修正了安全问题，不暴露openid

app/api/mobile/api.rb

@@ -23,6 +23,7 @@ module Mobile
     version 'v1', using: :path
     format :json
     content_type :json, "application/json;charset=UTF-8"
+    use ActionDispatch::Session::CookieStore
     use Mobile::Middleware::ErrorHandler
 
     helpers do
@@ -34,6 +35,10 @@ module Mobile
         raise('Unauthorized. 用户认证失败.') unless current_user
       end
 
+      def session
+        env['rack.session']
+      end
+
       def current_user
         openid = params[:openid]
         if openid

app/api/mobile/apis/users.rb

@@ -23,10 +23,10 @@ module Mobile
         params do
           requires :login, type: String, desc: 'username'
           requires :password, type: String, desc: 'password'
-          requires :openid, type: String, desc: 'wechat openid'
         end
         post 'wxbind' do
-            openid = params[:openid]
+            openid = session[:wechat_openid]
+            logger.debug "openid ============== #{openid}"
             raise "无法获取到openid,请在微信中打开本页面" unless openid
             uw = UserWechat.where(openid: openid).first
             raise "此微信号已绑定用户(#{uw.user.login}), 不能重复绑定" if uw

app/controllers/wechats_controller.rb

@@ -191,14 +191,22 @@ class WechatsController < ActionController::Base
 
   ###  controller method
   module Controllers
-    def get_open_id
+    def get_bind
       begin
-
         code = params[:code] || session[:wechat_code]
         openid = get_openid_from_code(code)
 
         raise "无法获取到微信openid" unless openid
-        render :json => {status:0, openid: openid}
+
+        uw = UserWechat.where(openid: openid).first
+        raise "还未绑定trustie帐户" unless uw
+        logger.debug "get_bind ============= #{uw}"
+
+        user = uw.user
+        ::ApiKey.delete_all(user_id: user.id)
+        key = ::ApiKey.create!(user_id: user.id)
+
+        render :json =>{status: 0, token: key.access_token}
       rescue Exception=>e
         render :json => {status: -1, message: e.message}
       end
@@ -240,21 +248,20 @@ class WechatsController < ActionController::Base
     end
 
     def user_activities
-      # session[:wechat_code] = params[:code] if params[:code]
-      # code = params[:code] || session[:wechat_code]
-      # openid = get_openid_from_code(code)
-      # @wechat_user = user_binded?(openid)
-      # unless @wechat_user
-      #   redirect_to login_wechat_path
-      #   return
-      # end
       session[:wechat_code] = params[:code] if params[:code]
-      @code = params[:code] || session[:wechat_code]
+      @path = '/'+(params[:state] || '')
+      open_id = get_openid_from_code(params[:code]) rescue
+      unless open_id
+        render 'wechats/open_wechat', layout: nil and return
+      end
+      session[:wechat_openid] = open_id
       render 'wechats/user_activities', layout: nil
     end
 
+
     private
     def get_openid_from_code(code)
+      return 'oCnvgvz8R7QheXE-R9Kkr39j8Ndg' if code =='only-for-test'
       openid = session[:wechat_openid]
 
       unless openid

app/views/wechats/open_wechat.html.erb

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=0">
+</head>
+<body>
+<script type="text/javascript">
+    var ua = navigator.userAgent.toLowerCase();
+    var isWeixin = ua.indexOf('micromessenger') != -1;
+    var isAndroid = ua.indexOf('android') != -1;
+    var isIos = (ua.indexOf('iphone') != -1) || (ua.indexOf('ipad') != -1);
+    if (!isWeixin) {
+        document.head.innerHTML = '<title>抱歉，出错了</title><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=0"><link rel="stylesheet" type="text/css" href="https://res.wx.qq.com/connect/zh_CN/htmledition/style/wap_err1a9853.css">';
+        document.body.innerHTML = '<div class="page_msg"><div class="inner"><span class="msg_icon_wrp"><i class="icon80_smile"></i></span><div class="msg_content"><h4>请在微信客户端打开链接</h4></div></div></div>';
+    }
+</script>
+</body>
+</html>

app/views/wechats/user_activities.html.erb

@@ -13,9 +13,9 @@
   <link type="text/css" rel="stylesheet" href="/stylesheets/weui/weixin.css" />
 
