duan117890 2017-08-01 10:54
浏览 46
已采纳

验证Laravel中的Woocommerce Web挂钩

I'm trying to verify data coming in, via a request from a Woocommerce web hook that is responsible for updating product items in my Laravel database.

I've created a Middleware called VerifyWoocommerce, which fires correct, as I can see in my logs.

I'm a little uncertain as to how I can verify that the incoming request actually came from Woocommerce.

Here's my VerifyWoocommerce.php

<?php

namespace App\Http\Middleware;

use Closure;
use Request;
use Log;

class VerifyWoocommerce
{

    public function handle($request, Closure $next)
    {
        $signature = Request::header('x-wc-webhook-signature');
        $calculated_hmac = base64_encode(hash_hmac('sha256', $signature, env('WOOCOMMERCE_WEBHOOK_ITEM_UPDATED'), true));

        Log::debug($signature);
        Log::debug($calculated_hmac);


        return $next($request);
    }
}

Both variables return different values. Am I comparing the correct values?

UPDATE

Here's an output of the body that Woocommerce is sending

[2017-08-01 15:12:34] local.DEBUG: array (
  'id' => 38,
  'name' => 'Long Sleeve Tee',
  'slug' => 'long-sleeve-tee',
  'permalink' => 'http://velvetcake.local/product/long-sleeve-tee/',
  'date_created' => '2017-07-31T07:45:31',
  'date_created_gmt' => '2017-07-31T07:45:31',
  'date_modified' => '2017-08-01T15:12:33',
  'date_modified_gmt' => '2017-08-01T15:12:33',
  'type' => 'simple',
  'status' => 'publish',
  'featured' => false,
  'catalog_visibility' => 'visible',
  'description' => '<p>Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Vestibulum tortor quam, feugiat vitae, ultricies eget, tempor sit amet, ante. Donec eu libero sit amet quam egestas semper. Aenean ultricies mi vitae est. Mauris placerat eleifend leo.</p>',
  'short_description' => NULL,
  'sku' => NULL,
  'price' => '25',
  'regular_price' => '25',
  'sale_price' => NULL,
  'date_on_sale_from' => NULL,
  'date_on_sale_from_gmt' => NULL,
  'date_on_sale_to' => NULL,
  'date_on_sale_to_gmt' => NULL,
  'price_html' => '<span class="woocommerce-Price-amount amount"><span class="woocommerce-Price-currencySymbol">&#82;</span>21.93</span>',
  'on_sale' => false,
  'purchasable' => true,
  'total_sales' => 0,
  'virtual' => false,
  'downloadable' => false,
  'downloads' => 
  array (
  ),
  'download_limit' => -1,
  'download_expiry' => -1,
  'external_url' => NULL,
  'button_text' => NULL,
  'tax_status' => 'taxable',
  'tax_class' => NULL,
  'manage_stock' => false,
  'stock_quantity' => NULL,
  'in_stock' => true,
  'backorders' => 'no',
  'backorders_allowed' => false,
  'backordered' => false,
  'sold_individually' => false,
  'weight' => NULL,
  'dimensions' => 
  array (
    'length' => NULL,
    'width' => NULL,
    'height' => NULL,
  ),
  'shipping_required' => true,
  'shipping_taxable' => true,
  'shipping_class' => NULL,
  'shipping_class_id' => 0,
  'reviews_allowed' => true,
  'average_rating' => '0.00',
  'rating_count' => 0,
  'related_ids' => 
  array (
    0 => 40,
    1 => 39,
    2 => 41,
  ),
  'upsell_ids' => 
  array (
  ),
  'cross_sell_ids' => 
  array (
  ),
  'parent_id' => 0,
  'purchase_note' => NULL,
  'categories' => 
  array (
    0 => 
    array (
      'id' => 18,
      'name' => 'Tshirts',
      'slug' => 'tshirts',
    ),
  ),
  'tags' => 
  array (
  ),
  'images' => 
  array (
    0 => 
    array (
      'id' => 19,
      'date_created' => '2017-07-31T07:45:31',
      'date_created_gmt' => '2017-07-31T07:45:31',
      'date_modified' => '2017-07-31T07:45:31',
      'date_modified_gmt' => '2017-07-31T07:45:31',
      'src' => 'http://velvetcake.local/wp-content/uploads/2017/07/long-sleeve-tee.jpg',
      'name' => 'Long Sleeve Tee',
      'alt' => NULL,
      'position' => 0,
    ),
  ),
  'attributes' => 
  array (
  ),
  'default_attributes' => 
  array (
  ),
  'variations' => 
  array (
  ),
  'grouped_products' => 
  array (
  ),
  'menu_order' => 0,
  'meta_data' => 
