easywechat4.0 [ error ] [-1]Authorize Failed: {"errcode":41008,"errmsg":"missing code, hints: [ req_id: jCbezQaLRa-yh_Wxa ]"}

[kl521516]

我用的环境

• PHP 版本：PHP 7
• overtrue/wechat 版本：4.0
• 是否使用了框架？框架名称：thinkphp5

问题及现象

//授权跳转 public function get_openid(){

//跳转获取openid
$app = Factory::officialAccount($this->config_wechat);
$oauth = $app->oauth;
if (empty(Cookie::get('wechat_user'))) {

    Cookie::set('target_url', $this->request->url());

    // return $oauth->redirect();
    // 这里不一定是return，如果你的框架action不是返回内容的话你就得使用
    $oauth->redirect()->send();
}

}

//跳转获取openid public function oauth_callback(){

$app = Factory::officialAccount($this->config_wechat);
$oauth = $app->oauth;

// 获取 OAuth 授权结果用户信息
$user = $oauth->user();

// 永久保存Cookie
Cookie::forever('wechat_user',$user->toArray());

$targetUrl = empty(Cookie::get('target_url')) ? '/' : Cookie::get('target_url');

header('location:'. $targetUrl);

}

偶尔会出现这个问题，测试很多次都是好的，但错误日志里每天都十多条关于这个的错误信息

域名了备了案，也在公众号设置了域名白名单

[ error ] [-1]Authorize Failed: {"errcode":41008,"errmsg":"missing code, hints: [ req_id: jCbezQaLRa-yh_Wxa ]"}

https://yike.io/ 另外一刻社区上无法提交问题,报错信息：This action is unauthorized.

[overtrue]

那是非法访问，比如抓取机器人访问了你的这个地址

[kl521516]

我们是ract写的单页面应用，这种页面蜘蛛无法抓取和得知访问链接的，通过nginx日志检索只有少数蜘蛛访问了/根目录，感觉是其它问题

[overtrue]

@kl521516 总之，请求里没有带 code 所致

[kl521516]

请求里有没有带 code ，我用easywechat框架怎么判断，或者怎么修改一下代码，就可以带上code

[overtrue]

你直接判断 url 里的 query 有没有 code ，没有就不走微信接口就好了

xiaolin notifications@github.com于2019年9月4日 周三下午4:00写道：

请求里有没有带 code ，我用easywechat框架怎么判断，或者怎么修改一下代码，就可以带上code

— You are receiving this because you modified the open/close state.

Reply to this email directly, view it on GitHub https://github.com/overtrue/wechat/issues/1677?email_source=notifications&email_token=AALHOYHRYTANFKRMWYGNPYTQH5TJVA5CNFSM4ITM3RX2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD52W3YY#issuecomment-527789539, or mute the thread https://github.com/notifications/unsubscribe-auth/AALHOYFR4WBEXXWNBC36YITQH5TJVANCNFSM4ITM3RXQ .

[kl521516]

我们登录用的是Socialite，用户分享那一块用的是easywechat，会不会他们两同时使用，产生冲突了

[overtrue]

用户分享？和 socialite 没有关系吧？

xiaolin notifications@github.com于2019年9月5日 周四上午10:15写道：

我们登录用的是Socialite，用户分享那一块用的是easywechat，会不会他们两同时使用，产生冲突了

— You are receiving this because you modified the open/close state.

Reply to this email directly, view it on GitHub https://github.com/overtrue/wechat/issues/1677?email_source=notifications&email_token=AALHOYGV5JJMX7KRW224WRDQIBTT3A5CNFSM4ITM3RX2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD55S2MA#issuecomment-528166192, or mute the thread https://github.com/notifications/unsubscribe-auth/AALHOYDMDCOFK5VZSGRJ7EDQIBTT3ANCNFSM4ITM3RXQ .

[kl521516]

Socialite的微信登录、easywechat微信分享或者获取微信信息，同一个appid和appsecret，都是先获取accessToken，会不会因为这个冲突了

[overtrue]

Socialite 是哪个包？overtrue/socialite 的话其实已经包含在 easywechat 了，你没必要单独引入来用。

xiaolin notifications@github.com于2019年9月5日 周四上午11:37写道：

Socialite的微信登录、easywechat微信分享或者获取微信信息，同一个appid和appsecret，都是先获取accessToken，会不会因为这个冲突了

— You are receiving this because you modified the open/close state.

