saas

24174c61 · mingyuan · 0ebdd496 · 24174c61 · 24174c61 · 24174c61
Commit 24174c61 authored Sep 12, 2021 by mingyuan
5 changed files
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -7,7 +7,7 @@ GIT
 GIT
  remote: https://github.com/work-design/rails_com.git
-  revision: 8949509c4f26ecf76adecfdbb2e221535ee47ac0
+  revision: 62d866862c729077c67329a0faf255ebaa49eba2
  specs:
    rails_com (1.2.9)
      acme-client
@@ -183,6 +183,8 @@ GEM
    nio4r (2.5.8)
    nokogiri (1.12.4-x86_64-darwin)
      racc (~> 1.4)
+    nokogiri (1.12.4-x86_64-linux)
+      racc (~> 1.4)
    pg (1.2.3)
    puma (5.4.0)
      nio4r (~> 2.0)
@@ -250,6 +252,7 @@ GEM
 PLATFORMS
  x86_64-darwin-20
+  x86_64-linux
 DEPENDENCIES
  amazing_print

--- a/app/apis/dingtalk/api/saas.rb
+++ b/app/apis/dingtalk/api/saas.rb
+require 'net/http'
 module Dingtalk::Api
  class Saas < Base
    BASE = 'https://openplatform.dg-work.cn/'
    def token
-      payload = {
+      headers = sign_header('POST', '/gettoken.json')
-        appkey: app.app_key,
+      r = @client.post 'gettoken.json', nil, headers: headers, base: BASE
-        appsecret: app.app_secret,
-      }
-      r = @client.post 'gettoken.json', payload.to_json, headers: {  }, base: BASE
      {
        'access_token' => r.dig('content', 'data', 'accessToken'),
        'expires_in' => r.dig('content', 'data', 'expiresIn')
      }
    end
-    def sign_header
+    def sign_header(method, path, params = {})
      headers = {
        apiKey: app.app_key,
-        'X-Hmac-Auth-Timestamp': Time.now.to_s(:iso8601),
+        'X-Hmac-Auth-Timestamp': Time.now.strftime('%Y-%m-%dT%H:%M:%S.%3N%:z'),
        'X-Hmac-Auth-Nonce': (Time.now.to_f * 1000).round.to_s + rand(1000..9999).to_s,
        'X-Hmac-Auth-Version': '1.0',
        'X-Hmac-Auth-IP': RailsDingtalk.config.ip,
        'X-Hmac-Auth-MAC': RailsDingtalk.config.mac
      }
+      result = [
+        method,
+        headers[:'X-Hmac-Auth-Timestamp'],
+        headers[:'X-Hmac-Auth-Nonce'],
+        path
+      ]
+      result << params.to_query if params.present?
+      signature = OpenSSL::HMAC.digest('SHA256', app.app_secret, result.join("\n"))
+      headers.merge! 'X-Hmac-Auth-Signature': Base64.strict_encode64(signature)
    end
    protected
    def with_access_token(params = {}, tries = 2)
-      yield params.merge!(
+      yield params
-        accessKey: app.app_key,
-        secretKey: app.app_secret
-      )
    rescue => e
      Rails.logger.debug e.full_message
      retry unless (tries -= 1).zero?

--- a/app/apis/dingtalk/http_client.rb
+++ b/app/apis/dingtalk/http_client.rb
@@ -22,7 +22,12 @@ module Dingtalk
      headers['Content-Type'] ||= 'application/json'
      url = base + path
-      response = @http.with_headers(headers).post(url, params: params, body: payload)
+      opts = {
+        params: params
+      }
+      opts.merge!(body: payload) if payload.present?
+      response = @http.with_headers(headers).post(url, **opts)
      parse_response(response, options[:as])
    end

--- a/app/models/dingtalk/model/app/saas_app.rb
+++ b/app/models/dingtalk/model/app/saas_app.rb
@@ -16,7 +16,7 @@ module Dingtalk
    end
    def generate_user(code)
-      binding.b
+      api.token
    end
  end

--- a/lib/rails_dingtalk/config.rb
+++ b/lib/rails_dingtalk/config.rb
@@ -5,10 +5,12 @@ module RailsDingtalk
    config.httpx = {
      ssl: {
        verify_mode: OpenSSL::SSL::VERIFY_NONE
+      },
+      debug: STDERR,
+      debug_level: -1
    }
-    }
+    config.ip = '127.0.0.1'
-    config.ip = '192.168.0.1'
+    config.mac = '78:7b:8a:dd:94:cc'
-    config.mac = 'fa:16:3e:27:49:91'
  end
 end