49 lines
1.5 KiB
PHP
49 lines
1.5 KiB
PHP
<?php
|
|
|
|
namespace App\Services;
|
|
|
|
use App\Models\PaymentIntent;
|
|
use App\Models\Registration;
|
|
use Illuminate\Http\Request;
|
|
|
|
class XenditService
|
|
{
|
|
/**
|
|
* Replace with real Xendit Invoice API call.
|
|
* Return:
|
|
* - provider_ref_id (invoice id)
|
|
* - checkout_url
|
|
*/
|
|
public function createInvoice(PaymentIntent $intent, Registration $registration): array
|
|
{
|
|
// TODO: call Xendit Invoice API using XENDIT_API_KEY
|
|
// For now: stub response
|
|
$providerRefId = 'inv_stub_' . $intent->id;
|
|
$checkoutUrl = 'https://checkout.xendit.co/web/' . $providerRefId;
|
|
|
|
return [
|
|
'provider_ref_id' => $providerRefId,
|
|
'checkout_url' => $checkoutUrl,
|
|
'raw_payload' => [
|
|
'stub' => true,
|
|
'intent_id' => $intent->id,
|
|
'registration_id' => $registration->id
|
|
]
|
|
];
|
|
}
|
|
|
|
/**
|
|
* Minimal webhook verification using a shared token (recommended baseline).
|
|
* Configure `XENDIT_WEBHOOK_TOKEN` in .env and set the same token in Xendit dashboard.
|
|
*/
|
|
public function verifyWebhook(Request $request): bool
|
|
{
|
|
$expected = config('pxg.xendit.webhook_token', '');
|
|
if (!$expected) return true; // allow in dev
|
|
|
|
// Xendit commonly uses X-Callback-Token for invoice callbacks.
|
|
$got = $request->header('X-Callback-Token') ?? $request->header('x-callback-token');
|
|
return is_string($got) && hash_equals($expected, $got);
|
|
}
|
|
}
|