- 求教node接入同城配送后,确定对称密钥和非对称秘钥都是正确的,却还是报签名错误(40234)?
node后台接入微信小程序的同城配送,调用查询支持同城配送的城市,但是需要进行加密和签名,我确定我已经更新了小程序后台的api安全的对称密钥和非对称秘钥。并且下载了私钥。获取到了加密数据和签名,但请求的时候还是报错,显示40234. [图片]
04-03 - node同城配送,确定自己的对称密钥和非对称秘钥是成双成对的,并且重新下载了私钥,但还是40234?
我已经通过官方示例,通过node进行api请求处理,确定自己的对称密钥和非对称秘钥是成双成对的,并且重新下载了私钥,但查询支持同城配送的接口还是40234?签名错误? appid:wx9434881c3a7c5a18 { errcode: 40234, errmsg: 'invalid signature rid: 660bb58c-293e87e8-7569d0aa' }
04-02 - 同城配送,查询支持同城配送的城市,接口返回40240,显示超时的数据?这是为什么呢?
{ errcode: 40240, errmsg: 'Wechatmp-TimeStamp expired rid: 660b6bf3-18e58e6d-57ac41a7' } 通过API安全后台获取的对称密钥,加密已实现,使用API请求处理中的签名时,用的是文档中的私钥,加密中的timestamp 与 请求中的 Wechatmp-TimeStamp 一致,[图片] 此处是加密的数据 { req_ts: 1712024563534, req_data: '{"iv":"zoLQUS7fTHhCqelV","data":"qR5be36ZoQu4qgUjUW3+Vx60uGVbkeX1i3etswAF7w45j/fi8JV2b8rJwpTs1wqaRceSUswcpH1ZRSc5T4wUUHLna2NL1cCktDoWc3vggITCmnbihVihpsMSfWy6YOOFFL7hV0cJIPuK62rIkbGJU05CdINPRh/RoK2O79GC","authtag":"PL/raX2I66tDab3WxpEa6g=="}' }
04-02 - 使用同城配送功能,node接入api加密签名后,调用查询支持同城配送的城市报错47001?
db.js var mysql = require('mysql'); var dbConfig = require('./db.config'); var connection = mysql.createPool(dbConfig); module.exports = { wx: { // 微信 _appid: 'wx943**', // 微信小程序id _mchid: '1637*****', // 商户id _secret: 'b959f1520e07fa7d5e9707aa4d1f874', // 微信小程序密钥 _service_trans_id: 'DADA', // 使用达达快送,或者顺丰同城 _AES256_GCM_Sn: 'fb0f63ade7cd99a89c1358********7', // 对称秘钥编号 _AES256_GCM_Key: 'O8Qe2v0Rbo55A5NJ0s2r3X0********aF5Aoc=', // 对称秘钥明文 _RSAwithSHA256_Sn: *********969972f4f0d909e359534', // 非对称秘钥编号 _RSAwithSHA256_Key: "-----BEGIN PUBLIC KEY-----\nM******************CAQEA49YRS/qTTBg754DT+3pl\nsHjbOfygHJN2ihfQOlin5zrfupQX6fVo5f+cdwMFL9Vk/NaCpT9WnozziL4M/fJf\n4rmUn8FNsmUS+xm7wvmsJSWQxyMeHsq08axJV29oQ+OTrnfWpwQdsOXRaqQ5I+tT\nLkKZR82ApkgPSYXb+yuFBmN1I6F++DtuHesBszjDkSqLGLL6zU1sbXv3IZS6QtW+\ny6N9co/rWl152RTOjqajs0LFHDgAhtLS1pAPjUmcPDb0fGolzq9+tZt7+lgFELcY\nUYBLaubb+D3Xgb0/W6pildW8EYgGkX+yx4PRq2WQQMRdk1+INmuRUVblEjPm2cDU\nBwIDAQAB\n-----END PUBLIC KEY-----", // 非对称秘钥明文 node接口调用代码 我是通过小程序点击事件想要查询支持同城配送的城市,但是报错提示为 { errcode: 47001, errmsg: 'data format error detail: [json错误] rid: 660a1e30-1fb6f74b-724a4b0f' } 下边是我接口调用代码 // wx-用户信息 var express = require('express'); var router = express.Router(); var unit = require('../../unit/unit') var signature = require('../../wxSignature/signature') var { getData } = unit var db = require("../../db"); //引入数据库封装模块 var { axiosGet, axiosPost } = unit; var { getRequestEncryption, getResponseSignature } = signature; // wx_查询支持同城配送的城市 router.get('/city/distribution/get', async (req, res) => { let { iv, encryptedData, code } = req.body let list = await axiosGet(`https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=${db.wx._appid}&secret=${db.wx._secret}`,); console.log(list.data.access_token); let ctx1 = { local_sym_key: