paypal client and stub out webhook

src/Billing/BillingSettings.cs

@@ -6,5 +6,14 @@
         public virtual string StripeWebhookKey { get; set; }
         public virtual string StripeWebhookSecret { get; set; }
         public virtual string BraintreeWebhookKey { get; set; }
+        public virtual PaypalSettings Paypal { get; set; } = new PaypalSettings();
+
+        public class PaypalSettings
+        {
+            public virtual bool Production { get; set; }
+            public virtual string ClientId { get; set; }
+            public virtual string ClientSecret { get; set; }
+            public virtual string WebhookId { get; set; }
+        }
     }
 }

src/Billing/Controllers/PaypalController.cs

@@ -0,0 +1,56 @@
+using Bit.Billing.Utilities;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Options;
+using Newtonsoft.Json;
+using System.IO;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Bit.Billing.Controllers
+{
+    [Route("paypal")]
+    public class PaypalController : Controller
+    {
+        private readonly BillingSettings _billingSettings;
+        private readonly PaypalClient _paypalClient;
+
+        public PaypalController(
+            IOptions<BillingSettings> billingSettings,
+            PaypalClient paypalClient)
+        {
+            _billingSettings = billingSettings?.Value;
+            _paypalClient = paypalClient;
+        }
+
+        [HttpPost("webhook")]
+        public async Task<IActionResult> PostWebhook([FromQuery] string key)
+        {
+            if(HttpContext?.Request == null)
+            {
+                return new BadRequestResult();
+            }
+
+            string body = null;
+            using(var reader = new StreamReader(HttpContext.Request.Body, Encoding.UTF8))
+            {
+                body = await reader.ReadToEndAsync();
+            }
+
+            if(body == null)
+            {
+                return new BadRequestResult();
+            }
+
+            var verified = await _paypalClient.VerifyWebhookAsync(body, HttpContext.Request.Headers,
+                _billingSettings.Paypal.WebhookId);
+            if(!verified)
+            {
+                return new BadRequestResult();
+            }
+
+            var webhook = JsonConvert.DeserializeObject(body);
+            // TODO: process webhook
+            return new OkResult();
+        }
+    }
+}

src/Billing/Startup.cs

@@ -39,6 +39,9 @@ namespace Bit.Billing
             // Repositories
             services.AddSqlServerRepositories(globalSettings);
 
+            // Paypal Client
+            services.AddSingleton<Utilities.PaypalClient>();
+
             // Context
             services.AddScoped<CurrentContext>();
 

