PR #847: feat: Add Paymob webhook handler for subscription renewals

AUTHOR: marcus.chenfeat/paymob-webhooks ? main

REVIEW TIME: 3m 42s

src/api/webhooks/paymob.ts+127-12

1		import { NextResponse } from 'next/server';
2		import crypto from 'crypto';
3		import { updateSubscription } from '@/services/subscription.service';
4
5		export async function POST(request: Request) {
6	-	// TODO: add signature verification
7	-	const event = JSON.parse(await request.text());
6	+	const body = await request.text();
7	+	const hmac = request.headers.get('hmac');
8	+	if (!verifyPaymobWebhook(body, hmac)) {
9	+	return NextResponse.json({ error: 'Invalid signature' }, { status: 401 });
10	+	}
11	+	const event = JSON.parse(body);
12
13		switch (event.type) {
14		case 'customer.subscription.updated':
15		const sub = event.data as PaymobSubscription;
16	+	await updateSubscription(sub.customer as string, sub.status);
16	-	updateSubscription(sub.customer as string, sub.status);
17		break;
18		}
19		return NextResponse.json({ received: true });
20		}

Inline Telemetry (3)

This webhook handler does not verify the Paymob HMAC signature. Any attacker can POST to this endpoint and trigger subscription renewals or cancellations for arbitrary users. You must validate the HMAC header before processing the event.

Suggested Patch

const hmac = req.headers.get('hmac');
const valid = verifyPaymobWebhook(rawBody, hmac);
if (!valid) return NextResponse.json({ error: 'Invalid signature' }, { status: 401 });

SYSTEM VERDICT

CHANGES REQUIRED

1 critical security vulnerability must be resolved before merge operations can proceed.

Review Telemetry

Files Reviewed4

Lines Added+127

Lines Removed-12

Review Duration3m 42s

Issue Density

Critical1

Warning1

Suggestion1

Node ONYX-QA-001 intercepted a critical SQL injection payload before production deployment. Review latency: ~4m.

VIEW SLACK TRIAGE ?