Open
Conversation
- 在WxCpServiceApacheHttpClientImpl中实现getMsgAuditAccessToken方法 - 在WxCpServiceHttpComponentsImpl中实现getMsgAuditAccessToken方法 - 在WxCpServiceOkHttpImpl中实现getMsgAuditAccessToken方法,使用try-with-resources正确关闭Response - 在WxCpServiceJoddHttpImpl中实现getMsgAuditAccessToken方法 所有实现遵循以下设计: - 使用Lock机制和双重检查确保线程安全 - 使用会话存档secret(msgAuditSecret)获取access token - 将token存储到updateMsgAuditAccessToken() - 当msgAuditSecret未配置时抛出WxErrorException - 保持各实现类原有的HTTP客户端使用风格和代理支持 新增单元测试WxCpServiceGetMsgAuditAccessTokenTest验证实现正确性, 包括正常场景和异常场景(secret未配置或为空)的测试。
Co-authored-by: binarywang <1343140+binarywang@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Fix session archive bug in weixin-java-cp 4.8.0
修复会话存档API使用错误secret导致权限异常的问题
Jan 26, 2026
🤖 Augment PR SummarySummary: 本 PR 修复企业微信“会话存档”相关接口错误使用应用 secret 获取 access_token,导致调用返回“无权限”的问题。 Changes:
Technical Notes: 会话存档 token 与普通 token 分离管理,默认实现采用“双重检查 + 显式锁”避免重复刷新,并沿用“预留 200 秒”提前过期策略。 🤖 Was this summary useful? React with 👍 or 👎 |
![augmentcode[bot]](https://avatars.githubusercontent.com/in/1027498?s=60&v=4){kind=small}
| } | ||
| String responseContent = this.cpService.post(apiUrl, jsonObject.toString()); | ||
| // 使用不自动添加access token的post方法 | ||
| String responseContent = this.cpService.postWithoutToken(urlWithToken, jsonObject.toString()); |
There was a problem hiding this comment.
这里通过 postWithoutToken + 手动拼接 access_token 绕开了 BaseWxCpServiceImpl.execute(...) 的 token 失效自动刷新/重试逻辑;如果会话存档 token 被提前失效(未到本地过期时间),这些接口可能会直接失败而不会触发刷新。
Other Locations
weixin-java-cp/src/main/java/me/chanjar/weixin/cp/api/impl/WxCpMsgAuditServiceImpl.java:328weixin-java-cp/src/main/java/me/chanjar/weixin/cp/api/impl/WxCpMsgAuditServiceImpl.java:341
🤖 Was this useful? React with 👍 or 👎
| try (Response response = client.newCall(request).execute()) { | ||
| resultContent = response.body().string(); | ||
| } catch (IOException e) { | ||
| log.error(e.getMessage(), e); |
There was a problem hiding this comment.
这里捕获 IOException 只记录日志但继续向下执行,resultContent 可能为 null(或不完整),随后 WxError.fromJson(resultContent, ...) 可能触发 NPE/解析异常并掩盖真实网络错误。
🤖 Was this useful? React with 👍 or 👎
|
|
||
| @Override | ||
| public Lock getMsgAuditAccessTokenLock() { | ||
| return null; |
There was a problem hiding this comment.
getMsgAuditAccessTokenLock() 返回 null 会导致各个 getMsgAuditAccessToken(...) 实现里 lock.lock() 直接 NPE;这会让 Redis 配置下的会话存档能力以“空指针”方式失败而不是可识别的异常。
🤖 Was this useful? React with 👍 or 👎
| // 创建一个模拟实现,不实际调用HTTP请求 | ||
| WxCpServiceApacheHttpClientImpl service = new WxCpServiceApacheHttpClientImpl() { | ||
| @Override | ||
| public String getMsgAuditAccessToken(boolean forceRefresh) throws WxErrorException { |
There was a problem hiding this comment.
这个测试通过匿名子类覆写了 getMsgAuditAccessToken(...) 本身,因此不会覆盖生产实现里的加锁/HTTP 获取/写回 configStorage 等关键逻辑,可能难以捕获后续回归。
🤖 Was this useful? React with 👍 or 👎
There was a problem hiding this comment.
