1. 首頁
  2. 問答
  3. 驗證Laravel中的Woocommerce Web鉤子

驗證Laravel中的Woocommerce Web鉤子

2017-08-01 101 views
1

我試圖通過來自Woocommerce Web鉤子的請求來驗證數據,該鉤子負責更新Laravel數據庫中的產品項目。驗證Laravel中的Woocommerce Web鉤子

我創建了一個名爲VerifyWoocommerce的中間件,它啓動正確,正如我在日誌中看到的。

我對我如何驗證傳入請求實際上來自Woocommerce有點不確定。

這裏是我的VerifyWoocommerce.php

<?php 

namespace App\Http\Middleware; 

use Closure; 
use Request; 
use Log; 

class VerifyWoocommerce 
{ 

    public function handle($request, Closure $next) 
    { 
     $signature = Request::header('x-wc-webhook-signature'); 
     $calculated_hmac = base64_encode(hash_hmac('sha256', $signature, env('WOOCOMMERCE_WEBHOOK_ITEM_UPDATED'), true)); 

     Log::debug($signature); 
     Log::debug($calculated_hmac); 


     return $next($request); 
    } 
}

兩個變量返回不同的值。我是否比較了正確的值?

UPDATE

這裏是身體的輸出Woocommerce正在發送

[2017-08-01 15:12:34] local.DEBUG: array (
 
    'id' => 38, 
 
    'name' => 'Long Sleeve Tee', 
 
    'slug' => 'long-sleeve-tee', 
 
    'permalink' => 'http://velvetcake.local/product/long-sleeve-tee/', 
 
    'date_created' => '2017-07-31T07:45:31', 
 
    'date_created_gmt' => '2017-07-31T07:45:31', 
 
    'date_modified' => '2017-08-01T15:12:33', 
 
    'date_modified_gmt' => '2017-08-01T15:12:33', 
 
    'type' => 'simple', 
 
    'status' => 'publish', 
 
    'featured' => false, 
 
    'catalog_visibility' => 'visible', 
 
    'description' => '<p>Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Vestibulum tortor quam, feugiat vitae, ultricies eget, tempor sit amet, ante. Donec eu libero sit amet quam egestas semper. Aenean ultricies mi vitae est. Mauris placerat eleifend leo.</p>', 
 
    'short_description' => NULL, 
 
    'sku' => NULL, 
 
    'price' => '25', 
 
    'regular_price' => '25', 
 
    'sale_price' => NULL, 
 
    'date_on_sale_from' => NULL, 
 
    'date_on_sale_from_gmt' => NULL, 
 
    'date_on_sale_to' => NULL, 
 
    'date_on_sale_to_gmt' => NULL, 
 
    'price_html' => '<span class="woocommerce-Price-amount amount"><span class="woocommerce-Price-currencySymbol">&#82;</span>21.93</span>', 
 
