jikimo/jikimo_sf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

优化工单模块,增加企微模块

Browse Source
This commit is contained in:
mgw
2024-07-10 15:58:47 +08:00
parent e8512b23e4
commit 6b140fe6dd
134 changed files with 12830 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

273
sg_wechat_enterprise/controllers/WXBizMsgCrypt.py Normal file
View File

@@ -0,0 +1,273 @@
#!/usr/bin/env python
# -*- encoding:utf-8 -*-
""" 对企业微信发送给企业后台的消息加解密示例代码.
@copyright: Copyright (c) 1998-2014 Tencent Inc.
"""
# ------------------------------------------------------------------------
import base64
import string
import random
import hashlib
import time
import struct
from Crypto.Cipher import AES
import xml.etree.cElementTree as ET
import socket
from . import ierror
"""
关于Crypto.Cipher模块ImportError: No module named 'Crypto'解决方案
请到官方网站 https://www.dlitz.net/software/pycrypto/ 下载pycrypto。
下载后按照README中的“Installation”小节的提示进行pycrypto安装。
"""
class FormatException(Exception):
pass
def throw_exception(message, exception_class=FormatException):
"""my define raise exception function"""
raise exception_class(message)
class SHA1:
"""计算企业微信的消息签名接口"""
def getSHA1(self, token, timestamp, nonce, encrypt):
"""用SHA1算法生成安全签名
@param token: 票据
@param timestamp: 时间戳
@param encrypt: 密文
@param nonce: 随机字符串
@return: 安全签名
"""
try:
sortlist = [token, timestamp, nonce, encrypt]
sortlist.sort()
sha = hashlib.sha1()
sort_str = "".join(sortlist)
sha.update(sort_str.encode('utf-8'))
return ierror.WXBizMsgCrypt_OK, sha.hexdigest()
except Exception as e:
return ierror.WXBizMsgCrypt_ComputeSignature_Error, None
class XMLParse:
"""提供提取消息格式中的密文及生成回复消息格式的接口"""
# xml消息模板
AES_TEXT_RESPONSE_TEMPLATE = """<xml>
<Encrypt><![CDATA[%(msg_encrypt)s]]></Encrypt>
<MsgSignature><![CDATA[%(msg_signaturet)s]]></MsgSignature>
<TimeStamp>%(timestamp)s</TimeStamp>
<Nonce><![CDATA[%(nonce)s]]></Nonce>
</xml>"""
def extract(self, xmltext):
"""提取出xml数据包中的加密消息
@param xmltext: 待提取的xml字符串
@return: 提取出的加密消息字符串
"""
try:
xml_tree = ET.fromstring(xmltext)
encrypt = xml_tree.find("Encrypt")
touser_name = xml_tree.find("ToUserName")
return ierror.WXBizMsgCrypt_OK, encrypt.text, touser_name.text
except Exception as e:
return ierror.WXBizMsgCrypt_ParseXml_Error, None, None
def generate(self, encrypt, signature, timestamp, nonce):
"""生成xml消息
@param encrypt: 加密后的消息密文
@param signature: 安全签名
@param timestamp: 时间戳
@param nonce: 随机字符串
@return: 生成的xml字符串
"""
resp_dict = {
'msg_encrypt': encrypt,
'msg_signaturet': signature,
'timestamp': timestamp,
'nonce': nonce,
}
resp_xml = self.AES_TEXT_RESPONSE_TEMPLATE % resp_dict
return resp_xml
class PKCS7Encoder():
"""提供基于PKCS7算法的加解密接口"""
block_size = 32
def encode(self, text):
""" 对需要加密的明文进行填充补位
@param text: 需要进行填充补位操作的明文
@return: 补齐明文字符串
"""
text_length = len(text)
# 计算需要填充的位数
amount_to_pad = self.block_size - (text_length % self.block_size)
if amount_to_pad == 0:
amount_to_pad = self.block_size
# 获得补位所用的字符
pad = chr(amount_to_pad)
return text + pad * amount_to_pad
def decode(self, decrypted):
"""删除解密后明文的补位字符
@param decrypted: 解密后的明文
@return: 删除补位字符后的明文
"""
pad = ord(decrypted[-1])
if pad < 1 or pad > 32:
pad = 0
return decrypted[:-pad]
class Prpcrypt(object):
"""提供接收和推送给企业微信消息的加解密接口"""
def __init__(self, key):
# self.key = base64.b64decode(key+"=")
self.key = key
# 设置加解密模式为AES的CBC模式
self.mode = AES.MODE_CBC
def encrypt(self, text, corpid):
"""对明文进行加密
@param text: 需要加密的明文
@return: 加密得到的字符串
"""
# 16位随机字符串添加到明文开头
text = self.get_random_str() + str(struct.pack("I", socket.htonl(len(text))), encoding='utf8')\
+ str(text, encoding='utf8') + corpid
# 使用自定义的填充方式对明文进行补位填充
pkcs7 = PKCS7Encoder()
text = pkcs7.encode(text)
# 加密
cryptor = AES.new(self.key, self.mode, self.key[:16])
try:
ciphertext = cryptor.encrypt(text)
