Merge pull request #11 from benalucorp/arwego/feat/add_webhooks

Webhooks - Add Comparator, and Stub for Create Charge

Author: rizalgowandy

README.md

@@ -126,6 +126,43 @@ func AlwaysError(ctx context.Context, client *coinbase.Client) {
 }
 ```
 
+For more example, check [here](main_test.go).
+
+### Webhook
+
+Webhooks make it easier to integrate with Coinbase Commerce by allowing you to subscribe to a set of charge events. In a sense webhook is basically callback to notify our app after a change of state in resource such as charges. Just like before, you can enable that by injecting certain value to the context.
+
+```go
+package main
+
+import (
+	"context"
+	"log"
+
+	"github.com/benalucorp/coinbase-commerce-go"
+	"github.com/benalucorp/coinbase-commerce-go/pkg/api"
+	"github.com/benalucorp/coinbase-commerce-go/pkg/entity"
+	"github.com/benalucorp/coinbase-commerce-go/pkg/enum"
+	"github.com/benalucorp/coinbase-commerce-go/pkg/api/stub"
+)
+
+func SendWebhook(ctx context.Context, client *coinbase.Cliet) {
+	// Enable stub that will send webhook after certain times.
+	ctx := stub.SetWebhookReq(context.Background(), &entity.WebhookReq{
+		URL:             "http://127.0.0.1:9000/test",
+		SharedSecretKey: "WEBHOOK_SECRET_KEY",
+		Resource:        stub.CreateWebhooksResource(),
+	})
+	resp, err := client.CreateCharge(ctx, &entity.CreateChargeReq{})
+	if err != nil {
+		log.Fatal(err)
+	}
+	log.Printf("%+v", resp)
+}
+```
+
+For more example, check [here](example/main.go).
+
 ## Supported API
 
 Version: 2018-03-22
@@ -148,4 +185,6 @@ Version: 2018-03-22
    - [Cancel an invoice](https://commerce.coinbase.com/docs/api/#cancel-an-invoice)
 - [Events](https://commerce.coinbase.com/docs/api/#events)
    - [Show an event](https://commerce.coinbase.com/docs/api/#show-a-event)
-   - [List events](https://commerce.coinbase.com/docs/api/#list-events)
+   - [List events](https://commerce.coinbase.com/docs/api/#list-events)
+- [Webhooks](https://commerce.coinbase.com/docs/api/#webhooks)
+   - [Securing webhooks](https://commerce.coinbase.com/docs/api/#securing-webhooks)

example/main.go

@@ -0,0 +1,74 @@
+package main
+
+import (
+	"context"
+	"encoding/json"
+	"log"
+	"net/http"
+
+	"github.com/benalucorp/coinbase-commerce-go"
+	"github.com/benalucorp/coinbase-commerce-go/pkg/api"
+	"github.com/benalucorp/coinbase-commerce-go/pkg/entity"
+	"github.com/benalucorp/coinbase-commerce-go/pkg/enum"
+	"github.com/benalucorp/coinbase-commerce-go/pkg/stub"
+	"github.com/kokizzu/gotro/L"
+)
+
+func main() {
+	client, err := coinbase.NewClient(api.Config{
+		Key:   "API_KEY",
+		Debug: true,
+	})
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Set stub to send webhook response
+	ctx := stub.SetWebhookReq(context.Background(), &entity.WebhookReq{
+		URL:             "http://127.0.0.1:9000/test",
+		SharedSecretKey: "WEBHOOK_KEY",
+		Resource:        stub.CreateWebhooksResource(),
+	})
+	resp, err := client.CreateCharge(ctx, &entity.CreateChargeReq{
+		Name:        "The Sovereign Individual",
+		Description: "Mastering the Transition to the Information Age",
+		LocalPrice: entity.CreateChargePrice{
+			Amount:   "100.00",
+			Currency: "USD",
+		},
+		PricingType: enum.PricingTypeFixedPrice,
+		Metadata: entity.CreateChargeMetadata{
+			CustomerID:   "id_1005",
+			CustomerName: "Satoshi Nakamoto",
+		},
+		RedirectURL: "https://charge/completed/page",
+		CancelURL:   "https://charge/canceled/page",
+	})
+	if err != nil {
+		log.Fatal(err)
+	}
+	L.Describe(resp.Data.ID)
+
+	// Create server.
+	http.HandleFunc("/test", func(w http.ResponseWriter, r *http.Request) {
+		var req entity.WebhookResource
+		err := json.NewDecoder(r.Body).Decode(&req)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusBadRequest)
+			return
+		}
+		receivedSignature := r.Header.Get("X-CC-Webhook-Signature")
+		sharedSecretKey := "WEBHOOK_KEY"
+		err = coinbase.CompareWebhookSignature(r.Context(), &req, receivedSignature, sharedSecretKey)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusUnauthorized)
+			return
+		}
+
+		// Success.
