wx
/
wechat
mirror of https://github.com/silenceper/wechat.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223
							package oauth

import (
	"encoding/json"
	"fmt"
	"net/url"

	"github.com/silenceper/wechat/v2/util"
	"github.com/silenceper/wechat/v2/work/context"
)

// Oauth auth
type Oauth struct {
	*context.Context
}

var (
	// oauthTargetURL 企业微信内跳转地址
	oauthTargetURL = "https://open.weixin.qq.com/connect/oauth2/authorize?appid=%s&redirect_uri=%s&response_type=code&scope=snsapi_base&state=STATE#wechat_redirect"
	// oauthTargetURL 企业微信内跳转地址(获取成员的详细信息)
	oauthTargetPrivateURL = "https://open.weixin.qq.com/connect/oauth2/authorize?appid=%s&redirect_uri=%s&response_type=code&scope=snsapi_privateinfo&agentid=%s&state=STATE#wechat_redirect"
	// oauthUserInfoURL 获取用户信息地址
	oauthUserInfoURL = "https://qyapi.weixin.qq.com/cgi-bin/user/getuserinfo?access_token=%s&code=%s"
	// oauthQrContentTargetURL 构造独立窗口登录二维码
	oauthQrContentTargetURL = "https://open.work.weixin.qq.com/wwopen/sso/qrConnect?appid=%s&agentid=%s&redirect_uri=%s&state=%s"
	// getUserInfoURL 获取访问用户身份&获取用户登录身份
	getUserInfoURL = "https://qyapi.weixin.qq.com/cgi-bin/auth/getuserinfo?access_token=%s&code=%s"
	// getUserDetailURL 获取访问用户敏感信息
	getUserDetailURL = "https://qyapi.weixin.qq.com/cgi-bin/auth/getuserdetail?access_token=%s"
	// getTfaInfoURL 获取用户二次验证信息
	getTfaInfoURL = "https://qyapi.weixin.qq.com/cgi-bin/auth/get_tfa_info?access_token=%s"
	// tfaSuccURL 使用二次验证
	tfaSuccURL = "https://qyapi.weixin.qq.com/cgi-bin/user/tfa_succ?access_token=%s"
)

// NewOauth new init oauth
func NewOauth(ctx *context.Context) *Oauth {
	return &Oauth{
		ctx,
	}
}

// GetTargetURL 获取授权地址
func (ctr *Oauth) GetTargetURL(callbackURL string) string {
	// url encode
	return fmt.Sprintf(
		oauthTargetURL,
		ctr.CorpID,
		url.QueryEscape(callbackURL),
	)
}

// GetTargetPrivateURL 获取个人信息授权地址
func (ctr *Oauth) GetTargetPrivateURL(callbackURL string, agentID string) string {
	// url encode
	return fmt.Sprintf(
		oauthTargetPrivateURL,
		ctr.CorpID,
		url.QueryEscape(callbackURL),
		agentID,
	)
}

// GetQrContentTargetURL 构造独立窗口登录二维码
func (ctr *Oauth) GetQrContentTargetURL(callbackURL string) string {
	// url encode
	return fmt.Sprintf(
		oauthQrContentTargetURL,
		ctr.CorpID,
		ctr.AgentID,
		url.QueryEscape(callbackURL),
		util.RandomStr(16),
	)
}

// ResUserInfo 返回得用户信息
type ResUserInfo struct {
	util.CommonError
	// 当用户为企业成员时返回
	UserID   string `json:"UserId"`
	DeviceID string `json:"DeviceId"`
	// 非企业成员授权时返回
	OpenID         string `json:"OpenId"`
	ExternalUserID string `json:"external_userid"`
}

// UserFromCode 根据code获取用户信息
func (ctr *Oauth) UserFromCode(code string) (result ResUserInfo, err error) {
	var accessToken string
	if accessToken, err = ctr.GetAccessToken(); err != nil {
		return
	}
	var response []byte
	if response, err = util.HTTPGet(fmt.Sprintf(oauthUserInfoURL, accessToken, code)); err != nil {
		return
	}
	err = json.Unmarshal(response, &result)
	if result.ErrCode != 0 {
		err = fmt.Errorf("GetUserAccessToken error : errcode=%v , errmsg=%v", result.ErrCode, result.ErrMsg)
		return
	}
	return
}

