@delopay/sdk 0.9.0 → 0.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +8 -6
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -167,24 +167,26 @@ const gateways = await delopay.shops.gateways.list(merchantId, shop.shop_id);
|
|
|
167
167
|
|
|
168
168
|
### Webhook verification
|
|
169
169
|
|
|
170
|
+
Delopay signs each outgoing webhook with HMAC-SHA512 over the raw request body and delivers the hex-encoded digest in the `X-Webhook-Signature-512` header. Use `express.raw()` (not `express.json()`) so the bytes reach the verifier unchanged.
|
|
171
|
+
|
|
170
172
|
```typescript
|
|
173
|
+
import express from 'express';
|
|
171
174
|
import { Delopay } from '@delopay/sdk';
|
|
172
175
|
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
const signature = req.headers['delopay-signature'] as string;
|
|
176
|
+
app.post('/webhooks/delopay', express.raw({ type: 'application/json' }), async (req, res) => {
|
|
177
|
+
const signature = req.header('x-webhook-signature-512') ?? '';
|
|
176
178
|
const secret = process.env.DELOPAY_WEBHOOK_SECRET!;
|
|
177
179
|
|
|
178
180
|
let event;
|
|
179
181
|
try {
|
|
180
|
-
event = Delopay.webhooks.verify(req.body
|
|
181
|
-
} catch
|
|
182
|
+
event = await Delopay.webhooks.verify(req.body, signature, secret);
|
|
183
|
+
} catch {
|
|
182
184
|
return res.status(400).send('Invalid signature');
|
|
183
185
|
}
|
|
184
186
|
|
|
185
187
|
switch (event.type) {
|
|
186
188
|
case 'payment_succeeded':
|
|
187
|
-
//
|
|
189
|
+
// fulfil order
|
|
188
190
|
break;
|
|
189
191
|
case 'payment_failed':
|
|
190
192
|
// notify customer
|