Compare commits
8 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 4b8ec7c539 | |||
| c97fbbad0e | |||
| 014e9a15e5 | |||
| ac8935c641 | |||
| 9eaa987a81 | |||
| 19a8310b23 | |||
| e66f7fed8c | |||
| 5271d22d24 |
@@ -32,13 +32,6 @@ HEARTBEAT_MONITOR_ENABLED=true
|
||||
HEARTBEAT_TIMEOUT_MINUTES=60
|
||||
HEARTBEAT_SCAN_INTERVAL_SEC=60
|
||||
|
||||
# ===== OPPO 推送(厂商通道直连,提现审核通过等交易类通知)=====
|
||||
# OPPO 开放平台注册应用后分配, 服务端鉴权用 AppKey + MasterSecret(≠极光 JG_*)。
|
||||
# 缺任一 → oppo_push_configured=False, 推送静默跳过(不影响审核/打款)。
|
||||
OPPO_PUSH_APP_KEY=
|
||||
OPPO_PUSH_MASTER_SECRET=
|
||||
# 可选(一般不改): OPPO_PUSH_ENABLED=true / OPPO_PUSH_REQUEST_TIMEOUT_SEC=10
|
||||
|
||||
# ===== 短信 (mock 模式) =====
|
||||
# mock = true 时,任意 6 位数字均通过,且 /sms/send 不真发短信(只 log)。
|
||||
# 后续接阿里云/腾讯云短信时,改成 false 并填供应商相关 key。
|
||||
|
||||
@@ -1,34 +0,0 @@
|
||||
"""device_liveness 加 oppo_register_id 列(OPPO 直连推送目标)
|
||||
|
||||
提现审核通过等交易类通知走 OPPO 官方推送直连(≠极光)。客户端集成 OPPO SDK 后拿到 OPPO
|
||||
registerID, 经 device/register + heartbeat 上报, 存本列; 与极光 registration_id 并列,
|
||||
一台 OPPO 设备两套 token 并存。
|
||||
|
||||
Revision ID: device_oppo_register_id
|
||||
Revises: comparison_llm_cost
|
||||
Create Date: 2026-07-15 00:00:00.000000
|
||||
|
||||
"""
|
||||
from typing import Sequence, Union
|
||||
|
||||
from alembic import op
|
||||
import sqlalchemy as sa
|
||||
|
||||
|
||||
# revision identifiers, used by Alembic.
|
||||
revision: str = 'device_oppo_register_id'
|
||||
down_revision: Union[str, Sequence[str], None] = 'comparison_llm_cost'
|
||||
branch_labels: Union[str, Sequence[str], None] = None
|
||||
depends_on: Union[str, Sequence[str], None] = None
|
||||
|
||||
|
||||
def upgrade() -> None:
|
||||
with op.batch_alter_table('device_liveness', schema=None) as batch_op:
|
||||
batch_op.add_column(
|
||||
sa.Column('oppo_register_id', sa.String(length=128), nullable=True)
|
||||
)
|
||||
|
||||
|
||||
def downgrade() -> None:
|
||||
with op.batch_alter_table('device_liveness', schema=None) as batch_op:
|
||||
batch_op.drop_column('oppo_register_id')
|
||||
@@ -37,7 +37,6 @@ from app.integrations import wxpay
|
||||
from app.models.admin import AdminUser
|
||||
from app.repositories import app_config
|
||||
from app.repositories import wallet as wallet_repo
|
||||
from app.services import push_notify
|
||||
|
||||
router = APIRouter(
|
||||
prefix="/admin/api/withdraws",
|
||||
@@ -316,9 +315,6 @@ def bulk_approve_withdraws(
|
||||
results.append(
|
||||
WithdrawBulkItemResult(out_bill_no=out_bill_no, ok=True, status=order.status)
|
||||
)
|
||||
# 审核通过 → OPPO 推送(fire-and-forget, 不阻塞批量审核; status=failed 已退款, 不推)
|
||||
if order.status != "failed":
|
||||
push_notify.notify_withdraw_approved_async(order.user_id)
|
||||
except wallet_repo.WithdrawOrderNotFound:
|
||||
db.rollback()
|
||||
results.append(
|
||||
@@ -442,9 +438,6 @@ def approve_withdraw_order(
|
||||
},
|
||||
ip=get_client_ip(request), commit=True,
|
||||
)
|
||||
# 审核通过 → OPPO 推送(fire-and-forget, 不阻塞审核响应; status=failed 是打款失败已退款, 不推)
|
||||
if order.status != "failed":
|
||||
push_notify.notify_withdraw_approved_async(order.user_id)
|
||||
return WithdrawOrderOut.model_validate(order)
|
||||
|
||||
|
||||
|
||||
@@ -0,0 +1,58 @@
|
||||
"""会话存档独立 poller → app-server 的内部信号端点(server→server, 非客户端接口)。
|
||||
|
||||
会话存档轮询在【独立进程】跑(WeWorkFinanceSdk 是 Go c-shared 库, 嵌进 app-server 会 segfault
|
||||
把主进程带崩, 见 scripts/wx_finance_poller.py)。poller 拉到美团卡片/截图后 POST 到这里, 由
|
||||
app-server 打比价信号 —— set_pending 在 app-server 进程内存, 心跳才 pop 得到, 故必须回到本进程。
|
||||
靠共享密钥头 X-Internal-Secret(== settings.INTERNAL_API_SECRET)校验;未配置 → 503。
|
||||
"""
|
||||
from __future__ import annotations
|
||||
|
||||
import hmac
|
||||
import logging
|
||||
from typing import Annotated
|
||||
|
||||
from fastapi import APIRouter, Header, HTTPException, status
|
||||
|
||||
from app.core import wx_poc_signal
|
||||
from app.core.config import settings
|
||||
from app.schemas.wx_finance import WxFinancePendingIn, WxFinancePendingOut
|
||||
|
||||
logger = logging.getLogger("shagua.internal.wx_finance")
|
||||
|
||||
router = APIRouter(prefix="/internal", tags=["internal"])
|
||||
|
||||
|
||||
def _check_secret(x_internal_secret: str | None) -> None:
|
||||
"""共享密钥校验。未配置 → 503(挡裸奔);不匹配 → 401(常量时间比较)。"""
|
||||
configured = settings.INTERNAL_API_SECRET
|
||||
if not configured:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
|
||||
detail="internal api not configured",
|
||||
)
|
||||
if not x_internal_secret or not hmac.compare_digest(x_internal_secret, configured):
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_401_UNAUTHORIZED, detail="invalid internal secret"
|
||||
)
|
||||
|
||||
|
||||
@router.post(
|
||||
"/wx-finance/pending",
|
||||
response_model=WxFinancePendingOut,
|
||||
summary="会话存档 poller 触发比价信号(独立进程→app-server, 打 set_pending)",
|
||||
)
|
||||
def wx_finance_pending(
|
||||
payload: WxFinancePendingIn,
|
||||
x_internal_secret: Annotated[str | None, Header()] = None,
|
||||
) -> WxFinancePendingOut:
|
||||
_check_secret(x_internal_secret)
|
||||
device_id = settings.WX_POC_TEST_DEVICE_ID
|
||||
if not device_id:
|
||||
logger.warning("wx_finance pending: WX_POC_TEST_DEVICE_ID 未配置, 忽略信号")
|
||||
return WxFinancePendingOut(ok=False)
|
||||
wx_poc_signal.set_pending(device_id, payload.source)
|
||||
logger.info(
|
||||
"wx_finance PoC: 已给测试设备 %s 打比价信号 source=%s (触发=%s)",
|
||||
device_id, payload.source, payload.kind,
|
||||
)
|
||||
return WxFinancePendingOut(ok=True)
|
||||
+22
-5
@@ -14,18 +14,28 @@ import logging
|
||||
from fastapi import APIRouter
|
||||
|
||||
from app.api.deps import CurrentUser, DbSession
|
||||
from app.core import wx_poc_signal
|
||||
from app.repositories import device as device_repo
|
||||
from app.schemas.device import (
|
||||
DeviceOut,
|
||||
DeviceRegisterRequest,
|
||||
HeartbeatRequest,
|
||||
HeartbeatResponse,
|
||||
LivenessAckRequest,
|
||||
LivenessOut,
|
||||
OkResponse,
|
||||
PendingCompare,
|
||||
)
|
||||
|
||||
logger = logging.getLogger("shagua.device")
|
||||
|
||||
# PoC:源平台代号 → Android 包名(前端 launch 用)。poller 按分享的小程序卡区分平台。
|
||||
# 客户端只认 source_package:用它反查平台名(弹窗"原平台")+ launch 对应 App,故新增平台只需在此登记包名。
|
||||
_SOURCE_PACKAGES = {
|
||||
"meituan": "com.sankuai.meituan",
|
||||
"jd": "com.jingdong.app.mall", # 京东主 App(含京东秒送/外卖),后端 intent skill=jd_waimai
|
||||
}
|
||||
|
||||
router = APIRouter(prefix="/api/v1/device", tags=["device"])
|
||||
|
||||
|
||||
@@ -40,7 +50,6 @@ def register_device(
|
||||
user_id=user.id,
|
||||
device_id=req.device_id,
|
||||
registration_id=req.registration_id,
|
||||
oppo_register_id=req.oppo_register_id,
|
||||
platform=req.platform,
|
||||
app_version=req.app_version,
|
||||
)
|
||||
@@ -53,21 +62,29 @@ def register_device(
|
||||
return DeviceOut.model_validate(device)
|
||||
|
||||
|
||||
@router.post("/heartbeat", response_model=OkResponse, summary="上报心跳")
|
||||
@router.post("/heartbeat", response_model=HeartbeatResponse, summary="上报心跳")
|
||||
def report_heartbeat(
|
||||
req: HeartbeatRequest,
|
||||
user: CurrentUser,
|
||||
db: DbSession,
|
||||
) -> OkResponse:
|
||||
) -> HeartbeatResponse:
|
||||
device_repo.touch_heartbeat(
|
||||
db,
|
||||
user_id=user.id,
|
||||
device_id=req.device_id,
|
||||
accessibility_enabled=req.accessibility_enabled,
|
||||
registration_id=req.registration_id,
|
||||
oppo_register_id=req.oppo_register_id,
|
||||
)
|
||||
return OkResponse()
|
||||
# PoC:该设备有"待比价"信号则带回(只对写死的测试设备生效, 取走即清、只弹一次)
|
||||
source = wx_poc_signal.pop_pending(req.device_id)
|
||||
pending = None
|
||||
if source:
|
||||
pending = PendingCompare(
|
||||
source_platform=source,
|
||||
source_package=_SOURCE_PACKAGES.get(source, ""),
|
||||
)
|
||||
logger.info("heartbeat 下发比价信号 device=%s source=%s", req.device_id, source)
|
||||
return HeartbeatResponse(pending_compare=pending)
|
||||
|
||||
|
||||
@router.get("/liveness", response_model=LivenessOut, summary="查询本机掉线告警(后置检测)")
|
||||
|
||||
@@ -0,0 +1,159 @@
|
||||
"""微信客服(企业微信)消息接收回调 /wx/kf/callback(裸路径, 非 /api/v1)。
|
||||
|
||||
