From 4ee032d6646b290401e6b9a858c6f253697d1b6c Mon Sep 17 00:00:00 2001
From: Mrugesh Mohapatra <me@raisedadead.com>
Date: Thu, 19 Mar 2020 12:20:04 +0530
Subject: [PATCH] feat(api): add and update webhooks routing

---
 api-server/server/boot/donate.js                       | 10 ++++++----
 api-server/server/middlewares/csurf.js                 |  4 ++--
 api-server/server/middlewares/request-authorization.js |  4 ++--
 .../server/middlewares/request-authorization.test.js   |  8 ++++++--
 4 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/api-server/server/boot/donate.js b/api-server/server/boot/donate.js
index d2e6af6e85..97857826a1 100644
--- a/api-server/server/boot/donate.js
+++ b/api-server/server/boot/donate.js
@@ -21,6 +21,7 @@ const log = debug('fcc:boot:donate');
 export default function donateBoot(app, done) {
   let stripe = false;
   const api = app.loopback.Router();
+  const hooks = app.loopback.Router();
   const donateRouter = app.loopback.Router();
 
   const subscriptionPlans = Object.keys(
@@ -281,11 +282,11 @@ export default function donateBoot(app, done) {
       .then(getAsyncPaypalToken)
       .then(token => verifyWebHook(headers, body, token, keys.paypal.webhookId))
       .then(hookBody => updateUser(hookBody, app))
-      .then(() => res.status(200).json({ message: 'received hook' }))
       .catch(err => {
+        // Todo: This probably need to be thrown and caught in error handler
         log(err.message);
-        return res.status(200).json({ message: 'received hook' });
-      });
+      })
+      .finally(() => res.status(200).json({ message: 'received paypal hook' }));
   }
 
   const stripeKey = keys.stripe.public;
@@ -316,8 +317,9 @@ export default function donateBoot(app, done) {
     api.post('/charge-stripe', createStripeDonation);
     api.post('/create-hmac-hash', createHmacHash);
     api.post('/add-donation', addDonation);
-    api.post('/update-paypal', updatePaypal);
+    hooks.post('/update-paypal', updatePaypal);
     donateRouter.use('/donate', api);
+    donateRouter.use('/hooks', hooks);
     app.use(donateRouter);
     connectToStripe().then(done);
   }
diff --git a/api-server/server/middlewares/csurf.js b/api-server/server/middlewares/csurf.js
index bacdd89f62..996f86be76 100644
--- a/api-server/server/middlewares/csurf.js
+++ b/api-server/server/middlewares/csurf.js
@@ -7,8 +7,8 @@ export default function() {
     }
   });
   return function csrf(req, res, next) {
-    const path = req.path.split('/')[1];
-    if (/^donate\/update-paypal$/.test(path)) {
+    const { path } = req;
+    if (/^\/hooks\/update-paypal$|^\/hooks\/update-stripe$/.test(path)) {
       return next();
     }
     return protection(req, res, next);
diff --git a/api-server/server/middlewares/request-authorization.js b/api-server/server/middlewares/request-authorization.js
index ec7bee9b23..160838262c 100644
--- a/api-server/server/middlewares/request-authorization.js
+++ b/api-server/server/middlewares/request-authorization.js
@@ -23,7 +23,7 @@ const signinRE = /^\/signin/;
 const statusRE = /^\/status\/ping$/;
 const unsubscribedRE = /^\/unsubscribed\//;
 const unsubscribeRE = /^\/u\/|^\/unsubscribe\/|^\/ue\//;
-const updatePaypalRE = /^\/donate\/update-paypal/;
+const updateHooksRE = /^\/hooks\/update-paypal$|^\/hooks\/update-stripe$/;
 
 const _whiteListREs = [
   authRE,
@@ -37,7 +37,7 @@ const _whiteListREs = [
   statusRE,
   unsubscribedRE,
   unsubscribeRE,
-  updatePaypalRE
+  updateHooksRE
 ];
 
 export function isWhiteListedPath(path, whiteListREs = _whiteListREs) {
diff --git a/api-server/server/middlewares/request-authorization.test.js b/api-server/server/middlewares/request-authorization.test.js
index e48fa98c66..86a4a7cb9a 100644
--- a/api-server/server/middlewares/request-authorization.test.js
+++ b/api-server/server/middlewares/request-authorization.test.js
@@ -40,7 +40,7 @@ describe('request-authorization', () => {
     const statusRE = /^\/status\/ping$/;
     const unsubscribedRE = /^\/unsubscribed\//;
     const unsubscribeRE = /^\/u\/|^\/unsubscribe\/|^\/ue\//;
-    const updatePaypalRE = /^\/donate\/update-paypal/;
+    const updateHooksRE = /^\/hooks\/update-paypal$|^\/hooks\/update-stripe$/;
 
     const whiteList = [
       authRE,
@@ -54,7 +54,7 @@ describe('request-authorization', () => {
       statusRE,
       unsubscribedRE,
       unsubscribeRE,
-      updatePaypalRE
+      updateHooksRE
     ];
 
     it('returns a boolean', () => {
@@ -68,8 +68,12 @@ describe('request-authorization', () => {
         whiteList
       );
       const resultB = isWhiteListedPath('/ue/WmjInLerysPrcon6fMb/', whiteList);
+      const resultC = isWhiteListedPath('/hooks/update-paypal', whiteList);
+      const resultD = isWhiteListedPath('/hooks/update-stripe', whiteList);
       expect(resultA).toBe(true);
       expect(resultB).toBe(true);
+      expect(resultC).toBe(true);
+      expect(resultD).toBe(true);
     });
 
     it('returns false for a non-white-listed path', () => {