🎨 #3873 【企业微信】修复会话存档API使用错误secret导致权限异常的问题

Author: Copilot

weixin-java-cp/src/main/java/me/chanjar/weixin/cp/api/WxCpService.java

@@ -57,6 +57,19 @@ public interface WxCpService extends WxService {
    */
   String getAccessToken(boolean forceRefresh) throws WxErrorException;
 
+  /**
+   * <pre>
+   * 获取会话存档access_token，本方法线程安全
+   * 会话存档相关接口需要使用会话存档secret获取单独的access_token
+   * 详情请见: https://developer.work.weixin.qq.com/document/path/91782
+   * </pre>
+   *
+   * @param forceRefresh 强制刷新
+   * @return 会话存档专用的access token
+   * @throws WxErrorException the wx error exception
+   */
+  String getMsgAuditAccessToken(boolean forceRefresh) throws WxErrorException;
+
   /**
    * 获得jsapi_ticket,不强制刷新jsapi_ticket
    *
@@ -194,6 +207,19 @@ public interface WxCpService extends WxService {
    */
   String postWithoutToken(String url, String postData) throws WxErrorException;
 
+  /**
+   * <pre>
+   * 使用会话存档access token发起post请求
+   * 会话存档相关API需要使用会话存档专用的secret获取独立的access token
+   * </pre>
+   *
+   * @param url      接口地址
+   * @param postData 请求body字符串
+   * @return the string
+   * @throws WxErrorException the wx error exception
+   */
+  String postForMsgAudit(String url, String postData) throws WxErrorException;
+
   /**
    * <pre>
    * Service没有实现某个API的时候，可以用这个，

weixin-java-cp/src/main/java/me/chanjar/weixin/cp/api/impl/BaseWxCpServiceImpl.java

@@ -302,6 +302,16 @@ public String postWithoutToken(String url, String postData) throws WxErrorExcept
     return this.executeNormal(SimplePostRequestExecutor.create(this), url, postData);
   }
 
+  @Override
+  public String postForMsgAudit(String url, String postData) throws WxErrorException {
+    // 获取会话存档专用的access token
+    String msgAuditAccessToken = getMsgAuditAccessToken(false);
+    // 拼接access_token参数
+    String urlWithToken = url + (url.contains("?") ? "&" : "?") + "access_token=" + msgAuditAccessToken;
+    // 使用executeNormal方法，不自动添加token
+    return this.executeNormal(SimplePostRequestExecutor.create(this), urlWithToken, postData);
+  }
+
   /**
    * 向微信端发送请求，在这里执行的策略是当发生access_token过期时才去刷新，然后重新执行请求，而不是全局定时请求.
    */

weixin-java-cp/src/main/java/me/chanjar/weixin/cp/api/impl/WxCpMsgAuditServiceImpl.java

@@ -302,7 +302,7 @@ public List<String> getPermitUserList(Integer type) throws WxErrorException {
     if (type != null) {
       jsonObject.addProperty("type", type);
     }
-    String responseContent = this.cpService.post(apiUrl, jsonObject.toString());
+    String responseContent = this.cpService.postForMsgAudit(apiUrl, jsonObject.toString());
     return WxCpGsonBuilder.create().fromJson(GsonParser.parse(responseContent).getAsJsonArray("ids"),
       new TypeToken<List<String>>() {
       }.getType());
@@ -313,14 +313,14 @@ public WxCpGroupChat getGroupChat(@NonNull String roomid) throws WxErrorExceptio
     final String apiUrl = this.cpService.getWxCpConfigStorage().getApiUrl(GET_GROUP_CHAT);
     JsonObject jsonObject = new JsonObject();
     jsonObject.addProperty("roomid", roomid);
-    String responseContent = this.cpService.post(apiUrl, jsonObject.toString());
+    String responseContent = this.cpService.postForMsgAudit(apiUrl, jsonObject.toString());
     return WxCpGroupChat.fromJson(responseContent);
   }
 
   @Override
   public WxCpAgreeInfo checkSingleAgree(@NonNull WxCpCheckAgreeRequest checkAgreeRequest) throws WxErrorException {
     String apiUrl = this.cpService.getWxCpConfigStorage().getApiUrl(CHECK_SINGLE_AGREE);
-    String responseContent = this.cpService.post(apiUrl, checkAgreeRequest.toJson());
+    String responseContent = this.cpService.postForMsgAudit(apiUrl, checkAgreeRequest.toJson());
     return WxCpAgreeInfo.fromJson(responseContent);
   }
 

weixin-java-cp/src/main/java/me/chanjar/weixin/cp/api/impl/WxCpServiceApacheHttpClientImpl.java