对应企业微信「微信客服」→ 客服账号 → 接收消息回调里填的 URL。是服务号版(wx_mp.py)的
|
||||
平行实现:下游(set_pending → 心跳下发 → 前端弹窗)完全一致, 只有上游"如何拿到用户消息"不同 ——
|
||||
服务号是微信把消息直接 POST 给你;微信客服是 POST 一个事件通知, 你再用 <Token> 主动 sync_msg 拉。
|
||||
|
||||
GET : URL 接入验证 → msg_signature 验签(含密文 echostr) → 解密 echostr → 返回明文。
|
||||
⚠️ 与公众号明文模式不同:企业微信 echostr 是密文, 必须解密后返回。
|
||||
POST : 收事件(密文) → msg_signature 验签 → AES 解密 → 解析 XML。
|
||||
Event=kf_msg_or_event → 取 <Token>/<OpenKfId> → sync_msg 增量拉消息 →
|
||||
客户(origin=3)发来的图片(image) → set_pending(测试设备, "meituan") + 下载落盘。
|
||||
其余消息/事件记日志忽略。一律返回 "success"(异常也吞掉, 不让企业微信重试轰炸)。
|
||||
|
||||
回调加密与公众号「安全模式」同源, 直接复用 integrations/wx_mp_crypto(验签 + AES-256-CBC 解密),
|
||||
差别只在 receiveid 用 corpid(公众号是 appid)。MVP 只做"收图打信号 + 落盘证明链路通"。
|
||||
"""
|
||||
from __future__ import annotations
|
||||
|
||||
import logging
|
||||
import xml.etree.ElementTree as ET
|
||||
from pathlib import Path
|
||||
from typing import Any
|
||||
|
||||
from fastapi import APIRouter, Request
|
||||
from fastapi.responses import PlainTextResponse
|
||||
|
||||
from app.core import wx_poc_signal
|
||||
from app.core.config import settings
|
||||
from app.integrations import wx_kf_client, wx_mp_crypto
|
||||
|
||||
logger = logging.getLogger("shagua.wx_kf")
|
||||
|
||||
router = APIRouter(prefix="/wx/kf", tags=["wx-kf"])
|
||||
|
||||
# 收到的截图暂存目录(MVP 验证用;接上识别后可改为不落盘或定期清理)
|
||||
_INBOX = Path(settings.MEDIA_ROOT) / "wx_kf_inbox"
|
||||
|
||||
|
||||
@router.get("/callback", include_in_schema=False)
|
||||
async def verify(
|
||||
msg_signature: str = "", timestamp: str = "", nonce: str = "", echostr: str = ""
|
||||
) -> PlainTextResponse:
|
||||
"""企业微信 URL 接入验证:验签(密文 echostr 参与)→ 解密 echostr → 返回明文。"""
|
||||
if not settings.wx_kf_callback_configured:
|
||||
logger.warning("wx_kf verify: 回调凭证未配齐(CorpId/Token/AESKey/Secret)")
|
||||
return PlainTextResponse("", status_code=503)
|
||||
if not wx_mp_crypto.verify_msg_signature(
|
||||
settings.WX_KF_TOKEN, timestamp, nonce, echostr, msg_signature
|
||||
):
|
||||
logger.warning("wx_kf verify: signature 校验失败 ts=%s nonce=%s", timestamp, nonce)
|
||||
return PlainTextResponse("invalid signature", status_code=403)
|
||||
try:
|
||||
plain = wx_mp_crypto.decrypt_message(
|
||||
settings.WX_KF_AES_KEY, settings.WX_KF_CORP_ID, echostr
|
||||
)
|
||||
except Exception:
|
||||
logger.exception("wx_kf verify: echostr 解密失败")
|
||||
return PlainTextResponse("decrypt failed", status_code=403)
|
||||
return PlainTextResponse(plain)
|
||||
|
||||
|
||||
@router.post("/callback", include_in_schema=False)
|
||||
async def receive(request: Request) -> PlainTextResponse:
|
||||
"""收事件通知(安全模式)。任何异常都吞掉返回 success, 不让企业微信重试轰炸, 靠日志排查。"""
|
||||
if not settings.wx_kf_callback_configured:
|
||||
logger.warning("wx_kf receive: 回调凭证未配齐")
|
||||
return PlainTextResponse("success")
|
||||
try:
|
||||
body = (await request.body()).decode("utf-8")
|
||||
qp = request.query_params
|
||||
# 安全模式外层 XML 只有 ToUserName + Encrypt。来源=企业微信服务器(HTTPS)+ 下面验签,
|
||||
# 且 stdlib ET 不扩展外部实体, XXE 不适用。
|
||||
encrypt = ET.fromstring(body).findtext("Encrypt") or ""
|
||||
if not wx_mp_crypto.verify_msg_signature(
|
||||
settings.WX_KF_TOKEN,
|
||||
qp.get("timestamp", ""),
|
||||
qp.get("nonce", ""),
|
||||
encrypt,
|
||||
qp.get("msg_signature", ""),
|
||||
):
|
||||
logger.warning("wx_kf receive: msg_signature 校验失败")
|
||||
return PlainTextResponse("success")
|
||||
xml = wx_mp_crypto.decrypt_message(
|
||||
settings.WX_KF_AES_KEY, settings.WX_KF_CORP_ID, encrypt
|
||||
)
|
||||
await _handle_event(ET.fromstring(xml))
|
||||
except Exception:
|
||||
logger.exception("wx_kf receive: 处理异常")
|
||||
return PlainTextResponse("success")
|
||||
|
||||
|
||||
async def _handle_event(root: ET.Element) -> None:
|
||||
"""客服事件:MsgType=event 且 Event=kf_msg_or_event → 用 Token 增量拉消息。"""
|
||||
event = root.findtext("Event") or ""
|
||||
if event != "kf_msg_or_event":
|
||||
logger.info("wx_kf 收到事件(暂忽略): event=%s", event)
|
||||
return
|
||||
token = root.findtext("Token") or ""
|
||||
open_kfid = root.findtext("OpenKfId") or ""
|
||||
msgs = await wx_kf_client.sync_messages(token, open_kfid)
|
||||
logger.info("wx_kf sync_msg 拉到 %d 条 open_kfid=%s", len(msgs), open_kfid)
|
||||
for msg in msgs:
|
||||
await _handle_message(msg)
|
||||
|
||||
|
||||
async def _handle_message(msg: dict[str, Any]) -> None:
|
||||
"""处理单条客服消息。只关心【客户发来的】(origin=3)图片 / 小程序卡片:打比价信号(+ 落盘)。
|
||||
|
||||
origin:3=客户发的 / 4=系统推送 / 5=接待人员发的。接待人员或系统消息一律不触发比价。
|
||||
两种触发物对应场景:image=用户发结算页截图;miniprogram=用户分享美团小程序卡片(见需求截图)。
|
||||
"""
|
||||
if msg.get("origin") != 3:
|
||||
return
|
||||
msgtype = msg.get("msgtype") or ""
|
||||
external_userid = msg.get("external_userid") or ""
|
||||
if msgtype == "image":
|
||||
media_id = (msg.get("image") or {}).get("media_id", "")
|
||||
logger.info(
|
||||
"wx_kf 收到图片: external_userid=%s media_id=%s", external_userid, media_id
|
||||
)
|
||||
_fire_pending("image")
|
||||
await _save_media(media_id, external_userid)
|
||||
elif msgtype == "miniprogram":
|
||||
mp = msg.get("miniprogram") or {}
|
||||
logger.info(
|
||||
"wx_kf 收到小程序卡片: external_userid=%s title=%s appid=%s",
|
||||
external_userid,
|
||||
mp.get("title"),
|
||||
mp.get("appid"),
|
||||
)
|
||||
# 卡片无可下载媒体, 只打信号;源平台/订单识别(可据 appid 判平台)留后续, 现写死美团。
|
||||
_fire_pending("miniprogram")
|
||||
else:
|
||||
logger.info(
|
||||
"wx_kf 收到消息(暂忽略): external_userid=%s type=%s", external_userid, msgtype
|
||||
)
|
||||
|
||||
|
||||
def _fire_pending(kind: str) -> None:
|
||||
"""PoC:给写死的测试设备打"从美团比价"信号(下次心跳带回前端弹窗, 与服务号版完全一致)。"""
|
||||
poc_dev = settings.WX_POC_TEST_DEVICE_ID
|
||||
if not poc_dev:
|
||||
return
|
||||
wx_poc_signal.set_pending(poc_dev, "meituan")
|
||||
logger.info("wx_kf PoC: 已给测试设备 %s 打比价信号 source=meituan (触发=%s)", poc_dev, kind)
|
||||
|
||||
|
||||
async def _save_media(media_id: str, external_userid: str) -> None:
|
||||
"""图片消息只给 media_id, 走临时素材下载接口拉回落盘(PoC 验证用)。"""
|
||||
content = await wx_kf_client.download_media(media_id)
|
||||
if not content:
|
||||
return
|
||||
try:
|
||||
_INBOX.mkdir(parents=True, exist_ok=True)
|
||||
dest = _INBOX / f"{external_userid[:16]}_{media_id[:16]}.jpg"
|
||||
dest.write_bytes(content)
|
||||
logger.info("wx_kf 图片已落盘: %s (%d bytes)", dest, len(content))
|
||||
except Exception:
|
||||
logger.exception("wx_kf 图片落盘失败 media_id=%s", media_id)
|
||||
@@ -19,6 +19,7 @@ import httpx
|
||||
from fastapi import APIRouter, Request
|
||||
from fastapi.responses import PlainTextResponse
|
||||
|
||||
from app.core import wx_poc_signal
|
||||
from app.core.config import settings
|
||||
from app.integrations import wx_mp_crypto
|
||||
|
||||
@@ -85,6 +86,11 @@ async def _handle_message(root: ET.Element) -> None:
|
||||
logger.info(
|
||||
"wx_mp 收到图片: openid=%s media_id=%s pic_url=%s", openid, media_id, pic_url
|
||||
)
|
||||
# PoC: 写死"该测试设备要从美团比价", 下次心跳带回前端弹选平台窗
|
||||
poc_dev = settings.WX_POC_TEST_DEVICE_ID
|
||||
if poc_dev:
|
||||
wx_poc_signal.set_pending(poc_dev, "meituan")
|
||||
logger.info("wx_mp PoC: 已给测试设备 %s 打比价信号 source=meituan", poc_dev)
|
||||
await _download(pic_url, openid, media_id)
|
||||
else:
|
||||
logger.info("wx_mp 收到消息(暂忽略): openid=%s type=%s", openid, msg_type)
|
||||
|
||||
+43
-28
@@ -71,34 +71,6 @@ class Settings(BaseSettings):
|
||||
HEARTBEAT_TIMEOUT_MINUTES: int = 60 # 多久没心跳算掉线(1 小时,避免短暂离线误判被杀)
|
||||
HEARTBEAT_SCAN_INTERVAL_SEC: int = 60 # 扫描周期
|
||||
|
||||
# ===== OPPO 推送(厂商通道直连) =====
|
||||
# 直连 OPPO PUSH 服务端 API(api.push.oppomobile.com), 不经极光。凭证来自 OPPO 开放平台
|
||||
# 注册应用后分配(≠极光 JG_*)。两步鉴权: 先 /server/v1/auth 用 sha256(app_key+timestamp+
|
||||
# master_secret) 换 auth_token(缓存 24h), 再带 auth_token 调 /message/notification/unicast
|
||||
# 单推。提现审核通过等交易类通知走这条。未配凭证 → oppo_push_configured=False, 发送方静默
|
||||
# 跳过(不连累审核/打款)。
|
||||
OPPO_PUSH_ENABLED: bool = True # 总开关(配了凭证也能置 False 全局停发)
|
||||
OPPO_PUSH_APP_KEY: str = ""
|
||||
OPPO_PUSH_MASTER_SECRET: str = ""
|
||||
OPPO_PUSH_AUTH_ENDPOINT: str = "https://api.push.oppomobile.com/server/v1/auth"
|
||||
OPPO_PUSH_UNICAST_ENDPOINT: str = (
|
||||