Reply to this email directly, view it on GitHub https://github.com/overtrue/wechat/issues/1677?email_source=notifications&email_token=AALHOYES2XZA46AN7GTMWDDQIB5IXA5CNFSM4ITM3RX2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD55W3KQ#issuecomment-528182698, or mute the thread https://github.com/notifications/unsubscribe-auth/AALHOYGJHJDCKX6HVPESWV3QIB5IXANCNFSM4ITM3RXQ .

[kl521516]

微信登录和QQ登录我都用的Socialite

[overtrue]

Socialite 不是一个包名，麻烦告诉我你用的是哪一个，laravel/socialite 这样的格式才叫包名，有很多同名的包……

xiaolin notifications@github.com于2019年9月5日 周四上午11:44写道：

微信登录和QQ登录我都用的Socialite

— You are receiving this because you modified the open/close state.

Reply to this email directly, view it on GitHub https://github.com/overtrue/wechat/issues/1677?email_source=notifications&email_token=AALHOYDLIMWP2LDKM4IKSYDQIB6CZA5CNFSM4ITM3RX2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD55XETI#issuecomment-528183885, or mute the thread https://github.com/notifications/unsubscribe-auth/AALHOYCEFX3ES5WSBG4GYFTQIB6CZANCNFSM4ITM3RXQ .

[kl521516]

https://github.com/overtrue/socialite 用的这个

GitHub

overtrue/socialite

:octocat: Socialite is an OAuth2 Authentication tool. It is inspired by laravel/socialite, you can easily use it without Laravel. - overtrue/socialite

[overtrue]

那你没必要单独使用的，微信登录已经在内置 SDK 了

xiaolin notifications@github.com于2019年9月5日 周四下午1:15写道：

https://github.com/overtrue/socialite 用的这个

— You are receiving this because you modified the open/close state.

Reply to this email directly, view it on GitHub https://github.com/overtrue/wechat/issues/1677?email_source=notifications&email_token=AALHOYFJSHK3QGUXXWJU6MTQICIXDA5CNFSM4ITM3RX2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD553F3Q#issuecomment-528200430, or mute the thread https://github.com/notifications/unsubscribe-auth/AALHOYETL5NOQLCQW3AK5WTQICIXDANCNFSM4ITM3RXQ .

[kl521516]

微信登录我已经换成easywechat了，另外网站robots.txt也屏蔽了所有蜘蛛的抓取，但是日志里还是输出这个错误

[mingyoung]

不排除其他情况啊，别人也没办法帮你检查是什么情况。

你判断请求没有 code，然后你记录下请求内容等等，分析一下不就知道了？

if ( ! $request->has('code')) {
    // 记录请求信息
    return;
}

[kl521516]

code被使用 [ 2019-09-09T05:51:33+08:00 ] 223.88.74.195 GET xxx.com/callback?code=071GMAvs0w6TFf10l4ts0qoXvs0GMAvE&state=dbd08a4deb382a2f92e76669b0b3522b [ error ] [-1]Authorize Failed: {"errcode":40163,"errmsg":"code been used, hints: [ req_id: zceeZRLnRa-e6aG_a ]"}

code缺失 [ 2019-09-09T09:16:39+08:00 ] 116.249.89.146 GET xxx.com/callback [ error ] [-1]Authorize Failed: {"errcode":41008,"errmsg":"missing code, hints: [ req_id: HeeezqLnRa-S.yNUa ]"}

有两种情况，不是有没有code的问题，我和同事用微信开发者工具、手机微信反复测试都无法还原这个问题，导致我们无从下手，能否给我们一些检查思路

[overtrue]

看一下无 code 时的 user-agent

[kl521516]

//如果请求参数中存在code，就记录日志 if (Request::has("code")) { Log::record(Request::header()['user-agent'],'error'); }

出来了一堆日志，可是我不知道输出的user-agent有什么用

[ 2019-09-09T17:04:16+08:00 ] 183.200.45.114 GET xxx.com/oauth_callback?code=071P9jx62sdEZR07rMv62IMix62P9jxk&state=07567e18f0ce96ad4a44830aeb6f49f3 [ error ] Mozilla/5.0 (Linux; Android 8.1.0; vivo X9s Plus Build/OPM1.171019.019; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044904 Mobile Safari/537.36 MMWEBID/7733 MicroMessenger/7.0.6.1500(0x2700063D) Process/tools NetType/WIFI Language/zh_CN

[ 2019-09-09T17:04:17+08:00 ] 60.223.136.142 GET xxx.com/oauth_callback?code=061FxcL62rEDDQ0om8J62k33L62FxcLr&state=bac6ff6315b7e3c61d05044889597c82 [ error ] Mozilla/5.0 (Linux; Android 9; MI 8 Build/PKQ1.180729.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044904 Mobile Safari/537.36 MMWEBID/7625 MicroMessenger/7.0.6.1500(0x2700063D) Process/tools NetType/WIFI Language/zh_CN

