fusenapi/server/feishu-sync/internal/logic/webhooklogic.go

package logic

import (
	"context"
	"crypto/sha256"
	"encoding/json"
	"fmt"
	"io"
	"net/http"
	"strings"

	"fusenapi/server/feishu-sync/internal/svc"
	"github.com/zeromicro/go-zero/core/logx"
)

type WebhookLogic struct {
	logx.Logger
	ctx    context.Context
	svcCtx *svc.ServiceContext
}

func NewWebhookLogic(ctx context.Context, svcCtx *svc.ServiceContext) *WebhookLogic {
	return &WebhookLogic{
		Logger: logx.WithContext(ctx),
		ctx:    ctx,
		svcCtx: svcCtx,
	}
}

type EncryptWebhookMsg struct {
	Encrypt string `json:"encrypt"` //加密的消息
}
type WebhookMsg struct {
	Type      string                 `json:"type"`
	Challenge string                 `json:"challenge"`
	Header    map[string]interface{} `json:"header"`
	Event     map[string]interface{} `json:"event"`
}

// webhook消息事件header(body参数)基础信息
type BaseWebhookMsgHeaderType struct {
	EventId    string `json:"event_id"`    //事件id(可作为消息唯一性确认)
	EventType  string `json:"event_type"`  //事件类型
	CreateTime string `json:"create_time"` //创建时间
	Token      string `json:"token"`       //事件token
	AppId      string `json:"app_id"`      //app id
	TenantKey  string `json:"tenant_key"`  //租户key
}

func (l *WebhookLogic) Webhook(w http.ResponseWriter, r *http.Request) {
	bodyBytes, err := io.ReadAll(r.Body)
	if err != nil {
		logx.Error("读取请求body失败", err)
		return
	}
	//计算签名
	timestamp := r.Header.Get("X-Lark-Request-Timestamp")
	nonce := r.Header.Get("X-Lark-Request-Nonce")
	encryptKey := "DmiHQ2bHhKiR3KK4tIjLShbs13eErxKA"
	signature := r.Header.Get("X-Lark-Signature")
	sign := l.calculateSignature(timestamp, nonce, encryptKey, bodyBytes)
	if signature != sign {
		logx.Error("非法的消息，签名验证不通过", sign, "====", signature)
		return
	}
	defer r.Body.Close()
	//如果只是验证http连接的消息
	var webhookMsg WebhookMsg
	if err = json.Unmarshal(bodyBytes, &webhookMsg); err != nil {
		logx.Error("反序列化请求body失败", err)
		return
	}
	//验证连接(直接返回)
	if webhookMsg.Type == "url_verification" {
		challengeRsp := map[string]string{
			"challenge": webhookMsg.Challenge,
		}
		b, _ := json.Marshal(challengeRsp)
		w.Write(b)
		return
	}

	headerByte, err := json.Marshal(webhookMsg.Header)
	if err != nil {
		logx.Error("序列化请求体header失败:", err)
		return
	}
	var msgHeader BaseWebhookMsgHeaderType
	if err = json.Unmarshal(headerByte, &msgHeader); err != nil {
		logx.Error("反序列化请求体中的header失败", err)
		return
	}
	switch msgHeader.EventType {
	case "contact.custom_attr_event.updated_v3": //成员字段管理属性变更事件
	case "contact.department.created_v3": //部门新建
	case "contact.department.deleted_v3": //部门删除
	case "contact.department.updated_v3": //部门信息变化
	case "contact.employee_type_enum.actived_v3": //启动人员类型事件
	case "contact.employee_type_enum.created_v3": //新建人员类型事件
	case "contact.employee_type_enum.deactivated_v3": //停用人员类型事件
	case "contact.employee_type_enum.deleted_v3": //删除人员类型事件
	case "contact.employee_type_enum.updated_v3": //修改人员类型名称事件
	case "contact.scope.updated_v3": //通讯录范围权限被更新
	case "contact.user.created_v3": //员工入职
	case "contact.user.deleted_v3": //员工离职
	case "contact.user.updated_v3": //员工信息变化

	}
	return
}

// 计算签名
func (l *WebhookLogic) calculateSignature(timestamp, nonce, encryptKey string, body []byte) string {
	var b strings.Builder
	b.WriteString(timestamp)
	b.WriteString(nonce)
	b.WriteString(encryptKey)
	b.Write(body) //bodystring 指整个请求体，不要在反序列化后再计算
	bs := []byte(b.String())
	h := sha256.New()
	h.Write(bs)
	bs = h.Sum(nil)
	sig := fmt.Sprintf("%x", bs)
	return sig
}
fix 2023-11-06 07:19:14 +00:00			`package logic`

			`import (`
fix 2023-11-07 03:06:04 +00:00			`"context"`
			`"crypto/sha256"`
fix 2023-11-06 10:25:37 +00:00			`"encoding/json"`
fix 2023-11-07 03:23:30 +00:00			`"fmt"`
fix 2023-11-07 02:16:20 +00:00			`"io"`
			`"net/http"`
fix 2023-11-07 03:23:30 +00:00			`"strings"`
fix 2023-11-06 07:19:14 +00:00
			`"fusenapi/server/feishu-sync/internal/svc"`
			`"github.com/zeromicro/go-zero/core/logx"`
			`)`

			`type WebhookLogic struct {`
			`logx.Logger`
			`ctx context.Context`
			`svcCtx *svc.ServiceContext`
			`}`

