npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

weapp-session

v0.3.0

Published

为微信小程序提供会话管理功能

Downloads

5

Readme

微信小程序会话管理中间件

微信的网络请求接口 wx.request() 没有携带 Cookies,这让传统基于 Cookies 实现的会话管理不再适用。为了让处理微信小程序的服务能够识别会话,我们推出了 weapp-session

weapp-session 使用自定义 Header 来传递微信小程序内用户信息,在服务内可以直接获取用户在微信的身份。

会话层使用 Redis 作为缓存管理,具有高效可靠的特点。

广告:推荐使用腾讯云 Redis 服务

安装

npm install weapp-session

使用

const express = require('express');
const weappSession = require('weapp-session');

const app = express();

app.use(weappSession({
    appId: '',      // 微信小程序 APP ID
    appSecret: '',  // 微信小程序 APP Secret

    // REDIS 配置
    // @see https://www.npmjs.com/package/redis#options-object-properties
    redisConfig: {
        host: '',
        port: '',
        password: ''
    },

    // (可选)指定在哪些情况下不使用 weapp-session 处理
    ignore(req, res) {
        return /^\/static\//.test(req.url);
    }
}));

app.use((req, res) => {
    res.json({
        // 在 req 里可以直接取到微信用户信息
        wxUserInfo: req.$wxUserInfo
    });
});

// 其它业务代码
// ...

app.listen(3000);

客户端

在微信小程序内需要使用客户端配合,方能和服务器建立会话管理。

实现

会话层的实现和传统 Cookie 的实现方式类似,都是在 Header 上使用特殊的字段跟踪。一个请求的完整流程如下:

请求生命周期

  1. 客户端(微信小程序)发起请求 request
  2. weapp-session-client 包装 request
    • 首次请求
      • 调用 wx.login()wx.getUserInfo() 接口获得 coderawDatasignature
      • requset 的头部带上 coderawDatasignature
      • 保存 code 供下次调用
    • 非首次请求
      • request 的头部带上保存的 code
  3. 服务器收到请求 request,中间件从头部提取 coderawDatasignature 字段
    • 如果 code 为空,跳到第 4
    • 如果 code 不为空,且 rawData 不为空,需要进行签名校验
      • 使用 codeappidapp_secret 请求微信接口获得 session_keyopenid
        • 如果接口失败,响应 ERR_SESSION_KEY_EXCHANGE_FAILED
      • 使用签名算法通过 rawDatasession_key 计算签名 signature2
      • 对比 signaturesignature2
        • 签名一致,解析 rawDatawxUserInfo
          • openid 写入到 wxUserInfo
          • (code, wxUserInfo) 缓存到 Redis
          • wxUserInfo 存放在 request.$wxUserInfo
          • 跳到第 4
        • 签名不一致,响应 ERR_UNTRUSTED_RAW_DATA
    • 如果 code 不为空,但 rawData 为空,从 Redis 根据 code 查询缓存的用户信息
      • 找到用户信息,存放在 request.$wxUserInfo 字段里,跳到第 4
      • 没找到用户信息(可能是过期),响应 ERR_SESSION_EXPIRED
  4. request 被业务处理,可以使用 request.$wxUserInfo 来获取用户信息(request.$wxUserInfo 可能为空,业务需要自行处理)

LICENSE

MIT