"https://api.push.oppomobile.com/server/v1/message/notification/unicast"
|
||||
)
|
||||
OPPO_PUSH_REQUEST_TIMEOUT_SEC: int = 10
|
||||
# 通知点击行为(OPPO click_action_type; 0=启动应用首页)。交易类通知点开进首页即可。
|
||||
OPPO_PUSH_CLICK_ACTION_TYPE: int = 0
|
||||
# 通知渠道 id(Android 8+ NotificationChannel): 【客户端创建的渠道】+【OPPO 管理台登记】+
|
||||
# 【服务端此值】三方必须一致, 否则真机可能不展示。客户端 OppoPushHelper.CHANNEL_ID 同值。
|
||||
OPPO_PUSH_CHANNEL_ID: str = "push_oplus_category_content"
|
||||
# OPPO 新消息分类(Android 12+ 触达; 提现属 ACCOUNT 账号资产变化)。默认空=不带该字段——
|
||||
# 它依赖 OPPO 管理台的消息分类资质, 未开通就带上可能反被限制, 确认资质后再填(如 "ACCOUNT")。
|
||||
OPPO_PUSH_CATEGORY: str = ""
|
||||
|
||||
@property
|
||||
def oppo_push_configured(self) -> bool:
|
||||
"""OPPO 推送凭证是否齐备(app_key + master_secret)。缺任一 → 发送方静默跳过。"""
|
||||
return bool(self.OPPO_PUSH_APP_KEY and self.OPPO_PUSH_MASTER_SECRET)
|
||||
|
||||
# ===== 短信 =====
|
||||
SMS_MOCK: bool = True
|
||||
SMS_CODE_TTL_SEC: int = 300
|
||||
@@ -170,6 +142,34 @@ class Settings(BaseSettings):
|
||||
WX_MP_TOKEN: str = "" # 公众平台"服务器配置"的 Token(URL 验签 + 消息验签)
|
||||
WX_MP_AES_KEY: str = "" # EncodingAESKey(43 位, 消息 AES-256-CBC 加解密)
|
||||
|
||||
# ===== 微信截图比价 PoC(临时验证链路, 验证后删) =====
|
||||
# 只对这台写死的测试设备下发"从美团比价"信号;空=不触发任何设备(部署上线零风险)。
|
||||
# 收图 → 给此 device_id 打 pending → 该设备下次心跳带回 → 前端弹选平台窗。
|
||||
WX_POC_TEST_DEVICE_ID: str = ""
|
||||
|
||||
# ===== 微信客服(企业微信;截图比价上游入口 —— 服务号版的平行实现) =====
|
||||
# 用户在「微信客服」会话发消息 → 企业微信 POST 事件到 /wx/kf/callback → 后端 sync_msg 拉消息。
|
||||
# 回调加密与公众号「安全模式」同源(复用 wx_mp_crypto), 但 receiveid 用 corpid 且 echostr 需解密。
|
||||
# 拉消息 / 下载图片走 qyapi, 需 access_token(corpid + secret 换取)。全空=回调端点拒收, 零风险。
|
||||
WX_KF_CORP_ID: str = "" # 企业微信 corpid(回调解密 receiveid + 换 access_token)
|
||||
WX_KF_SECRET: str = "" # 「微信客服」Secret(换 access_token)
|
||||
WX_KF_TOKEN: str = "" # 客服「接收消息」回调的 Token(URL 验签 + 消息验签)
|
||||
WX_KF_AES_KEY: str = "" # 客服「接收消息」回调的 EncodingAESKey(AES-256-CBC 解密)
|
||||
|
||||
# ===== 微信会话内容存档(企业微信;"发给成员"那条路的截图/美团卡片比价上游入口) =====
|
||||
# 用户把美团小程序卡片/截图发给企业微信【成员】(非客服) → 会话存档 GetChatData 轮询拉取 →
|
||||
# RSA+AES 解密 → 识别 weapp/image → 给测试设备打比价信号。下游(心跳→弹窗→比价)复用。
|
||||
# 需后台开通「会话内容存档」+ 上传 RSA 公钥 + 配可信IP + 拿存档 Secret;.so 放服务器。
|
||||
# corpid 复用上面的 WX_KF_CORP_ID(同一企业)。ENABLED 默认关 → 未配好前零影响。
|
||||
WX_FINANCE_ENABLED: bool = False # 总开关(worker 是否启动)
|
||||
WX_FINANCE_SECRET: str = "" # 会话存档【专用】Secret(≠微信客服/自建应用)
|
||||
WX_FINANCE_SDK_PATH: str = "./libWeWorkFinanceSdk_C.so" # WeWorkFinanceSdk C 库(Linux .so)
|
||||
WX_FINANCE_PRIVATE_KEY_PATH: str = "./secrets/wx_finance_private.pem" # RSA 私钥(解 encrypt_random_key)
|
||||
WX_FINANCE_POLL_INTERVAL_SEC: float = 0.5 # GetChatData 轮询间隔秒(无回调、自己定频;支持亚秒如 0.5)
|
||||
WX_FINANCE_SEQ_FILE: str = "./data/wx_finance_seq.txt" # seq 游标持久化(防丢/重复)
|
||||
WX_FINANCE_RECEIVER_USERID: str = "" # 接收成员 userid(万朗杰);只处理【非他发】的消息, 空=不过滤
|
||||
WX_FINANCE_INTERNAL_URL: str = "http://127.0.0.1:8770" # poller 通知 app-server 打信号的内部地址(同机)
|
||||
|
||||
@property
|
||||
def wx_mp_configured(self) -> bool:
|
||||
"""服务号网页授权凭证齐全(缺则落地页不发起授权,降级为无 openid)。"""
|
||||
@@ -185,6 +185,21 @@ class Settings(BaseSettings):
|
||||
"""消息接收回调凭证齐全(Token + AESKey + AppID)。缺则回调端点拒绝处理消息。"""
|
||||
return bool(self.WX_MP_TOKEN and self.WX_MP_AES_KEY and self.WX_MP_APPID)
|
||||
|
||||
@property
|
||||
def wx_kf_callback_configured(self) -> bool:
|
||||
"""微信客服回调凭证齐全(CorpId + Token + AESKey + Secret)。缺则回调端点拒绝处理。"""
|
||||
return bool(
|
||||
self.WX_KF_CORP_ID
|
||||
and self.WX_KF_TOKEN
|
||||
and self.WX_KF_AES_KEY
|
||||
and self.WX_KF_SECRET
|
||||
)
|
||||
|
||||
@property
|
||||
def wx_finance_configured(self) -> bool:
|
||||
"""会话存档 worker 是否该启动 = 总开关开 且 corpid + 存档 Secret 齐全。"""
|
||||
return bool(self.WX_FINANCE_ENABLED and self.WX_KF_CORP_ID and self.WX_FINANCE_SECRET)
|
||||
|
||||
# ===== 微信支付(商家转账到零钱 / 提现)=====
|
||||
# 真实凭证放 .env(已 gitignore),证书 .pem 放 secrets/。WECHAT_APP_ID 同时用于
|
||||
# 微信登录(code 换 openid)与转账,必须与 App 端开放平台 appid 一致。
|
||||
|
||||
@@ -0,0 +1,27 @@
|
||||
"""微信截图比价 PoC:进程内存的"待比价"信号(单 worker 够用, 重启即失效, PoC 可接受)。
|
||||
|
||||
收图端点 set_pending(device_id, source) → 该设备下次心跳 pop_pending 取走并清除 →
|
||||
心跳响应带回 → 前端弹选平台窗。只对 settings.WX_POC_TEST_DEVICE_ID 写入, 不碰其他设备。
|
||||
后续接真识别 / openid↔device 绑定时整体替换本模块。
|
||||
"""
|
||||
from __future__ import annotations
|
||||
|
||||
import threading
|
||||
|
||||
_lock = threading.Lock()
|
||||
_pending: dict[str, str] = {} # device_id -> source_platform(如 "meituan")
|
||||
|
||||
|
||||
def set_pending(device_id: str, source_platform: str) -> None:
|
||||
if not device_id:
|
||||
return
|
||||
with _lock:
|
||||
_pending[device_id] = source_platform
|
||||
|
||||
|
||||
def pop_pending(device_id: str) -> str | None:
|
||||
"""取出并清除该设备的待比价信号;无则 None。心跳每帧调, 取到即消费(只弹一次)。"""
|
||||
if not device_id:
|
||||
return None
|
||||
with _lock:
|
||||
return _pending.pop(device_id, None)
|
||||
@@ -1,183 +0,0 @@
|
||||
"""OPPO 推送服务端直连(厂商通道)。
|
||||
|
||||
不经极光, 直接调 OPPO PUSH 服务端 API(api.push.oppomobile.com)。提现审核通过等交易类
|
||||
通知走这条。凭证来自 OPPO 开放平台(app_key/master_secret, 见 settings.OPPO_PUSH_*)。
|
||||
|
||||
两步鉴权(OPPO 协议):
|
||||
1. POST /server/v1/auth 用 sign=sha256(app_key+timestamp+master_secret) 换 auth_token
|
||||
(有效期 24h)。token 进程内缓存复用, 到期前自动重取。
|
||||
2. POST /server/v1/message/notification/unicast header 带 auth_token, 按单个
|
||||
registration_id(OPPO 的 registerID) 定向推送一条通知栏消息。
|
||||
|
||||
发送 best-effort: 未配凭证 / 网络失败 / OPPO 返错都抛 OppoPushError, 由调用方(push_notify)
|
||||
吞掉只记日志, 绝不连累审核/打款主流程。风格对齐 integrations/sms.py(httpx 同步 + 未配降级)。
|
||||
"""
|
||||
from __future__ import annotations
|
||||
|
||||
import hashlib
|
||||
import json
|
||||
import logging
|
||||
import time
|
||||
from dataclasses import dataclass
|
||||
from threading import Lock
|
||||
|
||||
import httpx
|
||||
|
||||
from app.core.config import settings
|
||||
|
||||
logger = logging.getLogger("shagua.oppo_push")
|
||||
|
||||
# OPPO target_type 枚举: 2 = 按 registration_id 单推
|
||||
_TARGET_TYPE_REGISTRATION_ID = 2
|
||||
# auth_token 官方有效期 24h; 提前 1h 视为过期重取, 留刷新余量(避免边界请求踩到刚过期)
|
||||
_TOKEN_TTL_SEC = 24 * 3600
|
||||
_TOKEN_REFRESH_MARGIN_SEC = 3600
|
||||
|
||||
|
||||
class OppoPushError(Exception):
|
||||
"""OPPO 推送失败(未配置 / 鉴权失败 / 网络错误 / OPPO 返错)。调用方 best-effort 吞。"""
|
||||
|
||||
|
||||
@dataclass
|
||||
class _CachedToken:
|
||||
token: str
|
||||
expires_at: float # epoch 秒(= 取到 token 的时刻 + 24h)
|
||||
|
||||
|
||||
# 进程内存 token 缓存(单 worker 有效; 多 worker 各自缓存, 各自换 token, OPPO 侧无副作用)
|
||||
_token_cache: _CachedToken | None = None
|
||||
_token_lock = Lock()
|
||||
|
||||
|
||||
def _sign(app_key: str, timestamp_ms: int, master_secret: str) -> str:
|
||||
"""OPPO 鉴权签名: sha256(app_key + timestamp + master_secret) 十六进制小写。"""
|
||||
raw = f"{app_key}{timestamp_ms}{master_secret}"
|
||||
return hashlib.sha256(raw.encode("utf-8")).hexdigest()
|
||||
|
||||
|
||||
def _parse_oppo_response(resp: httpx.Response, phase: str) -> dict | None:
|
||||
"""解析 OPPO 统一响应 {code, message, data}: code==0 返 data, 否则抛 OppoPushError。"""
|
||||
try:
|
||||
body = resp.json()
|
||||
except Exception as e:
|
||||
raise OppoPushError(
|
||||
f"OPPO {phase} 响应非 JSON(http={resp.status_code}): {resp.text[:200]}"
|
||||
) from e
|
||||
if body.get("code") != 0:
|
||||
raise OppoPushError(
|
||||
f"OPPO {phase} 失败 code={body.get('code')} message={body.get('message')!r}"
|
||||
)
|
||||
return body.get("data")
|
||||
|
||||
|
||||
def _fetch_auth_token() -> str:
|
||||
"""调 /server/v1/auth 换 auth_token。失败抛 OppoPushError。"""
|
||||
timestamp_ms = int(time.time() * 1000) # 毫秒时间戳(OPPO 允许 ±10 分钟误差)
|
||||
sign = _sign(
|
||||
settings.OPPO_PUSH_APP_KEY, timestamp_ms, settings.OPPO_PUSH_MASTER_SECRET
|
||||
)
|
||||
try:
|
||||
resp = httpx.post(
|
||||
settings.OPPO_PUSH_AUTH_ENDPOINT,
|
||||
data={
|
||||
"app_key": settings.OPPO_PUSH_APP_KEY,
|
||||
"sign": sign,
|
||||
"timestamp": timestamp_ms,
|
||||
},
|
||||
timeout=settings.OPPO_PUSH_REQUEST_TIMEOUT_SEC,
|
||||
)
|
||||
except httpx.HTTPError as e:
|
||||
raise OppoPushError(f"OPPO auth 网络错误: {e}") from e
|
||||
|
||||
data = _parse_oppo_response(resp, "auth")
