fix: use @polar-sh/sdk validateEvent for webhook verification

2026-05-04 18:58:33 +03:00
parent 3986094bad
commit 62777b3f99
2 changed files with 18 additions and 28 deletions
@@ -1,6 +1,6 @@
 import "server-only";

-import { Webhook } from "svix";
+import { validateEvent, WebhookVerificationError } from "@polar-sh/sdk/webhooks";

 const POLAR_API_BASE = "https://api.polar.sh";
 const ACCESS_TOKEN = process.env.POLAR_ACCESS_TOKEN ?? "";
@@ -52,19 +52,11 @@ export async function createPolarCheckout(params: {
  return res.json() as Promise<PolarCheckout>;
 }

-// Svix kullanarak Polar webhook imzasını doğrula
-export function verifyPolarWebhook(
+// Polar resmi SDK ile webhook doğrulama ve parse
+// Hata fırlatırsa imza geçersiz demektir
+export function verifyAndParsePolarWebhook(
  headers: Record<string, string>,
  rawBody: string,
-): boolean {
-  if (!WEBHOOK_SECRET) return false;
-  try {
-    // Svix whsec_ prefix bekler; polar_whs_ → whsec_ dönüşümü
-    const secret = WEBHOOK_SECRET.replace(/^polar_whs_/, "whsec_");
-    const wh = new Webhook(secret);
-    wh.verify(rawBody, headers);
-    return true;
-  } catch {
-    return false;
-  }
+): ReturnType<typeof validateEvent> {
+  return validateEvent(rawBody, headers, WEBHOOK_SECRET);
 }