# 使用BASE64对加密后的字符串进行编码
return ierror.WXBizMsgCrypt_OK, base64.b64encode(ciphertext)
except Exception as e:
return ierror.WXBizMsgCrypt_EncryptAES_Error, None
def decrypt(self, text, corpid):
"""对解密后的明文进行补位删除
@param text: 密文
@return: 删除填充补位后的明文
"""
try:
cryptor = AES.new(self.key, self.mode, self.key[:16])
# 使用BASE64对密文进行解码然后AES-CBC解密
plain_text = cryptor.decrypt(base64.b64decode(text))
except Exception as e:
return ierror.WXBizMsgCrypt_DecryptAES_Error, None
try:
pad = plain_text[-1]
# 去掉补位字符串
# pkcs7 = PKCS7Encoder()
# plain_text = pkcs7.encode(plain_text)
# 去除16位随机字符串
content = plain_text[16:-pad]
xml_len = socket.ntohl(struct.unpack("I", content[: 4])[0])
xml_content = content[4: xml_len + 4]
from_corpid = content[xml_len + 4:]
except Exception as e:
return ierror.WXBizMsgCrypt_IllegalBuffer, None
if str(from_corpid, encoding="utf8") != corpid and len(ET.fromstring(xml_content).findall("SuiteId")) < 1:
return ierror.WXBizMsgCrypt_ValidateCorpid_Error, None
return 0, xml_content
def get_random_str(self):
""" 随机生成16位字符串
@return: 16位字符串
"""
rule = string.ascii_letters + string.digits
str = random.sample(rule, 16)
return "".join(str)
class WXBizMsgCrypt(object):
# 构造函数
# @param sToken: 企业微信后台开发者设置的Token
# @param sEncodingAESKey: 企业微信后台开发者设置的EncodingAESKey
# @param sCorpId: 企业号的CorpId
def __init__(self, sToken, sEncodingAESKey, sCorpId):
try:
self.key = base64.b64decode(sEncodingAESKey + "=")
assert len(self.key) == 32
except:
throw_exception("[error]: EncodingAESKey unvalid !", FormatException)
# return ierror.WXBizMsgCrypt_IllegalAesKey,None
self.m_sToken = sToken
self.m_sCorpid = sCorpId
# 验证URL
# @param sMsgSignature: 签名串对应URL参数的msg_signature
# @param sTimeStamp: 时间戳对应URL参数的timestamp
# @param sNonce: 随机串对应URL参数的nonce
# @param sEchoStr: 随机串对应URL参数的echostr
# @param sReplyEchoStr: 解密之后的echostr当return返回0时有效
# @return成功0失败返回对应的错误码
def VerifyURL(self, sMsgSignature, sTimeStamp, sNonce, sEchoStr):
sha1 = SHA1()
ret, signature = sha1.getSHA1(self.m_sToken, sTimeStamp, sNonce, sEchoStr)
if ret != 0:
return ret, None
if not signature == sMsgSignature:
return ierror.WXBizMsgCrypt_ValidateSignature_Error, None
pc = Prpcrypt(self.key)
ret, sReplyEchoStr = pc.decrypt(sEchoStr, self.m_sCorpid)
return ret, sReplyEchoStr
def EncryptMsg(self, sReplyMsg, sNonce, timestamp=None):
# 将企业回复用户的消息加密打包
# @param sReplyMsg: 企业号待回复用户的消息xml格式的字符串
# @param sTimeStamp: 时间戳可以自己生成也可以用URL参数的timestamp,如为None则自动用当前时间
# @param sNonce: 随机串可以自己生成也可以用URL参数的nonce
# sEncryptMsg: 加密后的可以直接回复用户的密文包括msg_signature, timestamp, nonce, encrypt的xml格式的字符串,
# return成功0sEncryptMsg,失败返回对应的错误码None
pc = Prpcrypt(self.key)
ret, encrypt = pc.encrypt(sReplyMsg, self.m_sCorpid)
if ret != 0:
return ret, None
if timestamp is None:
timestamp = str(int(time.time()))
# 生成安全签名
sha1 = SHA1()
ret, signature = sha1.getSHA1(self.m_sToken, timestamp, sNonce, encrypt)
if ret != 0:
return ret, None
xmlParse = XMLParse()
return ret, xmlParse.generate(encrypt, signature, timestamp, sNonce)
def DecryptMsg(self, sPostData, sMsgSignature, sTimeStamp, sNonce):
# 检验消息的真实性,并且获取解密后的明文
# @param sMsgSignature: 签名串对应URL参数的msg_signature
# @param sTimeStamp: 时间戳对应URL参数的timestamp
# @param sNonce: 随机串对应URL参数的nonce
# @param sPostData: 密文对应POST请求的数据
# xml_content: 解密后的原文当return返回0时有效
# @return: 成功0失败返回对应的错误码
# 验证安全签名
xmlParse = XMLParse()
ret, encrypt, touser_name = xmlParse.extract(sPostData)
if ret != 0:
return ret, None
sha1 = SHA1()
ret, signature = sha1.getSHA1(self.m_sToken, sTimeStamp, sNonce, encrypt)
if ret != 0:
return ret, None
if not signature == sMsgSignature:
return ierror.WXBizMsgCrypt_ValidateSignature_Error, None
pc = Prpcrypt(self.key)
ret, xml_content = pc.decrypt(encrypt, self.m_sCorpid)
return ret, xml_content

