wip: save point

processor/src/config/config.ts

@@ -17,6 +17,7 @@ export const config = {
   paypalClientId: process.env.PAYPAL_CLIENT_ID || 'xxx',
   paypalClientSecret: process.env.PAYPAL_CLIENT_SECRET || 'xxxx',
   paypalEnvironment: process.env.PAYPAL_ENVIRONMENT || 'test',
+  paypalWebhookId: process.env.PAYPAL_WEBHOOK_ID || '',
 
   // Payment Providers config
   returnUrl: process.env.RETURN_URL,

processor/src/libs/fastify/hooks/paypal-webhook-verification.ts

@@ -1,16 +1,47 @@
 import { PaypalAPI } from '../../../clients/paypal.client';
-import { config } from '../../../config/config';
 import { FastifyRequest } from 'fastify';
 import { ErrorAuthErrorResponse } from '@commercetools/connect-payments-sdk';
 import { NotificationPayloadDTO } from '../../../dtos/paypal-payment.dto';
+import { IncomingHttpHeaders } from 'http';
+import { config } from '../../../config/config';
 
 export class WebhookVerificationHook {
-  constructor() {}
+  paypalClient: PaypalAPI;
+  constructor() {
+    this.paypalClient = new PaypalAPI();
+  }
 
   public authenticate() {
     return async (request: FastifyRequest) => {
       const data = request.body as NotificationPayloadDTO;
-      // implement
+      if (!data.resource) {
+        throw new ErrorAuthErrorResponse('Unexpected payload');
+      }
+
+      const verifyNotificationPayload = {
+        auth_algo: this.verifyHeader(request.headers, 'paypal-auth-algo'),
+        cert_url: this.verifyHeader(request.headers, 'paypal-cert-url'),
+        transmission_id: this.verifyHeader(request.headers, 'paypal-transmission-id'),
+        transmission_sig: this.verifyHeader(request.headers, 'paypal-transmission-sig'),
+        transmission_time: this.verifyHeader(request.headers, 'paypal-transmission-time'),
+        webhook_id: config.paypalWebhookId,
+        webhook_event: data,
+      };
+
+      const validator = await this.paypalClient.verifyNotification(verifyNotificationPayload);
+      if (validator.verification_status === 'FAILURE') {
+        throw new ErrorAuthErrorResponse('Webhook signature is not valid');
+      }
     };
   }
-}
+
+  private verifyHeader(headers: IncomingHttpHeaders, key: string): string {
+    const value = headers[key];
+
+    if (!value || Array.isArray(value)) {
+      throw new Error('Could not retrieve correct header');
+    }
+
+    return value;
+  }
+}

processor/src/routes/paypal-payment.route.ts

@@ -14,10 +14,12 @@ import {
   NotificationPayload,
 } from '../dtos/paypal-payment.dto';
 import { PaypalPaymentService } from '../services/paypal-payment.service';
+import { WebhookVerificationHook } from '../libs/fastify/hooks/paypal-webhook-verification';
 
 type PaymentRoutesOptions = {
   paymentService: PaypalPaymentService;
   sessionAuthHook: SessionAuthenticationHook;
+  signatureAuthHook: WebhookVerificationHook;
 };
 
 export const paymentRoutes = async (fastify: FastifyInstance, opts: FastifyPluginOptions & PaymentRoutesOptions) => {
@@ -71,7 +73,7 @@ export const paymentRoutes = async (fastify: FastifyInstance, opts: FastifyPlugi
   }>(
     '/notifications',
     {
-      preHandler: [],
+      preHandler: [opts.signatureAuthHook.authenticate()],
       schema: {
         body: NotificationPayload,
       },

processor/src/server/app.ts

@@ -1,3 +1,4 @@
+import { WebhookVerificationHook } from '../libs/fastify/hooks/paypal-webhook-verification';
 import { paymentSDK } from '../payment-sdk';
 import { PaypalPaymentService } from '../services/paypal-payment.service';
 
@@ -10,4 +11,7 @@ export const app = {
   services: {
     paymentService,
   },
+  hooks: {
+    signatureAuthHook: new WebhookVerificationHook(),
+  },
 };

processor/src/server/plugins/paypal-payment.plugin.ts

@@ -7,5 +7,6 @@ export default async function (server: FastifyInstance) {
   await server.register(paymentRoutes, {
     paymentService: app.services.paymentService,
     sessionAuthHook: paymentSDK.sessionAuthHookFn,
+    signatureAuthHook: app.hooks.signatureAuthHook,
   });
 }

processor/src/services/converters/notification.converter.ts

@@ -34,7 +34,15 @@ export class NotificationConverter {
           amount: this.convertAmount(item.resource),
           interactionId: item.resource.id,
         };
+      case NotificationEventType.PAYMENT_CAPTURE_REVERSED:
+        return {
+          type: COCOTransactionTypes.CHARGE,
+          state: COCOTransactionStates.SUCCESS,
+          amount: this.convertAmount(item.resource),
+          interactionId: item.resource.id,
+        };
       default:
+        // TODO: improve this error handling
         throw new Error('Unsupported');
     }
   }