Use webhook secrets to validate
This commit is contained in:
Juan Pablo Vial
@ -44,9 +44,8 @@ return [
|
||||
'externalPaths' => [
|
||||
'/api/external' => [
|
||||
'/toku/success' => [
|
||||
'validator' => Incoviba\Service\Venta\MediosPago\Toku::class,
|
||||
'validator' => $container->get(Incoviba\Service\Venta\MediosPago\Toku::class),
|
||||
'token' => $container->get('TOKU_TOKEN'),
|
||||
'secret' => $container->get('TOKU_WEBHOOK_SECRET'),
|
||||
]
|
||||
],
|
||||
]
|
||||
|
||||
@ -1,10 +1,9 @@
|
||||
<?php
|
||||
namespace Incoviba\Service\Venta\MediosPago;
|
||||
|
||||
use Incoviba\Service\HMAC;
|
||||
use InvalidArgumentException;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
use Incoviba\Service\Venta\MediosPago\Toku\{Customer,Subscription,Invoice};
|
||||
use Incoviba\Common\Define\Connection;
|
||||
use Incoviba\Common\Ideal;
|
||||
use Incoviba\Common\Implement\Exception\EmptyResponse;
|
||||
use Incoviba\Exception\InvalidResult;
|
||||
@ -12,6 +11,9 @@ use Incoviba\Exception\ServiceAction\Read;
|
||||
use Incoviba\Model;
|
||||
use Incoviba\Model\Persona;
|
||||
use Incoviba\Model\Venta\Propietario;
|
||||
use Incoviba\Service\HMAC;
|
||||
use Incoviba\Service\Venta\MediosPago\Toku\{Customer,Subscription,Invoice};
|
||||
use Psr\Log\LoggerInterface;
|
||||
use Throwable;
|
||||
|
||||
class Toku extends Ideal\Service
|
||||
@ -23,6 +25,12 @@ class Toku extends Ideal\Service
|
||||
protected Customer $customer;
|
||||
protected Subscription $subscription;
|
||||
protected Invoice $invoice;
|
||||
|
||||
public function __construct(LoggerInterface $logger, protected Connection $connection)
|
||||
{
|
||||
parent::__construct($logger);
|
||||
}
|
||||
|
||||
public function register(string $type, EndPoint $endPoint): self
|
||||
{
|
||||
if (!in_array(strtolower($type), ['customer', 'subscription', 'invoice'])) {
|
||||
@ -397,7 +405,7 @@ class Toku extends Ideal\Service
|
||||
return $data;
|
||||
}
|
||||
|
||||
public static function validateToken(ServerRequestInterface $request, array $tokenConfig): bool
|
||||
public function validateToken(ServerRequestInterface $request, array $tokenConfig): bool
|
||||
{
|
||||
if (!$request->hasHeader('User-Agent') or !str_starts_with($request->getHeaderLine('User-Agent'), 'Toku-Webhooks')) {
|
||||
return false;
|
||||
@ -423,9 +431,27 @@ class Toku extends Ideal\Service
|
||||
return false;
|
||||
}
|
||||
$eventId = $json['id'];
|
||||
return HMAC::validate($timestamp, $signature, $eventId, $tokenConfig['secret']);
|
||||
$eventType = $json['event_type'];
|
||||
|
||||
$query = $this->connection->getQueryBuilder()
|
||||
->select('secret')
|
||||
->from('toku_webhooks')
|
||||
->where('enabled = ? AND event_type LIKE ?');
|
||||
$params = [true, "%\"{$eventType}\"%"];
|
||||
$statement = $this->connection->prepare($query);
|
||||
$statement->execute($params);
|
||||
$results = $statement->fetchColumn();
|
||||
if (count($results) === 0) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (array_any($results, fn($secret) => HMAC::validate($timestamp, $signature, $eventId, $secret))) {
|
||||
return true;
|
||||
}
|
||||
|
||||
} catch (Throwable $throwable) {
|
||||
return false;
|
||||
$this->logger->error($throwable);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user