feat(webhook): 添加对shoppy平台webhook的支持

- 在site.entity.ts中添加webhookUrl字段 - 在auth.middleware.ts中添加/shoppy路由到白名单 - 在webhook.controller.ts中实现shoppy平台webhook处理逻辑
2026-01-06 18:43:30 +08:00 · 2026-01-06 18:43:30 +08:00 · 19e083dc67
parent 817f368522
commit 19e083dc67
3 changed files with 93 additions and 1 deletions
--- a/src/controller/webhook.controller.ts
+++ b/src/controller/webhook.controller.ts
@ -13,9 +13,13 @@ import * as crypto from 'crypto';
 import { SiteService } from '../service/site.service';
 import { OrderService } from '../service/order.service';

+import {
+  UnifiedOrderDTO,
+} from '../dto/site-api.dto';
+
@Controller('/webhook')
 export class WebhookController {
-  private secret = 'YOONE24kd$kjcdjflddd';
+  private secret = '$kjYOONE24kdcdjflddd';

  // 平台服务保留按需注入

@ -116,4 +120,88 @@ export class WebhookController {
      console.log(error);
    }
  }
+
+
+
+  @Post('/shoppy')
+  async handleShoppyWebhook(
+    @Body() body: any,
+    @Query('siteId') siteIdStr: string,
+    @Query('signature') signature: string,
+    @Headers() header: any
+  ) {
+    const topic = header['x-oemsaas-event-type'];
+   // const source = header['x-oemsaas-shop-domain'];
+    const siteId = Number(siteIdStr);
+    const bodys = new UnifiedOrderDTO();
+    Object.assign(bodys, body);
+    // 从数据库获取站点配置
+    const site = await this.siteService.get(siteId, true);
+
+  //  if (!site || !source?.includes(site.websiteUrl)) {
+       if (!site) {
+      console.log('domain not match');
+      return {
+        code: HttpStatus.BAD_REQUEST,
+        success: false,
+        message: 'domain not match',
+      };
+    }
+
+    if (!signature) {
+      return {
+        code: HttpStatus.BAD_REQUEST,
+        success: false,
+        message: 'Signature missing',
+      };
+    }
+
+    //shopyy  无法提供加密字段校验，注释校验逻辑
+    //  const rawBody = this.ctx.request.rawBody;
+    // const hash = crypto
+    //   .createHmac('sha256', this.secret)
+    //   .update(rawBody)
+    //   .digest('base64');
+    try {
+      if (this.secret === signature) {
+        switch (topic) {
+          case 'product.created':
+          case 'product.updated':
+            // 不再写入本地，平台事件仅确认接收
+            break;
+          case 'product.deleted':
+            // 不再写入本地，平台事件仅确认接收
+            break;
+          case 'orders/create':
+          case 'orders/update':
+            await this.orderService.syncSingleOrder(siteId, bodys);
+            break;
+          case 'orders/delete':
+            break;
+          case 'customer.created':
+            break;
+          case 'customer.updated':
+            break;
+          case 'customer.deleted':
+            break;
+          default:
+            console.log('Unhandled event:', topic);
+        }
+
+        return {
+          code: 200,
+          success: true,
+          message: 'Webhook processed successfully',
+        };
+      } else {
+        return {
+          code: 403,
+          success: false,
+          message: 'Webhook verification failed',
+        };
+      }
+    } catch (error) {
+      console.log(error);
+    }
+  }
 }
--- a/src/entity/site.entity.ts
+++ b/src/entity/site.entity.ts
@ -13,6 +13,9 @@ export class Site {
  @Column({ name: 'website_url', length: 255, nullable: true })
  websiteUrl: string;

+  @Column({ name: 'webhook_url', length: 255, nullable: true })
+  webhookUrl: string;
+
  @Column({ length: 255, nullable: true })
  consumerKey?: string;

--- a/src/middleware/auth.middleware.ts
+++ b/src/middleware/auth.middleware.ts
@ -21,6 +21,7 @@ export class AuthMiddleware implements IMiddleware<Context, NextFunction> {
  whiteList = [
    '/user/login',
    '/webhook/woocommerce',
+    '/webhook/shoppy',
    '/logistics/getTrackingNumber',
    '/logistics/getListByTrackingId',
    '/product/categories/all',