Delphi XE7 用indy开发微信公众平台（3）- 验证消息真实性

uses IdHashSHA, IdGlobal;

function SHA1(Input: String): String;
begin
  with TIdHashSHA1.Create do
    try
      Result := LowerCase(HashBytesAsHex(TidBytes(Bytesof(Input))));
    finally
      Free;
    end;
end;

function CheckSignature(ARequestInfo: TIdHTTPRequestInfo): boolean;
var
  signature, timestamp, nonce, echostr: String;
  tmpstr: TStringList;
  temp: String;
begin
  tmpstr := TStringList.Create;
  try
    signature := ARequestInfo.Params.Values[‘signature‘];
    timestamp := ARequestInfo.Params.Values[‘timestamp‘];
    nonce := ARequestInfo.Params.Values[‘nonce‘];

    echostr := ARequestInfo.Params.Values[‘echostr‘];
    tmpstr.Add(Token);
    tmpstr.Add(timestamp);
    tmpstr.Add(nonce);
    tmpstr.Sort;
    temp := StringReplace(tmpstr.text, #13#10, ‘‘, [rfReplaceAll]);
    Result := SHA1(temp) = signature;
  finally
    tmpstr.Free;
  end;
end;

procedure TForm1.IdHTTPServerCommandGet(AContext: TIdContext;
  ARequestInfo: TIdHTTPRequestInfo; AResponseInfo: TIdHTTPResponseInfo);
begin
  if CheckSignature(ARequestInfo) then
    if ARequestInfo.Params.Values[‘echostr‘] <> ‘‘ then
    begin
      AResponseInfo.ContentType := ‘text/html; charset=UTF-8‘;
      AResponseInfo.ContentText := ARequestInfo.Params.Values[‘echostr‘];
    end;
end;