微信开放平台接入流程 python

1. 验证票据

开放平台配置推送url后，微信会每隔10分钟post 数据到相应接口。接口需直接返回 success字符串。

    def wx_handler(self, request, *args, **kwargs):
        msg_sign = request.GET.get('msg_signature', "")
        timestamp = request.GET.get('timestamp', "")
        nonce = request.GET.get('nonce', "")
        from_xml = request.body.decode('utf-8')
        # 判断数据格式
        if from_xml.startswith(''):
             # 解码,使用开放平台配置信息
                decrypt_test = WXBizMsgCrypt(open_platform.wx_token, open_platform.encodingAESKey, open_platform.appid)
                ret, decryp_xml = decrypt_test.DecryptMsg(from_xml, msg_sign, timestamp, nonce)
                if ret == 0:
                    # 获取凭证
                    ticket = decrypt_test.extract_ticket(decryp_xml)

        return HttpResponse("success")

解码模块代码附在最后
component_verify_ticket 的有效时间为12小时。

2. 获取令牌

令牌（component_access_token）是第三方平台接口的调用凭据，有效期2小时。
使用 1 获取的 component_verify_ticket 调用接口获取令牌

 data = {
    "component_appid": appid,
    "component_appsecret": appsecret,
    "component_verify_ticket": component_verify_ticket
}
token_url = 'https://api.weixin.qq.com/cgi-bin/component/api_component_token'
# 接口请求
res = requests.post(token_url, json.dumps(data))
res_data = json.loads(res.content.decode('utf-8'))
component_access_token = res_data['component_access_token']

3. 获取预授权码

预授权码用于公众号授权，
使用 2 获取的 component_access_token 调用接口获取

POST https://api.weixin.qq.com/cgi-bin/component/api_create_preauthcode?component_access_token=COMPONENT_ACCESS_TOKEN

4. 授权页面

需要在链接上填写 3 获取的 pre_auth_code 以及 回调地址 redirect_uri

授权页面打开，需要公众号管理员扫码授权。

https://mp.weixin.qq.com/cgi-bin/componentloginpage?component_appid=wxb6048415cdc1e394&pre_auth_code={{ pre_auth_code }}&redirect_uri={{ redirect_uri}}

5. 授权回调接口

扫码授权成功后，微信会发送 auth_code 到 4 的 redirect_uri
使用 2 获取的 ** component_access_token** 调用接口获取授权信息

def rewrite_auth_code_handler(self, request, *args, **kwargs):
    auth_code = request.GET.get('auth_code')
    # 获取调用接口凭证 authorizer_access_token
    url = "https://api.weixin.qq.com/cgi-bin/component/api_query_auth?component_access_token={}".format(component_access_token)
    data = {
        "component_appid": appid,
        "authorization_code": auth_code
    }
    res = requests.post(url, json.dumps(data))
    res_data = json.loads(res.content.decode('utf-8'))
    authorization_info = res_data['authorization_info']
    authorizer_appid = authorization_info['authorizer_appid']
    authorizer_access_token = authorization_info['authorizer_access_token']
    authorizer_refresh_token = authorization_info['authorizer_refresh_token']

最后，拿到
authorizer_appid
授权公众的appid ， 用于刷新令牌
authorizer_access_token
开发接口授权令牌， 有效期为 ** 2 小时**
authorizer_refresh_token
刷新令牌

6. 刷新接口令牌

超时后， 使用 3 获取的 component_access_token, 5 获取的 authorizer_appid，authorizer_refresh_token 调用接口重新获取authorizer_refresh_token

POST https://api.weixin.qq.com/cgi-bin/component/api_authorizer_token?component_access_token=COMPONENT_ACCESS_TOKEN

使用 5 获取到的 authorizer_refresh_token ,就可以进行微信开发了。

解码模块代码:

import base64
import string
import random
import hashlib
import time
import struct
from Crypto.Cipher import AES
import xml.etree.cElementTree as ET
import socket

