userAdityaa/caravel
1
1
Fork 0
forked from coracle/caravel
Code Pull Requests Activity

fix: make stripe webhooks explicitly toggleable with mandatory secret validation

Browse Source
This commit is contained in:
Aditya Chaudhary
2026-04-17 19:13:16 +05:45
parent 334f05783f
commit 5a9022bffc
11 changed files with 238 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/spec/api.md
+2 -1
View File
@@ -173,11 +173,12 @@ Notes:
## `async fn stripe_webhook(...) -> Response`
- Serves `POST /stripe/webhook`
- Serves `POST /stripe/webhook` when `STRIPE_WEBHOOKS_ENABLED=true`
- No NIP-98 authentication — uses Stripe signature verification instead
- Reads raw request body and `Stripe-Signature` header
- Calls `billing.handle_webhook(payload, signature)`
- Returns `200` on success, `400` on signature verification failure
- Route is not registered when Stripe webhooks are disabled
--- Utilities
backend/spec/billing.md
+6 -1
View File
@@ -5,6 +5,7 @@ Billing encapsulates logic related to synchronizing state with Stripe, processin
Members:
- `nwc_url: String` - a nostr wallet connect URL used to **create** bolt11 invoices (i.e. receive payments), from `NWC_URL`
- `stripe_webhooks_enabled: bool` - enables/disables Stripe webhook handling, from `STRIPE_WEBHOOKS_ENABLED`
- `stripe_webhook_secret: String` - secret for verifying Stripe webhook signatures, from `STRIPE_WEBHOOK_SECRET`
- `query: Query`
- `command: Command`
@@ -13,6 +14,10 @@ Members:
## `pub fn new(query: Query, command: Command, robot: Robot) -> Self`
- Reads environment and populates members
- Panics if `STRIPE_SECRET_KEY` is missing/empty
- Parses `STRIPE_WEBHOOKS_ENABLED` as a boolean (`true/false`, `1/0`, `yes/no`, `on/off`)
- Defaults `STRIPE_WEBHOOKS_ENABLED` to `false` in debug builds and `true` in release builds
- Panics if `STRIPE_WEBHOOK_SECRET` is missing/empty while `STRIPE_WEBHOOKS_ENABLED=true`
## `pub fn start(&self)`
@@ -33,6 +38,7 @@ Manages the Stripe subscription and subscription items for a relay's tenant. Onl
## `pub fn handle_webhook(&self, payload: &str, signature: &str) -> Result<()>`
- Returns an error when Stripe webhooks are disabled
- Verify the webhook signature using `self.stripe_webhook_secret`
- Parse the event and dispatch by type:
- `invoice.created` -> `self.handle_invoice_created`
@@ -109,4 +115,3 @@ Skip invoices with `amount_due` of 0.
- Look up tenant by `stripe_customer_id`
- Clear `stripe_subscription_id` via `command.clear_tenant_subscription`