lkddi/chatroom
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(wechat): 回滚微信群扫码绑定,强制要求私聊,避免无法下发个人通知的潜在问题

Browse Source
This commit is contained in:
流星
2026-04-02 15:38:26 +08:00
parent a24c8280c9
commit f04512ac3f
1 changed files with 9 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
app/Console/Commands/ConsumeWechatMessages.php
View File

@@ -102,44 +102,30 @@ class ConsumeWechatMessages extends Command
$fromUser = $msg['from_user'];
$isChatroom = $msg['is_chatroom'];
// 绑定逻辑:支持私聊和被授权的微信群。只要内容格式为 BD-xxxxxx
if (preg_match('/^BD-\d{6}$/i', $content)) {
// 如果是群聊,则仅允许在后台设定的目标通知群里进行扫码绑定
if ($isChatroom) {
$sysParam = \App\Models\SysParam::where('alias', 'wechat_bot_config')->first();
$config = $sysParam && ! empty($sysParam->body) ? json_decode($sysParam->body, true) : [];
$allowedGroupWxid = $config['group_notify']['target_wxid'] ?? '';
if ($msg['chatroom_id'] !== $allowedGroupWxid) {
$this->info("拒绝绑定:来自非授权群聊 {$msg['chatroom_id']}");
return;
}
}
$replyTarget = $isChatroom ? $msg['chatroom_id'] : $fromUser;
$this->info("收到潜在绑定请求: {$content} from {$fromUser} (Reply to: {$replyTarget})");
$this->handleBindRequest(strtoupper($content), $fromUser, $replyTarget, $apiService);
// 绑定逻辑:必须是私聊(防止在群内绑定导致未来系统无法直接通过私聊推送个人通知)
if (! $isChatroom && preg_match('/^BD-\d{6}$/i', $content)) {
$this->info("收到潜在绑定请求: {$content} from {$fromUser}");
$this->handleBindRequest(strtoupper($content), $fromUser, $apiService);
}
}
/**
* 处理账号绑定请求
*/
protected function handleBindRequest(string $code, string $wxid, string $replyTarget, WechatBotApiService $apiService): void
protected function handleBindRequest(string $code, string $wxid, WechatBotApiService $apiService): void
{
$cacheKey = 'wechat_bind_code:'.$code;
$username = Cache::get($cacheKey);
if (! $username) {
$apiService->sendTextMessage($replyTarget, '❌ 绑定失败该验证码无效或已过有效期5分钟。请在个人中心重新生成。');
$apiService->sendTextMessage($wxid, '❌ 绑定失败该验证码无效或已过有效期5分钟。请在个人中心重新生成。');
return;
}
$user = User::where('username', $username)->first();
if (! $user) {
$apiService->sendTextMessage($replyTarget, '❌ 绑定失败:找不到对应的用户账号。');
$apiService->sendTextMessage($wxid, '❌ 绑定失败:找不到对应的用户账号。');
return;
}
@@ -147,7 +133,7 @@ class ConsumeWechatMessages extends Command
// 判断该微信号是否已经被其他用户绑定(防止碰撞或安全隐患)
$existing = User::where('wxid', $wxid)->where('id', '!=', $user->id)->first();
if ($existing) {
$apiService->sendTextMessage($replyTarget, "❌ 绑定失败:当前微信号已经被其他账号 [{$existing->username}] 绑定。请先解绑后再试。");
$apiService->sendTextMessage($wxid, "❌ 绑定失败:当前微信号已经被其他账号 [{$existing->username}] 绑定。请先解绑后再试。");
return;
}
@@ -164,6 +150,6 @@ class ConsumeWechatMessages extends Command
."您已成功绑定聊天室账号:[{$username}]。\n"
.'现在您可以接收重要系统通知了。';
$apiService->sendTextMessage($replyTarget, $successMsg);
$apiService->sendTextMessage($wxid, $successMsg);
}
}