From f04512ac3f0650fa04bc87cc6111723a4e648d4e Mon Sep 17 00:00:00 2001 From: lkddi Date: Thu, 2 Apr 2026 15:38:26 +0800 Subject: [PATCH] =?UTF-8?q?fix(wechat):=20=E5=9B=9E=E6=BB=9A=E5=BE=AE?= =?UTF-8?q?=E4=BF=A1=E7=BE=A4=E6=89=AB=E7=A0=81=E7=BB=91=E5=AE=9A=EF=BC=8C?= =?UTF-8?q?=E5=BC=BA=E5=88=B6=E8=A6=81=E6=B1=82=E7=A7=81=E8=81=8A=EF=BC=8C?= =?UTF-8?q?=E9=81=BF=E5=85=8D=E6=97=A0=E6=B3=95=E4=B8=8B=E5=8F=91=E4=B8=AA?= =?UTF-8?q?=E4=BA=BA=E9=80=9A=E7=9F=A5=E7=9A=84=E6=BD=9C=E5=9C=A8=E9=97=AE?= =?UTF-8?q?=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Commands/ConsumeWechatMessages.php | 32 ++++++------------- 1 file changed, 9 insertions(+), 23 deletions(-) diff --git a/app/Console/Commands/ConsumeWechatMessages.php b/app/Console/Commands/ConsumeWechatMessages.php index dc64ef6..dc3ba49 100644 --- a/app/Console/Commands/ConsumeWechatMessages.php +++ b/app/Console/Commands/ConsumeWechatMessages.php @@ -102,44 +102,30 @@ class ConsumeWechatMessages extends Command $fromUser = $msg['from_user']; $isChatroom = $msg['is_chatroom']; - // 绑定逻辑:支持私聊和被授权的微信群。只要内容格式为 BD-xxxxxx - if (preg_match('/^BD-\d{6}$/i', $content)) { - // 如果是群聊,则仅允许在后台设定的目标通知群里进行扫码绑定 - if ($isChatroom) { - $sysParam = \App\Models\SysParam::where('alias', 'wechat_bot_config')->first(); - $config = $sysParam && ! empty($sysParam->body) ? json_decode($sysParam->body, true) : []; - $allowedGroupWxid = $config['group_notify']['target_wxid'] ?? ''; - - if ($msg['chatroom_id'] !== $allowedGroupWxid) { - $this->info("拒绝绑定:来自非授权群聊 {$msg['chatroom_id']}"); - - return; - } - } - - $replyTarget = $isChatroom ? $msg['chatroom_id'] : $fromUser; - $this->info("收到潜在绑定请求: {$content} from {$fromUser} (Reply to: {$replyTarget})"); - $this->handleBindRequest(strtoupper($content), $fromUser, $replyTarget, $apiService); + // 绑定逻辑:必须是私聊(防止在群内绑定导致未来系统无法直接通过私聊推送个人通知) + if (! $isChatroom && preg_match('/^BD-\d{6}$/i', $content)) { + $this->info("收到潜在绑定请求: {$content} from {$fromUser}"); + $this->handleBindRequest(strtoupper($content), $fromUser, $apiService); } } /** * 处理账号绑定请求 */ - protected function handleBindRequest(string $code, string $wxid, string $replyTarget, WechatBotApiService $apiService): void + protected function handleBindRequest(string $code, string $wxid, WechatBotApiService $apiService): void { $cacheKey = 'wechat_bind_code:'.$code; $username = Cache::get($cacheKey); if (! $username) { - $apiService->sendTextMessage($replyTarget, '❌ 绑定失败:该验证码无效或已过有效期(5分钟)。请在个人中心重新生成。'); + $apiService->sendTextMessage($wxid, '❌ 绑定失败:该验证码无效或已过有效期(5分钟)。请在个人中心重新生成。'); return; } $user = User::where('username', $username)->first(); if (! $user) { - $apiService->sendTextMessage($replyTarget, '❌ 绑定失败:找不到对应的用户账号。'); + $apiService->sendTextMessage($wxid, '❌ 绑定失败:找不到对应的用户账号。'); return; } @@ -147,7 +133,7 @@ class ConsumeWechatMessages extends Command // 判断该微信号是否已经被其他用户绑定(防止碰撞或安全隐患) $existing = User::where('wxid', $wxid)->where('id', '!=', $user->id)->first(); if ($existing) { - $apiService->sendTextMessage($replyTarget, "❌ 绑定失败:当前微信号已经被其他账号 [{$existing->username}] 绑定。请先解绑后再试。"); + $apiService->sendTextMessage($wxid, "❌ 绑定失败:当前微信号已经被其他账号 [{$existing->username}] 绑定。请先解绑后再试。"); return; } @@ -164,6 +150,6 @@ class ConsumeWechatMessages extends Command ."您已成功绑定聊天室账号:[{$username}]。\n" .'现在您可以接收重要系统通知了。'; - $apiService->sendTextMessage($replyTarget, $successMsg); + $apiService->sendTextMessage($wxid, $successMsg); } }