Merge pull request #12 from Shape-and-Shift/feature/add-app-id

crisalder2806 · web-flow · commit 47e3e0809d71 · 2023-02-22T15:05:42.000+07:00
V2.0 Drop primary key from `shop_id` of `sw_shop` and Add `app_id` as primary key
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,8 @@
+### 2.0.0
+- Drop primary key from `shop_id` of `sw_shop`
+- Add `app_id` as primary in `sw_shop`
+- Change behavior of middleware (using `app_name` and `app_id`)
+
 ### 1.3.2
 - Add get middleware for Iframe
 
diff --git a/README.md b/README.md
@@ -47,7 +47,8 @@ Your app is now ready to install by a Shopware application!
 ## Usage
 - Context, ShopRepository auto-binding
 - SwAppMiddleware _(alias: 'sas.app.auth')_: A middleware to verify incoming webhook requests
-- SwAppIframeMiddleware _(alias: 'sas.app.auth.iframe')_: A middleware to verify incoming requests from Iframe Shopware
+- SwAppIframeMiddleware _(alias: 'sas.app.auth.iframe:?app_name')_: A middleware to verify incoming requests from Iframe Shopware (`app_name` is the name of the App)
+- SwAppHeaderMiddleware _(alias: 'sas.app.auth.header')_: A middleware to verify incoming requests from Headers requests
 
 ## Change log
 Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently.
diff --git a/composer.json b/composer.json
@@ -2,7 +2,7 @@
     "name": "sas/shopware-laravel-sdk",
     "description": "Shopware SDK for Laravel 8",
     "type": "library",
-    "version": "1.3.2",
+    "version": "2.0.0",
     "require": {
         "php": "^7.4 || ^8.0",
         "ext-json": "*",
diff --git a/src/Http/Middleware/SwAppHeaderMiddleware.php b/src/Http/Middleware/SwAppHeaderMiddleware.php
@@ -7,6 +7,7 @@
 use Illuminate\Support\Facades\Auth;
 use Sas\ShopwareLaravelSdk\Models\SwShop;
 use Sas\ShopwareLaravelSdk\Repositories\ShopRepository;
+use Sas\ShopwareLaravelSdk\Utils\AppHelper;
 use Symfony\Component\HttpFoundation\HeaderBag;
 use Vin\ShopwareSdk\Data\Webhook\ShopRequest;
 use Vin\ShopwareSdk\Exception\AuthorizationFailedException;
@@ -27,11 +28,10 @@ public function __construct(ShopRepository $shopRepository)
      *
      * @param Request $request
      * @param Closure $next
-     * @param string|null ...$guards
      * @return mixed
      * @throws AuthorizationFailedException
      */
-    public function handle(Request $request, Closure $next, ...$guards)
+    public function handle(Request $request, Closure $next)
     {
         $shop = $this->authenticateHeaderRequest($request);
 
@@ -44,8 +44,12 @@ protected function authenticateHeaderRequest(Request $request): SwShop
     {
         $headers = $request->headers;
         $shopId = $headers->get(ShopRequest::SHOP_ID_REQUEST_PARAMETER);
+        $appId = $headers->get(AppHelper::APP_ID_REQUEST_PARAMETER);
+        if ($headers->has(AppHelper::APP_ID_REQUEST_PARAMETER) && empty($appId)) {
+            throw new AuthorizationFailedException(sprintf('%s in headers is invalid', AppHelper::APP_ID_REQUEST_PARAMETER));
+        }
 
-        $shop = $this->shopRepository->getShopById($shopId);
+        $shop = $this->shopRepository->getShopById($shopId, ['app_id' => $appId]);
 
         $authenticated = $shop && $this->checkHeaderRequests($headers, $shop);
 
@@ -60,12 +64,12 @@ protected function checkHeaderRequests(HeaderBag $headers, SwShop $shop): bool
     {
         $queries = [];
 
-        if ($headers->has('location-id')) {
-            $queries['location-id'] = $headers->get('location-id');
+        if ($headers->has(AppHelper::LOCATION_ID_REQUEST_PARAMETER)) {
+            $queries[AppHelper::LOCATION_ID_REQUEST_PARAMETER] = $headers->get(AppHelper::LOCATION_ID_REQUEST_PARAMETER);
         }
 
