getContent(); $data = json_decode($postData, true); // Validate request data if (!$data || !isset($data['type']) || !in_array($data['type'], ['invoice', 'payment_link', 'payout'])) { \Log::warning('Invalid Oxapay webhook data', ['data' => $data]); return response('Invalid data.type', 400); } // Determine API secret key based on type $apiSecretKey = $data['type'] === 'invoice' ? config('services.oxapay.merchant_api_key') : config('services.oxapay.payout_api_key'); // Validate HMAC signature $hmacHeader = $request->header('HMAC'); $calculatedHmac = hash_hmac('sha512', $postData, $apiSecretKey); if (hash_equals($calculatedHmac, $hmacHeader)) { // HMAC signature is valid try { if ($data['type'] === 'invoice' || $data['type'] === 'payment_link') { // Process invoice payment data $email = $data['email'] ?? 'Unknown'; $amount = $data['amount'] ?? 'Unknown'; $currency = $data['currency'] ?? 'Unknown'; $trackId = $data['track_id'] ?? 'Unknown'; $orderId = $data['order_id'] ?? 'N/A'; $date = isset($data['date']) ? Carbon::createFromTimestamp($data['date'])->toDateTimeString() : now()->toDateTimeString(); \Log::info('Received Oxapay invoice payment callback', [ 'track_id' => $trackId, 'email' => $email, 'amount' => $amount, 'currency' => $currency, 'order_id' => $orderId, 'date' => $date, ]); $message = "✅ Oxapay Invoice Payment Success\n" . "Track ID: {$trackId}\n" . "Email: {$email}\n" . "Amount: {$amount} {$currency}\n" . "Order ID: {$orderId}\n" . "Time: {$date}"; self::sendTelegramNotification($message); } elseif ($data['type'] === 'payout') { // Process payout data $trackId = $data['track_id'] ?? 'Unknown'; $amount = $data['amount'] ?? 'Unknown'; $currency = $data['currency'] ?? 'Unknown'; $network = $data['network'] ?? 'Unknown'; $address = $data['address'] ?? 'Unknown'; $txHash = $data['tx_hash'] ?? 'Unknown'; $description = $data['description'] ?? 'N/A'; $date = isset($data['date']) ? Carbon::createFromTimestamp($data['date'])->toDateTimeString() : now()->toDateTimeString(); \Log::info('Received Oxapay payout callback', [ 'track_id' => $trackId, 'status' => $data['status'] ?? 'Unknown', 'amount' => $amount, 'currency' => $currency, 'network' => $network, 'address' => $address, 'tx_hash' => $txHash, 'description' => $description, 'date' => $date, ]); $message = "📤 Oxapay Payout Confirmed\n" . "Track ID: {$trackId}\n" . "Amount: {$amount} {$currency}\n" . "Network: {$network}\n" . "Address: {$address}\n" . "Transaction Hash: {$txHash}\n" . "Description: {$description}\n" . "Date: {$date}"; self::sendTelegramNotification($message); } return response('OK', 200); } catch (\Exception $e) { \Log::error('Oxapay webhook processing error', ['error' => $e->getMessage(), 'data' => $data]); self::sendTelegramNotification(" Failed to process Oxapay webhook\n Type: {$data['type']}\n Email/Track ID: " . ($data['type'] === 'invoice' ? ($data['email'] ?? 'Unknown') : ($data['track_id'] ?? 'Unknown')) . "\n Error: {$e->getMessage()} "); return response('Processing error', 400); } } else { \Log::warning('Invalid Oxapay HMAC signature', ['hmac_header' => $hmacHeader, 'calculated_hmac' => $calculatedHmac]); return response('Invalid HMAC signature', 400); } } }