saas

Gemfile.lock

@@ -7,7 +7,7 @@ GIT
 
 GIT
   remote: https://github.com/work-design/rails_com.git
-  revision: 8949509c4f26ecf76adecfdbb2e221535ee47ac0
+  revision: 62d866862c729077c67329a0faf255ebaa49eba2
   specs:
     rails_com (1.2.9)
       acme-client
@@ -183,6 +183,8 @@ GEM
     nio4r (2.5.8)
     nokogiri (1.12.4-x86_64-darwin)
       racc (~> 1.4)
+    nokogiri (1.12.4-x86_64-linux)
+      racc (~> 1.4)
     pg (1.2.3)
     puma (5.4.0)
       nio4r (~> 2.0)
@@ -250,6 +252,7 @@ GEM
 
 PLATFORMS
   x86_64-darwin-20
+  x86_64-linux
 
 DEPENDENCIES
   amazing_print

app/apis/dingtalk/api/saas.rb

+require 'net/http'
 module Dingtalk::Api
   class Saas < Base
     BASE = 'https://openplatform.dg-work.cn/'
 
     def token
-      payload = {
-        appkey: app.app_key,
-        appsecret: app.app_secret,
-      }
-      r = @client.post 'gettoken.json', payload.to_json, headers: {  }, base: BASE
+      headers = sign_header('POST', '/gettoken.json')
+      r = @client.post 'gettoken.json', nil, headers: headers, base: BASE
       {
         'access_token' => r.dig('content', 'data', 'accessToken'),
         'expires_in' => r.dig('content', 'data', 'expiresIn')
       }
     end
 
-    def sign_header
+    def sign_header(method, path, params = {})
       headers = {
         apiKey: app.app_key,
-        'X-Hmac-Auth-Timestamp': Time.now.to_s(:iso8601),
+        'X-Hmac-Auth-Timestamp': Time.now.strftime('%Y-%m-%dT%H:%M:%S.%3N%:z'),
         'X-Hmac-Auth-Nonce': (Time.now.to_f * 1000).round.to_s + rand(1000..9999).to_s,
         'X-Hmac-Auth-Version': '1.0',
         'X-Hmac-Auth-IP': RailsDingtalk.config.ip,
         'X-Hmac-Auth-MAC': RailsDingtalk.config.mac
       }
 
-      
+      result = [
+        method,
+        headers[:'X-Hmac-Auth-Timestamp'],
+        headers[:'X-Hmac-Auth-Nonce'],
+        path
+      ]
+      result << params.to_query if params.present?
+      signature = OpenSSL::HMAC.digest('SHA256', app.app_secret, result.join("\n"))
+      headers.merge! 'X-Hmac-Auth-Signature': Base64.strict_encode64(signature)
     end
 
     protected
     def with_access_token(params = {}, tries = 2)
-      yield params.merge!(
-        accessKey: app.app_key,
-        secretKey: app.app_secret
-      )
+      yield params
     rescue => e
       Rails.logger.debug e.full_message
       retry unless (tries -= 1).zero?

app/apis/dingtalk/http_client.rb

@@ -22,7 +22,12 @@ module Dingtalk
       headers['Content-Type'] ||= 'application/json'
       url = base + path
 
-      response = @http.with_headers(headers).post(url, params: params, body: payload)
+      opts = {
+        params: params
+      }
+      opts.merge!(body: payload) if payload.present?
+
+      response = @http.with_headers(headers).post(url, **opts)
       parse_response(response, options[:as])
     end
 

app/models/dingtalk/model/app/saas_app.rb

@@ -16,7 +16,7 @@ module Dingtalk
     end
 
     def generate_user(code)
-      binding.b
+      api.token
     end
 
   end

lib/rails_dingtalk/config.rb

@@ -5,10 +5,12 @@ module RailsDingtalk
     config.httpx = {
       ssl: {
         verify_mode: OpenSSL::SSL::VERIFY_NONE
+      },
+      debug: STDERR,
+      debug_level: -1
     }
-    }
-    config.ip = '192.168.0.1'
-    config.mac = 'fa:16:3e:27:49:91'
+    config.ip = '127.0.0.1'
+    config.mac = '78:7b:8a:dd:94:cc'
   end
 
 end