humhub-modules/donations
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6cda47760ec0c13b19af7d29e7c94143d0bd6a69
donations/services/providers/StripeWebhookService.php

236 lines
9.1 KiB
PHP
Raw Blame History

<?php
namespace humhub\modules\donations\services\providers;
use humhub\modules\donations\models\DonationProviderConfig;
use humhub\modules\donations\models\DonationSubscription;
use humhub\modules\donations\models\DonationTransaction;
use humhub\modules\donations\models\DonationWebhookEvent;
use humhub\modules\donations\services\DonationSettlementService;
use Yii;
class StripeWebhookService
{
public function process(string $payload, string $signatureHeader, ?DonationProviderConfig $providerConfig = null): array
{
$event = json_decode($payload, true);
if (!is_array($event) || empty($event['id']) || empty($event['type'])) {
return ['ok' => false, 'status' => 400, 'message' => 'Invalid payload'];
}
$eventId = (string)$event['id'];
$eventType = (string)$event['type'];
$existing = DonationWebhookEvent::findOne([
'provider' => 'stripe',
'provider_event_id' => $eventId,
]);
if ($existing instanceof DonationWebhookEvent) {
return ['ok' => true, 'status' => 200, 'message' => 'Already processed'];
}
if (!$this->verifySignatureForConfig($payload, $signatureHeader, $providerConfig)) {
return ['ok' => false, 'status' => 400, 'message' => 'Signature verification failed'];
}
$record = new DonationWebhookEvent();
$record->provider = 'stripe';
$record->provider_event_id = $eventId;
$record->event_type = $eventType;
$record->payload_json = $payload;
$record->is_processed = 0;
if (!$record->save()) {
Yii::error($record->getErrors(), 'donations.webhook.stripe.record');
return ['ok' => false, 'status' => 500, 'message' => 'Could not record webhook event'];
}
$this->applyEvent($event);
$record->is_processed = 1;
$record->processed_at = date('Y-m-d H:i:s');
$record->save(false);
return ['ok' => true, 'status' => 200, 'message' => 'Processed'];
}
private function applyEvent(array $event): void
{
$type = (string)($event['type'] ?? '');
$object = $event['data']['object'] ?? [];
if (!is_array($object)) {
return;
}
if ($type === 'checkout.session.completed') {
$this->handleCheckoutCompleted($object);
return;
}
if ($type === 'checkout.session.expired') {
$sessionId = (string)($object['id'] ?? '');
if ($sessionId !== '') {
$transaction = DonationTransaction::findOne(['provider_checkout_id' => $sessionId, 'provider' => 'stripe']);
if ($transaction instanceof DonationTransaction && $transaction->status === DonationTransaction::STATUS_PENDING) {
$transaction->status = DonationTransaction::STATUS_CANCELLED;
$transaction->save(false);
}
}
return;
}
if ($type === 'payment_intent.payment_failed') {
$paymentIntentId = (string)($object['id'] ?? '');
if ($paymentIntentId !== '') {
$transaction = DonationTransaction::findOne(['provider_payment_id' => $paymentIntentId, 'provider' => 'stripe']);
if ($transaction instanceof DonationTransaction) {
$transaction->status = DonationTransaction::STATUS_FAILED;
$transaction->save(false);
}
}
return;
}
if ($type === 'charge.refunded') {
$paymentIntentId = (string)($object['payment_intent'] ?? '');
if ($paymentIntentId !== '') {
$transaction = DonationTransaction::findOne(['provider_payment_id' => $paymentIntentId, 'provider' => 'stripe']);
if ($transaction instanceof DonationTransaction) {
$settlement = new DonationSettlementService();
$settlement->markRefundedAndRevert($transaction, [
'stripe_refunded_at' => date('c'),
]);
}
}
return;
}
if ($type === 'customer.subscription.deleted') {
$subscriptionId = (string)($object['id'] ?? '');
if ($subscriptionId !== '') {
$subscription = DonationSubscription::findOne(['provider' => 'stripe', 'provider_subscription_id' => $subscriptionId]);
