Add comprehensive webhook validation and processing system with Polar.sh integration:
- Create built-in Standard Webhooks package following official specification
- Implement HMAC-SHA256 signature validation with base64 encoding
- Add webhook factory for multi-provider support (Polar, Stripe, generic)
- Replace custom Polar webhook validation with Standard Webhooks implementation
- Add proper exception handling with custom WebhookVerificationException
- Support sandbox mode bypass for development environments
- Update Polar provider to use database-driven configuration
- Enhance webhook test suite with proper Standard Webhooks format
- Add PaymentProvider model HasFactory trait for testing
- Implement timestamp tolerance checking (±5 minutes) for replay protection
- Support multiple signature versions and proper header validation
This provides a secure, reusable webhook validation system that can be extended
to other payment providers while maintaining full compliance with Standard
Webhooks specification.
BREAKING CHANGE: Polar webhook validation now uses Standard Webhooks format
with headers 'webhook-id', 'webhook-timestamp', 'webhook-signature' instead of
previous Polar-specific headers.
- Add base repository interfaces and abstract classes
- Implement separated read/write repositories for Domain and Username models
- Add intelligent query caching with automatic invalidation
- Include cache management service and CLI commands
- Add comprehensive configuration for cache TTL and monitoring
- Enhance performance through optimized data access patterns
