1
0
mirror of https://github.com/bitwarden/server.git synced 2025-01-02 18:47:44 +01:00

paypal client and stub out webhook

This commit is contained in:
Kyle Spearrin 2019-02-01 17:16:28 -05:00
parent 9882815e4a
commit f3b5068aba
6 changed files with 246 additions and 7 deletions

View File

@ -6,5 +6,14 @@
public virtual string StripeWebhookKey { get; set; } public virtual string StripeWebhookKey { get; set; }
public virtual string StripeWebhookSecret { get; set; } public virtual string StripeWebhookSecret { get; set; }
public virtual string BraintreeWebhookKey { get; set; } public virtual string BraintreeWebhookKey { get; set; }
public virtual PaypalSettings Paypal { get; set; } = new PaypalSettings();
public class PaypalSettings
{
public virtual bool Production { get; set; }
public virtual string ClientId { get; set; }
public virtual string ClientSecret { get; set; }
public virtual string WebhookId { get; set; }
}
} }
} }

View File

@ -0,0 +1,56 @@
using Bit.Billing.Utilities;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Options;
using Newtonsoft.Json;
using System.IO;
using System.Text;
using System.Threading.Tasks;
namespace Bit.Billing.Controllers
{
[Route("paypal")]
public class PaypalController : Controller
{
private readonly BillingSettings _billingSettings;
private readonly PaypalClient _paypalClient;
public PaypalController(
IOptions<BillingSettings> billingSettings,
PaypalClient paypalClient)
{
_billingSettings = billingSettings?.Value;
_paypalClient = paypalClient;
}
[HttpPost("webhook")]
public async Task<IActionResult> PostWebhook([FromQuery] string key)
{
if(HttpContext?.Request == null)
{
return new BadRequestResult();
}
string body = null;
using(var reader = new StreamReader(HttpContext.Request.Body, Encoding.UTF8))
{
body = await reader.ReadToEndAsync();
}
if(body == null)
{
return new BadRequestResult();
}
var verified = await _paypalClient.VerifyWebhookAsync(body, HttpContext.Request.Headers,
_billingSettings.Paypal.WebhookId);
if(!verified)
{
return new BadRequestResult();
}
var webhook = JsonConvert.DeserializeObject(body);
// TODO: process webhook
return new OkResult();
}
}
}

View File

@ -39,6 +39,9 @@ namespace Bit.Billing
// Repositories // Repositories
services.AddSqlServerRepositories(globalSettings); services.AddSqlServerRepositories(globalSettings);
// Paypal Client
services.AddSingleton<Utilities.PaypalClient>();
// Context // Context
services.AddScoped<CurrentContext>(); services.AddScoped<CurrentContext>();