db.wx._AES256_GCM_Key, local_sym_sn: db.wx._AES256_GCM_Sn, local_appid: db.wx._appid, url_path: "https://api.weixin.qq.com/cgi-bin/express/intracity/getcity" }; let reqs1 = { service_trans_id: db.wx._service_trans_id, } let requestEncryption = getRequestEncryption(ctx1, reqs1); let ctx2 = { local_private_key: db.wx._RSAwithSHA256_Key, local_sn: db.wx._RSAwithSHA256_Sn, local_appid: db.wx._appid, url_path: "https://api.weixin.qq.com/cgi-bin/express/intracity/getcity" }; let reqs2 = requestEncryption let responseSignature = getResponseSignature(reqs2) let datas = await axiosPost(`https://api.weixin.qq.com/cgi-bin/express/intracity/getcity?access_token=${list.data.access_token}`, responseSignature, { 'Content-Type': "application/json;charset=utf-8", 'Accept': "application/json" } ); console.log(datas.data); // { // errcode: 47001, // errmsg: 'data format error detail: [json错误] rid: 660a1e30-1fb6f74b-724a4b0f' // } }) module.exports = router; 下边是signature.js // AES256_GCM // 服务端api签名指南 const crypto = require("crypto") var db = require("../db"); //引入数据库封装模块 module.exports = { // 获取请求加密 getRequestEncryption: function (ctx, req) { function getNewReq(ctx, req) { const { local_sym_key, local_sym_sn, local_appid, url_path } = ctx // 开发者本地信息 const local_ts = Math.floor(Date.now() / 1000) //加密签名使用的统一时间戳 const nonce = crypto.randomBytes(16).toString('base64').replace(/=/g, '') const reqex = { _n: nonce, _appid: local_appid, _timestamp: local_ts } const real_req = Object.assign({}, reqex, req) // 生成并添加安全校验字段 const plaintext = JSON.stringify(real_req) const aad = `${url_path}|${local_appid}|${local_ts}|${local_sym_sn}` const real_key = Buffer.from(local_sym_key, "base64") const real_iv = crypto.randomBytes(12) const real_aad = Buffer.from(aad, "utf-8") const real_plaintext = Buffer.from(plaintext, "utf-8") const cipher = crypto.createCipheriv("aes-256-gcm", real_key, real_iv) cipher.setAAD(real_aad) let cipher_update = cipher.update(real_plaintext) let cipher_final = cipher.final() const real_ciphertext = Buffer.concat([cipher_update, cipher_final]) const real_authTag = cipher.getAuthTag() const iv = real_iv.toString("base64") const data = real_ciphertext.toString("base64") const authtag = real_authTag.toString("base64") const req_data = { iv, data, authtag, } const new_req = { req_ts: local_ts, req_data: JSON.stringify(req_data) } return new_req } var ctx = ctx var req = req let res = getNewReq(ctx, req) return res }, // 获取请求签名 getResponseSignature: function async(reqs) { // 仅做演示,敏感信息请勿硬编码 function getCtx() { let ctx = { local_private_key: db.wx._AES256_GCM_Key, local_sn: db.wx._AES256_GCM_Sn, local_appid: db.wx._appid, url_path: "https://api.weixin.qq.com/wxa/getuserriskrank" } return ctx } function getReq() { let req = reqs return req } function