Add a Stripe webhook endpoint for payment processing#130
Merged
Conversation
not used now but maybe nice for reference for further dev
…to continue_from_wuan
This is a new required CLI argument so that we can validate signatures on webhooks.
…d-payment-intents
…d-payment-intents
hacklschorsch
approved these changes
Oct 31, 2022
Collaborator
hacklschorsch
left a comment
There was a problem hiding this comment.
Reviewed to the best of my current ability, I feel this is a big improvement and should be merged & deployed (to be improved further in later change sets).
Added a few questions about semantics - where it looked to me naming didn't fit perfect to what the code does.
Collaborator
|
This includes / obsoletes #121. |
Collaborator
|
I like the description of this MR a lot. At least the upper half of it would be a great permanent addition the the PaymentServer documentation IMHO |
A helper for populating database state related to voucher/payment.
Collaborator
Author
|
I'm happy enough with this now. Assuming testing on staging goes well I'll merge it without further changes. |
Collaborator
Author
|
This works on staging. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This adds a handler at
/v1/stripe/webhookwhich can be configured as a Stripe "webhook" for receiving push notifications about events related to a Stripe account. It is intended to be configured as a hook to receivecheckout.session.completedevents which it uses to populate the database with information about voucher payments.A new required command-line option is introduced which must be given the "webhook secret" so that webhook request signatures can be verified to avoid use of the endpoint by parties other than Stripe.
The webhook must be configured in the correct Stripe account so that Stripe will make use of this endpoint. One way to do this is with:
The old "charge"-based endpoint is still in place but presumably it can be deleted in the near future (it seems convenient to have at least one revision where both systems are supported though).
Note that while the diff looks like it's a bit on the long side, a solid +400 of that diff are just sample Stripe JSON data.
Also note that this PR switches us to a fork of stripe-core which supports a newer version of the Stripe API. The changes in the fork are not currently suitable to be submitted upstream. Before we can satisfy further Stripe-related requirements we probably need to revisit our dependency on stripe-core (see #131 for one idea).