3
sg_wechat_enterprise/controllers/__init__.py Normal file
View File

@@ -0,0 +1,3 @@
from . import wechat_enterprise

20
sg_wechat_enterprise/controllers/ierror.py Normal file
View File

@@ -0,0 +1,20 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#########################################################################
# Author: jonyqin
# Created Time: Thu 11 Sep 2014 01:53:58 PM CST
# File Name: ierror.py
# Description:定义错误码含义
#########################################################################
WXBizMsgCrypt_OK = 0
WXBizMsgCrypt_ValidateSignature_Error = -40001
WXBizMsgCrypt_ParseXml_Error = -40002
WXBizMsgCrypt_ComputeSignature_Error = -40003
WXBizMsgCrypt_IllegalAesKey = -40004
WXBizMsgCrypt_ValidateCorpid_Error = -40005
WXBizMsgCrypt_EncryptAES_Error = -40006
WXBizMsgCrypt_DecryptAES_Error = -40007
WXBizMsgCrypt_IllegalBuffer = -40008
WXBizMsgCrypt_EncodeBase64_Error = -40009
WXBizMsgCrypt_DecodeBase64_Error = -40010
WXBizMsgCrypt_GenReturnXml_Error = -40011

231
sg_wechat_enterprise/controllers/wechat_enterprise.py Normal file
View File

@@ -0,0 +1,231 @@
import time
import functools
import base64
from json import *
from odoo import http, fields
from odoo.http import request
from . import WXBizMsgCrypt
from werkzeug.exceptions import abort
import xml.etree.cElementTree as Et
import requests as req
import logging
from lxml import etree
_logger = logging.getLogger(__name__)
def wechat_login(func):
"""
用来根据userid取得合作伙伴的id
:return:
"""
@functools.wraps(func)
def wrapper(*args, **kw):
# now_time = time.time()
# request.session['session_time'] = time.time()
# if 'session_time' not in request.session:
# request.session['session_time'] = 1
# if now_time > request.session['session_time'] + 350:
_logger.info(u"没进来之前的kw值为%s" % JSONEncoder().encode(kw))
# if not request.session['login'] or not request.session['login'] or request.session[
# 'login'] == "public":
enterprise, agent_id = request.env['we.config'].sudo().get_odoo_wechat()
if enterprise and agent_id:
if 'code' in kw and 'state' in kw: # 检查是否取得了code
if 'kw' in request.session.keys():
_logger.info('code:%s' % kw['code'])
account = enterprise.oauth.get_user_info(code=kw['code'])
_logger.info('account:%s' % account)
if account: # 是否取得了微信企业号通讯录的账号
user_detail = enterprise.user.get_detail(account['user_ticket'])
_logger.info('user_detail:%s' % user_detail)
request.env['we.employee'].we_privacy_update(user_detail)
user = request.env['res.users'].sudo().search(
[('we_employee_id', '=', account['UserId'])])
_logger.info('user:%s' % user)
if user: # 是否取得了用户
if 'state' in kw:
state = base64.b64encode(kw['state'].encode('utf-8')).decode()
kw['state'] = state
uid = request.session.authenticate(request.session.db, user.login,
account['UserId'])
kw['user_id'] = uid
request.session['session_time'] = time.time()
request.session['login'] = user.login
_logger.info(u"进来之后的kw值为%s" % kw)
return func(*args, **kw)
else:
_logger.warning(u'用户不存在.')
return request.render('sg_wechat_enterprise.wechat_warning',
{'title': u'警告', 'content': u'该员工的未配置登录用户.'})
