vendor/shopware/core/Framework/Webhook/WebhookDispatcher.php line 65

  1. <?php declare(strict_types=1);
  3. namespace Shopware\Core\Framework\Webhook;
  5. use Doctrine\DBAL\ArrayParameterType;
  6. use Doctrine\DBAL\Connection;
  7. use GuzzleHttp\Client;
  8. use GuzzleHttp\Pool;
  9. use GuzzleHttp\Psr7\Request;
  10. use Shopware\Core\DevOps\Environment\EnvironmentHelper;
  11. use Shopware\Core\Framework\App\AppLocaleProvider;
  12. use Shopware\Core\Framework\App\Event\AppChangedEvent;
  13. use Shopware\Core\Framework\App\Event\AppDeletedEvent;
  14. use Shopware\Core\Framework\App\Event\AppFlowActionEvent;
  15. use Shopware\Core\Framework\App\Exception\AppUrlChangeDetectedException;
  16. use Shopware\Core\Framework\App\Hmac\Guzzle\AuthMiddleware;
  17. use Shopware\Core\Framework\App\Hmac\RequestSigner;
  18. use Shopware\Core\Framework\App\ShopId\ShopIdProvider;
  19. use Shopware\Core\Framework\Context;
  20. use Shopware\Core\Framework\DataAbstractionLayer\EntityRepository;
  21. use Shopware\Core\Framework\DataAbstractionLayer\Event\EntityWrittenContainerEvent;
  22. use Shopware\Core\Framework\DataAbstractionLayer\Search\Criteria;
  23. use Shopware\Core\Framework\DataAbstractionLayer\Search\Filter\EqualsFilter;
  24. use Shopware\Core\Framework\Event\FlowEventAware;
  25. use Shopware\Core\Framework\Log\Package;
  26. use Shopware\Core\Framework\Uuid\Uuid;
  27. use Shopware\Core\Framework\Webhook\EventLog\WebhookEventLogDefinition;
  28. use Shopware\Core\Framework\Webhook\Hookable\HookableEventFactory;
  29. use Shopware\Core\Framework\Webhook\Message\WebhookEventMessage;
  30. use Shopware\Core\Profiling\Profiler;
  31. use Symfony\Component\DependencyInjection\ContainerInterface;
  32. use Symfony\Component\EventDispatcher\EventDispatcherInterface;
  33. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  34. use Symfony\Component\Messenger\MessageBusInterface;
  36. /**
  37.  * @deprecated tag:v6.6.0 - Will be internal - reason:visibility-change
  38.  */
  39. #[Package('core')]
  40. class WebhookDispatcher implements EventDispatcherInterface
  41. {
  42.     private ?WebhookCollection $webhooks null;
  44.     /**
  45.      * @var array<string, mixed>
  46.      */
  47.     private array $privileges = [];
  49.     /**
  50.      * @internal
  51.      */
  52.     public function __construct(
  53.         private readonly EventDispatcherInterface $dispatcher,
  54.         private readonly Connection $connection,
  55.         private readonly Client $guzzle,
  56.         private readonly string $shopUrl,
  57.         private readonly ContainerInterface $container,
  58.         private readonly HookableEventFactory $eventFactory,
  59.         private readonly string $shopwareVersion,
  60.         private readonly MessageBusInterface $bus,
  61.         private readonly bool $isAdminWorkerEnabled
  62.     ) {
  63.     }
  65.     public function dispatch(object $event, ?string $eventName null): object
  66.     {
  67.         $event $this->dispatcher->dispatch($event$eventName);
  69.         if (EnvironmentHelper::getVariable('DISABLE_EXTENSIONS'false)) {
  70.             return $event;
  71.         }
  73.         foreach ($this->eventFactory->createHookablesFor($event) as $hookable) {
  74.             $context Context::createDefaultContext();
  75.             if ($event instanceof FlowEventAware || $event instanceof AppChangedEvent || $event instanceof EntityWrittenContainerEvent) {
  76.                 $context $event->getContext();
  77.             }
  79.             $this->callWebhooks($hookable$context);
  80.         }
  82.         // always return the original event and never our wrapped events
  83.         // this would lead to problems in the `BusinessEventDispatcher` from core
  84.         return $event;
  85.     }
  87.     /**
  88.      * @param callable $listener can not use native type declaration @see https://github.com/symfony/symfony/issues/42283
  89.      */
  90.     public function addListener(string $eventName$listenerint $priority 0): void // @phpstan-ignore-line
  91.     {
  92.         /** @var callable(object): void $listener - Specify generic callback interface callers can provide more specific implementations */
