Open wj-Mcat opened 3 years ago
I guess I need some time to understand the reason why we need to build a central place for accessToken because it makes things complicated.
Could you explain why the current design can not fulfill your requirements?
It makes things complicated, because it's a complicated things.
Problems:
wechaty-puppet-official-account
will be deployed at docker cluster server. If it is dead at sometimes, it will be deployed in another docker host machine which is choosed in a dynamic mode. So, when puppet-oa
fetches the accessToken
, white ip address will change and the tencent server will refuse the request because the ip address is not in white ip address list. So, how can we resolve this porblem ?
Solution:
As our consideration, all of the solution will try to keep an agent, which has the static ip address, fetching the accessToken.
- change the iptables to reroute all of the
tencent server
request. First, this will only change the network configurationt to fit our need, and will redirect all of the tencent request. Second, there will exist an agent to receive your rerouted request to help you do the job.
change the endpoint of updateAccessToken
. First, this will add some envrioment variables configuration and change one method in puppet-oa
, but the changes is tiny. Second, there wil exist an agent to receive your updateAccessToken
request and help you refresh the accessToken.
create forward proxy server to reroute your request to an agent. First, this should configure the nginx forward proxy server in every docker host machine which is a big work. Second, there also will exist an agent to helo you do your job.
So, after we weight it up, we will choose the second solution to help us resolve this problem. @huan how do you think about ?
I have two questions about our problem:
white list
? Is there possible to just disable it?How to set accessTokenProxyUrl
:
accessTokenProxyUrl
: https://api.weixin.qq.com/cgi-bin/
accessTokenProxyUrl:
http://ip-address:portor
http://url-of-your-host` then final request url will be: http://url-of-your-host/token?
White IP Addres will only work in
access_token
interface.And if the puppet is deployed at dynamic local subnet, there will be dynamic address which makes it difficult when setting white IP address. Of course, there are many solutions to resolve it, but we always find the easiest way:
If
refreshAccessToken
service can be customized into a center place which store and lazy refresh theaccess_token
, it will be easy to scale wechaty official-account.As my consideration, we can build a docker which serves as an
accessToken
center, andrefreshAccessToken
address can be customized by environment variables.@huan How do you think about ?