npm - @goweekdays/core - Versions diffs - 2.5.0 → 2.6.1 - Mend

@goweekdays/core 2.5.0 → 2.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.mjs CHANGED Viewed

@@ -6355,6 +6355,9 @@ import {
   CheckoutPaymentIntent,
   OrderApplicationContextUserAction
 } from "@paypal/paypal-server-sdk";
+import crypto3 from "crypto";
+import crc32 from "buffer-crc32";
+var certCache = /* @__PURE__ */ new Map();
 function usePaypalService() {
   const paypalClient = new Client({
     clientCredentialsAuthCredentials: {
@@ -6396,66 +6399,47 @@ function usePaypalService() {
   function captureOrder(id) {
     return new OrdersController(paypalClient).captureOrder({ id });
   }
-  async function verifyWebhook(headers, body, webhookId = PAYPAL_WEBHOOK_ID) {
-    const authAlgo = headers["paypal-auth-algo"];
-    const certUrl = headers["paypal-cert-url"];
+  async function downloadAndCacheCert(url) {
+    const cachedCert = certCache.get(url);
+    if (cachedCert) {
+      return cachedCert;
+    }
+    const response = await fetch(url);
+    if (!response.ok) {
+      throw new Error(
+        `Failed to download PayPal certificate: ${response.statusText}`
+      );
+    }
+    const certPem = await response.text();
+    certCache.set(url, certPem);
+    return certPem;
+  }
+  async function verifySignature(rawBody, headers, webhookId = PAYPAL_WEBHOOK_ID) {
     const transmissionId = headers["paypal-transmission-id"];
+    const timeStamp = headers["paypal-transmission-time"];
+    const certUrl = headers["paypal-cert-url"];
     const transmissionSig = headers["paypal-transmission-sig"];
-    const transmissionTime = headers["paypal-transmission-time"];
-    if (!authAlgo || !certUrl || !transmissionId || !transmissionSig || !transmissionTime) {
-      return {
-        verified: false,
-        verificationStatus: "FAILURE"
-      };
+    if (!transmissionId || !timeStamp || !certUrl || !transmissionSig) {
+      return false;
     }
-    const auth = Buffer.from(
-      `${PAYPAL_CLIENT_ID}:${PAYPAL_CLIENT_SECRET}`
-    ).toString("base64");
-    const tokenResponse = await fetch(`${PAYPAL_API_URL}/v1/oauth2/token`, {
-      method: "POST",
-      headers: {
-        Authorization: `Basic ${auth}`,
-        "Content-Type": "application/x-www-form-urlencoded"
-      },
-      body: "grant_type=client_credentials"
-    });
-    if (!tokenResponse.ok) {
-      throw new Error("Failed to obtain PayPal access token");
-    }
-    const tokenData = await tokenResponse.json();
-    const accessToken = tokenData.access_token;
-    const verifyResponse = await fetch(
-      `${PAYPAL_API_URL}/v1/notifications/verify-webhook-signature`,
-      {
-        method: "POST",
-        headers: {
-          Authorization: `Bearer ${accessToken}`,
-          "Content-Type": "application/json"
-        },
-        body: JSON.stringify({
-          auth_algo: authAlgo,
-          cert_url: certUrl,
-          transmission_id: transmissionId,
-          transmission_sig: transmissionSig,
-          transmission_time: transmissionTime,
-          webhook_id: webhookId,
-          webhook_event: body
-        })
-      }
-    );
-    if (!verifyResponse.ok) {
-      throw new Error("Failed to verify PayPal webhook signature");
+    const eventBuffer = Buffer.isBuffer(rawBody) ? rawBody : Buffer.from(rawBody);
+    const crcValue = parseInt("0x" + crc32(eventBuffer).toString("hex"));
+    const message = `${transmissionId}|${timeStamp}|${webhookId}|${crcValue}`;
+    try {
+      const certPem = await downloadAndCacheCert(certUrl);
+      const signatureBuffer = Buffer.from(transmissionSig, "base64");
+      const verifier = crypto3.createVerify("SHA256");
+      verifier.update(message);
+      return verifier.verify(certPem, signatureBuffer);
+    } catch (error) {
+      console.error("PayPal webhook verification error:", error);
+      throw new Error("Failed to verify PayPal webhook signature.");
     }
-    const verifyData = await verifyResponse.json();
-    return {
-      verified: verifyData.verification_status === "SUCCESS",
-      verificationStatus: verifyData.verification_status
-    };
   }
   return {
     addOrder,
     captureOrder,
-    verifyWebhook
+    verifySignature
   };
 }
@@ -9873,9 +9857,35 @@ function useUtilController() {
       }
     }
   }
+  const { verifySignature } = usePaypalService();
   async function paypalWebhook(req, res, next) {
-    console.log(req.body);
-    return res.status(200).send("OK");
+    try {
+      const headers = req.headers;
+      const event = req.body;
+      const data = JSON.parse(event);
+      console.log(`headers`, headers);
+      console.log(`parsed json`, JSON.stringify(data, null, 2));
+      console.log(`raw event: ${event}`);
+      const isSignatureValid = await verifySignature(
+        event,
+        headers,
+        PAYPAL_WEBHOOK_ID
+      );
+      if (isSignatureValid) {
+        console.log("Signature is valid.");
+        console.log(`Received event`, JSON.stringify(data, null, 2));
+      } else {
+        console.log(
+          `Signature is not valid for ${data?.id} ${headers?.["correlation-id"]}`
+        );
+      }
+      res.sendStatus(200);
+    } catch (error) {
+      logger28.log({
+        level: "error",
+        message: `${error}`
+      });
+    }
   }
   return {
     healthCheck,