vendor/shopware/core/Framework/Webhook/WebhookDispatcher.php line 158

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace Shopware\Core\Framework\Webhook;
  5. use Doctrine\DBAL\Connection;
  6. use GuzzleHttp\Client;
  7. use GuzzleHttp\Pool;
  8. use GuzzleHttp\Psr7\Request;
  9. use Shopware\Core\DevOps\Environment\EnvironmentHelper;
  10. use Shopware\Core\Framework\App\AppLocaleProvider;
  11. use Shopware\Core\Framework\App\Event\AppChangedEvent;
  12. use Shopware\Core\Framework\App\Event\AppDeletedEvent;
  13. use Shopware\Core\Framework\App\Event\AppFlowActionEvent;
  14. use Shopware\Core\Framework\App\Exception\AppUrlChangeDetectedException;
  15. use Shopware\Core\Framework\App\Hmac\Guzzle\AuthMiddleware;
  16. use Shopware\Core\Framework\App\Hmac\RequestSigner;
  17. use Shopware\Core\Framework\App\ShopId\ShopIdProvider;
  18. use Shopware\Core\Framework\Context;
  19. use Shopware\Core\Framework\DataAbstractionLayer\EntityRepositoryInterface;
  20. use Shopware\Core\Framework\DataAbstractionLayer\Event\EntityWrittenContainerEvent;
  21. use Shopware\Core\Framework\DataAbstractionLayer\Search\Criteria;
  22. use Shopware\Core\Framework\DataAbstractionLayer\Search\Filter\EqualsFilter;
  23. use Shopware\Core\Framework\Event\BusinessEventInterface;
  24. use Shopware\Core\Framework\Event\FlowEventAware;
  25. use Shopware\Core\Framework\Feature;
  26. use Shopware\Core\Framework\Log\Package;
  27. use Shopware\Core\Framework\Uuid\Uuid;
  28. use Shopware\Core\Framework\Webhook\EventLog\WebhookEventLogDefinition;
  29. use Shopware\Core\Framework\Webhook\Hookable\HookableEventFactory;
  30. use Shopware\Core\Framework\Webhook\Message\WebhookEventMessage;
  31. use Shopware\Core\Profiling\Profiler;
  32. use Symfony\Component\DependencyInjection\ContainerInterface;
  33. use Symfony\Component\EventDispatcher\EventDispatcherInterface;
  34. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  35. use Symfony\Component\Messenger\MessageBusInterface;
  37. #[Package('core')]
  38. class WebhookDispatcher implements EventDispatcherInterface
  39. {
  40. private EventDispatcherInterface $dispatcher;
  42. private Connection $connection;
  44. private ?WebhookCollection $webhooks = null;
  46. private Client $guzzle;
  48. private string $shopUrl;
  50. private ContainerInterface $container;
  52. private array $privileges = [];
  54. private HookableEventFactory $eventFactory;
  56. private string $shopwareVersion;
  58. private MessageBusInterface $bus;
  60. private bool $isAdminWorkerEnabled;
  62. /**
  63. * @internal
  64. */
  65. public function __construct(
  66. EventDispatcherInterface $dispatcher,
  67. Connection $connection,
  68. Client $guzzle,
  69. string $shopUrl,
  70. ContainerInterface $container,
  71. HookableEventFactory $eventFactory,
  72. string $shopwareVersion,
  73. MessageBusInterface $bus,
  74. bool $isAdminWorkerEnabled
  75. ) {
  76. $this->dispatcher = $dispatcher;
  77. $this->connection = $connection;
  78. $this->guzzle = $guzzle;
  79. $this->shopUrl = $shopUrl;
  80. // inject container, so we can later get the ShopIdProvider and the webhook repository
  81. // ShopIdProvider, AppLocaleProvider and webhook repository can not be injected directly as it would lead to a circular reference
  82. $this->container = $container;
  83. $this->eventFactory = $eventFactory;
  84. $this->shopwareVersion = $shopwareVersion;
  85. $this->bus = $bus;
  86. $this->isAdminWorkerEnabled = $isAdminWorkerEnabled;
  87. }
  89. /**
  90. * @template TEvent of object
  91. *
  92. * @param TEvent $event
  93. *
  94. * @return TEvent