@@ -17,6 +17,7 @@
 import org.apache.http.impl.client.CloseableHttpClient;
 
 import java.io.IOException;
+import java.util.concurrent.locks.Lock;
 
 /**
  * The type Wx cp service apache http client.
@@ -74,6 +75,51 @@ public String getAccessToken(boolean forceRefresh) throws WxErrorException {
     return this.configStorage.getAccessToken();
   }
 
+  @Override
+  public String getMsgAuditAccessToken(boolean forceRefresh) throws WxErrorException {
+    if (!this.configStorage.isMsgAuditAccessTokenExpired() && !forceRefresh) {
+      return this.configStorage.getMsgAuditAccessToken();
+    }
+
+    Lock lock = this.configStorage.getMsgAuditAccessTokenLock();
+    lock.lock();
+    try {
+      // 拿到锁之后，再次判断一下最新的token是否过期，避免重刷
+      if (!this.configStorage.isMsgAuditAccessTokenExpired() && !forceRefresh) {
+        return this.configStorage.getMsgAuditAccessToken();
+      }
+      // 使用会话存档secret获取access_token
+      String msgAuditSecret = this.configStorage.getMsgAuditSecret();
+      if (msgAuditSecret == null || msgAuditSecret.trim().isEmpty()) {
+        throw new WxErrorException("会话存档secret未配置");
+      }
+      String url = String.format(this.configStorage.getApiUrl(WxCpApiPathConsts.GET_TOKEN),
+        this.configStorage.getCorpId(), msgAuditSecret);
+
+      try {
+        HttpGet httpGet = new HttpGet(url);
+        if (this.httpProxy != null) {
+          RequestConfig config = RequestConfig.custom()
+            .setProxy(this.httpProxy).build();
+          httpGet.setConfig(config);
+        }
+        String resultContent = getRequestHttpClient().execute(httpGet, ApacheBasicResponseHandler.INSTANCE);
+        WxError error = WxError.fromJson(resultContent, WxType.CP);
+        if (error.getErrorCode() != 0) {
+          throw new WxErrorException(error);
+        }
+
+        WxAccessToken accessToken = WxAccessToken.fromJson(resultContent);
+        this.configStorage.updateMsgAuditAccessToken(accessToken.getAccessToken(), accessToken.getExpiresIn());
+      } catch (IOException e) {
+        throw new WxRuntimeException(e);
+      }
+    } finally {
+      lock.unlock();
+    }
+    return this.configStorage.getMsgAuditAccessToken();
+  }
+
   @Override
   public void initHttp() {
     ApacheHttpClientBuilder apacheHttpClientBuilder = this.configStorage

weixin-java-cp/src/main/java/me/chanjar/weixin/cp/api/impl/WxCpServiceHttpComponentsImpl.java

@@ -17,6 +17,7 @@
 import org.apache.hc.core5.http.HttpHost;
 
 import java.io.IOException;
+import java.util.concurrent.locks.Lock;
 
 /**
  * The type Wx cp service apache http client.
@@ -75,6 +76,51 @@ public String getAccessToken(boolean forceRefresh) throws WxErrorException {
     return this.configStorage.getAccessToken();
   }
 
+  @Override
+  public String getMsgAuditAccessToken(boolean forceRefresh) throws WxErrorException {
+    if (!this.configStorage.isMsgAuditAccessTokenExpired() && !forceRefresh) {
+      return this.configStorage.getMsgAuditAccessToken();
+    }
+
+    Lock lock = this.configStorage.getMsgAuditAccessTokenLock();
+    lock.lock();
+    try {
+      // 拿到锁之后，再次判断一下最新的token是否过期，避免重刷
+      if (!this.configStorage.isMsgAuditAccessTokenExpired() && !forceRefresh) {
+        return this.configStorage.getMsgAuditAccessToken();
+      }
+      // 使用会话存档secret获取access_token
+      String msgAuditSecret = this.configStorage.getMsgAuditSecret();
+      if (msgAuditSecret == null || msgAuditSecret.trim().isEmpty()) {
+        throw new WxErrorException("会话存档secret未配置");
+      }
+      String url = String.format(this.configStorage.getApiUrl(WxCpApiPathConsts.GET_TOKEN),
+        this.configStorage.getCorpId(), msgAuditSecret);
+
+      try {
+        HttpGet httpGet = new HttpGet(url);
+        if (this.httpProxy != null) {
+          RequestConfig config = RequestConfig.custom()
+            .setProxy(this.httpProxy).build();
+          httpGet.setConfig(config);
+        }
+        String resultContent = getRequestHttpClient().execute(httpGet, BasicResponseHandler.INSTANCE);
+        WxError error = WxError.fromJson(resultContent, WxType.CP);
+        if (error.getErrorCode() != 0) {
+          throw new WxErrorException(error);
+        }
+
+        WxAccessToken accessToken = WxAccessToken.fromJson(resultContent);
+        this.configStorage.updateMsgAuditAccessToken(accessToken.getAccessToken(), accessToken.getExpiresIn());
+      } catch (IOException e) {
+        throw new WxRuntimeException(e);
+      }
+    } finally {
+      lock.unlock();
+    }
+    return this.configStorage.getMsgAuditAccessToken();
+  }
+
   @Override
   public void initHttp() {
     HttpComponentsClientBuilder apacheHttpClientBuilder = DefaultHttpComponentsClientBuilder.get();

