stripe-bundle/Controller/WebhookController.php at 1910cd77d783723bec2486bc72a65e60a07216cc · mirovskyi/stripe-bundle · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
<?php

namespace Miracode\StripeBundle\Controller;

use Miracode\StripeBundle\Event\StripeEvent;
use Miracode\StripeBundle\Stripe\StripeObjectType;
use Miracode\StripeBundle\StripeException;
use Stripe\Error\SignatureVerification;
use Stripe\Exception\SignatureVerificationException;
use Stripe\Webhook;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\EventDispatcher\EventDispatcherInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Stripe\Event as StripeEventApi;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;

class WebhookController extends AbstractController
{

    private $eventDispatcher;

    public function __construct(EventDispatcherInterface $eventDispatcher)
    {
        $this->eventDispatcher = $eventDispatcher;
    }

    /**
     * @param Request $request
     *
     * @return Response
     * @throws StripeException
     */
    public function handleAction(Request $request)
    {

        $requestData = json_decode($request->getContent());

        if (!isset($requestData->id) || !isset($requestData->object)) {
            throw new BadRequestHttpException('Invalid webhook request data');
        }

        // If event id ends with 14 zero's then it is a test webhook event. Return 200 status.
        if(substr($requestData->id, -14 ) == "00000000000000"){
            return new Response('Webhook test successful', 200);
        }

        if ($requestData->object !== StripeObjectType::EVENT) {
            throw new StripeException('Unknown stripe object type in webhook');
        }

        // Secure webhook with event signature: https://stripe.com/docs/webhooks/signatures
        $webhookSecret = $this->getParameter('miracode_stripe.webhook_secret');

        $verifySignature = $this->getParameter('verify_stripe_signature');

        if($verifySignature === true && $webhookSecret !== null) {
            $sigHeader = $request->headers->get('Stripe-Signature');
            try {
                $event = Webhook::constructEvent(
                    $request->getContent(), $sigHeader, $webhookSecret
                );
            } catch(\UnexpectedValueException $e) {
                // Invalid payload
                throw new StripeException(
                    sprintf('Invalid event payload', $requestData->id)
                );
            } catch(SignatureVerificationException $e) {
                // Invalid signature
                throw new StripeException(
                    sprintf('Invalid event signature', $requestData->id)
                );
            }
        }

        $stripeEventApi = new StripeEventApi();

        if (!$stripeEventObject = $stripeEventApi->retrieve($requestData->id)) {
            throw new StripeException(
                sprintf('Event does not exists, id %s', $requestData->id)
            );
        }

        $event = new StripeEvent($stripeEventObject);
        $this->eventDispatcher->dispatch($event, 'stripe.' . $stripeEventObject->type);

        return new Response();
    }
}