微信开发1服务器响应，与微信服务器握手

Posted 2020-07-08 inns

官方说明

按照微信公众平台，第一步微信服务器会按照公众号的设置验证我们自己的服务器，服务器需要做正确响应。

官方文档说明如下：

开发者通过检验signature对请求进行校验（下面有校验方式）。若确认此次GET请求来自微信服务器，请原样返回echostr参数内容，则接入生效，成为开发者成功，否则接入失败。加密/校验流程如下：

1）将token、timestamp、nonce三个参数进行字典序排序

2）将三个参数字符串拼接成一个字符串进行sha1加密

3）开发者获得加密后的字符串可与signature对比，标识该请求来源于微信

 

公众平台服务器配置

 

源码

实现起来比较简单

通过校验签名来确定消息合法性

def _is_weixin_msg(signature,timestamp,nonce):
       tempStr = "".join(sorted([\'token令牌字符串\',timestamp,nonce]))
       if sha1(tempStr).hexdigest() == signature:
           return True
       else:
           return False

 

校验通过则直接把echostr 返回给微信服务器，握手成功

try:
            signature = request.GET.get(\'signature\',\'\')
            timestamp = request.GET.get(\'timestamp\',\'\')
            nonce = request.GET.get(\'nonce\',\'\')
            echostr = request.GET.get(\'echostr\',\'\')
           
            #print \'1:\',request.GET
           
            if signature is not \'\' and timestamp is not \'\' and nonce is not \'\':
                #签名正确
                if _is_weixin_msg(signature,timestamp,nonce):
                    return HttpResponse(echostr)
                else:
                    return HttpResponse("error")
            #普通网页浏览
            else:
                return render_to_response(\'html/index.html\',{},context_instance=RequestContext(request))
        except:
            #print \'except:signature-\',signature,\';timestamp-\',timestamp,\';nonce-\',nonce,\';echostr-\',echostr
            return HttpResponse("error")

 

微信IP白名单

 

微信IP白名单获取比较简单，用https get方法\'api.weixin.qq.com/cgi-bin/getcallbackip?access_token=xxxxxxxx到微信服务器获取即可。

通过白名单也可以判断消息来源是否合法。另外access_token是微信服务器颁发给应用服务器的全局令牌，有其时效性，下一节介绍token的获取和更新。

部分源码

 

 

#get消息到微信服务器   
def https_get(url):
    try:
        conn = httplib.HTTPSConnection(wxHost)
        conn.request(\'GET\',url,None,headers_get)
        response = conn.getresponse()
        backdata = response.read(5000)
        errorcode,result = response_handle(backdata)
        #{"access_token":"ACCESS_TOKEN","expires_in":7200}
        debug(\'https_get\',url,errorcode,result)
        #GET方法处理成功，状态判断的主要在response_handle函数中处理
        if  errorcode == \'0\':
            return errorcode,result
        else:
            return errorcode,\'https get方法失败\'+errorcode
    except:
        return \'https_get except\',\'https get方法异常\'

 

正常流程，微信返回的JSON数据体中，\'ip_list\'则为微信服务器的IP列表

def get_ip_list():
   
    #ip_list = []
   
    try:
        url = wxHost + \'/cgi-bin/getcallbackip?access_token=\' \\
            + get_access_token()
        errorcode = \'\'
        for i in range(0,harq):
            errorcode,response = https_get(url)
            #菜单创建成功
            if errorcode == \'0\':
                #ip_list = response.get(\'ip_list\',{})
                #print ip_list
                return True,response.get(\'ip_list\',{})
            #token非法，重新获取替换
            else:# errorcode == \'40014\' or errorcode == \'41001\':
                #强制获取token,备注掉，在https_get中处理
                #print \'get_ip_list:token invalid\'
                #get_access_token(True)
                url = replace_access_token(url)
               
        return False ,errorcode
    except:
        return False,\'except\'

 

发送和响应数据示例

(\'https_get\', \'api.weixin.qq.com/cgi-bin/getcallbackip?access_token=xxxxxxxx\', \'0\', {\'ip_list\': [\'101.226.62.77\', \'101.226.62.78\', \'101.226.62.79\', \'101.226.62.80\', \'101.226.62.81\', \'101.226.62.82\', \'101.226.62.83\', \'101.226.62.84\', \'101.226.62.85\', \'101.226.62.86\', \'101.226.103.59\', \'101.226.103.60\', \'101.226.103.61\', \'101.226.103.62\', \'101.226.103.63\', \'101.226.103.69\', \'101.226.103.70\', \'101.226.103.71\', \'101.226.103.72\', \'101.226.103.73\', \'140.207.54.73\', \'140.207.54.74\', \'140.207.54.75\', \'140.207.54.76\', \'140.207.54.77\', \'140.207.54.78\', \'140.207.54.79\', \'140.207.54.80\', \'182.254.11.203\', \'182.254.11.202\', \'182.254.11.201\', \'182.254.11.200\', \'182.254.11.199\', \'182.254.11.198\', \'59.37.97.100\', \'59.37.97.101\', \'59.37.97.102\', \'59.37.97.103\', \'59.37.97.104\', \'59.37.97.105\', \'59.37.97.106\', \'59.37.97.107\', \'59.37.97.108\', \'59.37.97.109\', \'59.37.97.110\', \'59.37.97.111\', \'59.37.97.112\', \'59.37.97.113\', \'59.37.97.114\', \'59.37.97.115\', \'59.37.97.116\', \'59.37.97.117\', \'59.37.97.118\', \'112.90.78.158\', \'112.90.78.159\', \'112.90.78.160\', \'112.90.78.161\', \'112.90.78.162\', \'112.90.78.163\', \'112.90.78.164\', \'112.90.78.165\', \'112.90.78.166\', \'112.90.78.167\', \'140.207.54.19\', \'140.207.54.76\', \'140.207.54.77\', \'140.207.54.78\', \'140.207.54.79\', \'140.207.54.80\', \'180.163.15.149\', \'180.163.15.151\', \'180.163.15.152\', \'180.163.15.153\', \'180.163.15.154\', \'180.163.15.155\', \'180.163.15.156\', \'180.163.15.157\', \'180.163.15.158\', \'180.163.15.159\', \'180.163.15.160\', \'180.163.15.161\', \'180.163.15.162\', \'180.163.15.163\', \'180.163.15.164\', \'180.163.15.165\', \'180.163.15.166\', \'180.163.15.167\', \'180.163.15.168\', \'180.163.15.169\', \'180.163.15.170\', \'101.226.103.0/25\', \'101.226.233.128/25\', \'58.247.206.128/25\', \'182.254.86.128/25\']})