vendor/shopware/core/Framework/Webhook/WebhookDispatcher.php line 96

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace Shopware\Core\Framework\Webhook;
  5. use Doctrine\DBAL\Connection;
  6. use GuzzleHttp\Client;
  7. use GuzzleHttp\Pool;
  8. use GuzzleHttp\Psr7\Request;
  9. use Shopware\Core\DevOps\Environment\EnvironmentHelper;
  10. use Shopware\Core\Framework\App\AppLocaleProvider;
  11. use Shopware\Core\Framework\App\Event\AppChangedEvent;
  12. use Shopware\Core\Framework\App\Event\AppDeletedEvent;
  13. use Shopware\Core\Framework\App\Event\AppFlowActionEvent;
  14. use Shopware\Core\Framework\App\Exception\AppUrlChangeDetectedException;
  15. use Shopware\Core\Framework\App\Hmac\Guzzle\AuthMiddleware;
  16. use Shopware\Core\Framework\App\Hmac\RequestSigner;
  17. use Shopware\Core\Framework\App\ShopId\ShopIdProvider;
  18. use Shopware\Core\Framework\Context;
  19. use Shopware\Core\Framework\DataAbstractionLayer\EntityRepositoryInterface;
  20. use Shopware\Core\Framework\DataAbstractionLayer\Event\EntityWrittenContainerEvent;
  21. use Shopware\Core\Framework\DataAbstractionLayer\Search\Criteria;
  22. use Shopware\Core\Framework\DataAbstractionLayer\Search\Filter\EqualsFilter;
  23. use Shopware\Core\Framework\Event\BusinessEventInterface;
  24. use Shopware\Core\Framework\Event\FlowEventAware;
  25. use Shopware\Core\Framework\Feature;
  26. use Shopware\Core\Framework\Log\Package;
  27. use Shopware\Core\Framework\Uuid\Uuid;
  28. use Shopware\Core\Framework\Webhook\EventLog\WebhookEventLogDefinition;
  29. use Shopware\Core\Framework\Webhook\Hookable\HookableEventFactory;
  30. use Shopware\Core\Framework\Webhook\Message\WebhookEventMessage;
  31. use Shopware\Core\Profiling\Profiler;
  32. use Symfony\Component\DependencyInjection\ContainerInterface;
  33. use Symfony\Component\EventDispatcher\EventDispatcherInterface;
  34. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  35. use Symfony\Component\Messenger\MessageBusInterface;
  37. #[Package('core')]
  38. class WebhookDispatcher implements EventDispatcherInterface
  39. {
  40.     private EventDispatcherInterface $dispatcher;
  42.     private Connection $connection;
  44.     private ?WebhookCollection $webhooks null;
  46.     private Client $guzzle;
  48.     private string $shopUrl;
  50.     private ContainerInterface $container;
  52.     private array $privileges = [];
  54.     private HookableEventFactory $eventFactory;
  56.     private string $shopwareVersion;
  58.     private MessageBusInterface $bus;
  60.     private bool $isAdminWorkerEnabled;
  62.     /**
  63.      * @internal
  64.      */
  65.     public function __construct(
  66.         EventDispatcherInterface $dispatcher,
  67.         Connection $connection,
  68.         Client $guzzle,
  69.         string $shopUrl,
  70.         ContainerInterface $container,
  71.         HookableEventFactory $eventFactory,
  72.         string $shopwareVersion,
  73.         MessageBusInterface $bus,
  74.         bool $isAdminWorkerEnabled
  75.     ) {
  76.         $this->dispatcher $dispatcher;
  77.         $this->connection $connection;
  78.         $this->guzzle $guzzle;
  79.         $this->shopUrl $shopUrl;
  80.         // inject container, so we can later get the ShopIdProvider and the webhook repository
  81.         // ShopIdProvider, AppLocaleProvider and webhook repository can not be injected directly as it would lead to a circular reference
  82.         $this->container $container;
  83.         $this->eventFactory $eventFactory;
  84.         $this->shopwareVersion $shopwareVersion;
  85.         $this->bus $bus;
  86.         $this->isAdminWorkerEnabled $isAdminWorkerEnabled;
  87.     }
  89.     /**
  90.      * @template TEvent of object
  91.      *
  92.      * @param TEvent $event
  93.      *
  94.      * @return TEvent
  95.      */
  96.     public function dispatch($event, ?string $eventName null): object
  97.     {
  98.         $event $this->dispatcher->dispatch($event$eventName);
