1.优化ws返回参数不包含敏感字段user_id等

app/common/service/GameWebSocketDispatcher.php

@@ -66,10 +66,13 @@ final class GameWebSocketDispatcher
             $payloadUserId = $parsed === false ? 0 : (int) $parsed;
         }
 
+        $rawData = is_array($event['data'] ?? null) ? $event['data'] : [];
+        $clientData = GameWebSocketPayloadHelper::sanitizeOutboundData($rawData);
+
         $frame = json_encode([
             'event' => $event['event'] ?? $topic,
             'topic' => $topic,
-            'data' => $event['data'] ?? [],
+            'data' => $clientData,
             'server_time' => $event['server_time'] ?? time(),
         ], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
         if (!is_string($frame) || $frame === '') {
@@ -128,9 +131,20 @@ final class GameWebSocketDispatcher
      */
     public static function sendDirect(TcpConnection $connection, string $event, array $data, string $tag = ''): void
     {
+        $controlEvents = ['ws.connected', 'ws.subscribed', 'ws.error', 'pong'];
+        $payload = $data;
+        if (!in_array($event, $controlEvents, true)) {
+            if (isset($payload['data']) && is_array($payload['data'])) {
+                $payload['data'] = GameWebSocketPayloadHelper::sanitizeOutboundData($payload['data']);
+            }
+        }
+        if ($event === 'ws.connected') {
+            unset($payload['user_id']);
+        }
+
         $frame = json_encode(array_merge([
             'event' => $event,
-        ], $data), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
+        ], $payload), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
         if (!is_string($frame) || $frame === '') {
             return;
         }