WXBizMsgCrypt_OK = 0
WXBizMsgCrypt_ValidateSignature_Error = -40001
WXBizMsgCrypt_ParseXml_Error = -40002
WXBizMsgCrypt_ComputeSignature_Error = -40003
WXBizMsgCrypt_IllegalAesKey = -40004
WXBizMsgCrypt_ValidateAppid_Error = -40005
WXBizMsgCrypt_EncryptAES_Error = -40006
WXBizMsgCrypt_DecryptAES_Error = -40007
WXBizMsgCrypt_IllegalBuffer = -40008
WXBizMsgCrypt_EncodeBase64_Error = -40009
WXBizMsgCrypt_DecodeBase64_Error = -40010


""" AES加解密用 pycrypto """

class FormatException(Exception):
    pass

def throw_exception(message, exception_class=FormatException):
    """my define raise exception function"""
    raise exception_class(message)

class SHA1:
    """计算公众平台的消息签名接口"""
    def getSHA1(self, token, timestamp, nonce, encrypt):
        """用SHA1算法生成安全签名
        @param token:  票据
        @param timestamp: 时间戳
        @param encrypt: 密文
        @param nonce: 随机字符串
        @return: 安全签名
        """
        try:
            token = token.decode()
            sortlist = [token, timestamp, nonce, encrypt]
            sortlist.sort()
            sha = hashlib.sha1()
            sha.update("".join(sortlist).encode("utf8"))
            return WXBizMsgCrypt_OK, sha.hexdigest()
        except Exception as e:
            print(e)
            return WXBizMsgCrypt_ComputeSignature_Error, None


class XMLParse(object):
    """提供提取消息格式中的密文及生成回复消息格式的接口"""

    # xml消息模板
    AES_TEXT_RESPONSE_TEMPLATE = """%(timestamp)s"""
    def extract(self, xmltext):
        """提取出xml数据包中的加密消息
        @param xmltext: 待提取的xml字符串
        @return: 提取出的加密消息字符串
        """
        try:
            xml_tree = ET.fromstring(xmltext)
            encrypt = xml_tree.find("Encrypt")
            return WXBizMsgCrypt_OK, encrypt.text
        except Exception as e:
            print(e)
            return WXBizMsgCrypt_ParseXml_Error, None, None

    def generate(self, encrypt, signature, timestamp, nonce):
        """生成xml消息
        @param encrypt: 加密后的消息密文
        @param signature: 安全签名
        @param timestamp: 时间戳
        @param nonce: 随机字符串
        @return: 生成的xml字符串
        """
        resp_dict = {
            'msg_encrypt': encrypt,
            'msg_signaturet': signature,
            'timestamp': timestamp,
            'nonce': nonce,
        }
        resp_xml = self.AES_TEXT_RESPONSE_TEMPLATE % resp_dict
        return resp_xml


class PKCS7Encoder(object):
    """提供基于PKCS7算法的加解密接口"""

    block_size = 32

    def encode(self, text):
        """ 对需要加密的明文进行填充补位
        @param text: 需要进行填充补位操作的明文
        @return: 补齐明文字符串
        """
        text_length = len(text)
        # 计算需要填充的位数
        amount_to_pad = self.block_size - (text_length % self.block_size)
        if amount_to_pad == 0:
            amount_to_pad = self.block_size
        # 获得补位所用的字符
        pad = chr(amount_to_pad).encode()
        return text + pad * amount_to_pad

    def decode(self, decrypted):
        """删除解密后明文的补位字符
        @param decrypted: 解密后的明文
        @return: 删除补位字符后的明文
        """
        pad = ord(decrypted[-1])
        if pad < 1 or pad > 32:
            pad = 0
        return decrypted[:-pad]


class Prpcrypt(object):
    """提供接收和推送给公众平台消息的加解密接口"""

    def __init__(self, key):
        # self.key = base64.b64decode(key+"=")
        self.key = key
        # 设置加解密模式为AES的CBC模式
        self.mode = AES.MODE_CBC

