Hugging Face's logo

Spaces:
APRKDEV
/
wsb-bot
Runtime error

App Files Community
wsb-bot
File size: 3,158 Bytes
c35213b
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
import { NextResponse } from 'next/server';
import { supabase } from '@/lib/db';
import crypto from 'crypto';

// The webhook secret from your Sell.app developer dashboard
const SELLAPP_SECRET = process.env.SELLAPP_WEBHOOK_SECRET || 'dummy_secret';

export async function POST(request: Request) {
  try {
    const rawBody = await request.text();
    const headersList = request.headers;
    
    // Sell.app uses the standard 'x-sellapp-signature' header.
    const signature = headersList.get('x-sellapp-signature');

    if (!signature) {
      return NextResponse.json({ error: 'Missing signature' }, { status: 401 });
    }

    // Verify Sell.app Signature
    const hmac = crypto.createHmac('sha256', SELLAPP_SECRET);
    hmac.update(rawBody);
    const calculatedSignature = hmac.digest('hex');

    if (signature !== calculatedSignature && process.env.NODE_ENV === 'production') {
       return NextResponse.json({ error: 'Invalid signature' }, { status: 403 });
    }

    const data = JSON.parse(rawBody);
    
    // Safety check: is it an order completion? 
    if (data.event !== 'order:paid' && data.event !== 'order:completed') {
        return NextResponse.json({ received: true });
    }

    const order = data.data;
    const additionalInfo = order.additional_information || [];
    
    // We search through the additional_information array for the "discord_id" custom field.
    const discordField = additionalInfo.find((field: any) => field.name?.toLowerCase() === 'discord_id');
    const discordId = discordField ? discordField.value : null;

    if (!discordId) {
        console.error("Webhook Error: Discord ID was not provided in custom fields.");
        return NextResponse.json({ error: 'Missing Discord ID' }, { status: 400 });
    }

    // Sell.app typically returns total in major units (e.g., 25.00 instead of 2500)
    const price = parseFloat(order.total_amount || order.total);
    let expiresAt: string | null = null;
    const now = new Date();

    if (price === 3) {
        now.setDate(now.getDate() + 7);
        expiresAt = now.toISOString();
    } else if (price === 7) {
        now.setDate(now.getDate() + 30);
        expiresAt = now.toISOString();
    } else if (price === 15) {
        now.setFullYear(now.getFullYear() + 1);
        expiresAt = now.toISOString();
    } else if (price === 25) {
        expiresAt = null;
    } else {
        console.warn(`Unrecognized price tier: $${price}. Applying lifetime by default.`);
        expiresAt = null; 
    }

    // Save to database using Supabase
    const { error: upsertError } = await supabase
      .from('vip_users')
      .upsert({ 
        discord_id: discordId, 
        expires_at: expiresAt,
        purchased_at: new Date().toISOString()
      }, {
        onConflict: 'discord_id'
      });

    if (upsertError) throw upsertError;

    console.log(`[SELLAPP WEBHOOK] Successfully unlocked VIP for Discord ID: ${discordId}`);
    return NextResponse.json({ success: true });

  } catch (error) {
    console.error('Webhook processing failed:', error);
    return NextResponse.json({ error: 'Internal Server Error' }, { status: 500 });
  }
}