0

hello i am new at laravel and i build an eCommerce platform (details aren't important) anyway my problem is i created a route that can catch all event from paypal webhook but when i directly access to it it's working but when i try from paypal webhook Simulator or even if did a sandbox payment didn't go through i know the problem is from csrf verification and i tried excluding the route but didn't work and also tried creating a new RouteServiceProvider here is my code in the Controller so i can catch anything from the request

$headers = getallheaders();

file_put_contents("/home/username/public_html/test.txt", json_encode($headers));

here is my route

Route::domain(env("APP_DOMAIN"))->group(function () {
    Route::get('/paypal/n', 'HomeController@notifications');
});

i used domain(env("APP_DOMAIN")) because everyone can add his own domain and i want this to work just in the main domain .

the code in the RouteServiceProvider

public function map()
{
    $this->mapApiRoutes();

    $this->mapWebRoutes();

    $this->mapPaymentRoutes();

    //
}

protected function mapPaymentRoutes()
{
    Route::middleware('payment')
        ->namespace($this->namespace)
        ->group(base_path('routes/payment.php'));
}

and of course i did define the payment middleware in the file Kernel.php and comment the VerifyCsrfToken class

protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        // \Illuminate\Session\Middleware\AuthenticateSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\VerifyCsrfToken::class,
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
    ],
    'payment' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        // \Illuminate\Session\Middleware\AuthenticateSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        // \App\Http\Middleware\VerifyCsrfToken::class,
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
    ],

    'api' => [
        'throttle:60,1',
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
    ],
];

and even with all this and like a lot of test i couldn't get it to work if i send a request to a pure php file it's working fine. can you please help me with this i tried to find a solution in my own but it takes me like 15 days without any luck i use laravel 6 .

lhbib hbart
  • 63
  • 6
  • don't apply any middleware to that route ... there is no need for sessions or cookies or any of that as paypal won't be sending any ... the only middleware you might need is one to verify that the request actually comes from paypal ... sidenote: do not call `env` outside of the config files (if you cache your configuration all calls to `env` will return `null`) – lagbox Sep 18 '20 at 20:17
  • does paypal show any errors for the webhook attempts? – lagbox Sep 18 '20 at 20:27
  • no paypal doesn't give anything about the response of the webhook – lhbib hbart Sep 18 '20 at 20:28

1 Answers1

0

in case someone else is struggling with this problem i had to do a work a round by creating a pure php file in public and send webhook request to that file url/file.php and the file catch data and send it to a command i created inside laravel to process it, so that everything that has anything to do with database is inside laravel and the file.php is just like a pipe . i know it's not the best idea but it's not the worst either and thanks for everyone who tried to help me .

lhbib hbart
  • 63
  • 6