|
||||
token = (data or {}).get("auth_token")
|
||||
if not token:
|
||||
raise OppoPushError(f"OPPO auth 未返回 auth_token: {resp.text[:200]}")
|
||||
return token
|
||||
|
||||
|
||||
def _get_auth_token(force_refresh: bool = False) -> str:
|
||||
"""取 auth_token(缓存优先; 到期或 force_refresh 才重取)。线程安全。"""
|
||||
global _token_cache
|
||||
now = time.time()
|
||||
with _token_lock:
|
||||
cache = _token_cache
|
||||
if (
|
||||
not force_refresh
|
||||
and cache is not None
|
||||
and now < cache.expires_at - _TOKEN_REFRESH_MARGIN_SEC
|
||||
):
|
||||
return cache.token
|
||||
token = _fetch_auth_token()
|
||||
_token_cache = _CachedToken(token=token, expires_at=now + _TOKEN_TTL_SEC)
|
||||
return token
|
||||
|
||||
|
||||
def send_notification(
|
||||
registration_id: str,
|
||||
title: str,
|
||||
content: str,
|
||||
*,
|
||||
click_action_type: int | None = None,
|
||||
) -> str:
|
||||
"""向单个 OPPO registerID 推一条通知栏消息, 返回 OPPO message_id。
|
||||
|
||||
失败(未配置 / 鉴权 / 网络 / OPPO 返错)一律抛 OppoPushError, 由调用方吞。
|
||||
unicast 首次失败时强刷一次 token 重试(覆盖 token 被 OPPO 提前失效的情况); 网络错误不重试。
|
||||
"""
|
||||
if not settings.OPPO_PUSH_ENABLED:
|
||||
raise OppoPushError("OPPO 推送总开关关闭(OPPO_PUSH_ENABLED=false)")
|
||||
if not settings.oppo_push_configured:
|
||||
raise OppoPushError("OPPO 推送未配置(缺 OPPO_PUSH_APP_KEY/OPPO_PUSH_MASTER_SECRET)")
|
||||
if not registration_id:
|
||||
raise OppoPushError("registration_id 为空")
|
||||
|
||||
if click_action_type is None:
|
||||
click_action_type = settings.OPPO_PUSH_CLICK_ACTION_TYPE
|
||||
notification = {
|
||||
"title": title,
|
||||
"content": content,
|
||||
"click_action_type": click_action_type,
|
||||
}
|
||||
# channel_id: Android 8+ 通知渠道(客户端已建同名渠道 + OPPO 管理台登记, 三方一致才展示)。
|
||||
if settings.OPPO_PUSH_CHANNEL_ID:
|
||||
notification["channel_id"] = settings.OPPO_PUSH_CHANNEL_ID
|
||||
# category: OPPO 新消息分类(默认空不带; 依赖管理台资质, 见 config 注释)。
|
||||
if settings.OPPO_PUSH_CATEGORY:
|
||||
notification["category"] = settings.OPPO_PUSH_CATEGORY
|
||||
message = {
|
||||
"target_type": _TARGET_TYPE_REGISTRATION_ID,
|
||||
"target_value": registration_id,
|
||||
"notification": notification,
|
||||
}
|
||||
# OPPO unicast body 是 form 编码, message 字段为 JSON 字符串
|
||||
payload = {"message": json.dumps(message, ensure_ascii=False)}
|
||||
|
||||
last_err: OppoPushError | None = None
|
||||
for attempt in range(2):
|
||||
token = _get_auth_token(force_refresh=(attempt == 1))
|
||||
try:
|
||||
resp = httpx.post(
|
||||
settings.OPPO_PUSH_UNICAST_ENDPOINT,
|
||||
data=payload,
|
||||
headers={"auth_token": token},
|
||||
timeout=settings.OPPO_PUSH_REQUEST_TIMEOUT_SEC,
|
||||
)
|
||||
except httpx.HTTPError as e:
|
||||
# 网络错误与 token 无关, 不强刷重试
|
||||
raise OppoPushError(f"OPPO unicast 网络错误: {e}") from e
|
||||
try:
|
||||
data = _parse_oppo_response(resp, "unicast")
|
||||
except OppoPushError as e:
|
||||
last_err = e
|
||||
if attempt == 0:
|
||||
logger.warning("[OPPO] unicast 失败(%s), 强刷 token 重试一次", e)
|
||||
continue
|
||||
raise
|
||||
message_id = (data or {}).get("message_id", "")
|
||||
logger.info(
|
||||
"[OPPO] 推送成功 regId=%s… message_id=%s", registration_id[:12], message_id
|
||||
)
|
||||
return message_id
|
||||
# 理论到不了(第二次失败已 raise); 防御性收尾
|
||||
raise last_err or OppoPushError("OPPO unicast 重试后仍失败")
|
||||
@@ -0,0 +1,100 @@
|
||||
"""微信会话内容存档 SDK 封装(WeWorkFinanceSdk C 库的 ctypes 绑定 + 消息解密)。
|
||||
|
||||
企业微信「会话内容存档」是拿"成员↔外部用户私聊消息正文"(含美团小程序卡片)的官方途径:
|
||||
主动轮询 GetChatData(seq) 拉取。每条消息两段密文:
|
||||
- encrypt_random_key:用【企业自持 RSA 私钥】解出 AES 密钥
|
||||
- encrypt_chat_msg :SDK DecryptData 用该密钥解出明文消息 JSON
|
||||
本模块封装:加载 .so → Init → GetChatData → RSA 解密随机密钥 → DecryptData。纯外部依赖,
|
||||
不含业务逻辑(识别 weapp/image → 打信号在 core/wx_finance_worker.py)。
|
||||
|
||||
.so 需放服务器(Linux `libWeWorkFinanceSdk_C.so`),路径 settings.WX_FINANCE_SDK_PATH。
|
||||
⚠️ CDLL 在实例化时才加载(非 import 期),故本模块在无 .so 的机器上也能安全 import。
|
||||
"""
|
||||
from __future__ import annotations
|
||||
|
||||
import base64
|
||||
import ctypes
|
||||
import json
|
||||
import logging
|
||||
from typing import Any
|
||||
|
||||
from cryptography.hazmat.primitives.asymmetric import padding
|
||||
from cryptography.hazmat.primitives.serialization import load_pem_private_key
|
||||
|
||||
logger = logging.getLogger("shagua.wx_finance")
|
||||
|
||||
|
||||
class WxFinanceError(RuntimeError):
|
||||
"""SDK 调用返回非 0 / 业务 errcode 时抛。"""
|
||||
|
||||
|
||||
class WxFinanceSdk:
|
||||
"""WeWorkFinanceSdk 薄封装。实例化即加载 .so + Init(需 corpid/secret 正确 + 服务器 IP 在可信IP)。"""
|
||||
|
||||
def __init__(self, sdk_path: str, corpid: str, secret: str, private_key_pem: bytes) -> None:
|
||||
self._priv = load_pem_private_key(private_key_pem, password=None)
|
||||
self._lib = ctypes.CDLL(sdk_path) # 缺 .so / 缺 libssl 依赖会在此抛 OSError
|
||||
self._bind()
|
||||
self._sdk = self._lib.NewSdk()
|
||||
ret = self._lib.Init(self._sdk, corpid.encode(), secret.encode())
|
||||
if ret != 0:
|
||||
raise WxFinanceError(f"Init 失败 ret={ret}(检查 corpid / 会话存档 Secret / 可信IP)")
|
||||
|
||||
def _bind(self) -> None:
|
||||
lib = self._lib
|
||||
lib.NewSdk.restype = ctypes.c_void_p
|
||||
lib.Init.argtypes = [ctypes.c_void_p, ctypes.c_char_p, ctypes.c_char_p]
|
||||
lib.Init.restype = ctypes.c_int
|
||||
lib.GetChatData.argtypes = [
|
||||
ctypes.c_void_p, ctypes.c_ulonglong, ctypes.c_uint,
|
||||
ctypes.c_char_p, ctypes.c_char_p, ctypes.c_int, ctypes.c_void_p,
|
||||
]
|
||||
lib.GetChatData.restype = ctypes.c_int
|
||||
# ⚠️ DecryptData 不吃 sdk 句柄(与 GetChatData 不同, 它是纯解密函数)——只有 3 个参数,
|
||||
# 多传 sdk 会让参数错位、encrypt_key 收到 sdk 指针 → DecryptData 返 10008(解析 encrypt_key 出错)。
|
||||
lib.DecryptData.argtypes = [ctypes.c_char_p, ctypes.c_char_p, ctypes.c_void_p]
|
||||
lib.DecryptData.restype = ctypes.c_int
|
||||
lib.NewSlice.restype = ctypes.c_void_p
|
||||
lib.FreeSlice.argtypes = [ctypes.c_void_p]
|
||||
lib.GetContentFromSlice.argtypes = [ctypes.c_void_p]
|
||||
lib.GetContentFromSlice.restype = ctypes.c_void_p
|
||||
lib.GetSliceLen.argtypes = [ctypes.c_void_p]
|
||||
lib.GetSliceLen.restype = ctypes.c_int
|
||||
lib.DestroySdk.argtypes = [ctypes.c_void_p]
|
||||
|
||||
def _slice_bytes(self, slc: int) -> bytes:
|
||||
ptr = self._lib.GetContentFromSlice(slc)
|
||||
length = self._lib.GetSliceLen(slc)
|
||||
return ctypes.string_at(ptr, length)
|
||||
|
||||
def get_chat_data(self, seq: int, limit: int = 1000, timeout: int = 10) -> list[dict[str, Any]]:
|
||||
"""拉 seq 之后的消息(返回从 seq+1 起)。返回 chatdata 列表(每项含 seq/encrypt_random_key/encrypt_chat_msg)。"""
|
||||
slc = self._lib.NewSlice()
|
||||
try:
|
||||
ret = self._lib.GetChatData(self._sdk, int(seq), int(limit), None, None, int(timeout), slc)
|
||||
if ret != 0:
|
||||
raise WxFinanceError(f"GetChatData 失败 ret={ret}")
|
||||
data = json.loads(self._slice_bytes(slc).decode("utf-8"))
|
||||
finally:
|
||||
self._lib.FreeSlice(slc)
|
||||
if data.get("errcode"):
|
||||
raise WxFinanceError(f"GetChatData errcode={data.get('errcode')} {data.get('errmsg')}")
|
||||
return data.get("chatdata", [])
|
||||
|
||||
def decrypt(self, encrypt_random_key_b64: str, encrypt_chat_msg: str) -> dict[str, Any]:
|
||||
"""RSA 私钥解 encrypt_random_key → 得 AES 密钥 → DecryptData 解 encrypt_chat_msg → 明文 dict。"""
|
||||
# 企业微信用你上传的 RSA 公钥(PKCS1)加密随机密钥, 这里用对应私钥解出, 原样交给 DecryptData。
|
||||
aes_key = self._priv.decrypt(base64.b64decode(encrypt_random_key_b64), padding.PKCS1v15())
|
||||
slc = self._lib.NewSlice()
|
||||
try:
|
||||
ret = self._lib.DecryptData(aes_key, encrypt_chat_msg.encode(), slc)
|
||||
if ret != 0:
|
||||
raise WxFinanceError(f"DecryptData 失败 ret={ret}")
|
||||
return json.loads(self._slice_bytes(slc).decode("utf-8"))
|
||||
finally:
|
||||
self._lib.FreeSlice(slc)
|
||||
|
||||
def close(self) -> None:
|
||||
if getattr(self, "_sdk", None):
|
||||
self._lib.DestroySdk(self._sdk)
|
||||
self._sdk = None
|
||||
@@ -0,0 +1,126 @@
|
||||
"""微信客服(企业微信)API 客户端:access_token 缓存 + sync_msg 拉消息 + 临时素材下载。
|
||||
|
||||
对应 api/v1/wx_kf.py:收到 `kf_msg_or_event` 回调后, 用这里的函数增量拉取用户消息。
|
||||
- access_token(7200s)进程内缓存, 提前 300s 刷新(单 worker 够用, 重启即失效)。
