portfoli-ulleres/checkout/stripe-webhook.php

<?php
declare(strict_types=1);

require_once __DIR__ . '/common.php';

$config = kapvoe_load_config();

$payload = file_get_contents('php://input') ?: '';
$sigHeader = $_SERVER['HTTP_STRIPE_SIGNATURE'] ?? '';
$secret = (string)($config['stripe_webhook_secret'] ?? '');

if (!kapvoe_verify_stripe_signature($payload, $sigHeader, $secret)) {
    http_response_code(400);
    header('Content-Type: application/json; charset=utf-8');
    echo json_encode([
        'ok' => false,
        'error' => 'Signatura Stripe invàlida'
    ], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
    exit;
}

$event = json_decode($payload, true);

if (!is_array($event)) {
    http_response_code(400);
    header('Content-Type: application/json; charset=utf-8');
    echo json_encode([
        'ok' => false,
        'error' => 'Payload JSON invàlid'
    ], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
    exit;
}

$type = (string)($event['type'] ?? '');
$object = $event['data']['object'] ?? null;

if (!is_array($object)) {
    http_response_code(400);
    header('Content-Type: application/json; charset=utf-8');
    echo json_encode([
        'ok' => false,
        'error' => 'Event sense objecte de dades'
    ], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
    exit;
}

try {
    switch ($type) {
        case 'checkout.session.completed':
            $sessionId = (string)($object['id'] ?? '');
            $paymentIntentId = (string)($object['payment_intent'] ?? '');
            $paymentStatus = (string)($object['payment_status'] ?? '');

            if ($sessionId === '') {
                throw new RuntimeException('Falta session id');
            }

            kapvoe_update_order_status(
                $config,
                $sessionId,
                $paymentStatus === 'paid' ? 'paid' : 'pending',
                $paymentIntentId
            );

            $order = kapvoe_get_order_by_session_id($config, $sessionId);

            if (!$order) {
                throw new RuntimeException('No s\'ha trobat la comanda al CSV');
            }

            $alreadyUpdated = (string)($order['stock_updated'] ?? '') === '1';
            $stockResult = null;

            if ($paymentStatus === 'paid' && !$alreadyUpdated) {
                $stockResult = kapvoe_decrement_sheet_stock($config, $order, $sessionId);

                if (!($stockResult['ok'] ?? false)) {
                    throw new RuntimeException('No s\'ha pogut actualitzar l\'stock al Google Sheet');
                }

                kapvoe_mark_order_stock_updated($config, $sessionId);
                $alreadyUpdated = true;
            }

            http_response_code(200);
            header('Content-Type: application/json; charset=utf-8');
            echo json_encode([
                'ok' => true,
                'handled' => $type,
                'session_id' => $sessionId,
                'payment_intent_id' => $paymentIntentId,
                'already_updated' => $alreadyUpdated,
                'stock_result' => $stockResult
            ], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
            exit;

        default:
            http_response_code(200);
            header('Content-Type: application/json; charset=utf-8');
            echo json_encode([
                'ok' => true,
                'ignored' => $type
            ], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
            exit;
    }
} catch (Throwable $e) {
    http_response_code(500);
    header('Content-Type: application/json; charset=utf-8');
    echo json_encode([
        'ok' => false,
        'error' => $e->getMessage()
    ], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
    exit;
}