Merge pull request #15 from SystangoTechnologies/feat-billing-flow

sumits-systango · web-flow · commit 5b56da965239 · 2020-04-21T16:29:50.000+05:30
feat: webhook integration for billing flow
diff --git a/README.md b/README.md
@@ -50,6 +50,14 @@ Note : Take values of APP_ID, WEBHOOK_PROXY_URL, WEBHOOK_SECRET, PRIVATE_KEY fro
 
 Step 4. Run `npm start` to start the application
 
+## Resources
+[Purchase Flow](https://developer.github.com/marketplace/integrating-with-the-github-marketplace-api/handling-new-purchases-and-free-trials/)
+
+[Identifying and authorizing users for GitHub Apps](https://developer.github.com/apps/building-github-apps/identifying-and-authorizing-users-for-github-apps/)
+
+[Integrating with the GitHub Marketplace API](https://developer.github.com/marketplace/integrating-with-the-github-marketplace-api/)
+
+
 ## Contributors
 [Anshul Soni](https://www.linkedin.com/in/anshul-soni-3903a2101/)
 
diff --git a/constants.js b/constants.js
@@ -43,5 +43,6 @@ module.exports = {
     MARKETPLACE_PURCHASE: 'marketplace_purchase',
     CHECK_SUITE: 'check_suite'
   },
-  OAUTH_ENDPOINT: 'https://github.com/login/oauth'
+  OAUTH_ENDPOINT: 'https://github.com/login/oauth',
+  INSTALLATION_PATH: 'https://github.com/settings/installations'
 };
diff --git a/controllers/marketplace.js b/controllers/marketplace.js
@@ -5,30 +5,33 @@ const rp = require('request-promise');
 /**
  * Constants
  */
-const { OAUTH_ENDPOINT } = require('../constants');
+const { OAUTH_ENDPOINT, INSTALLATION_PATH } = require('../constants');
 
 /**
  * Controllers
  */
 module.exports.marketplaceEventHandlers = async (req, res) => {
    try {
       let body = req.body;
+      console.log('marketplaceEventHandlers ==> ', body);
       if(body.action && eventHandlers[body.action]) {
          await eventHandlers[body.action](req, res, body);
       }
    } catch (error) {
-      console.log(error);
+      console.log('Error while marketplaceEventHandlers => ', error);
    }
 };
 
 module.exports.getAccessToken = async (req, res) => {
    try {
       const query = req.query;
+      console.log('AccessToken API call started');
       const getAccessToken = `${OAUTH_ENDPOINT}/access_token?client_id=${process.env.CLIENT_ID}&client_secret=${process.env.CLIENT_SECRET}&code=${query.code}&redirect_uri=${process.env.REDIRECT_URI}&state=${query.STATE}`;
       let accessToken = await rp(getAccessToken);
-      res.json(accessToken);
+      console.log('AccessToken API call completed');
+      res.redirect(INSTALLATION_PATH);
    } catch (error) {
-      console.log(error);
+      console.log('Error while getAccessToken => ', error);
    }
 };
 
