Skip to content

完善微信小程序消息推送(安全模式)JSON 入参的验签解密能力#4069

Open
binarywang with Copilot wants to merge 2 commits into
developfrom
copilot/fix-json-data-support
Open

完善微信小程序消息推送(安全模式)JSON 入参的验签解密能力#4069
binarywang with Copilot wants to merge 2 commits into
developfrom
copilot/fix-json-data-support

Conversation

Copilot AI commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

当前 WxMaMessage 对安全模式 XML 已支持“验签+解密”,但 JSON 仅支持解密,导致调用方需要手工提取 Encrypt 并自行验签。该变更补齐 JSON 与 XML 在安全模式下的能力对齐,支持直接完成来源校验与解密。

  • 变更一:补充 JSON 安全模式重载(验签 + 解密)

    • WxMaMessage 新增 5 参数重载:
      • fromEncryptedJson(String encryptedJson, WxMaConfig config, String timestamp, String nonce, String msgSignature)
      • fromEncryptedJson(InputStream inputStream, WxMaConfig config, String timestamp, String nonce, String msgSignature)
    • 解析 Encrypt 后复用 WxMaCryptUtils.decryptContent(...),按 token/timestamp/nonce/msgSignature 完成签名校验并解密。
  • 变更二:保持兼容

    • 原有 2 参数 fromEncryptedJson(String/InputStream, WxMaConfig) 保持不变,继续提供“仅解密”行为,不影响既有调用。
  • 变更三:补充针对性用例

    • 增加 JSON 安全模式成功路径(验签通过后正常解密解析)与失败路径(签名不匹配抛异常)覆盖,确保新重载行为清晰可预期。

示例调用:

WxMaMessage message = WxMaMessage.fromEncryptedJson(
  encryptedJson,
  wxMaConfig,
  timestamp,
  nonce,
  msgSignature
);

Copilot AI changed the title [WIP] Fix incomplete support for JSON data in message push 完善微信小程序消息推送(安全模式)JSON 入参的验签解密能力 Jul 15, 2026
Copilot AI requested a review from binarywang July 15, 2026 03:37
@binarywang binarywang marked this pull request as ready for review July 15, 2026 04:09
Copilot AI review requested due to automatic review settings July 15, 2026 04:09

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

该 PR 针对 weixin-java-miniapp 中小程序消息推送“安全模式”场景,补齐 WxMaMessageJSON 入参 的“验签 + 解密”能力,使其与现有 XML 处理能力对齐,减少调用方自行提取 Encrypt 与验签的负担。

Changes:

  • WxMaMessage 新增带 timestamp/nonce/msgSignaturefromEncryptedJson(...) 重载,走 WxMaCryptUtils.decryptContent(...) 完成签名校验与解密。
  • 增加对应的单测覆盖 JSON 安全模式成功路径与签名失败路径。

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
weixin-java-miniapp/src/main/java/cn/binarywang/wx/miniapp/bean/WxMaMessage.java 新增 JSON 安全模式“验签+解密”重载入口(String/InputStream)。
weixin-java-miniapp/src/test/java/cn/binarywang/wx/miniapp/bean/WxMaMessageTest.java 补充 JSON 安全模式验签通过与签名不匹配异常用例。

Comment on lines +641 to +650
public static WxMaMessage fromEncryptedJson(String encryptedJson, WxMaConfig config,
String timestamp, String nonce, String msgSignature) {
try {
WxMaMessage encryptedMessage = fromJson(encryptedJson);
String plainText = new WxMaCryptUtils(config).decryptContent(msgSignature, timestamp, nonce,
encryptedMessage.getEncrypt());
return fromJson(plainText);
} catch (Exception e) {
throw new WxRuntimeException(e);
}
@augmentcode

augmentcode Bot commented Jul 15, 2026

Copy link
Copy Markdown
🤖 Augment PR Summary

Summary: 补齐 WxMaMessage 在安全模式 JSON 回调下的“验签 + 解密”能力,使其与 XML 行为对齐。

Changes:

  • 新增 fromEncryptedJson 5 参数重载(String/InputStream),接收 timestamp/nonce/msgSignature
  • 从 JSON 中解析 Encrypt 字段后复用 WxMaCryptUtils.decryptContent(...) 完成签名校验并解密
  • 新增单测覆盖:验签通过可正常解密解析、验签失败抛出异常

Technical Notes: 保留原有 2 参数重载的“仅解密”行为以确保兼容性。

🤖 Was this summary useful? React with 👍 or 👎

@augmentcode augmentcode Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review completed. No suggestions at this time.

Comment augment review to trigger a new review at any time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

微信小程序服务器接收消息推送(安全模式)对于JSON类型的数据支持不完善

3 participants