search

wechaty / puppet-official-account

Wechaty Puppet for WeChat Official Account
https://wechaty.js.org/2020/11/06/wechaty-puppet-oa-released-en/
Apache License 2.0
16 stars 7 forks source link

enable accessTokenProxyUrl feature to support dynamc ip address #18

Closed wj-Mcat closed 3 years ago

wj-Mcat commented 3 years ago

Situation

When you deploy the puppet-official-account in cluster server, and it will kill and start a docker in a new host. So, the ip address will change, and it can fetch accessToken from tencent server. Because the tencent server require the ip address of the request must be in their white ip address which you can add a limited IP whitelist. But in this situation, you can't define the specific IP address. So, we should find a way to resolve it.

limitation

refer to: “获取access_token”接口新增IP白名单保护

There is a limit for getAccessToken method that the ip address of the request must be in their white ip address.

Solution

We can configure the accessTokenProxyUrl to fetch accessToken from a fix endpoint, which has a fix ip address. So, it will fix the above problem in a simple way.

Usage

1. set envrioment or configuration

export WECHATY_PUPPET_OA_ACCESS_TOKEN_PROXY=http://your-endpoint/

or

const puppetOaConfig: PuppetOAOptions = {
  appId: "",
  appSecret: "",
  token: "",
  accessTokenProxyUrl: "http://your-endpoint/"
}
const puppet = new PuppetOA(puppetOaConfig)

2. create your accessTokenProxyServer

You can create your AccessTokenProxyServer to help you fetch the accessToken and return it back to you.

The final getAccessToken action will request: http://your-endpoint/token?grant_type=client_credential&appid=${appId}&secret=${appSecret}.

If you don't want to create your AccessTokenProxyServer, you can use the support docker to deploy your service: https://github.com/wj-Mcat/official-account-access-token-center

huan commented 3 years ago

Thank you very much for the improvement, this PR is very valuable!