Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Code cleanup & refactoring. #646

Merged
merged 23 commits into from
Apr 12, 2017
Merged

Code cleanup & refactoring. #646

merged 23 commits into from
Apr 12, 2017

Conversation

mingyoung
Copy link
Collaborator

@mingyoung mingyoung commented Apr 12, 2017
edited
Loading

优化开放平台代码
API 名称大幅修改,所以不兼容以前API写法。

预授权简化:

// BEFORE
$openPlatform->pre_auth
    ->setRedirectUri('https://domain.com/callback')
    ->getAuthLink();

// AFTER
// 直接跳转
$response = $openPlatform->pre_auth->redirect('https://domain.com/callback');
// 获取跳转的链接
$response->getTargetUrl();

OpenPlatform.php 增加 __call 魔术方法快速访问 BaseApi 中的方法:

// BEFORE
$openPlatform->authorizer->getAuthorizationInfo();
// AFTER
$openPlatform->getAuthorizationInfo();
微信推送授权事件后不缓存 authorizer_access_tokenauthorizer_refresh_token,因为SDK处理后再次获取授权信息的话容易造成 Token 失效的问题。当调用授权方 API 会缓存并自动刷新 Token。

简化调用授权方 API:

// BEFORE
$app = new Application($options);
$app->access_token = $app->open_platform->authorizer_token;
$authorizerAppId = $authorizer->app_id;
$app->open_platform->authorization->setAuthorizerAppId($authorizerAppId);

// AFTER
$app = $openPlatform->createAuthorizerApplication('authorizerAppid', 'authorizerRefreshToken');
// 然后调用方法和普通调用一致。
// ...

@mingyoung
Copy link
Collaborator Author

@tsunamilx how about it?😄

@overtrue
Copy link
Collaborator

Daemon 是什么?

@mingyoung
Copy link
Collaborator Author

@overtrue 主要是授权方APPID,TOKEN的 Setter 和 Getter 吧

@overtrue
Copy link
Collaborator

@mingyoung 感觉用词不对,daemon 一般是守护进程

@overtrue overtrue merged commit 931b655 into w7corp:master Apr 12, 2017
@mingyoung mingyoung deleted the refactoring branch April 12, 2017 08:22
@overtrue
Copy link
Collaborator

https://scrutinizer-ci.com/g/overtrue/wechat/inspections/36f0b4c2-dbcc-474e-95e6-8a8a32fe340f/issues/files/src/OpenPlatform/OpenPlatform.php?status=new&orderField=path&order=asc&honorSelectedPaths=0

@mingyoung
Copy link
Collaborator Author

I'll fix this later.

@overtrue
Copy link
Collaborator

@mingyoung 👍

@tsunamilx
Copy link
Contributor

tsunamilx commented Apr 14, 2017
edited
Loading

代码改动很大,没有太多时间去理解。不过有几个疑问:

微信推送授权事件后不缓存 authorizer_access_token 和 authorizer_refresh_token,因为SDK处理后再次获取授权信息的话容易造成 Token 失效的问题。当调用授权方 API 会缓存并自动刷新 Token。

这里不理解 Token 为何会失效,Token 没有自动刷新吗?再次授权的话不就是覆盖原来的 Token 了吗,怎么会失效?

// AFTER
$app = $openPlatform->createAuthorizerApplication('authorizerAppid', 'authorizerRefreshToken');

那么开发者是要手动处理 authorizer_refresh_token 了?之后为了刷新 authorizer_access_token 开发者都要手动带上 authorizer_refresh_token ? 我认为这里可以自动处理掉的,是有什么考虑不做吗?

@mingyoung
Copy link
Collaborator Author

mingyoung commented Apr 14, 2017
edited
Loading

如果开发者在回调页面中根据 auth_code 获取授权信息的话那就有冲突了

@mingyoung
Copy link
Collaborator Author

authorizer_refresh_token 应该都要保存到自己的数据库吧,如果交给缓存来处理,那清空缓存不就都没了? @tsunamilx

@tsunamilx
Copy link
Contributor

在回调页面中根据 auth_code 获取授权信息的话那就有冲突了

我这边没出现过这样的情况。通过 auth_code 是重新获取这两个 token 了对吗?照理应该是覆盖了原来缓存的 token,之后应该会使用新的 token,不觉得会冲突。我理解有误?

authorizer_refresh_token 应该都要保存到自己的数据库吧,如果交给缓存来处理,那清空缓存不就都没了?