else:
_logger.warning(u'微信企业号验证失败.')
return request.render('sg_wechat_enterprise.wechat_warning',
{'title': u'警告', 'content': u'微信企业号验证失败.'})
else:
# 返回时候进入的地方
del kw['code']
del kw['state']
request.session['kw'] = base64.b64encode(JSONEncoder().encode(kw).encode('utf-8')).decode()
if len(kw) == 0:
base_url = request.httprequest.base_url
else:
base_url = request.httprequest.base_url + '?'
for item, value in kw.items():
base_url += item + '=' + value + "&"
base_url = base_url[: -1]
url = enterprise.oauth.authorize_url(base_url,
state=base64.b64encode(
JSONEncoder().encode(kw).encode('utf-8')).decode(),
agent_id=agent_id,
scope='snsapi_privateinfo')
_logger.warning(u"这是授权的url:" + url)
value = {"url": url}
return request.render("sg_wechat_enterprise.Transfer", value)
else: # 开始微信企业号登录认证
request.session['kw'] = base64.b64encode(JSONEncoder().encode(kw).encode('utf-8')).decode()
if len(kw) == 0:
base_url = request.httprequest.base_url
else:
base_url = request.httprequest.base_url + '?'
for item, value in kw.items():
base_url += item + '=' + value + "&"
base_url = base_url[: -1]
url = enterprise.oauth.authorize_url(base_url,
state=base64.b64encode(
JSONEncoder().encode(kw).encode('utf-8')).decode(),
agent_id=agent_id,
scope='snsapi_privateinfo'
)
_logger.warning(u"这是授权的url:" + url)
value = {"url": url}
return request.render("sg_wechat_enterprise.Transfer", value)
else:
_logger.warning(u'微信企业号初始化失败.')
return request.render('sg_wechat_enterprise.wechat_warning',
{'title': u'警告', 'content': u'微信企业号初始化失败.'})
# return func(*args, **kw)
return wrapper
class WechatEnterprise(http.Controller):
"""
用于接收微信发过来的任何消息,并转发给相应的业务类进行处理
"""
__check_str = 'NDOEHNDSY#$_@$JFDK:Q{!'
BASE_URL = '/we'
@wechat_login
@http.route(BASE_URL + '/auth', type='http', auth='none')
def auth(self, *args, **kw):
"""
企业微信免登认证
"""
try:
# user_id = (request.session['uid'])
redirect1 = kw['redirect'] if 'redirect' in kw else None
uid = kw['user_id'] if 'redirect' in kw else None
_logger.info('user_id %s', uid)
if uid is not False:
request.params['login_success'] = True
if not redirect1:
redirect1 = '/web'
redirect1 = redirect1.replace('-', '&').replace('?', '#')
logging.info('url:%s' % redirect1)
return request.redirect(redirect1)
except Exception as ex:
_logger.error('无有效的登录凭证.')
_logger.warning('auth exceptions:%s' % ex)
return request.render('sg_wechat_enterprise.wechat_warning',
{'title': u'警告', 'content': u'无有效的登录凭证.'})
@http.route('/WechatEnterprise/<string:code>/api', type='http', auth="public", methods=["GET", "POST"], csrf=False)
def process(self, code, **kwargs):
"""
处理从微信服务器发送过来的请求
:param code: 自定义代码
:param kwargs: 包含 (msg_signature, timestamp, nonce, echostr) 等参数
:return:
"""
_logger.info(u'处理从微信服务器发送过来的请求code: %s, kwargs: %s' % (code, kwargs))
app_id = request.env['we.app'].sudo().search([('code', '=', code)], limit=1)
if not app_id:
_logger.warning(u'Can not find wechat app by code: {code}')
abort(403)
corp_id = app_id.enterprise_id
we_chat_cpt = WXBizMsgCrypt.WXBizMsgCrypt(app_id.Token, app_id.EncodingAESKey, corp_id.corp_id)
