Implement multi-tenancy support with OAuth2 authentication for tenant admins, Stripe integration for event purchases and credits ledger, new Filament resources for event purchases, updated API routes and middleware for tenant isolation and token guarding, added factories/seeders/migrations for new models (Tenant, EventPurchase, OAuth entities, etc.), enhanced tests, and documentation updates. Removed outdated DemoAchievementsSeeder.
This commit is contained in:
91
app/Http/Controllers/StripeWebhookController.php
Normal file
91
app/Http/Controllers/StripeWebhookController.php
Normal file
@@ -0,0 +1,91 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Controllers;
|
||||
|
||||
use App\Models\EventPurchase;
|
||||
use App\Models\Tenant;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
use Illuminate\Support\Facades\Log;
|
||||
|
||||
class StripeWebhookController extends Controller
|
||||
{
|
||||
public function handle(Request $request)
|
||||
{
|
||||
$payload = $request->getContent();
|
||||
$sig = $request->header('Stripe-Signature');
|
||||
$secret = config('services.stripe.webhook');
|
||||
|
||||
if (!$secret || !$sig) {
|
||||
abort(400, 'Missing signature');
|
||||
}
|
||||
|
||||
$expectedSig = 'v1=' . hash_hmac('sha256', $payload, $secret);
|
||||
|
||||
if (!hash_equals($expectedSig, $sig)) {
|
||||
abort(400, 'Invalid signature');
|
||||
}
|
||||
|
||||
$event = json_decode($payload, true);
|
||||
|
||||
if (json_last_error() !== JSON_ERROR_NONE) {
|
||||
Log::error('Invalid JSON in Stripe webhook: ' . json_last_error_msg());
|
||||
return response('', 200);
|
||||
}
|
||||
|
||||
if ($event['type'] === 'checkout.session.completed') {
|
||||
$session = $event['data']['object'];
|
||||
$receiptId = $session['id'];
|
||||
|
||||
// Idempotency check
|
||||
if (EventPurchase::where('external_receipt_id', $receiptId)->exists()) {
|
||||
return response('', 200);
|
||||
}
|
||||
|
||||
$tenantId = $session['metadata']['tenant_id'] ?? null;
|
||||
|
||||
if (!$tenantId) {
|
||||
Log::warning('No tenant_id in Stripe metadata', ['receipt_id' => $receiptId]);
|
||||
// Dispatch job for retry or manual resolution
|
||||
\App\Jobs\ValidateStripeWebhookJob::dispatch($payload, $sig);
|
||||
return response('', 200);
|
||||
}
|
||||
|
||||
$tenant = Tenant::find($tenantId);
|
||||
|
||||
if (!$tenant) {
|
||||
Log::error('Tenant not found for Stripe webhook', ['tenant_id' => $tenantId]);
|
||||
\App\Jobs\ValidateStripeWebhookJob::dispatch($payload, $sig);
|
||||
return response('', 200);
|
||||
}
|
||||
|
||||
$amount = $session['amount_total'] / 100;
|
||||
$currency = $session['currency'];
|
||||
$eventsPurchased = (int) ($session['metadata']['events_purchased'] ?? 1);
|
||||
|
||||
DB::transaction(function () use ($tenant, $amount, $currency, $eventsPurchased, $receiptId) {
|
||||
$purchase = EventPurchase::create([
|
||||
'tenant_id' => $tenant->id,
|
||||
'events_purchased' => $eventsPurchased,
|
||||
'amount' => $amount,
|
||||
'currency' => $currency,
|
||||
'provider' => 'stripe',
|
||||
'external_receipt_id' => $receiptId,
|
||||
'status' => 'completed',
|
||||
'purchased_at' => now(),
|
||||
]);
|
||||
|
||||
$tenant->incrementCredits($eventsPurchased, 'purchase', null, $purchase->id);
|
||||
});
|
||||
|
||||
Log::info('Processed Stripe purchase', ['receipt_id' => $receiptId, 'tenant_id' => $tenantId]);
|
||||
} else {
|
||||
// For other event types, log or dispatch job if needed
|
||||
Log::info('Unhandled Stripe event', ['type' => $event['type']]);
|
||||
// Optionally dispatch job for processing other events
|
||||
\App\Jobs\ValidateStripeWebhookJob::dispatch($payload, $sig);
|
||||
}
|
||||
|
||||
return response('', 200);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user