  93.         $this->dispatcher->addListener($eventName$listener$priority);
  94.     }
  96.     public function addSubscriber(EventSubscriberInterface $subscriber): void
  97.     {
  98.         $this->dispatcher->addSubscriber($subscriber);
  99.     }
  101.     public function removeListener(string $eventName, callable $listener): void
  102.     {
  103.         /** @var callable(object): void $listener - Specify generic callback interface callers can provide more specific implementations */
  104.         $this->dispatcher->removeListener($eventName$listener);
  105.     }
  107.     public function removeSubscriber(EventSubscriberInterface $subscriber): void
  108.     {
  109.         $this->dispatcher->removeSubscriber($subscriber);
  110.     }
  112.     /**
  113.      * @return array<array-key, array<array-key, callable(object): void>|callable(object): void>
  114.      */
  115.     public function getListeners(?string $eventName null): array
  116.     {
  117.         return $this->dispatcher->getListeners($eventName);
  118.     }
  120.     public function getListenerPriority(string $eventName, callable $listener): ?int
  121.     {
  122.         /** @var callable(object): void $listener - Specify generic callback interface callers can provide more specific implementations */
  123.         return $this->dispatcher->getListenerPriority($eventName$listener);
  124.     }
  126.     public function hasListeners(?string $eventName null): bool
  127.     {
  128.         return $this->dispatcher->hasListeners($eventName);
  129.     }
  131.     public function clearInternalWebhookCache(): void
  132.     {
  133.         $this->webhooks null;
  134.     }
  136.     public function clearInternalPrivilegesCache(): void
  137.     {
  138.         $this->privileges = [];
  139.     }
  141.     private function callWebhooks(Hookable $eventContext $context): void
  142.     {
  143.         /** @var WebhookCollection $webhooksForEvent */
  144.         $webhooksForEvent $this->getWebhooks()->filterForEvent($event->getName());
  146.         if ($webhooksForEvent->count() === 0) {
  147.             return;
  148.         }
  150.         $affectedRoleIds $webhooksForEvent->getAclRoleIdsAsBinary();
  151.         $languageId $context->getLanguageId();
  152.         $userLocale $this->getAppLocaleProvider()->getLocaleFromContext($context);
  154.         // If the admin worker is enabled we send all events synchronously, as we can't guarantee timely delivery otherwise.
  155.         // Additionally, all app lifecycle events are sent synchronously as those can lead to nasty race conditions otherwise.
  156.         if ($this->isAdminWorkerEnabled || $event instanceof AppDeletedEvent || $event instanceof AppChangedEvent) {
  157.             Profiler::trace('webhook::dispatch-sync', function () use ($userLocale$languageId$affectedRoleIds$event$webhooksForEvent): void {
  158.                 $this->callWebhooksSynchronous($webhooksForEvent$event$affectedRoleIds$languageId$userLocale);
  159.             });
  161.             return;
  162.         }
  164.         Profiler::trace('webhook::dispatch-async', function () use ($userLocale$languageId$affectedRoleIds$event$webhooksForEvent): void {
  165.             $this->dispatchWebhooksToQueue($webhooksForEvent$event$affectedRoleIds$languageId$userLocale);
  166.         });
  167.     }
  169.     private function getWebhooks(): WebhookCollection
  170.     {
  171.         if ($this->webhooks) {
  172.             return $this->webhooks;
  173.         }
  175.         $criteria = new Criteria();
  176.         $criteria->setTitle('apps::webhooks');
  177.         $criteria->addFilter(new EqualsFilter('active'true));
  178.         $criteria->addAssociation('app');
  180.         /** @var WebhookCollection $webhooks */
  181.         $webhooks $this->container->get('webhook.repository')->search($criteriaContext::createDefaultContext())->getEntities();
  183.         return $this->webhooks $webhooks;
  184.     }
  186.     /**
  187.      * @param array<string> $affectedRoles
  188.      */