|
||||
- sync_msg 游标 next_cursor 按 open_kfid 进程内存续(PoC 重启后从最近 3 天重拉, 可接受)。
|
||||
凭证来自 settings(WX_KF_CORP_ID / WX_KF_SECRET);纯外部 HTTP, 不含业务逻辑。
|
||||
"""
|
||||
from __future__ import annotations
|
||||
|
||||
import asyncio
|
||||
import logging
|
||||
import time
|
||||
from typing import Any
|
||||
|
||||
import httpx
|
||||
|
||||
from app.core.config import settings
|
||||
|
||||
logger = logging.getLogger("shagua.wx_kf")
|
||||
|
||||
_QYAPI = "https://qyapi.weixin.qq.com/cgi-bin"
|
||||
|
||||
# access_token 进程内缓存(单 worker)。token 空 / 未到刷新点直接用。
|
||||
_token_lock = asyncio.Lock()
|
||||
_token_cache: dict[str, Any] = {"token": "", "expire_at": 0.0}
|
||||
|
||||
# sync_msg 游标:open_kfid -> next_cursor(PoC 进程内存;重启从最近 3 天重拉)
|
||||
_cursors: dict[str, str] = {}
|
||||
|
||||
|
||||
async def _get_access_token() -> str:
|
||||
"""取企业微信 access_token, 进程内缓存, 提前 300s 过期刷新。失败返回空串(调用方降级)。"""
|
||||
now = time.time()
|
||||
if _token_cache["token"] and _token_cache["expire_at"] - 300 > now:
|
||||
return _token_cache["token"]
|
||||
async with _token_lock:
|
||||
now = time.time() # 拿锁后复检, 避免并发重复刷新
|
||||
if _token_cache["token"] and _token_cache["expire_at"] - 300 > now:
|
||||
return _token_cache["token"]
|
||||
try:
|
||||
async with httpx.AsyncClient(timeout=10) as client:
|
||||
resp = await client.get(
|
||||
f"{_QYAPI}/gettoken",
|
||||
params={
|
||||
"corpid": settings.WX_KF_CORP_ID,
|
||||
"corpsecret": settings.WX_KF_SECRET,
|
||||
},
|
||||
)
|
||||
data = resp.json()
|
||||
except Exception:
|
||||
logger.exception("wx_kf gettoken 请求失败")
|
||||
return ""
|
||||
if data.get("errcode"):
|
||||
logger.warning(
|
||||
"wx_kf gettoken errcode=%s errmsg=%s", data.get("errcode"), data.get("errmsg")
|
||||
)
|
||||
return ""
|
||||
_token_cache["token"] = data.get("access_token", "")
|
||||
_token_cache["expire_at"] = now + int(data.get("expires_in", 7200))
|
||||
return _token_cache["token"]
|
||||
|
||||
|
||||
async def sync_messages(token: str, open_kfid: str) -> list[dict[str, Any]]:
|
||||
"""收到 kf_msg_or_event 回调后调用:用回调带的一次性 token 增量拉消息, has_more 循环拉完。
|
||||
|
||||
token: 回调事件里的 <Token>(消息拉取凭证, 非配置 Token;不传会有严格频控)。
|
||||
open_kfid:客服账号 id(回调里的 <OpenKfId>)。
|
||||
返回本次新拉到的 msg_list(已合并多页);游标按 open_kfid 进程内存续。
|
||||
"""
|
||||
access_token = await _get_access_token()
|
||||
if not access_token:
|
||||
return []
|
||||
out: list[dict[str, Any]] = []
|
||||
cursor = _cursors.get(open_kfid, "")
|
||||
try:
|
||||
async with httpx.AsyncClient(timeout=15) as client:
|
||||
for _ in range(20): # 最多 20 页护栏, 防异常时死循环
|
||||
body: dict[str, Any] = {"cursor": cursor, "token": token, "limit": 1000}
|
||||
if open_kfid:
|
||||
body["open_kfid"] = open_kfid
|
||||
resp = await client.post(
|
||||
f"{_QYAPI}/kf/sync_msg",
|
||||
params={"access_token": access_token},
|
||||
json=body,
|
||||
)
|
||||
data = resp.json()
|
||||
if data.get("errcode"):
|
||||
logger.warning(
|
||||
"wx_kf sync_msg errcode=%s errmsg=%s",
|
||||
data.get("errcode"),
|
||||
data.get("errmsg"),
|
||||
)
|
||||
break
|
||||
out.extend(data.get("msg_list", []))
|
||||
cursor = data.get("next_cursor", cursor)
|
||||
_cursors[open_kfid] = cursor
|
||||
if not data.get("has_more"):
|
||||
break
|
||||
except Exception:
|
||||
logger.exception("wx_kf sync_msg 请求失败 open_kfid=%s", open_kfid)
|
||||
return out
|
||||
|
||||
|
||||
async def download_media(media_id: str) -> bytes | None:
|
||||
"""临时素材下载(图片消息只给 media_id)。成功返回二进制, 失败返回 None。"""
|
||||
if not media_id:
|
||||
return None
|
||||
access_token = await _get_access_token()
|
||||
if not access_token:
|
||||
return None
|
||||
try:
|
||||
async with httpx.AsyncClient(timeout=20) as client:
|
||||
resp = await client.get(
|
||||
f"{_QYAPI}/media/get",
|
||||
params={"access_token": access_token, "media_id": media_id},
|
||||
)
|
||||
resp.raise_for_status()
|
||||
# 成功=二进制文件流;失败=JSON(errcode)。据 Content-Type 区分。
|
||||
ctype = resp.headers.get("Content-Type", "")
|
||||
if "application/json" in ctype or "text/plain" in ctype:
|
||||
logger.warning("wx_kf media/get 非文件响应: %s", resp.text[:200])
|
||||
return None
|
||||
return resp.content
|
||||
except Exception:
|
||||
logger.exception("wx_kf media/get 下载失败 media_id=%s", media_id)
|
||||
return None
|
||||
@@ -19,6 +19,7 @@ from app.api.internal.app_version import router as internal_app_version_router
|
||||
from app.api.internal.launch_confirm import router as internal_launch_confirm_router
|
||||
from app.api.internal.price import router as internal_price_router
|
||||
from app.api.internal.store import router as internal_store_router
|
||||
from app.api.internal.wx_finance import router as internal_wx_finance_router
|
||||
from app.api.v1.ad import router as ad_router
|
||||
from app.api.v1.analytics import router as analytics_router
|
||||
from app.api.v1.auth import router as auth_router
|
||||
@@ -39,6 +40,7 @@ from app.api.v1.signin import router as signin_router
|
||||
from app.api.v1.tasks import router as tasks_router
|
||||
from app.api.v1.user import router as user_router
|
||||
from app.api.v1.wallet import router as wallet_router
|
||||
from app.api.v1.wx_kf import router as wx_kf_router
|
||||
from app.api.v1.wx_mp import router as wx_mp_router
|
||||
from app.api.v1.wxpay import router as wxpay_router
|
||||
from app.core.config import settings
|
||||
@@ -138,11 +140,15 @@ app.include_router(internal_price_router)
|
||||
app.include_router(internal_store_router)
|
||||
app.include_router(internal_app_version_router)
|
||||
app.include_router(internal_launch_confirm_router)
|
||||
# 会话存档独立 poller → 打比价信号(server→server, X-Internal-Secret;轮询进程在 app 外, 见 scripts/wx_finance_poller.py)
|
||||
app.include_router(internal_wx_finance_router)
|
||||
app.include_router(platform_router)
|
||||
# CPS 群发短链跳转 /c/{code}(公网无鉴权:记点击 → 302 跳美团)
|
||||
app.include_router(cps_redirect_router)
|
||||
# 微信服务号消息接收回调 /wx/mp/callback(公网无鉴权:微信服务器验签, 截图比价入口)
|
||||
app.include_router(wx_mp_router)
|
||||
# 微信客服(企业微信)消息接收回调 /wx/kf/callback(服务号版的平行实现, 收事件→sync_msg 拉图)
|
||||
app.include_router(wx_kf_router)
|
||||
|
||||
# 用户上传文件(头像)静态服务。生产可改由 nginx 直接 serve MEDIA_ROOT。
|
||||
_media_root = Path(settings.MEDIA_ROOT)
|
||||
|
||||
@@ -44,9 +44,6 @@ class DeviceLiveness(Base):
|
||||
device_id: Mapped[str] = mapped_column(String(128), index=True, nullable=False)
|
||||
# 极光推送 registration id;拿到才填(JCollectionAuth 同意后才下发)
|
||||
registration_id: Mapped[str | None] = mapped_column(String(64), nullable=True)
|
||||
# OPPO 官方推送 SDK(HeytapPushManager)的 registerID; 直连 OPPO 厂商通道用(≠极光 registration_id)。
|
||||
# 一台 OPPO 设备两套 token 并存: 极光走极光自有/其它厂商通道, 这个走 OPPO 直连(提现审核通过等交易通知)。
|
||||
oppo_register_id: Mapped[str | None] = mapped_column(String(128), nullable=True)
|
||||
platform: Mapped[str] = mapped_column(String(16), nullable=False, default="android")
|
||||
app_version: Mapped[str | None] = mapped_column(String(32), nullable=True)
|
||||
|
||||
|
||||
@@ -22,18 +22,16 @@ def register_or_update(
|
||||
user_id: int,
|
||||
device_id: str,
|
||||
registration_id: str | None,
|
||||
oppo_register_id: str | None = None,
|
||||
platform: str = "android",
|
||||
app_version: str | None = None,
|
||||
) -> DeviceLiveness:
|
||||
"""注册设备或更新其 registration_id / oppo_register_id / 元信息。upsert by (user_id, device_id)。"""
|
||||
"""注册设备或更新其 registration_id / 元信息。upsert by (user_id, device_id)。"""
|
||||
device = _get(db, user_id=user_id, device_id=device_id)
|
||||
if device is None:
|
||||
device = DeviceLiveness(
|
||||
user_id=user_id,
|
||||
device_id=device_id,
|
||||
registration_id=registration_id,
|
||||
oppo_register_id=oppo_register_id,
|
||||
platform=platform or "android",
|
||||
app_version=app_version,
|
||||
)
|
||||
@@ -41,8 +39,6 @@ def register_or_update(
|
||||
else:
|
||||
if registration_id:
|
||||
device.registration_id = registration_id
|
||||
if oppo_register_id:
|
||||
device.oppo_register_id = oppo_register_id
|
||||
if platform:
|
||||
device.platform = platform
|
||||
if app_version:
|
||||
@@ -59,13 +55,11 @@ def touch_heartbeat(