if ($subscription instanceof DonationSubscription) {
$subscription->status = 'cancelled';
$subscription->cancelled_at = date('Y-m-d H:i:s');
$subscription->save(false);
}
}
}
}
private function handleCheckoutCompleted(array $session): void
{
$metadata = (array)($session['metadata'] ?? []);
$transactionId = (int)($metadata['transaction_id'] ?? 0);
$transaction = null;
if ($transactionId > 0) {
$transaction = DonationTransaction::findOne(['id' => $transactionId, 'provider' => 'stripe']);
}
if (!$transaction instanceof DonationTransaction) {
$sessionId = (string)($session['id'] ?? '');
if ($sessionId !== '') {
$transaction = DonationTransaction::findOne(['provider_checkout_id' => $sessionId, 'provider' => 'stripe']);
}
}
if (!$transaction instanceof DonationTransaction) {
return;
}
$transaction->provider_checkout_id = (string)($session['id'] ?? $transaction->provider_checkout_id);
$transaction->provider_payment_id = (string)($session['payment_intent'] ?? $transaction->provider_payment_id);
$transaction->provider_subscription_id = (string)($session['subscription'] ?? $transaction->provider_subscription_id);
$transaction->provider_customer_id = (string)($session['customer'] ?? $transaction->provider_customer_id);
$settlement = new DonationSettlementService();
$settlement->markSucceededAndApply($transaction, [
'stripe_checkout_completed_at' => date('c'),
]);
if ($transaction->mode === 'recurring' && !empty($transaction->provider_subscription_id)) {
$subscription = DonationSubscription::findOne([
'provider' => 'stripe',
'provider_subscription_id' => $transaction->provider_subscription_id,
]);
if (!$subscription instanceof DonationSubscription) {
$subscription = new DonationSubscription();
$subscription->contentcontainer_id = $transaction->contentcontainer_id;
$subscription->donor_user_id = $transaction->donor_user_id;
$subscription->provider = 'stripe';
$subscription->provider_subscription_id = $transaction->provider_subscription_id;
$subscription->goal_id = $transaction->goal_id;
}
$subscription->status = 'active';
$subscription->amount = $transaction->amount;
$subscription->currency = $transaction->currency;
$subscription->interval_unit = 'month';
$subscription->interval_count = 1;
$subscription->save(false);
}
}
private function verifySignatureForConfig(string $payload, string $signatureHeader, ?DonationProviderConfig $providerConfig = null): bool
{
if ($providerConfig instanceof DonationProviderConfig) {
$secret = trim(ProviderCredentialResolver::resolveStripeWebhookSecret($providerConfig));
return $secret !== '' && $this->verifySignature($payload, $signatureHeader, $secret);
}
$configs = DonationProviderConfig::find()
->where(['stripe_enabled' => 1])
->andWhere(['not', ['stripe_webhook_secret' => null]])
->all();
foreach ($configs as $config) {
$secret = trim(ProviderCredentialResolver::resolveStripeWebhookSecret($config));
if ($secret !== '' && $this->verifySignature($payload, $signatureHeader, $secret)) {
return true;
}
}
return false;
}
private function verifySignature(string $payload, string $signatureHeader, string $secret): bool
{
if ($signatureHeader === '') {
return false;
}
$parts = [];
foreach (explode(',', $signatureHeader) as $segment) {
$kv = explode('=', trim($segment), 2);
if (count($kv) === 2) {
$parts[$kv[0]][] = $kv[1];
}
}
$timestamp = $parts['t'][0] ?? null;
$signatures = $parts['v1'] ?? [];
if ($timestamp === null || empty($signatures)) {
return false;
}
$signedPayload = $timestamp . '.' . $payload;
$expected = hash_hmac('sha256', $signedPayload, $secret);
$ts = (int)$timestamp;
if ($ts > 0 && abs(time() - $ts) > 600) {
return false;
}
foreach ($signatures as $signature) {
if (hash_equals($expected, (string)$signature)) {
return true;
}
}
return false;
}
}
Reference in New Issue View Git Blame Copy Permalink