Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Stripe integration test webhook #2597

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
steven-tey merged 1 commit into from
Jul 1, 2025
Merged

Stripe integration test webhook #2597

steven-tey merged 1 commit into from
Jul 1, 2025

Conversation

@steven-tey
Copy link
Collaborator

@steven-tey steven-tey commented Jul 1, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • New Features

    • Introduced a dedicated endpoint for handling Stripe test webhooks, improving support for test and live Stripe events.

  • Refactor

    • Updated the logic for selecting between test and production Stripe webhook secrets, now based on the request URL rather than request body content.

@vercel
Copy link
Contributor

vercel bot commented Jul 1, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git β†—οΈŽ

Name Status Preview Updated (UTC)
dub βœ… Ready (Inspect) Visit Preview Jul 1, 2025 8:24pm

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jul 1, 2025
edited
Loading

Walkthrough

The webhook handler for Stripe integration was updated to determine test or live mode based on the request URL rather than the request body. Additionally, a new dedicated route for handling Stripe test webhooks was introduced, which re-exports the main webhook handler and ensures correct routing for test events.

Changes

File(s) Change Summary
apps/web/app/(ee)/api/stripe/integration/webhook/route.ts Changed logic to determine test/live mode using URL pathname instead of request body; updated secret selection accordingly.
apps/web/app/(ee)/api/stripe/integration/webhook/test/route.ts Added new route for Stripe test webhooks; re-exports the main webhook handler; includes explanatory comment.

Sequence Diagram(s)

sequenceDiagram
    participant Stripe
    participant WebhookRouter
    participant WebhookHandler

    Stripe->>WebhookRouter: POST /api/stripe/integration/webhook or /webhook/test
    WebhookRouter->>WebhookHandler: Determine testmode from URL
    WebhookHandler->>WebhookHandler: Select secret (test or live)
    WebhookHandler->>WebhookHandler: Read and process request body
    WebhookHandler-->>Stripe: Respond to webhook
Loading

Poem

In the warren where webhooks hop and play,
A new path for tests now leads the way.
No more peeking in the JSON nestβ€”
The URL tells us if it’s a test!
With secrets sorted, events handled right,
Stripe bunnies sleep soundly through the night.
πŸ‡βœ¨

πŸ“œ Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

πŸ“₯ Commits

Reviewing files that changed from the base of the PR and between 073056c and 35432a2.

πŸ“’ Files selected for processing (2)
  • apps/web/app/(ee)/api/stripe/integration/webhook/route.ts (1 hunks)
  • apps/web/app/(ee)/api/stripe/integration/webhook/test/route.ts (1 hunks)
🧰 Additional context used
🧠 Learnings (3)
πŸ““ Common learnings 
Learnt from: steven-tey
PR: dubinc/dub#0
File: :0-0
Timestamp: 2025-06-19T01:46:45.723Z
Learning: PayPal webhook verification in the Dub codebase is handled at the route level in `apps/web/app/(ee)/api/paypal/webhook/route.ts` using the `verifySignature` function. Individual webhook handlers like `payoutsItemFailed` don't need to re-verify signatures since they're only called after successful verification.
apps/web/app/(ee)/api/stripe/integration/webhook/test/route.ts (1) 
Learnt from: steven-tey
PR: dubinc/dub#0
File: :0-0
Timestamp: 2025-06-19T01:46:45.723Z
Learning: PayPal webhook verification in the Dub codebase is handled at the route level in `apps/web/app/(ee)/api/paypal/webhook/route.ts` using the `verifySignature` function. Individual webhook handlers like `payoutsItemFailed` don't need to re-verify signatures since they're only called after successful verification.
apps/web/app/(ee)/api/stripe/integration/webhook/route.ts (1) 
Learnt from: steven-tey
PR: dubinc/dub#0
File: :0-0
Timestamp: 2025-06-19T01:46:45.723Z
Learning: PayPal webhook verification in the Dub codebase is handled at the route level in `apps/web/app/(ee)/api/paypal/webhook/route.ts` using the `verifySignature` function. Individual webhook handlers like `payoutsItemFailed` don't need to re-verify signatures since they're only called after successful verification.
⏰ Context from checks skipped due to timeout of 90000ms (1)
  • GitHub Check: build
πŸ”‡ Additional comments (5)
apps/web/app/(ee)/api/stripe/integration/webhook/route.ts (3)

22-23: LGTM! Cleaner approach to mode detection.