View File

@ -0,0 +1,160 @@
using System;
using System.Collections.Generic;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Text;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
using Newtonsoft.Json;
namespace Bit.Billing.Utilities
{
public class PaypalClient
{
private readonly HttpClient _httpClient = new HttpClient();
private readonly string _baseApiUrl;
private readonly string _clientId;
private readonly string _clientSecret;
private AuthResponse _authResponse;
public PaypalClient(BillingSettings billingSettings)
{
_baseApiUrl = _baseApiUrl = !billingSettings.Paypal.Production ? "https://api.sandbox.paypal.com/{0}" :
"https://api.paypal.com/{0}";
_clientId = billingSettings.Paypal.ClientId;
_clientSecret = billingSettings.Paypal.ClientSecret;
}
public async Task<bool> VerifyWebhookAsync(string webhookJson, IHeaderDictionary headers, string webhookId)
{
if(webhookJson == null)
{
throw new ArgumentException("No webhook json.");
}
if(headers == null)
{
throw new ArgumentException("No headers.");
}
if(!headers.ContainsKey("PAYPAL-TRANSMISSION-ID"))
{
return false;
}
await AuthIfNeededAsync();
var req = new HttpRequestMessage
{
Method = HttpMethod.Post,
RequestUri = new Uri(string.Format(_baseApiUrl, "v1/notifications/verify-webhook-signature"))
};
req.Headers.Authorization = new AuthenticationHeaderValue(
_authResponse.TokenType, _authResponse.AccessToken);
req.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
var verifyRequest = new VerifyWebookRequest
{
AuthAlgo = headers["PAYPAL-AUTH-ALGO"],
CertUrl = headers["PAYPAL-CERT-URL"],
TransmissionId = headers["PAYPAL-TRANSMISSION-ID"],
TransmissionTime = headers["PAYPAL-TRANSMISSION-TIME"],
TransmissionSig = headers["PAYPAL-TRANSMISSION-SIG"],
WebhookId = webhookId
};
var verifyRequestJson = JsonConvert.SerializeObject(verifyRequest);
verifyRequestJson = verifyRequestJson.Replace("\"__WEBHOOK_BODY__\"", webhookJson);
req.Content = new StringContent(verifyRequestJson, Encoding.UTF8, "application/json");
var response = await _httpClient.SendAsync(req);
if(!response.IsSuccessStatusCode)
{
throw new Exception("Failed to verify webhook");
}
var responseContent = await response.Content.ReadAsStringAsync();
var verifyResponse = JsonConvert.DeserializeObject<VerifyWebookResponse>(responseContent);
return verifyResponse.Verified;
}
private async Task<bool> AuthIfNeededAsync()
{
if(_authResponse?.Expired ?? true)
{
var req = new HttpRequestMessage
{
Method = HttpMethod.Post,
RequestUri = new Uri(string.Format(_baseApiUrl, "v1/oauth2/token"))
};
var authVal = Convert.ToBase64String(Encoding.UTF8.GetBytes($"{_clientId}:{_clientSecret}"));
req.Headers.Authorization = new AuthenticationHeaderValue("Basic", authVal);
req.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
req.Content = new FormUrlEncodedContent(new[]
{
new KeyValuePair<string, string>("grant_type", "client_credentials")
});
var response = await _httpClient.SendAsync(req);
if(!response.IsSuccessStatusCode)
{
throw new Exception("Failed to auth with PayPal");
}
var responseContent = await response.Content.ReadAsStringAsync();
_authResponse = JsonConvert.DeserializeObject<AuthResponse>(responseContent);
return true;
}
return false;
}
public class VerifyWebookRequest
{
[JsonProperty("auth_algo")]
public string AuthAlgo { get; set; }
[JsonProperty("cert_url")]
public string CertUrl { get; set; }
[JsonProperty("transmission_id")]
public string TransmissionId { get; set; }
[JsonProperty("transmission_sig")]
public string TransmissionSig { get; set; }
[JsonProperty("transmission_time")]
public string TransmissionTime { get; set; }
[JsonProperty("webhook_event")]
public string WebhookEvent { get; set; } = "__WEBHOOK_BODY__";
[JsonProperty("webhook_id")]
public string WebhookId { get; set; }
}
public class VerifyWebookResponse
{
[JsonProperty("verification_status")]
public string VerificationStatus { get; set; }
public bool Verified => VerificationStatus == "SUCCESS";
}
public class AuthResponse
{
private DateTime _created;
public AuthResponse()
{
_created = DateTime.UtcNow;
}
[JsonProperty("scope")]
public string Scope { get; set; }
[JsonProperty("nonce")]
public string Nonce { get; set; }
[JsonProperty("access_token")]
public string AccessToken { get; set; }
[JsonProperty("token_type")]
public string TokenType { get; set; }
[JsonProperty("app_id")]
public string AppId { get; set; }
[JsonProperty("expires_in")]
public long ExpiresIn { get; set; }
public bool Expired => DateTime.UtcNow > _created.AddSeconds(ExpiresIn - 30);
}
}
}

View File

@ -15,5 +15,10 @@
"braintree": { "braintree": {
"production": true "production": true
} }
},
"billingSettings": {
"paypal": {
"production": false
}
} }
} }

View File

@ -45,13 +45,6 @@
"notificationHub": { "notificationHub": {
"connectionString": "SECRET", "connectionString": "SECRET",
"hubName": "SECRET" "hubName": "SECRET"
}
},
"billingSettings": {
"jobsKey": "SECRET",
"stripeWebhookKey": "SECRET",
"stripeWebhookSecret": "SECRET",
"braintreeWebhookKey": "SECRET"
}, },
"braintree": { "braintree": {
"production": false, "production": false,
@ -59,4 +52,17 @@
"publicKey": "SECRET", "publicKey": "SECRET",
"privateKey": "SECRET" "privateKey": "SECRET"
} }
},
"billingSettings": {
"jobsKey": "SECRET",
"stripeWebhookKey": "SECRET",
"stripeWebhookSecret": "SECRET",
"braintreeWebhookKey": "SECRET",
"paypal": {
"production": false,
"clientId": "SECRET",
"clientSecret": "SECRET",
"webhookId": "SECRET"
}
}
} }