接收并处理事件
事件推送逻辑
推送加密事件
推送周期和频次
uuid 字段判断事件唯一性。event_id 字段判断事件唯一性。下面对事件结构进行了详细介绍。事件推送顺序
事件结构
v1.0 版本事件结构
ts 字段表示事件发送的时间,一般近似于事件发生的时间。uuid 字段是事件的唯一标识。token 字段即 Verification Token。event 结构体记录的是事件的详细信息,不同事件的信息不同。其中,通过 event.type 字段,可以判断事件类型。{
"ts": "1502199207.7171419",
"uuid": "bc447199585340d1f3728d26b1c0297a",
"token": "41a9425ea7df4536a7623e38fa321bae",
"type": "event_callback",
"event": {
"app_id": "cli_9c8609450f78d102",
"chat_id": "oc_26b66a5eb603162b849f91bcd8815b20",
"operator": {
"open_id": "ou_2d2c0399b53d06fd195bb393cd1e38f2",
"user_id": "gfa21d92"
},
"tenant_key": "736588c9260f175c",
"type": "p2p_chat_create",
"user": {
"name": "user_name",
"open_id": "ou_7dede290d6a27698b969a7fd70ca53da",
"user_id": "gfa21d92"
}
}
}v2.0 版本事件结构
schema 字段表示事件的版本。v1.0 版本的事件,无此字段。header.event_id 字段是事件的唯一标识。header.token 字段即 Verification Token。header.create_time 字段表示事件发送的时间,一般近似于事件发生的时间。header.event_type 字段表示事件类型。event 结构体记录的是事件的详细信息,不同事件的信息不同。{
"schema": "2.0",
"header": {
"event_id": "f7984f25108f8137722bb63cee927e66",
"token": "066zT6pS4QCbgj5Do145GfDbbagCHGgF",
"create_time": "1603977298000000",
"event_type": "contact.user_group.created_v3",
"tenant_key": "xxxxxxx",
"app_id": "cli_xxxxxxxx",
},
"event":{
}
}事件处理方法
安全校验
Verification Token 校验
签名校验
校验方式
1.
encrypt_key。encrypt_key。
2.
X-Lark-Request-Timestamp、X-Lark-Request-Nonce 与 encrypt_key 拼接后 按照 encode('utf-8') 编码得到 byte[] b1,再拼接上请求的原始 body, 得到一个 byte[] b。b 用 sha256 加密,得到字符串 s, 校验 s 是否和请求头 X-Lark-Signature 一致。示例代码
timestamp:对应请求头中的 X-Lark-Request-Timestamp。nonce:对应请求头中的 X-Lark-Request-Nonce。encrypt_key:从开发者后台获取的 Encrypt Key。有关 Encrypt Key 的详细介绍,可以参考(可选)配置 Encrypt Key。Python 3
import hashlib
bytes_b1 = (timestamp + nonce + encrypt_key).encode('utf-8')
bytes_b = bytes_b1 + body
h = hashlib.sha256(bytes_b)
signature = h.hexdigest()
# check if request headers['X-Lark-Signature'] equals to signatureJava
import org.apache.commons.codec.binary.Hex;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
class Main {
public String calculateSignature(String timestamp, String nonce, String encryptKey, String bodyString) throws NoSuchAlgorithmException {
StringBuilder content = new StringBuilder();
content.append(timestamp).append(nonce).append(encryptKey).append(bodyString);
MessageDigest alg = MessageDigest.getInstance("SHA-256");
String sign = Hex.encodeHexString(alg.digest(content.toString().getBytes()));
return sign;
}
}Golang
import (
"crypto/sha256"
"fmt"
)
func calculateSignature(timestamp, nonce, encryptKey, bodystring string) string {
var b strings.Builder
b.WriteString(timestamp)
b.WriteString(nonce)
b.WriteString(encryptKey)
b.WriteString(bodystring) //bodystring 指整个请求体,不要在反序列化后再计算
bs := []byte(b.String())
h := sha256.New()
h.Write(bs)
bs = h.Sum(nil)
sig := fmt.Sprintf("%x", bs)
return sig
}Node.js
var crypto = require('crypto');
function calculateSignature(timestamp, nonce, encryptKey, body) {
const content = timestamp + nonce + encryptKey + body
const sign = crypto.createHash('sha256').update(content).digest('hex');
return sign
}C#
using System.Security.Cryptography;
public static string calculateSignature(string timestamp, string nonce, string encryptKey, string body) {
StringBuilder content = new StringBuilder();
content.Append(timestamp);
content.Append(nonce);
content.Append(encryptKey);
content.Append(body);
SHA256 sha256 = new SHA256CryptoServiceProvider();
byte[] bytes_out = sha256.ComputeHash(Encoding.Default.GetBytes(content.ToString()));
string result = BitConverter.ToString(bytes_out);
result = result.Replace("-", "");
return result;
}PHP
<?php
$encrypt_key = ""; // 开放平台后台的 Encrypt Key
$timestamp = "";
$nonce = "";
$body = ""; // 指整个请求体,不要在反序列化后再计算
$signature = hash("sha256", $timestamp . $nonce . $encrypt_key . $body);
// check if request headers['X-Lark-Signature'] equals to signature 事件解密
加密原理
1.
Encrypt Key进行哈希得到密钥key。2.
