aljaz/breez-woocommerce
1
0
Fork 0
mirror of https://github.com/aljazceru/breez-woocommerce.git synced 2025-12-17 05:54:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Aljaz Ceru
2025-05-18 19:58:56 +02:00
parent a8f851a7ef
commit 9de9198ef9
4 changed files with 122 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
class-wc-gateway-breez.php
View File

@@ -1,6 +1,6 @@
<?php
/**
* Breez Nodeless Payments
* Breez Payment Gateway
*
* @package Breez_WooCommerce
*/
@@ -10,7 +10,7 @@ if (!defined('ABSPATH')) {
}
/**
* Breez Nodeless Payments
* Breez Payment Gateway
*
* Provides a Bitcoin & Lightning Payment Gateway for WooCommerce.
*
@@ -97,6 +97,13 @@ class WC_Gateway_Breez extends WC_Payment_Gateway {
add_action('admin_notices', array($this, 'admin_api_notice'));
}
// Check webhook secret
$webhook_secret = $this->get_option('webhook_secret');
if ($this->enabled === 'yes' && empty($webhook_secret)) {
$this->logger->log('Webhook secret not configured', 'warning');
add_action('admin_notices', array($this, 'admin_webhook_secret_notice'));
}
// Initialize client, DB manager, payment handler
try {
$this->client = new Breez_API_Client(
@@ -156,7 +163,7 @@ class WC_Gateway_Breez extends WC_Payment_Gateway {
*/
public function admin_api_notice() {
echo '<div class="error"><p>' .
__('Breez Nodeless Payments requires API URL and API Key to be configured. Please configure these in the gateway settings.', 'breez-woocommerce') .
__('Breez Payment Gateway requires API URL and API Key to be configured. Please configure these in the gateway settings.', 'breez-woocommerce') .
'</p></div>';
}
@@ -165,7 +172,16 @@ class WC_Gateway_Breez extends WC_Payment_Gateway {
*/
public function admin_payment_methods_notice() {
echo '<div class="error"><p>' .
__('Breez Nodeless Payments requires at least one payment method to be selected. Please configure payment methods in the gateway settings.', 'breez-woocommerce') .
__('Breez Payment Gateway requires at least one payment method to be selected. Please configure payment methods in the gateway settings.', 'breez-woocommerce') .
'</p></div>';
}
/**
* Display admin notice for missing webhook secret
*/
public function admin_webhook_secret_notice() {
echo '<div class="notice notice-warning is-dismissible"><p>' .
__('Breez Payment Gateway: Please configure a webhook secret in the gateway settings to secure your webhook endpoint.', 'breez-woocommerce') .
'</p></div>';
}
@@ -174,7 +190,7 @@ class WC_Gateway_Breez extends WC_Payment_Gateway {
*/
public function admin_api_error_notice() {
echo '<div class="error"><p>' .
__('Breez Nodeless Payments encountered an error during initialization. Please check the logs for more details.', 'breez-woocommerce') .
__('Breez Payment Gateway encountered an error during initialization. Please check the logs for more details.', 'breez-woocommerce') .
'</p></div>';
}

36
composer.json
View File

@@ -1,19 +1,41 @@
{
"name": "breez/woocommerce",
"description": "Bitcoin & Lightning payment gateway for WooCommerce using Breez Nodeless API",
"name": "breez/breez-woocommerce",
"description": "Breez NodeLess Payments for WooCommerce",
"type": "wordpress-plugin",
"license": "GPL-2.0-or-later",
"authors": [
{
"name": "Breez",
"email": "contact@breez.technology"
}
],
"require": {
"php": ">=7.2",
"aferrandini/phpqrcode": "^1.0"
"php": ">=7.4"
},
"require-dev": {
"phpunit/phpunit": "^9.0",
"yoast/phpunit-polyfills": "^1.0",
"mockery/mockery": "^1.5",
"php-stubs/wordpress-stubs": "^6.2",
"php-stubs/woocommerce-stubs": "^7.0"
},
"autoload": {
"psr-4": {
"Breez\\WooCommerce\\": "includes/"
}
},
"autoload-dev": {
"psr-4": {
"Breez\\WooCommerce\\Tests\\": "tests/"
}
},
"scripts": {
"test": "phpunit --coverage-clover coverage.xml",
"test-coverage": "phpunit --coverage-html coverage"
},
"config": {
"optimize-autoloader": true,
"preferred-install": "dist",
"sort-packages": true
"allow-plugins": {
"composer/installers": true
}
}
}

