These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | /* |
||
4 | * This file is part of the overtrue/wechat. |
||
5 | * |
||
6 | * (c) overtrue <[email protected]> |
||
7 | * |
||
8 | * This source file is subject to the MIT license that is bundled |
||
9 | * with this source code in the file LICENSE. |
||
10 | */ |
||
11 | |||
12 | /** |
||
13 | * Guard.php. |
||
14 | * |
||
15 | * @author overtrue <[email protected]> |
||
16 | * @copyright 2015 overtrue <[email protected]> |
||
17 | * |
||
18 | * @see https://github.com/overtrue |
||
19 | * @see http://overtrue.me |
||
20 | */ |
||
21 | |||
22 | namespace EasyWeChat\Server; |
||
23 | |||
24 | use EasyWeChat\Core\Exceptions\FaultException; |
||
25 | use EasyWeChat\Core\Exceptions\InvalidArgumentException; |
||
26 | use EasyWeChat\Core\Exceptions\RuntimeException; |
||
27 | use EasyWeChat\Encryption\Encryptor; |
||
28 | use EasyWeChat\Message\AbstractMessage; |
||
29 | use EasyWeChat\Message\Raw as RawMessage; |
||
30 | use EasyWeChat\Message\Text; |
||
31 | use EasyWeChat\Support\Collection; |
||
32 | use EasyWeChat\Support\Log; |
||
33 | use EasyWeChat\Support\XML; |
||
34 | use Symfony\Component\HttpFoundation\Request; |
||
35 | use Symfony\Component\HttpFoundation\Response; |
||
36 | |||
37 | /** |
||
38 | * Class Guard. |
||
39 | */ |
||
40 | class Guard |
||
41 | { |
||
42 | /** |
||
43 | * Empty string. |
||
44 | */ |
||
45 | const SUCCESS_EMPTY_RESPONSE = 'success'; |
||
46 | |||
47 | const TEXT_MSG = 2; |
||
48 | const IMAGE_MSG = 4; |
||
49 | const VOICE_MSG = 8; |
||
50 | const VIDEO_MSG = 16; |
||
51 | const SHORT_VIDEO_MSG = 32; |
||
52 | const LOCATION_MSG = 64; |
||
53 | const LINK_MSG = 128; |
||
54 | const DEVICE_EVENT_MSG = 256; |
||
55 | const DEVICE_TEXT_MSG = 512; |
||
56 | const EVENT_MSG = 1048576; |
||
57 | const ALL_MSG = 1049598; |
||
58 | |||
59 | /** |
||
60 | * @var Request |
||
61 | */ |
||
62 | protected $request; |
||
63 | |||
64 | /** |
||
65 | * @var string |
||
66 | */ |
||
67 | protected $token; |
||
68 | |||
69 | /** |
||
70 | * @var Encryptor |
||
71 | */ |
||
72 | protected $encryptor; |
||
73 | |||
74 | /** |
||
75 | * @var string|callable |
||
76 | */ |
||
77 | protected $messageHandler; |
||
78 | |||
79 | /** |
||
80 | * @var int |
||
81 | */ |
||
82 | protected $messageFilter; |
||
83 | |||
84 | /** |
||
85 | * @var array |
||
86 | */ |
||
87 | protected $messageTypeMapping = [ |
||
88 | 'text' => 2, |
||
89 | 'image' => 4, |
||
90 | 'voice' => 8, |
||
91 | 'video' => 16, |
||
92 | 'shortvideo' => 32, |
||
93 | 'location' => 64, |
||
94 | 'link' => 128, |
||
95 | 'device_event' => 256, |
||
96 | 'device_text' => 512, |
||
97 | 'event' => 1048576, |
||
98 | ]; |
||
99 | |||
100 | /** |
||
101 | * @var bool |
||
102 | */ |
||
103 | protected $debug = false; |
||
104 | |||
105 | /** |
||
106 | * Constructor. |
||
107 | * |
||
108 | * @param string $token |
||
109 | * @param Request $request |
||
110 | */ |
||
111 | 12 | public function __construct($token, Request $request = null) |
|
112 | { |
||
113 | 12 | $this->token = $token; |
|
114 | 12 | $this->request = $request ?: Request::createFromGlobals(); |
|
115 | 12 | } |
|
116 | |||
117 | /** |
||
118 | * Enable/Disable debug mode. |
||
119 | * |
||
120 | * @param bool $debug |
||
121 | * |
||
122 | * @return $this |
||
123 | */ |
||
124 | 3 | public function debug($debug = true) |
|
125 | { |
||
126 | 3 | $this->debug = $debug; |
|
127 | |||
128 | 3 | return $this; |
|
129 | } |
||
130 | |||
131 | /** |
||
