feat: log entitlement purchases (#3)

### Explanation _No response_ ### Issue _No response_ ### Attestations - [x] I have read and agree to the [Code of Conduct](https://docs.nhcarrigan.com/community/coc/) - [x] I have read and agree to the [Community Guidelines](https://docs.nhcarrigan.com/community/guide/). - [x] My contribution complies with the [Contributor Covenant](https://docs.nhcarrigan.com/dev/covenant/). ### Dependencies - [x] I have pinned the dependencies to a specific patch version. ### Style - [x] I have run the linter and resolved any errors. - [x] My pull request uses an appropriate title, matching the conventional commit standards. - [x] My scope of feat/fix/chore/etc. correctly matches the nature of changes in my pull request. ### Tests - [ ] My contribution adds new code, and I have added tests to cover it. - [ ] My contribution modifies existing code, and I have updated the tests to reflect these changes. - [ ] All new and existing tests pass locally with my changes. - [ ] Code coverage remains at or above the configured threshold. ### Documentation _No response_ ### Versioning _No response_ Reviewed-on: #3 Co-authored-by: Naomi Carrigan <commits@nhcarrigan.com> Co-committed-by: Naomi Carrigan <commits@nhcarrigan.com>
2025-07-06 13:48:17 -07:00
parent 33e416af83
commit 06b77e93f5
7 changed files with 339 additions and 5 deletions
--- a/src/modules/validateWebhook.ts
+++ b/src/modules/validateWebhook.ts
@ -0,0 +1,50 @@
+/**
+ * @copyright nhcarrigan
+ * @license Naomi's Public License
+ * @author Naomi Carrigan
+ */
+import { webcrypto } from "node:crypto";
+import { verify } from "discord-verify/node";
+import { applicationData } from "../config/applicationData.js";
+import { sendDiscord } from "./discord.js";
+import type { Entitlement } from "../interfaces/entitlement.js";
+import type { FastifyRequest } from "fastify";
+
+/**
+ * Validates that the webhook request is from Discord by checking the signature.
+ * @param request - The Fastify request object containing the webhook data.
+ * @returns A boolean indicating whether the webhook signature is valid.
+ */
+export const validateWebhook = async(
+  // eslint-disable-next-line @typescript-eslint/naming-convention -- Body must be capitalised for Fastify.
+  request: FastifyRequest<{ Body: Entitlement; Headers: {
+    // eslint-disable-next-line @typescript-eslint/naming-convention -- Header must be formatted for Fastify.
+    "x-signature-ed25519":   string;
+    // eslint-disable-next-line @typescript-eslint/naming-convention -- Header must be formatted for Fastify.
+    "x-signature-timestamp": string;
+  }; }>,
+): Promise<boolean> => {
+  const { application_id: applicationId } = request.body;
+  const appData = applicationData[applicationId];
+  if (appData === undefined) {
+    void sendDiscord(`[NOTIFICATION]: Invalid Application ID`, `Received an entitlement event for an invalid application ID: ${applicationId}`);
+    return false;
+  }
+  const signature = request.headers["x-signature-ed25519"];
+  const timestamp = request.headers["x-signature-timestamp"];
+  const rawBody = JSON.stringify(request.body);
+  const isValid = await verify(
+    rawBody,
+    signature,
+    timestamp,
+    appData.key,
+    webcrypto.subtle,
+  );
+  if (!isValid) {
+    void sendDiscord(
+      `[NOTIFICATION]: Invalid Webhook Signature`,
+      `Received an entitlement event with an invalid signature.\nApplication ID: ${applicationId}\nSignature: ${signature}\nTimestamp: ${timestamp}\nRaw Body: ${rawBody}`,
+    );
+  }
+  return isValid;
+};