admin/honeyDueAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Apple/Google IAP validation and subscription webhooks

Browse Source 
- Add Apple App Store Server API integration for receipt/transaction validation
- Add Google Play Developer API integration for purchase token validation
- Add webhook endpoints for server-to-server subscription notifications
  - POST /api/subscription/webhook/apple/ (App Store Server Notifications v2)
  - POST /api/subscription/webhook/google/ (Real-time Developer Notifications)
- Support both StoreKit 1 (receipt_data) and StoreKit 2 (transaction_id)
- Add repository methods to find users by transaction ID or purchase token
- Add configuration for IAP credentials (APPLE_IAP_*, GOOGLE_IAP_*)
- Add setup documentation for configuring webhooks

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Trey t
2025-12-14 13:58:37 -06:00
parent 81885c4ea3
commit c58aaa5d5f
10 changed files with 1909 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
internal/handlers/subscription_handler.go
View File

@@ -115,17 +115,18 @@ func (h *SubscriptionHandler) ProcessPurchase(c *gin.Context) {
switch req.Platform {
case "ios":
if req.ReceiptData == "" {
// StoreKit 2 uses transaction_id, StoreKit 1 uses receipt_data
if req.TransactionID == "" && req.ReceiptData == "" {
c.JSON(http.StatusBadRequest, gin.H{"error": i18n.LocalizedMessage(c, "error.receipt_data_required")})
return
}
subscription, err = h.subscriptionService.ProcessApplePurchase(user.ID, req.ReceiptData)
subscription, err = h.subscriptionService.ProcessApplePurchase(user.ID, req.ReceiptData, req.TransactionID)
case "android":
if req.PurchaseToken == "" {
c.JSON(http.StatusBadRequest, gin.H{"error": i18n.LocalizedMessage(c, "error.purchase_token_required")})
return
}
subscription, err = h.subscriptionService.ProcessGooglePurchase(user.ID, req.PurchaseToken)
subscription, err = h.subscriptionService.ProcessGooglePurchase(user.ID, req.PurchaseToken, req.ProductID)
}
if err != nil {
@@ -171,9 +172,9 @@ func (h *SubscriptionHandler) RestoreSubscription(c *gin.Context) {
switch req.Platform {
case "ios":
subscription, err = h.subscriptionService.ProcessApplePurchase(user.ID, req.ReceiptData)
subscription, err = h.subscriptionService.ProcessApplePurchase(user.ID, req.ReceiptData, req.TransactionID)
case "android":
subscription, err = h.subscriptionService.ProcessGooglePurchase(user.ID, req.PurchaseToken)
subscription, err = h.subscriptionService.ProcessGooglePurchase(user.ID, req.PurchaseToken, req.ProductID)
}
if err != nil {

772
internal/handlers/subscription_webhook_handler.go Normal file
View File

@@ -0,0 +1,772 @@
package handlers
import (
"crypto/ecdsa"
"crypto/x509"
"encoding/base64"
"encoding/json"
"encoding/pem"
"fmt"
"io"
"log"
"net/http"
"os"
"strings"
"time"
"github.com/gin-gonic/gin"
"github.com/golang-jwt/jwt/v5"
"github.com/treytartt/casera-api/internal/config"
"github.com/treytartt/casera-api/internal/models"
"github.com/treytartt/casera-api/internal/repositories"
)
// SubscriptionWebhookHandler handles subscription webhook callbacks
type SubscriptionWebhookHandler struct {
subscriptionRepo *repositories.SubscriptionRepository
userRepo *repositories.UserRepository
appleRootCerts []*x509.Certificate
}
// NewSubscriptionWebhookHandler creates a new webhook handler
func NewSubscriptionWebhookHandler(
subscriptionRepo *repositories.SubscriptionRepository,
userRepo *repositories.UserRepository,
) *SubscriptionWebhookHandler {
return &SubscriptionWebhookHandler{
subscriptionRepo: subscriptionRepo,
userRepo: userRepo,
}
}
// ====================
// Apple App Store Server Notifications v2
// ====================
// AppleNotificationPayload represents the outer signed payload from Apple
type AppleNotificationPayload struct {
SignedPayload string `json:"signedPayload"`
}
// AppleNotificationData represents the decoded notification data
type AppleNotificationData struct {
NotificationType string `json:"notificationType"`