			`func NewWebhookLogic(ctx context.Context, svcCtx svc.ServiceContext) WebhookLogic {`
			`return &WebhookLogic{`
			`Logger: logx.WithContext(ctx),`
			`ctx: ctx,`
			`svcCtx: svcCtx,`
			`}`
			`}`

fix 2023-11-07 02:46:55 +00:00			`type EncryptWebhookMsg struct {`
			Encrypt string `json:"encrypt"` //加密的消息
			`}`
fix 2023-11-07 02:16:20 +00:00			`type WebhookMsg struct {`
			Type string `json:"type"`
			Challenge string `json:"challenge"`
			Header map[string]interface{} `json:"header"`
			Event map[string]interface{} `json:"event"`
			`}`

			`// webhook消息事件header(body参数)基础信息`
fix 2023-11-06 10:25:37 +00:00			`type BaseWebhookMsgHeaderType struct {`
			EventId string `json:"event_id"` //事件id(可作为消息唯一性确认)
			EventType string `json:"event_type"` //事件类型
			CreateTime string `json:"create_time"` //创建时间
			Token string `json:"token"` //事件token
			AppId string `json:"app_id"` //app id
			TenantKey string `json:"tenant_key"` //租户key
			`}`
fix 2023-11-06 07:19:14 +00:00
fix 2023-11-07 02:16:20 +00:00			`func (l WebhookLogic) Webhook(w http.ResponseWriter, r http.Request) {`
			`bodyBytes, err := io.ReadAll(r.Body)`
			`if err != nil {`
			`logx.Error("读取请求body失败", err)`
			`return`
fix 2023-11-06 10:25:37 +00:00			`}`
fix 2023-11-07 03:23:30 +00:00			`//计算签名`
			`timestamp := r.Header.Get("X-Lark-Request-Timestamp")`
			`nonce := r.Header.Get("X-Lark-Request-Nonce")`
			`encryptKey := "DmiHQ2bHhKiR3KK4tIjLShbs13eErxKA"`
			`signature := r.Header.Get("X-Lark-Signature")`
			`sign := l.calculateSignature(timestamp, nonce, encryptKey, bodyBytes)`
			`if signature != sign {`
			`logx.Error("非法的消息，签名验证不通过", sign, "====", signature)`
fix 2023-11-07 03:06:04 +00:00			`return`
			`}`
fix 2023-11-07 02:16:20 +00:00			`defer r.Body.Close()`
			`//如果只是验证http连接的消息`
			`var webhookMsg WebhookMsg`
			`if err = json.Unmarshal(bodyBytes, &webhookMsg); err != nil {`
			`logx.Error("反序列化请求body失败", err)`
			`return`
			`}`
			`//验证连接(直接返回)`
			`if webhookMsg.Type == "url_verification" {`
			`challengeRsp := map[string]string{`
			`"challenge": webhookMsg.Challenge,`
			`}`
			`b, _ := json.Marshal(challengeRsp)`
			`w.Write(b)`
			`return`
			`}`

			`headerByte, err := json.Marshal(webhookMsg.Header)`
			`if err != nil {`
			`logx.Error("序列化请求体header失败:", err)`
			`return`
			`}`
			`var msgHeader BaseWebhookMsgHeaderType`
			`if err = json.Unmarshal(headerByte, &msgHeader); err != nil {`
			`logx.Error("反序列化请求体中的header失败", err)`
			`return`
fix 2023-11-06 10:25:37 +00:00			`}`
			`switch msgHeader.EventType {`
			`case "contact.custom_attr_event.updated_v3": //成员字段管理属性变更事件`
			`case "contact.department.created_v3": //部门新建`
			`case "contact.department.deleted_v3": //部门删除`
			`case "contact.department.updated_v3": //部门信息变化`
			`case "contact.employee_type_enum.actived_v3": //启动人员类型事件`
			`case "contact.employee_type_enum.created_v3": //新建人员类型事件`
			`case "contact.employee_type_enum.deactivated_v3": //停用人员类型事件`
			`case "contact.employee_type_enum.deleted_v3": //删除人员类型事件`
			`case "contact.employee_type_enum.updated_v3": //修改人员类型名称事件`
			`case "contact.scope.updated_v3": //通讯录范围权限被更新`
			`case "contact.user.created_v3": //员工入职`
			`case "contact.user.deleted_v3": //员工离职`
			`case "contact.user.updated_v3": //员工信息变化`

			`}`
fix 2023-11-07 02:16:20 +00:00			`return`
fix 2023-11-06 07:19:14 +00:00			`}`

fix 2023-11-07 03:23:30 +00:00			`// 计算签名`
			`func (l *WebhookLogic) calculateSignature(timestamp, nonce, encryptKey string, body []byte) string {`
			`var b strings.Builder`
			`b.WriteString(timestamp)`
			`b.WriteString(nonce)`
			`b.WriteString(encryptKey)`
			`b.Write(body) //bodystring 指整个请求体，不要在反序列化后再计算`
			`bs := []byte(b.String())`
fix 2023-11-07 03:06:04 +00:00			`h := sha256.New()`
fix 2023-11-07 03:23:30 +00:00			`h.Write(bs)`
			`bs = h.Sum(nil)`
			`sig := fmt.Sprintf("%x", bs)`
			`return sig`
fix 2023-11-07 03:06:04 +00:00			`}`