package handlers import ( "encoding/json" "io" "log" "net/http" stripego "github.com/stripe/stripe-go/v84" "github.com/stripe/stripe-go/v84/webhook" ) const maxWebhookPayload = 65536 func (a *App) handleWebhook(w http.ResponseWriter, r *http.Request) { body, err := io.ReadAll(io.LimitReader(r.Body, maxWebhookPayload)) if err != nil { http.Error(w, "read error", http.StatusBadRequest) return } sig := r.Header.Get("Stripe-Signature") event, err := webhook.ConstructEvent(body, sig, a.stripe.WebhookSecret()) if err != nil { log.Printf("webhook signature verification failed: %v", err) http.Error(w, "invalid signature", http.StatusUnauthorized) return } switch event.Type { case "checkout.session.completed": a.onCheckoutCompleted(event) case "customer.subscription.deleted": a.onSubscriptionDeleted(event) case "customer.subscription.updated": a.onSubscriptionUpdated(event) case "invoice.paid": a.onInvoicePaid(event) default: log.Printf("unhandled webhook event: %s", event.Type) } w.WriteHeader(http.StatusOK) } // Reconciliation backstop: ensures LLDAP user + Stripe ID are set. // Does NOT send password reset — that's the success page's responsibility. func (a *App) onCheckoutCompleted(event stripego.Event) { var sess stripego.CheckoutSession if err := json.Unmarshal(event.Data.Raw, &sess); err != nil { log.Printf("checkout unmarshal error: %v", err) return } email := sess.CustomerDetails.Email customerID := sess.Customer.ID username := sanitizeUsername(email) phone := "" if sess.Metadata != nil { phone = sess.Metadata["customer_phone"] } log.Printf("webhook: checkout completed email=%s customer=%s", email, customerID) if a.cfg.MaxSignups > 0 { count, err := a.ldap.CountCustomers() if err == nil && count >= a.cfg.MaxSignups { log.Printf("webhook: signup limit reached (%d), skipping provision for %s", a.cfg.MaxSignups, email) return } } if err := a.ldap.EnsureUser(username, email, customerID, phone); err != nil { log.Printf("webhook: ldap ensure user failed: %v", err) } if sess.Metadata != nil { if d := sess.Metadata["customer_domain"]; d != "" { if err := a.ldap.SetCustomerDomain(username, d); err != nil { log.Printf("webhook: ldap set customer domain failed for %s: %v", username, err) } } } subID := "" if sess.Subscription != nil && sess.Subscription.ID != "" { subID = sess.Subscription.ID } else { var raw struct { Subscription interface{} `json:"subscription"` } if json.Unmarshal(event.Data.Raw, &raw) == nil { if s, ok := raw.Subscription.(string); ok { subID = s } } } if subID != "" { a.maybeScheduleFreeTierCancel(subID) } } func (a *App) onSubscriptionDeleted(event stripego.Event) { var sub stripego.Subscription if err := json.Unmarshal(event.Data.Raw, &sub); err != nil { log.Printf("subscription unmarshal error: %v", err) return } customerID := sub.Customer.ID log.Printf("subscription deleted for customer %s", customerID) username, err := a.ldap.FindUserByStripeID(customerID) if err != nil { log.Printf("could not find user for customer %s: %v", customerID, err) return } if err := a.ldap.RemoveFromGroup(username, "customers"); err != nil { log.Printf("ldap group remove failed: %v", err) } stackName := "customer-" + username if err := a.swarm.ArchiveVolumes(stackName, a.cfg.ArchivePath); err != nil { log.Printf("archive failed for %s: %v", stackName, err) } if err := a.swarm.RemoveStack(stackName); err != nil { log.Printf("stack remove failed for %s: %v", stackName, err) } log.Printf("deprovisioned stack for customer %s (%s), volumes archived", customerID, username) } func (a *App) onSubscriptionUpdated(event stripego.Event) { var sub stripego.Subscription if err := json.Unmarshal(event.Data.Raw, &sub); err != nil { log.Printf("subscription update unmarshal error: %v", err) return } if sub.Status == stripego.SubscriptionStatusCanceled || sub.Status == stripego.SubscriptionStatusUnpaid { log.Printf("subscription %s status=%s, will be cleaned up on deletion", sub.ID, sub.Status) } }