From 0cf6daf4348ae62482aebe5dc1533c2d8e9b7a92 Mon Sep 17 00:00:00 2001
From: adueck <adueck@users.noreply.github.com>
Date: Thu, 13 Oct 2022 19:53:19 +0500
Subject: [PATCH] proper webhook secret

---
 account/src/lib/env-vars.ts           | 2 ++
 account/src/routers/payment-router.ts | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/account/src/lib/env-vars.ts b/account/src/lib/env-vars.ts
index ff98940..7bb12bc 100644
--- a/account/src/lib/env-vars.ts
+++ b/account/src/lib/env-vars.ts
@@ -10,6 +10,7 @@ const names = [
     "LINGDOCS_ACCOUNT_RECAPTCHA_SECRET",
     "LINGDOCS_ACCOUNT_UPGRADE_PASSWORD",
     "STRIPE_SECRET_KEY",
+    "STRIPE_WEBHOOK_SECRET",
 ];
 
 const values = names.map((name) => ({
@@ -35,4 +36,5 @@ export default {
     recaptchaSecret: values[8].value,
     upgradePassword: values[9].value,
     stripeSecretKey: values[10].value,
+    stripeWebhookSecret: values[11].value,
 };
diff --git a/account/src/routers/payment-router.ts b/account/src/routers/payment-router.ts
index 57cb701..fa71803 100644
--- a/account/src/routers/payment-router.ts
+++ b/account/src/routers/payment-router.ts
@@ -18,7 +18,7 @@ paymentRouter.post(
     // If you are testing with the CLI, find the secret by running 'stripe listen'
     // If you are using an endpoint defined with the API or dashboard, look in your webhook settings
     // at https://dashboard.stripe.com/webhooks
-    const endpointSecret = 'whsec_12345';
+    const endpointSecret = env.stripeWebhookSecret;
     // Only verify the event if you have an endpoint secret defined.
     // Otherwise use the basic event deserialized with JSON.parse
     if (endpointSecret) {