Class: Spree::Api::V3::Webhooks::PaymentsController

Inherits:
ActionController::API
  • Object
show all
Includes:
ActionController::RateLimiting, Core::ControllerHelpers::Store
Defined in:
app/controllers/spree/api/v3/webhooks/payments_controller.rb

Constant Summary collapse

RATE_LIMIT_RESPONSE = 
-> {
  [429, { 'Content-Type' => 'application/json', 'Retry-After' => '60' },
   [{ error: { code: 'rate_limit_exceeded', message: 'Too many requests' } }.to_json]]
}

Instance Method Summary collapse

Instance Method Details

#createObject

POST /api/v3/webhooks/payments/:payment_method_id

Verifies the webhook signature synchronously (returns 401 if invalid), then enqueues async processing and returns 200 immediately.



23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'app/controllers/spree/api/v3/webhooks/payments_controller.rb', line 23

def create
  payment_method = current_store.payment_methods.find_by_prefix_id!(params[:payment_method_id])

  # Signature verification must be synchronous — invalid = 401
  result = payment_method.parse_webhook_event(request.raw_post, request.headers)

  # Unsupported event — acknowledge receipt
  return head :ok if result.nil?

  # Process asynchronously — gateways have timeout limits and will
  # retry on timeouts, so we must return 200 quickly.
  Spree::Payments::HandleWebhookJob.perform_later(
    payment_method_id: payment_method.id,
    action: result[:action].to_s,
    payment_session_id: result[:payment_session].id
  )

  head :ok
rescue Spree::PaymentMethod::WebhookSignatureError
  head :unauthorized
rescue ActiveRecord::RecordNotFound
  head :not_found
rescue StandardError => e
  Rails.error.report(e, source: 'spree.webhooks.payments')
  head :ok
end