How to achieve complete local debugging of WeChat public accounts through intranet penetration remotely

Preface

In the development of WeChat public accounts, WeChat requires developers to have their own server resources to respond to the token verification sent by WeChat. This server can only be accessed through domain names and cannot be accessed using IP addresses. If you purchase a server and then purchase a domain name, it will It is a relatively large expense. If you can expose the local service and then use the domain name to access it, it will not only simplify the configuration, but also reduce the expense and achieve rapid development.

Fortunately, Cpolar takes care of this for you. Start Cpolar and paste the tunnel URL into the URL field of the WeChat official account docking server, done!

1. Configure local server

Create a local service. Here we take the java service as an example. Environment configuration:

• JDK1.8
• maven
• springboot
• tomcat

According to the requirements in the access guide of WeChat developer documentation, encrypt and compare the get request parameters sent by WeChat.

Write a WeChat verification interface in the springboot service controller, and obtain the parameters passed in by WeChat for processing according to the requirements.

/**
 * 微信服务调用接口
 */
@Controller
@RequestMapping("/wechat")
public class WeChatTest {
    
    

    private static String wxToken="flzabc123";

    @GetMapping("")
    public void weChatTestV(HttpServletRequest request, HttpServletResponse response) {
    
    

        // 1、验证消息的确来自微信服务器
        String signature = request.getParameter("signature");
        String timestamp = request.getParameter("timestamp");
        String nonce = request.getParameter("nonce");
        String echostr = request.getParameter("echostr");

        //将微信echostr返回给微信服务器
        try(OutputStream os = response.getOutputStream()) {
    
    
            String sha1 = getSHA1(wxToken, timestamp, nonce, "");

            //和signature进行对比
            if (sha1.equals(signature)){
    
    
            // 返回echostr给微信
                os.write(URLEncoder.encode(echostr, "UTF-8").getBytes());
                os.flush();
                
            }
        } catch (Exception e) {
    
    
            e.printStackTrace();
        }
    }


    /**
     * 用SHA1算法生成安全签名
     *
     * @param token     票据
     * @param timestamp 时间戳
     * @param nonce     随机字符串
     * @param encrypt   密文
     * @return 安全签名
     * @throws Exception
     */
    public static String getSHA1(String token, String timestamp, String nonce, String encrypt) throws Exception {
    
    
        try {
    
    
            String[] array = new String[]{
    
    token, timestamp, nonce, encrypt};
            StringBuffer sb = new StringBuffer();
            // 字符串排序
            Arrays.sort(array);
            for (int i = 0; i < 4; i++) {
    
    
                sb.append(array[i]);
            }
            String str = sb.toString();
            // SHA1签名生成
            MessageDigest md = MessageDigest.getInstance("SHA-1");
            md.update(str.getBytes());
            byte[] digest = md.digest();
            StringBuffer hexstr = new StringBuffer();
            String shaHex = "";
            for (int i = 0; i < digest.length; i++) {
    
    
                shaHex = Integer.toHexString(digest[i] & 0xFF);
                if (shaHex.length() < 2) {
    
    
                    hexstr.append(0);
                }
                hexstr.append(shaHex);
            }
            return hexstr.toString();
        } catch (Exception e) {
    
    
            e.printStackTrace();
        }
        return "";
    }



}

After writing the interface, start the service and start springboot. The 8080 port is exposed here.

2. Intranet penetration

Here we use cpolar intranet penetration to map local services to the public network. There is no need for a public network IP or setting up a router. The operation is very simple. [cpolar.cn has been registered]

2.1 Download and install cpolar intranet penetration

cpolar官网：https://www.cpolar.com/

Visit the cpolar official website, register an account, and download and install the cpolar client. For details, please refer toDocumentation Tutorial for download and installation.

2.2 Create tunnel

After cpolar is successfully installed, we access the local 9200 port on the browser and log in to Cpolar's web ui interface:http://localhost:9200.

Click Tunnel Management - Create Tunnel on the left dashboard. Let's create a tunnel to map the web service under the local port 8080 to the public network:

• Tunnel name: Customizable, be careful not to duplicate the name of an existing tunnel
• Protocol: http protocol
• Local address: 80
• Domain name type: Choose a random domain name for free
• Region: Select China VIP

Click创建

After the tunnel is successfully created, the page automatically jumps to the tunnel list. You can see the tunnel-1 tunnel that was just created successfully. The status is active, indicating that it is normally online. Note that there is no need to click to start again.

Click on the status of the dashboard on the left - online tunnel list. You can see that the tunnel you just created has generated a corresponding public network address, an http protocol and an https protocol (avoiding the tedious steps of configuring an SSL certificate). Both are available. Access the local web service and copy the public address.

3. Test public network access

Open the official account page of the WeChat public platform, click on the basic configuration below, and fill in the copied public address in the URL box.

A successful submission indicates successful verification.

Click to enable server configuration. If the operation is successful, it means the activation is successful.

4. Fixed domain name

Since the public network address configured above uses a random address and will change randomly within 24 hours, in order to make the service run more stably, it is recommended that a fixed domain name address must be configured.

Note that you need to upgrade the cpolar package to the basic package or above. [cpolar.cn has been registered]

4.1 Reserve a second-level subdomain name

Visit the Cpolar official websitewww.cpolar.com, log in to the cpolar official website backend, click Reserve on the left, and find the reserved second-level subdomain name :

• Region: Select China VIP
• Second-level domain name: can be customized
• Description: Notes, which can be customized

Click保留

Prompt that the subdomain name is reserved successfully, copy the reserved second-level subdomain name

4.2 Configure the second-level subdomain name

Visithttp://127.0.0.1:9200/, log in to the cpolar web UI management interface, click Tunnel Management on the left dashboard ——Tunnel list, find the http WeChat development tunnel you just created, click Edit on the right

Modify the tunnel information and configure the successfully reserved second-level subdomain name into the tunnel.

• Domain name type: Select a second-level subdomain name
• Sub Domain: Fill in the successfully reserved second-level subdomain name

Click更新

After the update, open the online tunnel list again. At this time, you can see that the tunnel has become a fixed second-level subdomain name. The name is wechat we reserved on the official website, and then copy the domain name.

5. Use fixed second-level subdomain names for WeChat development

Open the WeChat public platform - public account page, click Basic Configuration, modify the value of the URL. Before modifying, you need to click to deactivate the server configuration, and click Submit after replacing it.

A successful submission indicates that the replacement was successful.

Then, click to start the server configuration. If the operation is successful, it means success. Then you can use the local server for WeChat development.

Reprinted from cpolar pole cloud article:WeChat public account development: docking with local development environment [intranet penetration]