Subtype string `json:"subtype"`
NotificationUUID string `json:"notificationUUID"`
Data AppleNotificationDataInner `json:"data"`
Version string `json:"version"`
SignedDate int64 `json:"signedDate"`
}
// AppleNotificationDataInner contains the transaction details
type AppleNotificationDataInner struct {
AppAppleID int64 `json:"appAppleId"`
BundleID string `json:"bundleId"`
BundleVersion string `json:"bundleVersion"`
Environment string `json:"environment"`
SignedTransactionInfo string `json:"signedTransactionInfo"`
SignedRenewalInfo string `json:"signedRenewalInfo"`
}
// AppleTransactionInfo represents decoded transaction info
type AppleTransactionInfo struct {
TransactionID string `json:"transactionId"`
OriginalTransactionID string `json:"originalTransactionId"`
ProductID string `json:"productId"`
PurchaseDate int64 `json:"purchaseDate"`
ExpiresDate int64 `json:"expiresDate"`
Type string `json:"type"`
AppAccountToken string `json:"appAccountToken"` // Your user ID if set during purchase
BundleID string `json:"bundleId"`
Environment string `json:"environment"`
RevocationDate *int64 `json:"revocationDate,omitempty"`
RevocationReason *int `json:"revocationReason,omitempty"`
}
// AppleRenewalInfo represents subscription renewal info
type AppleRenewalInfo struct {
AutoRenewProductID string `json:"autoRenewProductId"`
AutoRenewStatus int `json:"autoRenewStatus"` // 1 = will renew, 0 = turned off
ExpirationIntent int `json:"expirationIntent"`
IsInBillingRetry bool `json:"isInBillingRetryPeriod"`
}
// HandleAppleWebhook handles POST /api/subscription/webhook/apple/
func (h *SubscriptionWebhookHandler) HandleAppleWebhook(c *gin.Context) {
body, err := io.ReadAll(c.Request.Body)
if err != nil {
log.Printf("Apple Webhook: Failed to read body: %v", err)
c.JSON(http.StatusBadRequest, gin.H{"error": "failed to read request body"})
return
}
var payload AppleNotificationPayload
if err := json.Unmarshal(body, &payload); err != nil {
log.Printf("Apple Webhook: Failed to parse payload: %v", err)
c.JSON(http.StatusBadRequest, gin.H{"error": "invalid payload"})
return
}
// Decode and verify the signed payload (JWS)
notification, err := h.decodeAppleSignedPayload(payload.SignedPayload)
if err != nil {
log.Printf("Apple Webhook: Failed to decode signed payload: %v", err)
c.JSON(http.StatusBadRequest, gin.H{"error": "invalid signed payload"})
return
}
log.Printf("Apple Webhook: Received %s (subtype: %s) for bundle %s",
notification.NotificationType, notification.Subtype, notification.Data.BundleID)
// Verify bundle ID matches our app
cfg := config.Get()
if cfg != nil && cfg.AppleIAP.BundleID != "" {
if notification.Data.BundleID != cfg.AppleIAP.BundleID {
log.Printf("Apple Webhook: Bundle ID mismatch: got %s, expected %s",
notification.Data.BundleID, cfg.AppleIAP.BundleID)
c.JSON(http.StatusBadRequest, gin.H{"error": "bundle ID mismatch"})
return
}
}
// Decode transaction info
transactionInfo, err := h.decodeAppleTransaction(notification.Data.SignedTransactionInfo)
if err != nil {
log.Printf("Apple Webhook: Failed to decode transaction: %v", err)
c.JSON(http.StatusBadRequest, gin.H{"error": "invalid transaction info"})
return
}
// Decode renewal info if present
var renewalInfo *AppleRenewalInfo
if notification.Data.SignedRenewalInfo != "" {
renewalInfo, _ = h.decodeAppleRenewalInfo(notification.Data.SignedRenewalInfo)
}
// Process the notification
if err := h.processAppleNotification(notification, transactionInfo, renewalInfo); err != nil {
log.Printf("Apple Webhook: Failed to process notification: %v", err)
// Still return 200 to prevent Apple from retrying
}
// Always return 200 OK to acknowledge receipt
c.JSON(http.StatusOK, gin.H{"status": "received"})
}
// decodeAppleSignedPayload decodes and verifies an Apple JWS payload
func (h *SubscriptionWebhookHandler) decodeAppleSignedPayload(signedPayload string) (*AppleNotificationData, error) {
// JWS format: header.payload.signature
parts := strings.Split(signedPayload, ".")