    def encrypt(self, text, appid):
        """对明文进行加密
        @param text: 需要加密的明文
        @return: 加密得到的字符串
        """
        # 16位随机字符串添加到明文开头
        len_str = struct.pack("I", socket.htonl(len(text.encode())))
        # text = self.get_random_str() + binascii.b2a_hex(len_str).decode() + text + appid
        text = self.get_random_str() + len_str + text.encode() + appid
        # 使用自定义的填充方式对明文进行补位填充
        pkcs7 = PKCS7Encoder()
        text = pkcs7.encode(text)
        # 加密
        cryptor = AES.new(self.key, self.mode, self.key[:16])
        try:
            ciphertext = cryptor.encrypt(text)
            # 使用BASE64对加密后的字符串进行编码
            return WXBizMsgCrypt_OK, base64.b64encode(ciphertext).decode('utf8')
        except Exception as e:
            return WXBizMsgCrypt_EncryptAES_Error, None

    def decrypt(self, text, appid):
        """对解密后的明文进行补位删除
        @param text: 密文
        @return: 删除填充补位后的明文
        """
        try:
            cryptor = AES.new(self.key, self.mode, self.key[:16])
            # 使用BASE64对密文进行解码，然后AES-CBC解密
            plain_text = cryptor.decrypt(base64.b64decode(text))
        except Exception as e:
            print(e)
            return WXBizMsgCrypt_DecryptAES_Error, None
        try:
            # pad = ord(plain_text[-1])
            pad = plain_text[-1]
            # 去掉补位字符串
            # pkcs7 = PKCS7Encoder()
            # plain_text = pkcs7.encode(plain_text)
            # 去除16位随机字符串
            content = plain_text[16:-pad]
            xml_len = socket.ntohl(struct.unpack("I", content[: 4])[0])
            xml_content = content[4: xml_len + 4]
            from_appid = content[xml_len + 4:]
        except Exception as e:
            return WXBizMsgCrypt_IllegalBuffer, None
        if from_appid != appid:
            return WXBizMsgCrypt_ValidateAppid_Error, None
        return 0, xml_content.decode()

    def get_random_str(self):
        """ 随机生成16位字符串
        @return: 16位字符串
        """
        rule = string.ascii_letters + string.digits
        str = random.sample(rule, 16)
        return "".join(str).encode()


class WXBizMsgCrypt():
    # 构造函数
    # token4wx
    # @param sToken: 公众平台上，开发者设置的Token
    # token4wxtoken4wxtoken4wxtoken4wxtoken4wxtok
    # @param sEncodingAESKey: 公众平台上，开发者设置的EncodingAESKey
    # wxb6048415cdc1e394
    # @param sAppId: 企业号的AppId
    def __init__(self, sToken, sEncodingAESKey, sAppId):
        try:
            self.key = base64.b64decode(sEncodingAESKey + "=")
            assert len(self.key) == 32
        except Exception:
            throw_exception("[error]: EncodingAESKey unvalid !", FormatException)
        self.token = sToken.encode()
        self.appid = sAppId.encode()

    def EncryptMsg(self, sReplyMsg, sNonce, timestamp=None):
        # 将公众号回复用户的消息加密打包
        # @param sReplyMsg: 企业号待回复用户的消息，xml格式的字符串
        # @param sTimeStamp: 时间戳，可以自己生成，也可以用URL参数的timestamp,如为None则自动用当前时间
        # @param sNonce: 随机串，可以自己生成，也可以用URL参数的nonce
        # sEncryptMsg: 加密后的可以直接回复用户的密文，包括msg_signature, timestamp, nonce, encrypt的xml格式的字符串,
        # return：成功0，sEncryptMsg,失败返回对应的错误码None
        pc = Prpcrypt(self.key)
        ret, encrypt = pc.encrypt(sReplyMsg, self.appid)
        if ret != 0:
            return ret, None
        if timestamp is None:
            timestamp = str(int(time.time()))
        # 生成安全签名
        sha1 = SHA1()
        ret, signature = sha1.getSHA1(self.token, timestamp, sNonce, encrypt)

