filter stripe webhooks for correct server

test/api/unit/libs/payments/stripe/checkout.test.js

@@ -51,6 +51,7 @@ describe('Stripe - Checkout', () => {
  gift: undefined,
  sub: undefined,
  gemsBlock: gemsBlockKey,
+ server_url: BASE_URL,
  };
 
  expect(gems.validateGiftMessage).to.not.be.called;
@@ -101,6 +102,7 @@ describe('Stripe - Checkout', () => {
  gift: JSON.stringify(gift),
  sub: undefined,
  gemsBlock: undefined,
+ server_url: BASE_URL,
  };
 
  expect(gems.validateGiftMessage).to.be.calledOnce;
@@ -155,6 +157,7 @@ describe('Stripe - Checkout', () => {
  gift: JSON.stringify(gift),
  sub: undefined,
  gemsBlock: undefined,
+ server_url: BASE_URL,
  };
 
  expect(oneTimePayments.getOneTimePaymentInfo).to.be.calledOnce;
@@ -192,6 +195,7 @@ describe('Stripe - Checkout', () => {
  userId: user._id,
  gift: undefined,
  sub: JSON.stringify(sub),
+ server_url: BASE_URL,
  };
 
  expect(subscriptions.checkSubData).to.be.calledOnce;
@@ -258,6 +262,7 @@ describe('Stripe - Checkout', () => {
  userId: user._id,
  gift: undefined,
  sub: JSON.stringify(sub),
+ server_url: BASE_URL,
  groupId,
  };
 
@@ -328,8 +333,9 @@ describe('Stripe - Checkout', () => {
  user.purchased.plan.customerId = customerId;
 
  const metadata = {
- userId: user._id,
  type: 'edit-card-user',
+ userId: user._id,
+ server_url: BASE_URL,
  };
 
  const res = await createEditCardCheckoutSession({ user }, stripe);
@@ -418,6 +424,7 @@ describe('Stripe - Checkout', () => {
  const metadata = {
  userId: user._id,
  type: 'edit-card-group',
+ server_url: BASE_URL,
  groupId,
  };
 
@@ -455,6 +462,7 @@ describe('Stripe - Checkout', () => {
  userId: anotherUser._id,
  type: 'edit-card-group',
  groupId,
+ server_url: BASE_URL,
  };
 
  const res = await createEditCardCheckoutSession({ user: anotherUser, groupId }, stripe);

test/api/unit/libs/payments/stripe/webhooks.test.js

@@ -16,6 +16,7 @@ import * as subscriptions from '../../../../../../website/server/libs/payments/s
 const { i18n } = common;
 
 describe('Stripe - Webhooks', () => {
+ const BASE_URL = nconf.get('BASE_URL');
  const stripe = stripeModule('test');
  const endpointSecret = nconf.get('STRIPE_WEBHOOKS_ENDPOINT_SECRET');
  const headers = {};
@@ -284,7 +285,9 @@ describe('Stripe - Webhooks', () => {
  const session = {};
 
  beforeEach(() => {
- session.metadata = {};
+ session.metadata = {
+ server_url: BASE_URL,
+ };
  event = { type: eventType, data: { object: session } };
  constructEventStub = sandbox.stub(stripe.webhooks, 'constructEvent');
  constructEventStub.returns(event);

website/server/libs/payments/stripe/checkout.js

@@ -47,6 +47,7 @@ export async function createCheckoutSession (options, stripeInc) {
  userId: user._id,
  gift: gift ? JSON.stringify(gift) : undefined,
  sub: sub ? JSON.stringify(sub) : undefined,
+ server_url: BASE_URL,
  };
 
  let lineItems;
@@ -141,6 +142,7 @@ export async function createEditCardCheckoutSession (options, stripeInc) {
  const metadata = {
  type,
  userId: user._id,
+ server_url: BASE_URL,
  };
 
  let customerId;

website/server/libs/payments/stripe/webhooks.js

@@ -19,6 +19,8 @@ import { applySubscription, handlePaymentMethodChange } from './subscriptions';
 
 const endpointSecret = nconf.get('STRIPE_WEBHOOKS_ENDPOINT_SECRET');
 
+const BASE_URL = nconf.get('BASE_URL');
+
 export async function handleWebhooks (options, stripeInc) {
  const { body, headers } = options;
 
@@ -67,6 +69,10 @@ export async function handleWebhooks (options, stripeInc) {
  const session = event.data.object;
  const { metadata } = session;
 
+ if (metadata.server_url !== BASE_URL) {
+ break;
+ }
+
  if (metadata.type === 'edit-card-group' || metadata.type === 'edit-card-user') {
  await handlePaymentMethodChange(session);
  } else if (metadata.type === 'subscription') {