1. 首页
  2. 问答
  3. 验证Laravel中的Woocommerce Web钩子

验证Laravel中的Woocommerce Web钩子

2017-08-01 31 views
1

我试图通过来自Woocommerce Web钩子的请求来验证数据,该钩子负责更新Laravel数据库中的产品项目。验证Laravel中的Woocommerce Web钩子

我创建了一个名为VerifyWoocommerce的中间件,它启动正确,正如我在日志中看到的。

我对我如何验证传入请求实际上来自Woocommerce有点不确定。

这里是我的VerifyWoocommerce.php

<?php 

namespace App\Http\Middleware; 

use Closure; 
use Request; 
use Log; 

class VerifyWoocommerce 
{ 

    public function handle($request, Closure $next) 
    { 
     $signature = Request::header('x-wc-webhook-signature'); 
     $calculated_hmac = base64_encode(hash_hmac('sha256', $signature, env('WOOCOMMERCE_WEBHOOK_ITEM_UPDATED'), true)); 

     Log::debug($signature); 
     Log::debug($calculated_hmac); 


     return $next($request); 
    } 
}

两个变量返回不同的值。我是否比较了正确的值?

UPDATE

这里是身体的输出Woocommerce正在发送

[2017-08-01 15:12:34] local.DEBUG: array (
 
    'id' => 38, 
 
    'name' => 'Long Sleeve Tee', 
 
    'slug' => 'long-sleeve-tee', 
 
    'permalink' => 'http://velvetcake.local/product/long-sleeve-tee/', 
 
    'date_created' => '2017-07-31T07:45:31', 
 
    'date_created_gmt' => '2017-07-31T07:45:31', 
 
    'date_modified' => '2017-08-01T15:12:33', 
 
    'date_modified_gmt' => '2017-08-01T15:12:33', 
 
    'type' => 'simple', 
 
    'status' => 'publish', 
 
    'featured' => false, 
 
    'catalog_visibility' => 'visible', 
 
    'description' => '<p>Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Vestibulum tortor quam, feugiat vitae, ultricies eget, tempor sit amet, ante. Donec eu libero sit amet quam egestas semper. Aenean ultricies mi vitae est. Mauris placerat eleifend leo.</p>', 
 
    'short_description' => NULL, 
 
    'sku' => NULL, 
 
    'price' => '25', 
 
    'regular_price' => '25', 
 
    'sale_price' => NULL, 
 
    'date_on_sale_from' => NULL, 
 
    'date_on_sale_from_gmt' => NULL, 
 
    'date_on_sale_to' => NULL, 
 
    'date_on_sale_to_gmt' => NULL, 
 
    'price_html' => '<span class="woocommerce-Price-amount amount"><span class="woocommerce-Price-currencySymbol">&#82;</span>21.93</span>', 
 