7
includes/admin/breez-settings.php
View File

@@ -56,6 +56,13 @@ return array(
'default' => '',
'desc_tip' => true,
),
'webhook_secret' => array(
'title' => __('Webhook Secret', 'breez-woocommerce'),
'type' => 'password',
'description' => __('Enter a secret key that will be used to validate webhook requests. This should be a random string of at least 32 characters.', 'breez-woocommerce'),
'default' => '',
'desc_tip' => true,
),
'payment_options' => array(
'title' => __('Payment Options', 'breez-woocommerce'),
'type' => 'title',

71
includes/class-breez-webhook-handler.php
View File

@@ -35,16 +35,75 @@ class Breez_Webhook_Handler {
* Validate webhook request
*
* @param WP_REST_Request $request Request object
* @return bool Whether the request is valid
* @return bool|WP_Error Whether the request is valid
*/
public static function validate_webhook($request) {
self::init_logger();
// For improved security, you could implement signature validation here
// For now, we'll just ensure the request is coming from an allowed IP
// Return true to allow the webhook to be processed
return true;
try {
// Get the webhook secret from settings
$settings = get_option('woocommerce_breez_settings', array());
$webhook_secret = isset($settings['webhook_secret']) ? $settings['webhook_secret'] : '';
if (empty($webhook_secret)) {
self::$logger->log('Webhook validation failed: No webhook secret configured', 'error');
return new WP_Error('invalid_webhook', 'No webhook secret configured', array('status' => 401));
}
// Get headers
$signature = $request->get_header('X-Breez-Signature');
$timestamp = $request->get_header('X-Breez-Timestamp');
$nonce = $request->get_header('X-Breez-Nonce');
// Validate required headers
if (empty($signature) || empty($timestamp) || empty($nonce)) {
self::$logger->log('Webhook validation failed: Missing required headers', 'error');
return new WP_Error('invalid_webhook', 'Missing required headers', array('status' => 401));
}
// Validate timestamp (within 5 minutes)
$timestamp_int = (int) $timestamp;
$current_time = time();
if (abs($current_time - $timestamp_int) > 300) {
self::$logger->log('Webhook validation failed: Timestamp expired', 'error');
return new WP_Error('invalid_webhook', 'Timestamp expired', array('status' => 401));
}
// Get request body
$body = $request->get_body();
if (empty($body)) {
self::$logger->log('Webhook validation failed: Empty request body', 'error');
return new WP_Error('invalid_webhook', 'Empty request body', array('status' => 400));
}
// Prevent replay attacks by checking nonce
$used_nonces = get_transient('breez_used_webhook_nonces') ?: array();
if (in_array($nonce, $used_nonces)) {
self::$logger->log('Webhook validation failed: Nonce already used', 'error');
return new WP_Error('invalid_webhook', 'Nonce already used', array('status' => 401));
}
// Calculate expected signature
$payload = $timestamp . $nonce . $body;
$expected_signature = hash_hmac('sha256', $payload, $webhook_secret);
// Verify signature
if (!hash_equals($expected_signature, $signature)) {
self::$logger->log('Webhook validation failed: Invalid signature', 'error');
return new WP_Error('invalid_webhook', 'Invalid signature', array('status' => 401));
}
// Store nonce to prevent replay attacks (expire after 24 hours)
$used_nonces[] = $nonce;
set_transient('breez_used_webhook_nonces', array_slice($used_nonces, -1000), DAY_IN_SECONDS);
self::$logger->log('Webhook validation successful', 'debug');
return true;
} catch (Exception $e) {
self::$logger->log('Webhook validation error: ' . $e->getMessage(), 'error');
return new WP_Error('webhook_error', $e->getMessage(), array('status' => 500));
}
}
/**