Open iyjian opened 5 years ago
登录签名我是用的jwt,里面我已经埋了expireat。我打算后面再做一个续签token,跟登录token一起下发。这样可以用续签token来自动续签,不需要重新登录。这一块我尽量模仿OAuth规范。
+--------+ +---------------+
| |--(A)------- Authorization Grant --------->| |
| | | |
| |<-(B)----------- Access Token -------------| |
| | & Refresh Token | |
| | | |
| | +----------+ | |
| |--(C)---- Access Token ---->| | | |
| | | | | |
| |<-(D)- Protected Resource --| Resource | | Authorization |
| Client | | Server | | Server |
| |--(E)---- Access Token ---->| | | |
| | | | | |
| |<-(F)- Invalid Token Error -| | | |
| | +----------+ | |
| | | |
| |--(G)----------- Refresh Token ----------->| |
| | | |
| |<-(H)----------- Access Token -------------| |
+--------+ & Optional Refresh Token +---------------+
Figure 2: Refreshing an Expired Access Token
user token 被植入了session,客户端本地存储麻烦,考虑服务端根据session自动续约。
以下说明SDK续约方法
获取sdk-token
curl -X POST 'http://chathub.hostname.com/sdktoken' -H 'Cookie: chatbothub=MTU1NDM...S0qw=='
response
{
"code":0,
"ts":1554860685,
"error":{},
"body": {
"expireAt":"2019-04-17T09:44:45+08:00",
"refreshToken":"eyJhbGciOiJI...5aFOOKvI_6q_DZYU",
"sdkName":"sdkbearer","token":"eyJhbGciOiJIU...cYM"
}
}
refresh
curl -X POST -H 'X-AUTHORIZE-REFRESH: eyJhbGciOiJIUzI1NiIsInR5c...KvI_6q_DZYU' -H 'X-CLIENT-TYPE: SDK' http://chathub.hostname.com/refreshtoken
response
{
"code":0,
"ts":1554860685,
"error":{},
"body": {
"expireAt":"2019-04-17T09:44:45+08:00",
"refreshToken":"eyJhbGciOiJI...5aFOOKvI_6q_DZYU",
"sdkName":"sdkbearer","token":"eyJhbGciOiJIU...cYM"
}
}
search criteria
{
"find": {
"key1": {
"in": ["1", "2"],
"equals": "rhs",
"gt": "rhs",
"gte": "rhs",
"lt": "rhs",
"lte": "rhs",
"like": "rhs",
}
},
"sort": {
"key1": "asc",
"key2": "desc"
},
"paging": {
"page": 1,
"pagesize": 100,
"pagecount": 10
}
}
request
curl 'http://chathub.hostname.com/chatusers/search?q=\{"find":\{"nickname":\{"like":"小强"\}\}\}'
response
{"code":0,"message":"success","ts":1554986244,"error":{},"body":[{"chatuserId":"4ae...a3a6","username":"wxid_6htyy24frto21","nickname":"小强","type":"WECHATBOT","alias":"","avatar":"http://wx.qlogo.cn/mmhead/ver_1/M2u...2","sex":1,"country":"CN","province":"Fujian","city":"Fuzhou","signature":"","remark":"619e5cf5","label":"","createat":"2019-04-01T06:14:45Z","updateat":"2019-04-10T09:54:49Z"},{"chatuserId":"71329...16a","username":"Natures","nickname":"小强","type":"WECHATBOT","alias":"","avatar":"http://wx.qlogo.cn/mmhead/ver_1/EoicT...132","sex":1,"country":"CN","province":"Beijing","city":"West","signature":"你如今的气...的人~","remark":"","label":"6","createat":"2019-04-01T06:16:59Z","updateat":"2019-04-10T09:57:11Z"}],"paging":{}}
重要 GET /login 接口,需要返回登陆状态,因为我前端会周期性的调用这个接口,如果不在登陆状态,session超时了,我就让他重新登陆,没这个接口我就只能等到api报错才知道。 ------------------------------联系人--------------------------------- GET contacts 接口 接口暴露 sex / province / city / slogn / 标签(用数组输出)/ 最后活跃时间 / 手机号 / 销售额 增加?search参数,允许search nickname sex province city 标签 增加对最后活跃时间的排序 ?sortColumn=** & sortOrder=desc/asc 也可以做成通用,每个字段都能sort ;)
PATCH contacts/:contactId 修改contact的备注 -----------------------------联系人标签---------------------------------- POST contacts/:contactId/labels 对contact增加标签
DELETE contacts/:contactId/labels/:labelId 删除contact的标签 -----------------------------群----------------------------------
GET groups 接口修改 增加字段类 增加群最后活跃时间 / 近24小时消息数 / botId / 管理员联系人object / 机器人在本群昵称 / 群公告 筛选条件类 增加 ?botId=.... 搜索类 ?search=keyword 搜索群名称 群备注 按群成员名字
PATCH /group/:groupId 可以修改group的备注
GET /groups/:groupId 可查看群详细信息
群二维码 / 群名称 / 群公告 / 群近24小时云词 / 群总云词 / 群总人数
-----------------------------群人数---------------------------------- GET /groups/:groupId/contacts 查看群下的人的列表,复用contacts接口