    'on_sale' => false, 
 
    'purchasable' => true, 
 
    'total_sales' => 0, 
 
    'virtual' => false, 
 
    'downloadable' => false, 
 
    'downloads' => 
 
    array (
 
), 
 
    'download_limit' => -1, 
 
    'download_expiry' => -1, 
 
    'external_url' => NULL, 
 
    'button_text' => NULL, 
 
    'tax_status' => 'taxable', 
 
    'tax_class' => NULL, 
 
    'manage_stock' => false, 
 
    'stock_quantity' => NULL, 
 
    'in_stock' => true, 
 
    'backorders' => 'no', 
 
    'backorders_allowed' => false, 
 
    'backordered' => false, 
 
    'sold_individually' => false, 
 
    'weight' => NULL, 
 
    'dimensions' => 
 
    array (
 
    'length' => NULL, 
 
    'width' => NULL, 
 
    'height' => NULL, 
 
), 
 
    'shipping_required' => true, 
 
    'shipping_taxable' => true, 
 
    'shipping_class' => NULL, 
 
    'shipping_class_id' => 0, 
 
    'reviews_allowed' => true, 
 
    'average_rating' => '0.00', 
 
    'rating_count' => 0, 
 
    'related_ids' => 
 
    array (
 
    0 => 40, 
 
    1 => 39, 
 
    2 => 41, 
 
), 
 
    'upsell_ids' => 
 
    array (
 
), 
 
    'cross_sell_ids' => 
 
    array (
 
), 
 
    'parent_id' => 0, 
 
    'purchase_note' => NULL, 
 
    'categories' => 
 
    array (
 
    0 => 
 
    array (
 
     'id' => 18, 
 
     'name' => 'Tshirts', 
 
     'slug' => 'tshirts', 
 
    ), 
 
), 
 
    'tags' => 
 
    array (
 
), 
 
    'images' => 
 
    array (
 
    0 => 
 
    array (
 
     'id' => 19, 
 
     'date_created' => '2017-07-31T07:45:31', 
 
     'date_created_gmt' => '2017-07-31T07:45:31', 
 
     'date_modified' => '2017-07-31T07:45:31', 
 
     'date_modified_gmt' => '2017-07-31T07:45:31', 
 
     'src' => 'http://velvetcake.local/wp-content/uploads/2017/07/long-sleeve-tee.jpg', 
 
     'name' => 'Long Sleeve Tee', 
 
     'alt' => NULL, 
 
     'position' => 0, 
 
    ), 
 
), 
 
    'attributes' => 
 
    array (
 
), 
 
    'default_attributes' => 
 
    array (
 
), 
 
    'variations' => 
 
    array (
 
), 
 
    'grouped_products' => 
 
    array (
 
), 
 
    'menu_order' => 0, 
 
    'meta_data' => 
 
    array (
 
), 
 
) 
 
[2017-08-01 15:15:05] local.DEBUG: array (
 
    'id' => 37, 
 
    'name' => 'Hoodie', 
 
    'slug' => 'hoodie', 
 
    'permalink' => 'http://velvetcake.local/product/hoodie/', 
 
    'date_created' => '2017-07-31T07:45:31', 
 
    'date_created_gmt' => '2017-07-31T07:45:31', 
 
    'date_modified' => '2017-08-01T15:15:04', 
 
    'date_modified_gmt' => '2017-08-01T15:15:04', 
 
    'type' => 'simple', 
 
    'status' => 'publish', 
 
    'featured' => true, 
 
    'catalog_visibility' => 'visible', 
 
    'description' => '<p>Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Vestibulum tortor quam, feugiat vitae, ultricies eget, tempor sit amet, ante. Donec eu libero sit amet quam egestas semper. Aenean ultricies mi vitae est. Mauris placerat eleifend leo.</p>', 
 
    'short_description' => NULL, 
 
    'sku' => NULL, 
 
    'price' => '42', 
 
    'regular_price' => '45', 
 
    'sale_price' => '42', 
 
    'date_on_sale_from' => NULL, 
 
    'date_on_sale_from_gmt' => NULL, 
 
    'date_on_sale_to' => NULL, 
 
    'date_on_sale_to_gmt' => NULL, 
 
    'price_html' => '<del><span class="woocommerce-Price-amount amount"><span class="woocommerce-Price-currencySymbol">&#82;</span>39.47</span></del> <ins><span class="woocommerce-Price-amount amount"><span class="woocommerce-Price-currencySymbol">&#82;</span>36.84</span></ins>', 
 
