XuqmGroup-Server/im-service/src/main/java/com/xuqm/im/service/WebhookDispatchService.java

package com.xuqm.im.service;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.xuqm.im.entity.WebhookConfigEntity;
import com.xuqm.im.model.WebhookCallbackEnvelope;
import com.xuqm.im.repository.WebhookConfigRepository;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

import java.net.URI;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.net.http.HttpClient;
import java.time.Duration;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.HexFormat;
import java.util.List;
import java.util.UUID;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

@Component
public class WebhookDispatchService {

    private final WebhookConfigRepository webhookRepository;
    private final ImAppSecretClient appSecretClient;
    private final ObjectMapper objectMapper;

    @Value("${im.webhook-timeout-ms:3000}")
    private int webhookTimeoutMs;

    public WebhookDispatchService(WebhookConfigRepository webhookRepository,
                                  ImAppSecretClient appSecretClient,
                                  ObjectMapper objectMapper) {
        this.webhookRepository = webhookRepository;
        this.appSecretClient = appSecretClient;
        this.objectMapper = objectMapper;
    }

    public void dispatch(String appId, String callbackType, String callbackEvent, Object payload) {
        List<WebhookConfigEntity> webhooks = webhookRepository.findByAppIdAndEnabledTrue(appId);
        if (webhooks.isEmpty()) {
            return;
        }
        try {
            String appSecret = appSecretClient.getAppSecret(appId);
            long requestTime = System.currentTimeMillis();
            String nonce = UUID.randomUUID().toString().replace("-", "");
            String callbackId = UUID.randomUUID().toString();
            WebhookCallbackEnvelope envelope = new WebhookCallbackEnvelope(
                    callbackId,
                    callbackType,
                    callbackEvent,
                    requestTime,
                    objectMapper.valueToTree(payload),
                    null,
                    appId
            );
            String body = objectMapper.writeValueAsString(envelope);
            String signature = signWebhook(appId, appSecret, requestTime, nonce, body);
            HttpClient client = HttpClient.newBuilder()
                    .connectTimeout(Duration.ofMillis(webhookTimeoutMs))
                    .build();
            for (WebhookConfigEntity webhook : webhooks) {
                try {
                    HttpRequest request = HttpRequest.newBuilder()
                            .uri(URI.create(webhook.getUrl()))
                            .timeout(Duration.ofMillis(webhookTimeoutMs))
                            .header("Content-Type", "application/json")
                            .header("X-App-Id", appId)
                            .header("X-App-Timestamp", String.valueOf(requestTime))
                            .header("X-App-Nonce", nonce)
                            .header("X-App-Signature", signature)
                            .POST(HttpRequest.BodyPublishers.ofString(body))
                            .build();
                    client.send(request, HttpResponse.BodyHandlers.ofString());
                } catch (Exception e) {
                    // 回调失败不影响主流程
                }
            }
        } catch (Exception e) {
            // 准备失败不影响主流程
        }
    }

    private String signWebhook(String appId, String appSecret, long requestTime, String nonce, String body) {
        String payload = appId + "\n" + requestTime + "\n" + nonce + "\n" + sha256Hex(body);
        return hmacSha256Hex(appSecret, payload);
    }

    private String sha256Hex(String value) {
        try {
            MessageDigest digest = MessageDigest.getInstance("SHA-256");
            return HexFormat.of().formatHex(digest.digest(value.getBytes(StandardCharsets.UTF_8)));
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("Failed to hash webhook body", e);
        }
    }

    private String hmacSha256Hex(String secret, String payload) {
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(secret.getBytes(StandardCharsets.UTF_8), "HmacSHA256"));
            return HexFormat.of().formatHex(mac.doFinal(payload.getBytes(StandardCharsets.UTF_8)));
        } catch (Exception e) {
            throw new IllegalStateException("Failed to sign webhook body", e);
        }
    }
}
docs(server): 添加服务器信息记录和联调接口文档 - 创建信息记录文档，包含项目管理要求、产物范围、Git仓库、制品仓库信息 - 添加服务器部署信息，包括应用服务器、MySQL/Redis服务器、Jenkins服务配置 - 记录邮件服务、DNS/HTTPS证书配置及安全备注 - 创建API联调文档，包含线上入口、ID约定、初始化管理员账号信息 - 添加统一响应格式、常见错误码、鉴权规则说明 - 提供核心接口清单，涵盖tenant-service、im-service、push-service等服务 - 补充curl示例，包含运营平台登录、IM登录、会话管理等操作示例 - 实现会话控制器，支持置顶、免打扰、标记已读、草稿等功能 - 添加全局异常处理器，统一处理业务异常和参数校验错误 - 创建IM管理控制器，提供用户管理、好友请求、黑名单等管理功能 2026-04-29 12:33:25 +08:00			`package com.xuqm.im.service;`

