Fix Webhook Signature Validation

Author: Medboubazine

src/Api/Webhook.php

@@ -4,6 +4,7 @@
 
 use Chargily\ChargilyPay\Core\Abstracts\ApiClassesAbstract;
 use Chargily\ChargilyPay\Core\Helpers\Carbon;
+use Chargily\ChargilyPay\Core\Helpers\HttpRequest;
 use Chargily\ChargilyPay\Core\Helpers\Str;
 use Chargily\ChargilyPay\Core\Interfaces\ApiClassesInterface;
 use Chargily\ChargilyPay\Core\Traits\GuzzleHttpTrait;
@@ -19,14 +20,12 @@ final class Webhook extends ApiClassesAbstract implements ApiClassesInterface
      */
     public function get(): ?WebhookElement
     {
-        $headers = getallheaders();
-        $signature = isset($headers['signature']) ? $headers['signature'] : "";
-        $signature = (empty($signature) and isset($headers['Signature'])) ? $headers['Signature'] : "";
+        $signature = HttpRequest::header("Signature") ?? "";
+        $payload = HttpRequest::body() ?? "";
 
-        $payload = file_get_contents('php://input');
-        $computed = hash_hmac('sha256', $payload, $this->credentials->secret);
-        if (hash_equals($signature, $computed)) {
+        $computed_signature = hash_hmac('sha256', $payload, $this->credentials->secret);
 
+        if (hash_equals($signature, $computed_signature)) {
             $event = json_decode($payload, true);
             return $this->newElement($event);
         }

src/Core/Abstracts/ElementsAbstract.php

@@ -71,4 +71,22 @@ public function methods()
     {
         return $this->methods;
     }
+    /**
+     * Attributes To arrray
+     *
+     * @return string|null
+     */
+    public function toArray()
+    {
+        return $this->all();
+    }
+    /**
+     * Attributes To json
+     *
+     * @return string|null
+     */
+    public function toJson(): ?string
+    {
+        return json_encode($this->toArray()) ?? null;
+    }
 }

src/Core/Helpers/HttpRequest.php

@@ -0,0 +1,73 @@
+<?php
+
+namespace Chargily\ChargilyPay\Core\Helpers;
+
+class HttpRequest
+{
+    /**
+     * Cache headers
+     *
+     * @var array|null
+     */
+    protected static ?array  $headers = null;
+
+    /**
+     * Get current request headers
+     *
+     * @return array
+     */
+    public static function headers(): array
+    {
+        if (static::$headers) {
+            return static::$headers;
+        }
+        $server_headers = [];
+        foreach ($_SERVER as $key => $value) {
+            if (Str::startsWith($key, "HTTP_")) {
+                $header_name = Str::lower(Str::replace(['HTTP_', "_"], ['', '-'], $key));
+                $header_name = ucwords($header_name, '-');
+
+                $server_headers[$header_name] = $value;
+            }
+        }
+
+        return static::$headers = $server_headers;
+    }
+    /**
+     * get header
+     *
+     * @param string $name
+     * @return string|null
+     */
+    public static function header(string $name): ?string
+    {
+        $headers = self::headers();
+
+        return $headers[$name] ?? null;
+    }
+    /**
+     * Get request data
+     *
+     * @return array|null
+     */
+    public static function data(): array
+    {
+        if (!empty($_GET)) {
+            return $_GET;
+        }
+        if (!empty($_POST)) {
+            return $_POST;
+        }
+        return [];
+    }
+    /**
+     * Body
+     *
+     * @return string|null
+     */
+    public static function body(): ?string
+    {
+        $body = file_get_contents('php://input');
+        return (!empty($body)) ? $body : null;
+    }
+}