AccountClaimMiddleware.php
3 years ago
ArchiveModelMiddleware.php
3 years ago
BrandColorMiddleware.php
3 years ago
CheckoutRedirectMiddleware.php
3 years ago
ComponentAssetsMiddleware.php
3 years ago
CustomerDashboardRedirectMiddleware.php
3 years ago
EditModelMiddleware.php
3 years ago
LoginLinkMiddleware.php
3 years ago
LoginMiddleware.php
3 years ago
NonceMiddleware.php
3 years ago
OrderRedirectMiddleware.php
3 years ago
PathRedirectMiddleware.php
3 years ago
PaymentFailureRedirectMiddleware.php
3 years ago
PurchaseRedirectMiddleware.php
3 years ago
SubscriptionRedirectMiddleware.php
3 years ago
WebhooksMiddleware.php
2 years ago
WebhooksMiddleware.php
101 lines
| 1 | <?php |
| 2 | |
| 3 | namespace SureCart\Middleware; |
| 4 | |
| 5 | use Closure; |
| 6 | use SureCart\Models\RegisteredWebhook; |
| 7 | use SureCartCore\Requests\RequestInterface; |
| 8 | |
| 9 | /** |
| 10 | * Middleware for handling model archiving. |
| 11 | */ |
| 12 | class WebhooksMiddleware { |
| 13 | /** |
| 14 | * Holds the current request. |
| 15 | * |
| 16 | * @var RequestInterface |
| 17 | */ |
| 18 | protected $request; |
| 19 | |
| 20 | /** |
| 21 | * Handle the middleware. |
| 22 | * |
| 23 | * @param RequestInterface $request Request. |
| 24 | * @param Closure $next Next. |
| 25 | * @return function |
| 26 | */ |
| 27 | public function handle( RequestInterface $request, Closure $next ) { |
| 28 | $this->request = $request; |
| 29 | |
| 30 | if ( ! $this->verifySignature( $request ) ) { |
| 31 | return \SureCart::json( [ 'error' => 'Invalid signature' ] )->withStatus( 403 ); |
| 32 | } |
| 33 | |
| 34 | return $next( $request ); |
| 35 | } |
| 36 | |
| 37 | /** |
| 38 | * Verify the signature. |
| 39 | * |
| 40 | * @return bool |
| 41 | */ |
| 42 | public function verifySignature() { |
| 43 | return $this->getSignature() === $this->computeHash(); |
| 44 | } |
| 45 | |
| 46 | /** |
| 47 | * Compute an HMAC with the SHA256 hash function. |
| 48 | * Use the endpoint’s signing secret as the key, and use the signed_payload string as the message. |
| 49 | * |
| 50 | * @return string |
| 51 | */ |
| 52 | public function computeHash() { |
| 53 | return hash_hmac( 'sha256', $this->getSignedPayload(), $this->getSigningSecret() ); |
| 54 | } |
| 55 | |
| 56 | /** |
| 57 | * Get the signing secret. |
| 58 | * |
| 59 | * @return string |
| 60 | */ |
| 61 | public function getSigningSecret() { |
| 62 | return RegisteredWebhook::getSigningSecret(); |
| 63 | } |
| 64 | |
| 65 | /** |
| 66 | * Get expected json request body. |
| 67 | * |
| 68 | * @return string |
| 69 | */ |
| 70 | public function getBody() { |
| 71 | return file_get_contents( 'php://input' ); |
| 72 | } |
| 73 | |
| 74 | /** |
| 75 | * Get the webhook signature. |
| 76 | * |
| 77 | * @return string |
| 78 | */ |
| 79 | public function getSignature() { |
| 80 | return $this->request->headers( 'X-Webhook-Signature' )[0] ?? ''; |
| 81 | } |
| 82 | |
| 83 | /** |
| 84 | * Get the webhook timestamp. |
| 85 | * |
| 86 | * @return string |
| 87 | */ |
| 88 | public function getTimestamp() { |
| 89 | return $this->request->headers( 'X-Webhook-Timestamp' )[0] ?? ''; |
| 90 | } |
| 91 | |
| 92 | /** |
| 93 | * Get the signed payload. |
| 94 | * |
| 95 | * @return string |
| 96 | */ |
| 97 | public function getSignedPayload() { |
| 98 | return $this->getTimestamp() . '.' . $this->getBody(); |
| 99 | } |
| 100 | } |
| 101 |