|
||||
device_id: str,
|
||||
accessibility_enabled: bool,
|
||||
registration_id: str | None,
|
||||
oppo_register_id: str | None = None,
|
||||
) -> DeviceLiveness:
|
||||
"""处理一次心跳(心跳也能自注册)。
|
||||
|
||||
service 心跳或 accessibility_enabled=true 时,刷新存活并把状态机重置回 alive、
|
||||
清掉 notified_at(掉线恢复 → 下次再断才会再推一条)。registration_id / oppo_register_id
|
||||
非空时顺带更新(客户端拿到 push token 后每次心跳带上, 后端最终一致)。
|
||||
清掉 notified_at(掉线恢复 → 下次再断才会再推一条)。
|
||||
"""
|
||||
now = datetime.now(timezone.utc)
|
||||
device = _get(db, user_id=user_id, device_id=device_id)
|
||||
@@ -75,8 +69,6 @@ def touch_heartbeat(
|
||||
|
||||
if registration_id:
|
||||
device.registration_id = registration_id
|
||||
if oppo_register_id:
|
||||
device.oppo_register_id = oppo_register_id
|
||||
device.last_report_protection_on = accessibility_enabled
|
||||
|
||||
if accessibility_enabled:
|
||||
@@ -126,25 +118,6 @@ def get_device(db: Session, *, user_id: int, device_id: str) -> DeviceLiveness |
|
||||
return _get(db, user_id=user_id, device_id=device_id)
|
||||
|
||||
|
||||
def list_oppo_register_ids_by_user(db: Session, *, user_id: int) -> list[str]:
|
||||
"""取某用户所有设备已登记的 OPPO registerID(去重保序, 非空)。
|
||||
|
||||
提现审核通过推送用: 一个用户可能多台设备, 每台都推; 没 OPPO token 的设备(非 OPPO 机 /
|
||||
未集成 OPPO SDK)自然不在列。空列表 = 该用户没有可推的 OPPO 设备。
|
||||
"""
|
||||
stmt = select(DeviceLiveness.oppo_register_id).where(
|
||||
DeviceLiveness.user_id == user_id,
|
||||
DeviceLiveness.oppo_register_id.is_not(None),
|
||||
)
|
||||
seen: set[str] = set()
|
||||
out: list[str] = []
|
||||
for rid in db.execute(stmt).scalars().all():
|
||||
if rid and rid not in seen:
|
||||
seen.add(rid)
|
||||
out.append(rid)
|
||||
return out
|
||||
|
||||
|
||||
def ack_kill_alert(db: Session, *, user_id: int, device_id: str) -> None:
|
||||
"""客户端已弹过「开启自启动」引导 → 清「待提醒」标记(幂等; 下次真掉线 worker 再置)。"""
|
||||
device = _get(db, user_id=user_id, device_id=device_id)
|
||||
|
||||
+14
-3
@@ -9,7 +9,6 @@ from pydantic import BaseModel, ConfigDict
|
||||
class DeviceRegisterRequest(BaseModel):
|
||||
device_id: str
|
||||
registration_id: str | None = None
|
||||
oppo_register_id: str | None = None
|
||||
platform: str = "android"
|
||||
app_version: str | None = None
|
||||
|
||||
@@ -19,7 +18,6 @@ class HeartbeatRequest(BaseModel):
|
||||
source: str = "service" # service | app
|
||||
accessibility_enabled: bool = True
|
||||
registration_id: str | None = None
|
||||
oppo_register_id: str | None = None
|
||||
|
||||
|
||||
class DeviceOut(BaseModel):
|
||||
@@ -28,7 +26,6 @@ class DeviceOut(BaseModel):
|
||||
id: int
|
||||
device_id: str
|
||||
registration_id: str | None
|
||||
oppo_register_id: str | None
|
||||
ever_protected: bool
|
||||
liveness_state: str
|
||||
last_heartbeat_at: datetime | None
|
||||
@@ -39,6 +36,20 @@ class OkResponse(BaseModel):
|
||||
ok: bool = True
|
||||
|
||||
|
||||
class PendingCompare(BaseModel):
|
||||
"""PoC:后端通过心跳下发的"用户要从某源平台比价"信号。前端据此弹选平台窗 + launch 源平台。"""
|
||||
source_platform: str # pricebot 源平台代号(PoC 写死 "meituan")
|
||||
source_package: str # 源平台 Android 包名(前端 launch 用)
|
||||
|
||||
|
||||
class HeartbeatResponse(BaseModel):
|
||||
"""心跳响应。常规只回 ok;PoC 期带回 pending_compare 触发比价(exclude_none 省略 null)。"""
|
||||
model_config = ConfigDict()
|
||||
|
||||
ok: bool = True
|
||||
pending_compare: PendingCompare | None = None
|
||||
|
||||
|
||||
class LivenessOut(BaseModel):
|
||||
"""本机掉线告警状态(后置检测 pull 版)。客户端只需这一个布尔判断要不要弹「开启自启动」引导,
|
||||
故只返回 kill_alert_pending(不暴露设备详情 / 内部 liveness_state 等)。从未注册过 → 默认 False(无告警)。"""
|
||||
|
||||
@@ -0,0 +1,13 @@
|
||||
"""会话存档独立 poller → app-server 内部信号端点的 schema。"""
|
||||
from __future__ import annotations
|
||||
|
||||
from pydantic import BaseModel
|
||||
|
||||
|
||||
class WxFinancePendingIn(BaseModel):
|
||||
source: str = "meituan" # 源平台代号(pop 后前端 launch 用;PoC 写死 meituan)
|
||||
kind: str = "" # 触发物类型 weapp / image(仅日志用)
|
||||
|
||||
|
||||
class WxFinancePendingOut(BaseModel):
|
||||
ok: bool = True
|
||||
@@ -1,74 +0,0 @@
|
||||
"""推送通知编排(查设备 push token → 调厂商推送)。
|
||||
|
||||
薄编排层: repositories(取 token) + integrations(发送) 的粘合, 供 api / admin router 调用。
|
||||
所有发送 best-effort —— 失败只 log, 绝不抛给调用方(不连累审核/打款等主流程)。
|
||||
|
||||
当前只有 OPPO 直连一条通道(提现审核通过通知)。后续加华为/vivo 等厂商时, 在这里按设备
|
||||
token 做通道分发, 上层业务函数(notify_withdraw_approved 等)不感知通道差异。
|
||||
"""
|
||||
from __future__ import annotations
|
||||
|
||||
import logging
|
||||
import threading
|
||||
|
||||
from sqlalchemy.orm import Session
|
||||
|
||||
from app.db.session import SessionLocal
|
||||
from app.integrations import oppo_push
|
||||
from app.integrations.oppo_push import OppoPushError
|
||||
from app.repositories import device as device_repo
|
||||
|
||||
logger = logging.getLogger("shagua.push_notify")
|
||||
|
||||
_WITHDRAW_APPROVED_TITLE = "提现审核通过"
|
||||
_WITHDRAW_APPROVED_CONTENT = "您的提现申请已审核通过,款项将很快到账,请留意微信零钱。"
|
||||
|
||||
|
||||
def notify_withdraw_approved(db: Session, *, user_id: int) -> int:
|
||||
"""提现审核通过 → 给该用户所有 OPPO 设备各推一条通知。返回成功推送的设备数。
|
||||
|
||||
best-effort: 未配 OPPO / 无 OPPO 设备 / 单设备发送失败都不抛, 只 log。审核主流程绝不受影响。
|
||||
调用方仍应包一层 try/except 兜底本函数自身的意外异常(如 DB 查询失败)。
|
||||
"""
|
||||
reg_ids = device_repo.list_oppo_register_ids_by_user(db, user_id=user_id)
|
||||
if not reg_ids:
|
||||
logger.info("[push] withdraw_approved user_id=%s 无 OPPO 设备, 跳过", user_id)
|
||||
return 0
|
||||
|
||||
sent = 0
|
||||
for rid in reg_ids:
|
||||
try:
|
||||
oppo_push.send_notification(
|
||||
rid, _WITHDRAW_APPROVED_TITLE, _WITHDRAW_APPROVED_CONTENT
|
||||
)
|
||||
sent += 1
|
||||
except OppoPushError as e:
|
||||
logger.warning(
|
||||
"[push] withdraw_approved user_id=%s regId=%s… 发送失败: %s",
|
||||
user_id, rid[:12], e,
|
||||
)
|
||||
logger.info(
|
||||
"[push] withdraw_approved user_id=%s 推送 %d/%d 台 OPPO 设备",
|
||||
user_id, sent, len(reg_ids),
|
||||
)
|
||||
return sent
|
||||
|
||||
|
||||
def notify_withdraw_approved_async(user_id: int) -> None:
|
||||
"""fire-and-forget 版: 后台守护线程新开 session 发推送, 不阻塞审核响应(对齐 best-effort)。
|
||||
|
||||
审核 approve 已同步调微信转账, 推送不该再把外部 API 耗时叠进响应(多设备/OPPO 慢时最坏
|
||||
N×timeout)。线程内必须新开 SessionLocal —— 请求级 session 在响应返回后即关, 不能跨线程用。
|
||||
起线程失败也只 log, 绝不连累审核。
|
||||
"""
|
||||
def _run() -> None:
|
||||
try:
|
||||
with SessionLocal() as db:
|
||||
notify_withdraw_approved(db, user_id=user_id)
|
||||
except Exception: # noqa: BLE001 - 后台线程绝不抛
|
||||
logger.warning("[push] withdraw_approved async 异常 user_id=%s", user_id, exc_info=True)
|
||||
|
||||
try:
|
||||
threading.Thread(target=_run, name=f"oppo-push-{user_id}", daemon=True).start()
|
||||
except Exception: # noqa: BLE001 - 起线程失败也绝不连累审核
|
||||
logger.warning("[push] withdraw_approved async 起线程失败 user_id=%s", user_id, exc_info=True)
|
||||
@@ -0,0 +1,18 @@
|
||||
[Unit]
|
||||
# 会话存档轮询 poller —— 独立进程跑 WeWorkFinanceSdk(Go c-shared .so),与 app-server 隔离:
|
||||
# 嵌进 app-server 会 segfault 把主进程带崩,拆出来后崩了 systemd 只重启本服务、不影响 app-server。
|
||||
Description=Shaguabijia 会话存档轮询 poller (WeWorkFinanceSdk, isolated from app-server)
|
||||
After=network.target shaguabijia-app-server.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=root
|
||||
WorkingDirectory=/opt/shaguabijia-app-server
|
||||
Environment="PATH=/opt/shaguabijia-app-server/.venv/bin:/usr/bin:/bin"
|
||||
EnvironmentFile=/opt/shaguabijia-app-server/.env
|
||||
ExecStart=/opt/shaguabijia-app-server/.venv/bin/python scripts/wx_finance_poller.py
|
||||
Restart=on-failure
|
||||
RestartSec=5
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@@ -0,0 +1,152 @@
|
||||
"""会话存档【独立进程】轮询 poller —— 单独 systemd 服务跑, 与 app-server 隔离。
|
||||
|
||||
为什么独立进程:WeWorkFinanceSdk 是 Go 编译的 c-shared 库, 自带 Go runtime。嵌进 app-server(uvicorn)
|
||||
后台线程里跑会 segfault、把主进程带崩(2026-07-17 实测 core-dump 每 5s 循环)。独立进程让 Go runtime
|
||||
独占进程 + 主线程, 崩了 systemd 只重启本 poller、不动 app-server。拉到美团卡片(weapp)/截图(image)
|
||||
→ POST app-server 内部端点 /internal/wx-finance/pending 打比价信号(下游心跳→弹窗→比价 完全复用)。
|
||||
|
||||
手动跑: cd /opt/shaguabijia-app-server && .venv/bin/python scripts/wx_finance_poller.py
|
||||