@@ -39,7 +42,33 @@ module.exports.getAccessToken = async (req, res) => {
 let eventHandlers = {
    purchased: async (req, res, eventData) => {
       let purchaserData = eventData.marketplace_purchase;
-      const oAuthUrl = `${OAUTH_ENDPOINT}/authorize?client_id=${process.env.CLIENT_ID}&redirect_uri=${process.env.REDIRECT_URI}&state=${process.env.STATE}&login=${purchaserData.account.login}`;
-      res.redirect(oAuthUrl);
+      console.log('Event purchased triggered', purchaserData);
+      /**
+       * TODO: Authenticate user with github in future if we maintian user information in our database and we need to call user specific detials from github.
+       */
+      // const oAuthUrl = `${OAUTH_ENDPOINT}/authorize?client_id=${process.env.CLIENT_ID}&redirect_uri=${process.env.REDIRECT_URI}&state=${process.env.STATE}&login=${purchaserData.account.login}`;
+      // console.log('oAuthUrl', oAuthUrl);
+      // res.redirect(oAuthUrl);
+      return res.json().status(200);
+   },
+   cancelled: async (req, res, eventData) => {
+      let purchaserData = eventData.marketplace_purchase;
+      console.log('Event cancelled triggered', purchaserData);
+      return res.json().status(200);
+   },
+   pending_change: async (req, res, eventData) => {
+      let purchaserData = eventData.marketplace_purchase;
+      console.log('Event pending_change triggered', purchaserData);
+      return res.json().status(200);
+   },
+   pending_change_cancelled: async (req, res, eventData) => {
+      let purchaserData = eventData.marketplace_purchase;
+      console.log('Event pending_change_cancelled triggered', purchaserData);
+      return res.json().status(200);
+   },
+   changed: async (req, res, eventData) => {
+      let purchaserData = eventData.marketplace_purchase;
+      console.log('Event changed triggered', purchaserData);
+      return res.json().status(200);
    }
 };
diff --git a/index.js b/index.js
@@ -5,18 +5,31 @@ const express = require('express');
 const expressApp = express();
 const path = require('path');
 const bodyParser = require('body-parser');
-
+const {
+  verifyWebhookData
+} = require('./middleware/verifyWebhooks');
 /**
  * Controllers
  */
-const { commitAndTitleValidator } = require('./controllers/pullRequest');
-const { marketplaceEventHandlers, getAccessToken } = require('./controllers/marketplace');
-const { listForSuite } = require('./controllers/checks');
+const {
+  commitAndTitleValidator
+} = require('./controllers/pullRequest');
+const {
+  marketplaceEventHandlers,
+  getAccessToken
+} = require('./controllers/marketplace');
+const {
+  listForSuite
+} = require('./controllers/checks');
 
 /**
  * Constants
  */
-const { configFileName, messages, events } = require('./constants.js');
+const {
+  configFileName,
+  messages,
+  events
+} = require('./constants.js');
 const publicDirectory = path.join(`${__dirname}`, 'public');
 
 /**
@@ -110,7 +123,7 @@ module.exports = async app => {
    * Marketplace API
    * This API gets hit by github on any marketplace event
    */
-  expressApp.post('/marketplace', marketplaceEventHandlers);
+  expressApp.post('/marketplace', verifyWebhookData, marketplaceEventHandlers);
 
   /**
    * This API gets hit when redirected by `POST: /marketplace` API
@@ -119,4 +132,4 @@ module.exports = async app => {
   expressApp.get('/auth', getAccessToken);
 
   app.router.use('/', expressApp);
-};
+};
diff --git a/middleware/verifyWebhooks.js b/middleware/verifyWebhooks.js
@@ -0,0 +1,19 @@
+const crypto = require('crypto')
+const secret = process.env.WEBHOOK_SECRET;
+const sigHeaderName = 'x-hub-signature'
+
+module.exports.verifyWebhookData = function(req, res, next) {
+    const payload = JSON.stringify(req.body)
+    if (!payload) {
+      return next('Request body empty')
+    }
+  
+    const sig = req.get(sigHeaderName) || ''
+    const hmac = crypto.createHmac('sha1', secret)
+    const digest = Buffer.from('sha1=' + hmac.update(payload).digest('hex'), 'utf8')
+    const checksum = Buffer.from(sig, 'utf8')
+    if (checksum.length !== digest.length || !crypto.timingSafeEqual(digest, checksum)) {
+      return next(`Request body digest (${digest}) did not match ${sigHeaderName} (${checksum})`)
+    }
+    return next()
+  }
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "commit-message-lint-app",
-  "version": "3.0.0",
+  "version": "3.1.0",
   "description": "An app for validating commit messages and pull requests title",
   "author": "Anshul Soni <asoni@isystango.com>",
   "license": "ISC",

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "commit-message-lint-app",`
`3`		`- "version": "3.0.0",`
	`3`	`+ "version": "3.1.0",`
`4`	`4`	`"description": "An app for validating commit messages and pull requests title",`
`5`	`5`	`"author": "Anshul Soni <[email protected]>",`
`6`	`6`	`"license": "ISC",`