getSignature(ctx, req) { const { local_private_key, local_sn, local_appid, url_path } = ctx // 开发者本地信息 const { req_ts, req_data } = req // 待请求API数据 const payload = `${url_path}\n${local_appid}\n${req_ts}\n${req_data}` const data_buffer = Buffer.from(payload, 'utf-8') const key_obj = { key: local_private_key, padding: crypto.constants.RSA_PKCS1_PSS_PADDING, saltLength: crypto.constants.RSA_PSS_SALTLEN_DIGEST // salt长度,需与SHA256结果长度(32)一致 } const sig_buffer = ss_buffer = crypto.Sign( 'RSA-SHA256', data_buffer, key_obj ) const sig = sig_buffer.toString('base64') return sig /* 最终请求头字段 { "Wechatmp-Appid": local_appid, "Wechatmp-TimeStamp": req_ts, "Wechatmp-Signature": sig, } */ } const ctx = getCtx() const req = getReq() let ress = getSignature(ctx, req) return ress }, } 下边是封装的post方法 var db = require("../db"); //引入数据库封装模块 //文件路由处理函数 const fs = require('fs') const path = require('path') const { default: axios } = require("axios"); module.exports = { // 封装get请求 axiosGet: async function (url, params, headers) { return new Promise((resolve, reject) => { axios .get(url, params, { headers: headers ? headers : {} } ) .then(res => { resolve(res); }) .catch(err => { reject(err); }); }); }, // 封装post请求方法 axiosPost: async function (url, params, headers) { return new Promise((resolve, reject) => { axios .post(url, params, { headers: headers ? headers : {} } ) .then(res => { resolve(res); }) .catch(err => { reject(err); }); }); }, } 请加一下大佬这个错误的解决方法,还是说我请求签名加密的逻辑就有问题? { errcode: 47001, errmsg: 'data format error detail: [json错误] rid: 660a1e30-1fb6f74b-724a4b0f' }
04-01 - 设置了扫普通链接二维码打开小程序,扫码解析了二维码的内容,不知道为什么没有跳转到小程序?
[图片] [图片] [图片] [图片]
02-01 - 小程序发布了开发版本,设置的体验人员无法访问,只有开发可以访问?
本地调试器可以访问,而且配置了合法域名, 取消了不校验合法域名,也是可以访问的
2023-02-03 - 小程序已经接入了微信支付 但是退款提示48001,?
https://api.weixin.qq.com/shop/pay/refundorder?access_token=65_UKnSdqiLOUz-JKpnlgQJjVZO2VnlTPB0YpSAW1khMMqVMCI-iJ0uKe_wixdZJDIdQjvpi-cf5zHWrxFfMHHjUamMflzD8jO_iOWTOsAGklZE5Agp7zXdf7upiB8YONfAAARHG { openid: 'okaQK5BnL1VoWpOX1vgyDSZK7Wdo', mchid: '1637410212', transaction_id: '4200001716202302022261338651', trade_no: '20230202111902439729', refund_no: '20230202113458115197', reason: '测试', total_amount: 0.01, refund_amount: 0.01, amount: { refund: 0.01, total: 0.01, currency: 'CNY' } } [图片] 如何开启权限呢?支付功能是可以的,已绑定商家号什么的。但是退款显示48001
2023-02-02 - 微信开发工具json文件引入第三方组件报错?
已经发布了体验版,后续更改的时候又引入了第三方库的组件(使用的是tdesign),并且构建了npm,删除了node包和miniprogran_npm,重新编译npm i 但是依旧报错。 报错信息:[ pages/orderFrom/orderFrom.json 文件内容错误] pages/orderFrom/orderFrom.json: ["usingComponents"]["t-tab-panel"]: "tdesign-miniprogram/tab-panel/tab-panel" 未找到(env: Windows,mp,1.06.2209190; lib: 2.29.1) [图片]
2023-02-01 - 配置了合法域名 ,却报错显示不在request合法域名中?
[图片]
2023-01-31 - 为什么发布了体验版本,配置了合法域名,但是一直显示的只有适配的页面?
为什么发布了体验版本,配置了合法域名,但是一直显示的只有适配的页面?在微信开发者工具中是正常的
2023-01-31