マイクロチャネルAPPの不正アクセス

Micro Channel App Unauthorized Access

Maven

<dependency> <groupId>org.apache.commonsgroupId> <artifactId>commons-ioartifactId> <version>1.3.2version> dependency> <dependency> <groupId>org.apache.commonsgroupId> <artifactId>commons-lang3artifactId> <version>3.4version> dependency> <dependency> <groupId>com.alibabagroupId> <artifactId>fastjsonartifactId> <version>1.2.38version> dependency> <dependency> <groupId>org.projectlombokgroupId> <artifactId>lombokartifactId> dependency>

コード

package com.xrz.weixin.service import com.alibaba.fastjson.JSONObject import lombok.extern.slf4j.Slf4j import org.apache.commons.lang3.StringUtils import org.springframework.beans.factory.annotation.Value import org.springframework.stereotype.Service import java.io.BufferedReader import java.io.InputStream import java.io.InputStreamReader import java.io.OutputStream import java.net.HttpURLConnection import java.net.URL import java.util.Map /** * @author XRZ * @date 2019/8/6 * @Description: micro-channel service * * 1.app end micro letter requesting authorization login, if the user agrees, will get code authorized * * 2.app end of the code to the server side. * * 3.Java according to APP pass over the code, appId get accessToken and secret acquisition and openId (unique user identification) * * 4. accessToken and openId queries user information * * The judgment is a new user / old user login */ @Slf4j @Service public class WeiXinService { /** * Get the URL access_token */ private static final String WX_AUTH_LOGIN_URL = 'https://api.weixin.qq.com/sns/oauth2/access_token' /** * Get user information URL */ private static final String WX_USERINFO_URL = 'https://api.weixin.qq.com/sns/userinfo' /** * Merchant ID */ @Value('${weixinConfig.appId}') private String appId /** * The corresponding private key */ @Value('${weixinConfig.appSecret}') private String appSecret /** * Get accessToken and openId according to code * @param code */ public Object getToken(String code){ if(StringUtils.isEmpty(code)){ throw new RuntimeException('Code can not be empty.') } // obtain authorization token and openId StringBuffer loginUrl = new StringBuffer() loginUrl.append(WX_AUTH_LOGIN_URL).append('?appid=').append(appId).append('&secret=') .append(appSecret).append('&code=').append(code).append('&grant_type=authorization_code') String res = this.httpRequest(loginUrl.toString(),'GET',null) Map map = JSONObject.parseObject(res, Map.class) // get the error code String errcode = map.get('errcode').toString() if (StringUtils.isNotEmpty(errcode)){ throw new RuntimeException('Micro-channel server returns an exception error codes:!'+errcode) } String openId = map.get('openId').toString() String accessToken = map.get('access_token').toString() // get user information StringBuffer userUrl = new StringBuffer() userUrl.append(WX_USERINFO_URL).append('?access_token=').append(accessToken).append('&openid=').append(openId) String userRet = this.httpRequest(userUrl.toString(),'GET',null) Map userMap = JSONObject.parseObject(userRet, Map.class) System.out.println(JSONObject.toJSON(userMap)) // query user information based on openId null-- add (not bound phone number) // User userInfo = userDao.selectByWechatAndSource(openId,UserSourceEnum.APP.getCode()) // New WX user // if(userInfo==null) { // // Add the information provided is not bound phone number // userInfo = new User() // String id = UUIDUtil.getUUID() // userInfo.setId(id) // userInfo.setSex(sex) // userInfo.setWechat(openId) // userInfo.setIsBindmobile(YesOrNoEnum.NO.getCode()) // userInfo.setSource(UserSourceEnum.APP.getCode()) // userInfo.setName(nickname) // userInfo.setPhoto(userImg) // userInfo.setCreateId(id) // userInfo.setCreateTime(new Date()) // userInfo.setStatus(StatusEnum.ENABLE.getCode()) // userDao.insertSelective(userInfo) // // cache device number // redisService.set(id+'deviceToken', deviceToken) // } // old WX user // if(userInfo!=null ) { // } return userMap } /** * Handle HTTP requests * @Param requestUrl request address * @Param requestMethod request method * @Param outputStr request parameter * @return */ public String httpRequest(String requestUrl,String requestMethod,String outputStr){ StringBuffer buffer=null try{ URL url=new URL(requestUrl) HttpURLConnection conn=(HttpURLConnection)url.openConnection() conn.setDoOutput(true) conn.setDoInput(true) conn.setRequestMethod(requestMethod) conn.connect() // to write server-side content is initiated http request parameters need to bring if(null!=outputStr){ OutputStream os=conn.getOutputStream() os.write(outputStr.getBytes('utf-8')) os.close() } // Read the content returned by the server InputStream is=conn.getInputStream() InputStreamReader isr=new InputStreamReader(is,'utf-8') BufferedReader br=new BufferedReader(isr) buffer=new StringBuffer() String line=null while((line=br.readLine())!=null){ buffer.append(line) } log.info('Request URL: {}, Return Value: {}', url, buffer.toString()) }catch(Exception e){ e.printStackTrace() } return buffer.toString() } }