2 dienas atpakaļ · 7ebd115ebe
--- a/src/Service/NotifyService.php
+++ b/src/Service/NotifyService.php
@@ -8,6 +8,7 @@ use think\facade\Log;
 
				 use WeChatPay\Crypto\AesGcm;
			
 
				 use WeChatPay\Crypto\Rsa;
			
 
				 use WeChatPay\Formatter;
			
 
				+use function SixShop\Core\throw_logic_exception;
			
 
				 
			
 
				 class NotifyService
			
 
				 {
			
@@ -27,7 +28,7 @@ class NotifyService
 
				         $serial = $headers['Wechatpay-Serial'] ?? ''; // 请根据实际情况获取
			
 
				         $nonce = $headers['Wechatpay-Nonce'] ?? ''; // 请根据实际情况获取
			
 
				 
			
 
				-        $apiv3Key = $this->config->api_v3_key;
			
 
				+        $apiV3Key = $this->config->api_v3_key;
			
 
				         $platformPublicKeyInstance = str_starts_with($serial, 'PUB_KEY_ID_') ? $this->config->public_key : $this->config->platform_cert;
			
 
				 
			
 
				         $timeOffsetStatus = 300 >= abs(Formatter::timestamp() - (int)$timestamp);
			
@@ -40,14 +41,19 @@ class NotifyService
 
				             $platformPublicKeyInstance
			
 
				         );
			
 
				         if (!$verifiedStatus) {
			
 
				-            Log::warning('The signature is invalid. timestamp={timestamp} nonce={nonce} inBody={inBody} signature={signature} serial={serial}', [
			
 
				-                'timestamp' => $timestamp,
			
 
				-                'nonce' => $nonce,
			
 
				-                'inBody' => $inBody,
			
 
				-                'signature' => $signature,
			
 
				-                'serial' => $serial,
			
 
				-            ]);
			
 
				-            throw new \RuntimeException('The signature is invalid.');
			
 
				+            // 签名值中的 WECHATPAY/SIGNTEST/ 前缀快速判断是否为探测流量
			
 
				+            if (str_starts_with($signature, 'WECHATPAY/SIGNTEST/')) {
			
 
				+                throw_logic_exception('The signature is a probe traffic.');
			
 
				+            } else {
			
 
				+                Log::warning('The signature is invalid. timestamp={timestamp} nonce={nonce} inBody={inBody} signature={signature} serial={serial}', [
			
 
				+                    'timestamp' => $timestamp,
			
 
				+                    'nonce' => $nonce,
			
 
				+                    'inBody' => $inBody,
			
 
				+                    'signature' => $signature,
			
 
				+                    'serial' => $serial,
			
 
				+                ]);
			
 
				+                throw new \RuntimeException('The signature is invalid.');
			
 
				+            }
			
 
				         }
			
 
				         // 转换通知的JSON文本消息为PHP Array数组
			
 
				         $inBodyArray = (array)json_decode($inBody, true);
			
@@ -58,7 +64,7 @@ class NotifyService
 
				             'associated_data' => $aad
			
 
				         ]] = $inBodyArray;
			
 
				         // 加密文本消息解密
			
 
				-        $inBodyResource = AesGcm::decrypt($ciphertext, $apiv3Key, $nonce, $aad);
			
 
				+        $inBodyResource = AesGcm::decrypt($ciphertext, $apiV3Key, $nonce, $aad);
			
 
				         return json_decode($inBodyResource, true);
			
 
				     }
			
 
				 }