Merge pull request #2 from ArtisanCloud/feature/utils-base

add aes

Author: Matrix-X

.github/workflows/go-build.yml

@@ -0,0 +1,16 @@
+name: Go Build
+
+on: [ push ]
+jobs:
+  build-go:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.16
+
+      - name: Build
+        run: make build
+

.github/workflows/go-test.yml

@@ -0,0 +1,14 @@
+name: Go Test
+
+on: [ push ]
+jobs:
+  test-go:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.16
+      - name: Test
+        run: make test

Makefile

@@ -0,0 +1,8 @@
+test: test-aes
+
+test-aes:
+	go test -v src/kernel/Encryptor.go src/kernel/Encryptor_test.go
+	go test -v src/kernel/Support/AES.go src/kernel/Support/AES_test.go
+
+build:
+	go build

go.mod

@@ -2,16 +2,14 @@ module github.com/ArtisanCloud/go-wechat
 
 go 1.16
 
-replace github.com/ArtisanCloud/go-libs => ../go-libs
-
-replace github.com/ArtisanCloud/go-socialite => ../go-socialite
-
 require (
-	github.com/ArtisanCloud/go-libs v1.0.10
-	github.com/ArtisanCloud/go-socialite v0.0.0-00010101000000-000000000000 // indirect
+	github.com/ArtisanCloud/go-libs v1.0.11
+	github.com/ArtisanCloud/go-socialite v1.0.0
 	github.com/gin-gonic/gin v1.7.1 // indirect
+	github.com/go-playground/assert/v2 v2.0.1
 	github.com/go-redis/redis/v8 v8.10.0 // indirect
 	github.com/mattn/go-isatty v0.0.13 // indirect
+	github.com/stretchr/testify v1.7.0
 	golang.org/x/net v0.0.0-20210525063256-abc453219eb5 // indirect
 	golang.org/x/sys v0.0.0-20210608053332-aa57babbf139 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect

go.sum

@@ -1,3 +1,7 @@
+github.com/ArtisanCloud/go-libs v1.0.11 h1:CF39XsRaOKyphG7eoUVDkdqj2L2DUKfSrDr+tZyYbMI=
+github.com/ArtisanCloud/go-libs v1.0.11/go.mod h1:QdDzmJskQvtLTwVpF6KZqnFEwBfTdIpF0FLy6WHvKmA=
+github.com/ArtisanCloud/go-socialite v1.0.0 h1:eQnhkQTP8a7qr3QXFU1YOaf1jHJL6UnrmLNPowruUp8=
+github.com/ArtisanCloud/go-socialite v1.0.0/go.mod h1:/VYnYt7mGKZxPyWr+qPlLv1/+H6xcZP+B7XdsbNhgt0=
 github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -6,12 +10,14 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
 github.com/gin-gonic/gin v1.6.0/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M=
 github.com/gin-gonic/gin v1.7.1 h1:qC89GU3p8TvKWMAVhEpmpB2CIb1hnqt2UdKZaP93mS8=
 github.com/gin-gonic/gin v1.7.1/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY=
+github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A=
 github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/locales v0.13.0 h1:HyWk6mgj5qFqCT5fjGBuRArbVDfE4hi8+e8ceBS/t7Q=
 github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
@@ -40,6 +46,7 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/guonaihong/gout v0.1.11 h1:Sl4OwyNtp1BoMZXankNC0DimAPuh9kgBsZIGynD9kiw=
 github.com/guonaihong/gout v0.1.11/go.mod h1:JkjNv1G2oRWvFgP/r4DUbYhoeIBB0zMP2j1ID+5CYpU=
@@ -55,12 +62,15 @@ github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421 h1:ZqeYNhU3OH
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742 h1:Esafd1046DLDQ0W1YjYsBW+p8U2u7vzgW2SQVmlNazg=
 github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
+github.com/onsi/ginkgo v1.15.0 h1:1V1NfVQR87RtWAgp1lv9JZJ5Jap+XFGKPi00andXGi4=
 github.com/onsi/ginkgo v1.15.0/go.mod h1:hF8qUzuuC8DJGygJH3726JnCZX4MYbRB8yFfISqnKUg=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
+github.com/onsi/gomega v1.10.5 h1:7n6FEkpFmfCoo2t+YYqXH0evK+a9ICQz0xcAy9dYcaQ=
 github.com/onsi/gomega v1.10.5/go.mod h1:gza4q3jKQJijlu05nKWRCW/GavJumGt8aNRxWg7mt48=
 github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
 github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
@@ -85,6 +95,7 @@ go.opentelemetry.io/otel/metric v0.19.0/go.mod h1:8f9fglJPRnXuskQmKpnad31lcLJ2Vm
 go.opentelemetry.io/otel/metric v0.20.0 h1:4kzhXFP+btKm4jwxpjIqjs41A7MakRFUS86bqLHTIw8=
 go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU=
 go.opentelemetry.io/otel/oteltest v0.19.0/go.mod h1:tI4yxwh8U21v7JD6R3BcA/2+RBoTKFexE/PJ/nSO7IA=
+go.opentelemetry.io/otel/oteltest v0.20.0 h1:HiITxCawalo5vQzdHfKeZurV8x7ljcqAgiWzF6Vaeaw=
 go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw=
 go.opentelemetry.io/otel/trace v0.19.0/go.mod h1:4IXiNextNOpPnRlI4ryK69mn5iC84bjBWZQA5DXz/qg=
 go.opentelemetry.io/otel/trace v0.20.0 h1:1DL6EXUdcg95gukhuRRvLDO/4X5THh/5dIV52lqtnbw=
@@ -126,6 +137,7 @@ golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9sn
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@@ -147,6 +159,7 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