signature, timestamp, nonce = kwargs['msg_signature'], kwargs['timestamp'], kwargs['nonce']
if kwargs.get('echostr'):
echo_string = kwargs['echostr']
sort_list = [app_id.Token, timestamp, nonce, echo_string]
if request.env['we.tools'].sudo(). \
check_message_signature(message_list=sort_list, msg_signature=signature):
ret, signature_echo_string = we_chat_cpt.VerifyURL(signature, timestamp, nonce, echo_string)
if ret == 0:
return str(signature_echo_string, encoding="utf8")
body_text = request.httprequest.data
ret, signature_message = we_chat_cpt.DecryptMsg(body_text, signature, timestamp, nonce)
xml_tree = Et.fromstring(signature_message)
if len(xml_tree.findall("SuiteId")) > 0:
return "success"
if len(xml_tree.find("ApprovalInfo")) > 0:
xmlstr = etree.fromstring(signature_message)
# data = xml2json_from_elementtree(xmlstr)
return request.env['we.receive.message'].sudo().sys_approval_change(xml_tree.find("ApprovalInfo"))
data = {
'MsgType': xml_tree.find("MsgType").text,
# 'AgentID': xml_tree.find("AgentID").text,
'ToUserName': xml_tree.find("ToUserName").text,
'FromUserName': xml_tree.find("FromUserName").text,
'CreateTime': xml_tree.find("CreateTime").text
}
if xml_tree.find("AgentID") != None:
data['AgentID'] = xml_tree.find("AgentID").text
if data["MsgType"] == "text":
data["Content"] = xml_tree.find("Content").text
data["MsgId"] = xml_tree.find("MsgId").text
if data["MsgType"] == "image":
data["PicUrl"] = xml_tree.find("PicUrl").text
data["MediaId"] = xml_tree.find("MediaId").text
data["MsgId"] = xml_tree.find("MsgId").text
if data["MsgType"] == "voice":
data["MediaId"] = xml_tree.find("MediaId").text
data["Format"] = xml_tree.find("Format").text
data["MsgId"] = xml_tree.find("MsgId").text
if data["MsgType"] == "video" or data["MsgType"] == "shortvideo":
data["MediaId"] = xml_tree.find("MediaId").text
data["ThumbMediaId"] = xml_tree.find("ThumbMediaId").text
data["MsgId"] = xml_tree.find("MsgId").text
if data["MsgType"] == "location":
data["Location_X"] = xml_tree.find("Location_X").text
data["Location_Y"] = xml_tree.find("Location_Y").text
data["Scale"] = xml_tree.find("Scale").text
data["Label"] = xml_tree.find("Label").text
data["MsgId"] = xml_tree.find("MsgId").text
if data["MsgType"] == "link":
data["Title"] = xml_tree.find("Title").text
data["Description"] = xml_tree.find("Description").text
data["PicUrl"] = xml_tree.find("PicUrl").text
data["MsgId"] = xml_tree.find("MsgId").text
if data["MsgType"] == "event":
if xml_tree.find("Event") == "subscribe" or xml_tree.find("Event") == "unsubscribe":
data["Event"] = xml_tree.find("Event").text
else:
ret, signature_message = we_chat_cpt.EncryptMsg(signature_message, nonce, timestamp)
return signature_message
request.env['we.receive.message'].sudo().process_message(data)
return ''
@http.route('/WechatEnterprise/transfer', type='http', auth="public", methods=["POST", "GET"], csrf=False)
def transfer(self, url):
value = {"url": url}
return request.render('sg_wechat_enterprise.Transfer', value)