Using URL path to determine test mode is more reliable and efficient than parsing the request body. This approach aligns well with the dedicated test route structure.

25-25: Good optimization - single request body read.

Moving the request body read after mode determination is more efficient, as you now only read the body once instead of potentially parsing it twice (once for mode detection, once for webhook processing).

28-30: βœ”οΈ Confirm Stripe Webhook Secrets Configuration

The conditional selection of STRIPE_APP_WEBHOOK_SECRET_TEST and STRIPE_APP_WEBHOOK_SECRET in apps/web/app/(ee)/api/stripe/integration/webhook/route.ts is correct and both variables are referenced as expected.

  • Ensure in your deployment environment (CI/CD secrets, .env, Kubernetes secrets, etc.) that:
    • STRIPE_APP_WEBHOOK_SECRET_TEST is set for test mode
    • STRIPE_APP_WEBHOOK_SECRET is set for production mode
apps/web/app/(ee)/api/stripe/integration/webhook/test/route.ts (2)

1-9: Excellent documentation and architectural decision.

The comment clearly explains why a separate test route is needed, referencing Stripe's specific behavior. This will help future maintainers understand the design decision.

11-11: Clean implementation - re-export ensures consistency.

Re-exporting the POST handler from the main route is the right approach. It ensures consistent webhook processing logic while providing the separate endpoint that Stripe requires for test webhooks.

✨ Finishing Touches
  • πŸ“ Generate Docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❀️ Share
πŸͺ§ Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@steven-tey
Copy link
Collaborator Author

steven-tey commented Jul 1, 2025

@CodeRabbit final review

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jul 1, 2025

Tip

For best results, initiate chat on the files or code changes.

@steven-tey Here's my comprehensive final review of this PR:

βœ… APPROVED - Excellent Implementation

This PR successfully implements a clean and robust solution for handling Stripe test webhooks. Here's my assessment:

πŸ—οΈ Architectural Excellence

  • Smart mode detection: Using URL pathname (/test) instead of parsing request body is more efficient and reliable
  • Proper separation of concerns: Dedicated test endpoint addresses Stripe's specific behavior while maintaining shared logic
  • Code reuse: Re-exporting the main handler ensures consistency without duplication

πŸ”’ Security & Reliability

  • Correct webhook secret selection based on test/live mode
  • Single request body read prevents potential parsing issues
  • Maintains existing webhook verification patterns

πŸ“– Documentation & Maintainability

  • Excellent inline documentation explaining Stripe's webhook routing behavior
  • Clear rationale for architectural decisions
  • Code is self-documenting and future-maintainer friendly

🎯 Implementation Quality

  • Clean, concise code with no apparent edge cases
  • Follows established patterns in the codebase
  • Ready for production deployment

Key Strengths:

  1. Performance: Single body read vs. double parsing
  2. Reliability: URL-based detection is more deterministic
  3. Compliance: Properly handles Stripe's test/live webhook requirements
  4. Maintainability: Well-documented design decisions

No issues found. This is production-ready code that improves upon the previous implementation. πŸš€

🐰✨ Happy to see such thoughtful webhook architecture - this implementation handles Stripe's quirks elegantly!

🧠 Learnings used 
Learnt from: steven-tey
PR: dubinc/dub#0
File: :0-0
Timestamp: 2025-06-19T01:46:45.723Z
Learning: PayPal webhook verification in the Dub codebase is handled at the route level in `apps/web/app/(ee)/api/paypal/webhook/route.ts` using the `verifySignature` function. Individual webhook handlers like `payoutsItemFailed` don't need to re-verify signatures since they're only called after successful verification.

@steven-tey steven-tey merged commit 6af6b2e into main Jul 1, 2025
9 checks passed
@steven-tey steven-tey deleted the stripe-test-webhook branch July 1, 2025 20:58
@coderabbitai coderabbitai bot mentioned this pull request Aug 18, 2025
Merged
@coderabbitai coderabbitai bot mentioned this pull request Oct 8, 2025
Merged
@coderabbitai coderabbitai bot mentioned this pull request Oct 23, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@steven-tey