1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
<?php
defined( 'ABSPATH' ) || exit();
class WC_Stripe_Controller_Webhook extends WC_Stripe_Rest_Controller {
protected $namespace = '';
private $secret;
public function register_routes() {
register_rest_route(
$this->rest_uri(),
'webhook',
array(
'methods' => WP_REST_Server::CREATABLE,
'callback' => array( $this, 'webhook' ),
'permission_callback' => '__return_true'
)
);
}
public function webhook( $request ) {
$payload = $request->get_body();
$json_payload = json_decode( $payload, true );
$mode = $json_payload['livemode'] == true ? 'live' : 'test';
$this->secret = stripe_wc()->api_settings->get_option( 'webhook_secret_' . $mode );
$header = isset( $_SERVER['HTTP_STRIPE_SIGNATURE'] ) ? $_SERVER['HTTP_STRIPE_SIGNATURE'] : '';
try {
$event = \Stripe\Webhook::constructEvent( $payload, $header, $this->secret, apply_filters( 'wc_stripe_webhook_signature_tolerance', 600 ) );
wc_stripe_log_info( sprintf( 'Webhook notification received: Event: %s. Payload: %s', $event->type, print_r( $payload, true ) ) );
$type = $event->type;
$type = str_replace( '.', '_', $type );
do_action( 'wc_stripe_webhook_' . $type, $event->data->object, $request, $event );
return rest_ensure_response( apply_filters( 'wc_stripe_webhook_response', array(), $event, $request ) );
} catch ( \Stripe\Exception\SignatureVerificationException $e ) {
wc_stripe_log_error( sprintf( __( 'Invalid signature received. Verify that your webhook secret is correct. Error: %s', 'woo-stripe-payment' ), $e->getMessage() ) );
return $this->send_error_response( __( 'Invalid signature received. Verify that your webhook secret is correct.', 'woo-stripe-payment' ), 401 );
} catch ( Exception $e ) {
wc_stripe_log_info( sprintf( __( 'Error processing webhook. Message: %s Exception: %s', 'woo-stripe-payment' ), $e->getMessage(), get_class( $e ) ) );
return $this->send_error_response( $e->getMessage() );
}
}
private function send_error_response( $message, $code = 400 ) {
return new WP_Error( 'webhook-error', $message, array( 'status' => $code ) );
}
}