这个同意,不过感觉清空缓存的可能性不大,那 component_verify_ticket 是不是也要拿出来自行处理。

@mingyoung
Copy link
Collaborator Author

授权事件推送了,然后 SDK 获取 token A 并缓存。

开发者在回调页面根据 auth_code 调用 $openPlatform->getAuthrizationInfo('auth_code)(这个方法没有重新写缓存) 再次获取了 token B。

那 token A 失效了,但是还在缓存 token A。

这个同意,不过感觉清空缓存的可能性不大,那 component_verify_ticket 是不是也要拿出来自行处理。

就算清空缓存了,component_verify_ticket 可以等10分钟微信推送过来,authorizer_refresh_token
就要重新用户授权才有了。

@tsunamilx
Copy link
Contributor

开发者在回调页面根据 auth_code 调用 $openPlatform->getAuthrizationInfo('auth_code)(这个方法没有重新写缓存) 再次获取了 token B。

额,这我觉得应该是开发员的责任了吧,原来的 Authorization 类里有 handleAuthorization 方法,这里是获取并且缓存的。应该调用这个方法的。

就算清空缓存了,component_verify_ticket 可以等10分钟微信推送过来,authorizer_refresh_token
就要重新用户授权才有了。

见仁见智吧。正式环境中,清空缓存应该是不会发生的,如果发生了,10分钟不可用也是很严重的问题。另外 component_verify_ticket 是被动的,只能等微信推过来,急死人。。。authorizer_refresh_token 的话叫客户主动重新授权,可以很快解决,不过客户多的话也是挺要命的。。。所以清空缓存更加是不太可能了。

@mingyoung
Copy link
Collaborator Author

所以要减少踩坑的机会。还有我觉得不应该重新包装微信返回的内容,再返回给开发者。
根据自己的需求调用相应的API就好,SDK不做太多事:)

overtrue pushed a commit that referenced this pull request Apr 25, 2017
@mingyoung @overtrue
Merge branch master into branch develop. (#663)
7e91d6f 
* 🚧Missing message handling

* Fix mini-program decryptor (#615)

* 🐛Fix mini-program decryptor

* fix styles

* 🚨Make the testcase works. (#616)

* Compatible with php5.5 (#617)

* Apply fixes from StyleCI (#618)

* 🚨 修复测试

* 🚨 修复测试

* Apply fixes from StyleCI (#621)

* phpunit path.

* Update OpenPlatform AppId

使用第三方平台授权来生成JS-SDK签名时,返回的 appid 是第三方平台的,应该改为授权方的 appid 才对。

* Add backers

* Add backers

* 修复新建卡券时, 填写高级信息时的字段缺失

点击查看[微信创建卡券文档](https://mp.weixin.qq.com/wiki?action=doc&id=mp1451025056&t=0.    3971944842969317#2.6)

* 添加获取微信支持的门店类目表

创建门店时,必须填入微信支持格式的门店类目, 所以需要先获得支持的门店类目
点击查看[微信创建门店文档](https://mp.weixin.qq.com/wiki?action=doc&id=mp1444378120&t=0.3682459036774999#mdlmb)

* 🔨 Refactoring for mini-program. (#632)

* Refactoring for mini-program.

* Fix styles.

* Fix styles again 💣

* Modify name.

* naming.

* PrefixedContainer Trait.

* ✨ Blacklist. (#634)

* Update README.md

* Apply fixes from StyleCI (#635)

* misspell

* modify oauth property (#639)

* formatting

* tweak code. (#640)

* tweak code.

* Fix styles.

* Remove unused method.

* ♻️ All tests have been namespaced. (#641)

* ♻️ All tests have been namespaced.

* ordered_use

* Fix styles.

* support cash coupon (#642)

* support cash coupon

* fixed styleci

* Code cleanup & refactoring. (#646)

* Rename.

* Open-platform api tests.

* Sensitive config items.

* Socialite minimum version.

* Log Configuration.

* Add header.

* Remove include.

* Log configuration.

* Header copyright.

* Remove open-platform option.

* array type.

* Use short array syntax.

* remove files.

* Update open-platform service provider.

* Remove verify-ticket trait.

* Remove trait.

* do nothing for the time being.

* Update doc.

* use `basename` function

* Cache.

* refactoring

* `Daemon` => `Authorization`

* Styles.

* Update code for open-platform (#649)

* Wrong role

* full name

* Add PrefixedContainer testcase.

* Add fetch method.

* Fix.

* announced api

* Remove test

* extract method.

* Update test.

* fix bug

* remove method.

* get api.

* Styles

* new line

* Update PreAuthorization.php

* Merge from open-platform branch. (#651)

* Remove stale code.

* Full namespace.

* protected vars.

* Cleanup

* Do nothing on the auth events.

* tweak.

* Remove @method announce

* rename.

* Unused code

* Update PrefixedContainerTest.php

* optimizes (#652)

* variable name shortening.

* Add callable.

* class name

* 🐛 开放平台 ServerGuard 覆盖基类 ServerGuard

* extensible

* Mini program datacube. (#655)

* mini-program datacube.

* stats testcase.

* service provider.

* Apply fixes from StyleCI (#656)

* avoid ambiguity. (#659)

* Support Payment Sandbox mode (#658)

* Support Payment Sandbox.

Fixing styleci complains.

More fixing on styles.

Use a wrapper for sandbox API instead.

More style fixing.

Still need one more line for styling.

Change the wrapApi to public.

* Different approach; allow mocking protected methods.

* Fix tests for #658

* Cleanup. #658

* Fix payment tools API (#660)

* Fix.

* Fix.

* Fix styles
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mingyoung @overtrue @tsunamilx