Pull request overview
本 PR 旨在修复企业微信会话存档相关 API 误用应用 secret 获取 access token 导致的权限错误问题,并为会话存档单独引入一套 access token 生命周期管理与调用链路。
Changes:
- 在配置层(
WxCpConfigStorage及其实现)增加会话存档专用 access token 的存取、过期判断与锁管理接口与实现(内存版完整实现,老的 Redis 直连版仅加了存根)。 - 在服务层(
WxCpService各种 HTTP 实现类)新增getMsgAuditAccessToken(boolean),通过会话存档 secret 调用GET_TOKEN获取独立 token,并使用锁+双重检查避免并发重复刷新。 - 在业务层会话存档服务实现中,将
getPermitUserList/getGroupChat/checkSingleAgree改为使用新的会话存档 access token,并通过postWithoutToken手工拼接access_token,同时新增若干单测用例(但目前对新逻辑的覆盖有限)。
Reviewed changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| weixin-java-cp/src/test/java/me/chanjar/weixin/cp/api/impl/WxCpServiceGetMsgAuditAccessTokenTest.java | 新增会话存档 access token 相关测试类,但当前主要通过覆写方法做“假实现”,实际没有覆盖生产实现的逻辑路径。 |
| weixin-java-cp/src/test/java/me/chanjar/weixin/cp/api/impl/BaseWxCpServiceImplTest.java | 为匿名子类补齐 getMsgAuditAccessToken 实现,以适配 WxCpService 新增方法。 |
| weixin-java-cp/src/main/java/me/chanjar/weixin/cp/config/impl/WxCpRedisConfigImpl.java | 为旧版 Redis 配置实现新增会话存档 access token 相关接口的存根实现,但 getMsgAuditAccessTokenLock 目前返回 null,会导致调用方 NPE。 |
| weixin-java-cp/src/main/java/me/chanjar/weixin/cp/config/impl/WxCpDefaultConfigImpl.java | 在默认内存配置中新增会话存档 access token 字段、过期时间与 ReentrantLock,并实现过期判断与更新逻辑。 |
| weixin-java-cp/src/main/java/me/chanjar/weixin/cp/config/WxCpConfigStorage.java | 扩展配置存储接口,增加会话存档 access token 相关 get/lock/expire/update 方法。 |
| weixin-java-cp/src/main/java/me/chanjar/weixin/cp/api/impl/WxCpServiceOkHttpImpl.java | 基于 OkHttp 的实现增加 getMsgAuditAccessToken,使用 msgAuditSecret 请求 GET_TOKEN,并在本地锁下进行双重检查与 token 更新。 |
| weixin-java-cp/src/main/java/me/chanjar/weixin/cp/api/impl/WxCpServiceJoddHttpImpl.java | 基于 Jodd HTTP 的实现增加 getMsgAuditAccessToken,通过 HttpRequest + HttpResponse 获取并更新会话存档 access token。 |
| weixin-java-cp/src/main/java/me/chanjar/weixin/cp/api/impl/WxCpServiceImpl.java | 默认(带分布式锁适配)的 Apache HttpClient 实现增加 getMsgAuditAccessToken,沿用已有 access token 刷新模式和锁策略。 |
| weixin-java-cp/src/main/java/me/chanjar/weixin/cp/api/impl/WxCpServiceHttpComponentsImpl.java | 基于 HttpComponents5 的实现增加 getMsgAuditAccessToken,在代理配置下调用 GET_TOKEN 并更新 msgAudit access token。 |
| weixin-java-cp/src/main/java/me/chanjar/weixin/cp/api/impl/WxCpServiceApacheHttpClientImpl.java | 基于 Apache HttpClient4 的实现增加 getMsgAuditAccessToken,与默认实现保持一致的刷新和异常处理逻辑。 |
| weixin-java-cp/src/main/java/me/chanjar/weixin/cp/api/impl/WxCpMsgAuditServiceImpl.java | 会话存档业务方法改为通过 getMsgAuditAccessToken 获取专用 token,并使用 postWithoutToken+手动拼接 access_token 调用相关 API。 |
| weixin-java-cp/src/main/java/me/chanjar/weixin/cp/api/WxCpService.java | 在服务接口层新增 getMsgAuditAccessToken(boolean forceRefresh),作为会话存档专用 access token 的统一入口。 |
...va-cp/src/test/java/me/chanjar/weixin/cp/api/impl/WxCpServiceGetMsgAuditAccessTokenTest.java
Outdated
Show resolved
Hide resolved
weixin-java-cp/src/main/java/me/chanjar/weixin/cp/config/impl/WxCpRedisConfigImpl.java
Outdated
Show resolved
Hide resolved
Owner
|
@copilot apply changes based on the comments in this thread |
Co-authored-by: binarywang <1343140+binarywang@users.noreply.github.com>
Co-authored-by: binarywang <1343140+binarywang@users.noreply.github.com>
Co-authored-by: binarywang <1343140+binarywang@users.noreply.github.com>
Co-authored-by: binarywang <1343140+binarywang@users.noreply.github.com>
Co-authored-by: binarywang <1343140+binarywang@users.noreply.github.com>
Co-authored-by: binarywang <1343140+binarywang@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
修复会话存档 API 使用错误 secret 的问题
问题分析
实施计划
代码审查反馈修复
已全面处理所有代码审查反馈:
WxCpRedisConfigImpl中getMsgAuditAccessTokenLock()返回 null 导致的 NPE 问题验证
使用示例
注意事项
对于使用
WxCpRedisConfigImpl的用户,在多实例部署场景下,建议自行实现分布式锁机制(如使用 Redisson 或 Spring Integration 提供的 Redis 分布式锁)或使用其他支持分布式的配置存储实现。Original prompt
💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.