Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-02-18 02:11:22 +01:00
Code Issues Projects Releases Wiki Activity

added stripe webhook signature checking

Browse Source
This commit is contained in:
Kyle Spearrin 2017-08-12 22:30:44 -04:00
parent 680d7b2bed
commit c2df445ac2
4 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/Billing/BillingSettings.cs
View File

@ -3,5 +3,6 @@
public class BillingSettings public class BillingSettings
{ {
public virtual string StripeWebhookKey { get; set; } public virtual string StripeWebhookKey { get; set; }
public virtual string StripeWebhookSecret { get; set; }
} }
} }

14
src/Billing/Controllers/StripeController.cs
View File

@ -5,6 +5,7 @@ using Microsoft.Extensions.Options;
using Stripe; using Stripe;
using System; using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.IO;
using System.Threading.Tasks; using System.Threading.Tasks;
namespace Bit.Billing.Controllers namespace Bit.Billing.Controllers
@ -30,14 +31,21 @@ namespace Bit.Billing.Controllers
} }
[HttpPost("webhook")] [HttpPost("webhook")]
public async Task<IActionResult> PostWebhook([FromBody]dynamic body, [FromQuery] string key) public async Task<IActionResult> PostWebhook([FromQuery] string key)
{ {
if(body == null || key != _billingSettings.StripeWebhookKey) if(key != _billingSettings.StripeWebhookKey)
{ {
return new BadRequestResult(); return new BadRequestResult();
} }
StripeEvent parsedEvent = StripeEventUtility.ParseEventDataItem<StripeEvent>(body); StripeEvent parsedEvent;
using(var sr = new StreamReader(HttpContext.Request.Body))
{
var json = await sr.ReadToEndAsync();
parsedEvent = StripeEventUtility.ConstructEvent(json, Request.Headers["Stripe-Signature"],
_billingSettings.StripeWebhookSecret);
}
if(string.IsNullOrWhiteSpace(parsedEvent?.Id)) if(string.IsNullOrWhiteSpace(parsedEvent?.Id))
{ {
return new BadRequestResult(); return new BadRequestResult();

1
src/Billing/Startup.cs
View File

@ -10,7 +10,6 @@ using Bit.Core.Utilities;
using Serilog.Events; using Serilog.Events;
using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection.Extensions; using Microsoft.Extensions.DependencyInjection.Extensions;
using Microsoft.AspNetCore.HttpOverrides;
namespace Bit.Billing namespace Bit.Billing
{ {

3
src/Billing/settings.json
View File

@ -36,7 +36,8 @@
} }
}, },
"billingSettings": { "billingSettings": {
"stripeWebhookKey": "SECRET" "stripeWebhookKey": "SECRET",
"stripeWebhookSecret": "SECRET"
}, },
"braintree": { "braintree": {
"production": false, "production": false,