neocities/app/webhooks.rb

post '/webhooks/paypal' do
  EmailWorker.perform_async({
    from: 'web@neocities.org',
    to: 'errors@neocities.org',
    subject: "[Neocities Paypal Webhook] Received a Webhook from Paypal",
    body: params.inspect,
    no_footer: true
  })

  'ok'
end

def valid_paypal_webhook_source?
  # https://www.paypal-knowledge.com/infocenter/index?page=content&widgetview=true&id=FAQ1465&viewlocale=en_US&direct=en
  return true if ['127.0.0.1', '173.0.81.1', '173.0.81.33', '66.211.170.66'].include?(request.ip)
  false
end

post '/webhooks/paypal/tipping_notify' do
  return 403 unless valid_paypal_webhook_source?
  payload = JSON.parse Base64.strict_decode64(params[:custom]), symbolize_names: true

  site = Site[payload[:site_id]]

  @tip_hash = {
    message: (params[:memo] ? params[:memo] : nil),
    amount: params[:mc_gross],
    currency: params[:mc_currency],
    fee: params[:mc_fee],
    actioning_site: (payload[:actioning_site_id] ? Site[payload[:actioning_site_id]] : nil),
    paypal_payer_email: params[:payer_email],
    paypal_receiver_email: params[:receiver_email],
    paypal_txn_id: params[:txn_id],
    created_at: DateTime.strptime(params[:payment_date], "%H:%M:%S %b %e, %Y %Z").to_time
  }

  @tip = site.add_tip @tip_hash

  Event.create(
    site_id: @tip.site.id,
    actioning_site_id: (@tip.actioning_site ? @tip.actioning_site.id : nil),
    tip_id: @tip.id
  )

  if @tip.actioning_site
    subject = "You received a #{@tip.amount_string} tip from #{@tip.actioning_site.username}!"
  else
    subject = "You received a #{@tip.amount_string} tip!"
  end

  @tip.site.send_email(
    subject: subject,
    body: Tilt.new('./views/templates/email/tip_received.erb', pretty: true).render(self)
  )

  EmailWorker.perform_async({
    from: 'web@neocities.org',
    to: params[:payer_email],
    subject: "You sent a #{@tip.amount_string} tip!",
    body: Tilt.new('./views/templates/email/tip_sent.erb', pretty: true).render(self)
  })
end

post '/webhooks/stripe' do
  event = JSON.parse request.body.read
  if event['type'] == 'customer.created'
    username  = event['data']['object']['description'].split(' - ').first
    email     = event['data']['object']['email']

    EmailWorker.perform_async({
      from:    'web@neocities.org',
      to:      'contact@neocities.org',
      subject: "[Neocities] New customer: #{username}",
      body:    "#{username}\n#{email}\n#{Site[username: username].uri}",
      no_footer: true
    })
  end

  if event['type'] == 'charge.failed'
    site = stripe_get_site_from_event event

    EmailWorker.perform_async({
      from:    'web@neocities.org',
      to:      site.email,
      subject: "[Neocities] There was an issue charging your card",
      body:    Tilt.new('./views/templates/email/charge_failure.erb', pretty: true).render(self)
    })
  end

  if event['type'] == 'customer.subscription.deleted'
    site = stripe_get_site_from_event event
    site.stripe_subscription_id = nil
    site.plan_type = nil
    site.plan_ended = true
    site.save_changes validate: false

    EmailWorker.perform_async({
      from:    'web@neocities.org',
      to:      site.email,
      subject: "[Neocities] Supporter plan has ended",
      body:    Tilt.new('./views/templates/email/supporter_ended.erb', pretty: true).render(self)
    })
  end

  'ok'
end

def stripe_get_site_from_event(event)
  customer_id = event['data']['object']['customer']
  customer = Stripe::Customer.retrieve customer_id

  # Some old accounts only have a username for the desc
  desc_split = customer.description.split(' - ')

  if desc_split.length == 1
    site_where = {username: desc_split.first}
  end

  if desc_split.last.to_i == 0
    site_where = {username: desc_split.first}
  else
    site_where = {id: desc_split.last}
  end

  Site.where(site_where).first
end