Verify Stripe callbacks

2022-07-21 13:48:56 +01:00 · 2022-07-21 13:48:56 +01:00 · ae8da03c3c
parent c14c94f6f6
commit ae8da03c3c
1 changed files with 17 additions and 1 deletions
--- a/core/views.py
+++ b/core/views.py
@ -4,10 +4,11 @@ from datetime import datetime
 import stripe
 from django.conf import settings
 from django.contrib.auth.mixins import LoginRequiredMixin
-from django.http import JsonResponse
+from django.http import HttpResponse, JsonResponse
 from django.shortcuts import redirect, render
 from django.urls import reverse, reverse_lazy
 from django.views import View
+from django.views.decorators.csrf import csrf_exempt
 from django.views.generic.edit import CreateView
 from rest_framework.parsers import JSONParser
 from rest_framework.views import APIView
@ -74,7 +75,22 @@ class Portal(LoginRequiredMixin, View):
 class Callback(APIView):
    parser_classes = [JSONParser]

+    @csrf_exempt
    def post(self, request):
+        payload = request.body
+        sig_header = request.META["HTTP_STRIPE_SIGNATURE"]
+
+        try:
+            stripe.Webhook.construct_event(
+                payload, sig_header, settings.STRIPE_ENDPOINT_SECRET
+            )
+        except ValueError:
+            # Invalid payload
+            return HttpResponse(status=400)
+        except stripe.error.SignatureVerificationError:
+            # Invalid signature
+            return HttpResponse(status=400)
+
        pp.pprint(request.data)
        if request.data is None:
            return JsonResponse({"success": False}, status=500)