修复同城配送接口RSA签名错误（错误码40234）

[Copilot]

postWithSignature was constructing the RSA signing payload with an extra rsaKeySn field, causing WeChat to reject all intracity API calls with error 40234 (invalid signature).

Per the WeChat API signature spec, the signing string must be exactly 4 fields:

urlpath\nappid\ntimestamp\npostdata

Fix

• Remove rsaKeySn from the RSA signature payload in BaseWxMaServiceImpl#postWithSignature. The serial number is still correctly sent via the Wechatmp-Serial request header.

// Before (wrong — 5 fields)
String payload = urlPath + "\n" + appId + "\n" + timestamp + "\n" + rsaKeySn + "\n" + requestJson;

// After (correct — 4 fields per spec)
String payload = urlPath + "\n" + appId + "\n" + timestamp + "\n" + requestJson;

• Extract the payload construction into a package-visible static method buildSignaturePayload in BaseWxMaServiceImpl, enabling direct unit testing of the production logic.

Tests

• WxMaSignaturePayloadTest: directly calls BaseWxMaServiceImpl.buildSignaturePayload and asserts:
  • The payload contains exactly 4 fields (not 5)
  • The payload does not contain rsaKeySn
  • The payload matches the expected format exactly

If rsaKeySn is ever mistakenly added back to the payload, these tests will immediately fail, preventing regression.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>/express/intracity/createstore 40423 签名错误</issue_title>
<issue_description># 提问前，请确保阅读过项目首页说明以及wiki开发文档相关内容，尤其是常见问题部分。完成内容后，请务必移除包括本句在内的无用内容，以免影响阅读，否则直接关闭，谢谢合作~

另外如果确认属于bug，而且已明确如何修复，请参考贡献指南直接提交PR，省的浪费时间在这里描述问题，非常感谢配合

简要描述

https://api.weixin.qq.com/cgi-bin/express/intracity/createstore?access_token=xxx
报错错误代码：40234, 错误信息：invalid signature rid: 69af74a4-39bbb3e9-06b4d7c0，微信原始报文：{"errcode":40234,"errmsg":"invalid signature rid: 69af74a4-39bbb3e9-06b4d7c0"}

确定参数没少 并且用的是pkcs8

看到之前也有提到过这个问题已解决 但是我检查了还是不行

模块版本情况

• WxJava 模块名: weixin-java-miniapp
• WxJava 版本号:4.8.1-20260307.155946

</issue_description>

Comments on the Issue (you are @copilot in this section)

Custom agent used: 全部用中文
需要用中文，包括PR标题和分析总结过程

• Fixes /express/intracity/createstore 40423 签名错误 #3915

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[augmentcode]

🤖 Augment PR Summary

Summary: 修复小程序同城配送等接口在启用服务端 API 签名时，因 RSA 待签名串多拼接了 rsaKeySn 导致微信返回 40234（invalid signature）的问题。

Changes:

• 调整 `BaseWxMaServiceImpl#postWithSignature` 的 RSA payload 为 urlpath\nappid\ntimestamp\npostdata（移除 `rsaKeySn`）
• `rsaKeySn` 仍通过请求头 Wechatmp-Serial 发送，保持协议要求
• 新增 `WxMaSignaturePayloadTest`，验证正确 4 字段 payload 可验签、旧 5 字段 payload（含 `rsaKeySn`）在按规范验签时失败

_{🤖 Was this summary useful? React with 👍 or 👎}

[augmentcode]

Review completed. 1 suggestion posted.

Comment augment review to trigger a new review at any time.

[Copilot]

Pull request overview

本 PR 旨在修复微信小程序「服务端 API 签名」的待签名串（payload）拼接格式，使其符合官方文档要求，并尝试通过新增测试来解释/验证该格式。

Changes:

• 修复 postWithSignature 的 RSA 签名 payload：移除将 rsaKeySn 拼入待签名串的逻辑
• 新增 WxMaSignaturePayloadTest，用于验证签名 payload 的换行拼接规则（含/不含 rsaKeySn 的差异）

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
weixin-java-miniapp/src/main/java/cn/binarywang/wx/miniapp/api/impl/BaseWxMaServiceImpl.java	调整签名 payload 拼接格式，确保待签名串不再包含 rsaKeySn
weixin-java-miniapp/src/test/java/cn/binarywang/wx/miniapp/api/impl/WxMaSignaturePayloadTest.java	新增测试用例，尝试验证 payload 格式与签名验签结果的关系

[binarywang]

@copilot apply changes based on the comments in this thread

[Copilot]

@copilot apply changes based on the comments in this thread

已按评审意见重构（commit 2ad43b3）：

将 payload 拼接逻辑提取为包可见静态方法 buildSignaturePayload，测试现在直接调用该方法并断言：

1. 待签名串恰好包含 4 个字段（urlpath、appid、timestamp、postdata），而非 5 个
2. 待签名串不包含 rsaKeySn
3. 格式与官方规范完全一致

若将来有人误将 rsaKeySn 加回 payload，测试将立即失败，从而防止回归。