Webhook Invalid Signature
rymesaint opened this issue · comments
Ridwan Fauzan commented
- Cashier Paddle Version: 1.6
- Laravel Version: 9.19
- PHP Version: 8.1
- Database Driver & Version: mysql
Description:
I think the response from paddle webhook is different on how to get the response on WebhookController.
{
"url": "https://send-wave.sharedwithexpose.com/paddle/webhook",
"method": "POST",
"data": {
"alert_id": "3385690",
"alert_name": "subscription_payment_succeeded",
"balance_currency": "USD",
"balance_earnings": "17.45",
"balance_fee": "1.55",
"balance_gross": "21.09",
"balance_tax": "2.09",
"checkout_id": "1139735-chre671e92b1055-ea7c299d33",
"country": "ID",
"coupon": "",
"currency": "USD",
"custom_data": "",
"customer_name": "test",
"earnings": "17.45",
"email": "rymetutorial@gmail.com",
"event_time": "2022-12-11 15:44:32",
"fee": "1.55",
"initial_payment": 1,
"instalments": "1",
"marketing_consent": 0,
"next_bill_date": "2023-01-11",
"next_payment_amount": "21.09",
"order_id": "494576-3601162",
"passthrough": "{\"app_id\":\"01GKVT79XGQP7B218AV4BJZKRV\",\"subscription_name\":\"primary\",\"billable_id\":\"01gkrax0eq1bj8zw312cy0key7\",\"billable_type\":\"App\\\\Models\\\\User\"}",
"payment_method": "card",
"payment_tax": "2.09",
"plan_name": "Startup Wave",
"quantity": "1",
"receipt_url": "http://sandbox-my.paddle.com/receipt/494576-3601162/1139735-chre671e92b1055-ea7c299d33",
"sale_gross": "21.09",
"status": "active",
"subscription_id": "387030",
"subscription_payment_id": "3601162",
"subscription_plan_id": "40923",
"unit_price": "19.00",
"user_id": "370433",
"p_signature": "Bi7YnsbuPjfPp/wb0dNeV7uejZEQpZeNPLb0eg/uvBOUDT34eEKX5xQNZ2Ef571sH3G22I6UW6jew6meVbYkStTGQBVq8Olz5Syj/Fnq/gL2DrvmWrimRGVD9YxzFKomABIGzsu+9W01xvqVMryeQPKfsQ8/BU7CpFb/zOBZ0+LEFCAneZOFoAnptIMjVkpoMoJMO/pwPgOgTtUpfi/iGK5Cv/3rUCFSmKuc9MxgWi8MAgFi5/9zf2uOkztFB6t2EGHemgdDousR9LYalsP+EuPLL17gjEF7/++RuXpGODTIDqdBfbDJwmgkXTP8jgTL9bVDeoifGNQvKAykz8WP31hb3o9iASn8LNSZohzC72t1KgFUYzmV5Gb8kvWHn/5CENWyihBeXIEa7Xr1Jcv0zibtHt2vli42xGApRJ4iJ99nvJNCJ31EhdRVaMZccfB/GRQcJBY/MuaNQHqXWjntChoB/j5/KVWYcgW1xNqEEFud1ZMq1Bef76aeIfp5gf37D4VN/pHB3QQPyw1o0P+vj1uc2kNjrvyW6/wc4VISIAfR5n+AzEZVPraSmgyOZiys8lJ+IyN5TkMNwGBUZacdrg3+xgpbc5bHvw6GWhjvswFQCalwG+8L3f44Eo11BMLT872MoeTjU0MBVgF5LN5fB+sKGiRonqSMhVWUUo7+Rlc="
}
}
public function __invoke(Request $request)
{
$allData = $request->all();
$payload = $allData['data']; // so i need to put this to get the data of the webhook
if (! isset($payload['alert_name'])) {
return new Response();
}
....
}
Because of this changes if i remove that part it won't works and the webhook middleware for verifying public key too need to be updated on how to get the signature key and extracting fields data.
Dries Vints commented
No, it's not. If that would be the case then all Cashier and Spark installations would be broken. I think this is just a format that Expose shows you.