
reply_text = '自定义菜单点击'
elif Event == 'view':
reply_text = '自定义菜单跳转链接'
elif Event == 'templatesendjobfinish':
reply_text = '模板消息'
'''
if Event == 'click':
print('click')
'''点击自定义菜单'''
timestamp = str(int(time.time()))
reMsg = ''' <xml>
<ToUserName><![CDATA[{sCorpID}]]></ToUserName>
<FromUserName><![CDATA[wx5********************]]></FromUserName>
<CreateTime>{timestamp}</CreateTime>
<MsgType><![CDATA[text]]></MsgType>
<Content><![CDATA[this is a test]]></Content>
<MsgId>1234567890123456</MsgId>
<AgentID>{AgentID}</AgentID>
</xml>'''.format(sCorpID=sCorpID, timestamp=timestamp, AgentID=AgentID)
print(reMsg)
ret, sEncryptMsg = wxcpt.EncryptMsg(reMsg.encode(), sVerifyNonce, timestamp)
# ret,sEncryptMsg = wxcpt.EncryptMsg('测试消息'.encode('utf-8'),sVerifyNonce)
print('resp_xml', sEncryptMsg)
return HttpResponse(sEncryptMsg, content_type="application/xml")
return HttpResponse('event type error')
else:
'''未知事件'''
# FIXME(heanny.cn):其他事件暂不处理,消息类型见https://work.weixin.qq.com/api/doc#90000/90135/90236
return HttpResponse('msg type error')更多信息详见我的代码片段https://gitee.com/heanny/codes/dqgtkofhp0nuys2c493w569
本文参与 腾讯云自媒体同步曝光计划,分享自作者个人站点/博客。
原始发表:2019-7-4,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号