   <script type="text/javascript">
-    window.g_code = '<%= @code %>';
     window.g_debug = false; //调试标志,如果在本地请置为true
     window.apiUrl = '/api/v1/';
+    window.g_redirect_path = '<%= @path %>';
   </script>
 
 </head>
@@ -26,6 +26,24 @@
 <script src="https://dn-demotest.qbox.me/angular.all.min.js"></script>
 <!--<script src="/javascripts/wechat/build/angular.all.min.js"></script>-->
 <script src="/javascripts/wechat/build/app.min.js"></script>
+<!--<script src="/javascripts/wechat/app.js"></script>-->
+<!--<script src="/javascripts/wechat/others/factory.js"></script>-->
+<!--<script src="/javascripts/wechat/others/filter.js"></script>-->
+<!--<script src="/javascripts/wechat/directives/alert.js"></script>-->
+<!--<script src="/javascripts/wechat/directives/form_validate.js"></script>-->
+<!--<script src="/javascripts/wechat/directives/input_auto.js"></script>-->
+<!--<script src="/javascripts/wechat/directives/loading_spinner.js"></script>-->
+<!--<script src="/javascripts/wechat/controllers/reg.js"></script>-->
+<!--<script src="/javascripts/wechat/controllers/login.js"></script>-->
+<!--<script src="/javascripts/wechat/controllers/activity.js"></script>-->
+<!--<script src="/javascripts/wechat/controllers/add_class.js"></script>-->
+<!--<script src="/javascripts/wechat/controllers/blog.js"></script>-->
+<!--<script src="/javascripts/wechat/controllers/course_notice.js"></script>-->
+<!--<script src="/javascripts/wechat/controllers/discussion.js"></script>-->
+<!--<script src="/javascripts/wechat/controllers/homework.js"></script>-->
+<!--<script src="/javascripts/wechat/controllers/issue.js"></script>-->
+<!--<script src="/javascripts/wechat/controllers/journals.js"></script>-->
+<!--<script src="/javascripts/wechat/others/routes.js"></script>-->
 </body>
 
 </html>

config/routes.rb

@@ -1249,7 +1249,7 @@ RedmineApp::Application.routes.draw do
       get :login
       get :user_activities
       post :bind
-      post :get_open_id
+      post :get_bind
     end
   end
 

public/javascripts/wechat/app.js

@@ -8,6 +8,12 @@ app.constant('config', {
 
 
 app.run(['$rootScope', 'auth', '$location', '$routeParams', function($rootScope, auth, $location, $routeParams){
+
+    if(g_redirect_path && g_redirect_path.length>0){
+        $location.path(g_redirect_path);
+        g_redirect_path = null;
+    }
+
     $rootScope.$on('$routeChangeError', function(event, next, current){
 
         if(next && next.templateUrl){
@@ -18,11 +24,6 @@ app.run(['$rootScope', 'auth', '$location', '$routeParams', function($rootScope,
     });
 
     $rootScope.$on('$routeChangeStart', function(event, next, current){
-        console.log($routeParams);
-        if(next && next.templateUrl){
-            if(!next.templateUrl.endsWith("login.html") && !next.templateUrl.endsWith("reg.html")){
-            }
-        }
     });
 }
 ]);

public/javascripts/wechat/controllers/activity.js

@@ -39,13 +39,7 @@ app.controller('ActivityController',
     };
 
     if($scope.activities.length<=0){
-        auth.isBind().then(
-            function(){
-                $scope.loadActData(0);
-            }, function errorCallback(response) {
-                $scope.alertService.showMessage("获取token出错",response);
-            }
-        );
+        $scope.loadActData(0);
     } else {
         $timeout(function(){
             window.scrollTo(0, rms.get("yoffset"));

public/javascripts/wechat/controllers/login.js

@@ -1,6 +1,6 @@
 app.controller('LoginController', ['$scope', '$http', '$location', '$routeParams', 'alertService', 'config','auth','session',
     function ($scope, $http, $location, $routeParams, alertService, config, auth,session) {
-        if(auth.isBind().then(function(){
+        if(auth.get_bind().then(function(){
                 $location.path("/activities");
          }));
 
