austindebest/proxpanel
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

ops: add integration secret rotation and offsite backup alerting

Browse Source
This commit is contained in:
Austin A
2026-04-18 09:33:17 +01:00
parent 95633a6722
commit 81be9c5e42
13 changed files with 1105 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
backend/src/services/payment.service.ts
View File

@@ -10,9 +10,12 @@ type PaymentSettings = {
default_provider?: "paystack" | "flutterwave" | "manual";
paystack_public?: string;
paystack_secret?: string;
paystack_secret_previous?: string;
flutterwave_public?: string;
flutterwave_secret?: string;
flutterwave_secret_previous?: string;
flutterwave_webhook_hash?: string;
flutterwave_webhook_hash_previous?: string;
callback_url?: string;
};
@@ -135,18 +138,24 @@ export async function handleManualInvoicePayment(invoiceId: string, reference: s
export async function verifyPaystackSignature(signature: string | undefined, rawBody: string | undefined) {
if (!signature || !rawBody) return false;
const settings = await getPaymentSettings();
if (!settings.paystack_secret) return false;
const expected = crypto
.createHmac("sha512", settings.paystack_secret)
.update(rawBody)
.digest("hex");
return expected === signature;
const secrets = [settings.paystack_secret, settings.paystack_secret_previous].filter(
(value): value is string => typeof value === "string" && value.trim().length > 0
);
if (secrets.length === 0) return false;
return secrets.some((secret) => {
const expected = crypto.createHmac("sha512", secret).update(rawBody).digest("hex");
return expected === signature;
});
}
export async function verifyFlutterwaveSignature(signature: string | undefined) {
const settings = await getPaymentSettings();
if (!settings.flutterwave_webhook_hash) return false;
return settings.flutterwave_webhook_hash === signature;
const validHashes = [settings.flutterwave_webhook_hash, settings.flutterwave_webhook_hash_previous].filter(
(value): value is string => typeof value === "string" && value.trim().length > 0
);
if (validHashes.length === 0 || !signature) return false;
return validHashes.includes(signature);
}
export async function processPaystackWebhook(payload: any) {