fix: make stripe webhooks explicitly toggleable with mandatory secret validation (#23)

Co-authored-by: userAdityaa <aditya.chaudhary1558@gmail.com> Co-committed-by: userAdityaa <aditya.chaudhary1558@gmail.com>
2026-04-17 22:57:37 +00:00
parent 87dcf53d74
commit 44f9928070
11 changed files with 145 additions and 41 deletions
@@ -139,7 +139,7 @@ impl Api {
            api: Arc::new(self),
        };

-        Router::new()
+        let router = Router::new()
            .route("/identity", get(get_identity))
            .route("/plans", get(list_plans))
            .route("/plans/:id", get(get_plan))
@@ -158,8 +158,9 @@ impl Api {
                "/tenants/:pubkey/stripe/session",
                get(create_stripe_session),
            )
-            .route("/stripe/webhook", post(stripe_webhook))
-            .with_state(state)
+            .route("/stripe/webhook", post(stripe_webhook));
+
+        router.with_state(state)
    }

    fn extract_auth_pubkey(&self, headers: &HeaderMap) -> std::result::Result<String, ApiError> {