weixin-java-cp/src/main/java/me/chanjar/weixin/cp/api/impl/WxCpServiceImpl.java

@@ -70,6 +70,49 @@ public String getAccessToken(boolean forceRefresh) throws WxErrorException {
     return configStorage.getAccessToken();
   }
 
+  @Override
+  public String getMsgAuditAccessToken(boolean forceRefresh) throws WxErrorException {
+    final WxCpConfigStorage configStorage = getWxCpConfigStorage();
+    if (!configStorage.isMsgAuditAccessTokenExpired() && !forceRefresh) {
+      return configStorage.getMsgAuditAccessToken();
+    }
+    Lock lock = configStorage.getMsgAuditAccessTokenLock();
+    lock.lock();
+    try {
+      // 拿到锁之后，再次判断一下最新的token是否过期，避免重刷
+      if (!configStorage.isMsgAuditAccessTokenExpired() && !forceRefresh) {
+        return configStorage.getMsgAuditAccessToken();
+      }
+      // 使用会话存档secret获取access_token
+      String msgAuditSecret = configStorage.getMsgAuditSecret();
+      if (msgAuditSecret == null || msgAuditSecret.trim().isEmpty()) {
+        throw new WxErrorException("会话存档secret未配置");
+      }
+      String url = String.format(configStorage.getApiUrl(WxCpApiPathConsts.GET_TOKEN),
+        this.configStorage.getCorpId(), msgAuditSecret);
+      try {
+        HttpGet httpGet = new HttpGet(url);
+        if (getRequestHttpProxy() != null) {
+          RequestConfig config = RequestConfig.custom().setProxy(getRequestHttpProxy()).build();
+          httpGet.setConfig(config);
+        }
+        String resultContent = getRequestHttpClient().execute(httpGet, ApacheBasicResponseHandler.INSTANCE);
+        WxError error = WxError.fromJson(resultContent, WxType.CP);
+        if (error.getErrorCode() != 0) {
+          throw new WxErrorException(error);
+        }
+
+        WxAccessToken accessToken = WxAccessToken.fromJson(resultContent);
+        configStorage.updateMsgAuditAccessToken(accessToken.getAccessToken(), accessToken.getExpiresIn());
+      } catch (IOException e) {
+        throw new WxRuntimeException(e);
+      }
+    } finally {
+      lock.unlock();
+    }
+    return configStorage.getMsgAuditAccessToken();
+  }
+
   @Override
   public String getAgentJsapiTicket(boolean forceRefresh) throws WxErrorException {
     final WxCpConfigStorage configStorage = getWxCpConfigStorage();

weixin-java-cp/src/main/java/me/chanjar/weixin/cp/api/impl/WxCpServiceJoddHttpImpl.java

@@ -13,6 +13,8 @@
 import me.chanjar.weixin.cp.config.WxCpConfigStorage;
 import me.chanjar.weixin.cp.constant.WxCpApiPathConsts;
 
+import java.util.concurrent.locks.Lock;
+
 /**
  * The type Wx cp service jodd http.
  *
@@ -63,6 +65,45 @@ public String getAccessToken(boolean forceRefresh) throws WxErrorException {
     return this.configStorage.getAccessToken();
   }
 