  95. */
  96. public function dispatch($event, ?string $eventName = null): object
  97. {
  98. $event = $this->dispatcher->dispatch($event, $eventName);
  100. if (EnvironmentHelper::getVariable('DISABLE_EXTENSIONS', false)) {
  101. return $event;
  102. }
  104. foreach ($this->eventFactory->createHookablesFor($event) as $hookable) {
  105. $context = Context::createDefaultContext();
  106. if (Feature::isActive('FEATURE_NEXT_17858')) {
  107. if ($event instanceof FlowEventAware || $event instanceof AppChangedEvent || $event instanceof EntityWrittenContainerEvent) {
  108. $context = $event->getContext();
  109. }
  110. } else {
  111. if ($event instanceof BusinessEventInterface || $event instanceof AppChangedEvent || $event instanceof EntityWrittenContainerEvent) {
  112. $context = $event->getContext();
  113. }
  114. }
  116. $this->callWebhooks($hookable, $context);
  117. }
  119. // always return the original event and never our wrapped events
  120. // this would lead to problems in the `BusinessEventDispatcher` from core
  121. return $event;
  122. }
  124. /**
  125. * @param string $eventName
  126. * @param callable $listener
  127. * @param int $priority
  128. */
  129. public function addListener($eventName, $listener, $priority = 0): void
  130. {
  131. $this->dispatcher->addListener($eventName, $listener, $priority);
  132. }
  134. public function addSubscriber(EventSubscriberInterface $subscriber): void
  135. {
  136. $this->dispatcher->addSubscriber($subscriber);
  137. }
  139. /**
  140. * @param string $eventName
  141. * @param callable $listener
  142. */
  143. public function removeListener($eventName, $listener): void
  144. {
  145. $this->dispatcher->removeListener($eventName, $listener);
  146. }
  148. public function removeSubscriber(EventSubscriberInterface $subscriber): void
  149. {
  150. $this->dispatcher->removeSubscriber($subscriber);
  151. }
  153. /**
  154. * @param string|null $eventName
  155. *
  156. * @return array<array-key, array<array-key, callable>|callable>
  157. */
  158. public function getListeners($eventName = null): array
  159. {
  160. return $this->dispatcher->getListeners($eventName);
  161. }
  163. /**
  164. * @param string $eventName
  165. * @param callable $listener
  166. */
  167. public function getListenerPriority($eventName, $listener): ?int
  168. {
  169. return $this->dispatcher->getListenerPriority($eventName, $listener);
  170. }
  172. /**
  173. * @param string|null $eventName
  174. */
  175. public function hasListeners($eventName = null): bool
  176. {
  177. return $this->dispatcher->hasListeners($eventName);
  178. }
  180. public function clearInternalWebhookCache(): void
  181. {
  182. $this->webhooks = null;
  183. }
  185. public function clearInternalPrivilegesCache(): void
  186. {
  187. $this->privileges = [];
  188. }
  190. private function callWebhooks(Hookable $event, Context $context): void
  191. {
  192. /** @var WebhookCollection $webhooksForEvent */
  193. $webhooksForEvent = $this->getWebhooks()->filterForEvent($event->getName());
  195. if ($webhooksForEvent->count() === 0) {
  196. return;
  197. }
  199. $affectedRoleIds = $webhooksForEvent->getAclRoleIdsAsBinary();
  200. $languageId = $context->getLanguageId();
  201. $userLocale = $this->getAppLocaleProvider()->getLocaleFromContext($context);
  203. // If the admin worker is enabled we send all events synchronously, as we can't guarantee timely delivery otherwise.
  204. // Additionally, all app lifecycle events are sent synchronously as those can lead to nasty race conditions otherwise.
