fix: use @polar-sh/sdk validateEvent for webhook verification

This commit is contained in:
kovakmedya
2026-05-04 18:58:33 +03:00
parent 3986094bad
commit 62777b3f99
2 changed files with 18 additions and 28 deletions
+6 -14
View File
@@ -1,6 +1,6 @@
import "server-only";
import { Webhook } from "svix";
import { validateEvent, WebhookVerificationError } from "@polar-sh/sdk/webhooks";
const POLAR_API_BASE = "https://api.polar.sh";
const ACCESS_TOKEN = process.env.POLAR_ACCESS_TOKEN ?? "";
@@ -52,19 +52,11 @@ export async function createPolarCheckout(params: {
return res.json() as Promise<PolarCheckout>;
}
// Svix kullanarak Polar webhook imzasını doğrula
export function verifyPolarWebhook(
// Polar resmi SDK ile webhook doğrulama ve parse
// Hata fırlatırsa imza geçersiz demektir
export function verifyAndParsePolarWebhook(
headers: Record<string, string>,
rawBody: string,
): boolean {
if (!WEBHOOK_SECRET) return false;
try {
// Svix whsec_ prefix bekler; polar_whs_ → whsec_ dönüşümü
const secret = WEBHOOK_SECRET.replace(/^polar_whs_/, "whsec_");
const wh = new Webhook(secret);
wh.verify(rawBody, headers);
return true;
} catch {
return false;
}
): ReturnType<typeof validateEvent> {
return validateEvent(rawBody, headers, WEBHOOK_SECRET);
}