Created
September 6, 2017 21:42
-
-
Save brianhogg/29f15d00e969d8bee07df364b204714f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class EDD_Paddle_Webhook_Handler extends EDD_Webhook_Handler { | |
function get_hook_id() { | |
return 'paddle'; | |
} | |
function get_hook_name() { | |
return 'Paddle'; | |
} | |
function get_endpoint_args() { | |
return array( | |
'alert_name' => array( | |
'required' => true, | |
), | |
'p_signature' => array( | |
'required' => true, | |
), | |
'email' => array( | |
'required' => true, | |
) | |
); | |
} | |
function verify_webhook_params( $params ) { | |
if ( ! is_array( $params ) or 'payment_succeeded' != $params['alert_name'] ) | |
return false; | |
return true; | |
} | |
function get_buyer_email_address( $params ) { | |
return sanitize_text_field( $params['email'] ); | |
} | |
function get_order_id( $params ) { | |
return sanitize_text_field( $params['order_id'] ); | |
} | |
function get_item_id( $params ) { | |
return sanitize_text_field( $params['p_product_id'] ); | |
} | |
function get_item_price( $params ) { | |
return $params['sale_gross'] - $params['payment_tax']; | |
} | |
function get_item_tax( $params ) { | |
return $params['payment_tax']; | |
} | |
function get_public_key() { | |
// NOTE: Ensure there is no spacing on the left of each line of your public key | |
return '-----BEGIN PUBLIC KEY----- | |
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA125r975+OmZ67/b0T0fN | |
4Ye6diPZZghFGal3czs/zqi8cq4T7gW63N1AtXTSmIIC+PTnCAXJP5f+ymb0ixQB | |
... | |
8oYyPdOjZ1hHUz2a4nAq+ty3lNFaQE/9vbv8YP30LRmoB3ON88mLL2JTI8W68wqr | |
ECgBp9p2k2vv9gGqsfBXJHUCAwEAAQ== | |
-----END PUBLIC KEY-----'; | |
} | |
/** | |
* Verifies the request is coming from Paddle | |
* | |
* @param $request WP_REST_Request | |
* @return bool | |
*/ | |
function verify_request( $request ) { | |
// Get the p_signature parameter & base64 decode it. | |
$signature = base64_decode( $request->get_param( 'p_signature' ) ); | |
// Get the fields sent in the request, and remove the p_signature parameter | |
$fields = $request->get_params(); | |
unset( $fields['p_signature'] ); | |
// ksort() and serialize the fields | |
ksort( $fields ); | |
foreach ( $fields as $k => $v ) { | |
if ( ! in_array( gettype( $v ), array( 'object', 'array' ) ) ) { | |
$fields[$k] = "$v"; | |
} | |
} | |
$data = serialize( $fields ); | |
// Veirfy the signature | |
$verification = openssl_verify( $data, $signature, $this->get_public_key(), OPENSSL_ALGO_SHA1 ); | |
if ( $verification == 1 ) { | |
return true; | |
} | |
return false; | |
} | |
} | |
$GLOBALS['edd_webhook_handler'] = new EDD_Paddle_Webhook_Handler(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment