From ac69a4f71724c2b9c48e45bb6ff03ad3ec8fe80f Mon Sep 17 00:00:00 2001
From: paulwer <paul@wer-ner.de>
Date: Thu, 28 Dec 2023 09:02:51 +0100
Subject: [PATCH] auth for webhook request with query-parameter "token"

---
 app/Http/Controllers/BrevoController.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/app/Http/Controllers/BrevoController.php b/app/Http/Controllers/BrevoController.php
index 25c328484363..e1dce175f485 100644
--- a/app/Http/Controllers/BrevoController.php
+++ b/app/Http/Controllers/BrevoController.php
@@ -61,8 +61,12 @@ class BrevoController extends BaseController
      */
     public function webhook(Request $request)
     {
-        ProcessBrevoWebhook::dispatch($request->all())->delay(10);
+        if ($request->has('token') && $request->get('token') == config('services.brevo.key')) {
+            ProcessBrevoWebhook::dispatch($request->all())->delay(10);
 
-        return response()->json(['message' => 'Success'], 200);
+            return response()->json(['message' => 'Success'], 200);
+        }
+
+        return response()->json(['message' => 'Unauthorized'], 403);
     }
 }