Implemented stripe webhook and updated appSettings

dLopes-SE · dLopes-SE · commit d35dec7c3767 · 2025-10-22T09:18:14.000+01:00
diff --git a/src/Abstractions/IPaymentService.cs b/src/Abstractions/IPaymentService.cs
@@ -2,4 +2,5 @@
 public interface IPaymentService
 {
   Task<string> CreatePaymentIntentAsync(int orderId, decimal ammount, CancellationToken cancellationToken);
+  Task HandleWebhookAsync(HttpRequest request);
 }
diff --git a/src/Features/Payments/Webhook/StripeEventType.cs b/src/Features/Payments/Webhook/StripeEventType.cs
@@ -0,0 +1,8 @@
+﻿namespace dotnet_qrshop.Features.Payments.Webhook;
+
+public enum StripeEventType
+{
+  CheckoutSessionCompleted,
+  PaymentIntentPaymentFailed,
+  Unknown
+}
diff --git a/src/Features/Payments/Webhook/StripeEventTypeParser.cs b/src/Features/Payments/Webhook/StripeEventTypeParser.cs
@@ -0,0 +1,14 @@
+﻿namespace dotnet_qrshop.Features.Payments.Webhook;
+
+public static class StripeEventTypeParser
+{
+  public static StripeEventType Parse(string eventType)
+  {
+    return eventType switch
+    {
+      "checkout.session.completed" => StripeEventType.CheckoutSessionCompleted,
+      "payment_intent.payment_failed" => StripeEventType.PaymentIntentPaymentFailed,
+      _ => StripeEventType.Unknown
+    };
+  }
+}
diff --git a/src/Program.cs b/src/Program.cs
@@ -14,6 +14,7 @@
 using Microsoft.AspNetCore.Identity;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.IdentityModel.Tokens;
+using Stripe;
 using System.Reflection;
 using System.Text;
 
@@ -76,6 +77,11 @@
 // Authorization
 builder.Services.AddAuthorization();
 
+// Stripe
+StripeConfiguration.ApiKey = builder.Configuration["StripeApiKey"];
+
+// Remaining Services
+
 builder.Services.AddHttpContextAccessor();
 builder.Services.AddScoped<IUserContext, UserContext>();
 builder.Services.AddScoped<ITokenProvider, TokenProvider>();
@@ -84,6 +90,7 @@
 builder.Services.AddScoped<IOrderService, OrderService>();
 builder.Services.AddScoped<IPaymentService, StripePaymentService>();
 
+// CORS
 builder.Services.AddCors(options =>
 {
   options.AddPolicy("AllowAll", policy =>
@@ -96,6 +103,7 @@
   });
 });
 
+// 
 var app = builder.Build();
 
 // Run migrations on startup (we need to ensure that db's up)
diff --git a/src/Services/StripePaymentService.cs b/src/Services/StripePaymentService.cs
@@ -1,14 +1,23 @@
 ﻿using dotnet_qrshop.Abstractions;
+using dotnet_qrshop.Features.Payments.Webhook;
 using Stripe;
 
 namespace dotnet_qrshop.Services;
 
-public class StripePaymentService(
-  IConfiguration _configuration) : IPaymentService
+public class StripePaymentService : IPaymentService
 {
+  private readonly string _apiSecretKey;
+  private readonly string _webhookSecret;
+
+  public StripePaymentService(IConfiguration configuration)
+  {
+    _apiSecretKey = configuration["Stripe:SecretKey"] ?? throw new InvalidOperationException("Stripe Api secret not configured.");
+    _webhookSecret = configuration["Stripe:WebhookSecret"] ?? throw new InvalidOperationException("Stripe Webhook secret not configured.");
+  }
+
   public async Task<string> CreatePaymentIntentAsync(int orderId, decimal amount, CancellationToken cancellationToken)
   {
-    StripeConfiguration.ApiKey = _configuration["StripeApiKey"];
+    StripeConfiguration.ApiKey = _apiSecretKey;
 
     var options = new PaymentIntentCreateOptions
     {
@@ -22,4 +31,36 @@ public async Task<string> CreatePaymentIntentAsync(int orderId, decimal amount,
 
     return paymentIntent.ClientSecret;
   }
+
+  public async Task HandleWebhookAsync(HttpRequest request)
+  {
+    var json = await new StreamReader(request.Body).ReadToEndAsync();
+    Event stripeEvent;
+
+    try
+    {
+      stripeEvent = EventUtility.ConstructEvent(
+        json,
+        request.Headers["Stripe-Signature"],
+        _webhookSecret
+      );
+    }
+    catch (StripeException e)
+    {
+      // logger.LogError(e, "⚠️ Webhook signature verification failed."); TODO DYLAN: Add Logger
+      throw new BadHttpRequestException("Invalid signature");
+    }
+
+    var parsedEvent = StripeEventTypeParser.Parse(stripeEvent.Type);
+
+    switch (parsedEvent)
+    {
+      case StripeEventType.CheckoutSessionCompleted:
+        // handle
+        break;
+      case StripeEventType.PaymentIntentPaymentFailed:
+        // handle
+        break;
+    }
+  }
 }
diff --git a/src/appsettings.json b/src/appsettings.json
@@ -15,5 +15,9 @@
     "Audience": "ApplicationUser",
     "ExpirationInMinutes": 60
   },
-  "StripeApiKey": "..."
+  "Stripe": {
+    "SecretKey": "...",
+    "WebhookSecret":  "..."
+
+  }
 }
diff --git a/src/dotnet-qrshop.csproj b/src/dotnet-qrshop.csproj
@@ -84,7 +84,7 @@
     </PackageReference>
     <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="9.0.4" />
     <PackageReference Include="Scrutor" Version="6.0.1" />
-    <PackageReference Include="Stripe.net" Version="48.5.0" />
+    <PackageReference Include="Stripe.net" Version="49.0.0" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="8.1.1" />
     <PackageReference Include="System.Collections" Version="4.3.0" />
   </ItemGroup>

Original file line number	Diff line number	Diff line change
`@@ -2,4 +2,5 @@`
`2`	`2`	`public interface IPaymentService`
`3`	`3`	`{`
`4`	`4`	`Task<string> CreatePaymentIntentAsync(int orderId, decimal ammount, CancellationToken cancellationToken);`
	`5`	`+ Task HandleWebhookAsync(HttpRequest request);`
`5`	`6`	`}`