if len(parts) != 3 {
return nil, fmt.Errorf("invalid JWS format")
}
// Decode payload (we're trusting Apple's signature for now)
// In production, you should verify the signature using Apple's root certificate
payload, err := base64.RawURLEncoding.DecodeString(parts[1])
if err != nil {
return nil, fmt.Errorf("failed to decode payload: %w", err)
}
var notification AppleNotificationData
if err := json.Unmarshal(payload, &notification); err != nil {
return nil, fmt.Errorf("failed to parse notification: %w", err)
}
return &notification, nil
}
// decodeAppleTransaction decodes a signed transaction info JWS
func (h *SubscriptionWebhookHandler) decodeAppleTransaction(signedTransaction string) (*AppleTransactionInfo, error) {
parts := strings.Split(signedTransaction, ".")
if len(parts) != 3 {
return nil, fmt.Errorf("invalid JWS format")
}
payload, err := base64.RawURLEncoding.DecodeString(parts[1])
if err != nil {
return nil, fmt.Errorf("failed to decode payload: %w", err)
}
var info AppleTransactionInfo
if err := json.Unmarshal(payload, &info); err != nil {
return nil, fmt.Errorf("failed to parse transaction info: %w", err)
}
return &info, nil
}
// decodeAppleRenewalInfo decodes signed renewal info JWS
func (h *SubscriptionWebhookHandler) decodeAppleRenewalInfo(signedRenewal string) (*AppleRenewalInfo, error) {
parts := strings.Split(signedRenewal, ".")
if len(parts) != 3 {
return nil, fmt.Errorf("invalid JWS format")
}
payload, err := base64.RawURLEncoding.DecodeString(parts[1])
if err != nil {
return nil, fmt.Errorf("failed to decode payload: %w", err)
}
var info AppleRenewalInfo
if err := json.Unmarshal(payload, &info); err != nil {
return nil, fmt.Errorf("failed to parse renewal info: %w", err)
}
return &info, nil
}
// processAppleNotification handles the business logic for Apple notifications
func (h *SubscriptionWebhookHandler) processAppleNotification(
notification *AppleNotificationData,
transaction *AppleTransactionInfo,
renewal *AppleRenewalInfo,
) error {
// Find user by stored receipt data (original transaction ID)
user, err := h.findUserByAppleTransaction(transaction.OriginalTransactionID)
if err != nil {
log.Printf("Apple Webhook: Could not find user for transaction %s: %v",
transaction.OriginalTransactionID, err)
// Not an error - might be a transaction we don't track
return nil
}
log.Printf("Apple Webhook: Processing %s for user %d (product: %s)",
notification.NotificationType, user.ID, transaction.ProductID)
switch notification.NotificationType {
case "SUBSCRIBED":
// New subscription or resubscription
return h.handleAppleSubscribed(user.ID, transaction, renewal)
case "DID_RENEW":
// Subscription successfully renewed
return h.handleAppleRenewed(user.ID, transaction, renewal)
case "DID_CHANGE_RENEWAL_STATUS":
// User turned auto-renew on/off
return h.handleAppleRenewalStatusChange(user.ID, transaction, renewal)
case "DID_FAIL_TO_RENEW":
// Billing issue - subscription may still be in grace period
return h.handleAppleFailedToRenew(user.ID, transaction, renewal)
case "EXPIRED":
// Subscription expired
return h.handleAppleExpired(user.ID, transaction)
case "REFUND":
// User got a refund
return h.handleAppleRefund(user.ID, transaction)
case "REVOKE":
// Family sharing revoked or refund
return h.handleAppleRevoke(user.ID, transaction)
case "GRACE_PERIOD_EXPIRED":
// Grace period ended without successful billing
return h.handleAppleGracePeriodExpired(user.ID, transaction)
default:
log.Printf("Apple Webhook: Unhandled notification type: %s", notification.NotificationType)
}
return nil
}
func (h *SubscriptionWebhookHandler) findUserByAppleTransaction(originalTransactionID string) (*models.User, error) {
// Look up user subscription by stored receipt data
subscription, err := h.subscriptionRepo.FindByAppleReceiptContains(originalTransactionID)
if err != nil {
return nil, err
}
user, err := h.userRepo.FindByID(subscription.UserID)
if err != nil {
return nil, err
}