  189.     private function isEventDispatchingAllowed(WebhookEntity $webhookHookable $event, array $affectedRoles): bool
  190.     {
  191.         $app $webhook->getApp();
  193.         if ($app === null) {
  194.             return true;
  195.         }
  197.         // Only app lifecycle hooks can be received if app is deactivated
  198.         if (!$app->isActive() && !($event instanceof AppChangedEvent || $event instanceof AppDeletedEvent)) {
  199.             return false;
  200.         }
  202.         if (!($this->privileges[$event->getName()] ?? null)) {
  203.             $this->loadPrivileges($event->getName(), $affectedRoles);
  204.         }
  206.         $privileges $this->privileges[$event->getName()][$app->getAclRoleId()]
  207.             ?? new AclPrivilegeCollection([]);
  209.         if (!$event->isAllowed($app->getId(), $privileges)) {
  210.             return false;
  211.         }
  213.         return true;
  214.     }
  216.     /**
  217.      * @param array<string> $affectedRoleIds
  218.      */
  219.     private function callWebhooksSynchronous(
  220.         WebhookCollection $webhooksForEvent,
  221.         Hookable $event,
  222.         array $affectedRoleIds,
  223.         string $languageId,
  224.         string $userLocale
  225.     ): void {
  226.         $requests = [];
  228.         foreach ($webhooksForEvent as $webhook) {
  229.             if (!$this->isEventDispatchingAllowed($webhook$event$affectedRoleIds)) {
  230.                 continue;
  231.             }
  233.             try {
  234.                 $webhookData $this->getPayloadForWebhook($webhook$event);
  235.             } catch (AppUrlChangeDetectedException) {
  236.                 // don't dispatch webhooks for apps if url changed
  237.                 continue;
  238.             }
  240.             $timestamp time();
  241.             $webhookData['timestamp'] = $timestamp;
  243.             /** @var string $jsonPayload */
  244.             $jsonPayload json_encode($webhookData\JSON_THROW_ON_ERROR);
  246.             $headers = [
  247.                 'Content-Type' => 'application/json',
  248.                 'sw-version' => $this->shopwareVersion,
  249.                 AuthMiddleware::SHOPWARE_CONTEXT_LANGUAGE => $languageId,
  250.                 AuthMiddleware::SHOPWARE_USER_LANGUAGE => $userLocale,
  251.             ];
  253.             if ($event instanceof AppFlowActionEvent) {
  254.                 $headers array_merge($headers$event->getWebhookHeaders());
  255.             }
  257.             $request = new Request(
  258.                 'POST',
  259.                 $webhook->getUrl(),
  260.                 $headers,
  261.                 $jsonPayload
  262.             );
  264.             if ($webhook->getApp() !== null && $webhook->getApp()->getAppSecret() !== null) {
  265.                 $request $request->withHeader(
  266.                     RequestSigner::SHOPWARE_SHOP_SIGNATURE,
  267.                     (new RequestSigner())->signPayload($jsonPayload$webhook->getApp()->getAppSecret())
  268.                 );
  269.             }
  271.             $requests[] = $request;
  272.         }
  274.         if (\count($requests) > 0) {
  275.             $pool = new Pool($this->guzzle$requests);
  276.             $pool->promise()->wait();
  277.         }
  278.     }
  280.     /**
  281.      * @param array<string> $affectedRoleIds
  282.      */
  283.     private function dispatchWebhooksToQueue(
  284.         WebhookCollection $webhooksForEvent,
  285.         Hookable $event,
  286.         array $affectedRoleIds,
  287.         string $languageId,
  288.         string $userLocale
  289.     ): void {
  290.         foreach ($webhooksForEvent as $webhook) {
  291.             if (!$this->isEventDispatchingAllowed($webhook$event$affectedRoleIds)) {
  292.                 continue;
  293.             }
  295.             try {
  296.                 $webhookData $this->getPayloadForWebhook($webhook$event);
  297.             } catch (AppUrlChangeDetectedException) {
  298.                 // don't dispatch webhooks for apps if url changed
  299.                 continue;
  300.             }
  302.             $webhookEventId $webhookData['source']['eventId'];