main.go

@@ -3,9 +3,18 @@ package main
 import (
 	"fmt"
 	fmt2 "github.com/ArtisanCloud/go-libs/fmt"
+	"github.com/ArtisanCloud/go-libs/object"
 	"github.com/ArtisanCloud/go-wechat/src/work"
+	"os"
 )
 
+func GetConfig() *object.HashMap {
+	return &object.HashMap{
+		"corp_id": os.Getenv("corp_id"),
+		"secret":  os.Getenv("secret"),
+	}
+}
+
 func main() {
 
 	fmt.Printf("hello Wechat! \n")

src/kernel/Encryptor.go

@@ -0,0 +1,199 @@
+package kernel
+
+import (
+	"bytes"
+	"crypto/aes"
+	"crypto/sha1"
+	"encoding/base64"
+	"encoding/binary"
+	"encoding/xml"
+	"fmt"
+	"github.com/ArtisanCloud/go-wechat/src/kernel/Support"
+	"math/rand"
+	"sort"
+	"strings"
+)
+
+// Wechat Docs: https://open.work.weixin.qq.com/api/doc/90000/90138/90307
+const (
+	ErrorInvalidSignature = -40001 // 签名验证错误
+	ErrorParseXml         = -40002 // xml/json解析失败
+	ErrorCalcSignature    = -40003 // sha加密生成签名失败
+	ErrorInvalidAesKey    = -40004 // AESKey 非法
+	ErrorInvalidAppId     = -40005 // ReceiveId 校验错误
+	ErrorEncryptAes       = -40006 // AES 加密失败
+	ErrorDecryptAes       = -40007 // AES 解密失败
+	ErrorInvalidXml       = -40008 // 解密后得到的buffer非法
+	ErrorBase64Encode     = -40009 // base64 编码失败
+	ErrorBase64Decode     = -40010 // base64 解码失败
+	ErrorXmlBuild         = -40011 // 生成xml失败
+	IllegalBuffer         = -41003 // Illegal buffer
+	letterBytes           = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
+)
+
+type CDATA struct {
+	Value string `xml:",cdata"`
+}
+
+type WeComReplyMsg struct {
+	XMLName   xml.Name `xml:"xml"`
+	Encrypt   CDATA    `xml:"Encrypt"`
+	Signature CDATA    `xml:"MsgSignature"`
+	Timestamp string   `xml:"TimeStamp"`
+	Nonce     CDATA    `xml:"Nonce"`
+}
+
+type WeComRecvMsg struct {
+	ToUserName string `xml:"ToUserName"`
+	Encrypt    string `xml:"Encrypt"`
+	AgentId    string `xml:"AgentID"`
+}
+
+type Encryptor struct {
+	appId     string // App token
+	token     string
+	aesKey    []byte
+	blockSize int
+	aes       *Support.AES
+}
+
+func NewEncryptor(appId, token, aesKey string) (*Encryptor, error) {
+	// TODO: 不明白为什么需要等号
+	aesKey = aesKey + "="
+	aesKeyByte, err := base64.StdEncoding.DecodeString(aesKey)
+	if err != nil {
+		return nil, err
+	}
+	return &Encryptor{
+		appId:     appId,
+		token:     token,
+		aesKey:    aesKeyByte,
+		blockSize: 32,
+		aes:       &Support.AES{},
+	}, nil
+}
+
+// GetToken Get the app token
+func (encryptor *Encryptor) GetToken() string {
+	return encryptor.token
+}
+
+func (encryptor *Encryptor) randString(n int) string {
+	b := make([]byte, n)
+	for i := range b {
+		b[i] = letterBytes[rand.Int63()%int64(len(letterBytes))]
+	}
+	return string(b)
+}
+
+// Encrypt encrypt xml msg and return xml
+func (encryptor *Encryptor) Encrypt(msg, nonce, timestamp string) ([]byte, *Support.CryptError) {
+
+	randStr := encryptor.randString(16)
+	var buffer bytes.Buffer
+	buffer.WriteString(randStr)
+
+	msgLenBuf := make([]byte, 4)
+	binary.BigEndian.PutUint32(msgLenBuf, uint32(len(msg)))
+	buffer.Write(msgLenBuf)
+	buffer.WriteString(msg)
+
+	// TODO 暂时不知道用途
+	//buffer.WriteString(wxBizMsgCrypt.receiverId)
+
+	tmpCiphertext, err := encryptor.aes.Encrypt(buffer.Bytes(), encryptor.aesKey, encryptor.aesKey[:aes.BlockSize])
+	if err != nil {
+		return nil, (*Support.CryptError)(err)
+	}
+	ciphertext := string(tmpCiphertext)
