前端主要参考:2、3两步。
--0,公众号配置
服务器搭nginx,配置https
用阿里云免费SSL,下载nginx密钥对,放到/usr/local/nginx/conf/cert,解压
客户端命令:scp -P 22000 XXX.zip root@XXX.com:/usr/local/nginx/conf/cert
服务器命令:
cd /usr/local/nginx/conf/cert
unzip 文件.zip ./
rm -f 文件.zip
修改nginx配置文件:
服务器命令:vim /usr/local/nginx/conf/nginx.conf
加一组配置( location / 是另一个服务代理,不用考虑):
server {
listen 443 ssl;
server_name XXX.cn;
root html;
#ssl on;
index index.html index.htm;
ssl_certificate cert/5498626_relo-cf.risun-tec.cn.pem;
ssl_certificate_key cert/5498626_relo-cf.risun-tec.cn.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
client_max_body_size 50M;
location /CloudFilm {
index index.html index.htm;
}
location / {
proxy_pass https:/XXX:8444;
proxy_set_header HOST $host;
proxy_set_header X-Real-IP $remote_addr;
rewrite /cloud(.*) $1 break;
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Origin' '*';
}
}
保存
校验配置
命令:
/usr/local/nginx/sbin/nginx -t
结果:
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
重载配置:
命令:
/usr/local/nginx/sbin/nginx -s reload
重启nginx:
命令:
systemctl restart nginx.service
公众号配置, 账号详情,功能设置,添加:
业务域名:XXX.cn/CloudFilm
JS接口安全域名:XXX.cn/CloudFilm
网页授权域名:XXX.cn/CloudFilm
将MP_verify_bJ7y2PqBsJMeQwMU.txt文件放到/usr/local/nginx/html/CloudFilm目录下:
服务端命令:
cd /usr/local/nginx/html/
mkdir CloudFilm
客户端命令:
scp -P 22000 D:/MP_verify_bJ7y2PqBsJMeQwMU.txt root@relo-med.com:/usr/local/nginx/html/CloudFilm
在ClodeFilm目录下放个index.html 用于接code值
命令:
cd /usr/local/nginx/html/CloudFilm
touch index.html
内容:
<!DOCTYPE html>
<html>
<head></head>
<body>
<p id='wechar_code'></p>
</body>
</html>
<script>
function getQueryString(name){
var reg = new RegExp("(^|&)" + name + "=([^&]*)(&|$)", "i");
var r = window.location.search.substr(1).match(reg);
if (r != null) return unescape(r[2]); return null;
}
var code = getQueryString("code")
document.getElementById("wechar_code").innerHTML=code;
</script>
-- 1,获取Access_token(直接取需要白名单,后端适用,前端不适用)
curl -X GET -i "https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=XXX&secret=XXX"
结果如:
{"access_token":"XXX","expires_in":7200}
-- 2,无需授权直接取code (https微信里打开),code5分钟有效期,只能使用一次。
https://open.weixin.qq.com/connect/oauth2/authorize?appid=wx205dXXX&redirect_uri=https://www.qed-cloud.com/test.html&response_type=code&scope=snsapi_base&state=0#wechat_redirect
结果如:041sE1000PsFOL1VfU200Ll8c83sE105
-- 3,通过code换取网页授权access_token
https://api.weixin.qq.com/sns/oauth2/access_token?appid=wx205dXXX&secret=ac043cXXX&code=051aT00w3Fe5GX2UwH2w3uBUZy2aT00a&grant_type=authorization_code
结果如:
(expires_in 是有效时间,单位为秒,openid":"U6ZMqGBNYUk6Ik",同一个微信号 openid一样)
{"access_token":"45_7q_ckkm_I1qpnkbbfHsKIxNkOs1ZXTje0dCu15HhKnLtNnozTgoD1w","expires_in":7200,"refresh_token":"45_Zp5mDagLE9CO--hu3pXzOBqVq8RakL_VRlZGNSL_RZer1hHL2etsQZiDcEnMGcr","openid":"U6ZMqGBNYUk6Ik","scope":"snsapi_base"}
{"access_token":"45_VilYcXRT1zbvkCTOiw-ltdb1CmLxqvfYeSC05EzrYxlHogpnsNttA","expires_in":7200,"refresh_token":"45_LUczf6ewAm0EAETIVkQE5sik9LGVqVF5dqg8_5NrY_hMt7YRBXZRW_M2Y3ShzypNusI5nE-tN","openid":"U6ZMqGBNYUk6Ik","scope":"snsapi_base"}