  100.         if (EnvironmentHelper::getVariable('DISABLE_EXTENSIONS'false)) {
  101.             return $event;
  102.         }
  104.         foreach ($this->eventFactory->createHookablesFor($event) as $hookable) {
  105.             $context Context::createDefaultContext();
  106.             if (Feature::isActive('FEATURE_NEXT_17858')) {
  107.                 if ($event instanceof FlowEventAware || $event instanceof AppChangedEvent || $event instanceof EntityWrittenContainerEvent) {
  108.                     $context $event->getContext();
  109.                 }
  110.             } else {
  111.                 if ($event instanceof BusinessEventInterface || $event instanceof AppChangedEvent || $event instanceof EntityWrittenContainerEvent) {
  112.                     $context $event->getContext();
  113.                 }
  114.             }
  116.             $this->callWebhooks($hookable$context);
  117.         }
  119.         // always return the original event and never our wrapped events
  120.         // this would lead to problems in the `BusinessEventDispatcher` from core
  121.         return $event;
  122.     }
  124.     /**
  125.      * @param string   $eventName
  126.      * @param callable $listener
  127.      * @param int      $priority
  128.      */
  129.     public function addListener($eventName$listener$priority 0): void
  130.     {
  131.         $this->dispatcher->addListener($eventName$listener$priority);
  132.     }
  134.     public function addSubscriber(EventSubscriberInterface $subscriber): void
  135.     {
  136.         $this->dispatcher->addSubscriber($subscriber);
  137.     }
  139.     /**
  140.      * @param string   $eventName
  141.      * @param callable $listener
  142.      */
  143.     public function removeListener($eventName$listener): void
  144.     {
  145.         $this->dispatcher->removeListener($eventName$listener);
  146.     }
  148.     public function removeSubscriber(EventSubscriberInterface $subscriber): void
  149.     {
  150.         $this->dispatcher->removeSubscriber($subscriber);
  151.     }
  153.     /**
  154.      * @param string|null $eventName
  155.      *
  156.      * @return array<array-key, array<array-key, callable>|callable>
  157.      */
  158.     public function getListeners($eventName null): array
  159.     {
  160.         return $this->dispatcher->getListeners($eventName);
  161.     }
  163.     /**
  164.      * @param string   $eventName
  165.      * @param callable $listener
  166.      */
  167.     public function getListenerPriority($eventName$listener): ?int
  168.     {
  169.         return $this->dispatcher->getListenerPriority($eventName$listener);
  170.     }
  172.     /**
  173.      * @param string|null $eventName
  174.      */
  175.     public function hasListeners($eventName null): bool
  176.     {
  177.         return $this->dispatcher->hasListeners($eventName);
  178.     }
  180.     public function clearInternalWebhookCache(): void
  181.     {
  182.         $this->webhooks null;
  183.     }
  185.     public function clearInternalPrivilegesCache(): void
  186.     {
  187.         $this->privileges = [];
  188.     }
  190.     private function callWebhooks(Hookable $eventContext $context): void
  191.     {
  192.         /** @var WebhookCollection $webhooksForEvent */
  193.         $webhooksForEvent $this->getWebhooks()->filterForEvent($event->getName());
  195.         if ($webhooksForEvent->count() === 0) {
  196.             return;
  197.         }
  199.         $affectedRoleIds $webhooksForEvent->getAclRoleIdsAsBinary();
  200.         $languageId $context->getLanguageId();
  201.         $userLocale $this->getAppLocaleProvider()->getLocaleFromContext($context);
  203.         // If the admin worker is enabled we send all events synchronously, as we can't guarantee timely delivery otherwise.
  204.         // Additionally, all app lifecycle events are sent synchronously as those can lead to nasty race conditions otherwise.
