feat: BTCPay webhook for auto-publish after confirmation, processing badge
This commit is contained in:
102
docs/pow-server/btcpay-webhook.php
Normal file
102
docs/pow-server/btcpay-webhook.php
Normal file
@@ -0,0 +1,102 @@
|
||||
<?php
|
||||
require __DIR__ . '/config.php';
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
||||
http_response_code(405);
|
||||
echo json_encode(['error' => 'Method not allowed']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$rawBody = file_get_contents('php://input');
|
||||
$payload = json_decode($rawBody, true);
|
||||
|
||||
// Verify HMAC signature if secret is configured
|
||||
if (BTCPAY_WEBHOOK_SECRET) {
|
||||
$sigHeader = $_SERVER['HTTP_BTCPAY_SIG'] ?? '';
|
||||
$expectedSig = 'sha256=' . hash_hmac('sha256', $rawBody, BTCPAY_WEBHOOK_SECRET);
|
||||
|
||||
if (!hash_equals($expectedSig, $sigHeader)) {
|
||||
http_response_code(403);
|
||||
echo json_encode(['error' => 'Invalid signature']);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
$type = $payload['type'] ?? null;
|
||||
$invoiceId = $payload['invoiceId'] ?? null;
|
||||
|
||||
if (!$type || !$invoiceId) {
|
||||
http_response_code(400);
|
||||
echo json_encode(['error' => 'Missing type or invoiceId']);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Only handle settled invoices
|
||||
if ($type !== 'InvoiceSettled' && $type !== 'InvoicePaymentSettled') {
|
||||
echo json_encode(['ok' => true, 'action' => 'ignored', 'type' => $type]);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Fetch invoice from BTCPay to get listing ID from metadata
|
||||
$btcpayUrl = BTCPAY_BASE_URL . '/api/v1/stores/' . BTCPAY_STORE_ID . '/invoices/' . urlencode($invoiceId);
|
||||
$btcpayContext = stream_context_create([
|
||||
'http' => [
|
||||
'method' => 'GET',
|
||||
'header' => "Authorization: token " . BTCPAY_API_KEY . "\r\n",
|
||||
'ignore_errors' => true,
|
||||
'timeout' => 10,
|
||||
],
|
||||
]);
|
||||
|
||||
$btcpayResponse = file_get_contents($btcpayUrl, false, $btcpayContext);
|
||||
if ($btcpayResponse === false) {
|
||||
http_response_code(502);
|
||||
echo json_encode(['error' => 'Failed to fetch invoice from BTCPay']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$invoice = json_decode($btcpayResponse, true);
|
||||
$listingId = $invoice['metadata']['listingId'] ?? null;
|
||||
|
||||
if (!$listingId) {
|
||||
http_response_code(400);
|
||||
echo json_encode(['error' => 'No listingId in invoice metadata']);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Update listing in Directus: publish + set paid
|
||||
$expiresAt = date('c', strtotime('+30 days'));
|
||||
$now = date('c');
|
||||
|
||||
$directusPayload = json_encode([
|
||||
'status' => 'published',
|
||||
'payment_status' => 'paid',
|
||||
'paid_at' => $now,
|
||||
'expires_at' => $expiresAt,
|
||||
]);
|
||||
|
||||
$directusUrl = DIRECTUS_URL . '/items/listings/' . urlencode($listingId);
|
||||
$directusContext = stream_context_create([
|
||||
'http' => [
|
||||
'method' => 'PATCH',
|
||||
'header' => "Content-Type: application/json\r\nAuthorization: Bearer " . DIRECTUS_TOKEN . "\r\n",
|
||||
'content' => $directusPayload,
|
||||
'ignore_errors' => true,
|
||||
'timeout' => 10,
|
||||
],
|
||||
]);
|
||||
|
||||
$directusResponse = file_get_contents($directusUrl, false, $directusContext);
|
||||
|
||||
$directusStatus = 500;
|
||||
if (isset($http_response_header[0]) && preg_match('/\d{3}/', $http_response_header[0], $matches)) {
|
||||
$directusStatus = (int)$matches[0];
|
||||
}
|
||||
|
||||
if ($directusStatus >= 400) {
|
||||
http_response_code(502);
|
||||
echo json_encode(['error' => 'Failed to update listing in Directus', 'status' => $directusStatus]);
|
||||
exit;
|
||||
}
|
||||
|
||||
echo json_encode(['ok' => true, 'listingId' => $listingId, 'action' => 'published']);
|
||||
@@ -8,3 +8,6 @@ define('BTCPAY_API_KEY', getenv('BTCPAY_API_KEY') ?: 'CHANGE_ME');
|
||||
define('BTCPAY_STORE_ID', getenv('BTCPAY_STORE_ID') ?: 'CHANGE_ME');
|
||||
define('BTCPAY_WEBHOOK_SECRET', getenv('BTCPAY_WEBHOOK_SECRET') ?: '');
|
||||
define('LISTING_FEE', ['EUR' => 1, 'USD' => 1, 'CHF' => 1, 'GBP' => 1, 'JPY' => 200]);
|
||||
|
||||
define('DIRECTUS_URL', getenv('DIRECTUS_URL') ?: 'https://api.dgray.io');
|
||||
define('DIRECTUS_TOKEN', getenv('DIRECTUS_TOKEN') ?: 'CHANGE_ME');
|
||||
|
||||
@@ -1,6 +1,14 @@
|
||||
<?php
|
||||
header('Content-Type: application/json');
|
||||
header('Access-Control-Allow-Origin: https://dgray.io');
|
||||
|
||||
$allowedOrigins = ['https://dgray.io', 'http://localhost:5500', 'http://localhost:8080'];
|
||||
$origin = $_SERVER['HTTP_ORIGIN'] ?? '';
|
||||
if (in_array($origin, $allowedOrigins)) {
|
||||
header('Access-Control-Allow-Origin: ' . $origin);
|
||||
} else {
|
||||
header('Access-Control-Allow-Origin: https://dgray.io');
|
||||
}
|
||||
|
||||
header('Access-Control-Allow-Methods: GET, POST, OPTIONS');
|
||||
header('Access-Control-Allow-Headers: Content-Type');
|
||||
|
||||
@@ -25,6 +33,9 @@ switch ($uri) {
|
||||
case '/btcpay/status':
|
||||
require __DIR__ . '/btcpay-status.php';
|
||||
break;
|
||||
case '/btcpay/webhook':
|
||||
require __DIR__ . '/btcpay-webhook.php';
|
||||
break;
|
||||
default:
|
||||
http_response_code(404);
|
||||
echo json_encode(['error' => 'Not found']);
|
||||
|
||||
Reference in New Issue
Block a user