diff --git a/app/api/v1/cps_redirect.py b/app/api/v1/cps_redirect.py index 5270586..ee7aa0b 100644 --- a/app/api/v1/cps_redirect.py +++ b/app/api/v1/cps_redirect.py @@ -79,7 +79,7 @@ def cps_landing(code: str, request: Request, db: Session = Depends(get_db)): openid = request.cookies.get(_WX_OPENID_COOKIE) # 微信内 + 还没拿到 openid + 配了服务号 → 先 base 静默授权拿 openid,再 302 回本页。 # 非微信 / 已有 cookie / 未配服务号 → 直接走原逻辑(openid 可能为 None,绝不阻断领券)。 - if openid is None and settings.wx_mp_configured and _is_wechat(request): + if openid is None and settings.wx_oauth_active and _is_wechat(request): redirect_uri = f"{settings.CPS_REDIRECT_BASE.rstrip('/')}/wx/oauth/cb" auth_url = wx_oauth.build_authorize_url(redirect_uri, "snsapi_base", f"base:{code}") return RedirectResponse(auth_url, status_code=302) @@ -147,7 +147,7 @@ def _taobao_landing_html( """ safe_img = html.escape(media.to_abs_media_url(image_url) or image_url, quote=True) uinfo_url = "" - if openid and not has_uinfo and settings.wx_mp_configured: + if openid and not has_uinfo and settings.wx_oauth_active: redirect_uri = f"{settings.CPS_REDIRECT_BASE.rstrip('/')}/wx/oauth/cb" uinfo_url = wx_oauth.build_authorize_url(redirect_uri, "snsapi_userinfo", f"uinfo:{code}") return ( diff --git a/app/core/config.py b/app/core/config.py index 8862476..76621e1 100644 --- a/app/core/config.py +++ b/app/core/config.py @@ -100,12 +100,20 @@ class Settings(BaseSettings): # ⚠️ 区别于 WECHAT_APP_ID(那是 App 移动应用,用于微信支付);这是【已认证服务号】。 WX_MP_APPID: str = "" WX_MP_SECRET: str = "" + # 落地页微信网页授权【总开关】。默认关:服务号认证审核中/未就绪时,落地页走原逻辑 + # (不跳授权、不拿 openid),整套微信代码保留。审核通过后 .env 置 true + 重启即启用,无需改代码。 + WX_MP_OAUTH_ENABLED: bool = False @property def wx_mp_configured(self) -> bool: """服务号网页授权凭证齐全(缺则落地页不发起授权,降级为无 openid)。""" return bool(self.WX_MP_APPID and self.WX_MP_SECRET) + @property + def wx_oauth_active(self) -> bool: + """落地页是否真正发起微信授权 = 凭证齐全 且 总开关开。""" + return self.wx_mp_configured and self.WX_MP_OAUTH_ENABLED + # ===== 微信支付(商家转账到零钱 / 提现)===== # 真实凭证放 .env(已 gitignore),证书 .pem 放 secrets/。WECHAT_APP_ID 同时用于 # 微信登录(code 换 openid)与转账,必须与 App 端开放平台 appid 一致。