@@ -24,13 +24,9 @@ app.controller('LoginController', ['$scope', '$http', '$location', '$routeParams
 
             console.log(apiUrl + "auth");
 
-            auth.openid().then(
-                function(openid){
-                    return $http.post(
-                        config.apiUrl + "users/wxbind",
-                        {login: user.login, password: user.password, openid: openid}
-                    );
-                }
+            $http.post(
+                config.apiUrl + "users/wxbind",
+                {login: user.login, password: user.password}
             ).then(
                 function(response) {
                     console.log(response.data);

public/javascripts/wechat/others/factory.js

@@ -29,16 +29,6 @@ app.factory('alertService', function(){
 
 
 app.factory('auth', ['$http','$routeParams', '$q', 'session', 'config',function($http,$routeParams, $q, session,config){
-    var _openid = '';
-
-    if(typeof g_openid !== 'undefined'){
-        _openid = g_openid;
-    }
-
-    if(!_openid){
-        _openid = session.get("openid");
-    }
-
     //是否已经绑定
     var isBind = function(){
         var defer = $q.defer();
@@ -47,12 +37,11 @@ app.factory('auth', ['$http','$routeParams', '$q', 'session', 'config',function(
         if(token && token.length>10){
             defer.resolve(token);
         } else {
-            getOpenId().then(function(openid){
-                return $http.post(
-                    config.apiUrl+ 'users/isbind',
-                    {openid: openid}
-                )
-            }).then(function(response){
+            var code = window.g_code || $routeParams.code || session.get("code");
+            $http.post(
+                '/wechat/get_bind',
+                {}  ///不用传code了,都由服务器来处理
+            ).then(function(response){
                 if(response.data.status!=0){
                     defer.reject(response.data.message);
                 }else {
@@ -67,38 +56,10 @@ app.factory('auth', ['$http','$routeParams', '$q', 'session', 'config',function(
         return defer.promise;
     }
 
-    var getOpenId = function() {
-        var deferred = $q.defer();
-        console.log(_openid);
-        if (typeof _openid !== 'undefined' && _openid && _openid.length > 0){
-            deferred.resolve(_openid);
-        } else {
-            var code = window.g_code || $routeParams.code || session.get("code");
-            $http({
-                url: '/wechat/get_open_id',
-                data: {code: code},
-                method: 'POST'
-            }).then(function successCallback(response) {
-                if(response.data.status != 0){
-                    deferred.reject(response.data.message);
-                } else{
-                    _openid = response.data.openid;
-                    //session.save("openid", _openid);
-                    deferred.resolve(_openid);
-                }
-            }, function errorCallback(response) {
-                deferred.reject(response);
-            });
-        }
-        return deferred.promise;
-    };
-    var openid = function(){
-        return _openid;
-    };
     var getToken = function(){
         return session.get("token");
     }
-    return {isBind: isBind, token: getToken, openid: getOpenId};
+    return {get_bind: isBind, token: getToken};
 }]);
 
 app.factory("session", function(){

public/javascripts/wechat/others/routes.js

@@ -2,7 +2,7 @@ app.config(['$routeProvider',"$httpProvider", "$locationProvider",'config', func
     var rootPath = config.rootPath;
     var resolve = {
         delay: ['auth',function(auth){
-            return auth.isBind();
+            return auth.get_bind();
         }]
     };
     var makeRoute = function(path, ctrl){