Skip to content

Instantly share code, notes, and snippets.

@brianhogg

brianhogg/edd-paddle-webhook-handler.php

Created September 6, 2017 21:42
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save brianhogg/29f15d00e969d8bee07df364b204714f to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save brianhogg/29f15d00e969d8bee07df364b204714f to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. brianhogg revised this gist Sep 6, 2017. 1 changed file with 0 additions and 2 deletions.
    2 changes: 0 additions & 2 deletions edd-paddle-webhook-handler.php
    View file
    Original file line number Diff line number Diff line change
    @@ -1,5 +1,3 @@
    <?php

    class EDD_Paddle_Webhook_Handler extends EDD_Webhook_Handler {
    function get_hook_id() {
    return 'paddle';
  2. brianhogg created this gist Sep 6, 2017.
    96 changes: 96 additions & 0 deletions edd-paddle-webhook-handler.php
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,96 @@
    <?php

    class EDD_Paddle_Webhook_Handler extends EDD_Webhook_Handler {
    function get_hook_id() {
    return 'paddle';
    }

    function get_hook_name() {
    return 'Paddle';
    }

    function get_endpoint_args() {
    return array(
    'alert_name' => array(
    'required' => true,
    ),
    'p_signature' => array(
    'required' => true,
    ),
    'email' => array(
    'required' => true,
    )
    );
    }

    function verify_webhook_params( $params ) {
    if ( ! is_array( $params ) or 'payment_succeeded' != $params['alert_name'] )
    return false;
    return true;
    }

    function get_buyer_email_address( $params ) {
    return sanitize_text_field( $params['email'] );
    }

    function get_order_id( $params ) {
    return sanitize_text_field( $params['order_id'] );
    }

    function get_item_id( $params ) {
    return sanitize_text_field( $params['p_product_id'] );
    }

    function get_item_price( $params ) {
    return $params['sale_gross'] - $params['payment_tax'];
    }

    function get_item_tax( $params ) {
    return $params['payment_tax'];
    }

    function get_public_key() {
    // NOTE: Ensure there is no spacing on the left of each line of your public key
    return '-----BEGIN PUBLIC KEY-----
    MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA125r975+OmZ67/b0T0fN
    4Ye6diPZZghFGal3czs/zqi8cq4T7gW63N1AtXTSmIIC+PTnCAXJP5f+ymb0ixQB
    ...
    8oYyPdOjZ1hHUz2a4nAq+ty3lNFaQE/9vbv8YP30LRmoB3ON88mLL2JTI8W68wqr
    ECgBp9p2k2vv9gGqsfBXJHUCAwEAAQ==
    -----END PUBLIC KEY-----';
    }

    /**
    * Verifies the request is coming from Paddle
    *
    * @param $request WP_REST_Request
    * @return bool
    */
    function verify_request( $request ) {
    // Get the p_signature parameter & base64 decode it.
    $signature = base64_decode( $request->get_param( 'p_signature' ) );

    // Get the fields sent in the request, and remove the p_signature parameter
    $fields = $request->get_params();
    unset( $fields['p_signature'] );

    // ksort() and serialize the fields
    ksort( $fields );
    foreach ( $fields as $k => $v ) {
    if ( ! in_array( gettype( $v ), array( 'object', 'array' ) ) ) {
    $fields[$k] = "$v";
    }
    }
    $data = serialize( $fields );

    // Veirfy the signature
    $verification = openssl_verify( $data, $signature, $this->get_public_key(), OPENSSL_ALGO_SHA1 );
    if ( $verification == 1 ) {
    return true;
    }

    return false;
    }
    }

    $GLOBALS['edd_webhook_handler'] = new EDD_Paddle_Webhook_Handler();