From a97dbdf95cc0c1cf46c5e0aeaf914745637fa0b3 Mon Sep 17 00:00:00 2001
From: Little Write <773821422@qq.com>
Date: Sat, 27 Sep 2025 11:41:03 +0800
Subject: [PATCH] Update controller/topup_creem.go

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
---
 controller/topup_creem.go | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/controller/topup_creem.go b/controller/topup_creem.go
index 334410b32..cbc6bdd5e 100644
--- a/controller/topup_creem.go
+++ b/controller/topup_creem.go
@@ -249,10 +249,13 @@ func CreemWebhook(c *gin.Context) {
 	// 获取签名头
 	signature := c.GetHeader(CreemSignatureHeader)
 
-	// 打印请求信息用于调试
-	log.Printf("Creem Webhook - URI: %s, Query: %s", c.Request.RequestURI, c.Request.URL.RawQuery)
-	log.Printf("Creem Webhook - Signature: %s", signature)
-	log.Printf("Creem Webhook - Body: %s", string(bodyBytes))
+	// 打印关键信息（避免输出完整敏感payload）
+	log.Printf("Creem Webhook - URI: %s", c.Request.RequestURI)
+	if signature == "" && !setting.CreemTestMode {
+		log.Printf("Creem Webhook缺少签名头")
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
 
 	// 验证签名
 	if !verifyCreemSignature(string(bodyBytes), signature, setting.CreemWebhookSecret) {