生产: deploy/wx-finance-poller.service 常驻(systemctl enable --now wx-finance-poller)
|
||||
"""
|
||||
from __future__ import annotations
|
||||
|
||||
import json
|
||||
import logging
|
||||
import signal
|
||||
import time
|
||||
from pathlib import Path
|
||||
|
||||
import httpx
|
||||
|
||||
from app.core.config import settings
|
||||
from app.core.logging import setup_logging
|
||||
from app.integrations.wx_finance_sdk import WxFinanceError, WxFinanceSdk
|
||||
|
||||
logger = logging.getLogger("shagua.wx_finance_poller")
|
||||
|
||||
_stop = False
|
||||
|
||||
|
||||
def _on_signal(_signum: int, _frame: object) -> None:
|
||||
global _stop
|
||||
_stop = True
|
||||
|
||||
|
||||
def _load_seq() -> int:
|
||||
try:
|
||||
return int(Path(settings.WX_FINANCE_SEQ_FILE).read_text().strip() or "0")
|
||||
except Exception:
|
||||
return 0
|
||||
|
||||
|
||||
def _save_seq(seq: int) -> None:
|
||||
try:
|
||||
p = Path(settings.WX_FINANCE_SEQ_FILE)
|
||||
p.parent.mkdir(parents=True, exist_ok=True)
|
||||
p.write_text(str(seq))
|
||||
except Exception:
|
||||
logger.exception("seq 持久化失败")
|
||||
|
||||
|
||||
def _notify(client: httpx.Client, source: str, kind: str) -> None:
|
||||
"""POST 内部端点让 app-server 打信号(set_pending 在 app-server 进程内存)。"""
|
||||
url = f"{settings.WX_FINANCE_INTERNAL_URL.rstrip('/')}/internal/wx-finance/pending"
|
||||
try:
|
||||
resp = client.post(
|
||||
url,
|
||||
json={"source": source, "kind": kind},
|
||||
headers={"X-Internal-Secret": settings.INTERNAL_API_SECRET},
|
||||
timeout=10,
|
||||
)
|
||||
logger.info("notify app-server (%s) → %s", kind, resp.status_code)
|
||||
except Exception:
|
||||
logger.exception("notify app-server 失败")
|
||||
|
||||
|
||||
def _resolve_source(msg: dict) -> str:
|
||||
"""从 weapp 小程序卡判源平台代号(= app-server _SOURCE_PACKAGES 的 key)。
|
||||
|
||||
会话存档 weapp 结构里 username(gh_id)/appid/pagepath/title 任一含平台特征即判定:
|
||||
先按关键词启发式(覆盖大多数);认不出 → 默认 meituan(过渡期不阻断)+ WARNING,
|
||||
并把整个 weapp 结构打进日志,便于照真实 username/appid 精确补规则。
|
||||
"""
|
||||
weapp = msg.get("weapp") or {}
|
||||
blob = json.dumps(weapp, ensure_ascii=False).lower()
|
||||
# 排障日志:打全 weapp 结构(顺带 msg 顶层 key,防结构不在 weapp 下),便于补/改判定规则
|
||||
logger.info("weapp 判源: msg_keys=%s weapp=%s", list(msg.keys()), blob[:1500])
|
||||
if any(k in blob for k in ("jingdong", "jd.com", "jddj", "京东")):
|
||||
return "jd"
|
||||
if any(k in blob for k in ("meituan", "sankuai", "美团")):
|
||||
return "meituan"
|
||||
logger.warning("weapp 源平台未识别, 暂默认 meituan;见上一行结构日志补 _resolve_source 规则")
|
||||
return "meituan"
|
||||
|
||||
|
||||
def _handle(client: httpx.Client, msg: dict) -> None:
|
||||
"""明文消息:外部用户(from≠接收成员)发来的 weapp/image → 通知 app-server 打信号。"""
|
||||
msgtype = msg.get("msgtype") or ""
|
||||
frm = msg.get("from") or ""
|
||||
receiver = settings.WX_FINANCE_RECEIVER_USERID
|
||||
if receiver and frm == receiver:
|
||||
return # 成员自己发的, 跳过
|
||||
if msgtype not in ("weapp", "image"):
|
||||
return
|
||||
# weapp 卡片按小程序判源平台;image(截图)判不出平台,沿用 meituan。
|
||||
source = _resolve_source(msg) if msgtype == "weapp" else "meituan"
|
||||
logger.info("命中触发 from=%s type=%s source=%s", frm, msgtype, source)
|
||||
_notify(client, source, msgtype)
|
||||
|
||||
|
||||
def main() -> None:
|
||||
setup_logging(debug=settings.APP_DEBUG)
|
||||
if not settings.wx_finance_configured:
|
||||
logger.warning("WX_FINANCE 未配齐(ENABLED/corpid/存档Secret), poller 退出")
|
||||
return
|
||||
if not settings.INTERNAL_API_SECRET:
|
||||
logger.error("INTERNAL_API_SECRET 未配置, poller 无法通知 app-server, 退出")
|
||||
return
|
||||
signal.signal(signal.SIGTERM, _on_signal)
|
||||
signal.signal(signal.SIGINT, _on_signal)
|
||||
|
||||
sdk = WxFinanceSdk(
|
||||
settings.WX_FINANCE_SDK_PATH,
|
||||
settings.WX_KF_CORP_ID,
|
||||
settings.WX_FINANCE_SECRET,
|
||||
Path(settings.WX_FINANCE_PRIVATE_KEY_PATH).read_bytes(),
|
||||
)
|
||||
seq = _load_seq()
|
||||
logger.info(
|
||||
"wx_finance poller 启动, 从 seq=%d 轮询, 间隔 %ss", seq, settings.WX_FINANCE_POLL_INTERVAL_SEC
|
||||
)
|
||||
with httpx.Client() as client:
|
||||
while not _stop:
|
||||
try:
|
||||
msgs = sdk.get_chat_data(seq, limit=1000)
|
||||
if msgs:
|
||||
logger.info("拉到 %d 条(seq>%d)", len(msgs), seq)
|
||||
for item in msgs:
|
||||
try:
|
||||
plain = sdk.decrypt(item["encrypt_random_key"], item["encrypt_chat_msg"])
|
||||
_handle(client, plain)
|
||||
except Exception:
|
||||
logger.exception("解密/处理单条失败 seq=%s", item.get("seq"))
|
||||
seq = max(seq, int(item.get("seq", seq)))
|
||||
if msgs:
|
||||
_save_seq(seq)
|
||||
except WxFinanceError:
|
||||
logger.exception("GetChatData 出错")
|
||||
except Exception:
|
||||
logger.exception("轮询异常")
|
||||
# 可打断的 sleep:按 ≤0.5s 分片, 支持亚秒间隔(如 0.5s), 收到 SIGTERM 尽快退
|
||||
interval = max(0.1, settings.WX_FINANCE_POLL_INTERVAL_SEC)
|
||||
step = min(0.5, interval)
|
||||
slept = 0.0
|
||||
while slept < interval and not _stop:
|
||||
time.sleep(step)
|
||||
slept += step
|
||||
sdk.close()
|
||||
logger.info("wx_finance poller 已停止")
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
@@ -0,0 +1,45 @@
|
||||
"""会话存档 SDK 连通性探针 —— 上 worker 前,在【云服务器】单独验证整条链路是否打通。
|
||||
|
||||
在 /opt/shaguabijia-app-server 下跑: .venv/bin/python scripts/wx_finance_probe.py
|
||||
|
||||
依次验证:加载 .so → NewSdk/Init(corpid+存档Secret+可信IP)→ GetChatData(0)→ 试解第一条。
|
||||
只读、不写任何比价信号。任一步报错都会明确指出卡在哪(便于逐项排:.so 缺依赖 / Init 失败 /
|
||||
可信IP 没放行 / 私钥不匹配)。全绿了再把 WX_FINANCE_ENABLED 置 true 上 worker。
|
||||
"""
|
||||
from __future__ import annotations
|
||||
|
||||
from pathlib import Path
|
||||
|
||||
from app.core.config import settings
|
||||
from app.integrations.wx_finance_sdk import WxFinanceSdk
|
||||
|
||||
|
||||
def main() -> None:
|
||||
print(f"[cfg] sdk_path = {settings.WX_FINANCE_SDK_PATH}")
|
||||
print(f"[cfg] corpid = {settings.WX_KF_CORP_ID}")
|
||||
print(f"[cfg] secret_set = {bool(settings.WX_FINANCE_SECRET)}")
|
||||
print(f"[cfg] privkey = {settings.WX_FINANCE_PRIVATE_KEY_PATH}")
|
||||
|
||||
sdk = WxFinanceSdk(
|
||||
settings.WX_FINANCE_SDK_PATH,
|
||||
settings.WX_KF_CORP_ID,
|
||||
settings.WX_FINANCE_SECRET,
|
||||
Path(settings.WX_FINANCE_PRIVATE_KEY_PATH).read_bytes(),
|
||||
)
|
||||
print("[1] 加载 .so + Init 成功")
|
||||
|
||||
msgs = sdk.get_chat_data(0, limit=100)
|
||||
print(f"[2] GetChatData(0) 成功, 拉到 {len(msgs)} 条")
|
||||
if msgs:
|
||||
first = msgs[0]
|
||||
print(f" 第一条 seq={first.get('seq')} publickey_ver={first.get('publickey_ver')}")
|
||||
plain = sdk.decrypt(first["encrypt_random_key"], first["encrypt_chat_msg"])
|
||||
print(f"[3] 解密成功, msgtype={plain.get('msgtype')} from={plain.get('from')}")
|
||||
else:
|
||||
print("[3] 暂无历史消息(先让用户加接收成员好友、发条消息, 再跑一次)")
|
||||
sdk.close()
|
||||
print("探针完成:链路全通 ✓")
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
@@ -476,81 +476,3 @@ def test_withdraw_reconcile(admin_client: TestClient, finance_token: str, monkey
|
||||
)
|
||||
assert r.status_code == 200, r.text
|
||||
assert "checked" in r.json() and "resolved" in r.json()
|
||||
|
||||
|
||||
# ===== 提现审核通过 → OPPO 推送挂钩 =====
|
||||
|
||||
def test_approve_triggers_oppo_push(
|
||||
admin_client: TestClient, finance_token: str, monkeypatch
|
||||
) -> None:
|
||||
"""审核通过(非 failed)后触发一次 OPPO 推送, 带被审核单的 user_id。"""
|
||||
uid = _seed_user("13900000021")
|
||||
db = SessionLocal()
|
||||
try:
|
||||
db.add(WithdrawOrder(
|
||||
user_id=uid, out_bill_no="pushapprove0001", amount_cents=100, status="reviewing"
|
||||
))
|
||||
db.commit()
|
||||
finally:
|
||||
db.close()
|
||||
|
||||
from app.admin.routers import withdraw as withdraw_router
|
||||
|
||||
# 绕过真实微信转账: approve 直接把单置 pending 返回(不发 wxpay)
|
||||
def _fake_approve(db, obn):
|
||||
o = db.execute(
|
||||
select(WithdrawOrder).where(WithdrawOrder.out_bill_no == obn)
|
||||
).scalar_one()
|
||||
o.status = "pending"
|
||||
db.commit()
|
||||
return o
|
||||
|
||||
monkeypatch.setattr(withdraw_router.wallet_repo, "approve_withdraw", _fake_approve)
|
||||
pushed: list[int] = []
|
||||
monkeypatch.setattr(
|
||||
withdraw_router.push_notify, "notify_withdraw_approved_async",
|
||||
lambda user_id: pushed.append(user_id),
