Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stripe Webhook Fail When Deployed #214

Open
michaelmcnees opened this issue May 7, 2022 · 3 comments
Open

Stripe Webhook Fail When Deployed #214

michaelmcnees opened this issue May 7, 2022 · 3 comments
Assignees
@jtoar
Labels
bug Something isn't working

Comments

@michaelmcnees
Copy link

When deployed to Netlify (I would assume any Lambda-based implementation will have the same issue) Stripe webhook events fail and report:

No signatures found matching the expected signature for payload

I solved this by updating the handleStripeWebhooks function to check the NODE_ENV value and if it's set to production to use event.rawBody rather than event.body. The local dev server will fail if it's passed the rawBody.

Here is my revised function that solves the issue:

export const handleStripeWebhooks = (event, context, webhooksObj) => {
  let stripeEvent
  let body = process.env.NODE_ENV === 'production' ? event.rawBody : event.body
  try {
    const sig = event.headers['stripe-signature']
    stripeEvent = stripe.webhooks.constructEvent(
      body,
      sig,
      process.env.STRIPE_WEBHOOK_KEY
    )

    let results = null
    if (typeof webhooksObj[stripeEvent.type] !== 'undefined') {
      results = webhooksObj[stripeEvent.type](event, context)
    }
    return results
  } catch (error) {
    console.log(error)
    throw error
  }
}
@jtoar jtoar self-assigned this May 11, 2022
@jtoar jtoar added the bug Something isn't working label May 11, 2022
@jtoar
Copy link
Contributor

jtoar commented May 11, 2022

Thanks @BSKnuckles! I'll try to carve out some time for this soon. You're more than welcome to open a PR in the meantime, but no pressure!

@michaelmcnees
Copy link
Author

@jtoar I can probably submit that. Is this how you would expect to solve this sort of issue or is there a better way that I should use instead?

@jtoar
Copy link
Contributor

jtoar commented May 11, 2022

That looks ok to me. We had a similar situation with the success and cancel urls in the checkout service. We solved it with an env var at first, but since they're GraphQL resolvers, we ended up with a bit more sophisticated solution that takes deploy previews into account:

example-store-stripe/api/src/services/checkouts/checkouts.js

Lines 23 to 24 in cf309b6

success_url: `${context.event.headers.referer}success?sessionId={CHECKOUT_SESSION_ID}`,
cancel_url: `${context.event.headers.referer}failure`,

In the webhook's case, the event's coming from Stripe. Maybe there's something that Stripe gives us, in the event or the context, that we could use to resolve dev vs prod in a similar way?

@chrisvdm chrisvdm mentioned this issue Jul 7, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jtoar jtoar

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jtoar @michaelmcnees