  205.         if ($this->isAdminWorkerEnabled || $event instanceof AppDeletedEvent || $event instanceof AppChangedEvent) {
  206.             Profiler::trace('webhook::dispatch-sync', function () use ($userLocale$languageId$affectedRoleIds$event$webhooksForEvent): void {
  207.                 $this->callWebhooksSynchronous($webhooksForEvent$event$affectedRoleIds$languageId$userLocale);
  208.             });
  210.             return;
  211.         }
  213.         Profiler::trace('webhook::dispatch-async', function () use ($userLocale$languageId$affectedRoleIds$event$webhooksForEvent): void {
  214.             $this->dispatchWebhooksToQueue($webhooksForEvent$event$affectedRoleIds$languageId$userLocale);
  215.         });
  216.     }
  218.     private function getWebhooks(): WebhookCollection
  219.     {
  220.         if ($this->webhooks) {
  221.             return $this->webhooks;
  222.         }
  224.         $criteria = new Criteria();
  225.         $criteria->setTitle('apps::webhooks');
  226.         $criteria->addFilter(new EqualsFilter('active'true));
  227.         $criteria->addAssociation('app');
  229.         /** @var WebhookCollection $webhooks */
  230.         $webhooks $this->container->get('webhook.repository')->search($criteriaContext::createDefaultContext())->getEntities();
  232.         return $this->webhooks $webhooks;
  233.     }
  235.     private function isEventDispatchingAllowed(WebhookEntity $webhookHookable $event, array $affectedRoles): bool
  236.     {
  237.         $app $webhook->getApp();
  239.         if ($app === null) {
  240.             return true;
  241.         }
  243.         // Only app lifecycle hooks can be received if app is deactivated
  244.         if (!$app->isActive() && !($event instanceof AppChangedEvent || $event instanceof AppDeletedEvent)) {
  245.             return false;
  246.         }
  248.         if (!($this->privileges[$event->getName()] ?? null)) {
  249.             $this->loadPrivileges($event->getName(), $affectedRoles);
  250.         }
  252.         $privileges $this->privileges[$event->getName()][$app->getAclRoleId()]
  253.             ?? new AclPrivilegeCollection([]);
  255.         if (!$event->isAllowed($app->getId(), $privileges)) {
  256.             return false;
  257.         }
  259.         return true;
  260.     }
  262.     /**
  263.      * @param array<string> $affectedRoleIds
  264.      */
  265.     private function callWebhooksSynchronous(
  266.         WebhookCollection $webhooksForEvent,
  267.         Hookable $event,
  268.         array $affectedRoleIds,
  269.         string $languageId,
  270.         string $userLocale
  271.     ): void {
  272.         $requests = [];
  274.         foreach ($webhooksForEvent as $webhook) {
  275.             if (!$this->isEventDispatchingAllowed($webhook$event$affectedRoleIds)) {
  276.                 continue;
  277.             }
  279.             try {
  280.                 $webhookData $this->getPayloadForWebhook($webhook$event);
  281.             } catch (AppUrlChangeDetectedException $e) {
  282.                 // don't dispatch webhooks for apps if url changed
  283.                 continue;
  284.             }
  286.             $timestamp time();
  287.             $webhookData['timestamp'] = $timestamp;
  289.             /** @var string $jsonPayload */
  290.             $jsonPayload json_encode($webhookData);
  292.             $headers = [
  293.                 'Content-Type' => 'application/json',
  294.                 'sw-version' => $this->shopwareVersion,
  295.                 AuthMiddleware::SHOPWARE_CONTEXT_LANGUAGE => $languageId,
  296.                 AuthMiddleware::SHOPWARE_USER_LANGUAGE => $userLocale,
  297.             ];
  299.             if ($event instanceof AppFlowActionEvent) {
  300.                 $headers array_merge($headers$event->getWebhookHeaders());
  301.             }
  303.             $request = new Request(
  304.                 'POST',
  305.                 $webhook->getUrl(),
  306.                 $headers,
  307.                 $jsonPayload
  308.             );
  310.             if ($webhook->getApp() !== null && $webhook->getApp()->getAppSecret() !== null) {
  311.                 $request $request->withHeader(
  312.                     RequestSigner::SHOPWARE_SHOP_SIGNATURE,
  313.                     (new RequestSigner())->signPayload($jsonPayload$webhook->getApp()->getAppSecret())
  314.                 );
  315.             }
  317.             $requests[] = $request;
  318.         }
  320.         if (\count($requests) > 0) {
  321.             $pool = new Pool($this->guzzle$requests);
  322.             $pool->promise()->wait();
  323.         }
  324.     }
  326.     /**
  327.      * @param array<string> $affectedRoleIds
  328.      */