|
||||
)
|
||||
r = admin_client.post(
|
||||
"/admin/api/withdraws/pushapprove0001/approve", headers=_auth(finance_token)
|
||||
)
|
||||
assert r.status_code == 200, r.text
|
||||
assert pushed == [uid]
|
||||
|
||||
|
||||
def test_approve_failed_does_not_push(
|
||||
admin_client: TestClient, finance_token: str, monkeypatch
|
||||
) -> None:
|
||||
"""打款直接失败(status=failed, 已退款)不推"审核通过"。"""
|
||||
uid = _seed_user("13900000022")
|
||||
db = SessionLocal()
|
||||
try:
|
||||
db.add(WithdrawOrder(
|
||||
user_id=uid, out_bill_no="pushapprove0002", amount_cents=100, status="reviewing"
|
||||
))
|
||||
db.commit()
|
||||
finally:
|
||||
db.close()
|
||||
|
||||
from app.admin.routers import withdraw as withdraw_router
|
||||
|
||||
def _fake_approve_failed(db, obn):
|
||||
o = db.execute(
|
||||
select(WithdrawOrder).where(WithdrawOrder.out_bill_no == obn)
|
||||
).scalar_one()
|
||||
o.status = "failed"
|
||||
o.fail_reason = "余额不足"
|
||||
db.commit()
|
||||
return o
|
||||
|
||||
monkeypatch.setattr(withdraw_router.wallet_repo, "approve_withdraw", _fake_approve_failed)
|
||||
pushed: list[int] = []
|
||||
monkeypatch.setattr(
|
||||
withdraw_router.push_notify, "notify_withdraw_approved_async",
|
||||
lambda user_id: pushed.append(user_id),
|
||||
)
|
||||
r = admin_client.post(
|
||||
"/admin/api/withdraws/pushapprove0002/approve", headers=_auth(finance_token)
|
||||
)
|
||||
assert r.status_code == 200, r.text
|
||||
assert pushed == []
|
||||
|
||||
@@ -1,101 +0,0 @@
|
||||
"""oppo_push 集成层单测:未配降级 / auth+unicast 正常流程 / token 缓存 / OPPO 错误码抛错。
|
||||
|
||||
httpx 全 monkeypatch, 不发真实网络。
|
||||
"""
|
||||
from __future__ import annotations
|
||||
|
||||
import json
|
||||
|
||||
import pytest
|
||||
|
||||
from app.integrations import oppo_push
|
||||
from app.integrations.oppo_push import OppoPushError
|
||||
|
||||
|
||||
class _FakeResp:
|
||||
def __init__(self, status_code: int, payload: dict) -> None:
|
||||
self.status_code = status_code
|
||||
self._payload = payload
|
||||
self.text = json.dumps(payload)
|
||||
|
||||
def json(self) -> dict:
|
||||
return self._payload
|
||||
|
||||
|
||||
def _configure(monkeypatch) -> None:
|
||||
"""配齐凭证 + 清 token 缓存(避免跨用例污染)。"""
|
||||
monkeypatch.setattr(oppo_push.settings, "OPPO_PUSH_ENABLED", True)
|
||||
monkeypatch.setattr(oppo_push.settings, "OPPO_PUSH_APP_KEY", "ak")
|
||||
monkeypatch.setattr(oppo_push.settings, "OPPO_PUSH_MASTER_SECRET", "ms")
|
||||
oppo_push._token_cache = None
|
||||
|
||||
|
||||
def test_not_configured_raises(monkeypatch) -> None:
|
||||
monkeypatch.setattr(oppo_push.settings, "OPPO_PUSH_APP_KEY", "")
|
||||
monkeypatch.setattr(oppo_push.settings, "OPPO_PUSH_MASTER_SECRET", "")
|
||||
oppo_push._token_cache = None
|
||||
with pytest.raises(OppoPushError):
|
||||
oppo_push.send_notification("regid", "t", "c")
|
||||
|
||||
|
||||
def test_disabled_raises(monkeypatch) -> None:
|
||||
_configure(monkeypatch)
|
||||
monkeypatch.setattr(oppo_push.settings, "OPPO_PUSH_ENABLED", False)
|
||||
with pytest.raises(OppoPushError):
|
||||
oppo_push.send_notification("regid", "t", "c")
|
||||
|
||||
|
||||
def test_success_flow(monkeypatch) -> None:
|
||||
_configure(monkeypatch)
|
||||
calls: list[tuple] = []
|
||||
|
||||
def _fake_post(url, **kw):
|
||||
calls.append((url, kw))
|
||||
if url == oppo_push.settings.OPPO_PUSH_AUTH_ENDPOINT:
|
||||
return _FakeResp(200, {"code": 0, "message": "success", "data": {"auth_token": "TOK"}})
|
||||
return _FakeResp(200, {"code": 0, "message": "success", "data": {"message_id": "MID"}})
|
||||
|
||||
monkeypatch.setattr(oppo_push.httpx, "post", _fake_post)
|
||||
mid = oppo_push.send_notification("regid123", "标题", "内容")
|
||||
assert mid == "MID"
|
||||
# 先 auth 再 unicast, unicast header 带 auth_token
|
||||
assert calls[0][0] == oppo_push.settings.OPPO_PUSH_AUTH_ENDPOINT
|
||||
assert calls[1][0] == oppo_push.settings.OPPO_PUSH_UNICAST_ENDPOINT
|
||||
assert calls[1][1]["headers"]["auth_token"] == "TOK"
|
||||
# unicast body 的 message 是 JSON 字符串, 含 target_value / notification
|
||||
msg = json.loads(calls[1][1]["data"]["message"])
|
||||
assert msg["target_value"] == "regid123"
|
||||
assert msg["notification"]["title"] == "标题"
|
||||
assert msg["notification"]["content"] == "内容"
|
||||
# channel_id 必带(默认 shagua_wallet); category 默认空 → 不带
|
||||
assert msg["notification"]["channel_id"] == "push_oplus_category_content"
|
||||
assert "category" not in msg["notification"]
|
||||
|
||||
|
||||
def test_auth_token_cached(monkeypatch) -> None:
|
||||
_configure(monkeypatch)
|
||||
auth_hits: list[int] = []
|
||||
|
||||
def _fake_post(url, **kw):
|
||||
if url == oppo_push.settings.OPPO_PUSH_AUTH_ENDPOINT:
|
||||
auth_hits.append(1)
|
||||
return _FakeResp(200, {"code": 0, "data": {"auth_token": "TOK"}})
|
||||
return _FakeResp(200, {"code": 0, "data": {"message_id": "MID"}})
|
||||
|
||||
monkeypatch.setattr(oppo_push.httpx, "post", _fake_post)
|
||||
oppo_push.send_notification("r", "t", "c")
|
||||
oppo_push.send_notification("r", "t", "c")
|
||||
assert len(auth_hits) == 1 # 第二次复用缓存 token, 不再换 auth
|
||||
|
||||
|
||||
def test_oppo_error_raises(monkeypatch) -> None:
|
||||
_configure(monkeypatch)
|
||||
|
||||
def _fake_post(url, **kw):
|
||||
if url == oppo_push.settings.OPPO_PUSH_AUTH_ENDPOINT:
|
||||
return _FakeResp(200, {"code": 0, "data": {"auth_token": "TOK"}})
|
||||
return _FakeResp(200, {"code": -2, "message": "invalid target"})
|
||||
|
||||
monkeypatch.setattr(oppo_push.httpx, "post", _fake_post)
|
||||
with pytest.raises(OppoPushError):
|
||||
oppo_push.send_notification("r", "t", "c")
|
||||
@@ -1,70 +0,0 @@
|
||||
"""push_notify.notify_withdraw_approved 单测:多 OPPO 设备全推 / 无设备返 0 / 发送失败吞错。"""
|
||||
from __future__ import annotations
|
||||
|
||||
from app.db.session import SessionLocal
|
||||
from app.integrations.oppo_push import OppoPushError
|
||||
from app.repositories import device as device_repo
|
||||
from app.repositories import user as user_repo
|
||||
from app.services import push_notify
|
||||
|
||||
|
||||
def _seed_user(phone: str) -> int:
|
||||
db = SessionLocal()
|
||||
try:
|
||||
return user_repo.upsert_user_for_login(db, phone=phone, register_channel="sms").id
|
||||
finally:
|
||||
db.close()
|
||||
|
||||
|
||||
def _add_oppo_device(user_id: int, device_id: str, oppo_reg: str) -> None:
|
||||
db = SessionLocal()
|
||||
try:
|
||||
device_repo.register_or_update(
|
||||
db, user_id=user_id, device_id=device_id,
|
||||
registration_id=None, oppo_register_id=oppo_reg,
|
||||
)
|
||||
finally:
|
||||
db.close()
|
||||
|
||||
|
||||
def test_notify_no_oppo_device_returns_zero() -> None:
|
||||
uid = _seed_user("13911100001")
|
||||
db = SessionLocal()
|
||||
try:
|
||||
assert push_notify.notify_withdraw_approved(db, user_id=uid) == 0
|
||||
finally:
|
||||
db.close()
|
||||
|
||||
|
||||
def test_notify_pushes_all_oppo_devices(monkeypatch) -> None:
|
||||
uid = _seed_user("13911100002")
|
||||
_add_oppo_device(uid, "dev_a", "OPPO_REG_A")
|
||||
_add_oppo_device(uid, "dev_b", "OPPO_REG_B")
|
||||
sent: list[str] = []
|
||||
monkeypatch.setattr(
|
||||
push_notify.oppo_push, "send_notification",
|
||||
lambda rid, title, content, **kw: sent.append(rid) or "msgid",
|
||||
)
|
||||
db = SessionLocal()
|
||||
try:
|
||||
n = push_notify.notify_withdraw_approved(db, user_id=uid)
|
||||
finally:
|
||||
db.close()
|
||||
assert n == 2
|
||||
assert set(sent) == {"OPPO_REG_A", "OPPO_REG_B"}
|
||||
|
||||
|
||||
def test_notify_swallows_send_error(monkeypatch) -> None:
|
||||
uid = _seed_user("13911100003")
|
||||
_add_oppo_device(uid, "dev_c", "OPPO_REG_C")
|
||||
|
||||
def _boom(rid, title, content, **kw):
|
||||
raise OppoPushError("simulated failure")
|
||||
|
||||
monkeypatch.setattr(push_notify.oppo_push, "send_notification", _boom)
|
||||
db = SessionLocal()
|
||||
try:
|
||||
# 发送失败被吞, 不抛; 成功数为 0
|
||||
assert push_notify.notify_withdraw_approved(db, user_id=uid) == 0
|
||||
finally:
|
||||
db.close()
|
||||
Reference in New Issue
Block a user