diff --git a/app/Http/Controllers/WechatPayController.php b/app/Http/Controllers/WechatPayController.php index 0e5ccf4..752438a 100644 --- a/app/Http/Controllers/WechatPayController.php +++ b/app/Http/Controllers/WechatPayController.php @@ -56,7 +56,7 @@ class WechatPayController extends Controller 'wechatpay-serial' => $_SERVER['HTTP_WECHATPAY_SERIAL'] ?? '', ]; $body = $request->all(); - $body = json_encode($body, JSON_UNESCAPED_UNICODE); + // $body = json_encode($body, JSON_UNESCAPED_UNICODE); Log::info("请求头", ["headers" => $headers]); Log::info("请求体", ["body" => $body]); $res = WechatPayService::mchTransferCallback($headers, $body); diff --git a/app/Services/WechatPayService.php b/app/Services/WechatPayService.php index b780fb1..fb0a0e2 100644 --- a/app/Services/WechatPayService.php +++ b/app/Services/WechatPayService.php @@ -130,13 +130,14 @@ class WechatPayService /** * 验证签名(RSA-SHA256) */ - private function verifySignature(array $headers, string $body): bool + private function verifySignature(array $headers, array $body): bool { // 检查必要头是否存在 if ( empty($headers['timestamp']) || empty($headers['nonce']) || empty($headers['signature']) || empty($headers['serial']) ) { + Log::error('请求头参数确实'); return false; } @@ -149,7 +150,7 @@ class WechatPayService // 构造验签名串:timestamp + \n + nonce + \n + body + \n $signStr = $headers['timestamp'] . "\n" . $headers['nonce'] . "\n" - . $body . "\n"; + . json_encode($body) . "\n"; // 加载微信支付平台公钥 $publicKey = openssl_pkey_get_public('file://' . config("wechatpay.payment.platform_cert_path")); @@ -170,9 +171,9 @@ class WechatPayService /** * AES-256-GCM 解密回调数据 */ - private function decryptNotifyData(string $rawBody): ?array + private function decryptNotifyData(array $data): ?array { - $data = json_decode($rawBody, true); + // $data = json_decode($rawBody, true); if (!isset($data['resource'])) { return null;