[ 2019-09-09T17:04:20+08:00 ] 183.185.194.171 GET xxx.com/oauth_callback?code=0712Gt7m0leACq128t4m0Hmx7m02Gt7U&state=e8a07cf1687bde3f0f2895b79645cbeb [ error ] Mozilla/5.0 (Linux; Android 7.0; TRT-AL00A Build/HUAWEITRT-AL00A; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044904 Mobile Safari/537.36 MMWEBID/1351 MicroMessenger/7.0.1380(0x2700003C) Process/tools NetType/WIFI Language/zh_CN

[ 2019-09-09T17:04:25+08:00 ] 36.104.127.65 GET xxx.com/oauth_callback?code=011RmSmt07x9Yf1fLPlt0a6xmt0RmSm5&state=6aaa3555dc3b669c792ed3a8ba5ef6ee [ error ] Mozilla/5.0 (Linux; Android 9; MI 9 Build/PKQ1.181121.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044904 Mobile Safari/537.36 MMWEBID/5576 MicroMessenger/7.0.6.1500(0x2700063D) Process/tools NetType/4G Language/zh_CN

[ 2019-09-09T17:04:28+08:00 ] 118.213.116.17 GET xxx.com/oauth_callback?code=061OyAVJ154WN20clXSJ1rWxVJ1OyAV9&state=fadf85714acd709389ead8e0962cc21b [ error ] Mozilla/5.0 (iPhone; CPU iPhone OS 12_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/7.0.5(0x17000523) NetType/4G Language/zh_CN

[ 2019-09-09T17:04:30+08:00 ] 221.192.180.57 GET xxx.com/oauth_callback?code=081skVTK0XrwX72NtfSK02J3UK0skVTr&state=d3529b45571e312d7fd8dd5378e2c1fe [ error ] Mozilla/5.0 (Linux; Android 7.1.2; vivo X9s Build/N2G47H; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044813 Mobile Safari/537.36 MMWEBID/6839 MicroMessenger/7.0.3.1400(0x2700033C) Process/tools NetType/4G Language/zh_CN

[ 2019-09-09T17:04:35+08:00 ] 125.104.63.156 GET xxx.com/oauth_callback?code=061ZTIqR0MioY52IsEqR05bKqR0ZTIqd&state=8d9b8e368fc558c60b82aa02a2f111a8 [ error ] Mozilla/5.0 (Linux; Android 8.0.0; PRA-AL00X Build/HONORPRA-AL00X; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044813 Mobile Safari/537.36 MMWEBID/6058 MicroMessenger/7.0.6.1500(0x2700063D) Process/tools NetType/WIFI Language/zh_CN

[ 2019-09-09T17:04:37+08:00 ] 183.202.51.25 GET xxx.com/oauth_callback?code=011w3hmi2fm8rA0MSVli2lB4mi2w3hmP&state=739be5649904074cbadc9c831c8ece67 [ error ] Mozilla/5.0 (Linux; Android 8.1.0; V1818A Build/OPM1.171019.026; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044904 Mobile Safari/537.36 MMWEBID/3361 MicroMessenger/7.0.6.1500(0x2700063D) Process/tools NetType/WIFI Language/zh_CN

[ 2019-09-09T17:04:38+08:00 ] 220.195.67.221 GET xxx.com/oauth_callback?code=061tW8nj1mF6vu0T0hmj1iUinj1tW8nQ&state=25229bb7f7257d71daa252f72d0af8b6 [ error ] Mozilla/5.0 (iPhone; CPU iPhone OS 12_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/7.0.3(0x17000321) NetType/4G Language/zh_CN

[ 2019-09-09T17:04:41+08:00 ] 117.142.100.232 GET xxx.com/oauth_callback?code=061LenpM0CaB3c2RtlpM0TtGpM0LenpA&state=653e512db627b261b3030e36e21048e7 [ error ] Mozilla/5.0 (Linux; Android 5.1.1; vivo X7Plus Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044904 Mobile Safari/537.36 MMWEBID/6382 MicroMessenger/7.0.6.1500(0x2700063D) Process/tools NetType/4G Language/zh_CN