3.
iv。4.
iv 和 key 对事件内容加密得到 encryped_event。5.
base64(iv+encryped_event)。示例代码
Python 3
import hashlib
import base64
from Crypto.Cipher import AES
class AESCipher(object):
def __init__(self, key):
self.bs = AES.block_size
self.key=hashlib.sha256(AESCipher.str_to_bytes(key)).digest()
@staticmethod
def str_to_bytes(data):
u_type = type(b"".decode('utf8'))
if isinstance(data, u_type):
return data.encode('utf8')
return data
@staticmethod
def _unpad(s):
return s[:-ord(s[len(s) - 1:])]
def decrypt(self, enc):
iv = enc[:AES.block_size]
cipher = AES.new(self.key, AES.MODE_CBC, iv)
return self._unpad(cipher.decrypt(enc[AES.block_size:]))
def decrypt_string(self, enc):
enc = base64.b64decode(enc)
return self.decrypt(enc).decode('utf8')
encrypt = "P37w+VZImNgPEO1RBhJ6RtKl7n6zymIbEG1pReEzghk="
cipher = AESCipher("test key")
print("明文:\n{}".format(cipher.decrypt_string(encrypt)))Java
package com.larksuite.oapi.sample;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
public class Decrypt {
public static void main(String[] args) throws Exception {
Decrypt d = new Decrypt("test key");
System.out.println(d.decrypt("P37w+VZImNgPEO1RBhJ6RtKl7n6zymIbEG1pReEzghk=")); //hello world
}
private byte[] keyBs;
public Decrypt(String key) {
MessageDigest digest = null;
try {
digest = MessageDigest.getInstance("SHA-256");
} catch (NoSuchAlgorithmException e) {
// won't happen
}
keyBs = digest.digest(key.getBytes(StandardCharsets.UTF_8));
}
public String decrypt(String base64) throws Exception {
byte[] decode = Base64.getDecoder().decode(base64);
Cipher cipher = Cipher.getInstance("AES/CBC/NOPADDING");
byte[] iv = new byte[16];
System.arraycopy(decode, 0, iv, 0, 16);
byte[] data = new byte[decode.length - 16];
System.arraycopy(decode, 16, data, 0, data.length);
cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(keyBs, "AES"), new IvParameterSpec(iv));
byte[] r = cipher.doFinal(data);
if (r.length > 0) {
int p = r.length - 1;
for (; p >= 0 && r[p] <= 16; p--) {
}
if (p != r.length - 1) {
byte[] rr = new byte[p + 1];
System.arraycopy(r, 0, rr, 0, p + 1);
r = rr;
}
}
return new String(r, StandardCharsets.UTF_8);
}
}Golang
package main
import (
"crypto/aes"
"crypto/cipher"
"crypto/sha256"
"encoding/base64"
"errors"
"fmt"
"strings"
)
func main() {
s, err := Decrypt("P37w+VZImNgPEO1RBhJ6RtKl7n6zymIbEG1pReEzghk=", "test key")
if err != nil {
panic(err)
}
fmt.Println(s) //hello world
}
func Decrypt(encrypt string, key string) (string, error) {
buf, err := base64.StdEncoding.DecodeString(encrypt)
if err != nil {
return "", fmt.Errorf("base64StdEncode Error[%v]", err)
}
if len(buf) < aes.BlockSize {
return "", errors.New("cipher too short")
}
keyBs := sha256.Sum256([]byte(key))
block, err := aes.NewCipher(keyBs[:sha256.Size])
if err != nil {
return "", fmt.Errorf("AESNewCipher Error[%v]", err)
}
iv := buf[:aes.BlockSize]
buf = buf[aes.BlockSize:]
// CBC mode always works in whole blocks.
if len(buf)%aes.BlockSize != 0 {
return "", errors.New("ciphertext is not a multiple of the block size")
}
mode := cipher.NewCBCDecrypter(block, iv)
mode.CryptBlocks(buf, buf)
n := strings.Index(string(buf), "{")
if n == -1 {
n = 0
}
m := strings.LastIndex(string(buf), "}")
if m == -1 {
m = len(buf) - 1
}
return string(buf[n : m+1]), nil
}Node.js
C#
using System;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
namespace decrypt
{
class AESCipher
{
const int BlockSize = 16;
private byte[] key;
public AESCipher(string key)
{
this.key = SHA256Hash(key);
}
public string DecryptString(string enc)
{
byte[] encBytes = Convert.FromBase64String(enc);
RijndaelManaged rijndaelManaged = new RijndaelManaged();
rijndaelManaged.Key = this.key;
rijndaelManaged.Mode = CipherMode.CBC;
rijndaelManaged.IV = encBytes.Take(BlockSize).ToArray();
ICryptoTransform transform = rijndaelManaged.CreateDecryptor();
byte[] blockBytes = transform.TransformFinalBlock(encBytes, BlockSize, encBytes.Length - BlockSize);
return System.Text.Encoding.UTF8.GetString(blockBytes);
}
public static byte[] SHA256Hash(string str)
{
byte[] bytes = Encoding.UTF8.GetBytes(str);
SHA256 shaManaged = new SHA256Managed();
return shaManaged.ComputeHash(bytes);
}
public static void Main(string[] args)
{
string encrypt = "P37w+VZImNgPEO1RBhJ6RtKl7n6zymIbEG1pReEzghk=";
AESCipher cipher = new AESCipher("test key");
Console.WriteLine(cipher.DecryptString(encrypt));
}
}
}PHP
<?php
$encrypt_data = ""; // 待解密的信息
$encrypt_key = ""; // 从开发者后台获取 Encrypt Key
$base64_decode_message = base64_decode($encrypt_data);
$iv = substr($base64_decode_message, 0, 16);
$encryped_event = substr($base64_decode_message, 16);
$decrypt = openssl_decrypt($encryped_event, 'AES-256-CBC', hash('sha256', $encrypt_key, true), OPENSSL_RAW_DATA, $iv);
print($decrypt);
// get the real event
扫码加入交流群