NNTmux / newznab-tmux

app/Http/Controllers/BtcPaymentController.php

<?php

namespace App\Http\Controllers;

use App\Models\Payment;
use App\Models\User;
use Illuminate\Http\Request;
use Illuminate\Http\Response;
use Illuminate\Support\Facades\Log;

class BtcPaymentController extends BasePageController
{
    /**
     * BtcPay callback.
     */
    public function btcPayCallback(Request $request): Response
    {
        $hashCheck = 'sha256='.hash_hmac('sha256', $request->getContent(), config('nntmux.btcpay_webhook_secret'));
        if ($hashCheck !== $request->header('btcpay-sig')) {
            Log::error('BTCPay webhook hash check failed: '.$request->header('btcpay-sig'));

Are you sure $request->header('btcpay-sig') of type array|null|string can be used in concatenation?

            return response('Not Found', 404);
        }
        $payload = json_decode($request->getContent(), true);

It seems like $request->getContent() can also be of type resource; however, parameter $json of json_decode() does only seem to accept string, maybe add an additional type check?

        // We have received a payment for an invoice and user should be upgraded to a paid plan based on order
        if ($payload['type'] === 'InvoicePaymentSettled') {
            $user = User::query()->where('email', '=', $payload['metadata']['buyerEmail'])->first();
            if ($user) {
                $checkOrder = Payment::query()->where('invoice_id', '=', $payload['invoiceId'])->where('payment_status', '=', 'Settled')->first();
                if ($checkOrder !== null) {
                    Log::error('Duplicate BTCPay webhook: '.$payload['webhookId']);

                    return response('OK', 200);
                }

                Payment::create([
                    'email' => $payload['metadata']['buyerEmail'],
                    'username' => $user->username,
                    'item_description' => $payload['metadata']['itemDesc'],
                    'order_id' => $payload['metadata']['orderId'],
                    'payment_id' => $payload['payment']['id'],
                    'payment_status' => $payload['payment']['status'],
                    'invoice_amount' => $payload['metadata']['invoice_amount'],
                    'payment_method' => $payload['paymentMethodId'],
                    'payment_value' => $payload['payment']['value'],
                    'webhook_id' => $payload['webhookId'],
                    'invoice_id' => $payload['invoiceId'],
                ]);

                return response('OK', 200);
            }

            Log::error('User not found for BTCPay webhook: '.$payload['metadata']['buyerEmail']);

            return response('Not Found', 404);
        }

        if ($payload['type'] === 'InvoiceSettled') {
            // Check if we have the invoice_id in payments table and if we do, update the user account
            $checkOrder = Payment::query()->where('invoice_id', '=', $payload['invoiceId'])->where('payment_status', '=', 'Settled')->where(function ($query) {
                return $query->where('invoice_status', 'Pending')->orWhereNull('invoice_status');
            })->first();
            if ($checkOrder !== null) {
                $user = User::query()->where('email', '=', $checkOrder->email)->first();

The property email does not seem to exist on App\Models\Payment. Are you sure there is no database migration missing?

                if ($user) {
                    preg_match('/(?P<role>\w+(\s\+\+)?)[\s](?P<addYears>\d+)/i', $checkOrder->item_description, $matches);

The property item_description does not seem to exist on App\Models\Payment. Are you sure there is no database migration missing?

                    User::updateUserRole($user->id, $matches['role']);
                    User::updateUserRoleChangeDate($user->id, null, $matches['addYears']);
                    $checkOrder->update(['invoice_status' => 'Settled']);
                    Log::info('User: '.$user->username.' upgraded to '.$matches['role'].' for BTCPay webhook: '.$checkOrder->webhook_id);

The property webhook_id does not seem to exist on App\Models\Payment. Are you sure there is no database migration missing?

                    return response('OK', 200);
                }

                Log::error('User not found for BTCPay webhook: '.$checkOrder->webhook_id);

                return response('Not Found', 404);
            }
        }

        return response('OK', 200);
    }
}