From 19e99f300dc20ce27fad838f78ba21c5538b2c53 Mon Sep 17 00:00:00 2001 From: cnohall Date: Wed, 11 Sep 2024 22:14:21 +0900 Subject: [PATCH] add logic about secrets --- .../BlockonomicsPaymentDriver.php | 34 ++++++++++++------- routes/api.php | 2 +- 2 files changed, 22 insertions(+), 14 deletions(-) diff --git a/app/PaymentDrivers/BlockonomicsPaymentDriver.php b/app/PaymentDrivers/BlockonomicsPaymentDriver.php index 3438c0f6bc58..77ccc318f9bb 100644 --- a/app/PaymentDrivers/BlockonomicsPaymentDriver.php +++ b/app/PaymentDrivers/BlockonomicsPaymentDriver.php @@ -18,6 +18,7 @@ use App\Models\GatewayType; use App\PaymentDrivers\Blockonomics\Blockonomics; use App\Models\SystemLog; use App\Models\Payment; +use App\Models\Gateway; use App\Models\Client; use App\Exceptions\PaymentFailed; use App\Models\PaymentType; @@ -54,16 +55,26 @@ class BlockonomicsPaymentDriver extends BaseDriver $this->api_key = $this->company_gateway->getConfigField('apiKey'); $this->callback_url = $this->company_gateway->getConfigField('callbackUrl'); $this->callback_secret = $this->company_gateway->getConfigField('callbackSecret'); - // $this->setCallbackUrl(); return $this; /* This is where you boot the gateway with your auth credentials*/ } - public function findPaymentByTxid($txid) + public function getPaymentByTxid($txid) { return Payment::whereRaw('BINARY `transaction_reference` LIKE ?', ["%txid: " . $txid])->firstOrFail(); } + public function getCallbackSecret() + { + $blockonomicsGatewayData = Gateway::find(64); + $intialData = json_decode($blockonomicsGatewayData, true); + $jsonString = $intialData['fields']; + $blockonomicsFields = json_decode($jsonString, true); + + // Access the value of callbackSecret + $callbackSecret = $blockonomicsFields['callbackSecret']; + return $callbackSecret; + } /* Returns an array of gateway types for the payment gateway */ @@ -95,27 +106,24 @@ class BlockonomicsPaymentDriver extends BaseDriver public function processWebhookRequest() { - // TODO: Figure out why init does not work - $this->init(); - $secret = $this->callback_secret; - //Match secret for security - if ($_GET['secret'] != $secret) { - echo "Invalid Secret"; - return; - } $txid = $_GET['txid']; $value = $_GET['value']; $status = $_GET['status']; $addr = $_GET['addr']; + + $payment = $this->getPaymentByTxid($txid); + $callbackSecret = $this->getCallbackSecret(); + //Match secret for security + if ($_GET['secret'] != $callbackSecret) { + throw new PaymentFailed('Secret does not match'); + return; + } // Only accept confirmed transactions if ($status != 2) { throw new PaymentFailed('Transaction not confirmed'); } - - $payment = $this->findPaymentByTxid($txid); - // $payment_hash = $this->findPaymentHashInTransactionReference($payment->transaction_reference); switch ($status) { case 0: diff --git a/routes/api.php b/routes/api.php index 04a01ba44fe3..69142df87295 100644 --- a/routes/api.php +++ b/routes/api.php @@ -12,7 +12,6 @@ */ use App\Http\Controllers\SubscriptionStepsController; use Illuminate\Support\Facades\Route; -use App\Http\Controllers\Gateways\BlockonomicsController; use App\Http\Controllers\BaseController; use App\Http\Controllers\BrevoController; use App\Http\Controllers\PingController; @@ -99,6 +98,7 @@ use App\Http\Controllers\Reports\ClientReportController; use App\Http\Controllers\Reports\CreditReportController; use App\Http\Controllers\Reports\ReportExportController; use App\Http\Controllers\Reports\VendorReportController; +use App\Http\Controllers\Gateways\BlockonomicsController; use App\Http\Controllers\Reports\ExpenseReportController; use App\Http\Controllers\Reports\InvoiceReportController; use App\Http\Controllers\Reports\PaymentReportController;