gpt4 book ai didi

javascript - 如何在node.js中验证PayPal Webhooks?

转载 作者:行者123 更新时间:2023-12-03 08:01:33 25 4
gpt4 key购买 nike

我发现了一些处理 PHP 的旧答案和 this code example ,但我不确定现在这是否已经过时,因为存储库已存档,而且我知道 PayPal 通常会转向仅使用 REST API 的方法。

如果有人可以在此处提供有关最新建议是什么以及此处 2015 年的代码现在是否已过时的更新,我会很高兴。

/* Copyright 2015-2016 PayPal, Inc. */
"use strict";

var paypal = require('../../../');
require('../../configure');

// Sends the webhook event data to PayPal to verify the webhook event signature is correct and
// the event data came from PayPal.

// Note this sample is only for illustrative purposes. You must have a valid webhook configured with your
// client ID and secret. This sample may not work due to other tests deleting and creating webhooks.

// Normally, you would pass all the HTTP request headers sent in the Webhook Event, but creating a
// JSON object here for the sample.
var certURL = "https://api.sandbox.paypal.com/v1/notifications/certs/CERT-360caa42-fca2a594-a5cafa77";
var transmissionId = "103e3700-8b0c-11e6-8695-6b62a8a99ac4";
var transmissionSignature = "t8hlRk64rpEImZMKqgtp5dlWaT1W8ed/mf8Msos341QInVn3BMQubjAhM/cKiSJtW07VwJvSX7X4+YUmHBrm5BQ+CEkClke4Yf4ouhCK6GWsfs0J8cKkmjI0XxfJpPLgjROEWY3MXorwCtbvrEo5vrRI2+TyLkquBKAlM95LbNWG43lxMu0LHzsSRUBDdt5IP1b2CKqbcEJKGrC78iw+fJEQGagkJAiv3Qvpw8F/8q7FCQAZ3c81mzTvP4ZH3Xk2/nNznEA7eMi3u1EjSpTmLfAb423ytX37Ts0QpmPNgxJe8wnMB/+fvt4xjYH6KNe+bIcYU30hUIe9O8c9UFwKuQ==";
var transmissionTimestamp = "2016-10-05T14:57:40Z";
var headers = {
'paypal-auth-algo': 'SHA256withRSA',
'paypal-cert-url': certURL,
'paypal-transmission-id': transmissionId,
'paypal-transmission-sig': transmissionSignature,
'paypal-transmission-time': transmissionTimestamp
};

// The eventBody parameter is the entire webhook event body.
var eventBody = '{"id":"WH-82L71649W50323023-5WC64761VS637831A","event_version":"1.0","create_time":"2016-10-05T14:57:40Z","resource_type":"sale","event_type":"PAYMENT.SALE.COMPLETED","summary":"Payment completed for $ 6.01 USD","resource":{"id":"8RS6210148826604N","state":"completed","amount":{"total":"6.01","currency":"USD","details":{"subtotal":"3.00","tax":"0.01","shipping":"1.00","handling_fee":"2.00","shipping_discount":"3.00"}},"payment_mode":"INSTANT_TRANSFER","protection_eligibility":"ELIGIBLE","protection_eligibility_type":"ITEM_NOT_RECEIVED_ELIGIBLE,UNAUTHORIZED_PAYMENT_ELIGIBLE","transaction_fee":{"value":"0.47","currency":"USD"},"invoice_number":"","custom":"Hello World!","parent_payment":"PAY-11X29866PC6848407K72RIQA","create_time":"2016-10-05T14:57:18Z","update_time":"2016-10-05T14:57:26Z","links":[{"href":"https://api.sandbox.paypal.com/v1/payments/sale/8RS6210148826604N","rel":"self","method":"GET"},{"href":"https://api.sandbox.paypal.com/v1/payments/sale/8RS6210148826604N/refund","rel":"refund","method":"POST"},{"href":"https://api.sandbox.paypal.com/v1/payments/payment/PAY-11X29866PC6848407K72RIQA","rel":"parent_payment","method":"GET"}]},"links":[{"href":"https://api.sandbox.paypal.com/v1/notifications/webhooks-events/WH-82L71649W50323023-5WC64761VS637831A","rel":"self","method":"GET"},{"href":"https://api.sandbox.paypal.com/v1/notifications/webhooks-events/WH-82L71649W50323023-5WC64761VS637831A/resend","rel":"resend","method":"POST"}]}';

// The webhookId is the ID of the configured webhook (can find this in the PayPal Developer Dashboard or
// by doing a paypal.webhook.list()
var webhookId = "3TR748995U920805P";

paypal.notification.webhookEvent.verify(headers, eventBody, webhookId, function (error, response) {
if (error) {
console.log(error);
throw error;
} else {
console.log(response);

// Verification status must be SUCCESS
if (response.verification_status === "SUCCESS") {
console.log("It was a success.");
} else {
console.log("It was a failed verification");
}
}
});

最佳答案

这些 SDK 是 REST API 的抽象,但不再维护,因此最好不要使用它们。

有两种可能的方法来验证 Webhook

  1. 使用 verify webhook sygnature 将消息发回 PayPal REST API 调用。您需要首先使用 client_id 和 key 获取访问 token ,与所有其他 REST API 调用相同。
  2. 亲自验证加密签名 ( Java pseudocode here )。

对于任一方法,“webhookId”(与每个 Webhook 事件 ID 不同)是 17 个字母数字,并且出于安全(反欺骗)原因,它不是 Webhook 消息本身的一部分(您可以在注册 Webhooks 或查看 REST app config 中现有的订阅 Hook 时获取它)


由于有时可能会造成混淆,因此值得一提的是,验证 Webhooks 仅供您引用 - 确认该消息确实源自 PayPal,而不是其他(恶意)参与者。

但是对于 PayPal 本身而言,要考虑已成功传递 Webhook 消息(而不是继续重试),所需要做的就是让其发布到的监听器 URL 以 HTTP 200 OK 状态进行响应。 webhook 消息传递到此结束。

关于javascript - 如何在node.js中验证PayPal Webhooks?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/73917445/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com