return user, nil
}
func (h *SubscriptionWebhookHandler) handleAppleSubscribed(userID uint, tx *AppleTransactionInfo, renewal *AppleRenewalInfo) error {
expiresAt := time.Unix(tx.ExpiresDate/1000, 0)
autoRenew := renewal != nil && renewal.AutoRenewStatus == 1
if err := h.subscriptionRepo.UpgradeToPro(userID, expiresAt, "ios"); err != nil {
return err
}
if err := h.subscriptionRepo.SetAutoRenew(userID, autoRenew); err != nil {
return err
}
log.Printf("Apple Webhook: User %d subscribed, expires %v, autoRenew=%v", userID, expiresAt, autoRenew)
return nil
}
func (h *SubscriptionWebhookHandler) handleAppleRenewed(userID uint, tx *AppleTransactionInfo, renewal *AppleRenewalInfo) error {
expiresAt := time.Unix(tx.ExpiresDate/1000, 0)
if err := h.subscriptionRepo.UpgradeToPro(userID, expiresAt, "ios"); err != nil {
return err
}
log.Printf("Apple Webhook: User %d renewed, new expiry %v", userID, expiresAt)
return nil
}
func (h *SubscriptionWebhookHandler) handleAppleRenewalStatusChange(userID uint, tx *AppleTransactionInfo, renewal *AppleRenewalInfo) error {
if renewal == nil {
return nil
}
autoRenew := renewal.AutoRenewStatus == 1
if err := h.subscriptionRepo.SetAutoRenew(userID, autoRenew); err != nil {
return err
}
if !autoRenew {
// User turned off auto-renew (will cancel at end of period)
now := time.Now().UTC()
if err := h.subscriptionRepo.SetCancelledAt(userID, now); err != nil {
return err
}
log.Printf("Apple Webhook: User %d turned off auto-renew, will expire at end of period", userID)
} else {
// User turned auto-renew back on
if err := h.subscriptionRepo.ClearCancelledAt(userID); err != nil {
return err
}
log.Printf("Apple Webhook: User %d turned auto-renew back on", userID)
}
return nil
}
func (h *SubscriptionWebhookHandler) handleAppleFailedToRenew(userID uint, tx *AppleTransactionInfo, renewal *AppleRenewalInfo) error {
// Subscription is in billing retry or grace period
log.Printf("Apple Webhook: User %d failed to renew, may be in grace period", userID)
// Don't downgrade yet - Apple may retry billing
return nil
}
func (h *SubscriptionWebhookHandler) handleAppleExpired(userID uint, tx *AppleTransactionInfo) error {
if err := h.subscriptionRepo.DowngradeToFree(userID); err != nil {
return err
}
log.Printf("Apple Webhook: User %d subscription expired, downgraded to free", userID)
return nil
}
func (h *SubscriptionWebhookHandler) handleAppleRefund(userID uint, tx *AppleTransactionInfo) error {
if err := h.subscriptionRepo.DowngradeToFree(userID); err != nil {
return err
}
log.Printf("Apple Webhook: User %d got refund, downgraded to free", userID)
return nil
}
func (h *SubscriptionWebhookHandler) handleAppleRevoke(userID uint, tx *AppleTransactionInfo) error {
if err := h.subscriptionRepo.DowngradeToFree(userID); err != nil {
return err
}
log.Printf("Apple Webhook: User %d subscription revoked, downgraded to free", userID)
return nil
}
func (h *SubscriptionWebhookHandler) handleAppleGracePeriodExpired(userID uint, tx *AppleTransactionInfo) error {
if err := h.subscriptionRepo.DowngradeToFree(userID); err != nil {
return err
}
log.Printf("Apple Webhook: User %d grace period expired, downgraded to free", userID)
return nil
}
// ====================
// Google Real-time Developer Notifications
// ====================
// GoogleNotification represents a Google Pub/Sub push message
type GoogleNotification struct {
Message GooglePubSubMessage `json:"message"`
Subscription string `json:"subscription"`
}
// GooglePubSubMessage represents the Pub/Sub message wrapper
type GooglePubSubMessage struct {
Data string `json:"data"` // Base64 encoded
MessageID string `json:"messageId"`
PublishTime string `json:"publishTime"`
Attributes map[string]string `json:"attributes"`
}
// GoogleDeveloperNotification represents the decoded notification
type GoogleDeveloperNotification struct {
Version string `json:"version"`
PackageName string `json:"packageName"`
EventTimeMillis string `json:"eventTimeMillis"`