  304.             $appId $webhook->getApp() !== null $webhook->getApp()->getId() : null;
  305.             $secret $webhook->getApp() !== null $webhook->getApp()->getAppSecret() : null;
  307.             $webhookEventMessage = new WebhookEventMessage(
  308.                 $webhookEventId,
  309.                 $webhookData,
  310.                 $appId,
  311.                 $webhook->getId(),
  312.                 $this->shopwareVersion,
  313.                 $webhook->getUrl(),
  314.                 $secret,
  315.                 $languageId,
  316.                 $userLocale
  317.             );
  319.             $this->logWebhookWithEvent($webhook$webhookEventMessage);
  321.             $this->bus->dispatch($webhookEventMessage);
  322.         }
  323.     }
  325.     /**
  326.      * @return array<string, mixed>
  327.      */
  328.     private function getPayloadForWebhook(WebhookEntity $webhookHookable $event): array
  329.     {
  330.         $source = [
  331.             'url' => $this->shopUrl,
  332.             'eventId' => Uuid::randomHex(),
  333.         ];
  335.         if ($webhook->getApp() !== null) {
  336.             $shopIdProvider $this->getShopIdProvider();
  338.             $source['appVersion'] = $webhook->getApp()->getVersion();
  339.             $source['shopId'] = $shopIdProvider->getShopId();
  340.         }
  342.         if ($event instanceof AppFlowActionEvent) {
  343.             $source['action'] = $event->getName();
  344.             $payload $event->getWebhookPayload();
  345.             $payload['source'] = $source;
  347.             return $payload;
  348.         }
  350.         $data = [
  351.             'payload' => $event->getWebhookPayload($webhook->getApp()),
  352.             'event' => $event->getName(),
  353.         ];
  355.         return [
  356.             'data' => $data,
  357.             'source' => $source,
  358.         ];
  359.     }
  361.     private function logWebhookWithEvent(WebhookEntity $webhookWebhookEventMessage $webhookEventMessage): void
  362.     {
  363.         /** @var EntityRepository $webhookEventLogRepository */
  364.         $webhookEventLogRepository $this->container->get('webhook_event_log.repository');
  366.         $webhookEventLogRepository->create([
  367.             [
  368.                 'id' => $webhookEventMessage->getWebhookEventId(),
  369.                 'appName' => $webhook->getApp()?->getName(),
  370.                 'deliveryStatus' => WebhookEventLogDefinition::STATUS_QUEUED,
  371.                 'webhookName' => $webhook->getName(),
  372.                 'eventName' => $webhook->getEventName(),
  373.                 'appVersion' => $webhook->getApp()?->getVersion(),
  374.                 'url' => $webhook->getUrl(),
  375.                 'serializedWebhookMessage' => serialize($webhookEventMessage),
  376.             ],
  377.         ], Context::createDefaultContext());
  378.     }
  380.     /**
  381.      * @param array<string> $affectedRoleIds
  382.      */
  383.     private function loadPrivileges(string $eventName, array $affectedRoleIds): void
  384.     {
  385.         $roles $this->connection->fetchAllAssociative('
  386.             SELECT `id`, `privileges`
  387.             FROM `acl_role`
  388.             WHERE `id` IN (:aclRoleIds)
  389.         ', ['aclRoleIds' => $affectedRoleIds], ['aclRoleIds' => ArrayParameterType::STRING]);
  391.         if (!$roles) {
  392.             $this->privileges[$eventName] = [];
  393.         }
  395.         foreach ($roles as $privilege) {
  396.             $this->privileges[$eventName][Uuid::fromBytesToHex($privilege['id'])]
  397.                 = new AclPrivilegeCollection(json_decode((string) $privilege['privileges'], true512\JSON_THROW_ON_ERROR));
  398.         }
  399.     }
  401.     private function getShopIdProvider(): ShopIdProvider
  402.     {
  403.         return $this->container->get(ShopIdProvider::class);
  404.     }
  406.     private function getAppLocaleProvider(): AppLocaleProvider
  407.     {
  408.         return $this->container->get(AppLocaleProvider::class);
  409.     }
  410. }