-        if ($headers->has('privileges')) {
-            $queries['privileges'] = urlencode((string)$headers->get('privileges'));
+        if ($headers->has(AppHelper::PRIVILEGES_REQUEST_PARAMETER)) {
+            $queries[AppHelper::PRIVILEGES_REQUEST_PARAMETER] = urlencode((string)$headers->get(AppHelper::PRIVILEGES_REQUEST_PARAMETER));
         }
 
         if ($headers->has(ShopRequest::SHOP_ID_REQUEST_PARAMETER)) {
diff --git a/src/Http/Middleware/SwAppIframeMiddleware.php b/src/Http/Middleware/SwAppIframeMiddleware.php
@@ -4,6 +4,7 @@
 
 use Illuminate\Http\Request;
 use Sas\ShopwareLaravelSdk\Models\SwShop;
+use Sas\ShopwareLaravelSdk\Utils\AppHelper;
 use Symfony\Component\HttpFoundation\InputBag;
 use Vin\ShopwareSdk\Data\Webhook\ShopRequest;
 use Vin\ShopwareSdk\Exception\AuthorizationFailedException;
@@ -18,10 +19,24 @@ protected function authenticatePostRequest(Request $request): SwShop
         $sourceRequest = $requestContent['source'];
         $shopId = $sourceRequest[ShopRequest::SHOP_ID_REQUEST_PARAMETER];
 
-        $shop = $this->shopRepository->getShopById($shopId);
+        $shop = $this->shopRepository->getShopById($shopId, ['app_name' => $this->appName]);
 
         $authenticated = $shop && $this->checkPostRequest($sourceRequest, $shop->shop_secret);
+        if (!$authenticated) {
+            throw new AuthorizationFailedException($request->getMethod() . ' is not supported or the data is invalid');
+        }
+
+        return $shop;
+    }
+
+    protected function authenticateGetRequest(Request $request): SwShop
+    {
+        $queries = $request->query;
+        $shopId = (string)$queries->get(ShopRequest::SHOP_ID_REQUEST_PARAMETER);
 
+        $shop = $this->shopRepository->getShopById($shopId, ['app_name' => $this->appName]);
+
+        $authenticated = $shop && $this->checkGetRequests($queries, $shop);
         if (!$authenticated) {
             throw new AuthorizationFailedException($request->getMethod() . ' is not supported or the data is invalid');
         }
@@ -50,32 +65,16 @@ private function checkPostRequest(array $sourceRequests, string $shopSecret): bo
         return hash_equals($hmac, $shopwareShopSignature);
     }
 
-    protected function authenticateGetRequest(Request $request): SwShop
-    {
-        $queries = $request->query;
-        $shopId = (string)$queries->get(ShopRequest::SHOP_ID_REQUEST_PARAMETER);
-
-        $shop = $this->shopRepository->getShopById($shopId);
-
-        $authenticated = $shop && $this->checkGetRequests($queries, $shop);
-
-        if (!$authenticated) {
-            throw new AuthorizationFailedException($request->getMethod() . ' is not supported or the data is invalid');
-        }
-
-        return $shop;
-    }
-
     protected function checkGetRequests(InputBag $inputBag, SwShop $shop): bool
     {
         $queries = [];
 
-        if ($inputBag->has('location-id')) {
-            $queries['location-id'] = $inputBag->get('location-id');
+        if ($inputBag->has(AppHelper::LOCATION_ID_REQUEST_PARAMETER)) {
+            $queries[AppHelper::LOCATION_ID_REQUEST_PARAMETER] = $inputBag->get(AppHelper::LOCATION_ID_REQUEST_PARAMETER);
         }
 
-        if ($inputBag->has('privileges')) {
-            $queries['privileges'] = urlencode((string)$inputBag->get('privileges'));
+        if ($inputBag->has(AppHelper::PRIVILEGES_REQUEST_PARAMETER)) {
+            $queries[AppHelper::PRIVILEGES_REQUEST_PARAMETER] = urlencode((string)$inputBag->get(AppHelper::PRIVILEGES_REQUEST_PARAMETER));
         }
 
         if ($inputBag->has(ShopRequest::SHOP_ID_REQUEST_PARAMETER)) {
diff --git a/src/Http/Middleware/SwAppMiddleware.php b/src/Http/Middleware/SwAppMiddleware.php
@@ -13,6 +13,8 @@
 