+		L.Describe(r.Header)
+		L.Describe(req)
+		w.WriteHeader(http.StatusOK)
+	})
+	_ = http.ListenAndServe(":9000", nil)
+}

go.mod

@@ -5,6 +5,7 @@ go 1.14
 require (
 	github.com/go-resty/resty/v2 v2.6.0
 	github.com/kokizzu/gotro v1.817.1737
+	github.com/robfig/cron/v3 v3.0.1
 	github.com/segmentio/ksuid v1.0.4
 	github.com/stretchr/testify v1.7.0
 	golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d // indirect

go.sum

@@ -146,6 +146,8 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs=
+github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58/go.mod h1:6lfFZQK844Gfx8o5WFuvpxWRwnSoipWe/p622j1v06w=
 github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c=

main.go

@@ -4,8 +4,8 @@ import (
 	"context"
 
 	"github.com/benalucorp/coinbase-commerce-go/pkg/api"
-	"github.com/benalucorp/coinbase-commerce-go/pkg/api/stub"
 	"github.com/benalucorp/coinbase-commerce-go/pkg/entity"
+	"github.com/benalucorp/coinbase-commerce-go/pkg/stub"
 )
 
 // NewClient creates a client to interact with Coinbase Commerce API.
@@ -16,7 +16,7 @@ func NewClient(cfg api.Config) (*Client, error) {
 
 	return &Client{
 		charges:       api.NewCharges(cfg),
-		chargesStub:   stub.NewCharges(),
+		chargesStub:   stub.NewCharges(cfg),
 		checkouts:     api.NewCheckouts(cfg),
 		checkoutsStub: stub.NewCheckouts(),
 		invoices:      api.NewInvoices(cfg),
@@ -257,3 +257,16 @@ func (c *Client) ShowEvent(ctx context.Context, req *entity.ShowEventReq) (*enti
 	}
 	return c.events.Show(ctx, req)
 }
+
+// CompareWebhookSignature used for the handler middleware to verify webhook.
+// Mismatch signature will return an error.
+//
+// Payload:
+// req 					=> from request body.
+// receivedSignature	=> from "X-CC-Webhook-Signature" header.
+// sharedSecretKey		=> from webhook setting page secret key.
+//
+// Reference: https://commerce.coinbase.com/docs/api/#securing-webhooks
+func CompareWebhookSignature(ctx context.Context, req *entity.WebhookResource, receivedSignature, sharedSecretKey string) error {
+	return api.CompareWebhookSignature(ctx, req, receivedSignature, sharedSecretKey)
+}

main_test.go

@@ -5,8 +5,8 @@ import (
 	"testing"
 
 	"github.com/benalucorp/coinbase-commerce-go/pkg/api"
-	"github.com/benalucorp/coinbase-commerce-go/pkg/api/stub"
 	"github.com/benalucorp/coinbase-commerce-go/pkg/entity"
+	"github.com/benalucorp/coinbase-commerce-go/pkg/stub"
 	"github.com/kokizzu/gotro/L"
 	"github.com/stretchr/testify/assert"
 )
@@ -30,7 +30,7 @@ func TestClient_CancelCharge(t *testing.T) {
 			name: "Stub error",
 			fields: fields{
 				charges:     nil,
-				chargesStub: stub.NewCharges(),
+				chargesStub: stub.NewCharges(api.Config{}),
 			},
 			args: args{
 				ctx: stub.SetErrDetailResp(context.Background(), entity.ErrDetailResp{
@@ -48,7 +48,7 @@ func TestClient_CancelCharge(t *testing.T) {
 			name: "Stub success",
 			fields: fields{
 				charges:     nil,
-				chargesStub: stub.NewCharges(),
+				chargesStub: stub.NewCharges(api.Config{}),
 			},
 			args: args{
 				ctx: stub.Enable(context.Background()),
@@ -98,7 +98,7 @@ func TestClient_CreateCharge(t *testing.T) {
 			name: "Stub error",
 			fields: fields{
 				charges:     nil,
-				chargesStub: stub.NewCharges(),
+				chargesStub: stub.NewCharges(api.Config{}),
 			},
 			args: args{
 				ctx: stub.SetErrDetailResp(context.Background(), entity.ErrDetailResp{
@@ -113,7 +113,7 @@ func TestClient_CreateCharge(t *testing.T) {
 			name: "Stub success",
 			fields: fields{
 				charges:     nil,
-				chargesStub: stub.NewCharges(),
+				chargesStub: stub.NewCharges(api.Config{}),
 			},
 			args: args{
 				ctx: stub.Enable(context.Background()),
@@ -160,7 +160,7 @@ func TestClient_ListCharges(t *testing.T) {
 			name: "Stub error",
 			fields: fields{
 				charges:     nil,
