那些微不足道，却影响体验的微信后端细节

2023-11-09 10:52:26

微信后端开发指南：深入浅出详解核心功能

获取Access_token

Access_token是微信公众平台的通行证，用于调用各种接口。它的有效期为两小时，需要定期刷新。

const request = require('request');

const appId = 'your-app-id';
const appSecret = 'your-app-secret';

const getToken = async () => {
  const response = await request.get(`https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=${appId}&secret=${appSecret}`);
  const data = JSON.parse(response.body);
  return data.access_token;
};

获取api_ticket

api_ticket是用于调用微信JS接口的临时票据。它的有效期也为两小时，需要及时刷新。

const getTicket = async (token) => {
  const response = await request.get(`https://api.weixin.qq.com/cgi-bin/ticket/getticket?access_token=${token}&type=jsapi`);
  const data = JSON.parse(response.body);
  return data.ticket;
};

获取signature

signature是调用微信JS接口的签名，它的有效期为五分钟。

const crypto = require('crypto');

const getSignature = async (token, ticket, url) => {
  const timestamp = Date.now();
  const nonce = Math.random().toString(36).substr(2, 15);
  const string1 = `jsapi_ticket=${ticket}&noncestr=${nonce}&timestamp=${timestamp}&url=${url}`;
  const signature = crypto.createHash('sha1').update(string1).digest('hex');
  return {
    appId,
    timestamp,
    nonce,
    signature,
  };
};

注入权限验证配置

权限验证配置用于将公众号JS接口的权限验证配置注入到网页中。

const ejs = require('ejs');
const fs = require('fs');

const template = fs.readFileSync('./template.ejs', 'utf-8');
const html = ejs.render(template, {
  appId,
  timestamp,
  nonce,
  signature,
});

fs.writeFileSync('./index.html', html);

获取小程序用户的openid

小程序用户的openid是小程序用户的唯一标识。需要在用户授权后才能获取。

const getOpenid = async (code) => {
  const response = await request.get(`https://api.weixin.qq.com/sns/jscode2session?appid=${appId}&secret=${appSecret}&js_code=${code}&grant_type=authorization_code`);
  const data = JSON.parse(response.body);
  return data.openid;
};