Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-11-22 12:15:36 +01:00
Code Issues Projects Releases Wiki Activity

added stripe webhook signature checking

Browse Source
This commit is contained in:
Kyle Spearrin 2017-08-12 22:30:44 -04:00
parent 680d7b2bed
commit c2df445ac2
4 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/Billing/BillingSettings.cs
View File

@ -3,5 +3,6 @@
public class BillingSettings
{
public virtual string StripeWebhookKey { get; set; }
public virtual string StripeWebhookSecret { get; set; }
}
}

14
src/Billing/Controllers/StripeController.cs
View File

@ -5,6 +5,7 @@ using Microsoft.Extensions.Options;
using Stripe;
using System;
using System.Collections.Generic;
using System.IO;
using System.Threading.Tasks;
namespace Bit.Billing.Controllers
@ -30,14 +31,21 @@ namespace Bit.Billing.Controllers
}
[HttpPost("webhook")]
public async Task<IActionResult> PostWebhook([FromBody]dynamic body, [FromQuery] string key)
public async Task<IActionResult> PostWebhook([FromQuery] string key)
{
if(body == null || key != _billingSettings.StripeWebhookKey)
if(key != _billingSettings.StripeWebhookKey)
{
return new BadRequestResult();
}
StripeEvent parsedEvent = StripeEventUtility.ParseEventDataItem<StripeEvent>(body);
StripeEvent parsedEvent;
using(var sr = new StreamReader(HttpContext.Request.Body))
{
var json = await sr.ReadToEndAsync();
parsedEvent = StripeEventUtility.ConstructEvent(json, Request.Headers["Stripe-Signature"],
_billingSettings.StripeWebhookSecret);
}
if(string.IsNullOrWhiteSpace(parsedEvent?.Id))
{
return new BadRequestResult();

1
src/Billing/Startup.cs
View File

@ -10,7 +10,6 @@ using Bit.Core.Utilities;
using Serilog.Events;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection.Extensions;
using Microsoft.AspNetCore.HttpOverrides;
namespace Bit.Billing
{

3
src/Billing/settings.json
View File

@ -36,7 +36,8 @@
}
},
"billingSettings": {
"stripeWebhookKey": "SECRET"
"stripeWebhookKey": "SECRET",
"stripeWebhookSecret": "SECRET"
},
"braintree": {
"production": false,