groot/automatisch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: Use verify webhook logic without paddle sdk

Browse Source
This commit is contained in:
Faruk AYDIN
2023-03-25 17:40:02 +03:00
parent 4ba67ea863
commit 269902db94
1 changed files with 30 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
packages/backend/src/controllers/paddle/webhooks.ee.ts
View File

@@ -1,11 +1,12 @@
import { Response } from 'express'; import { Response } from 'express';
import { IRequest } from '@automatisch/types'; import { IJSONObject, IRequest } from '@automatisch/types';
import crypto from 'crypto';
import { serialize } from 'php-serialize';
import Billing from '../../helpers/billing/index.ee'; import Billing from '../../helpers/billing/index.ee';
import appConfig from '../../config/app';
export default async (request: IRequest, response: Response) => { export default async (request: IRequest, response: Response) => {
const isVerified = Billing.paddleClient.verifyWebhookData(request.body); if (!verifyWebhook(request)) {
if (!isVerified) {
return response.sendStatus(401); return response.sendStatus(401);
} }
@@ -17,3 +18,28 @@ export default async (request: IRequest, response: Response) => {
return response.sendStatus(200); return response.sendStatus(200);
}; };
const verifyWebhook = (request: IRequest) => {
const signature = request.body.p_signature;
const keys = Object.keys(request.body)
.filter((key) => key !== 'p_signature')
.sort();
const sorted: IJSONObject = {};
keys.forEach((key) => {
sorted[key] = request.body[key];
});
const serialized = serialize(sorted);
try {
const verifier = crypto.createVerify('sha1');
verifier.write(serialized);
verifier.end();
return verifier.verify(appConfig.paddlePublicKey, signature, 'base64');
} catch (err) {
return false;
}
};