fix(wechatpay): 修复微信探测流量造成的运行时异常

src/Service/NotifyService.php

@@ -8,6 +8,7 @@ use think\facade\Log;
 use WeChatPay\Crypto\AesGcm;
 use WeChatPay\Crypto\Rsa;
 use WeChatPay\Formatter;
+use function SixShop\Core\throw_logic_exception;
 
 class NotifyService
 {
@@ -27,7 +28,7 @@ class NotifyService
         $serial = $headers['Wechatpay-Serial'] ?? ''; // 请根据实际情况获取
         $nonce = $headers['Wechatpay-Nonce'] ?? ''; // 请根据实际情况获取
 
-        $apiv3Key = $this->config->api_v3_key;
+        $apiV3Key = $this->config->api_v3_key;
         $platformPublicKeyInstance = str_starts_with($serial, 'PUB_KEY_ID_') ? $this->config->public_key : $this->config->platform_cert;
 
         $timeOffsetStatus = 300 >= abs(Formatter::timestamp() - (int)$timestamp);
@@ -40,14 +41,19 @@ class NotifyService
             $platformPublicKeyInstance
         );
         if (!$verifiedStatus) {
-            Log::warning('The signature is invalid. timestamp={timestamp} nonce={nonce} inBody={inBody} signature={signature} serial={serial}', [
-                'timestamp' => $timestamp,
-                'nonce' => $nonce,
-                'inBody' => $inBody,
-                'signature' => $signature,
-                'serial' => $serial,
-            ]);
-            throw new \RuntimeException('The signature is invalid.');
+            // 签名值中的 WECHATPAY/SIGNTEST/ 前缀快速判断是否为探测流量
+            if (str_starts_with($signature, 'WECHATPAY/SIGNTEST/')) {
+                throw_logic_exception('The signature is a probe traffic.');
+            } else {
+                Log::warning('The signature is invalid. timestamp={timestamp} nonce={nonce} inBody={inBody} signature={signature} serial={serial}', [
+                    'timestamp' => $timestamp,
+                    'nonce' => $nonce,
+                    'inBody' => $inBody,
+                    'signature' => $signature,
+                    'serial' => $serial,
+                ]);
+                throw new \RuntimeException('The signature is invalid.');
+            }
         }
         // 转换通知的JSON文本消息为PHP Array数组
         $inBodyArray = (array)json_decode($inBody, true);
@@ -58,7 +64,7 @@ class NotifyService
             'associated_data' => $aad
         ]] = $inBodyArray;
         // 加密文本消息解密
-        $inBodyResource = AesGcm::decrypt($ciphertext, $apiv3Key, $nonce, $aad);
+        $inBodyResource = AesGcm::decrypt($ciphertext, $apiV3Key, $nonce, $aad);
         return json_decode($inBodyResource, true);
     }
 }