微信公众号 API 代理配置

解决本地 IP 变动及 VPN 导致的微信白名单验证失败问题。

本方案提供 Cloudflare Worker 或 PHP 服务器作为中转。请妥善保管你的代理服务地址，防止被他人滥用。

创建 Cloudflare Worker

登录 Cloudflare Dashboard。
在左侧菜单选择 Workers & Pages。
点击 Create Application → Create Worker。
为服务命名（例如：wechat-proxy），然后点击 Deploy。

部署代理代码

点击 Edit code，清空原有内容，粘贴以下代码并点击 Deploy：

export default {
  async fetch(request, env) {
    const MAX_UPLOAD_BYTES = 10 * 1024 * 1024;
    const ALLOWED_METHODS = new Set(['GET', 'POST', 'UPLOAD']);
    const corsHeaders = {
      'Access-Control-Allow-Origin': '*',
      'Access-Control-Allow-Methods': 'POST, OPTIONS',
      'Access-Control-Allow-Headers': 'Content-Type',
    };

    const jsonResponse = (payload, status = 200) =>
      new Response(JSON.stringify(payload), {
        status,
        headers: {
          ...corsHeaders,
          'Content-Type': 'application/json; charset=utf-8',
        },
      });

    const isAllowedWechatUrl = (rawUrl) => {
      try {
        const parsed = new URL(rawUrl);
        return parsed.protocol === 'https:' && parsed.hostname === 'api.weixin.qq.com';
      } catch {
        return false;
      }
    };

    const toUint8Array = (base64) => {
      const binary = atob(base64);
      const bytes = new Uint8Array(binary.length);
      for (let i = 0; i < binary.length; i++) {
        bytes[i] = binary.charCodeAt(i);
      }
      return bytes;
    };

    // 处理 CORS 预检请求
    if (request.method === 'OPTIONS') {
      return new Response(null, { headers: corsHeaders });
    }

    if (request.method !== 'POST') {
      return jsonResponse({ error: 'Method Not Allowed' }, 405);
    }

    try {
      const body = await request.json();
      const { url, method = 'GET', data, fileData, fileName, mimeType } = body;
      const normalizedMethod = String(method || 'GET').toUpperCase();
      
      // 安全校验：只允许访问微信 API
      if (typeof url !== 'string' || !isAllowedWechatUrl(url)) {
        return jsonResponse({ error: 'Invalid URL. Only https://api.weixin.qq.com/ is allowed.' }, 400);
      }

      if (!ALLOWED_METHODS.has(normalizedMethod)) {
        return jsonResponse({ error: 'Invalid method. Only GET, POST, and UPLOAD are allowed.' }, 400);
      }

      let response;
      if (normalizedMethod === 'UPLOAD') {
        if (typeof fileData !== 'string' || fileData.length === 0) {
          return jsonResponse({ error: 'Missing fileData for upload.' }, 400);
        }

        const approxBytes = Math.floor(fileData.length * 3 / 4);
        if (approxBytes > MAX_UPLOAD_BYTES) {
          return jsonResponse({ error: 'Upload too large. Maximum size is 10 MB.' }, 413);
        }

        const safeMimeType =
          typeof mimeType === 'string' && mimeType.startsWith('image/')
            ? mimeType
            : 'application/octet-stream';
        const safeFileName =
          typeof fileName === 'string' && /^[\w.\-]+$/.test(fileName)
            ? fileName
            : 'image';

        // 文件上传处理：Base64 -> Binary -> FormData
        const bytes = toUint8Array(fileData);
        const formData = new FormData();
        formData.append('media', new Blob([bytes], { type: safeMimeType }), safeFileName);
        response = await fetch(url, { method: 'POST', body: formData });
      } else {
        // 普通 JSON 请求
        const opts = { method: normalizedMethod };
        if (normalizedMethod === 'POST') {
          opts.headers = { 'Content-Type': 'application/json' };
          if (data !== undefined) opts.body = JSON.stringify(data);
        }
        response = await fetch(url, opts);
      }

      const responseText = await response.text();
      let result;
      try {
        result = responseText ? JSON.parse(responseText) : {};
      } catch {
        return jsonResponse({ error: 'Upstream returned a non-JSON response.' }, 502);
      }

      return jsonResponse(result, response.status);
    } catch (error) {
      return jsonResponse({ error: 'Proxy request failed.' }, 500);
    }
  }
};