[ 2019-09-09T17:04:43+08:00 ] 117.136.91.136 GET xxx.com/oauth_callback?code=071k89ND1Ub4t50cadMD1aBjND1k89Nf&state=e71e9c079f2ac202392fb324051d5eea [ error ] Mozilla/5.0 (Linux; Android 9; MHA-AL00 Build/HUAWEIMHA-AL00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044904 Mobile Safari/537.36 MMWEBID/6292 MicroMessenger/6.7.3.1360(0x2607033D) NetType/4G Language/zh_CN Process/tools

[ 2019-09-09T17:04:52+08:00 ] 106.109.27.243 GET xxx.com/oauth_callback?code=071BX4m10oC8MG1l6Vm10pIQl10BX4mY&state=b84281aeee5463fdce10754f6bc974f0 [ error ] Mozilla/5.0 (Linux; Android 9; V1816A Build/PKQ1.180819.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044813 Mobile Safari/537.36 MMWEBID/9199 MicroMessenger/7.0.6.1460(0x27000634) Process/tools NetType/4G Language/zh_CN

[ 2019-09-09T17:04:57+08:00 ] 117.136.110.112 GET xxx.com/oauth_callback?code=021YtV1V08FYm22w9uZU0QxT1V0YtV1n&state=418fa020338c909a3e942aaaae8e6474 [ error ] Mozilla/5.0 (Linux; Android 9; JSN-TL00 Build/HONORJSN-TL00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044904 Mobile Safari/537.36 MMWEBID/4326 MicroMessenger/7.0.6.1500(0x2700063D) Process/tools NetType/4G Language/zh_CN

[ 2019-09-09T17:04:58+08:00 ] 171.43.134.217 GET xxx.com/oauth_callback?code=011PCvk51sxA4S1fEIj51IyFk51PCvkR&state=d250bd9aa5e81f98e121603a23289e16 [ error ] Mozilla/5.0 (Linux; Android 9; PCAM00 Build/PKQ1.190101.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044904 Mobile Safari/537.36 MMWEBID/6463 MicroMessenger/7.0.6.1500(0x2700063D) Process/tools NetType/WIFI Language/zh_CN

[ 2019-09-09T17:04:59+08:00 ] 61.158.148.64 GET xxx.com/buy?code=S808996686 [ error ] Mozilla/5.0 (iPhone; CPU iPhone OS 12_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/7.0.5(0x17000523) NetType/4G Language/zh_CN

[ 2019-09-09T17:05:00+08:00 ] 36.159.117.228 GET xxx.com/oauth_callback?code=061siHd601piYB1dBjc60CaYd60siHda&state=7ac750f4a10dcd9acba7206cb673bc56 [ error ] Mozilla/5.0 (iPhone; CPU iPhone OS 12_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/7.0.3(0x17000321) NetType/WIFI Language/zh_CN

[ 2019-09-09T17:05:00+08:00 ] 113.140.145.22 GET xxx.com/oauth_callback?code=011jruB72KGRVQ072YA72OBlB72jruBA&state=7ac750f4a10dcd9acba7206cb673bc56 [ error ] Mozilla/5.0 (Linux; Android 9; DUK-AL20 Build/HUAWEIDUK-AL20; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044807 Mobile Safari/537.36 MMWEBID/7321 MicroMessenger/7.0.4.1420(0x2700043C) Process/tools NetType/4G Language/zh_CN

[ 2019-09-09T17:05:03+08:00 ] 120.193.204.150 GET xxx.com/oauth_callback?code=021SHKYf1Cijlt0pgCWf1O05Zf1SHKYl&state=782ece2b0a608d76dc03ab61a16f988c [ error ] Mozilla/5.0 (Linux; Android 8.0.0; MIX 2 Build/OPR1.170623.027; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044904 Mobile Safari/537.36 MMWEBID/2181 MicroMessenger/7.0.6.1500(0x2700063D) Process/tools NetType/WIFI Language/zh_CN

[ 2019-09-09T17:05:04+08:00 ] 223.101.119.185 GET xxx.com/oauth_callback?code=021G5IKT0PeC6Z1S3ZIT08OFKT0G5IKc&state=cccb423a670d452f8a3e6b73c6e59eab [ error ] Mozilla/5.0 (Linux; Android 8.1.0; PBBM30 Build/OPM1.171019.026; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044904 Mobile Safari/537.36 MMWEBID/8862 MicroMessenger/7.0.6.1500(0x2700063D) Process/tools NetType/WIFI Language/zh_CN

