Add simple stripe webhook

README.md

@@ -52,6 +52,10 @@ To run unit tests:
 
 For migrations, add `BF_ADMIN_USERNAME` and `BF_ADMIN_PASSWORD` to virtual environment to create admin user.
 
+## Stripe
+
+For a webhook you need to configure stripe settings in a dashboard.
+
 ## Notes
 
 ### Methodology

api/urls.py

@@ -0,0 +1,5 @@
+from django.urls import path, include
+
+urlpatterns = [
+    path('v1/', include('api.v1.urls'), name='v1'),
+]

api/v1/urls.py

@@ -0,0 +1,7 @@
+from django.urls import path
+
+from api.v1.views import StripeWebhook
+
+urlpatterns = [
+    path('webhooks/stripe/', StripeWebhook.as_view(), name='stripe_webhook'),
+]

api/v1/views.py

@@ -0,0 +1,31 @@
+from http import HTTPStatus
+import json
+
+from django.conf import settings
+from django.core.exceptions import PermissionDenied
+from django.http import HttpResponse
+from django.utils.decorators import method_decorator
+from django.views import View
+from django.views.decorators.csrf import csrf_exempt
+
+import stripe
+
+
+@method_decorator(csrf_exempt, name='dispatch')
+class StripeWebhook(View):
+    def post(self, request, *args, **kwargs):
+        try:
+            sig_header = request.headers['Stripe-Signature']
+        except KeyError:
+            return HttpResponse(status=HTTPStatus.FORBIDDEN)
+
+        try:
+            event = stripe.Webhook.construct_event(
+                request.body, sig_header, settings.STRIPE_ENDPOINT_SECRET
+            )
+        except ValueError as e:
+            raise PermissionDenied()
+        except stripe.error.SignatureVerificationError as verification_err:
+            return HttpResponse(status=HTTPStatus.FORBIDDEN)
+
+        return HttpResponse(status=HTTPStatus.OK)

core/urls.py

@@ -30,6 +30,7 @@
     path('robots.txt', TemplateView.as_view(template_name='base/robots.txt', content_type='text/plain'), name='robots'),
     path('payments/', include('payments.urls')),
     path('docs/', include('docs.urls')),
+    path('api/', include('api.urls')),
 ]