<?php
namespace App\Http\Controllers;
use App\DojahWebhook;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Log;
class DojahWebhookController extends Controller
{
//
public function receive(Request $request)
{
// Obter assinatura enviada
$signature = $request->header('X-Dojah-Signature');
// $secret = $_ENV['DOJAH_WEBHOOK_SECRET'];
$secret = env('DOJAH_WEBHOOK_SECRET', '68f10713fd71c34bdbc25b17');
// Verificar se a assinatura é válida
if (!$signature || $signature !== $secret) {
Log::warning('Tentativa de acesso não autorizado ao webhook Dojah.', [
'ip' => $request->ip(),
'headers' => $request->headers->all(),
]);
return response()->json(['error' => 'Unauthorized'], 401);
}
// Log para depuração
Log::info('Dojah webhook recebido com sucesso.', $request->all());
$data = $request->all();
// Salvar no banco
$record = DojahWebhook::create([
'reference_id' => $data['reference_id'] ?? null,
'id_url' => $data['id_url'] ?? null,
'back_url' => $data['back_url'] ?? null,
'verification_url' => $data['verification_url'] ?? null,
'selfie_url' => $data['selfie_url'] ?? null,
'verification_status' => $data['verification_status'] ?? null,
// Dados do ID
'first_name' => $data['data']['id']['data']['id_data']['first_name'] ?? null,
'last_name' => $data['data']['id']['data']['id_data']['last_name'] ?? null,
'middle_name' => $data['data']['id']['data']['id_data']['middle_name'] ?? null,
'nationality' => $data['data']['id']['data']['id_data']['nationality'] ?? null,
'document_type' => $data['data']['id']['data']['id_data']['document_type'] ?? null,
'document_number' => $data['data']['id']['data']['id_data']['document_number'] ?? null,
'date_of_birth' => $data['data']['id']['data']['id_data']['date_of_birth'] ?? null,
'date_issued' => $data['data']['id']['data']['id_data']['date_issued'] ?? null,
'expiry_date' => $data['data']['id']['data']['id_data']['expiry_date'] ?? null,
// Device e IP
'device_info' => $data['metadata']['device_info'] ?? null,
'country' => $data['metadata']['ipinfo']['country'] ?? null,
'city' => $data['metadata']['ipinfo']['city'] ?? null,
'district' => $data['metadata']['ipinfo']['district'] ?? null,
'lat' => $data['metadata']['ipinfo']['lat'] ?? null,
'lon' => $data['metadata']['ipinfo']['lon'] ?? null,
]);
return response()->json([
'message' => 'Webhook recebido e armazenado com sucesso!',
'id' => $record->id,
], 200);
}
public function key(Request $request)
{
// Obter assinatura enviada
// $signature = $request->header('X-Dojah-Signature');
// $secret = $_ENV['DOJAH_WEBHOOK_SECRET'];
// $secret = env('DOJAH_WEBHOOK_SECRET', '68f10713fd71c34bdbc25b17');
$secret = env('DOJAH_SECRET_KEY', 'test_sk_VmZ5nfYH7kk5L0kf6FxgP4z2R');
// Log para depuração
Log::info('Dojah webhook recebido com sucesso.', $request->all());
// return response()->json(['status' => 'ok', 'message' => 'Endpoint ok', 'data' => $secret], 200);
return response()->json(['status' => 'success'], 200);
}
public function keyOLD(Request $request)
{
$signature = $request->header('X-Dojah-Signature');
$body = $request->getContent();
$secret = env('DOJAH_SECRET_KEY');
if (!hash_equals(hash_hmac('sha256', $body, $secret), $signature)) {
return response()->json(['error' => 'Assinatura inválida'], 401);
}
Log::info('Webhook verificado com sucesso', $request->all());
return response()->json(['status' => 'ok'], 200);
}
}