// VerifyEventWithStripe verifies the event received via webhook with Stripe
// using the ID to confirm webhook is legit - extra security step
// Note: If the stripe webhook is not Livemode then this bypasses the call to Stripe
// and uses the event we have from the original webhook.
// Without that bypass, a testmode hook would always fail this callback
func VerifyEventWithStripe(hook *stripe.Event) (*stripe.Event, error) {
if !hook.Live {
return hook, nil
}
stripe.Key = "" // your private stripe api key goes here
return event.Get(hook.ID)
}
// Webhook handles events from stripe
func Webhook(u *url.URL, h http.Header, req *stripe.Event) (int, http.Header, interface{}, error) {
// if we dont support the handler, just return success so they dont try again.
handler, err := payment.GetHandler(req.Type)
if err != nil {
return response.NewDefaultOK()
}
// get the event from stripe api again since they dont provide a way to
// authenticate incoming requests
event, err := event.Get(req.ID, nil)
if err != nil {
return response.NewBadRequest(err)
}
if err := handler(event.Data.Raw); err != nil {
return response.NewBadRequest(err)
}
return response.NewDefaultOK()
}