added default signature validator for stripe and paystack

MusahMusah · MusahMusah · commit ad62f8a41fa5 · 2023-03-26T09:29:18.000+01:00
diff --git a/src/SignatureValidator/PaystackSignatureValidator.php b/src/SignatureValidator/PaystackSignatureValidator.php
@@ -9,6 +9,13 @@ class PaystackSignatureValidator implements PaymentWebhookSignatureValidator
 {
     public function isValid(Request $request, PaymentWebhookConfig $config): bool
     {
-        // TODO: Implement isValid() method.
+        if ((! $request->isMethod(method: 'post')) || ! $request->header(key: $config->signatureHeaderName)) return false;
+
+        $requestContent = $request->getContent();
+        $signature = hash_hmac(algo: 'sha512', data: $requestContent, key: $config->signingSecret);
+
+        if ($signature !== $request->header(key: $config->signatureHeaderName)) return false;
+
+        return hash_equals(known_string: $signature, user_string: $request->header($config->signatureHeaderName));
     }
 }
diff --git a/src/SignatureValidator/StripeSignatureValidator.php b/src/SignatureValidator/StripeSignatureValidator.php
@@ -9,6 +9,13 @@ class StripeSignatureValidator implements PaymentWebhookSignatureValidator
 {
     public function isValid(Request $request, PaymentWebhookConfig $config): bool
     {
-        // TODO: Implement isValid() method.
+        if ((! $request->isMethod(method: 'post')) || ! $request->header(key: $config->signatureHeaderName)) return false;
+
+        $requestContent = $request->getContent();
+        $signature = hash_hmac(algo: 'sha256', data: $requestContent, key: $config->signingSecret);
+
+        if ($signature !== $request->header(key: $config->signatureHeaderName)) return false;
+
+        return hash_equals(known_string: $signature, user_string: $request->header($config->signatureHeaderName));
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -9,6 +9,13 @@ class PaystackSignatureValidator implements PaymentWebhookSignatureValidator`
`9`	`9`	`{`
`10`	`10`	`public function isValid(Request $request, PaymentWebhookConfig $config): bool`
`11`	`11`	`{`
`12`		`- // TODO: Implement isValid() method.`
	`12`	`+ if ((! $request->isMethod(method: 'post')) \|\| ! $request->header(key: $config->signatureHeaderName)) return false;`
	`13`	`+`
	`14`	`+ $requestContent = $request->getContent();`
	`15`	`+ $signature = hash_hmac(algo: 'sha512', data: $requestContent, key: $config->signingSecret);`
	`16`	`+`
	`17`	`+ if ($signature !== $request->header(key: $config->signatureHeaderName)) return false;`
	`18`	`+`
	`19`	`+ return hash_equals(known_string: $signature, user_string: $request->header($config->signatureHeaderName));`
`13`	`20`	`}`
`14`	`21`	`}`
Original file line number	Diff line number	Diff line change
`@@ -9,6 +9,13 @@ class StripeSignatureValidator implements PaymentWebhookSignatureValidator`
`9`	`9`	`{`
`10`	`10`	`public function isValid(Request $request, PaymentWebhookConfig $config): bool`
`11`	`11`	`{`
`12`		`- // TODO: Implement isValid() method.`
	`12`	`+ if ((! $request->isMethod(method: 'post')) \|\| ! $request->header(key: $config->signatureHeaderName)) return false;`
	`13`	`+`
	`14`	`+ $requestContent = $request->getContent();`
	`15`	`+ $signature = hash_hmac(algo: 'sha256', data: $requestContent, key: $config->signingSecret);`
	`16`	`+`
	`17`	`+ if ($signature !== $request->header(key: $config->signatureHeaderName)) return false;`
	`18`	`+`
	`19`	`+ return hash_equals(known_string: $signature, user_string: $request->header($config->signatureHeaderName));`
`13`	`20`	`}`
`14`	`21`	`}`