$event */ public function handle(array $event): bool { $eventType = $event['event_type'] ?? null; $resource = $event['resource'] ?? null; if (! is_string($eventType) || ! is_array($resource)) { return false; } $orderId = $this->resolveOrderId($eventType, $resource); $session = $this->locateSession($orderId, $resource); if (! $session) { Log::info('[PayPalWebhook] session not resolved', [ 'event_type' => $eventType, 'order_id' => $orderId, ]); return false; } $lockKey = 'checkout:webhook:paypal:'.($orderId ?: $session->id); $lock = Cache::lock($lockKey, 30); if (! $lock->get()) { Log::info('[PayPalWebhook] lock busy', [ 'order_id' => $orderId, 'session_id' => $session->id, ]); return true; } try { if ($orderId && $session->paypal_order_id !== $orderId) { $session->forceFill([ 'paypal_order_id' => $orderId, 'provider' => CheckoutSession::PROVIDER_PAYPAL, ])->save(); } elseif ($session->provider !== CheckoutSession::PROVIDER_PAYPAL) { $session->forceFill(['provider' => CheckoutSession::PROVIDER_PAYPAL])->save(); } $this->mergeProviderMetadata($session, [ 'paypal_last_event' => $eventType, 'paypal_status' => $this->resolveStatus($resource), 'paypal_last_update_at' => now()->toIso8601String(), ]); return $this->applyEvent($session, $eventType, $resource, $event); } finally { $lock->release(); } } /** * @param array $resource * @param array $event */ protected function applyEvent(CheckoutSession $session, string $eventType, array $resource, array $event): bool { $normalized = strtoupper($eventType); if (in_array($normalized, ['PAYMENT.CAPTURE.COMPLETED', 'CHECKOUT.ORDER.COMPLETED'], true)) { $captureId = $this->resolveCaptureId($resource, $normalized); $totals = $this->resolveTotals($resource); $status = strtoupper((string) ($resource['status'] ?? 'COMPLETED')); $session->forceFill([ 'paypal_capture_id' => $captureId ?: $session->paypal_capture_id, 'provider_metadata' => array_merge($session->provider_metadata ?? [], array_filter([ 'paypal_capture_id' => $captureId, 'paypal_status' => $status, 'paypal_totals' => $totals !== [] ? $totals : null, 'paypal_captured_at' => now()->toIso8601String(), ])), ])->save(); if ($session->status !== CheckoutSession::STATUS_COMPLETED) { $this->sessions->markProcessing($session, [ 'paypal_status' => $status, 'paypal_capture_id' => $captureId, ]); $this->assignment->finalise($session, [ 'source' => 'paypal_webhook', 'provider' => CheckoutSession::PROVIDER_PAYPAL, 'provider_reference' => $captureId ?: $session->paypal_order_id, 'payload' => $resource, ]); $this->sessions->markCompleted($session, now()); $this->couponRedemptions->recordSuccess($session, $resource); } return true; } if ($normalized === 'CHECKOUT.ORDER.APPROVED') { if ($session->status !== CheckoutSession::STATUS_COMPLETED) { $this->sessions->markRequiresCustomerAction($session, 'paypal_approved'); } return true; } if ($normalized === 'PAYMENT.CAPTURE.PENDING') { if ($session->status !== CheckoutSession::STATUS_COMPLETED) { $this->sessions->markRequiresCustomerAction($session, 'paypal_pending'); } return true; } if (in_array($normalized, ['PAYMENT.CAPTURE.DENIED', 'PAYMENT.CAPTURE.REFUNDED', 'CHECKOUT.ORDER.VOIDED'], true)) { $reason = match ($normalized) { 'PAYMENT.CAPTURE.DENIED' => 'paypal_capture_denied', 'PAYMENT.CAPTURE.REFUNDED' => 'paypal_refunded', 'CHECKOUT.ORDER.VOIDED' => 'paypal_voided', default => 'paypal_failed', }; $this->sessions->markFailed($session, $reason); $this->couponRedemptions->recordFailure($session, $reason); return true; } return false; } /** * @param array $resource */ protected function resolveOrderId(string $eventType, array $resource): ?string { if (str_starts_with(strtoupper($eventType), 'PAYMENT.CAPTURE.')) { $relatedOrderId = Arr::get($resource, 'supplementary_data.related_ids.order_id'); return is_string($relatedOrderId) && $relatedOrderId !== '' ? $relatedOrderId : null; } $orderId = $resource['id'] ?? null; return is_string($orderId) && $orderId !== '' ? $orderId : null; } /** * @param array $resource */ protected function locateSession(?string $orderId, array $resource): ?CheckoutSession { if ($orderId) { return CheckoutSession::query() ->where('paypal_order_id', $orderId) ->first(); } $customId = Arr::get($resource, 'purchase_units.0.custom_id'); if (is_string($customId) && $customId !== '') { return CheckoutSession::query()->find($customId); } return null; } /** * @param array $resource */ protected function resolveCaptureId(array $resource, string $eventType): ?string { if (str_starts_with($eventType, 'PAYMENT.CAPTURE.')) { $captureId = $resource['id'] ?? null; return is_string($captureId) && $captureId !== '' ? $captureId : null; } $captureId = Arr::get($resource, 'purchase_units.0.payments.captures.0.id'); return is_string($captureId) && $captureId !== '' ? $captureId : null; } /** * @param array $resource * @return array{currency?: string, total?: float} */ protected function resolveTotals(array $resource): array { $amount = Arr::get($resource, 'amount') ?? Arr::get($resource, 'purchase_units.0.payments.captures.0.amount') ?? Arr::get($resource, 'purchase_units.0.amount'); if (! is_array($amount)) { return []; } $currency = Arr::get($amount, 'currency_code'); $total = Arr::get($amount, 'value'); return array_filter([ 'currency' => is_string($currency) ? strtoupper($currency) : null, 'total' => is_numeric($total) ? (float) $total : null, ], static fn ($value) => $value !== null); } /** * @param array $resource */ protected function resolveStatus(array $resource): ?string { $status = $resource['status'] ?? null; return is_string($status) && $status !== '' ? strtoupper($status) : null; } /** * @param array $data */ protected function mergeProviderMetadata(CheckoutSession $session, array $data): void { $session->provider_metadata = array_merge($session->provider_metadata ?? [], $data); $session->save(); } }