  array (
  ),
)  
[2017-08-01 15:15:05] local.DEBUG: array (
  'id' => 37,
  'name' => 'Hoodie',
  'slug' => 'hoodie',
  'permalink' => 'http://velvetcake.local/product/hoodie/',
  'date_created' => '2017-07-31T07:45:31',
  'date_created_gmt' => '2017-07-31T07:45:31',
  'date_modified' => '2017-08-01T15:15:04',
  'date_modified_gmt' => '2017-08-01T15:15:04',
  'type' => 'simple',
  'status' => 'publish',
  'featured' => true,
  'catalog_visibility' => 'visible',
  'description' => '<p>Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Vestibulum tortor quam, feugiat vitae, ultricies eget, tempor sit amet, ante. Donec eu libero sit amet quam egestas semper. Aenean ultricies mi vitae est. Mauris placerat eleifend leo.</p>',
  'short_description' => NULL,
  'sku' => NULL,
  'price' => '42',
  'regular_price' => '45',
  'sale_price' => '42',
  'date_on_sale_from' => NULL,
  'date_on_sale_from_gmt' => NULL,
  'date_on_sale_to' => NULL,
  'date_on_sale_to_gmt' => NULL,
  'price_html' => '<del><span class="woocommerce-Price-amount amount"><span class="woocommerce-Price-currencySymbol">&#82;</span>39.47</span></del> <ins><span class="woocommerce-Price-amount amount"><span class="woocommerce-Price-currencySymbol">&#82;</span>36.84</span></ins>',
  'on_sale' => true,
  'purchasable' => true,
  'total_sales' => 1,
  'virtual' => false,
  'downloadable' => false,
  'downloads' => 
  array (
  ),
  'download_limit' => -1,
  'download_expiry' => -1,
  'external_url' => NULL,
  'button_text' => NULL,
  'tax_status' => 'taxable',
  'tax_class' => NULL,
  'manage_stock' => false,
  'stock_quantity' => NULL,
  'in_stock' => true,
  'backorders' => 'no',
  'backorders_allowed' => false,
  'backordered' => false,
  'sold_individually' => false,
  'weight' => NULL,
  'dimensions' => 
  array (
    'length' => NULL,
    'width' => NULL,
    'height' => NULL,
  ),
  'shipping_required' => true,
  'shipping_taxable' => true,
  'shipping_class' => NULL,
  'shipping_class_id' => 0,
  'reviews_allowed' => true,
  'average_rating' => '0.00',
  'rating_count' => 0,
  'related_ids' => 
  array (
    0 => 35,
    1 => 34,
    2 => 36,
  ),
  'upsell_ids' => 
  array (
  ),
  'cross_sell_ids' => 
  array (
  ),
  'parent_id' => 0,
  'purchase_note' => NULL,
  'categories' => 
  array (
    0 => 
    array (
      'id' => 17,
      'name' => 'Hoodies',
      'slug' => 'hoodies',
    ),
  ),
  'tags' => 
  array (
  ),
  'images' => 
  array (
    0 => 
    array (
      'id' => 18,
      'date_created' => '2017-07-31T07:45:31',
      'date_created_gmt' => '2017-07-31T07:45:31',
      'date_modified' => '2017-07-31T07:45:31',
      'date_modified_gmt' => '2017-07-31T07:45:31',
      'src' => 'http://velvetcake.local/wp-content/uploads/2017/07/hoodie.jpg',
      'name' => 'Hoodie',
      'alt' => NULL,
      'position' => 0,
    ),
  ),
  'attributes' => 
  array (
  ),
  'default_attributes' => 
  array (
  ),
  'variations' => 
  array (
  ),
  'grouped_products' => 
  array (
  ),
  'menu_order' => 0,
  'meta_data' => 
  array (
  ),
)  

</div>
  • 写回答

2条回答 默认 最新

  • douliedu335997 2017-08-01 16:36
    关注

    Here's my eventual solution

    public function handle($request, Closure $next)
{
    $signature = Request::header('x-wc-webhook-signature');

    $payload = Request::getContent();
    $calculated_hmac = base64_encode(hash_hmac('sha256', $payload, env('WOOCOMMERCE_WEBHOOK_ITEM_UPDATED'), true));

    if($signature != $calculated_hmac) {
        return false;
    }

    return $next($request);
}

    The second parameter of the hash_hmac function needed the request body as a string, which I got from Request::getContent()

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 2024-五一综合模拟赛
  • ¥15 下图接收小电路,谁知道原理
  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度
  • ¥30 关于#r语言#的问题:如何对R语言中mfgarch包中构建的garch-midas模型进行样本内长期波动率预测和样本外长期波动率预测
  • ¥15 ETLCloud 处理json多层级问题
  • ¥15 matlab中使用gurobi时报错
  • ¥15 这个主板怎么能扩出一两个sata口
  • ¥15 不是,这到底错哪儿了😭