component_verify_ticket回调被wxsource middleware拦截?
hzwoo opened this issue · 2 comments
采用传统方式部署,正常启动,发现没法获取component_verify_ticket,在nginx日志发现回调返回401
[GIN] 2022/11/17 - 19:44:53 | 401 | 241.295µs | 81.69.103.236 | POST "/wxcallback/component?signature=f5b8b2998154f7b339238d207f87b6799dfc91c9×tamp=1668685492&nonce=619113215&encrypt_type=aes&msg_signature=956e41558746edb8da5cfe2075e7088d33653ca7"
然后在 middleware/wxsource.go 里发现有一个判断消息头是否包含 'x-wx-source'
// WXSourceMiddleWare 中间件 判断是否来源于微信
func WXSourceMiddleWare(c *gin.Context) {
if _, ok := c.Request.Header[http.CanonicalHeaderKey("x-wx-source")]; ok {
fmt.Println("[WXSourceMiddleWare]from wx")
c.Next()
} else {
// 加一条打印消息
fmt.Println("About", http.StatusUnauthorized, errno.ErrNotAuthorized)
c.Abort()
c.JSON(http.StatusUnauthorized, errno.ErrNotAuthorized)
}
}
在else里加一条打印消息,日志打印:
[GIN] 2022/11/17 - 19:54:53 | 401 | 265.135µs | 175.24.214.150 | POST "/wxcallback/component?signature=04d577389192b10dc0fbae16dd30167f7a405cd8×tamp=1668686093&nonce=806112033&encrypt_type=aes&msg_signature=10b4792cfdc0b5b1f831294d625ceb529518663a"
2022-11-17T19:54:53+08:00 | DEBUG | [middleware/log.go:23] ---header---
2022-11-17T19:54:53+08:00 | DEBUG | [middleware/log.go:25] X-Nginx-Proxy [true]
2022-11-17T19:54:53+08:00 | DEBUG | [middleware/log.go:25] Connection [upgrade]
2022-11-17T19:54:53+08:00 | DEBUG | [middleware/log.go:25] User-Agent [Mozilla/4.0]
2022-11-17T19:54:53+08:00 | DEBUG | [middleware/log.go:25] Accept [/]
2022-11-17T19:54:53+08:00 | DEBUG | [middleware/log.go:25] Pragma [no-cache]
2022-11-17T19:54:53+08:00 | DEBUG | [middleware/log.go:25] Content-Type [text/xml]
2022-11-17T19:54:53+08:00 | DEBUG | [middleware/log.go:25] Cache-Control [no-cache]
2022-11-17T19:54:53+08:00 | DEBUG | [middleware/log.go:25] X-Forwarded-For [81.69.103.236]
2022-11-17T19:54:53+08:00 | DEBUG | [middleware/log.go:25] Content-Length [571]
2022-11-17T19:54:53+08:00 | DEBUG | [middleware/log.go:25] X-Real-Ip [81.69.103.236]
2022-11-17T19:54:53+08:00 | DEBUG | [middleware/log.go:27] ---header---
Abort %s %s 401 &{1000 访问未授权 }
明显ticket推送消息头里没有 ‘x-wx-source’ 被拦截了?
把拦截的middle去掉,发现消息还没解密,看来对传统模式部署不太友好啊
componentHandler body
componentHandler 1 invalid character '<' looking for beginning of value &{1001 参数格式有误 invalid character '<' looking for beginning of value}
[GIN] 2022/11/17 - 20:34:43 | 200 | 300.444µs | 81.69.101.237 | POST "/wxcallback/component?signature=7a55f8b306b793a96a6489bdcb1f11cb0a4ccc05×tamp=1668688483&nonce=693434526&encrypt_type=aes&msg_signature=97e79c0b19a724d56625f05074e16dffa303ce8a"
已解决,fork出来修改后已经成功到第三方的云服务。
https://github.com/hzwoo/wxcloudrun-wxcomponent