钉钉回调消息对接
Thinkphp5对接钉钉
<?php namespace dingding; /** * PHP7.1及其之上版本的回调加解密类库 * 该版本依赖openssl_encrypt方法加解密,注意版本依赖 (PHP 5 >= 5.3.0, PHP 7) */ class DingCallbackCrypto { /** * @param token 钉钉开放平台上,开发者设置的token * @param encodingAesKey 钉钉开放台上,开发者设置的EncodingAESKey * @param corpId 企业自建应用-事件订阅, 使用appKey * 企业自建应用-注册回调地址, 使用corpId * 第三方企业应用, 使用suiteKey */ private $m_token; private $m_encodingAesKey; private $m_corpId; //注意这里修改为构造函数 function __construct($token, $aes_key, $appkey) { $this->m_token = $token; $this->m_encodingAesKey = $aes_key; $this->m_corpId = $appkey; } public function getEncryptedMap($plain){ $timeStamp = time(); $pc = new Prpcrypt($this->m_encodingAesKey); $nonce= $pc->getRandomStr(); return $this->getEncryptedMapDetail($plain, $timeStamp, $nonce); } /** * 加密回调信息 */ public function getEncryptedMapDetail($plain, $timeStamp, $nonce) { $pc = new Prpcrypt($this->m_encodingAesKey); $array = $pc->encrypt($plain, $this->m_corpId); $ret = $array[0]; if ($ret != 0) { //return $ret; return ['ErrorCode'=>$ret, 'data' => '']; //throw new Exception('AES加密错误',ErrorCode::$EncryptAESError); } if ($timeStamp == null) { $timeStamp = time(); } $encrypt = $array[1]; $sha1 = new SHA1; $array = $sha1->getSHA1($this->m_token, $timeStamp, $nonce, $encrypt); $ret = $array[0]; if ($ret != 0) { return $ret; // throw new Exception('ComputeSignatureError',ErrorCode::$ComputeSignatureError); } $signature = $array[1]; $encryptMsg = json_encode(array( "msg_signature" => $signature, "encrypt" => $encrypt, "timeStamp" => $timeStamp, "nonce" => $nonce )); return $encryptMsg; } /** * 解密回调信息 */ public function getDecryptMsg($signature, $timeStamp = null, $nonce, $encrypt) { if (strlen($this->m_encodingAesKey) != 43) { //return ErrorCode::$IllegalAesKey; return ['ErrorCode'=>ErrorCode::$IllegalAesKey, 'data' => '']; //throw new Exception('IllegalAesKey',ErrorCode::$IllegalAesKey); } $pc = new Prpcrypt($this->m_encodingAesKey); if ($timeStamp == null) { $timeStamp = time(); } $sha1 = new SHA1; $array = $sha1->getSHA1($this->m_token, $timeStamp, $nonce, $encrypt); $ret = $array[0]; if ($ret != 0) { //return $ret; return ['ErrorCode'=>$ret, 'data' => '']; //throw new Exception('ComputeSignatureError',ErrorCode::$ComputeSignatureError); } $verifySignature = $array[1]; if ($verifySignature != $signature) { //return ErrorCode::$ValidateSignatureError; return ['ErrorCode'=>ErrorCode::$ValidateSignatureError, 'data' => '']; //throw new Exception('ValidateSignatureError',ErrorCode::$ValidateSignatureError); } $result = $pc->decrypt($encrypt, $this->m_corpId); if ($result[0] != 0) { //return $result[0]; return ['ErrorCode'=>$result[0], 'data' => '']; //throw new Exception('DecryptAESError',ErrorCode::$DecryptAESError); } $decryptMsg = $result[1]; //return ErrorCode::$OK; return $decryptMsg; } } class SHA1 { public function getSHA1($token, $timestamp, $nonce, $encrypt_msg) { try { $array = array($encrypt_msg, $token, $timestamp, $nonce); sort($array, SORT_STRING); $str = implode($array); return array(ErrorCode::$OK, sha1($str)); } catch (Exception $e) { print $e . "\n"; return array(ErrorCode::$ComputeSignatureError, null); } } } /** * error code 说明. * <ul> * <li>-900004: encodingAesKey 非法</li> * <li>-900005: 签名验证错误</li> * <li>-900006: sha加密生成签名失败</li> * <li>-900007: aes 加密失败</li> * <li>-900008: aes 解密失败</li> * <li>-900010: suiteKey 校验错误</li> * </ul> */ class ErrorCode { public static $OK = 0; public static $IllegalAesKey = 900004; public static $ValidateSignatureError = 900005; public static $ComputeSignatureError = 900006; public static $EncryptAESError = 900007; public static $DecryptAESError = 900008; public static $ValidateSuiteKeyError = 900010; } class PKCS7Encoder { public static $block_size = 32; function encode($text) { $block_size = PKCS7Encoder::$block_size; $text_length = strlen($text); $amount_to_pad = PKCS7Encoder::$block_size - ($text_length % PKCS7Encoder::$block_size); if ($amount_to_pad == 0) { $amount_to_pad = PKCS7Encoder::block_size; } $pad_chr = chr($amount_to_pad); $tmp = ""; for ($index = 0; $index < $amount_to_pad; $index++) { $tmp .