SubscriptionNotification *GoogleSubscriptionNotification `json:"subscriptionNotification"`
OneTimeProductNotification *GoogleOneTimeNotification `json:"oneTimeProductNotification"`
TestNotification *GoogleTestNotification `json:"testNotification"`
}
// GoogleSubscriptionNotification represents subscription-specific data
type GoogleSubscriptionNotification struct {
Version string `json:"version"`
NotificationType int `json:"notificationType"`
PurchaseToken string `json:"purchaseToken"`
SubscriptionID string `json:"subscriptionId"`
}
// GoogleOneTimeNotification represents one-time purchase data
type GoogleOneTimeNotification struct {
Version string `json:"version"`
NotificationType int `json:"notificationType"`
PurchaseToken string `json:"purchaseToken"`
SKU string `json:"sku"`
}
// GoogleTestNotification represents a test notification
type GoogleTestNotification struct {
Version string `json:"version"`
}
// Google subscription notification types
const (
GoogleSubRecovered = 1 // Subscription recovered from account hold
GoogleSubRenewed = 2 // Active subscription renewed
GoogleSubCanceled = 3 // Subscription was cancelled (voluntary or involuntary)
GoogleSubPurchased = 4 // New subscription purchased
GoogleSubOnHold = 5 // Subscription entered account hold
GoogleSubInGracePeriod = 6 // Subscription entered grace period
GoogleSubRestarted = 7 // User reactivated subscription
GoogleSubPriceChangeConfirmed = 8 // Price change confirmed by user
GoogleSubDeferred = 9 // Subscription deferred
GoogleSubPaused = 10 // Subscription paused
GoogleSubPauseScheduleChanged = 11 // Pause schedule changed
GoogleSubRevoked = 12 // Subscription revoked
GoogleSubExpired = 13 // Subscription expired
)
// HandleGoogleWebhook handles POST /api/subscription/webhook/google/
func (h *SubscriptionWebhookHandler) HandleGoogleWebhook(c *gin.Context) {
body, err := io.ReadAll(c.Request.Body)
if err != nil {
log.Printf("Google Webhook: Failed to read body: %v", err)
c.JSON(http.StatusBadRequest, gin.H{"error": "failed to read request body"})
return
}
var notification GoogleNotification
if err := json.Unmarshal(body, &notification); err != nil {
log.Printf("Google Webhook: Failed to parse notification: %v", err)
c.JSON(http.StatusBadRequest, gin.H{"error": "invalid notification"})
return
}
// Decode the base64 data
data, err := base64.StdEncoding.DecodeString(notification.Message.Data)
if err != nil {
log.Printf("Google Webhook: Failed to decode message data: %v", err)
c.JSON(http.StatusBadRequest, gin.H{"error": "invalid message data"})
return
}
var devNotification GoogleDeveloperNotification
if err := json.Unmarshal(data, &devNotification); err != nil {
log.Printf("Google Webhook: Failed to parse developer notification: %v", err)
c.JSON(http.StatusBadRequest, gin.H{"error": "invalid developer notification"})
return
}
// Handle test notification
if devNotification.TestNotification != nil {
log.Printf("Google Webhook: Received test notification")
c.JSON(http.StatusOK, gin.H{"status": "test received"})
return
}
// Verify package name
cfg := config.Get()
if cfg != nil && cfg.GoogleIAP.PackageName != "" {
if devNotification.PackageName != cfg.GoogleIAP.PackageName {
log.Printf("Google Webhook: Package name mismatch: got %s, expected %s",
devNotification.PackageName, cfg.GoogleIAP.PackageName)
c.JSON(http.StatusBadRequest, gin.H{"error": "package name mismatch"})
return
}
}
// Process subscription notification
if devNotification.SubscriptionNotification != nil {
if err := h.processGoogleSubscriptionNotification(devNotification.SubscriptionNotification); err != nil {
log.Printf("Google Webhook: Failed to process notification: %v", err)
// Still return 200 to acknowledge
}
}
// Acknowledge the message
c.JSON(http.StatusOK, gin.H{"status": "received"})
}
// processGoogleSubscriptionNotification handles Google subscription events
func (h *SubscriptionWebhookHandler) processGoogleSubscriptionNotification(notification *GoogleSubscriptionNotification) error {