  205. if ($this->isAdminWorkerEnabled || $event instanceof AppDeletedEvent || $event instanceof AppChangedEvent) {
  206. Profiler::trace('webhook::dispatch-sync', function () use ($userLocale, $languageId, $affectedRoleIds, $event, $webhooksForEvent): void {
  207. $this->callWebhooksSynchronous($webhooksForEvent, $event, $affectedRoleIds, $languageId, $userLocale);
  208. });
  210. return;
  211. }
  213. Profiler::trace('webhook::dispatch-async', function () use ($userLocale, $languageId, $affectedRoleIds, $event, $webhooksForEvent): void {
  214. $this->dispatchWebhooksToQueue($webhooksForEvent, $event, $affectedRoleIds, $languageId, $userLocale);
  215. });
  216. }
  218. private function getWebhooks(): WebhookCollection
  219. {
  220. if ($this->webhooks) {
  221. return $this->webhooks;
  222. }
  224. $criteria = new Criteria();
  225. $criteria->setTitle('apps::webhooks');
  226. $criteria->addFilter(new EqualsFilter('active', true));
  227. $criteria->addAssociation('app');
  229. /** @var WebhookCollection $webhooks */
  230. $webhooks = $this->container->get('webhook.repository')->search($criteria, Context::createDefaultContext())->getEntities();
  232. return $this->webhooks = $webhooks;
  233. }
  235. private function isEventDispatchingAllowed(WebhookEntity $webhook, Hookable $event, array $affectedRoles): bool
  236. {
  237. $app = $webhook->getApp();
  239. if ($app === null) {
  240. return true;
  241. }
  243. // Only app lifecycle hooks can be received if app is deactivated
  244. if (!$app->isActive() && !($event instanceof AppChangedEvent || $event instanceof AppDeletedEvent)) {
  245. return false;
  246. }
  248. if (!($this->privileges[$event->getName()] ?? null)) {
  249. $this->loadPrivileges($event->getName(), $affectedRoles);
  250. }
  252. $privileges = $this->privileges[$event->getName()][$app->getAclRoleId()]
  253. ?? new AclPrivilegeCollection([]);
  255. if (!$event->isAllowed($app->getId(), $privileges)) {
  256. return false;
  257. }
  259. return true;
  260. }
  262. /**
  263. * @param array<string> $affectedRoleIds
  264. */
  265. private function callWebhooksSynchronous(
  266. WebhookCollection $webhooksForEvent,
  267. Hookable $event,
  268. array $affectedRoleIds,
  269. string $languageId,
  270. string $userLocale
  271. ): void {
  272. $requests = [];
  274. foreach ($webhooksForEvent as $webhook) {
  275. if (!$this->isEventDispatchingAllowed($webhook, $event, $affectedRoleIds)) {
  276. continue;
  277. }
  279. try {
  280. $webhookData = $this->getPayloadForWebhook($webhook, $event);
  281. } catch (AppUrlChangeDetectedException $e) {
  282. // don't dispatch webhooks for apps if url changed
  283. continue;
  284. }
  286. $timestamp = time();
  287. $webhookData['timestamp'] = $timestamp;
  289. /** @var string $jsonPayload */
  290. $jsonPayload = json_encode($webhookData);
  292. $headers = [
  293. 'Content-Type' => 'application/json',
  294. 'sw-version' => $this->shopwareVersion,
  295. AuthMiddleware::SHOPWARE_CONTEXT_LANGUAGE => $languageId,
  296. AuthMiddleware::SHOPWARE_USER_LANGUAGE => $userLocale,
  297. ];
  299. if ($event instanceof AppFlowActionEvent) {
  300. $headers = array_merge($headers, $event->getWebhookHeaders());
  301. }
  303. $request = new Request(
  304. 'POST',
  305. $webhook->getUrl(),
  306. $headers,
  307. $jsonPayload
  308. );
  310. if ($webhook->getApp() !== null && $webhook->getApp()->getAppSecret() !== null) {
  311. $request = $request->withHeader(
  312. RequestSigner::SHOPWARE_SHOP_SIGNATURE,
  313. (new RequestSigner())->signPayload($jsonPayload, $webhook->getApp()->getAppSecret())
  314. );
  315. }
  317. $requests[] = $request;
  318. }
  320. if (\count($requests) > 0) {
  321. $pool = new Pool($this->guzzle, $requests);
  322. $pool->promise()->wait();
  323. }
  324. }
  326. /**
  327. * @param array<string> $affectedRoleIds
