- Add support for subscription.uncanceled webhook event
- Fix spelling mismatch for subscription.canceled (Polar) vs subscription.cancelled (code)
- Implement proper cancel_at_period_end handling in subscription.canceled events
- Add cancelled_at field updates for subscription.updated events
- Handle Polar's spelling variants (canceled_at vs cancelled_at) consistently
- Remove non-existent pause_reason column from subscription uncanceled handler
- Enhance webhook logging with detailed field update tracking
- Add comprehensive cancellation metadata storage in provider_data
- Gracefully handle null provider_subscription_id in payment confirmation polling
All Polar webhook events now properly sync subscription state including
cancellation timing, reasons, and billing period details.
Add comprehensive webhook validation and processing system with Polar.sh integration:
- Create built-in Standard Webhooks package following official specification
- Implement HMAC-SHA256 signature validation with base64 encoding
- Add webhook factory for multi-provider support (Polar, Stripe, generic)
- Replace custom Polar webhook validation with Standard Webhooks implementation
- Add proper exception handling with custom WebhookVerificationException
- Support sandbox mode bypass for development environments
- Update Polar provider to use database-driven configuration
- Enhance webhook test suite with proper Standard Webhooks format
- Add PaymentProvider model HasFactory trait for testing
- Implement timestamp tolerance checking (±5 minutes) for replay protection
- Support multiple signature versions and proper header validation
This provides a secure, reusable webhook validation system that can be extended
to other payment providers while maintaining full compliance with Standard
Webhooks specification.
BREAKING CHANGE: Polar webhook validation now uses Standard Webhooks format
with headers 'webhook-id', 'webhook-timestamp', 'webhook-signature' instead of
previous Polar-specific headers.
