mirror of
https://github.com/bitwarden/server.git
synced 2024-11-26 12:55:17 +01:00
added stripe webhook signature checking
This commit is contained in:
parent
680d7b2bed
commit
c2df445ac2
@ -3,5 +3,6 @@
|
||||
public class BillingSettings
|
||||
{
|
||||
public virtual string StripeWebhookKey { get; set; }
|
||||
public virtual string StripeWebhookSecret { get; set; }
|
||||
}
|
||||
}
|
||||
|
@ -5,6 +5,7 @@ using Microsoft.Extensions.Options;
|
||||
using Stripe;
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.IO;
|
||||
using System.Threading.Tasks;
|
||||
|
||||
namespace Bit.Billing.Controllers
|
||||
@ -30,14 +31,21 @@ namespace Bit.Billing.Controllers
|
||||
}
|
||||
|
||||
[HttpPost("webhook")]
|
||||
public async Task<IActionResult> PostWebhook([FromBody]dynamic body, [FromQuery] string key)
|
||||
public async Task<IActionResult> PostWebhook([FromQuery] string key)
|
||||
{
|
||||
if(body == null || key != _billingSettings.StripeWebhookKey)
|
||||
if(key != _billingSettings.StripeWebhookKey)
|
||||
{
|
||||
return new BadRequestResult();
|
||||
}
|
||||
|
||||
StripeEvent parsedEvent = StripeEventUtility.ParseEventDataItem<StripeEvent>(body);
|
||||
StripeEvent parsedEvent;
|
||||
using(var sr = new StreamReader(HttpContext.Request.Body))
|
||||
{
|
||||
var json = await sr.ReadToEndAsync();
|
||||
parsedEvent = StripeEventUtility.ConstructEvent(json, Request.Headers["Stripe-Signature"],
|
||||
_billingSettings.StripeWebhookSecret);
|
||||
}
|
||||
|
||||
if(string.IsNullOrWhiteSpace(parsedEvent?.Id))
|
||||
{
|
||||
return new BadRequestResult();
|
||||
|
@ -10,7 +10,6 @@ using Bit.Core.Utilities;
|
||||
using Serilog.Events;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
using Microsoft.Extensions.DependencyInjection.Extensions;
|
||||
using Microsoft.AspNetCore.HttpOverrides;
|
||||
|
||||
namespace Bit.Billing
|
||||
{
|
||||
|
@ -36,7 +36,8 @@
|
||||
}
|
||||
},
|
||||
"billingSettings": {
|
||||
"stripeWebhookKey": "SECRET"
|
||||
"stripeWebhookKey": "SECRET",
|
||||
"stripeWebhookSecret": "SECRET"
|
||||
},
|
||||
"braintree": {
|
||||
"production": false,
|
||||
|
Loading…
Reference in New Issue
Block a user