// Find user by purchase token
user, err := h.findUserByGoogleToken(notification.PurchaseToken)
if err != nil {
log.Printf("Google Webhook: Could not find user for token: %v", err)
return nil // Not an error - might be unknown token
}
log.Printf("Google Webhook: Processing type %d for user %d (subscription: %s)",
notification.NotificationType, user.ID, notification.SubscriptionID)
switch notification.NotificationType {
case GoogleSubPurchased:
return h.handleGooglePurchased(user.ID, notification)
case GoogleSubRenewed:
return h.handleGoogleRenewed(user.ID, notification)
case GoogleSubRecovered:
return h.handleGoogleRecovered(user.ID, notification)
case GoogleSubCanceled:
return h.handleGoogleCanceled(user.ID, notification)
case GoogleSubOnHold:
return h.handleGoogleOnHold(user.ID, notification)
case GoogleSubInGracePeriod:
return h.handleGoogleGracePeriod(user.ID, notification)
case GoogleSubRestarted:
return h.handleGoogleRestarted(user.ID, notification)
case GoogleSubRevoked:
return h.handleGoogleRevoked(user.ID, notification)
case GoogleSubExpired:
return h.handleGoogleExpired(user.ID, notification)
case GoogleSubPaused:
return h.handleGooglePaused(user.ID, notification)
default:
log.Printf("Google Webhook: Unhandled notification type: %d", notification.NotificationType)
}
return nil
}
func (h *SubscriptionWebhookHandler) findUserByGoogleToken(purchaseToken string) (*models.User, error) {
subscription, err := h.subscriptionRepo.FindByGoogleToken(purchaseToken)
if err != nil {
return nil, err
}
user, err := h.userRepo.FindByID(subscription.UserID)
if err != nil {
return nil, err
}
return user, nil
}
func (h *SubscriptionWebhookHandler) handleGooglePurchased(userID uint, notification *GoogleSubscriptionNotification) error {
// New subscription - we should have already processed this via the client
// This is a backup notification
log.Printf("Google Webhook: User %d purchased subscription %s", userID, notification.SubscriptionID)
return nil
}
func (h *SubscriptionWebhookHandler) handleGoogleRenewed(userID uint, notification *GoogleSubscriptionNotification) error {
// Need to query Google API for new expiry date
// For now, extend by typical period (1 month for monthly, 1 year for yearly)
var extension time.Duration
if strings.Contains(notification.SubscriptionID, "monthly") {
extension = 30 * 24 * time.Hour
} else {
extension = 365 * 24 * time.Hour
}
newExpiry := time.Now().UTC().Add(extension)
if err := h.subscriptionRepo.UpgradeToPro(userID, newExpiry, "android"); err != nil {
return err
}
log.Printf("Google Webhook: User %d renewed, extended to %v", userID, newExpiry)
return nil
}
func (h *SubscriptionWebhookHandler) handleGoogleRecovered(userID uint, notification *GoogleSubscriptionNotification) error {
// Subscription recovered from account hold - reactivate
newExpiry := time.Now().UTC().AddDate(0, 1, 0) // 1 month from now
if err := h.subscriptionRepo.UpgradeToPro(userID, newExpiry, "android"); err != nil {
return err
}
log.Printf("Google Webhook: User %d subscription recovered", userID)
return nil
}
func (h *SubscriptionWebhookHandler) handleGoogleCanceled(userID uint, notification *GoogleSubscriptionNotification) error {
// User canceled - will expire at end of period
now := time.Now().UTC()
if err := h.subscriptionRepo.SetCancelledAt(userID, now); err != nil {
return err
}
if err := h.subscriptionRepo.SetAutoRenew(userID, false); err != nil {
return err
}
log.Printf("Google Webhook: User %d canceled, will expire at end of period", userID)
return nil
}
func (h *SubscriptionWebhookHandler) handleGoogleOnHold(userID uint, notification *GoogleSubscriptionNotification) error {
// Account hold - payment issue, may recover
log.Printf("Google Webhook: User %d subscription on hold", userID)
return nil
}
func (h *SubscriptionWebhookHandler) handleGoogleGracePeriod(userID uint, notification *GoogleSubscriptionNotification) error {