 class SwAppMiddleware
 {
+    protected ?string $appName = null;
+
     public const REQUIRED_KEYS = [
         ShopRequest::SHOP_ID_REQUEST_PARAMETER,
         ShopRequest::SHOP_URL_REQUEST_PARAMETER,
@@ -33,12 +35,13 @@ public function __construct(ShopRepository $shopRepository)
      *
      * @param Request $request
      * @param Closure $next
-     * @param string|null ...$guards
+     * @param ?string $appName
      * @return mixed
      * @throws AuthorizationFailedException
      */
-    public function handle(Request $request, Closure $next, ...$guards)
+    public function handle(Request $request, Closure $next, ?string $appName)
     {
+        $this->appName = $appName;
         $shop = null;
 
         if ($request->getMethod() === 'POST' && $this->supportsPostRequest($request)) {
diff --git a/src/Models/SwShop.php b/src/Models/SwShop.php
@@ -8,8 +8,10 @@
 use Vin\ShopwareSdk\Data\AccessToken;
 
 /**
+ * @property string $app_id
  * @property string $shop_id
  * @property string $shop_url
+ * @property string $shop_name
  * @property string $shop_secret
  * @property string $api_key
  * @property string $secret_key
@@ -28,7 +30,7 @@ class SwShop extends Model implements AuthenticatableContract
      */
     protected $table = 'sw_shops';
 
-    protected $primaryKey = 'shop_id';
+    protected $primaryKey = 'app_id';
 
     protected $keyType = 'string';
 
diff --git a/src/Repositories/ShopRepository.php b/src/Repositories/ShopRepository.php
@@ -4,6 +4,7 @@
 
 use Exception;
 use Illuminate\Database\Eloquent\Model;
+use Ramsey\Uuid\Uuid;
 use Sas\ShopwareLaravelSdk\Models\SwShop;
 use Vin\ShopwareSdk\Client\AdminAuthenticator;
 use Vin\ShopwareSdk\Client\GrantType\ClientCredentialsGrantType;
@@ -36,18 +37,24 @@ public function updateAccessKeysForShop(string $shopId, string $apiKey, string $
         ]);
     }
 
-    public function createShop(Shop $shop): void
+    public function createShop(Shop $shop, array $condition = [], array $update = []): void
     {
-        $this->shopModel->updateOrCreate(['shop_id' => $shop->getShopId()], [
-            'shop_url' => $shop->getShopUrl(),
-            'shop_secret' => $shop->getShopSecret(),
-            'access_token' => null,
-            'api_key' => null,
-            'secret_key' => null
-        ]);
+        $this->shopModel->updateOrCreate(
+            array_merge([
+                'shop_id' => $shop->getShopId()
+            ], $condition),
+            array_merge([
+                'app_id' => Uuid::uuid4()->toString(),
+                'shop_url' => $shop->getShopUrl(),
+                'shop_secret' => $shop->getShopSecret(),
+                'access_token' => null,
+                'api_key' => null,
+                'secret_key' => null
+            ], $update)
+        );
     }
 
-    public function getShopById(?string $shopId): ?SwShop
+    public function getShopById(?string $shopId, array $queries = []): ?SwShop
     {
         if (!$shopId) {
             return null;
@@ -57,26 +64,35 @@ public function getShopById(?string $shopId): ?SwShop
             return $this->shops[$shopId];
         }
 
-        $shop = $this->shopModel->find($shopId);
+        $query = $this->shopModel->where('shop_id', $shopId);
+        foreach ($queries as $column => $value) {
+            if (empty($value) || empty($column)) {
+                continue;
+            }
+
+            $query = $query->where($column, $value);
+        }
+
+        $shop = $query->first();
         if (!$shop) {
             return null;
         }
 
         return $this->shops[$shopId] = $shop;
     }
 
-    public function removeShop(string $shopId): void
+    public function removeShop(string $shopId, array $queries = []): void
     {
-        $shop = $this->getShopById($shopId);
+        $shop = $this->getShopById($shopId, $queries);
 
         $shop->delete();
 
         unset($this->shops[$shopId]);
     }
 
-    public function getSecretByShopId(string $shopId): string
+    public function getSecretByShopId(string $shopId, array $queries = []): string
     {
-        $shop = $this->getShopById($shopId);
+        $shop = $this->getShopById($shopId, $queries);
 
         if (!$shop) {
             throw new Exception('Shop not found');
@@ -85,9 +101,9 @@ public function getSecretByShopId(string $shopId): string
         return $shop->shop_secret;
     }
 