配置微信白名单

登录微信公众号后台，在 基本配置 -> IP白名单 中添加 Cloudflare 的出口 IP 段。
以下是整理好的 IP 列表（每行一个，可直接复制粘贴）：

提示： Cloudflare IP 偶尔会有更新。若报错建议对照 Cloudflare 官方列表检查。

官方页面包含 IPv4 和 IPv6，请仅复制 IPv4 列表。

173.245.48.0/20
103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
141.101.64.0/18
108.162.192.0/18
190.93.240.0/20
188.114.96.0/20
197.234.240.0/22
198.41.128.0/17
162.158.0.0/15
104.16.0.0/13
104.24.0.0/14
172.64.0.0/13
131.0.72.0/22

* 数据来源：Cloudflare Official IPs

插件配置

回到 Obsidian 插件设置页面：

进入 高级设置
找到 API 代理地址 选项
填入你的 Worker URL，例如：
https://wechat-proxy.your-account.workers.dev

准备 PHP 环境

确保你的服务器已经安装了 PHP 8.0 或以上版本。
确认启用了 PHP cURL 扩展。
服务器的公网 IP 必须是固定的，或者是你能够绑定到微信公众平台白名单中的 IP。

部署代理代码

在你的网站目录下创建一个 wechat-proxy.php 文件，粘贴以下代码：

<?php
declare(strict_types=1);

const MAX_UPLOAD_BYTES = 10 * 1024 * 1024; // 10 MB
const ALLOWED_HOST = 'api.weixin.qq.com';
// 如果你想加简单鉴权，可取消注释并设置一个随机字符串
// const PROXY_TOKEN = 'replace-with-a-long-random-string';

function sendJson(array $payload, int $status = 200): never {
    header('Access-Control-Allow-Origin: *');
    header('Access-Control-Allow-Methods: POST, OPTIONS');
    header('Access-Control-Allow-Headers: Content-Type, X-Proxy-Token');
    header('Content-Type: application/json; charset=utf-8');
    http_response_code($status);
    echo json_encode($payload, JSON_UNESCAPED_UNICODE);
    exit();
}

function getJsonBody(): array {
    $raw = file_get_contents('php://input');
    if ($raw === false || $raw === '') {
        sendJson(['error' => 'Empty request body.'], 400);
    }

    $data = json_decode($raw, true);
    if (!is_array($data)) {
        sendJson(['error' => 'Invalid JSON body.'], 400);
    }

    return $data;
}

function isAllowedWechatUrl($url): bool {
    if (!is_string($url) || $url === '') {
        return false;
    }

    $parts = parse_url($url);
    if (!is_array($parts)) {
        return false;
    }

    return ($parts['scheme'] ?? '') === 'https'
        && ($parts['host'] ?? '') === ALLOWED_HOST;
}

function createCurlHandle(string $url): CurlHandle {
    $ch = curl_init($url);
    curl_setopt_array($ch, [
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_CONNECTTIMEOUT => 10,
        CURLOPT_TIMEOUT => 60,
        CURLOPT_FOLLOWLOCATION => false,
        CURLOPT_SSL_VERIFYPEER => true,
        CURLOPT_SSL_VERIFYHOST => 2,
        CURLOPT_USERAGENT => 'obsidian-wechat-converter-proxy/1.0',
    ]);
    return $ch;
}

if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
    header('Access-Control-Allow-Origin: *');
    header('Access-Control-Allow-Methods: POST, OPTIONS');
    header('Access-Control-Allow-Headers: Content-Type, X-Proxy-Token');
    http_response_code(204);
    exit();
}

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    sendJson(['error' => 'Method Not Allowed'], 405);
}