    'on_sale' => true, 
 
    'purchasable' => true, 
 
    'total_sales' => 1, 
 
    'virtual' => false, 
 
    'downloadable' => false, 
 
    'downloads' => 
 
    array (
 
), 
 
    'download_limit' => -1, 
 
    'download_expiry' => -1, 
 
    'external_url' => NULL, 
 
    'button_text' => NULL, 
 
    'tax_status' => 'taxable', 
 
    'tax_class' => NULL, 
 
    'manage_stock' => false, 
 
    'stock_quantity' => NULL, 
 
    'in_stock' => true, 
 
    'backorders' => 'no', 
 
    'backorders_allowed' => false, 
 
    'backordered' => false, 
 
    'sold_individually' => false, 
 
    'weight' => NULL, 
 
    'dimensions' => 
 
    array (
 
    'length' => NULL, 
 
    'width' => NULL, 
 
    'height' => NULL, 
 
), 
 
    'shipping_required' => true, 
 
    'shipping_taxable' => true, 
 
    'shipping_class' => NULL, 
 
    'shipping_class_id' => 0, 
 
    'reviews_allowed' => true, 
 
    'average_rating' => '0.00', 
 
    'rating_count' => 0, 
 
    'related_ids' => 
 
    array (
 
    0 => 35, 
 
    1 => 34, 
 
    2 => 36, 
 
), 
 
    'upsell_ids' => 
 
    array (
 
), 
 
    'cross_sell_ids' => 
 
    array (
 
), 
 
    'parent_id' => 0, 
 
    'purchase_note' => NULL, 
 
    'categories' => 
 
    array (
 
    0 => 
 
    array (
 
     'id' => 17, 
 
     'name' => 'Hoodies', 
 
     'slug' => 'hoodies', 
 
    ), 
 
), 
 
    'tags' => 
 
    array (
 
), 
 
    'images' => 
 
    array (
 
    0 => 
 
    array (
 
     'id' => 18, 
 
     'date_created' => '2017-07-31T07:45:31', 
 
     'date_created_gmt' => '2017-07-31T07:45:31', 
 
     'date_modified' => '2017-07-31T07:45:31', 
 
     'date_modified_gmt' => '2017-07-31T07:45:31', 
 
     'src' => 'http://velvetcake.local/wp-content/uploads/2017/07/hoodie.jpg', 
 
     'name' => 'Hoodie', 
 
     'alt' => NULL, 
 
     'position' => 0, 
 
    ), 
 
), 
 
    'attributes' => 
 
    array (
 
), 
 
    'default_attributes' => 
 
    array (
 
), 
 
    'variations' => 
 
    array (
 
), 
 
    'grouped_products' => 
 
    array (
 
), 
 
    'menu_order' => 0, 
 
    'meta_data' => 
 
    array (
 
), 
 
)

来源

2017-08-01 Marcus Christiansen

+0

乘坐looke [这里](https://github.com/kloon/WooCommerce-REST-API-Client-Library),看看它是否可以帮助你! – Maraboc

+0

@Maraboc这是不是发送请求到Woocommerce?我通过webhook从Laravel的woocommerce接收数据。 –

+0

@MarcusChristiansen查看下面的答案。你几乎已经匹配头部中的HMAC发送请求到一个计算出来的,如果它们匹配,你继续下一个请求。 –

回答

0

这是我的最终解决

public function handle($request, Closure $next) 
{ 
    $signature = Request::header('x-wc-webhook-signature'); 

    $payload = Request::getContent(); 
    $calculated_hmac = base64_encode(hash_hmac('sha256', $payload, env('WOOCOMMERCE_WEBHOOK_ITEM_UPDATED'), true)); 

    if($signature != $calculated_hmac) { 
     return false; 
    } 

    return $next($request); 
}

的hash_hmac函数的第二个参数需要请求主体为一个字符串,这是我从请求得到::的getContent()

来源

2017-08-01 16:36:32

0

你实际上是相当接近获得这一权利。我会给你一个关于需要发生什么的高级概述/伪代码(或者我最终会写代码,见下文)。

public function handle(Request $request, Closure $next) 
    { 
    // Get the HMAC value from request/header from the Woocommerce request, whatever the hmac value you want is called 
    $hmac = $request->get('hmac'); 

    // Get the signature - your secret 
    $signature = Request::header('x-wc-webhook-signature'); 

    /* Get the woocommerce URL 
    * They should give you a code or some kind of ID and also a TIMESTAMP (this is important in your HMAC Calculation) in the request 
    * You'd need to figure out this bit 
    */ 
    $woocommerceData = $request->get('woocomerceData'); 

    // Calculate the HMAC 
    $calculatedHmac = hash_hmac('sha256', $woocommerceData, $secret, true); 

    // encode the calculated HMAC 
    $calculatedHmac = base64_encode($calculatedHmac) 

    // Check if the HMAC and Calculated HMAC Match, if they do continue 
    if ($hmac == $calculatedHmac) { 
     return $next($request); 
    } 
    // If they don't stop processing 
    else { 
     return false; 
    } 
}

来源

2017-08-01 11:19:46

+0

Giolliano。我正在努力寻找时间戳/ URL以及Woocommerce请求中的HMAC值。我看错了地方?我在Woocommerce的请求的原始帖子中添加了更新。 –

+0

@MarcusChristiansen所以看看这里:https://docs.woocommerce.com/wp-content/uploads/2015/01/woocommerce-webhook-log.png在woocommerce文档。看看他们如何在内容中使用'wc-webhook-signature' +'arg'。尝试使用该数据计算HMAC并使用发布请求的日期/时间。 –

相关问题

 相关问题