duan117890 2017-08-01 10:54
浏览 46
已采纳

验证Laravel中的Woocommerce Web挂钩

I'm trying to verify data coming in, via a request from a Woocommerce web hook that is responsible for updating product items in my Laravel database.

I've created a Middleware called VerifyWoocommerce, which fires correct, as I can see in my logs.

I'm a little uncertain as to how I can verify that the incoming request actually came from Woocommerce.

Here's my VerifyWoocommerce.php

<?php

namespace App\Http\Middleware;

use Closure;
use Request;
use Log;

class VerifyWoocommerce
{

    public function handle($request, Closure $next)
    {
        $signature = Request::header('x-wc-webhook-signature');
        $calculated_hmac = base64_encode(hash_hmac('sha256', $signature, env('WOOCOMMERCE_WEBHOOK_ITEM_UPDATED'), true));

        Log::debug($signature);
        Log::debug($calculated_hmac);


        return $next($request);
    }
}

Both variables return different values. Am I comparing the correct values?

UPDATE

Here's an output of the body that Woocommerce is sending

[2017-08-01 15:12:34] local.DEBUG: array (
  'id' => 38,
  'name' => 'Long Sleeve Tee',
  'slug' => 'long-sleeve-tee',
  'permalink' => 'http://velvetcake.local/product/long-sleeve-tee/',
  'date_created' => '2017-07-31T07:45:31',
  'date_created_gmt' => '2017-07-31T07:45:31',
  'date_modified' => '2017-08-01T15:12:33',
  'date_modified_gmt' => '2017-08-01T15:12:33',
  'type' => 'simple',
  'status' => 'publish',
  'featured' => false,
  'catalog_visibility' => 'visible',
  'description' => '<p>Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Vestibulum tortor quam, feugiat vitae, ultricies eget, tempor sit amet, ante. Donec eu libero sit amet quam egestas semper. Aenean ultricies mi vitae est. Mauris placerat eleifend leo.</p>',
  'short_description' => NULL,
  'sku' => NULL,
  'price' => '25',
  'regular_price' => '25',
  'sale_price' => NULL,
  'date_on_sale_from' => NULL,
  'date_on_sale_from_gmt' => NULL,
  'date_on_sale_to' => NULL,
  'date_on_sale_to_gmt' => NULL,
  'price_html' => '<span class="woocommerce-Price-amount amount"><span class="woocommerce-Price-currencySymbol">&#82;</span>21.93</span>',
  'on_sale' => false,
  'purchasable' => true,
  'total_sales' => 0,
  'virtual' => false,
  'downloadable' => false,
  'downloads' => 
  array (
  ),
  'download_limit' => -1,
  'download_expiry' => -1,
  'external_url' => NULL,
  'button_text' => NULL,
  'tax_status' => 'taxable',
  'tax_class' => NULL,
  'manage_stock' => false,
  'stock_quantity' => NULL,
  'in_stock' => true,
  'backorders' => 'no',
  'backorders_allowed' => false,
  'backordered' => false,
  'sold_individually' => false,
  'weight' => NULL,
  'dimensions' => 
  array (
    'length' => NULL,
    'width' => NULL,
    'height' => NULL,
  ),
  'shipping_required' => true,
  'shipping_taxable' => true,
  'shipping_class' => NULL,
  'shipping_class_id' => 0,
  'reviews_allowed' => true,
  'average_rating' => '0.00',
  'rating_count' => 0,
  'related_ids' => 
  array (
    0 => 40,
    1 => 39,
    2 => 41,
  ),
  'upsell_ids' => 
  array (
  ),
  'cross_sell_ids' => 
  array (
  ),
  'parent_id' => 0,
  'purchase_note' => NULL,
  'categories' => 
  array (
    0 => 
    array (
      'id' => 18,
      'name' => 'Tshirts',
      'slug' => 'tshirts',
    ),
  ),
  'tags' => 
  array (
  ),
  'images' => 
  array (
    0 => 
    array (
      'id' => 19,
      'date_created' => '2017-07-31T07:45:31',
      'date_created_gmt' => '2017-07-31T07:45:31',
      'date_modified' => '2017-07-31T07:45:31',
      'date_modified_gmt' => '2017-07-31T07:45:31',
      'src' => 'http://velvetcake.local/wp-content/uploads/2017/07/long-sleeve-tee.jpg',
      'name' => 'Long Sleeve Tee',
      'alt' => NULL,
      'position' => 0,
    ),
  ),
  'attributes' => 
  array (
  ),
  'default_attributes' => 
  array (
  ),
  'variations' => 
  array (
  ),
  'grouped_products' => 
  array (
  ),
  'menu_order' => 0,
  'meta_data' => 
  array (
  ),
)  
[2017-08-01 15:15:05] local.DEBUG: array (
  'id' => 37,
  'name' => 'Hoodie',
  'slug' => 'hoodie',
  'permalink' => 'http://velvetcake.local/product/hoodie/',
  'date_created' => '2017-07-31T07:45:31',
  'date_created_gmt' => '2017-07-31T07:45:31',
  'date_modified' => '2017-08-01T15:15:04',
  'date_modified_gmt' => '2017-08-01T15:15:04',
  'type' => 'simple',
  'status' => 'publish',
  'featured' => true,
  'catalog_visibility' => 'visible',
  'description' => '<p>Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Vestibulum tortor quam, feugiat vitae, ultricies eget, tempor sit amet, ante. Donec eu libero sit amet quam egestas semper. Aenean ultricies mi vitae est. Mauris placerat eleifend leo.</p>',
  'short_description' => NULL,
  'sku' => NULL,
  'price' => '42',
  'regular_price' => '45',
  'sale_price' => '42',
  'date_on_sale_from' => NULL,
  'date_on_sale_from_gmt' => NULL,
  'date_on_sale_to' => NULL,
  'date_on_sale_to_gmt' => NULL,
  'price_html' => '<del><span class="woocommerce-Price-amount amount"><span class="woocommerce-Price-currencySymbol">&#82;</span>39.47</span></del> <ins><span class="woocommerce-Price-amount amount"><span class="woocommerce-Price-currencySymbol">&#82;</span>36.84</span></ins>',
  'on_sale' => true,
  'purchasable' => true,
  'total_sales' => 1,
  'virtual' => false,
  'downloadable' => false,
  'downloads' => 
  array (
  ),
  'download_limit' => -1,
  'download_expiry' => -1,
  'external_url' => NULL,
  'button_text' => NULL,
  'tax_status' => 'taxable',
  'tax_class' => NULL,
  'manage_stock' => false,
  'stock_quantity' => NULL,
  'in_stock' => true,
  'backorders' => 'no',
  'backorders_allowed' => false,
  'backordered' => false,
  'sold_individually' => false,
  'weight' => NULL,
  'dimensions' => 
  array (
    'length' => NULL,
    'width' => NULL,
    'height' => NULL,
  ),
  'shipping_required' => true,
  'shipping_taxable' => true,
  'shipping_class' => NULL,
  'shipping_class_id' => 0,
  'reviews_allowed' => true,
  'average_rating' => '0.00',
  'rating_count' => 0,
  'related_ids' => 
  array (
    0 => 35,
    1 => 34,
    2 => 36,
  ),
  'upsell_ids' => 
  array (
  ),
  'cross_sell_ids' => 
  array (
  ),
  'parent_id' => 0,
  'purchase_note' => NULL,
  'categories' => 
  array (
    0 => 
    array (
      'id' => 17,
      'name' => 'Hoodies',
      'slug' => 'hoodies',
    ),
  ),
  'tags' => 
  array (
  ),
  'images' => 
  array (
    0 => 
    array (
      'id' => 18,
      'date_created' => '2017-07-31T07:45:31',
      'date_created_gmt' => '2017-07-31T07:45:31',
      'date_modified' => '2017-07-31T07:45:31',
      'date_modified_gmt' => '2017-07-31T07:45:31',
      'src' => 'http://velvetcake.local/wp-content/uploads/2017/07/hoodie.jpg',
      'name' => 'Hoodie',
      'alt' => NULL,
      'position' => 0,
    ),
  ),
  'attributes' => 
  array (
  ),
  'default_attributes' => 
  array (
  ),
  'variations' => 
  array (
  ),
  'grouped_products' => 
  array (
  ),
  'menu_order' => 0,
  'meta_data' => 
  array (
  ),
)  