// 可选鉴权
// $token = $_SERVER['HTTP_X_PROXY_TOKEN'] ?? '';
// if (!defined('PROXY_TOKEN') || !hash_equals(PROXY_TOKEN, $token)) {
//     sendJson(['error' => 'Unauthorized'], 401);
// }

$body = getJsonBody();

$url = $body['url'] ?? '';
$method = strtoupper((string)($body['method'] ?? 'GET'));
$data = $body['data'] ?? null;
$fileData = $body['fileData'] ?? null;
$fileName = $body['fileName'] ?? 'image';
$mimeType = $body['mimeType'] ?? 'application/octet-stream';

if (!isAllowedWechatUrl($url)) {
    sendJson(['error' => 'Invalid URL. Only https://api.weixin.qq.com/ is allowed.'], 400);
}

if (!in_array($method, ['GET', 'POST', 'UPLOAD'], true)) {
    sendJson(['error' => 'Invalid method. Only GET, POST, and UPLOAD are allowed.'], 400);
}

$tempFile = null;
$ch = null;

try {
    if ($method === 'UPLOAD') {
        if (!is_string($fileData) || $fileData === '') {
            sendJson(['error' => 'Missing fileData for upload.'], 400);
        }

        $approxBytes = (int) floor(strlen($fileData) * 3 / 4);
        if ($approxBytes > MAX_UPLOAD_BYTES) {
            sendJson(['error' => 'Upload too large. Maximum size is 10 MB.'], 413);
        }

        $binary = base64_decode($fileData, true);
        if ($binary === false) {
            sendJson(['error' => 'Invalid base64 fileData.'], 400);
        }

        $safeMimeType = is_string($mimeType) && str_starts_with($mimeType, 'image/')
            ? $mimeType
            : 'application/octet-stream';

        $safeFileName = is_string($fileName) && preg_match('/^[\w.\-]+$/', $fileName)
            ? $fileName
            : 'image';

        $tempFile = tempnam(sys_get_temp_dir(), 'wx_upload_');
        if ($tempFile === false) {
            throw new RuntimeException('Failed to create temp file.');
        }

        if (file_put_contents($tempFile, $binary) === false) {
            throw new RuntimeException('Failed to write temp file.');
        }

        $ch = createCurlHandle($url);
        curl_setopt($ch, CURLOPT_POST, true);
        curl_setopt($ch, CURLOPT_POSTFIELDS, [
            'media' => new CURLFile($tempFile, $safeMimeType, $safeFileName),
        ]);
    } else {
        $ch = createCurlHandle($url);
        curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);

        if ($method === 'POST') {
            $jsonBody = json_encode($data ?? new stdClass(), JSON_UNESCAPED_UNICODE);
            if ($jsonBody === false) {
                sendJson(['error' => 'Failed to encode JSON body.'], 400);
            }

            curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json']);
            curl_setopt($ch, CURLOPT_POSTFIELDS, $jsonBody);
        }
    }

    $responseBody = curl_exec($ch);
    if ($responseBody === false) {
        throw new RuntimeException('Upstream request failed.');
    }

    $httpCode = (int) curl_getinfo($ch, CURLINFO_HTTP_CODE);

    $result = json_decode($responseBody, true);
    if (!is_array($result)) {
        sendJson(['error' => 'Upstream returned a non-JSON response.'], 502);
    }

    sendJson($result, $httpCode > 0 ? $httpCode : 200);
} catch (Throwable $e) {
    sendJson(['error' => 'Proxy request failed.'], 500);
} finally {
    if ($ch instanceof CurlHandle) {
        curl_close($ch);
    }
    if (is_string($tempFile) && is_file($tempFile)) {
        @unlink($tempFile);
    }
}

配置微信白名单

登录微信公众号后台，在 基本配置 -> IP白名单 中添加你部署该 PHP 文件的服务器的出口 IP。

插件配置

回到 Obsidian 插件设置页面：

进入 高级设置
找到 API 代理地址 选项
填入你刚才部署的 PHP 文件的公共访问 URL，例如：
https://your-domain.com/wechat-proxy.php

Generated for Obsidian WeChat Plugin