-    public function getShopContext(string $shopId): Context
+    public function getShopContext(string $shopId, array $queries = []): Context
     {
-        $shop = $this->getShopById($shopId);
+        $shop = $this->getShopById($shopId, $queries);
         if (!$shop) {
             throw new Exception('Shop not found');
         }
diff --git a/src/ServiceProvider/ContextServiceProvider.php b/src/ServiceProvider/ContextServiceProvider.php
@@ -2,10 +2,11 @@
 
 namespace Sas\ShopwareLaravelSdk\ServiceProvider;
 
+use Sas\ShopwareLaravelSdk\Utils\AppHelper;
 use Vin\ShopwareSdk\Data\Webhook\ShopRequest;
 use Sas\ShopwareLaravelSdk\Models\SwShop;
 use Illuminate\Contracts\Support\DeferrableProvider;
-use Illuminate\Foundation\Application;
+use Illuminate\Contracts\Foundation\Application;
 use Symfony\Component\HttpFoundation\Request;
 use Illuminate\Support\ServiceProvider;
 use Sas\ShopwareLaravelSdk\Repositories\ShopRepository;
@@ -36,20 +37,23 @@ public function register(): void
 
             if ($request->headers->has(ShopRequest::SHOP_ID_REQUEST_PARAMETER)) {
                 $shopId = $request->headers->get(ShopRequest::SHOP_ID_REQUEST_PARAMETER);
+                $appId = (string) $request->headers->get(AppHelper::APP_ID_REQUEST_PARAMETER);
             } else {
                 if ($request->getMethod() === 'POST') {
                     $requestContent = \json_decode($request->getContent(), true);
                     $shopId = $requestContent['source']['shopId'];
                 } else {
                     $shopId = $request->query->get(ShopRequest::SHOP_ID_REQUEST_PARAMETER);
                 }
+
+                $appId = (string)$request->query->get(AppHelper::APP_ID_REQUEST_PARAMETER);
             }
 
             if (!$shopId) {
                 return null;
             }
 
-            return $shopRepository->getShopContext($shopId);
+            return $shopRepository->getShopContext($shopId, ['app_id' => $appId]);
         });
 
         $this->app->singleton(AppAction::class, function (Application $app) {
@@ -83,7 +87,7 @@ public function register(): void
      *
      * @return array
      */
-    public function provides()
+    public function provides(): array
     {
         return [Context::class, AppAction::class, ShopRepository::class, Event::class, IFrameRequest::class];
     }
diff --git a/src/Utils/AppHelper.php b/src/Utils/AppHelper.php
@@ -11,6 +11,10 @@
 
 class AppHelper
 {
+    const PRIVILEGES_REQUEST_PARAMETER = 'privileges';
+    const LOCATION_ID_REQUEST_PARAMETER = 'location-id';
+    const APP_ID_REQUEST_PARAMETER = 'app-id';
+
     private Request $request;
 
     public function __construct(Request $request)
diff --git a/src/database/migrations/2021_07_16_161755_create_sw_shops_table.php b/src/database/migrations/2021_07_16_161755_create_sw_shops_table.php
@@ -15,9 +15,11 @@ class CreateSwShopsTable extends Migration
     public function up(): void
     {
         Schema::create('sw_shops', function (Blueprint $table): void {
-            $table->string('shop_id')->primary();
+            $table->string('app_id')->primary();
+            $table->string('shop_id');
             $table->string('shop_url', 255);
             $table->string('shop_secret', 255);
+            $table->string('app_name', 255)->nullable();
             $table->string('api_key', 255)->nullable();
             $table->string('secret_key', 255)->nullable();
             $table->longText('access_token')->nullable();

Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,10 @@`
`11`	`11`
`12`	`12`	`class AppHelper`
`13`	`13`	`{`
	`14`	`+ const PRIVILEGES_REQUEST_PARAMETER = 'privileges';`
	`15`	`+ const LOCATION_ID_REQUEST_PARAMETER = 'location-id';`
	`16`	`+ const APP_ID_REQUEST_PARAMETER = 'app-id';`
	`17`	`+`
`14`	`18`	`private Request $request;`
`15`	`19`
`16`	`20`	`public function __construct(Request $request)`