132 | * Handle and return response. |
||
133 | * |
||
134 | * @return Response |
||
135 | * |
||
136 | * @throws BadRequestException |
||
137 | */ |
||
138 | 8 | public function serve() |
|
139 | { |
||
140 | 8 | Log::debug('Request received:', [ |
|
141 | 8 | 'Method' => $this->request->getMethod(), |
|
142 | 8 | 'URI' => $this->request->getRequestUri(), |
|
143 | 8 | 'Query' => $this->request->getQueryString(), |
|
144 | 8 | 'Protocal' => $this->request->server->get('SERVER_PROTOCOL'), |
|
145 | 8 | 'Content' => $this->request->getContent(), |
|
146 | 8 | ]); |
|
147 | |||
148 | 8 | $this->validate($this->token); |
|
149 | |||
150 | 8 | if ($str = $this->request->get('echostr')) { |
|
151 | 2 | Log::debug("Output 'echostr' is '$str'."); |
|
152 | |||
153 | 2 | return new Response($str); |
|
154 | } |
||
155 | |||
156 | 7 | $result = $this->handleRequest(); |
|
157 | |||
158 | 7 | $response = $this->buildResponse($result['to'], $result['from'], $result['response']); |
|
159 | |||
160 | 7 | Log::debug('Server response created:', compact('response')); |
|
161 | |||
162 | 7 | return new Response($response); |
|
163 | } |
||
164 | |||
165 | /** |
||
166 | * Validation request params. |
||
167 | * |
||
168 | * @param string $token |
||
169 | * |
||
170 | * @throws FaultException |
||
171 | */ |
||
172 | 8 | public function validate($token) |
|
173 | { |
||
174 | $params = [ |
||
175 | 8 | $token, |
|
176 | 8 | $this->request->get('timestamp'), |
|
177 | 8 | $this->request->get('nonce'), |
|
178 | 8 | ]; |
|
179 | |||
180 | 8 | if (!$this->debug && $this->request->get('signature') !== $this->signature($params)) { |
|
181 | throw new FaultException('Invalid request signature.', 400); |
||
182 | } |
||
183 | 8 | } |
|
184 | |||
185 | /** |
||
186 | * Add a event listener. |
||
187 | * |
||
188 | * @param callable $callback |
||
189 | * @param int $option |
||
190 | * |
||
191 | * @return Guard |
||
192 | * |
||
193 | * @throws InvalidArgumentException |
||
194 | */ |
||
195 | 7 | public function setMessageHandler($callback = null, $option = self::ALL_MSG) |
|
196 | { |
||
197 | 7 | if (!is_callable($callback)) { |
|
198 | 1 | throw new InvalidArgumentException('Argument #2 is not callable.'); |
|
199 | } |
||
200 | |||
201 | 7 | $this->messageHandler = $callback; |
|
202 | 7 | $this->messageFilter = $option; |
|
203 | |||
204 | 7 | return $this; |
|
205 | } |
||
206 | |||
207 | /** |
||
208 | * Return the message listener. |
||
209 | * |
||
210 | * @return string |
||
211 | */ |
||
212 | 1 | public function getMessageHandler() |
|
213 | { |
||
214 | 1 | return $this->messageHandler; |
|
215 | } |
||
216 | |||
217 | /** |
||
218 | * Request getter. |
||
219 | * |
||
220 | * @return Request |
||
221 | */ |
||
222 | public function getRequest() |
||
223 | { |
||
224 | return $this->request; |
||
225 | } |
||
226 | |||
227 | /** |
||
228 | * Request setter. |
||
229 | * |
||
230 | * @param Request $request |
||
231 | * |
||
232 | * @return $this |
||
233 | */ |
||
234 | public function setRequest(Request $request) |
||
235 | { |
||
236 | $this->request = $request; |
||
237 | |||
238 | return $this; |
||
239 | } |
||
240 | |||
241 | /** |
||
242 | * Set Encryptor. |
||
243 | * |
||
244 | * @param Encryptor $encryptor |
||
245 | * |
||
246 | * @return Guard |
||
247 | */ |
||
248 | 4 | public function setEncryptor(Encryptor $encryptor) |
|
249 | { |
||
250 | 4 | $this->encryptor = $encryptor; |
|
251 | |||
252 | 4 | return $this; |
|
253 | } |
||
254 | |||
255 | /** |