-				chargesStub: stub.NewCharges(),
+				chargesStub: stub.NewCharges(api.Config{}),
 			},
 			args: args{
 				ctx: stub.SetErrDetailResp(context.Background(), entity.ErrDetailResp{
@@ -175,7 +175,7 @@ func TestClient_ListCharges(t *testing.T) {
 			name: "Stub success",
 			fields: fields{
 				charges:     nil,
-				chargesStub: stub.NewCharges(),
+				chargesStub: stub.NewCharges(api.Config{}),
 			},
 			args: args{
 				ctx: stub.Enable(context.Background()),
@@ -222,7 +222,7 @@ func TestClient_ResolveCharge(t *testing.T) {
 			name: "Stub error",
 			fields: fields{
 				charges:     nil,
-				chargesStub: stub.NewCharges(),
+				chargesStub: stub.NewCharges(api.Config{}),
 			},
 			args: args{
 				ctx: stub.SetErrDetailResp(context.Background(), entity.ErrDetailResp{
@@ -240,7 +240,7 @@ func TestClient_ResolveCharge(t *testing.T) {
 			name: "Stub success",
 			fields: fields{
 				charges:     nil,
-				chargesStub: stub.NewCharges(),
+				chargesStub: stub.NewCharges(api.Config{}),
 			},
 			args: args{
 				ctx: stub.Enable(context.Background()),
@@ -290,7 +290,7 @@ func TestClient_ShowCharge(t *testing.T) {
 			name: "Stub error",
 			fields: fields{
 				charges:     nil,
-				chargesStub: stub.NewCharges(),
+				chargesStub: stub.NewCharges(api.Config{}),
 			},
 			args: args{
 				ctx: stub.SetErrDetailResp(context.Background(), entity.ErrDetailResp{
@@ -308,7 +308,7 @@ func TestClient_ShowCharge(t *testing.T) {
 			name: "Stub success",
 			fields: fields{
 				charges:     nil,
-				chargesStub: stub.NewCharges(),
+				chargesStub: stub.NewCharges(api.Config{}),
 			},
 			args: args{
 				ctx: stub.Enable(context.Background()),

pkg/api/webhooks.go

@@ -0,0 +1,61 @@
+package api
+
+import (
+	"context"
+	"crypto/hmac"
+	"crypto/sha256"
+	"encoding/hex"
+	"encoding/json"
+	"errors"
+
+	"github.com/benalucorp/coinbase-commerce-go/pkg/entity"
+)
+
+func CreateWebhookSignature(_ context.Context, req *entity.WebhookResource, sharedSecretKey string) (string, error) {
+	// Create raw request.
+	rawReq, err := json.Marshal(req)
+	if err != nil {
+		return "", err
+	}
+
+	// Sign raw request.
+	h := hmac.New(sha256.New, []byte(sharedSecretKey))
+	if _, err = h.Write(rawReq); err != nil {
+		return "", err
+	}
+	signedReq := h.Sum(nil)
+
+	// Encode signed request.
+	encodedReq := make([]byte, hex.EncodedLen(len(signedReq)))
+	hex.Encode(encodedReq, signedReq)
+
+	// Return encoded signed request as string.
+	return string(encodedReq), nil
+}
+
+func CompareWebhookSignature(_ context.Context, req *entity.WebhookResource, receivedSignature, sharedSecretKey string) error {
+	// Decode received signature.
+	decodedSignature, err := hex.DecodeString(receivedSignature)
+	if err != nil {
+		return err
+	}
+
+	// Create raw request.
+	rawReq, err := json.Marshal(req)
+	if err != nil {
+		return err
+	}
+
+	// Sign raw request.
+	h := hmac.New(sha256.New, []byte(sharedSecretKey))
+	if _, err = h.Write(rawReq); err != nil {
+		return err
+	}
+	signedReq := h.Sum(nil)
+
+	// Compare created signature with the received signature.
+	if ok := hmac.Equal(signedReq, decodedSignature); !ok {
+		return errors.New("coinbase: no signatures found matching the expected signature for payload")
+	}
+	return nil
+}

pkg/entity/webhooks.go

@@ -0,0 +1,9 @@
+package entity
+
+// Reference: https://commerce.coinbase.com/docs/api/#securing-webhooks
+
+type WebhookReq struct {
+	URL             string
+	SharedSecretKey string
+	Resource        WebhookResource
+}

pkg/entity/webhooks_resource.go

@@ -0,0 +1,11 @@
+package entity
+
+import (
+	"time"
+)
+
+type WebhookResource struct {
+	ID           int           `json:"id"`
+	ScheduledFor time.Time     `json:"scheduled_for"`
+	Event        EventResource `json:"event"`
+}