  328. */
  329. private function dispatchWebhooksToQueue(
  330. WebhookCollection $webhooksForEvent,
  331. Hookable $event,
  332. array $affectedRoleIds,
  333. string $languageId,
  334. string $userLocale
  335. ): void {
  336. foreach ($webhooksForEvent as $webhook) {
  337. if (!$this->isEventDispatchingAllowed($webhook, $event, $affectedRoleIds)) {
  338. continue;
  339. }
  341. try {
  342. $webhookData = $this->getPayloadForWebhook($webhook, $event);
  343. } catch (AppUrlChangeDetectedException $e) {
  344. // don't dispatch webhooks for apps if url changed
  345. continue;
  346. }
  348. $webhookEventId = $webhookData['source']['eventId'];
  350. $appId = $webhook->getApp() !== null ? $webhook->getApp()->getId() : null;
  351. $secret = $webhook->getApp() !== null ? $webhook->getApp()->getAppSecret() : null;
  353. $webhookEventMessage = new WebhookEventMessage(
  354. $webhookEventId,
  355. $webhookData,
  356. $appId,
  357. $webhook->getId(),
  358. $this->shopwareVersion,
  359. $webhook->getUrl(),
  360. $secret,
  361. $languageId,
  362. $userLocale
  363. );
  365. $this->logWebhookWithEvent($webhook, $webhookEventMessage);
  367. $this->bus->dispatch($webhookEventMessage);
  368. }
  369. }
  371. private function getPayloadForWebhook(WebhookEntity $webhook, Hookable $event): array
  372. {
  373. if ($event instanceof AppFlowActionEvent) {
  374. return $event->getWebhookPayload();
  375. }
  377. $data = [
  378. 'payload' => $event->getWebhookPayload(),
  379. 'event' => $event->getName(),
  380. ];
  382. $source = [
  383. 'url' => $this->shopUrl,
  384. 'eventId' => Uuid::randomHex(),
  385. ];
  387. if ($webhook->getApp() !== null) {
  388. $shopIdProvider = $this->getShopIdProvider();
  390. $source['appVersion'] = $webhook->getApp()->getVersion();
  391. $source['shopId'] = $shopIdProvider->getShopId();
  392. }
  394. return [
  395. 'data' => $data,
  396. 'source' => $source,
  397. ];
  398. }
  400. private function logWebhookWithEvent(WebhookEntity $webhook, WebhookEventMessage $webhookEventMessage): void
  401. {
  402. /** @var EntityRepositoryInterface $webhookEventLogRepository */
  403. $webhookEventLogRepository = $this->container->get('webhook_event_log.repository');
  405. $webhookEventLogRepository->create([
  406. [
  407. 'id' => $webhookEventMessage->getWebhookEventId(),
  408. 'appName' => $webhook->getApp() !== null ? $webhook->getApp()->getName() : null,
  409. 'deliveryStatus' => WebhookEventLogDefinition::STATUS_QUEUED,
  410. 'webhookName' => $webhook->getName(),
  411. 'eventName' => $webhook->getEventName(),
  412. 'appVersion' => $webhook->getApp() !== null ? $webhook->getApp()->getVersion() : null,
  413. 'url' => $webhook->getUrl(),
  414. 'serializedWebhookMessage' => serialize($webhookEventMessage),
  415. ],
  416. ], Context::createDefaultContext());
  417. }
  419. /**
  420. * @param array<string> $affectedRoleIds
  421. */
  422. private function loadPrivileges(string $eventName, array $affectedRoleIds): void
  423. {
  424. $roles = $this->connection->fetchAllAssociative('
  425. SELECT `id`, `privileges`
  426. FROM `acl_role`
  427. WHERE `id` IN (:aclRoleIds)
  428. ', ['aclRoleIds' => $affectedRoleIds], ['aclRoleIds' => Connection::PARAM_STR_ARRAY]);
  430. if (!$roles) {
  431. $this->privileges[$eventName] = [];
  432. }
  434. foreach ($roles as $privilege) {
  435. $this->privileges[$eventName][Uuid::fromBytesToHex($privilege['id'])]
  436. = new AclPrivilegeCollection(json_decode($privilege['privileges'], true));
  437. }
  438. }
  440. private function getShopIdProvider(): ShopIdProvider
  441. {
  442. return $this->container->get(ShopIdProvider::class);
  443. }
  445. private function getAppLocaleProvider(): AppLocaleProvider
  446. {
  447. return $this->container->get(AppLocaleProvider::class);
  448. }
  449. }