||
256 | * Return the encryptor instance. |
||
257 | * |
||
258 | * @return Encryptor |
||
259 | */ |
||
260 | public function getEncryptor() |
||
261 | { |
||
262 | return $this->encryptor; |
||
263 | } |
||
264 | |||
265 | /** |
||
266 | * Build response. |
||
267 | * |
||
268 | * @param $to |
||
269 | * @param $from |
||
270 | * @param mixed $message |
||
271 | * |
||
272 | * @return string |
||
273 | * |
||
274 | * @throws \EasyWeChat\Core\Exceptions\InvalidArgumentException |
||
275 | */ |
||
276 | 7 | protected function buildResponse($to, $from, $message) |
|
277 | { |
||
278 | 7 | if (empty($message) || $message === self::SUCCESS_EMPTY_RESPONSE) { |
|
279 | 4 | return self::SUCCESS_EMPTY_RESPONSE; |
|
280 | } |
||
281 | |||
282 | 5 | if ($message instanceof RawMessage) { |
|
283 | 1 | return $message->get('content', self::SUCCESS_EMPTY_RESPONSE); |
|
284 | } |
||
285 | |||
286 | 4 | if (is_string($message) || is_numeric($message)) { |
|
287 | 4 | $message = new Text(['content' => $message]); |
|
288 | 4 | } |
|
289 | |||
290 | 4 | if (!$this->isMessage($message)) { |
|
291 | $messageType = gettype($message); |
||
292 | throw new InvalidArgumentException("Invalid Message type .'{$messageType}'"); |
||
293 | } |
||
294 | |||
295 | 4 | $response = $this->buildReply($to, $from, $message); |
|
296 | |||
297 | 4 | if ($this->isSafeMode()) { |
|
298 | 1 | Log::debug('Message safe mode is enable.'); |
|
299 | 1 | $response = $this->encryptor->encryptMsg( |
|
300 | 1 | $response, |
|
301 | 1 | $this->request->get('nonce'), |
|
302 | 1 | $this->request->get('timestamp') |
|
303 | 1 | ); |
|
304 | 1 | } |
|
305 | |||
306 | 4 | return $response; |
|
307 | } |
||
308 | |||
309 | /** |
||
310 | * Whether response is message. |
||
311 | * |
||
312 | * @param mixed $message |
||
313 | * |
||
314 | * @return bool |
||
315 | */ |
||
316 | 4 | protected function isMessage($message) |
|
317 | { |
||
318 | 4 | if (is_array($message)) { |
|
319 | foreach ($message as $element) { |
||
320 | if (!is_subclass_of($element, AbstractMessage::class)) { |
||
321 | return false; |
||
322 | } |
||
323 | } |
||
324 | |||
325 | return true; |
||
326 | } |
||
327 | |||
328 | 4 | return is_subclass_of($message, AbstractMessage::class); |
|
329 | } |
||
330 | |||
331 | /** |
||
332 | * Get request message. |
||
333 | * |
||
334 | * @return array |
||
335 | * |
||
336 | * @throws BadRequestException |
||
337 | */ |
||
338 | 7 | public function getMessage() |
|
339 | { |
||
340 | 7 | $message = $this->parseMessageFromRequest($this->request->getContent(false)); |
|
341 | |||
342 | 7 | if (!is_array($message) || empty($message)) { |
|
343 | throw new BadRequestException('Invalid request.'); |
||
344 | } |
||
345 | |||
346 | 7 | return $message; |
|
347 | } |
||
348 | |||
349 | /** |
||
350 | * Handle request. |
||
351 | * |
||
352 | * @return array |
||
353 | * |
||
354 | * @throws \EasyWeChat\Core\Exceptions\RuntimeException |
||
355 | * @throws \EasyWeChat\Server\BadRequestException |
||
356 | */ |
||
357 | 7 | protected function handleRequest() |
|
358 | { |
||
359 | 7 | $message = $this->getMessage(); |
|
360 | 7 | $response = $this->handleMessage($message); |
|
361 | |||
362 | return [ |
||
363 | 7 | 'to' => $message['FromUserName'], |
|
364 | 7 | 'from' => $message['ToUserName'], |
|
365 | 7 | 'response' => $response, |
|
366 | 7 | ]; |
|
367 | } |
||
368 | |||
369 | /** |
||
370 | * Handle message. |
||
371 | * |
||
372 | * @param array $message |
||
373 | * |
||
374 | * @return mixed |
