Callbacks #26
Open
Callbacks #26
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds callback handling to CIviProxy.
Callbacks should be configured in the third party with a URL in the proxy in the following format:
{$proxy_base}/callback.php?source=CALLBACK_KEY&secret=CALLBACK_SECRETWhere:
secretkey in the defined callbackOther validations you can define include
Some notes on the implementation:
The callback feature is turned on by setting
$callbacks_enabledtotrue. This is a slightly different mechanism to other CiviProxy features that are turned on and off by the presence of a target url. I didn't think that made sense in this case as callbacks define multiple target urls. I appreciate that this isn't great for usability. It might be better to refactor how features are turned on and off but I didn't want to go there.There is a
civiproxy_callback_validate_body()function that could be used to validate the payload. I haven't implemented this but can see that you might want to if you are very security conscious. Not sure what the best way to validate that would be. Some form of json schema validation might work for most json based callbacks, though that would involved the inclusion of another library, and might get complicated if the service is posting lots of different flavours of callback. Though this could be handled in a similar way to$rest_allowed_actionswhere we define a series of definitions per callback. Another approach would be to allow users to define (or select a predefined) extra validation functions for callbacks.At the moment, the only supported request methods are GET and POST. I think this covers 99% of callbacks thought I guess some might want to use DELETE or PUT or something else. We can extend it if so.
At the moment, I am using my own redirect functions specifically for callbacks - one for POST and one for GET. I wrote these because the
civiproxy_redirect()did not handle the body of post requests (even when the method used was POST). @systopia - you may want to refactorciviproxy_redirectso it can handle the body of post requests. Up to you how you want to handle it.The CALLBACK_SECRET is another layer of security that I have implemented to allow the proxy to fail early. This might interfere with callbacks that pass data via query params but in my experience these are few and far between (the CiviCRM rest API being a notable exception to the rule, and not good practice IMO, but nothing we have to worry about here since it is handled separately by the rest target).
Note that I did not add any IP restrictions. In my experience, these services are operating at 'cloud scale' and do not guarantee an originating IP. Instead they use methods like addings secrets/tokens to the http headers, etc.