From 0543b3a6a39029b6dd6adece0224c7abe1ea8e05 Mon Sep 17 00:00:00 2001
From: Rimian Perkins <hello@rimian.com.au>
Date: Mon, 13 Jan 2020 11:10:06 +1100
Subject: [PATCH] basic hook

---
 app/controllers/hooks_controller.rb    | 19 +++++++++++++++++++
 config/locales/client.en.yml           |  1 +
 config/settings.yml                    |  3 +++
 spec/requests/hooks_controller_spec.rb | 12 +++++++++++-
 4 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/app/controllers/hooks_controller.rb b/app/controllers/hooks_controller.rb
index 926f01d..9245d11 100644
--- a/app/controllers/hooks_controller.rb
+++ b/app/controllers/hooks_controller.rb
@@ -3,6 +3,25 @@
 module DiscourseSubscriptions
   class HooksController < ::ApplicationController
     def create
+      begin
+
+        # payload, sig_header, endpoint_secret
+        event = ::Stripe::Webhook.construct_event(
+          {},
+          'stripe-webhook-signature',
+          'endpoint_secret'
+        )
+
+      rescue JSON::ParserError => e
+        # Invalid payload
+        status 400
+        return
+      rescue Stripe::SignatureVerificationError => e
+        # Invalid signature
+        status 400
+        return
+      end
+
       head 200
     end
   end
diff --git a/config/locales/client.en.yml b/config/locales/client.en.yml
index c23a3a2..bd162e6 100644
--- a/config/locales/client.en.yml
+++ b/config/locales/client.en.yml
@@ -4,6 +4,7 @@ en:
     discourse_subscriptions_extra_nav_subscribe: Show the subscribe button in the primary navigation
     discourse_subscriptions_public_key: Stripe Publishable Key
     discourse_subscriptions_secret_key: Stripe Secret Key
+    discourse_subscriptions_webhook_secret: Stripe Webhook Secret
     discourse_subscriptions_currency: Default Currency Code. This can be overridden when creating a subscription plan.
     discourse_subscriptions_allow_payments: Allow single payments
     errors:
diff --git a/config/settings.yml b/config/settings.yml
index 0ed6c2e..fd3975c 100644
--- a/config/settings.yml
+++ b/config/settings.yml
@@ -10,6 +10,9 @@ plugins:
   discourse_subscriptions_secret_key:
     default: ''
     client: false
+  discourse_subscriptions_webhook_secret:
+    default: ''
+    client: false
   discourse_subscriptions_allow_payments:
     default: false
     client: true
diff --git a/spec/requests/hooks_controller_spec.rb b/spec/requests/hooks_controller_spec.rb
index f7687d8..6cf5083 100644
--- a/spec/requests/hooks_controller_spec.rb
+++ b/spec/requests/hooks_controller_spec.rb
@@ -4,8 +4,18 @@ require 'rails_helper'
 
 module DiscourseSubscriptions
   RSpec.describe HooksController do
-    it "responds ok" do
+    it "contructs a webhook event" do
+      ::Stripe::Webhook
+        .expects(:construct_event)
+        .with({}, 'stripe-webhook-signature', 'endpoint_secret')
+        .returns(true)
+
+      headers = {
+        'HTTP_STRIPE_SIGNATURE' => 'stripe-webhook-signature'
+      }
+
       post "/s/hooks.json"
+
       expect(response.status).to eq 200
     end
   end