// GetUserInfoResponse 获取访问用户身份&获取用户登录身份响应
type GetUserInfoResponse struct {
	util.CommonError
	UserID         string `json:"userid"`
	UserTicket     string `json:"user_ticket"`
	OpenID         string `json:"openid"`
	ExternalUserID string `json:"external_userid"`
}

// GetUserInfo 获取访问用户身份&获取用户登录身份
// @see https://developer.work.weixin.qq.com/document/path/90213 获取访问用户身份
// @see https://developer.work.weixin.qq.com/document/path/98176 获取用户登录身份
func (ctr *Oauth) GetUserInfo(code string) (*GetUserInfoResponse, error) {
	var (
		accessToken string
		err         error
	)
	if accessToken, err = ctr.GetAccessToken(); err != nil {
		return nil, err
	}
	var response []byte
	if response, err = util.HTTPGet(fmt.Sprintf(getUserInfoURL, accessToken, code)); err != nil {
		return nil, err
	}
	result := &GetUserInfoResponse{}
	err = util.DecodeWithError(response, result, "GetUserInfo")
	return result, err
}

// GetUserDetailRequest 获取访问用户敏感信息请求
type GetUserDetailRequest struct {
	UserTicket string `json:"user_ticket"`
}

// GetUserDetailResponse 获取访问用户敏感信息响应
type GetUserDetailResponse struct {
	util.CommonError
	UserID  string `json:"userid"`
	Gender  string `json:"gender"`
	Avatar  string `json:"avatar"`
	QrCode  string `json:"qr_code"`
	Mobile  string `json:"mobile"`
	Email   string `json:"email"`
	BizMail string `json:"biz_mail"`
	Address string `json:"address"`
}

// GetUserDetail 获取访问用户敏感信息
// @see https://developer.work.weixin.qq.com/document/path/95833
func (ctr *Oauth) GetUserDetail(req *GetUserDetailRequest) (*GetUserDetailResponse, error) {
	var (
		accessToken string
		err         error
	)
	if accessToken, err = ctr.GetAccessToken(); err != nil {
		return nil, err
	}
	var response []byte
	if response, err = util.PostJSON(fmt.Sprintf(getUserDetailURL, accessToken), req); err != nil {
		return nil, err
	}
	result := &GetUserDetailResponse{}
	err = util.DecodeWithError(response, result, "GetUserDetail")
	return result, err
}

// GetTfaInfoRequest 获取用户二次验证信息请求
type GetTfaInfoRequest struct {
	Code string `json:"code"`
}

// GetTfaInfoResponse 获取用户二次验证信息响应
type GetTfaInfoResponse struct {
	util.CommonError
	UserID  string `json:"userid"`
	TfaCode string `json:"tfa_code"`
}

// GetTfaInfo 获取用户二次验证信息
// @see https://developer.work.weixin.qq.com/document/path/99499
func (ctr *Oauth) GetTfaInfo(req *GetTfaInfoRequest) (*GetTfaInfoResponse, error) {
	var (
		accessToken string
		err         error
	)
	if accessToken, err = ctr.GetAccessToken(); err != nil {
		return nil, err
	}
	var response []byte
	if response, err = util.PostJSON(fmt.Sprintf(getTfaInfoURL, accessToken), req); err != nil {
		return nil, err
	}
	result := &GetTfaInfoResponse{}
	err = util.DecodeWithError(response, result, "GetTfaInfo")
	return result, err
}

// TfaSuccRequest 使用二次验证请求
type TfaSuccRequest struct {
	UserID  string `json:"userid"`
	TfaCode string `json:"tfa_code"`
}

// TfaSucc 使用二次验证
// @see https://developer.work.weixin.qq.com/document/path/99500
func (ctr *Oauth) TfaSucc(req *TfaSuccRequest) error {
	var (
		accessToken string
		err         error
	)
	if accessToken, err = ctr.GetAccessToken(); err != nil {
		return err
	}
	var response []byte
	if response, err = util.PostJSON(fmt.Sprintf(tfaSuccURL, accessToken), req); err != nil {
		return err
	}
	return util.DecodeWithCommonError(response, "TfaSucc")
}