npm - @goweekdays/core - Versions diffs - 2.5.0 → 2.6.0 - Mend

@goweekdays/core 2.5.0 → 2.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,11 @@
 # @goweekdays/core
+## 2.6.0
+### Minor Changes
+- 260c0c8: Paypal webhook verification implementation
 ## 2.5.0
 ### Minor Changes

package/dist/index.d.ts CHANGED Viewed

@@ -630,7 +630,7 @@ declare function useGitHubService(): {
 declare function useUtilController(): {
     healthCheck: (req: Request, res: Response, next: NextFunction) => Promise<void>;
     setGitHubVariables: (req: Request, res: Response, next: NextFunction) => Promise<void>;
-    paypalWebhook: (req: Request, res: Response, next: NextFunction) => Promise<Response<any, Record<string, any>>>;
+    paypalWebhook: (req: Request, res: Response, next: NextFunction) => Promise<void>;
 };
 declare const transactionSchema: Joi.ObjectSchema<any>;

package/dist/index.js CHANGED Viewed

@@ -6361,6 +6361,9 @@ function usePlanController() {
 // src/resources/utils/paypal.service.ts
 var import_paypal_server_sdk = require("@paypal/paypal-server-sdk");
+var import_crypto3 = __toESM(require("crypto"));
+var import_buffer_crc32 = __toESM(require("buffer-crc32"));
+var certCache = /* @__PURE__ */ new Map();
 function usePaypalService() {
   const paypalClient = new import_paypal_server_sdk.Client({
     clientCredentialsAuthCredentials: {
@@ -6402,61 +6405,42 @@ function usePaypalService() {
   function captureOrder(id) {
     return new import_paypal_server_sdk.OrdersController(paypalClient).captureOrder({ id });
   }
-  async function verifyWebhook(headers, body, webhookId = PAYPAL_WEBHOOK_ID) {
-    const authAlgo = headers["paypal-auth-algo"];
-    const certUrl = headers["paypal-cert-url"];
+  async function downloadAndCacheCert(url) {
+    const cachedCert = certCache.get(url);
+    if (cachedCert) {
+      return cachedCert;
+    }
+    const response = await fetch(url);
+    if (!response.ok) {
+      throw new Error(
+        `Failed to download PayPal certificate: ${response.statusText}`
+      );
+    }
+    const certPem = await response.text();
+    certCache.set(url, certPem);
+    return certPem;
+  }
+  async function verifyWebhook(rawBody, headers, webhookId = PAYPAL_WEBHOOK_ID) {
     const transmissionId = headers["paypal-transmission-id"];
+    const timeStamp = headers["paypal-transmission-time"];
+    const certUrl = headers["paypal-cert-url"];
     const transmissionSig = headers["paypal-transmission-sig"];
-    const transmissionTime = headers["paypal-transmission-time"];
-    if (!authAlgo || !certUrl || !transmissionId || !transmissionSig || !transmissionTime) {
-      return {
-        verified: false,
-        verificationStatus: "FAILURE"
-      };
-    }
-    const auth = Buffer.from(
-      `${PAYPAL_CLIENT_ID}:${PAYPAL_CLIENT_SECRET}`
-    ).toString("base64");
-    const tokenResponse = await fetch(`${PAYPAL_API_URL}/v1/oauth2/token`, {
-      method: "POST",
-      headers: {
-        Authorization: `Basic ${auth}`,
-        "Content-Type": "application/x-www-form-urlencoded"
-      },
-      body: "grant_type=client_credentials"
-    });
-    if (!tokenResponse.ok) {
-      throw new Error("Failed to obtain PayPal access token");
+    if (!transmissionId || !timeStamp || !certUrl || !transmissionSig) {
+      return false;
     }
-    const tokenData = await tokenResponse.json();
-    const accessToken = tokenData.access_token;
-    const verifyResponse = await fetch(
-      `${PAYPAL_API_URL}/v1/notifications/verify-webhook-signature`,
-      {
-        method: "POST",
-        headers: {
-          Authorization: `Bearer ${accessToken}`,
-          "Content-Type": "application/json"
-        },
-        body: JSON.stringify({
-          auth_algo: authAlgo,
-          cert_url: certUrl,
-          transmission_id: transmissionId,
-          transmission_sig: transmissionSig,
-          transmission_time: transmissionTime,
-          webhook_id: webhookId,
-          webhook_event: body
-        })
-      }
-    );
-    if (!verifyResponse.ok) {
-      throw new Error("Failed to verify PayPal webhook signature");
+    const eventBuffer = Buffer.isBuffer(rawBody) ? rawBody : Buffer.from(rawBody);
+    const crcValue = parseInt("0x" + (0, import_buffer_crc32.default)(eventBuffer).toString("hex"));
+    const message = `${transmissionId}|${timeStamp}|${webhookId}|${crcValue}`;
+    try {
+      const certPem = await downloadAndCacheCert(certUrl);
+      const signatureBuffer = Buffer.from(transmissionSig, "base64");
+      const verifier = import_crypto3.default.createVerify("SHA256");
+      verifier.update(message);
+      return verifier.verify(certPem, signatureBuffer);
+    } catch (error) {
+      console.error("PayPal webhook verification error:", error);
+      throw new Error("Failed to verify PayPal webhook signature.");
     }
-    const verifyData = await verifyResponse.json();
-    return {
-      verified: verifyData.verification_status === "SUCCESS",
-      verificationStatus: verifyData.verification_status
-    };
   }
   return {
     addOrder,
@@ -9839,9 +9823,21 @@ function useUtilController() {
       }
     }
   }
+  const { verifyWebhook } = usePaypalService();
   async function paypalWebhook(req, res, next) {
-    console.log(req.body);
-    return res.status(200).send("OK");
+    console.log(req);
+    try {
+      await verifyWebhook(req.body, req.headers, PAYPAL_WEBHOOK_ID);
+      res.status(200).send("OK");
+      return;
+    } catch (error) {
+      import_utils55.logger.log({
+        level: "error",
+        message: "PayPal webhook verification failed"
+      });
+      res.status(400).send("Invalid webhook");
+      return;
+    }
   }
   return {
     healthCheck,