			`import com.fasterxml.jackson.databind.JsonNode;`
			`import com.fasterxml.jackson.databind.ObjectMapper;`
			`import com.xuqm.im.entity.WebhookConfigEntity;`
			`import com.xuqm.im.model.WebhookCallbackEnvelope;`
			`import com.xuqm.im.repository.WebhookConfigRepository;`
			`import org.springframework.beans.factory.annotation.Value;`
			`import org.springframework.stereotype.Component;`

			`import java.net.URI;`
			`import java.net.http.HttpRequest;`
			`import java.net.http.HttpResponse;`
			`import java.net.http.HttpClient;`
			`import java.time.Duration;`
			`import java.nio.charset.StandardCharsets;`
			`import java.security.MessageDigest;`
			`import java.security.NoSuchAlgorithmException;`
			`import java.util.HexFormat;`
			`import java.util.List;`
			`import java.util.UUID;`
			`import javax.crypto.Mac;`
			`import javax.crypto.spec.SecretKeySpec;`

			`@Component`
			`public class WebhookDispatchService {`

			`private final WebhookConfigRepository webhookRepository;`
			`private final ImAppSecretClient appSecretClient;`
			`private final ObjectMapper objectMapper;`

			`@Value("${im.webhook-timeout-ms:3000}")`
			`private int webhookTimeoutMs;`

			`public WebhookDispatchService(WebhookConfigRepository webhookRepository,`
			`ImAppSecretClient appSecretClient,`
			`ObjectMapper objectMapper) {`
			`this.webhookRepository = webhookRepository;`
			`this.appSecretClient = appSecretClient;`
			`this.objectMapper = objectMapper;`
			`}`

			`public void dispatch(String appId, String callbackType, String callbackEvent, Object payload) {`
			`List<WebhookConfigEntity> webhooks = webhookRepository.findByAppIdAndEnabledTrue(appId);`
			`if (webhooks.isEmpty()) {`
			`return;`
			`}`
			`try {`
			`String appSecret = appSecretClient.getAppSecret(appId);`
			`long requestTime = System.currentTimeMillis();`
			`String nonce = UUID.randomUUID().toString().replace("-", "");`
			`String callbackId = UUID.randomUUID().toString();`
			`WebhookCallbackEnvelope envelope = new WebhookCallbackEnvelope(`
			`callbackId,`
			`callbackType,`
			`callbackEvent,`
			`requestTime,`
			`objectMapper.valueToTree(payload),`
			`null,`
			`appId`
			`);`
			`String body = objectMapper.writeValueAsString(envelope);`
			`String signature = signWebhook(appId, appSecret, requestTime, nonce, body);`
			`HttpClient client = HttpClient.newBuilder()`
			`.connectTimeout(Duration.ofMillis(webhookTimeoutMs))`
			`.build();`
			`for (WebhookConfigEntity webhook : webhooks) {`
			`try {`
			`HttpRequest request = HttpRequest.newBuilder()`
			`.uri(URI.create(webhook.getUrl()))`
			`.timeout(Duration.ofMillis(webhookTimeoutMs))`
			`.header("Content-Type", "application/json")`
			`.header("X-App-Id", appId)`
			`.header("X-App-Timestamp", String.valueOf(requestTime))`
			`.header("X-App-Nonce", nonce)`
			`.header("X-App-Signature", signature)`
			`.POST(HttpRequest.BodyPublishers.ofString(body))`
			`.build();`
			`client.send(request, HttpResponse.BodyHandlers.ofString());`
			`} catch (Exception e) {`
			`// 回调失败不影响主流程`
			`}`
			`}`
			`} catch (Exception e) {`
			`// 准备失败不影响主流程`
			`}`
			`}`

			`private String signWebhook(String appId, String appSecret, long requestTime, String nonce, String body) {`
			`String payload = appId + "\n" + requestTime + "\n" + nonce + "\n" + sha256Hex(body);`
			`return hmacSha256Hex(appSecret, payload);`
			`}`

			`private String sha256Hex(String value) {`
			`try {`
			`MessageDigest digest = MessageDigest.getInstance("SHA-256");`
			`return HexFormat.of().formatHex(digest.digest(value.getBytes(StandardCharsets.UTF_8)));`
			`} catch (NoSuchAlgorithmException e) {`
			`throw new IllegalStateException("Failed to hash webhook body", e);`
			`}`
			`}`

			`private String hmacSha256Hex(String secret, String payload) {`
			`try {`
			`Mac mac = Mac.getInstance("HmacSHA256");`
			`mac.init(new SecretKeySpec(secret.getBytes(StandardCharsets.UTF_8), "HmacSHA256"));`
			`return HexFormat.of().formatHex(mac.doFinal(payload.getBytes(StandardCharsets.UTF_8)));`
			`} catch (Exception e) {`
			`throw new IllegalStateException("Failed to sign webhook body", e);`
			`}`
			`}`
			`}`