ahmadawais/edd-paddle-webhook-handler.php

## edd-paddle-webhook-handler.php
class EDD_Paddle_Webhook_Handler extends EDD_Webhook_Handler {
	function get_hook_id() {
		return 'paddle';
	}

	function get_hook_name() {
		return 'Paddle';
	}

	function get_endpoint_args() {
		return array(
			'alert_name' => array(
				'required' => true,
			),
			'p_signature' => array(
				'required' => true,
			),
			'email' => array(
				'required' => true,
			)
		);
	}

	function verify_webhook_params( $params ) {
		if ( ! is_array( $params ) or 'payment_succeeded' != $params['alert_name'] )
			return false;
		return true;
	}

	function get_buyer_email_address( $params ) {
		return sanitize_text_field( $params['email'] );
	}

	function get_order_id( $params ) {
		return sanitize_text_field( $params['order_id'] );
	}

	function get_item_id( $params ) {
		return sanitize_text_field( $params['p_product_id'] );
	}

	function get_item_price( $params ) {
		return $params['sale_gross'] - $params['payment_tax'];
	}

	function get_item_tax( $params ) {
		return $params['payment_tax'];
	}

	function get_public_key() {
		// NOTE: Ensure there is no spacing on the left of each line of your public key
		return '-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA125r975+OmZ67/b0T0fN
4Ye6diPZZghFGal3czs/zqi8cq4T7gW63N1AtXTSmIIC+PTnCAXJP5f+ymb0ixQB
...
8oYyPdOjZ1hHUz2a4nAq+ty3lNFaQE/9vbv8YP30LRmoB3ON88mLL2JTI8W68wqr
ECgBp9p2k2vv9gGqsfBXJHUCAwEAAQ==
-----END PUBLIC KEY-----';
	}

	/**
	 * Verifies the request is coming from Paddle
	 *
	 * @param $request WP_REST_Request
	 * @return bool
	 */
	function verify_request( $request ) {
		  // Get the p_signature parameter & base64 decode it.
		  $signature = base64_decode( $request->get_param( 'p_signature' ) );

		  // Get the fields sent in the request, and remove the p_signature parameter
		  $fields = $request->get_params();
		  unset( $fields['p_signature'] );

		  // ksort() and serialize the fields
		  ksort( $fields );
		  foreach ( $fields as $k => $v ) {
			  if ( ! in_array( gettype( $v ), array( 'object', 'array' ) ) ) {
				  $fields[$k] = "$v";
			  }
		  }
		  $data = serialize( $fields );

		  // Veirfy the signature
		  $verification = openssl_verify( $data, $signature, $this->get_public_key(), OPENSSL_ALGO_SHA1 );
		  if ( $verification == 1 ) {
			  return true;
		  }

		return false;
	}
}

$GLOBALS['edd_webhook_handler'] = new EDD_Paddle_Webhook_Handler();
	class EDD_Paddle_Webhook_Handler extends EDD_Webhook_Handler {
	function get_hook_id() {
	return 'paddle';
	}

	function get_hook_name() {
	return 'Paddle';
	}

	function get_endpoint_args() {
	return array(
	'alert_name' => array(
	'required' => true,
	),
	'p_signature' => array(
	'required' => true,
	),
	'email' => array(
	'required' => true,
	)
	);
	}

	function verify_webhook_params( $params ) {
	if ( ! is_array( $params ) or 'payment_succeeded' != $params['alert_name'] )
	return false;
	return true;
	}

	function get_buyer_email_address( $params ) {
	return sanitize_text_field( $params['email'] );
	}

	function get_order_id( $params ) {
	return sanitize_text_field( $params['order_id'] );
	}

	function get_item_id( $params ) {
	return sanitize_text_field( $params['p_product_id'] );
	}

	function get_item_price( $params ) {
	return $params['sale_gross'] - $params['payment_tax'];
	}

	function get_item_tax( $params ) {
	return $params['payment_tax'];
	}

	function get_public_key() {
	// NOTE: Ensure there is no spacing on the left of each line of your public key
	return '-----BEGIN PUBLIC KEY-----
	MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA125r975+OmZ67/b0T0fN
	4Ye6diPZZghFGal3czs/zqi8cq4T7gW63N1AtXTSmIIC+PTnCAXJP5f+ymb0ixQB
	...
	8oYyPdOjZ1hHUz2a4nAq+ty3lNFaQE/9vbv8YP30LRmoB3ON88mLL2JTI8W68wqr
	ECgBp9p2k2vv9gGqsfBXJHUCAwEAAQ==
	-----END PUBLIC KEY-----';
	}

	/**
	* Verifies the request is coming from Paddle
	*
	* @param $request WP_REST_Request
	* @return bool
	*/
	function verify_request( $request ) {
	// Get the p_signature parameter & base64 decode it.
	$signature = base64_decode( $request->get_param( 'p_signature' ) );

	// Get the fields sent in the request, and remove the p_signature parameter
	$fields = $request->get_params();
	unset( $fields['p_signature'] );

	// ksort() and serialize the fields
	ksort( $fields );
	foreach ( $fields as $k => $v ) {
	if ( ! in_array( gettype( $v ), array( 'object', 'array' ) ) ) {
	$fields[$k] = "$v";
	}
	}
	$data = serialize( $fields );

	// Veirfy the signature
	$verification = openssl_verify( $data, $signature, $this->get_public_key(), OPENSSL_ALGO_SHA1 );
	if ( $verification == 1 ) {
	return true;
	}

	return false;
	}
	}

	$GLOBALS['edd_webhook_handler'] = new EDD_Paddle_Webhook_Handler();