Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@gaoding/co-wechat
Advanced tools
微信公众平台消息接口服务中间件
如果仍然使用 Koa1,请使用co-wechat@1.x。
middleware() 方法接受一个 async function 作为参数。
app.use(wechat(config).middleware(async (message, ctx) => {
// TODO
}));
现在的上下文不再是原始的 请求上下文,而仅仅是 message 对象。
业务的返回值现在直接返回即可,无需关注上下文。比如:
async (message, ctx) => {
return 'Hello world!';
}
不再支持 session 的功能。如需使用 session 功能,建议使用 redis 自行处理逻辑,取 message.FromUserName 作为 key,取一个合适的 ttl 时间即可。
$ npm install co-wechat
const wechat = require('co-wechat');
const config = {
token: 'THE TOKEN',
appid: 'THE APPID',
encodingAESKey: 'THE ENCODING AES KEY'
};
app.use(wechat(config).middleware(async (message, ctx) => {
// 微信输入信息就是这个 message
if (message.FromUserName === 'diaosi') {
// 回复屌丝(普通回复)
return 'hehe';
} else if (message.FromUserName === 'text') {
//你也可以这样回复text类型的信息
return {
content: 'text object',
type: 'text'
};
} else if (message.FromUserName === 'hehe') {
// 回复一段音乐
return {
type: "music",
content: {
title: "来段音乐吧",
description: "一无所有",
musicUrl: "http://mp3.com/xx.mp3",
hqMusicUrl: "http://mp3.com/xx.mp3"
}
};
} else if (message.FromUserName === 'kf') {
// 转发到客服接口
return {
type: "customerService",
kfAccount: "test1@test"
};
} else {
// 回复高富帅(图文回复)
return [
{
title: '你来我家接我吧',
description: '这是女神与高富帅之间的对话',
picurl: 'http://nodeapi.cloudfoundry.com/qrcode.jpg',
url: 'http://nodeapi.cloudfoundry.com/'
}
];
}
}));
备注:token 在微信平台的开发者中心申请
当用户发送消息到微信公众账号,自动回复一条消息。这条消息可以是文本、图片、语音、视频、音乐、图文。详见:官方文档
async (message, ctx) => {
return 'Hello world!';
}
// 或者
async (message, ctx) => {
return {type: "text", content: 'Hello world!'};
}
async (message, ctx) => {
return {
type: "image",
content: {
mediaId: 'mediaId'
}
};
}
async (message, ctx) => {
return {
type: "voice",
content: {
mediaId: 'mediaId'
}
};
}
async (message, ctx) => {
return {
type: "video",
content: {
mediaId: 'mediaId',
thumbMediaId: 'thumbMediaId'
}
};
}
async (message, ctx) => {
return {
title: "来段音乐吧",
description: "一无所有",
musicUrl: "http://mp3.com/xx.mp3",
hqMusicUrl: "http://mp3.com/xx.mp3"
};
}
async (message, ctx) => {
return [
{
title: '你来我家接我吧',
description: '这是女神与高富帅之间的对话',
picurl: 'http://nodeapi.cloudfoundry.com/qrcode.jpg',
url: 'http://nodeapi.cloudfoundry.com/'
}
];
}
async (message, ctx) => {
return '';
}
async (message, ctx) => {
return {
type: "customerService",
kfAccount: "test1@test" //可选
};
}
路由设置
// app/router.js
'use strict';
module.exports = app => {
// 将 get/post 请求都转给 home.wechat
app.all('/', 'home.wechat');
};
控制器
'use strict';
const wechat = require('co-wechat');
module.exports = app => {
class HomeController extends app.Controller {}
// 因为 Egg 需要用类的形式来组织,而 wechat 是通过 middleware 方法来生成中间件
HomeController.prototype.wechat = wechat({
token: 'token',
appid: 'appid',
encodingAESKey: ''
}).middleware(async (message, ctx) => {
// TODO
});
return HomeController;
};
// app/router.js
'use strict';
module.exports = app => {
// 将 get/post 请求都转给 home.wechat
app.all('/wechat/:appid', 'home.prehandle', 'home.wechat');
};
在前置中间件中预先设置 ctx.wx_token 或 ctx.wx_cryptor:
'use strict';
const WXBizMsgCrypt = require('wechat-crypto');
const wechat = require('co-wechat');
module.exports = app => {
class HomeController extends app.Controller {
async prehandle(ctx, next) {
const appid = ctx.params.appid;
const token = getTokenByAppid(appid);
ctx.wx_token = token
// 或者
const encodingAESKey = getEncodingAESKeyByAppid(appid);
ctx.wx_cryptor = new WXBizMsgCrypt(token, encodingAESKey, appid);
await next();
}
}
HomeController.prototype.wechat = wechat({
// 当有前置中间件设置 ctx.wx_token 和 ctx.wx_cryptor 时,这里配置随意填写
// token: 'token',
// appid: 'appid',
// encodingAESKey: ''
}).middleware(async (message, ctx) => {
// TODO
});
return HomeController;
};
注意,上述的 getTokenByAppid 和 getEncodingAESKeyByAppid 方法根据自己情况请自行提供。
欢迎关注。
代码:https://github.com/JacksonTian/api-doc-service
你可以在CloudFoundry、appfog、BAE等搭建自己的机器人。
原始API文档请参见:消息接口指南。
QQ群:157964097,使用疑问,开发,贡献代码请加群。
如果您觉得Wechat对您有帮助,欢迎请作者一杯咖啡
The MIT license.
project : co-wechat
repo age : 3 years, 1 month
active : 21 days
commits : 59
files : 10
authors :
46 Jackson Tian 78.0%
6 ifeiteng 10.2%
3 lixiaojun 5.1%
2 Andrew Lyu 3.4%
1 Jealee3000 1.7%
1 fancyoung 1.7%
FAQs
wechat api for co
We found that @gaoding/co-wechat demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 22 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.