    'on_sale' => false, 
 
    'purchasable' => true, 
 
    'total_sales' => 0, 
 
    'virtual' => false, 
 
    'downloadable' => false, 
 
    'downloads' => 
 
    array (
 
), 
 
    'download_limit' => -1, 
 
    'download_expiry' => -1, 
 
    'external_url' => NULL, 
 
    'button_text' => NULL, 
 
    'tax_status' => 'taxable', 
 
    'tax_class' => NULL, 
 
    'manage_stock' => false, 
 
    'stock_quantity' => NULL, 
 
    'in_stock' => true, 
 
    'backorders' => 'no', 
 
    'backorders_allowed' => false, 
 
    'backordered' => false, 
 
    'sold_individually' => false, 
 
    'weight' => NULL, 
 
    'dimensions' => 
 
    array (
 
    'length' => NULL, 
 
    'width' => NULL, 
 
    'height' => NULL, 
 
), 
 
    'shipping_required' => true, 
 
    'shipping_taxable' => true, 
 
    'shipping_class' => NULL, 
 
    'shipping_class_id' => 0, 
 
    'reviews_allowed' => true, 
 
    'average_rating' => '0.00', 
 
    'rating_count' => 0, 
 
    'related_ids' => 
 
    array (
 
    0 => 40, 
 
    1 => 39, 
 
    2 => 41, 
 
), 
 
    'upsell_ids' => 
 
    array (
 
), 
 
    'cross_sell_ids' => 
 
    array (
 
), 
 
    'parent_id' => 0, 
 
    'purchase_note' => NULL, 
 
    'categories' => 
 
    array (
 
    0 => 
 
    array (
 
     'id' => 18, 
 
     'name' => 'Tshirts', 
 
     'slug' => 'tshirts', 
 
    ), 
 
), 
 
    'tags' => 
 
    array (
 
), 
 
    'images' => 
 
    array (
 
    0 => 
 
    array (
 
     'id' => 19, 
 
     'date_created' => '2017-07-31T07:45:31', 
 
     'date_created_gmt' => '2017-07-31T07:45:31', 
 
     'date_modified' => '2017-07-31T07:45:31', 
 
     'date_modified_gmt' => '2017-07-31T07:45:31', 
 
     'src' => 'http://velvetcake.local/wp-content/uploads/2017/07/long-sleeve-tee.jpg', 
 
     'name' => 'Long Sleeve Tee', 
 
     'alt' => NULL, 
 
     'position' => 0, 
 
    ), 
 
), 
 
    'attributes' => 
 
    array (
 
), 
 
    'default_attributes' => 
 
    array (
 
), 
 
    'variations' => 
 
    array (
 
), 
 
    'grouped_products' => 
 
    array (
 
), 
 
    'menu_order' => 0, 
 
    'meta_data' => 
 
    array (
 
), 
 
) 
 
[2017-08-01 15:15:05] local.DEBUG: array (
 
    'id' => 37, 
 
    'name' => 'Hoodie', 
 
    'slug' => 'hoodie', 
 
    'permalink' => 'http://velvetcake.local/product/hoodie/', 
 
    'date_created' => '2017-07-31T07:45:31', 
 
    'date_created_gmt' => '2017-07-31T07:45:31', 
 
    'date_modified' => '2017-08-01T15:15:04', 
 
    'date_modified_gmt' => '2017-08-01T15:15:04', 
 
    'type' => 'simple', 
 
    'status' => 'publish', 
 
    'featured' => true, 
 
    'catalog_visibility' => 'visible', 
 
    'description' => '<p>Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Vestibulum tortor quam, feugiat vitae, ultricies eget, tempor sit amet, ante. Donec eu libero sit amet quam egestas semper. Aenean ultricies mi vitae est. Mauris placerat eleifend leo.</p>', 
 
    'short_description' => NULL, 
 
    'sku' => NULL, 
 
    'price' => '42', 
 
    'regular_price' => '45', 
 
    'sale_price' => '42', 
 
    'date_on_sale_from' => NULL, 
 
    'date_on_sale_from_gmt' => NULL, 
 
    'date_on_sale_to' => NULL, 
 
    'date_on_sale_to_gmt' => NULL, 
 
    'price_html' => '<del><span class="woocommerce-Price-amount amount"><span class="woocommerce-Price-currencySymbol">&#82;</span>39.47</span></del> <ins><span class="woocommerce-Price-amount amount"><span class="woocommerce-Price-currencySymbol">&#82;</span>36.84</span></ins>', 
 
