1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-26 12:55:17 +01:00

added stripe webhook signature checking

This commit is contained in:
Kyle Spearrin 2017-08-12 22:30:44 -04:00
parent 680d7b2bed
commit c2df445ac2
4 changed files with 14 additions and 5 deletions

View File

@ -3,5 +3,6 @@
public class BillingSettings
{
public virtual string StripeWebhookKey { get; set; }
public virtual string StripeWebhookSecret { get; set; }
}
}

View File

@ -5,6 +5,7 @@ using Microsoft.Extensions.Options;
using Stripe;
using System;
using System.Collections.Generic;
using System.IO;
using System.Threading.Tasks;
namespace Bit.Billing.Controllers
@ -30,14 +31,21 @@ namespace Bit.Billing.Controllers
}
[HttpPost("webhook")]
public async Task<IActionResult> PostWebhook([FromBody]dynamic body, [FromQuery] string key)
public async Task<IActionResult> PostWebhook([FromQuery] string key)
{
if(body == null || key != _billingSettings.StripeWebhookKey)
if(key != _billingSettings.StripeWebhookKey)
{
return new BadRequestResult();
}
StripeEvent parsedEvent = StripeEventUtility.ParseEventDataItem<StripeEvent>(body);
StripeEvent parsedEvent;
using(var sr = new StreamReader(HttpContext.Request.Body))
{
var json = await sr.ReadToEndAsync();
parsedEvent = StripeEventUtility.ConstructEvent(json, Request.Headers["Stripe-Signature"],
_billingSettings.StripeWebhookSecret);
}
if(string.IsNullOrWhiteSpace(parsedEvent?.Id))
{
return new BadRequestResult();

View File

@ -10,7 +10,6 @@ using Bit.Core.Utilities;
using Serilog.Events;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection.Extensions;
using Microsoft.AspNetCore.HttpOverrides;
namespace Bit.Billing
{

View File

@ -36,7 +36,8 @@
}
},
"billingSettings": {
"stripeWebhookKey": "SECRET"
"stripeWebhookKey": "SECRET",
"stripeWebhookSecret": "SECRET"
},
"braintree": {
"production": false,