admin/zemailnator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(payments): implement standard webhooks validation system

Browse Source 
Add comprehensive webhook validation and processing system with Polar.sh integration:

  - Create built-in Standard Webhooks package following official specification
  - Implement HMAC-SHA256 signature validation with base64 encoding
  - Add webhook factory for multi-provider support (Polar, Stripe, generic)
  - Replace custom Polar webhook validation with Standard Webhooks implementation
  - Add proper exception handling with custom WebhookVerificationException
  - Support sandbox mode bypass for development environments
  - Update Polar provider to use database-driven configuration
  - Enhance webhook test suite with proper Standard Webhooks format
  - Add PaymentProvider model HasFactory trait for testing
  - Implement timestamp tolerance checking (±5 minutes) for replay protection
  - Support multiple signature versions and proper header validation

  This provides a secure, reusable webhook validation system that can be extended
  to other payment providers while maintaining full compliance with Standard
  Webhooks specification.

  BREAKING CHANGE: Polar webhook validation now uses Standard Webhooks format
  with headers 'webhook-id', 'webhook-timestamp', 'webhook-signature' instead of
  previous Polar-specific headers.
This commit is contained in:
idevakk
2025-12-06 22:49:54 -08:00
parent 15e018eb88
commit 289baa1286
13 changed files with 1955 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
app/Services/Webhooks/WebhookFactory.php Normal file
View File

@@ -0,0 +1,32 @@
<?php
namespace App\Services\Webhooks;
class WebhookFactory
{
/**
* Create a Standard Webhooks validator for Polar
*/
public static function createPolar(string $secret): StandardWebhooks
{
// Polar uses raw secret, so we use fromRaw() method
return StandardWebhooks::fromRaw($secret);
}
/**
* Create a Standard Webhooks validator for Stripe
*/
public static function createStripe(string $secret): StandardWebhooks
{
// Stripe typically uses whsec_ prefix
return new StandardWebhooks($secret);
}
/**
* Create a Standard Webhooks validator for generic providers
*/
public static function create(string $secret, bool $isRaw = false): StandardWebhooks
{
return $isRaw ? StandardWebhooks::fromRaw($secret) : new StandardWebhooks($secret);
}
}