</div>
  • 写回答

2条回答 默认 最新

  • douliedu335997 2017-08-01 16:36
    关注

    Here's my eventual solution

    public function handle($request, Closure $next)
{
    $signature = Request::header('x-wc-webhook-signature');

    $payload = Request::getContent();
    $calculated_hmac = base64_encode(hash_hmac('sha256', $payload, env('WOOCOMMERCE_WEBHOOK_ITEM_UPDATED'), true));

    if($signature != $calculated_hmac) {
        return false;
    }

    return $next($request);
}

    The second parameter of the hash_hmac function needed the request body as a string, which I got from Request::getContent()

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥20 关于#硬件工程#的问题,请各位专家解答!
  • ¥15 关于#matlab#的问题:期望的系统闭环传递函数为G(s)=wn^2/s^2+2¢wn+wn^2阻尼系数¢=0.707,使系统具有较小的超调量
  • ¥15 FLUENT如何实现在堆积颗粒的上表面加载高斯热源
  • ¥30 截图中的mathematics程序转换成matlab
  • ¥15 动力学代码报错,维度不匹配
  • ¥15 Power query添加列问题
  • ¥50 Kubernetes&Fission&Eleasticsearch
  • ¥15 報錯:Person is not mapped,如何解決?
  • ¥15 c++头文件不能识别CDialog
  • ¥15 Excel发现不可读取的内容