[ 2019-09-09T17:05:06+08:00 ] 223.104.1.136 GET xxx.com/oauth_callback?code=001njDyQ1pl6n31MVIyQ1rXlyQ1njDy7&state=9bf63884580a7460cdf8790d40dd9bdd [ error ] Mozilla/5.0 (Linux; Android 9; ALP-AL00 Build/HUAWEIALP-AL00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044904 Mobile Safari/537.36 MMWEBID/6424 MicroMessenger/7.0.6.1500(0x2700063D) Process/tools NetType/4G Language/zh_CN

[ 2019-09-09T17:05:14+08:00 ] 110.52.3.25 GET xxx.com/oauth_callback?code=021kfqV21fiXVP1r2QT21H9JV21kfqVl&state=5cb14fa51f339924b8ad7bdda245eee8 [ error ] Mozilla/5.0 (Linux; Android 8.0.0; EVA-AL10 Build/HUAWEIEVA-AL10; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044904 Mobile Safari/537.36 MMWEBID/3730 MicroMessenger/7.0.6.1460(0x27000634) Process/tools NetType/WIFI Language/zh_CN

[ 2019-09-09T17:05:14+08:00 ] 117.136.99.244 GET xxx.com/oauth_callback?code=0018cEcP05GOE32IIueP07pscP08cEcC&state=5cb14fa51f339924b8ad7bdda245eee8 [ error ] Mozilla/5.0 (Linux; Android 9; VOG-AL00 Build/HUAWEIVOG-AL00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044904 Mobile Safari/537.36 MMWEBID/4181 MicroMessenger/7.0.6.1460(0x27000634) Process/tools NetType/4G Language/zh_CN

[ 2019-09-09T17:05:17+08:00 ] 183.253.162.155 GET xxx.com/oauth_callback?code=071zZMLj1TfTlo0NsRNj1CyJLj1zZML7&state=6bd111ebcbc777dbfbf14c7ef2d28552 [ error ] Mozilla/5.0 (Linux; Android 6.0.1; OPPO A57 Build/MMB29M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044904 Mobile Safari/537.36 MMWEBID/7035 MicroMessenger/7.0.6.1500(0x2700063D) Process/tools NetType/WIFI Language/zh_CN

[ 2019-09-09T17:05:17+08:00 ] 106.52.56.118 GET xxx.com/oauth_callback?code=0217o2s80f0HdE1PBuu80UVSr807o2sO&state=6bd111ebcbc777dbfbf14c7ef2d28552 [ error ] Mozilla/5.0 (Linux; Android 9; SM-G8870 Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044904 Mobile Safari/537.36 MMWEBID/6045 MicroMessenger/7.0.6.1480(0x270006CF) Process/tools NetType/WIFI Language/zh_CN

[ 2019-09-09T17:05:18+08:00 ] 124.152.217.20 GET xxx.com/oauth_callback?code=0113oM610pOkdI1pfi610xm37103oM6V&state=922c2cadcec9936d4a8ce11c28569f40 [ error ] Mozilla/5.0 (Linux; Android 9; EML-AL00 Build/HUAWEIEML-AL00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044904 Mobile Safari/537.36 MMWEBID/4358 MicroMessenger/7.0.6.1500(0x2700063D) Process/tools NetType/4G Language/zh_CN

[ 2019-09-09T17:05:19+08:00 ] 117.136.12.126 GET xxx.com/buy?is_ios=0&code=S909B5M589&token=I31L25394425D75F8A5625D3 [ error ] Mozilla/5.0 (Linux; Android 9; HWI-TL00 Build/HUAWEIHWI-TL00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.99 Mobile Safari/537.36 MicroMessenger/7.0.5.1440(0x27000537) Process/appbrand0 NetType/4G Language/zh_CN

[ 2019-09-09T17:05:21+08:00 ] 171.210.219.50 GET xxx.com/buy?code=S909CJ6GL4 [ error ] Mozilla/5.0 (iPhone; CPU iPhone OS 12_1_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/16D57 MicroMessenger/7.0.5(0x17000523) NetType/4G Language/zh_CN

[ 2019-09-09T17:05:22+08:00 ] 117.136.12.126 POST xxx.com/buy?token=I31L25394425D75F8A5625D3 [ error ] Mozilla/5.0 (Linux; Android 9; HWI-TL00 Build/HUAWEIHWI-TL00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.99 Mobile Safari/537.36 MicroMessenger/7.0.5.1440(0x27000537) Process/appbrand0 NetType/4G Language/zh_CN