+
+	signature := encryptor.Signature(encryptor.token, timestamp, nonce, ciphertext)
+
+	msg4Send := &WeComReplyMsg{
+		Encrypt:   CDATA{Value: ciphertext},
+		Signature: CDATA{Value: signature},
+		Timestamp: timestamp,
+		Nonce:     CDATA{Value: nonce},
+	}
+	//msg4Send := NewWXBizMsg4Send(ciphertext, signature, timestamp, nonce)
+	//msg.Marshal()
+	xmlByte, err2 := xml.Marshal(msg4Send)
+	if err2 != nil {
+		return nil, Support.NewCryptError(ErrorXmlBuild, err2.Error())
+	}
+	return xmlByte, nil
+}
+
+// Decrypt decrypt xml msg and return xml
+func (encryptor *Encryptor) Decrypt(content []byte, msgSignature, nonce, timestamp string) ([]byte, *Support.CryptError) {
+	var msg4Recv WeComRecvMsg
+	err := xml.Unmarshal(content, &msg4Recv)
+
+	if err != nil {
+		return nil, Support.NewCryptError(ErrorDecryptAes, err.Error())
+	}
+
+	signature := encryptor.Signature(encryptor.token, timestamp, nonce, msg4Recv.Encrypt)
+
+	if strings.Compare(signature, msgSignature) != 0 {
+		return nil, Support.NewCryptError(ErrorCalcSignature, "signature not equal")
+	}
+
+	iv := encryptor.aesKey[:aes.BlockSize]
+	plaintext, cryptErr := encryptor.aes.Decrypt(msg4Recv.Encrypt, encryptor.aesKey, iv)
+	//plaintext, cryptErr := wxBizMsgCrypt.cbcDecrypter(msg4Recv.Encrypt)
+	if nil != cryptErr {
+		return nil, cryptErr
+	}
+
+	plaintext, cryptErr = encryptor.aes.PKCS7UnPadding(plaintext)
+	if cryptErr != nil {
+		return nil, cryptErr
+	}
+
+	textLen := uint32(len(plaintext))
+	if textLen < 20 {
+		return nil, Support.NewCryptError(IllegalBuffer, "plain is to small 1")
+	}
+	//random := plaintext[:16]
+	msgLen := binary.BigEndian.Uint32(plaintext[16:20])
+	if textLen < (20 + msgLen) {
+		return nil, Support.NewCryptError(IllegalBuffer, "plain is to small 2")
+	}
+
+	msg := plaintext[20 : 20+msgLen]
+	//receiverId := plaintext[20+msgLen:]
+
+	return msg, nil
+}
+
+// VerifyUrl Parsing the official WeChat callback validation.
+// Wechat Docs: https://work.weixin.qq.com/api/doc/90000/90135/90235
+// When adding URLs to the WeChat admin backend, WeChat will trigger a GET request to verify whether the server can process the encrypted information properly, and the message needs to be decrypted and returned.
+// 在微信管理后台添加URL的时候，微信会触发一条GET请求用于验证服务器能否正常处理加密信息，需要将消息解密出来返回。
+// eg: "/app-callback?msg_signature=1495c4dfd4958d4e5faf618978ae66943a042f87&timestamp=1623292419&nonce=1623324060&echostr=o1XtmVltGmUAqoWee54yd4Q5ZBgrw4%2F9lFo5qdZoVPd1DybzarjuYCfFlR2AFbAcWHwFgmbrVBD%2Bf9910QIF6g%3D%3D"
+func (encryptor *Encryptor) VerifyUrl(content string, msgSignature, nonce, timestamp string) ([]byte, *Support.CryptError) {
+	msg4Recv := &WeComRecvMsg{
+		Encrypt:    content,
+	}
+	msg4RecvByte, err := xml.Marshal(msg4Recv)
+	if err != nil {
+		return nil, Support.NewCryptError(ErrorXmlBuild, err.Error())
+	}
+	return encryptor.Decrypt(msg4RecvByte, msgSignature, nonce, timestamp)
+}
+
+// Signature get sha1
+func (encryptor *Encryptor) Signature(token, timestamp, nonce, data string) string {
+	sortArr := []string{token, timestamp, nonce, data}
+	sort.Strings(sortArr)
+	var buffer bytes.Buffer
+	for _, value := range sortArr {
+		buffer.WriteString(value)
+	}
+
+	sha := sha1.New()
+	sha.Write(buffer.Bytes())
+	signature := fmt.Sprintf("%x", sha.Sum(nil))
+	return signature
+}