    'on_sale' => true, 
 
    'purchasable' => true, 
 
    'total_sales' => 1, 
 
    'virtual' => false, 
 
    'downloadable' => false, 
 
    'downloads' => 
 
    array (
 
), 
 
    'download_limit' => -1, 
 
    'download_expiry' => -1, 
 
    'external_url' => NULL, 
 
    'button_text' => NULL, 
 
    'tax_status' => 'taxable', 
 
    'tax_class' => NULL, 
 
    'manage_stock' => false, 
 
    'stock_quantity' => NULL, 
 
    'in_stock' => true, 
 
    'backorders' => 'no', 
 
    'backorders_allowed' => false, 
 
    'backordered' => false, 
 
    'sold_individually' => false, 
 
    'weight' => NULL, 
 
    'dimensions' => 
 
    array (
 
    'length' => NULL, 
 
    'width' => NULL, 
 
    'height' => NULL, 
 
), 
 
    'shipping_required' => true, 
 
    'shipping_taxable' => true, 
 
    'shipping_class' => NULL, 
 
    'shipping_class_id' => 0, 
 
    'reviews_allowed' => true, 
 
    'average_rating' => '0.00', 
 
    'rating_count' => 0, 
 
    'related_ids' => 
 
    array (
 
    0 => 35, 
 
    1 => 34, 
 
    2 => 36, 
 
), 
 
    'upsell_ids' => 
 
    array (
 
), 
 
    'cross_sell_ids' => 
 
    array (
 
), 
 
    'parent_id' => 0, 
 
    'purchase_note' => NULL, 
 
    'categories' => 
 
    array (
 
    0 => 
 
    array (
 
     'id' => 17, 
 
     'name' => 'Hoodies', 
 
     'slug' => 'hoodies', 
 
    ), 
 
), 
 
    'tags' => 
 
    array (
 
), 
 
    'images' => 
 
    array (
 
    0 => 
 
    array (
 
     'id' => 18, 
 
     'date_created' => '2017-07-31T07:45:31', 
 
     'date_created_gmt' => '2017-07-31T07:45:31', 
 
     'date_modified' => '2017-07-31T07:45:31', 
 
     'date_modified_gmt' => '2017-07-31T07:45:31', 
 
     'src' => 'http://velvetcake.local/wp-content/uploads/2017/07/hoodie.jpg', 
 
     'name' => 'Hoodie', 
 
     'alt' => NULL, 
 
     'position' => 0, 
 
    ), 
 
), 
 
    'attributes' => 
 
    array (
 
), 
 
    'default_attributes' => 
 
    array (
 
), 
 
    'variations' => 
 
    array (
 
), 
 
    'grouped_products' => 
 
    array (
 
), 
 
    'menu_order' => 0, 
 
    'meta_data' => 
 
    array (
 
), 
 
)

來源

2017-08-01 Marcus Christiansen

+0

乘坐looke [這裏](https://github.com/kloon/WooCommerce-REST-API-Client-Library),看看它是否可以幫助你! – Maraboc

+0

@Maraboc這是不是發送請求到Woocommerce?我通過webhook從Laravel的woocommerce接收數據。 –

+0

@MarcusChristiansen查看下面的答案。你幾乎已經匹配頭部中的HMAC發送請求到一個計算出來的,如果它們匹配,你繼續下一個請求。 –

回答

0

這是我的最終解決

public function handle($request, Closure $next) 
{ 
    $signature = Request::header('x-wc-webhook-signature'); 

    $payload = Request::getContent(); 
    $calculated_hmac = base64_encode(hash_hmac('sha256', $payload, env('WOOCOMMERCE_WEBHOOK_ITEM_UPDATED'), true)); 

    if($signature != $calculated_hmac) { 
     return false; 
    } 

    return $next($request); 
}

的hash_hmac函數的第二個參數需要請求主體爲一個字符串,這是我從請求得到::的getContent()

來源

2017-08-01 16:36:32

0

你實際上是相當接近獲得這一權利。我會給你一個關於需要發生什麼的高級概述/僞代碼(或者我最終會寫代碼,見下文)。

public function handle(Request $request, Closure $next) 
    { 
    // Get the HMAC value from request/header from the Woocommerce request, whatever the hmac value you want is called 
    $hmac = $request->get('hmac'); 

    // Get the signature - your secret 
    $signature = Request::header('x-wc-webhook-signature'); 

    /* Get the woocommerce URL 
    * They should give you a code or some kind of ID and also a TIMESTAMP (this is important in your HMAC Calculation) in the request 
    * You'd need to figure out this bit 
    */ 
    $woocommerceData = $request->get('woocomerceData'); 

    // Calculate the HMAC 
    $calculatedHmac = hash_hmac('sha256', $woocommerceData, $secret, true); 

    // encode the calculated HMAC 
    $calculatedHmac = base64_encode($calculatedHmac) 

    // Check if the HMAC and Calculated HMAC Match, if they do continue 
    if ($hmac == $calculatedHmac) { 
     return $next($request); 
    } 
    // If they don't stop processing 
    else { 
     return false; 
    } 
}

來源

2017-08-01 11:19:46

+0

Giolliano。我正在努力尋找時間戳/ URL以及Woocommerce請求中的HMAC值。我看錯了地方?我在Woocommerce的請求的原始帖子中添加了更新。 –

+0

@MarcusChristiansen所以看看這裏:https://docs.woocommerce.com/wp-content/uploads/2015/01/woocommerce-webhook-log.png在woocommerce文檔。看看他們如何在內容中使用'wc-webhook-signature' +'arg'。嘗試使用該數據計算HMAC並使用發佈請求的日期/時間。 –

相關問題

 相關問題