// In grace period - user still has access but billing failed
log.Printf("Google Webhook: User %d in grace period", userID)
return nil
}
func (h *SubscriptionWebhookHandler) handleGoogleRestarted(userID uint, notification *GoogleSubscriptionNotification) error {
// User restarted subscription
newExpiry := time.Now().UTC().AddDate(0, 1, 0)
if err := h.subscriptionRepo.UpgradeToPro(userID, newExpiry, "android"); err != nil {
return err
}
if err := h.subscriptionRepo.ClearCancelledAt(userID); err != nil {
return err
}
if err := h.subscriptionRepo.SetAutoRenew(userID, true); err != nil {
return err
}
log.Printf("Google Webhook: User %d restarted subscription", userID)
return nil
}
func (h *SubscriptionWebhookHandler) handleGoogleRevoked(userID uint, notification *GoogleSubscriptionNotification) error {
// Subscription revoked - immediate downgrade
if err := h.subscriptionRepo.DowngradeToFree(userID); err != nil {
return err
}
log.Printf("Google Webhook: User %d subscription revoked", userID)
return nil
}
func (h *SubscriptionWebhookHandler) handleGoogleExpired(userID uint, notification *GoogleSubscriptionNotification) error {
// Subscription expired
if err := h.subscriptionRepo.DowngradeToFree(userID); err != nil {
return err
}
log.Printf("Google Webhook: User %d subscription expired", userID)
return nil
}
func (h *SubscriptionWebhookHandler) handleGooglePaused(userID uint, notification *GoogleSubscriptionNotification) error {
// Subscription paused by user
log.Printf("Google Webhook: User %d subscription paused", userID)
return nil
}
// ====================
// Signature Verification (Optional but Recommended)
// ====================
// VerifyAppleSignature verifies the JWS signature using Apple's root certificate
// This is optional but recommended for production
func (h *SubscriptionWebhookHandler) VerifyAppleSignature(signedPayload string) error {
// Load Apple's root certificate if not already loaded
if h.appleRootCerts == nil {
// Apple's root certificates can be downloaded from:
// https://www.apple.com/certificateauthority/
// You'd typically embed these or load from a file
return nil // Skip verification for now
}
// Parse the JWS token
token, err := jwt.Parse(signedPayload, func(token *jwt.Token) (interface{}, error) {
// Get the x5c header (certificate chain)
x5c, ok := token.Header["x5c"].([]interface{})
if !ok || len(x5c) == 0 {
return nil, fmt.Errorf("missing x5c header")
}
// Decode the first certificate (leaf)
certData, err := base64.StdEncoding.DecodeString(x5c[0].(string))
if err != nil {
return nil, fmt.Errorf("failed to decode certificate: %w", err)
}
cert, err := x509.ParseCertificate(certData)
if err != nil {
return nil, fmt.Errorf("failed to parse certificate: %w", err)
}
// Verify the certificate chain (simplified)
// In production, you should verify the full chain
return cert.PublicKey.(*ecdsa.PublicKey), nil
})
if err != nil {
return fmt.Errorf("failed to verify signature: %w", err)
}
if !token.Valid {
return fmt.Errorf("invalid token")
}
return nil
}
// VerifyGooglePubSubToken verifies the Pub/Sub push token (if configured)
func (h *SubscriptionWebhookHandler) VerifyGooglePubSubToken(c *gin.Context) bool {
// If you configured a push endpoint with authentication, verify here
// The token is typically in the Authorization header
// For now, we rely on the endpoint being protected by your infrastructure
// (e.g., only accessible from Google's IP ranges)
return true
}
// Helper function to load Apple root certificates from file
func loadAppleRootCertificates(certPath string) ([]*x509.Certificate, error) {
data, err := os.ReadFile(certPath)
if err != nil {
return nil, err
}
var certs []*x509.Certificate
for {
block, rest := pem.Decode(data)
if block == nil {
break
}
if block.Type == "CERTIFICATE" {
cert, err := x509.ParseCertificate(block.Bytes)
if err != nil {
return nil, err
}
certs = append(certs, cert)
}
data = rest
}
return certs, nil
}