Unsupervised/unsupervised-scheduler
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
aea731c2f89e45230538946ebaceead927365fad
unsupervised-scheduler/src/Payment/StripeGateway.php
T
thatguygriff 1d6ac46ba3
CI / No Debug Code (pull_request) Successful in 3s
Details
CI / Tests (PHP 8.2) (pull_request) Successful in 48s
Details
CI / Tests (PHP 8.3) (pull_request) Successful in 52s
Details
CI / Coding Standards (pull_request) Successful in 57s
Details
CI / Tests (PHP 8.1) (pull_request) Successful in 1m1s
Details
CI / PHPStan (pull_request) Successful in 1m11s
Details
CI / Build Plugin Zip (pull_request) Has been skipped
Details
Upgrade PHPStan to 2.x and raise analysis level from 6 to 10 
- Bump phpstan/phpstan ^2.0 and szepeviktor/phpstan-wordpress ^2.0
- Move the analysis level into phpstan.neon (single source) and raise it to 10
- Add Val, a runtime coercion helper that narrows untyped WordPress boundary
  values (wpdb rows, REST params, superglobals, options) with explicit checks
  instead of blind casts, plus unit tests
- Type value-object fromRow() params as stdClass (what wpdb returns) and map
  columns through Val so unexpected shapes degrade safely
- Use %i identifier placeholders for table names in all wpdb::prepare() calls
  so every query string is a literal and identifiers are escaped by WordPress;
  raises the minimum WordPress version to 6.2 where %i was introduced
- Guard wpdb::prepare() null result before wpdb::query() in updateTax()
- Fix nullable get_permalink()/strtotime() handling, list types at REST and
  capability call sites, dead null-coalescing on checked superglobals, and
  narrow get_users() results before mapping
- Register Val method names with the ValidatedSanitizedInput sniff so it
  validates the real sanitizer around each superglobal read
- Update repository unit tests for the %i placeholder arguments

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-12 13:42:50 -03:00

117 lines
3.5 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
namespace Unsupervised\Schedular\Payment;
use Stripe\Event;
use Stripe\PaymentIntent;
use Stripe\StripeClient;
use Stripe\Webhook;
/**
* Thin wrapper around the Stripe PHP SDK: creates PaymentIntents for card
* payments and verifies inbound webhook signatures. All Stripe-specific knowledge
* (amounts in cents, idempotency, signature checking) lives here so the rest of
* the payment domain stays gateway-agnostic.
*/
class StripeGateway {
private ?StripeClient $client;
/**
* Build the gateway. The Stripe client is created lazily from the configured
* secret key, or injected directly in tests.
*
* @param StripeClient|null $client Injectable for tests; built lazily when null.
*/
public function __construct( private StudioSettings $settings, ?StripeClient $client = null ) {
$this->client = $client;
}
public function isConfigured(): bool {
return $this->settings->isStripeConfigured();
}
/**
* Create (or, when one already exists, return) a PaymentIntent for the billed
* total of a payment. The payment id is stored in metadata so the webhook can
* reconcile the charge back to our ledger row. Returns null on any Stripe error
* so callers can fail gracefully.
*/
public function createIntent( Payment $payment ): ?PaymentIntent {
if ( ! $this->isConfigured() ) {
return null;
}
try {
return $this->paymentIntentsCreate(
[
'amount' => $this->toMinorUnits( $payment->total() ),
'currency' => strtolower( $payment->currency ),
'metadata' => [
'payment_id' => (string) $payment->id,
'registration_type' => $payment->registrationType,
'registration_id' => (string) $payment->registrationId,
'student_id' => (string) $payment->studentId,
],
'description' => sprintf( 'Lesson payment #%d', (int) $payment->id ),
],
[ 'idempotency_key' => 'usc-payment-' . $payment->id ]
);
} catch ( \Throwable $e ) {
return null;
}
}
/**
* Seam around the Stripe PaymentIntents create call so tests can stub the
* network request.
*
* @param array{amount: int, currency: string, metadata: array<string, string>, description: string} $params
* @param array{idempotency_key?: string} $options
*/
protected function paymentIntentsCreate( array $params, array $options ): PaymentIntent {
return $this->client()->paymentIntents->create( $params, $options );
}
/**
* Verify a raw webhook payload against its signature header and return the
* decoded Stripe event, or null when verification fails or no signing secret is
* configured.
*/
public function verifyWebhook( string $payload, string $signatureHeader ): ?Event {
$secret = $this->settings->webhookSecret();
if ( '' === $secret || '' === $signatureHeader ) {
return null;
}
try {
return $this->constructEvent( $payload, $signatureHeader, $secret );
} catch ( \Throwable $e ) {
return null;
}
}
/**
* Seam around the static Stripe verifier so tests can stub signature checking.
*/
protected function constructEvent( string $payload, string $signatureHeader, string $secret ): Event {
return Webhook::constructEvent( $payload, $signatureHeader, $secret );
}
private function client(): StripeClient {
if ( null === $this->client ) {
$this->client = new StripeClient( $this->settings->secretKey() );
}
return $this->client;
}
/**
* Convert a dollar amount to the integer minor units (cents) Stripe expects.
*/
private function toMinorUnits( float $amount ): int {
return (int) round( $amount * 100 );
}
}
Reference in New Issue View Git Blame Copy Permalink