+  @Override
+  public String getMsgAuditAccessToken(boolean forceRefresh) throws WxErrorException {
+    if (!this.configStorage.isMsgAuditAccessTokenExpired() && !forceRefresh) {
+      return this.configStorage.getMsgAuditAccessToken();
+    }
+
+    Lock lock = this.configStorage.getMsgAuditAccessTokenLock();
+    lock.lock();
+    try {
+      // 拿到锁之后，再次判断一下最新的token是否过期，避免重刷
+      if (!this.configStorage.isMsgAuditAccessTokenExpired() && !forceRefresh) {
+        return this.configStorage.getMsgAuditAccessToken();
+      }
+      // 使用会话存档secret获取access_token
+      String msgAuditSecret = this.configStorage.getMsgAuditSecret();
+      if (msgAuditSecret == null || msgAuditSecret.trim().isEmpty()) {
+        throw new WxErrorException("会话存档secret未配置");
+      }
+      HttpRequest request = HttpRequest.get(String.format(this.configStorage.getApiUrl(WxCpApiPathConsts.GET_TOKEN),
+        this.configStorage.getCorpId(), msgAuditSecret));
+      if (this.httpProxy != null) {
+        httpClient.useProxy(this.httpProxy);
+      }
+      request.withConnectionProvider(httpClient);
+      HttpResponse response = request.send();
+
+      String resultContent = response.bodyText();
+      WxError error = WxError.fromJson(resultContent, WxType.CP);
+      if (error.getErrorCode() != 0) {
+        throw new WxErrorException(error);
+      }
+      WxAccessToken accessToken = WxAccessToken.fromJson(resultContent);
+      this.configStorage.updateMsgAuditAccessToken(accessToken.getAccessToken(), accessToken.getExpiresIn());
+    } finally {
+      lock.unlock();
+    }
+    return this.configStorage.getMsgAuditAccessToken();
+  }
+
   @Override
   public void initHttp() {
     if (this.configStorage.getHttpProxyHost() != null && this.configStorage.getHttpProxyPort() > 0) {

weixin-java-cp/src/main/java/me/chanjar/weixin/cp/api/impl/WxCpServiceOkHttpImpl.java

@@ -12,6 +12,7 @@
 import okhttp3.*;
 
 import java.io.IOException;
+import java.util.concurrent.locks.Lock;
 
 import static me.chanjar.weixin.cp.constant.WxCpApiPathConsts.GET_TOKEN;
 
@@ -74,6 +75,52 @@ public String getAccessToken(boolean forceRefresh) throws WxErrorException {
     return this.configStorage.getAccessToken();
   }
 
+  @Override
+  public String getMsgAuditAccessToken(boolean forceRefresh) throws WxErrorException {
+    if (!this.configStorage.isMsgAuditAccessTokenExpired() && !forceRefresh) {
+      return this.configStorage.getMsgAuditAccessToken();
+    }
+
+    Lock lock = this.configStorage.getMsgAuditAccessTokenLock();
+    lock.lock();
+    try {
+      // 拿到锁之后，再次判断一下最新的token是否过期，避免重刷
+      if (!this.configStorage.isMsgAuditAccessTokenExpired() && !forceRefresh) {
+        return this.configStorage.getMsgAuditAccessToken();
+      }
+      // 使用会话存档secret获取access_token
+      String msgAuditSecret = this.configStorage.getMsgAuditSecret();
+      if (msgAuditSecret == null || msgAuditSecret.trim().isEmpty()) {
+        throw new WxErrorException("会话存档secret未配置");
+      }
+      //得到httpClient
+      OkHttpClient client = getRequestHttpClient();
+      //请求的request
+      Request request = new Request.Builder()
+        .url(String.format(this.configStorage.getApiUrl(GET_TOKEN), this.configStorage.getCorpId(),
+          msgAuditSecret))
+        .get()
+        .build();
+      String resultContent = null;
+      try (Response response = client.newCall(request).execute()) {
+        resultContent = response.body().string();
+      } catch (IOException e) {
+        log.error(e.getMessage(), e);
+      }
+
+      WxError error = WxError.fromJson(resultContent, WxType.CP);
+      if (error.getErrorCode() != 0) {
+        throw new WxErrorException(error);
+      }
+      WxAccessToken accessToken = WxAccessToken.fromJson(resultContent);
+      this.configStorage.updateMsgAuditAccessToken(accessToken.getAccessToken(),
+        accessToken.getExpiresIn());
+    } finally {
+      lock.unlock();
+    }
+    return this.configStorage.getMsgAuditAccessToken();
+  }
+
   @Override
   public void initHttp() {
     log.debug("WxCpServiceOkHttpImpl initHttp");