【微信開發】一、服務器響應，與微信服務器握手

官方說明

按照微信公衆平臺，第一步微信服務器會按照公衆號的設置驗證咱們本身的服務器，服務器須要作正確響應。

官方文檔說明以下：

開發者經過檢驗signature對請求進行校驗（下面有校驗方式）。若確認這次GET請求來自微信服務器，請原樣返回echostr參數內容，則接入生效，成爲開發者成功，不然接入失敗。加密/校驗流程以下：

1）將token、timestamp、nonce三個參數進行字典序排序

2）將三個參數字符串拼接成一個字符串進行sha1加密

3）開發者得到加密後的字符串可與signature對比，標識該請求來源於微信

 

公衆平臺服務器配置

 

源碼

實現起來比較簡單

經過校驗簽名來肯定消息合法性

def _is_weixin_msg(signature,timestamp,nonce):
       tempStr = "".join(sorted(['token令牌字符串',timestamp,nonce]))
       if sha1(tempStr).hexdigest() == signature:
           return True
       else:
           return False

 

校驗經過則直接把echostr 返回給微信服務器，握手成功

try:
            signature = request.GET.get('signature','')
            timestamp = request.GET.get('timestamp','')
            nonce = request.GET.get('nonce','')
            echostr = request.GET.get('echostr','')
           
            #print '1:',request.GET
           
            if signature is not '' and timestamp is not '' and nonce is not '':
                #簽名正確
                if _is_weixin_msg(signature,timestamp,nonce):
                    return HttpResponse(echostr)
                else:
                    return HttpResponse("error")
            #普通網頁瀏覽
            else:
                return render_to_response('html/index.html',{},context_instance=RequestContext(request))
        except:
            #print 'except:signature-',signature,';timestamp-',timestamp,';nonce-',nonce,';echostr-',echostr
            return HttpResponse("error")

 

微信IP白名單

 

微信IP白名單獲取比較簡單，用https get方法'api.weixin.qq.com/cgi-bin/getcallbackip?access_token=xxxxxxxx到微信服務器獲取便可。

經過白名單也能夠判斷消息來源是否合法。另外access_token是微信服務器頒發給應用服務器的全局令牌，有其時效性，下一節介紹token的獲取和更新。

部分源碼

 

 

#get消息到微信服務器   
def https_get(url):
    try:
        conn = httplib.HTTPSConnection(wxHost)
        conn.request('GET',url,None,headers_get)
        response = conn.getresponse()
        backdata = response.read(5000)
        errorcode,result = response_handle(backdata)
        #{"access_token":"ACCESS_TOKEN","expires_in":7200}
        debug('https_get',url,errorcode,result)
        #GET方法處理成功，狀態判斷的主要在response_handle函數中處理
        if  errorcode == '0':
            return errorcode,result
        else:
            return errorcode,'https get方法失敗'+errorcode
    except:
        return 'https_get except','https get方法異常'

 

正常流程，微信返回的JSON數據體中，'ip_list'則爲微信服務器的IP列表

def get_ip_list():
   
    #ip_list = []
   
    try:
        url = wxHost + '/cgi-bin/getcallbackip?access_token=' \
            + get_access_token()
        errorcode = ''
        for i in range(0,harq):
            errorcode,response = https_get(url)
            #菜單建立成功
            if errorcode == '0':
                #ip_list = response.get('ip_list',{})
                #print ip_list
                return True,response.get('ip_list',{})
            #token非法，從新獲取替換
            else:# errorcode == '40014' or errorcode == '41001':
                #強制獲取token,備註掉，在https_get中處理
                #print 'get_ip_list:token invalid'
                #get_access_token(True)
                url = replace_access_token(url)
               
        return False ,errorcode
    except:
        return False,'except'

 

發送和響應數據示例

('https_get', 'api.weixin.qq.com/cgi-bin/getcallbackip?access_token=xxxxxxxx', '0', {'ip_list': ['101.226.62.77', '101.226.62.78', '101.226.62.79', '101.226.62.80', '101.226.62.81', '101.226.62.82', '101.226.62.83', '101.226.62.84', '101.226.62.85', '101.226.62.86', '101.226.103.59', '101.226.103.60', '101.226.103.61', '101.226.103.62', '101.226.103.63', '101.226.103.69', '101.226.103.70', '101.226.103.71', '101.226.103.72', '101.226.103.73', '140.207.54.73', '140.207.54.74', '140.207.54.75', '140.207.54.76', '140.207.54.77', '140.207.54.78', '140.207.54.79', '140.207.54.80', '182.254.11.203', '182.254.11.202', '182.254.11.201', '182.254.11.200', '182.254.11.199', '182.254.11.198', '59.37.97.100', '59.37.97.101', '59.37.97.102', '59.37.97.103', '59.37.97.104', '59.37.97.105', '59.37.97.106', '59.37.97.107', '59.37.97.108', '59.37.97.109', '59.37.97.110', '59.37.97.111', '59.37.97.112', '59.37.97.113', '59.37.97.114', '59.37.97.115', '59.37.97.116', '59.37.97.117', '59.37.97.118', '112.90.78.158', '112.90.78.159', '112.90.78.160', '112.90.78.161', '112.90.78.162', '112.90.78.163', '112.90.78.164', '112.90.78.165', '112.90.78.166', '112.90.78.167', '140.207.54.19', '140.207.54.76', '140.207.54.77', '140.207.54.78', '140.207.54.79', '140.207.54.80', '180.163.15.149', '180.163.15.151', '180.163.15.152', '180.163.15.153', '180.163.15.154', '180.163.15.155', '180.163.15.156', '180.163.15.157', '180.163.15.158', '180.163.15.159', '180.163.15.160', '180.163.15.161', '180.163.15.162', '180.163.15.163', '180.163.15.164', '180.163.15.165', '180.163.15.166', '180.163.15.167', '180.163.15.168', '180.163.15.169', '180.163.15.170', '101.226.103.0/25', '101.226.233.128/25', '58.247.206.128/25', '182.254.86.128/25']})