webhook

package
v68.15.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 31, 2020 License: MIT Imports: 10 Imported by: 28

Documentation

Overview

Example
package main

import (
	"fmt"
	"io/ioutil"
	"log"
	"net/http"

	"github.com/stripe/stripe-go/webhook"
)

func main() {
	http.HandleFunc("/webhook", func(w http.ResponseWriter, req *http.Request) {
		// Protects against a malicious client streaming us an endless request
		// body
		const MaxBodyBytes = int64(65536)
		req.Body = http.MaxBytesReader(w, req.Body, MaxBodyBytes)

		body, err := ioutil.ReadAll(req.Body)
		if err != nil {
			w.WriteHeader(http.StatusBadRequest)
			return
		}

		// Pass the request body & Stripe-Signature header to ConstructEvent, along with the webhook signing key
		event, err := webhook.ConstructEvent(body, req.Header.Get("Stripe-Signature"), "whsec_DaLRHCRs35vEXqOE8uTEAXGLGUOnyaFf")

		if err != nil {
			w.WriteHeader(http.StatusBadRequest) // Return a 400 error on a bad signature
			fmt.Fprintf(w, "%v", err)
			return
		}

		fmt.Fprintf(w, "Received signed event: %v", event)
	})
	log.Fatal(http.ListenAndServe(":8080", nil))
}
Output:

Index

Examples

Constants

View Source
const (
	// DefaultTolerance indicates that signatures older than this will be rejected by ConstructEvent.
	DefaultTolerance time.Duration = 300 * time.Second
)

Variables

View Source
var (
	ErrInvalidHeader    = errors.New("webhook has invalid Stripe-Signature header")
	ErrNoValidSignature = errors.New("webhook had no valid signature")
	ErrNotSigned        = errors.New("webhook has no Stripe-Signature header")
	ErrTooOld           = errors.New("timestamp wasn't within tolerance")
)

This block represents the list of errors that could be raised when using the webhook package.

Functions

func ComputeSignature

func ComputeSignature(t time.Time, payload []byte, secret string) []byte

ComputeSignature computes a webhook signature using Stripe's v1 signing method.

See https://stripe.com/docs/webhooks#signatures for more information.

func ConstructEvent

func ConstructEvent(payload []byte, header string, secret string) (stripe.Event, error)

ConstructEvent initializes an Event object from a JSON webhook payload, validating the Stripe-Signature header using the specified signing secret. Returns an error if the body or Stripe-Signature header provided are unreadable, if the signature doesn't match, or if the timestamp for the signature is older than DefaultTolerance.

NOTE: Stripe will only send Webhook signing headers after you have retrieved your signing secret from the Stripe dashboard: https://dashboard.stripe.com/webhooks

func ConstructEventIgnoringTolerance

func ConstructEventIgnoringTolerance(payload []byte, header string, secret string) (stripe.Event, error)

ConstructEventIgnoringTolerance initializes an Event object from a JSON webhook payload, validating the Stripe-Signature header using the specified signing secret. Returns an error if the body or Stripe-Signature header provided are unreadable or if the signature doesn't match. Does not check the signature's timestamp.

NOTE: Stripe will only send Webhook signing headers after you have retrieved your signing secret from the Stripe dashboard: https://dashboard.stripe.com/webhooks

func ConstructEventWithTolerance

func ConstructEventWithTolerance(payload []byte, header string, secret string, tolerance time.Duration) (stripe.Event, error)

ConstructEventWithTolerance initializes an Event object from a JSON webhook payload, validating the signature in the Stripe-Signature header using the specified signing secret and tolerance window. Returns an error if the body or Stripe-Signature header provided are unreadable, if the signature doesn't match, or if the timestamp for the signature is older than the specified tolerance.

NOTE: Stripe will only send Webhook signing headers after you have retrieved your signing secret from the Stripe dashboard: https://dashboard.stripe.com/webhooks

func ValidatePayload

func ValidatePayload(payload []byte, header string, secret string) error

ValidatePayload validates the payload against the Stripe-Signature header using the specified signing secret. Returns an error if the body or Stripe-Signature header provided are unreadable, if the signature doesn't match, or if the timestamp for the signature is older than DefaultTolerance.

NOTE: Stripe will only send Webhook signing headers after you have retrieved your signing secret from the Stripe dashboard: https://dashboard.stripe.com/webhooks

func ValidatePayloadIgnoringTolerance

func ValidatePayloadIgnoringTolerance(payload []byte, header string, secret string) error

ValidatePayloadIgnoringTolerance validates the payload against the Stripe-Signature header header using the specified signing secret. Returns an error if the body or Stripe-Signature header provided are unreadable or if the signature doesn't match. Does not check the signature's timestamp.

NOTE: Stripe will only send Webhook signing headers after you have retrieved your signing secret from the Stripe dashboard: https://dashboard.stripe.com/webhooks

func ValidatePayloadWithTolerance

func ValidatePayloadWithTolerance(payload []byte, header string, secret string, tolerance time.Duration) error

ValidatePayloadWithTolerance validates the payload against the Stripe-Signature header using the specified signing secret and tolerance window. Returns an error if the body or Stripe-Signature header provided are unreadable, if the signature doesn't match, or if the timestamp for the signature is older than the specified tolerance.

NOTE: Stripe will only send Webhook signing headers after you have retrieved your signing secret from the Stripe dashboard: https://dashboard.stripe.com/webhooks

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL