Incoviba/oficial
1
0
Fork 0
Code Issues Pull Requests 2 Releases Wiki Activity

Use webhook secrets to validate

Browse Source
This commit is contained in:
Juan Pablo Vial
2025-06-03 22:11:57 -04:00
parent b10accf602
commit d9a2f63691
2 changed files with 32 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/setup/settings/urls.php
View File

@ -44,9 +44,8 @@ return [
'externalPaths' => [ 'externalPaths' => [
'/api/external' => [ '/api/external' => [
'/toku/success' => [ '/toku/success' => [
'validator' => Incoviba\Service\Venta\MediosPago\Toku::class, 'validator' => $container->get(Incoviba\Service\Venta\MediosPago\Toku::class),
'token' => $container->get('TOKU_TOKEN'), 'token' => $container->get('TOKU_TOKEN'),
'secret' => $container->get('TOKU_WEBHOOK_SECRET'),
] ]
], ],
] ]

36
app/src/Service/Venta/MediosPago/Toku.php
View File

@ -1,10 +1,9 @@
<?php <?php
namespace Incoviba\Service\Venta\MediosPago; namespace Incoviba\Service\Venta\MediosPago;
use Incoviba\Service\HMAC;
use InvalidArgumentException; use InvalidArgumentException;
use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Message\ServerRequestInterface;
use Incoviba\Service\Venta\MediosPago\Toku\{Customer,Subscription,Invoice}; use Incoviba\Common\Define\Connection;
use Incoviba\Common\Ideal; use Incoviba\Common\Ideal;
use Incoviba\Common\Implement\Exception\EmptyResponse; use Incoviba\Common\Implement\Exception\EmptyResponse;
use Incoviba\Exception\InvalidResult; use Incoviba\Exception\InvalidResult;
@ -12,6 +11,9 @@ use Incoviba\Exception\ServiceAction\Read;
use Incoviba\Model; use Incoviba\Model;
use Incoviba\Model\Persona; use Incoviba\Model\Persona;
use Incoviba\Model\Venta\Propietario; use Incoviba\Model\Venta\Propietario;
use Incoviba\Service\HMAC;
use Incoviba\Service\Venta\MediosPago\Toku\{Customer,Subscription,Invoice};
use Psr\Log\LoggerInterface;
use Throwable; use Throwable;
class Toku extends Ideal\Service class Toku extends Ideal\Service
@ -23,6 +25,12 @@ class Toku extends Ideal\Service
protected Customer $customer; protected Customer $customer;
protected Subscription $subscription; protected Subscription $subscription;
protected Invoice $invoice; protected Invoice $invoice;
public function __construct(LoggerInterface $logger, protected Connection $connection)
{
parent::__construct($logger);
}
public function register(string $type, EndPoint $endPoint): self public function register(string $type, EndPoint $endPoint): self
{ {
if (!in_array(strtolower($type), ['customer', 'subscription', 'invoice'])) { if (!in_array(strtolower($type), ['customer', 'subscription', 'invoice'])) {
@ -397,7 +405,7 @@ class Toku extends Ideal\Service
return $data; return $data;
} }
public static function validateToken(ServerRequestInterface $request, array $tokenConfig): bool public function validateToken(ServerRequestInterface $request, array $tokenConfig): bool
{ {
if (!$request->hasHeader('User-Agent') or !str_starts_with($request->getHeaderLine('User-Agent'), 'Toku-Webhooks')) { if (!$request->hasHeader('User-Agent') or !str_starts_with($request->getHeaderLine('User-Agent'), 'Toku-Webhooks')) {
return false; return false;
@ -423,9 +431,27 @@ class Toku extends Ideal\Service
return false; return false;
} }
$eventId = $json['id']; $eventId = $json['id'];
return HMAC::validate($timestamp, $signature, $eventId, $tokenConfig['secret']); $eventType = $json['event_type'];
$query = $this->connection->getQueryBuilder()
->select('secret')
->from('toku_webhooks')
->where('enabled = ? AND event_type LIKE ?');
$params = [true, "%\"{$eventType}\"%"];
$statement = $this->connection->prepare($query);
$statement->execute($params);
$results = $statement->fetchColumn();
if (count($results) === 0) {
return false;
}
if (array_any($results, fn($secret) => HMAC::validate($timestamp, $signature, $eventId, $secret))) {
return true;
}
} catch (Throwable $throwable) { } catch (Throwable $throwable) {
return false; $this->logger->error($throwable);
} }
return false;
} }
} }