  329.     private function dispatchWebhooksToQueue(
  330.         WebhookCollection $webhooksForEvent,
  331.         Hookable $event,
  332.         array $affectedRoleIds,
  333.         string $languageId,
  334.         string $userLocale
  335.     ): void {
  336.         foreach ($webhooksForEvent as $webhook) {
  337.             if (!$this->isEventDispatchingAllowed($webhook$event$affectedRoleIds)) {
  338.                 continue;
  339.             }
  341.             try {
  342.                 $webhookData $this->getPayloadForWebhook($webhook$event);
  343.             } catch (AppUrlChangeDetectedException $e) {
  344.                 // don't dispatch webhooks for apps if url changed
  345.                 continue;
  346.             }
  348.             $webhookEventId $webhookData['source']['eventId'];
  350.             $appId $webhook->getApp() !== null $webhook->getApp()->getId() : null;
  351.             $secret $webhook->getApp() !== null $webhook->getApp()->getAppSecret() : null;
  353.             $webhookEventMessage = new WebhookEventMessage(
  354.                 $webhookEventId,
  355.                 $webhookData,
  356.                 $appId,
  357.                 $webhook->getId(),
  358.                 $this->shopwareVersion,
  359.                 $webhook->getUrl(),
  360.                 $secret,
  361.                 $languageId,
  362.                 $userLocale
  363.             );
  365.             $this->logWebhookWithEvent($webhook$webhookEventMessage);
  367.             $this->bus->dispatch($webhookEventMessage);
  368.         }
  369.     }
  371.     private function getPayloadForWebhook(WebhookEntity $webhookHookable $event): array
  372.     {
  373.         if ($event instanceof AppFlowActionEvent) {
  374.             return $event->getWebhookPayload();
  375.         }
  377.         $data = [
  378.             'payload' => $event->getWebhookPayload(),
  379.             'event' => $event->getName(),
  380.         ];
  382.         $source = [
  383.             'url' => $this->shopUrl,
  384.             'eventId' => Uuid::randomHex(),
  385.         ];
  387.         if ($webhook->getApp() !== null) {
  388.             $shopIdProvider $this->getShopIdProvider();
  390.             $source['appVersion'] = $webhook->getApp()->getVersion();
  391.             $source['shopId'] = $shopIdProvider->getShopId();
  392.         }
  394.         return [
  395.             'data' => $data,
  396.             'source' => $source,
  397.         ];
  398.     }
  400.     private function logWebhookWithEvent(WebhookEntity $webhookWebhookEventMessage $webhookEventMessage): void
  401.     {
  402.         /** @var EntityRepositoryInterface $webhookEventLogRepository */
  403.         $webhookEventLogRepository $this->container->get('webhook_event_log.repository');
  405.         $webhookEventLogRepository->create([
  406.             [
  407.                 'id' => $webhookEventMessage->getWebhookEventId(),
  408.                 'appName' => $webhook->getApp() !== null $webhook->getApp()->getName() : null,
  409.                 'deliveryStatus' => WebhookEventLogDefinition::STATUS_QUEUED,
  410.                 'webhookName' => $webhook->getName(),
  411.                 'eventName' => $webhook->getEventName(),
  412.                 'appVersion' => $webhook->getApp() !== null $webhook->getApp()->getVersion() : null,
  413.                 'url' => $webhook->getUrl(),
  414.                 'serializedWebhookMessage' => serialize($webhookEventMessage),
  415.             ],
  416.         ], Context::createDefaultContext());
  417.     }
  419.     /**
  420.      * @param array<string> $affectedRoleIds
  421.      */
  422.     private function loadPrivileges(string $eventName, array $affectedRoleIds): void
  423.     {
  424.         $roles $this->connection->fetchAllAssociative('
  425.             SELECT `id`, `privileges`
  426.             FROM `acl_role`
  427.             WHERE `id` IN (:aclRoleIds)
  428.         ', ['aclRoleIds' => $affectedRoleIds], ['aclRoleIds' => Connection::PARAM_STR_ARRAY]);
  430.         if (!$roles) {
  431.             $this->privileges[$eventName] = [];
  432.         }
  434.         foreach ($roles as $privilege) {
  435.             $this->privileges[$eventName][Uuid::fromBytesToHex($privilege['id'])]
  436.                 = new AclPrivilegeCollection(json_decode($privilege['privileges'], true));
  437.         }
  438.     }
  440.     private function getShopIdProvider(): ShopIdProvider
  441.     {
  442.         return $this->container->get(ShopIdProvider::class);
  443.     }
  445.     private function getAppLocaleProvider(): AppLocaleProvider
  446.     {
  447.         return $this->container->get(AppLocaleProvider::class);
  448.     }
  449. }