Skip to content

Commit cf2077e

Browse files
github-actions[bot]shopwareBot
andauthored
[create-pull-request] automated change (#2218)
Co-authored-by: shopwareBot <example@example.com>
1 parent c4bd699 commit cf2077e

1 file changed

Lines changed: 108 additions & 0 deletions

File tree

Lines changed: 108 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,108 @@
1+
---
2+
title: App requirements validation
3+
date: 2025-09-05
4+
area: core
5+
tags: [app-system, validation, requirements]
6+
---
7+
8+
# App requirements validation
9+
10+
::: info
11+
This document represents an architecture decision record (ADR) and has been mirrored from the ADR section in our Shopware 6 repository.
12+
You can find the original version [here](https://github.com/shopware/shopware/blob/trunk/adr/2025-09-05-app-requirements-validation.md)
13+
:::
14+
15+
## Context
16+
17+
The Shopware app system allows third-party applications to extend platform functionality. However, certain apps may require specific environment conditions or infrastructure capabilities to function properly. Without proper validation of these requirements, apps might fail at runtime or behave unpredictably, leading to poor user experience and difficult troubleshooting.
18+
19+
Examples of such requirements include:
20+
- Public accessibility for webhook endpoints
21+
- Secure HTTPS connections for data exchange
22+
- Network connectivity for external service integrations
23+
- Specific server configurations or capabilities
24+
25+
Currently, the app system lacks a standardized way to define and validate these requirements before app installation or updates, which can lead to:
26+
- Silent failures in production environments
27+
- Difficult debugging when apps don't work as expected
28+
- Poor developer experience when requirements are not clearly communicated
29+
- Security vulnerabilities when apps are installed in inappropriate environments
30+
31+
## Decision
32+
33+
We will implement a best-effort app requirements validation system that allows apps to declare their requirements in the manifest and validates these requirements during installation and update processes.
34+
35+
### Key Components
36+
37+
**1. Manifest Requirements Declaration**
38+
Apps can declare requirements using a new `<requirements>` element in their manifest XML by adding empty child elements. Presence means the requirement is enabled:
39+
40+
```xml
41+
<requirements>
42+
<public-access/>
43+
<!-- add further requirements as empty elements -->
44+
<!-- <another-requirement/> -->
45+
46+
</requirements>
47+
```
48+
49+
**2. Requirement Interface**
50+
All requirement validators implement a common `Requirement` interface with methods:
51+
- `validate(Manifest $manifest): ?UnmetRequirement` - Validates the requirement and returns an `UnmetRequirement` on failure, or `null` on success
52+
- `required(Manifest $manifest): bool` - Checks if this requirement applies to the app
53+
- `name(): string` - Returns the requirement identifier
54+
55+
**3. Validator Architecture**
56+
- `AppRequirementsValidator` orchestrates validation across all registered requirement validators
57+
- Individual requirement classes (e.g., `PublicAccess`) handle specific validation logic
58+
- Dependency injection allows easy extension with new requirement types
59+
60+
**4. Integration Points**
61+
Requirements validation is integrated into:
62+
- App installation process (`AppLifecycle::install()`)
63+
- App update process (`AppLifecycle::update()`)
64+
- Clear error reporting through `AppException::requirementsNotMet()`
65+
66+
**5. Initial Implementation**
67+
The first requirement validator `PublicAccess` validates that:
68+
- The `APP_URL` environment variable is configured
69+
- The URL uses HTTPS scheme
70+
- The URL is not a localhost or IP address
71+
- The Shopware health check endpoint is publicly accessible
72+
73+
### Error Handling
74+
75+
When requirements are not met, a descriptive `AppException` is thrown with:
76+
- Specific error code: `FRAMEWORK__APP_REQUIREMENTS_NOT_MET`
77+
- Detailed violation descriptions including app name, requirement name, and actionable resolution
78+
- HTTP 400 Bad Request status to indicate client-side configuration issue
79+
80+
### Extensibility
81+
82+
The system is designed for easy extension:
83+
- New requirement validators can be added by implementing the `Requirement` interface
84+
- Service container tag `app.requirements_validator` auto-registers new validators
85+
- Abstract base class `AbstractRequirement` provides common functionality
86+
87+
## Consequences
88+
89+
**Positive Consequences:**
90+
- **Improved Reliability**: Apps will fail fast before attempting to register with app backends, with clear error messages rather than failing silently at runtime
91+
- **Better Developer Experience**: Clear requirement declarations and actionable error messages help developers understand environment needs
92+
- **Enhanced Security**: Validation prevents apps from being installed in inappropriate environments (e.g., apps requiring public access being installed on localhost)
93+
- **Easier Troubleshooting**: Standardized requirement validation provides consistent error reporting
94+
95+
**Potential Challenges:**
96+
- **Additional Complexity**: Developers must understand and declare their app requirements
97+
- **Validation Overhead**: Network checks (like public accessibility) add latency to installation process
98+
- **False Positives**: Overly strict validation might prevent legitimate installations in edge cases
99+
- **Backward Compatibility**: Existing apps without requirement declarations continue to work unchanged
100+
- **Custom Requirements**: Shopware update is required to add new requirement types.
101+
102+
**Migration Strategy:**
103+
- The feature is opt-in through manifest declarations
104+
- Existing apps continue to function without modification
105+
- New apps can gradually adopt requirement declarations as needed
106+
- The `PublicAccess` validator includes caching to minimize performance impact
107+
108+
This implementation establishes a foundation for reliable app deployment while maintaining backward compatibility and providing clear guidance for both app developers and platform administrators.

0 commit comments

Comments
 (0)