||
375 | */ |
||
376 | 7 | protected function handleMessage(array $message) |
|
377 | { |
||
378 | 7 | $handler = $this->messageHandler; |
|
379 | |||
380 | 7 | if (!is_callable($handler)) { |
|
381 | 3 | Log::debug('No handler enabled.'); |
|
382 | |||
383 | 3 | return null; |
|
384 | } |
||
385 | |||
386 | 6 | Log::debug('Message detail:', $message); |
|
387 | |||
388 | 6 | $message = new Collection($message); |
|
389 | |||
390 | 6 | $type = $this->messageTypeMapping[$message->get('MsgType')]; |
|
391 | |||
392 | 6 | $response = null; |
|
393 | |||
394 | 6 | if ($this->messageFilter & $type) { |
|
395 | 6 | $response = call_user_func_array($handler, [$message]); |
|
396 | 6 | } |
|
397 | |||
398 | 6 | return $response; |
|
399 | } |
||
400 | |||
401 | /** |
||
402 | * Build reply XML. |
||
403 | * |
||
404 | * @param string $to |
||
405 | * @param string $from |
||
406 | * @param AbstractMessage $message |
||
407 | * |
||
408 | * @return string |
||
409 | */ |
||
410 | 4 | protected function buildReply($to, $from, $message) |
|
411 | { |
||
412 | $base = [ |
||
413 | 4 | 'ToUserName' => $to, |
|
414 | 4 | 'FromUserName' => $from, |
|
415 | 4 | 'CreateTime' => time(), |
|
416 | 4 | 'MsgType' => is_array($message) ? current($message)->getType() : $message->getType(), |
|
417 | 4 | ]; |
|
418 | |||
419 | 4 | $transformer = new Transformer(); |
|
420 | |||
421 | 4 | return XML::build(array_merge($base, $transformer->transform($message))); |
|
422 | } |
||
423 | |||
424 | /** |
||
425 | * Get signature. |
||
426 | * |
||
427 | * @param array $request |
||
428 | * |
||
429 | * @return string |
||
430 | */ |
||
431 | 8 | protected function signature($request) |
|
432 | { |
||
433 | 8 | sort($request, SORT_STRING); |
|
434 | |||
435 | 8 | return sha1(implode($request)); |
|
436 | } |
||
437 | |||
438 | /** |
||
439 | * Parse message array from raw php input. |
||
440 | * |
||
441 | * @param string|resource $content |
||
442 | * |
||
443 | * @throws \EasyWeChat\Core\Exceptions\RuntimeException |
||
444 | * @throws \EasyWeChat\Encryption\EncryptionException |
||
445 | * |
||
446 | * @return array |
||
447 | */ |
||
448 | 7 | protected function parseMessageFromRequest($content) |
|
449 | { |
||
450 | 7 | $content = strval($content); |
|
451 | |||
452 | 7 | $arrayable = json_decode($content, true); |
|
453 | 7 | if (json_last_error() === JSON_ERROR_NONE) { |
|
454 | 1 | return $arrayable; |
|
455 | } |
||
456 | |||
457 | 7 | if ($this->isSafeMode()) { |
|
458 | 1 | if (!$this->encryptor) { |
|
459 | throw new RuntimeException('Safe mode Encryptor is necessary, please use Guard::setEncryptor(Encryptor $encryptor) set the encryptor instance.'); |
||
460 | } |
||
461 | |||
462 | 1 | $message = $this->encryptor->decryptMsg( |
|
0 ignored issues
–
show
Bug
Compatibility
introduced
by
Loading history...
|
|||
463 | 1 | $this->request->get('msg_signature'), |
|
464 | 1 | $this->request->get('nonce'), |
|
465 | 1 | $this->request->get('timestamp'), |
|
466 | $content |
||
467 | 1 | ); |
|
468 | 1 | } else { |
|
469 | 6 | $message = XML::parse($content); |
|
0 ignored issues
–
show
|
|||
470 | } |
||
471 | |||
472 | 7 | return $message; |
|
473 | } |
||
474 | |||
475 | /** |
||
476 | * Check the request message safe mode. |
||
477 | * |
||
478 | * @return bool |
||
479 | */ |
||
480 | 7 | private function isSafeMode() |
|
481 | { |
||
482 | 7 | return $this->request->get('encrypt_type') && $this->request->get('encrypt_type') === 'aes'; |
|
483 | } |
||
484 | } |
||
485 |