This time I will bring you Node.jsHow to develop WeChat wall, what are the precautions for developing WeChat wall with Node.js, the following is a practical case, let’s take a look .
Verify server validity
Receive messages sent by users to the server through WeChat subscription account
Parse the received XML text message format into JSON
Use The template constructs an XML text message that responds to the user
Broadcast the received message through the WebSocket service
Get the basic user information (name and avatar) of the message sender
WeChat service Generally speaking, they are divided into two categories, one is message service and the other is data service.
The message service is a user who sends a message in the WeChat service account , and then the WeChat service pushes the message to the developer server, so it is actively initiated by WeChat and passively received by the developer server .
#The data body format of the message service is XML. The authenticity and validity of data transmission are guaranteed through an agreed token between the WeChat service and the developer server.
//verify.jsvar PORT = 9529;var http = require('http');var qs = require('qs');var TOKEN = 'yuntu';function c heckSignature(params, token){ //1. 将token、timestamp、nonce三个参数进行字典序排序
//2. Splice the three parameters string into one string for sha1 encryption
//3. The developer can compare the encrypted string with the signature , indicating that the request comes from WeChat
var key = [token, params.timestamp, params.nonce].sort().join(''); var sha1 = require('crypto').createHash('sha1'); sha1.update(key); return sha1.digest('hex') == params.signature; }var server = http.createServer(function (request, response) { //解析URL中的query部分,用qs模块(npm install qs)将query解析成json var query = require('url').parse(request.url).query; var params = qs.parse(query); console.log(params); console.log("token-->", TOKEN); if(checkSignature(params, TOKEN)){ response.end(params.echostr); }else{ response.end('signature fail'); } }); server.listen(PORT);console.log("Server runing at port: " + PORT + ".");
In fact, token verification is only used to verify to the developer server that the source of the message is indeed WeChat and not a forgery (because others do not know the specific token), as the message is initiated Fang's WeChat does not require verification, which means that developers can also be lazy and not do verification (the consequence is that others can imitate WeChat and make post requests to the service ).
//noverify.js/**
TOKEN verification is to ensure that the request is authentic and valid. WeChat itself does not verify TOKEN.
The developer server can also directly return echostr without verification.
But this means A third party can also easily forge requests pretending to be WeChat and send them to the developer server
*/var PORT = 9529;var http = require('http');var qs = require('qs');var server = http.createServer(function (request, response) { var query = require('url').parse(request.url).query; var params = qs.parse(query); response.end(params.echostr); }); server.listen(PORT);console.log("Server runing at port: " + PORT + ".");
I believe you have mastered the method after reading the case in this article. For more exciting information, please pay attention to other related articles on the php Chinese website! Recommended reading:
Laravel implements multi-user authentication system
PHP data security method to prevent SQL injection
Generate complex (tilt, sinusoidal interference line, paste, rotation verification) verification code
The above is the detailed content of How to develop WeChat wall with Node.js. For more information, please follow other related articles on the PHP Chinese website!