src/Billing/Utilities/PaypalClient.cs

@@ -0,0 +1,160 @@
+using System;
+using System.Collections.Generic;
+using System.Net.Http;
+using System.Net.Http.Headers;
+using System.Text;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http;
+using Newtonsoft.Json;
+
+namespace Bit.Billing.Utilities
+{
+    public class PaypalClient
+    {
+        private readonly HttpClient _httpClient = new HttpClient();
+        private readonly string _baseApiUrl;
+        private readonly string _clientId;
+        private readonly string _clientSecret;
+
+        private AuthResponse _authResponse;
+
+        public PaypalClient(BillingSettings billingSettings)
+        {
+            _baseApiUrl = _baseApiUrl = !billingSettings.Paypal.Production ? "https://api.sandbox.paypal.com/{0}" :
+                "https://api.paypal.com/{0}";
+            _clientId = billingSettings.Paypal.ClientId;
+            _clientSecret = billingSettings.Paypal.ClientSecret;
+        }
+
+        public async Task<bool> VerifyWebhookAsync(string webhookJson, IHeaderDictionary headers, string webhookId)
+        {
+            if(webhookJson == null)
+            {
+                throw new ArgumentException("No webhook json.");
+            }
+
+            if(headers == null)
+            {
+                throw new ArgumentException("No headers.");
+            }
+
+            if(!headers.ContainsKey("PAYPAL-TRANSMISSION-ID"))
+            {
+                return false;
+            }
+
+            await AuthIfNeededAsync();
+
+            var req = new HttpRequestMessage
+            {
+                Method = HttpMethod.Post,
+                RequestUri = new Uri(string.Format(_baseApiUrl, "v1/notifications/verify-webhook-signature"))
+            };
+            req.Headers.Authorization = new AuthenticationHeaderValue(
+                _authResponse.TokenType, _authResponse.AccessToken);
+            req.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
+
+            var verifyRequest = new VerifyWebookRequest
+            {
+                AuthAlgo = headers["PAYPAL-AUTH-ALGO"],
+                CertUrl = headers["PAYPAL-CERT-URL"],
+                TransmissionId = headers["PAYPAL-TRANSMISSION-ID"],
+                TransmissionTime = headers["PAYPAL-TRANSMISSION-TIME"],
+                TransmissionSig = headers["PAYPAL-TRANSMISSION-SIG"],
+                WebhookId = webhookId
+            };
+            var verifyRequestJson = JsonConvert.SerializeObject(verifyRequest);
+            verifyRequestJson = verifyRequestJson.Replace("\"__WEBHOOK_BODY__\"", webhookJson);
+            req.Content = new StringContent(verifyRequestJson, Encoding.UTF8, "application/json");
+
+            var response = await _httpClient.SendAsync(req);
+            if(!response.IsSuccessStatusCode)
+            {
+                throw new Exception("Failed to verify webhook");
+            }
+
+            var responseContent = await response.Content.ReadAsStringAsync();
+            var verifyResponse = JsonConvert.DeserializeObject<VerifyWebookResponse>(responseContent);
+            return verifyResponse.Verified;
+        }
+
+        private async Task<bool> AuthIfNeededAsync()
+        {
+            if(_authResponse?.Expired ?? true)
+            {
+                var req = new HttpRequestMessage
+                {
+                    Method = HttpMethod.Post,
+                    RequestUri = new Uri(string.Format(_baseApiUrl, "v1/oauth2/token"))
+                };
+                var authVal = Convert.ToBase64String(Encoding.UTF8.GetBytes($"{_clientId}:{_clientSecret}"));
+                req.Headers.Authorization = new AuthenticationHeaderValue("Basic", authVal);
+                req.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
+                req.Content = new FormUrlEncodedContent(new[]
+                {
+                    new KeyValuePair<string, string>("grant_type", "client_credentials")
+                });
+
+                var response = await _httpClient.SendAsync(req);
+                if(!response.IsSuccessStatusCode)
+                {
+                    throw new Exception("Failed to auth with PayPal");
+                }
+
+                var responseContent = await response.Content.ReadAsStringAsync();
+                _authResponse = JsonConvert.DeserializeObject<AuthResponse>(responseContent);
+                return true;
+            }
+            return false;
+        }
+
+        public class VerifyWebookRequest
+        {
+            [JsonProperty("auth_algo")]
+            public string AuthAlgo { get; set; }
+            [JsonProperty("cert_url")]
+            public string CertUrl { get; set; }
+            [JsonProperty("transmission_id")]
+            public string TransmissionId { get; set; }
+            [JsonProperty("transmission_sig")]
+            public string TransmissionSig { get; set; }
+            [JsonProperty("transmission_time")]
+            public string TransmissionTime { get; set; }
+            [JsonProperty("webhook_event")]
+            public string WebhookEvent { get; set; } = "__WEBHOOK_BODY__";
+            [JsonProperty("webhook_id")]
+            public string WebhookId { get; set; }
+        }
+
+        public class VerifyWebookResponse
+        {
+            [JsonProperty("verification_status")]
+            public string VerificationStatus { get; set; }
+            public bool Verified => VerificationStatus == "SUCCESS";
+        }
+
+        public class AuthResponse
+        {
+            private DateTime _created;
+
+            public AuthResponse()
+            {
+                _created = DateTime.UtcNow;
+            }
+
+            [JsonProperty("scope")]
+            public string Scope { get; set; }
+            [JsonProperty("nonce")]
+            public string Nonce { get; set; }
+            [JsonProperty("access_token")]
+            public string AccessToken { get; set; }
+            [JsonProperty("token_type")]
+            public string TokenType { get; set; }
+            [JsonProperty("app_id")]
+            public string AppId { get; set; }
+            [JsonProperty("expires_in")]
+            public long ExpiresIn { get; set; }
+            public bool Expired => DateTime.UtcNow > _created.AddSeconds(ExpiresIn - 30);
+        }
+    }
+}

src/Billing/appsettings.Production.json

@@ -15,5 +15,10 @@
     "braintree": {
       "production": true
     }
+  },
+  "billingSettings": {
+    "paypal": {
+      "production": false
+    }
   }
 }

src/Billing/appsettings.json

@@ -45,18 +45,24 @@
     "notificationHub": {
       "connectionString": "SECRET",
       "hubName": "SECRET"
+    },
+    "braintree": {
+      "production": false,
+      "merchantId": "SECRET",
+      "publicKey": "SECRET",
+      "privateKey": "SECRET"
     }
   },
   "billingSettings": {
     "jobsKey": "SECRET",
     "stripeWebhookKey": "SECRET",
     "stripeWebhookSecret": "SECRET",
-    "braintreeWebhookKey": "SECRET"
-  },
-  "braintree": {
-    "production": false,
-    "merchantId": "SECRET",
-    "publicKey": "SECRET",
-    "privateKey": "SECRET"
+    "braintreeWebhookKey": "SECRET",
+    "paypal": {
+      "production": false,
+      "clientId": "SECRET",
+      "clientSecret": "SECRET",
+      "webhookId": "SECRET"
+    }
   }
 }