Skip to content

Add a Stripe webhook endpoint for payment processing#130

Merged
exarkun merged 48 commits intomainfrom
240.stripe-webhook-and-payment-intents
Nov 2, 2022
Merged

Add a Stripe webhook endpoint for payment processing#130
exarkun merged 48 commits intomainfrom
240.stripe-webhook-and-payment-intents

Conversation

@exarkun
Copy link
Copy Markdown
Collaborator

@exarkun exarkun commented Oct 28, 2022
edited
Loading

This adds a handler at /v1/stripe/webhook which can be configured as a Stripe "webhook" for receiving push notifications about events related to a Stripe account. It is intended to be configured as a hook to receive checkout.session.completed events which it uses to populate the database with information about voucher payments.

A new required command-line option is introduced which must be given the "webhook secret" so that webhook request signatures can be verified to avoid use of the endpoint by parties other than Stripe.

The webhook must be configured in the correct Stripe account so that Stripe will make use of this endpoint. One way to do this is with:

curl \
    https://api.stripe.com/v1/webhook_endpoints \
    -u sk_test_yourkey: \
    -d url="https://serveraddress/v1/stripe/webhook" \
    -d "enabled_events[]"="checkout.session.completed"

The old "charge"-based endpoint is still in place but presumably it can be deleted in the near future (it seems convenient to have at least one revision where both systems are supported though).

Note that while the diff looks like it's a bit on the long side, a solid +400 of that diff are just sample Stripe JSON data.

Also note that this PR switches us to a fork of stripe-core which supports a newer version of the Stripe API. The changes in the fork are not currently suitable to be submitted upstream. Before we can satisfy further Stripe-related requirements we probably need to revisit our dependency on stripe-core (see #131 for one idea).

wuan and others added 30 commits September 15, 2022 12:28
@wuan
restore old webhook endpoint
9a95dd9
@wuan
update versions and add missing imports
26bd10f
@wuan
reference updated version
01fdeb1
@wuan
partial fix from meeting
185298e
@wuan
fixed last compile error
d74b049
@wuan
import cleanup
42d19c5
@wuan
update dependency
1ca9928
@wuan
Merge remote-tracking branch 'upstream/main' into new_payment
2c4a791
@wuan
upgrade network to avoid compile errors
dd25dc7
@wuan
update materialized payment server
2bf07c9
@wuan
Merge remote-tracking branch 'upstream/main' into new_payment
7061a2a
@wuan
move webhook endpoint to stripe path and add some example payloads
8f76ae7
@wuan
accept stripe signature header and plain text to prepare validation
cc40dad
@hacklschorsch
packaging changes to get stripe-signature
a50b0ce
@hacklschorsch
start writing a test for the webhook endpoint
ec6584b
@hacklschorsch
the pretty version of the charge event json
bb9a91e 
not used now but maybe nice for reference for further dev
@exarkun
Merge remote-tracking branch 'wuan/new_payment_prepare_validation' in…
b734408 
…to continue_from_wuan
@exarkun
Test that demonstrates a 200 response for an Event-having request body
b0d4f8b
@exarkun
exercise and implement some more cases of the webhook
7fd0a0b
@exarkun
fix parsing of Stripe Events in the happy-path
5e7813a
@exarkun
steps towards handling properly signed webhook requests
85359d8
@exarkun
Merge branch '125.give-up-chargeid' into 240.stripe-webhook-and-payme…
76ba261 
…nt-intents
@exarkun
be explicit in what we are importing
b23be3d
@exarkun
Be sure we can handle the other events Stripe might deliver to us
35bf5b1
@exarkun
Thread the webhook secret key from CLI to webhook implementation
944ae74 
This is a new required CLI argument so that we can validate signatures on webhooks.
@exarkun
Fix the materialization
8d86a2e
@exarkun
This is redundant with the other example
52335d5
@exarkun
We don't need a charge anymore and we have a payment_intent in the te…
83e9d46 
…st suite
@exarkun
Fix the tests :/
9a18d35
@exarkun
Merge remote-tracking branch 'origin/main' into 240.stripe-webhook-an…
c820d5b 
…d-payment-intents
@exarkun exarkun mentioned this pull request Oct 28, 2022
Open
hacklschorsch
hacklschorsch approved these changes Oct 31, 2022
View reviewed changes
Copy link
Copy Markdown
Collaborator

@hacklschorsch hacklschorsch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed to the best of my current ability, I feel this is a big improvement and should be merged & deployed (to be improved further in later change sets).

Added a few questions about semantics - where it looked to me naming didn't fit perfect to what the code does.

Comment thread nix/materialized.paymentserver/default.nix
Comment thread test/Stripe.hs Outdated
Comment thread test/Stripe.hs Outdated
Comment thread test/Stripe.hs Outdated
@hacklschorsch
Copy link
Copy Markdown
Collaborator

hacklschorsch commented Oct 31, 2022

This includes / obsoletes #121.

@hacklschorsch
Copy link
Copy Markdown
Collaborator

hacklschorsch commented Oct 31, 2022
edited
Loading

I like the description of this MR a lot. At least the upper half of it would be a great permanent addition the the PaymentServer documentation IMHO

@exarkun
Copy link
Copy Markdown
Collaborator Author

exarkun commented Oct 31, 2022

I'm happy enough with this now. Assuming testing on staging goes well I'll merge it without further changes.

@exarkun
Copy link
Copy Markdown
Collaborator Author

exarkun commented Nov 2, 2022

This works on staging.

@exarkun exarkun merged commit a82ccda into main Nov 2, 2022
@exarkun exarkun deleted the 240.stripe-webhook-and-payment-intents branch November 2, 2022 15:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hacklschorsch hacklschorsch hacklschorsch approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@exarkun @hacklschorsch @wuan