        if ret != 0:
            return ret, None
        xmlParse = XMLParse()
        return ret, xmlParse.generate(encrypt, signature, timestamp, sNonce)

    def VerifyURL(self, sMsgSignature, sTimeStamp, sNonce, sEchoStr):
        sha1 = SHA1()
        ret,signature = sha1.getSHA1(self.token, sTimeStamp, sNonce, sEchoStr)
        if ret  != 0:
            return ret, None
        if not signature == sMsgSignature:
            return WXBizMsgCrypt_ValidateSignature_Error, None
        pc = Prpcrypt(self.key)
        ret,sReplyEchoStr = pc.decrypt(sEchoStr,self.appid)
        return ret,sReplyEchoStr

    def DecryptMsg(self, sPostData, sMsgSignature, sTimeStamp, sNonce):
        # 检验消息的真实性，并且获取解密后的明文
        # @param sMsgSignature: 签名串，对应URL参数的msg_signature
        # @param sTimeStamp: 时间戳，对应URL参数的timestamp
        # @param sNonce: 随机串，对应URL参数的nonce
        # @param sPostData: 密文，对应POST请求的数据
        #  xml_content: 解密后的原文，当return返回0时有效
        # @return: 成功0，失败返回对应的错误码
        # 验证安全签名
        xmlParse = XMLParse()
        ret, encrypt = xmlParse.extract(sPostData)
        if ret != 0:
            return ret, None
        sha1 = SHA1()
        ret, signature = sha1.getSHA1(self.token, sTimeStamp, sNonce, encrypt)
        if ret != 0:
            return ret, None
        if not signature == sMsgSignature:
            return WXBizMsgCrypt_ValidateSignature_Error, None
        pc = Prpcrypt(self.key)
        ret, xml_content = pc.decrypt(encrypt, self.appid)
        return ret, xml_content

 
    def extract_ticket(self, xmltext):
        try:
            xml_tree = ET.fromstring(xmltext)
            encrypt = xml_tree.find("ComponentVerifyTicket")
            # 去除ticket@@@
            ticket = encrypt.text[9:]
            return ticket
        except Exception as e:
            logger.error("extract_ticket error {}".format(e))
            return ""


    # 解析获取的事件推送
    def extract_event_msg(self, xmltext):
        data = {}
        try:
            xml_tree = ET.fromstring(xmltext)
            data['to_user_name'] = xml_tree.find("ToUserName").text
            data['from_user_name'] = xml_tree.find("FromUserName").text
            data['create_time'] = xml_tree.find("CreateTime").text
            data['msg_type'] = xml_tree.find("MsgType").text
            # 事件推送
            if data['msg_type'] == "event":
                data['event'] = xml_tree.find("Event").text
                data['event_key'] = xml_tree.find("EventKey").text
            # 文本消息
            elif data['msg_type'] == "text":
                data['content'] = xml_tree.find("Content").text
                data['msg_id'] = xml_tree.find("MsgId").text
            # 图片消息
            elif data['msg_type'] == "image":
                data['pic_url'] = xml_tree.find("PicUrl").text
                data['media_id'] = xml_tree.find("MediaId").text
                data['msg_id'] = xml_tree.find("MsgId").text
            # 语音消息
            elif data['msg_type'] == "voice":
                data['format'] = xml_tree.find("Format").text
                data['media_id'] = xml_tree.find("MediaId").text
                data['msg_id'] = xml_tree.find("MsgId").text
            # 视频消息
            elif data['msg_type'] == "voice":
                data['thumbMedia_id'] = xml_tree.find("ThumbMediaId").text
                data['media_id'] = xml_tree.find("MediaId").text
                data['msg_id'] = xml_tree.find("MsgId").text
            return data
        except Exception as e:
            logger.error("extract_event_msg error {}".format(e))
            return data