[ 2019-09-09T17:05:23+08:00 ] 223.11.52.74 GET xxx.com/oauth_callback?code=011t1WiU1f9HtY03TXlU1gsWiU1t1WiP&state=78d88ebf9a7d7302415af21522f7b1e7 [ error ] Mozilla/5.0 (Linux; Android 6.0.1; vivo Y66 Build/MMB29M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044904 Mobile Safari/537.36 MMWEBID/7001 MicroMessenger/7.0.6.1500(0x2700063D) Process/tools NetType/WIFI Language/zh_CN

[ 2019-09-09T17:05:27+08:00 ] 171.210.219.50 GET m.kameimei.cn/card/login/wechat_callback?code=021QMVOs14at3l0O7mOs1ZkVOs1QMVOQ&state=1fe893e3523ffe46cfa4099273603f5b [ error ] Mozilla/5.0 (iPhone; CPU iPhone OS 12_1_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/16D57 MicroMessenger/7.0.5(0x17000523) NetType/4G Language/zh_CN

[ 2019-09-09T17:05:27+08:00 ] 171.210.219.50 GET xxx.com/buy?code=S909CJ6GL4 [ error ] Mozilla/5.0 (iPhone; CPU iPhone OS 12_1_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/16D57 MicroMessenger/7.0.5(0x17000523) NetType/4G Language/zh_CN

[ 2019-09-09T17:05:27+08:00 ] 219.140.46.240 GET xxx.com/buy?code=S9069AW3FJ [ error ] Mozilla/5.0 (iPhone; CPU iPhone OS 12_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/7.0.5(0x17000523) NetType/WIFI Language/zh_CN

[ 2019-09-09T17:05:29+08:00 ] 171.210.219.50 POST xxx.com/buy [ error ] Mozilla/5.0 (iPhone; CPU iPhone OS 12_1_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/16D57 MicroMessenger/7.0.5(0x17000523) NetType/4G Language/zh_CN

[ 2019-09-09T17:05:32+08:00 ] 219.140.46.240 GET m.kameimei.cn/card/login/wechat_callback?code=021NWJm52P0iyO0Wf6q52i84n52NWJmB&state=a8ab9e1f1cb1076ee70ff92297f42b49 [ error ] Mozilla/5.0 (iPhone; CPU iPhone OS 12_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/7.0.5(0x17000523) NetType/WIFI Language/zh_CN

[ 2019-09-09T17:05:32+08:00 ] 113.200.85.181 GET xxx.com/oauth_callback?code=061yl2JO1FhFF81GzNKO1pJhJO1yl2JV&state=a8ab9e1f1cb1076ee70ff92297f42b49 [ error ] Mozilla/5.0 (Linux; Android 5.1; OPPO A59s Build/LMY47I; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044807 Mobile Safari/537.36 MMWEBID/6097 MicroMessenger/7.0.5.1440(0x27000537) Process/tools NetType/4G Language/zh_CN

[ 2019-09-09T17:05:32+08:00 ] 219.140.46.240 GET xxx.com/buy?code=S9069AW3FJ [ error ] Mozilla/5.0 (iPhone; CPU iPhone OS 12_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/7.0.5(0x17000523) NetType/WIFI Language/zh_CN

[ 2019-09-09T17:05:33+08:00 ] 171.118.173.32 GET xxx.com/oauth_callback?code=021HtN242teeSP01up142bFV242HtN2u&state=f7de6c8f85218eb84b91c724944935b1 [ error ] Mozilla/5.0 (Linux; Android 8.1.0; vivo X9s Build/OPM1.171019.019; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044904 Mobile Safari/537.36 MMWEBID/8439 MicroMessenger/7.0.6.1500(0x2700063D) Process/tools NetType/WIFI Language/zh_CN

[ 2019-09-09T17:05:34+08:00 ] 60.183.157.97 GET xxx.com/oauth_callback?code=071rAa0e26wSZF0prOZd2B5TZd2rAa0V&state=f7de6c8f85218eb84b91c724944935b1 [ error ] Mozilla/5.0 (Linux; Android 7.1.1; OPPO R11t Build/NMF26X; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044904 Mobile Safari/537.36 MMWEBID/3783 MicroMessenger/7.0.6.1500(0x2700063D) Process/tools NetType/WIFI Language/zh_CN

[ 2019-09-09T17:05:34+08:00 ] 223.104.91.140 GET xxx.com/oauth_callback?code=011eKxck02l08p1szVbk0FQhck0eKxcQ&state=ada6a75479a0792790ecdc080585f4e2 [ error ] Mozilla/5.0 (iPhone; CPU iPhone OS 10_3_3 like Mac OS X) AppleWebKit/603.3.8 (KHTML, like Gecko) Mobile/14G60 MicroMessenger/6.7.2 NetType/4G Language/zh_CN

