Giters

laravel / cashier-paddle

Cashier Paddle provides an expressive, fluent interface to Paddle's subscription billing services.

Home Page:https://laravel.com/docs/cashier-paddle

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Webhook Invalid Signature

rymesaint opened this issue · comments

commented
  • Cashier Paddle Version: 1.6
  • Laravel Version: 9.19
  • PHP Version: 8.1
  • Database Driver & Version: mysql

Description:

I think the response from paddle webhook is different on how to get the response on WebhookController.

{
  "url": "https://send-wave.sharedwithexpose.com/paddle/webhook",
  "method": "POST",
  "data": {
    "alert_id": "3385690",
    "alert_name": "subscription_payment_succeeded",
    "balance_currency": "USD",
    "balance_earnings": "17.45",
    "balance_fee": "1.55",
    "balance_gross": "21.09",
    "balance_tax": "2.09",
    "checkout_id": "1139735-chre671e92b1055-ea7c299d33",
    "country": "ID",
    "coupon": "",
    "currency": "USD",
    "custom_data": "",
    "customer_name": "test",
    "earnings": "17.45",
    "email": "rymetutorial@gmail.com",
    "event_time": "2022-12-11 15:44:32",
    "fee": "1.55",
    "initial_payment": 1,
    "instalments": "1",
    "marketing_consent": 0,
    "next_bill_date": "2023-01-11",
    "next_payment_amount": "21.09",
    "order_id": "494576-3601162",
    "passthrough": "{\"app_id\":\"01GKVT79XGQP7B218AV4BJZKRV\",\"subscription_name\":\"primary\",\"billable_id\":\"01gkrax0eq1bj8zw312cy0key7\",\"billable_type\":\"App\\\\Models\\\\User\"}",
    "payment_method": "card",
    "payment_tax": "2.09",
    "plan_name": "Startup Wave",
    "quantity": "1",
    "receipt_url": "http://sandbox-my.paddle.com/receipt/494576-3601162/1139735-chre671e92b1055-ea7c299d33",
    "sale_gross": "21.09",
    "status": "active",
    "subscription_id": "387030",
    "subscription_payment_id": "3601162",
    "subscription_plan_id": "40923",
    "unit_price": "19.00",
    "user_id": "370433",
    "p_signature": "Bi7YnsbuPjfPp/wb0dNeV7uejZEQpZeNPLb0eg/uvBOUDT34eEKX5xQNZ2Ef571sH3G22I6UW6jew6meVbYkStTGQBVq8Olz5Syj/Fnq/gL2DrvmWrimRGVD9YxzFKomABIGzsu+9W01xvqVMryeQPKfsQ8/BU7CpFb/zOBZ0+LEFCAneZOFoAnptIMjVkpoMoJMO/pwPgOgTtUpfi/iGK5Cv/3rUCFSmKuc9MxgWi8MAgFi5/9zf2uOkztFB6t2EGHemgdDousR9LYalsP+EuPLL17gjEF7/++RuXpGODTIDqdBfbDJwmgkXTP8jgTL9bVDeoifGNQvKAykz8WP31hb3o9iASn8LNSZohzC72t1KgFUYzmV5Gb8kvWHn/5CENWyihBeXIEa7Xr1Jcv0zibtHt2vli42xGApRJ4iJ99nvJNCJ31EhdRVaMZccfB/GRQcJBY/MuaNQHqXWjntChoB/j5/KVWYcgW1xNqEEFud1ZMq1Bef76aeIfp5gf37D4VN/pHB3QQPyw1o0P+vj1uc2kNjrvyW6/wc4VISIAfR5n+AzEZVPraSmgyOZiys8lJ+IyN5TkMNwGBUZacdrg3+xgpbc5bHvw6GWhjvswFQCalwG+8L3f44Eo11BMLT872MoeTjU0MBVgF5LN5fB+sKGiRonqSMhVWUUo7+Rlc="
  }
}
public function __invoke(Request $request)
    {
        $allData = $request->all();
        
        $payload = $allData['data'];  // so i need to put this to get the data of the webhook

        if (! isset($payload['alert_name'])) {
            return new Response();
        }
        ....

}

Because of this changes if i remove that part it won't works and the webhook middleware for verifying public key too need to be updated on how to get the signature key and extracting fields data.

commented

No, it's not. If that would be the case then all Cashier and Spark installations would be broken. I think this is just a format that Expose shows you.