kovakmedya/isletmem-kovakcrm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: support svix-* headers for Polar webhooks, extend timestamp window

Browse Source
This commit is contained in:
kovakmedya
2026-05-04 18:32:56 +03:00
parent 106c33d1b4
commit 89830aa28f
2 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/lib/payments/polar.ts
+2 -2
View File
@@ -64,9 +64,9 @@ export function verifyPolarWebhook(
): boolean {
if (!WEBHOOK_SECRET) return false;
// Timestamp replay saldırısı koruması (5 dakika tolerans)
// Timestamp replay koruması (1 saat — Polar retry aralığı uzun olabilir)
const ts = parseInt(webhookTimestamp, 10);
if (isNaN(ts) || Math.abs(Date.now() / 1000 - ts) > 300) return false;
if (isNaN(ts) || Math.abs(Date.now() / 1000 - ts) > 3600) return false;
const signedContent = `${webhookId}.${webhookTimestamp}.${rawBody}`;