[ 2019-09-09T17:05:37+08:00 ] 110.54.211.165 GET xxx.com/oauth_callback?code=0812qFZD0lAIpj20O2ZD0AltZD02qFZK&state=aff11b8e63893b5410655bd60258b75f [ error ] Mozilla/5.0 (iPhone; CPU iPhone OS 12_1_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/16D57 MicroMessenger/7.0.5(0x17000523) NetType/4G Language/zh_CN

[ 2019-09-09T17:05:37+08:00 ] 219.140.46.240 POST xxx.com/buy [ error ] Mozilla/5.0 (iPhone; CPU iPhone OS 12_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/7.0.5(0x17000523) NetType/WIFI Language/zh_CN

[ 2019-09-09T17:05:43+08:00 ] 157.255.14.14 GET xxx.com/oauth_callback?code=001jrfpX1n0w811JUymX1ZrgpX1jrfp1&state=782923239ef8d957cbad771d1279a9ef [ error ] Mozilla/5.0 (Linux; Android 8.0.0; RNE-AL00 Build/HUAWEIRNE-AL00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044904 Mobile Safari/537.36 MMWEBID/1187 MicroMessenger/7.0.6.1460(0x27000634) Process/tools NetType/WIFI Language/zh_CN

[ 2019-09-09T17:05:53+08:00 ] 223.104.6.94 GET xxx.com/oauth_callback?code=011hcudl2ho4fD0m1bcl2t2Idl2hcud6&state=bef28c56970f7862d70ab2fc07adb7aa [ error ] Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15G77 MicroMessenger/7.0.5(0x17000523) NetType/4G Language/zh_CN

[ 2019-09-09T17:05:53+08:00 ] 118.77.31.206 GET xxx.com/oauth_callback?code=011MVqeW0eg0b12RjycW0paieW0MVqeo&state=bef28c56970f7862d70ab2fc07adb7aa [ error ] Mozilla/5.0 (iPhone; CPU iPhone OS 12_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/7.0.5(0x17000523) NetType/WIFI Language/zh_CN

[ 2019-09-09T17:05:58+08:00 ] 117.136.40.16 GET xxx.com/oauth_callback?code=011PIxBz0EXI8d1pHSBz0NrpBz0PIxBr&state=1e0f0f8b557214f5e80adbb30383196b [ error ] Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/16A366 MicroMessenger/7.0.2(0x17000222) NetType/4G Language/zh_CN

[mingyoung]

markdown 使用说明： https://guides.github.com/features/mastering-markdown/

Mastering Markdown · GitHub Guides

[mingyoung]

注意审题……🌚

[kl521516]

下面是code been used的日志，无code的user-agent日志我重新记录一下

[ 2019-09-09T22:02:36+08:00 ] 112.64.237.223 GET xxx.com/oauth_callback?code=0813MOn41h4eXS1QCUn41R9Pn413MOnz&state=9ffdf52664a1501c12c04af3f36103a8

[ error ] Mozilla/5.0 (Linux; Android 9; COL-AL10 Build/HUAWEICOL-AL10; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044904 Mobile Safari/537.36 MMWEBID/1311 MicroMessenger/7.0.6.1460(0x27000634) Process/tools NetType/WIFI Language/zh_CN

[ error ] [-1]Authorize Failed: {"errcode":40163,"errmsg":"code been used, hints: [ req_id: AKeer6yFe-rn6LJA ]"}

---

[ 2019-09-09T22:02:37+08:00 ] 124.23.133.61 GET xxx.com/oauth_callback?code=0813MOn41h4eXS1QCUn41R9Pn413MOnz&state=9ffdf52664a1501c12c04af3f36103a8

[ error ] Mozilla/5.0 (Linux; Android 9; COL-AL10 Build/HUAWEICOL-AL10; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044904 Mobile Safari/537.36 MMWEBID/1311 MicroMessenger/7.0.6.1460(0x27000634) Process/tools NetType/WIFI Language/zh_CN

[ error ] [-1]Authorize Failed: {"errcode":40163,"errmsg":"code been used, hints: [ req_id: AKee67aLRa-501kCa ]"}

[kl521516]

missing code的user-agent日志看着正常

[ 2019-09-10T09:37:31+08:00 ] 101.227.139.164 GET xxx.com/oauth_callback

[ error ] Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML; like Gecko) Mobile/12F70 MicroMessenger/6.1.5 NetType/WIFI

[ error ] [-1]Authorize Failed: {"errcode":41008,"errmsg":"missing code, hints: [ reqid: seEegawgE-cl4p ]"}