= $pad_chr; } return $text . $tmp; } function decode($text) { $pad = ord(substr($text, -1)); if ($pad < 1 || $pad > PKCS7Encoder::$block_size) { $pad = 0; } return substr($text, 0, (strlen($text) - $pad)); } } class Prpcrypt { public $key; function __construct($k){//这个方法很关键 $this->key = base64_decode($k . "="); } /**function Prpcrypt($k) { $this->key = base64_decode($k . "="); }**/ public function encrypt($text, $corpid) { try { //获得16位随机字符串,填充到明文之前 $random = $this->getRandomStr(); $text = $random . pack("N", strlen($text)) . $text . $corpid; //$this->key = base64_decode('GJkRbBVD8PPn86587aCNRmkvbWs4COxbyjqSMX9LOhE' . "="); $iv = substr($this->key, 0, 16); // 网络字节序 // $size = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC); // $module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, ''); //使用自定义的填充方式对明文进行补位填充 $pkc_encoder = new PKCS7Encoder; $text = $pkc_encoder->encode($text); // mcrypt_generic_init($module, $this->key, $iv); // //加密 // $encrypted = mcrypt_generic($module, $text); // mcrypt_generic_deinit($module); // mcrypt_module_close($module); $encrypted = openssl_encrypt($text, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv ); //print(base64_encode($encrypted)); //使用BASE64对加密后的字符串进行编码 return array(ErrorCode::$OK, base64_encode($encrypted)); } catch (Exception $e) { print $e; return array(ErrorCode::$EncryptAESError, null); } } public function decrypt($encrypted, $corpid) { try { $ciphertext_dec = base64_decode($encrypted); // $module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, ''); $iv = substr($this->key, 0, 16); // mcrypt_generic_init($module, $this->key, $iv); // $decrypted = mdecrypt_generic($module, $ciphertext_dec); // mcrypt_generic_deinit($module); // mcrypt_module_close($module); $decrypted = openssl_decrypt ( $ciphertext_dec, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv ); // return $decrypted; } catch (Exception $e) { return array(ErrorCode::$DecryptAESError, null); } try { //去除补位字符 $pkc_encoder = new PKCS7Encoder; $result = $pkc_encoder->decode($decrypted); //去除16位随机字符串,网络字节序和AppId if (strlen($result) < 16) return ""; $content = substr($result, 16, strlen($result)); $len_list = unpack("N", substr($content, 0, 4)); $xml_len = $len_list[1]; $xml_content = substr($content, 4, $xml_len); $from_corpid = substr($content, $xml_len + 4); } catch (Exception $e) { print $e; return array(ErrorCode::$DecryptAESError, null); } if ($from_corpid != $corpid) return array(ErrorCode::$ValidateSuiteKeyError, null); return array(0, $xml_content); } function getRandomStr() { $str = substr(md5(time()),8,16); return $str; } } ?>
1、将php文件复制到 /extend/dingding/DingCallbackCrypto.php 文件夹下
2、引用它
<?php namespace app\home\controller; use dingding\DingCallbackCrypto;//引用它 use think\Controller; class Index extends Controller{ /** 钉钉回调消息 **/ public function index(){ $signature = input('signature',false); $msg_signature = input('msg_signature',false); $timestamp = input('timestamp',false); $nonce = input('nonce',false); $appkey = config('dd_appkey'); $dd_token = config('dd_token'); $dd_aes_key = config('dd_aes_key'); $postStr = file_get_contents("php://input"); $post_json = json_decode($postStr,true); $DingCallbackCrypto = new DingCallbackCrypto($dd_token,$dd_aes_key,$appkey); $dd_json = $DingCallbackCrypto->getDecryptMsg($msg_signature,$timestamp,$nonce,$post_json['encrypt']);//解密 $dd_json = json_decode($dd_json,true); if($dd_json['EventType']=='check_url'){ //设置订阅事件时使用 $res = $DingCallbackCrypto->getEncryptedMap("success");//加密 echo $res; }else{ //接收订阅事件时使用 $data['detail'] = json_encode($dd_json); $data['create_time'] = date('Y-m-d H:i:s'); db('notice_event')->insert($data); } exit(); }