[overtrue]

没有 code 就跳过授权就好了

[kl521516]

为什么会出现没有code的情况，用户只有授权了都会跳转到oauth_callback这个请求上

现在是两个问题，一个是code been used，另一个是missing code，为什么只有一部分人会出现这种情况

[overtrue]

@kl521516 只有两种原因:

1. 你的程序有 bug，跳转逻辑有坑，用户可能点了返回？
2. 用户故意访问这个地址

别忘记了除了用户还有黑客存在。

[kl521516]

1、我们分别用了多个手机测试点击返回，都没有出现这个错误日志

2、oauth_callback只是去获取用户的头像和昵称，攻击的必要不大；普通用户也无法知道这个链接；日志中显示的ip和时间也没有规律，看起来像是正常的用户访问

3、我们一个项目中因为业务需求，同时用了三个域名和三个公众号的appid和secret，会不会是easywechat框架只考虑一个域名和一个appid的情况下对access_token的缓存，从而导致其它appid调用微信接口时出了问题

//根据域名进行微信公众号配置 if (Request::domain()=='https://aaa.com' || Request::domain()=='http://aaa.com') { $this->config_wechat = [ 'app_id' => Config::get('aaa.app_id'), 'secret' => Config::get('aaa.secret'), 'oauth' => [ 'scopes' => ['snsapi_base'], 'callback' => '/oauth_callback', ], ]; } elseif (Request::domain()=='https://bbb.com' || Request::domain()=='http://bbb.com') { $this->config_wechat = [ 'app_id' => Config::get('bbb.app_id'), 'secret' => Config::get('bbb.secret'), 'oauth' => [ 'scopes' => ['snsapi_base'], 'callback' => '/oauth_callback', ], ]; } elseif (Request::domain()=='https://ccc.com' || Request::domain()=='http://ccc.com') { $this->config_wechat = [ 'app_id' => Config::get('ccc.app_id'), 'secret' => Config::get('ccc.secret'), 'oauth' => [ 'scopes' => ['snsapi_base'], 'callback' => '/oauth_callback', ], ]; }

$app = Factory::officialAccount($this->config_wechat);

[overtrue]

1. 如果是 SDK bug 麻烦找到重现方法
2. 你认为没必要不代表黑客没必要
3. SDK 对多账号支持没问题

xiaolin notifications@github.com于2019年9月11日 周三下午1:26写道：

1、我们分别用了多个手机测试点击返回，都没有出现这个错误日志

2、oauth_callback只是去获取用户的头像和昵称，攻击的必要不大；普通用户也无法知道这个链接；日志中显示的ip和时间也没有规律，看起来像是正常的用户访问

3、我们一个项目中因为业务需求，同时用了三个域名和三个公众号的appid和secret，会不会是easywechat框架只考虑一个域名和一个appid的情况下对access_token的缓存，从而导致其它appid调用微信接口时出了问题

//根据域名进行微信公众号配置 if (Request::domain()=='https://aaa.com' || Request::domain()==' http://aaa.com') { $this->config_wechat = [ 'app_id' => Config::get('aaa.app_id'), 'secret' => Config::get('aaa.secret'), 'oauth' => [ 'scopes' => ['snsapi_base'], 'callback' => '/oauth_callback', ], ]; } elseif (Request::domain()=='https://bbb.com' || Request::domain()==' http://bbb.com') { $this->config_wechat = [ 'app_id' => Config::get('bbb.app_id'), 'secret' => Config::get('bbb.secret'), 'oauth' => [ 'scopes' => ['snsapi_base'], 'callback' => '/oauth_callback', ], ]; } elseif (Request::domain()=='https://ccc.com' || Request::domain()==' http://ccc.com') { $this->config_wechat = [ 'app_id' => Config::get('ccc.app_id'), 'secret' => Config::get('ccc.secret'), 'oauth' => [ 'scopes' => ['snsapi_base'], 'callback' => '/oauth_callback', ], ]; }

$app = Factory::officialAccount($this->config_wechat);

— You are receiving this because you modified the open/close state.

Reply to this email directly, view it on GitHub https://github.com/overtrue/wechat/issues/1677?email_source=notifications&email_token=AALHOYHOUV5X4Y4CCW6KRULQJB6QDA5CNFSM4ITM3RX2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD6NJPJQ#issuecomment-530225062, or mute the thread https://github.com/notifications/unsubscribe-auth/AALHOYAJ42OJ6XTFT7VT5TLQJB6QDANCNFSM4ITM3RXQ .