fix: Plaid webhook verification (#1824)

* Fix Plaid webhook verification * Fix client creation in webhook controller
2025-07-24 15:49:39 +02:00 · 2025-02-07 10:35:42 -05:00 · 2025-02-07 10:35:42 -05:00 · 5eb5ec7aef
commit 5eb5ec7aef
parent 331de2f997
5 changed files with 87 additions and 62 deletions
--- a/app/controllers/concerns/accountable_resource.rb
+++ b/app/controllers/concerns/accountable_resource.rb
@ -53,7 +53,7 @@ module AccountableResource
  private
    def set_link_token
      @us_link_token = Current.family.get_link_token(
-        webhooks_url: webhooks_url,
+        webhooks_url: plaid_us_webhooks_url,
        redirect_url: accounts_url,
        accountable_type: accountable_type.name,
        region: :us
@ -61,7 +61,7 @@ module AccountableResource

      if Current.family.eu?
        @eu_link_token = Current.family.get_link_token(
-          webhooks_url: webhooks_url,
+          webhooks_url: plaid_eu_webhooks_url,
          redirect_url: accounts_url,
          accountable_type: accountable_type.name,
          region: :eu
@ -69,11 +69,16 @@ module AccountableResource
      end
    end

-    def webhooks_url
+    def plaid_us_webhooks_url
      return webhooks_plaid_url if Rails.env.production?

-      base_url = ENV.fetch("DEV_WEBHOOKS_URL", root_url.chomp("/"))
-      base_url + "/webhooks/plaid"
+      ENV.fetch("DEV_WEBHOOKS_URL", root_url.chomp("/")) + "/webhooks/plaid"
+    end
+
+    def plaid_eu_webhooks_url
+      return webhooks_plaid_eu_url if Rails.env.production?
+
+      ENV.fetch("DEV_WEBHOOKS_URL", root_url.chomp("/")) + "/webhooks/plaid_eu"
    end

    def accountable_type
--- a/app/controllers/webhooks_controller.rb
+++ b/app/controllers/webhooks_controller.rb
@ -6,8 +6,25 @@ class WebhooksController < ApplicationController
    webhook_body = request.body.read
    plaid_verification_header = request.headers["Plaid-Verification"]

-    Provider::Plaid.validate_webhook!(plaid_verification_header, webhook_body)
-    Provider::Plaid.process_webhook(webhook_body)
+    client = Provider::Plaid.new(Rails.application.config.plaid, region: :us)
+
+    client.validate_webhook!(plaid_verification_header, webhook_body)
+    client.process_webhook(webhook_body)
+
+    render json: { received: true }, status: :ok
+  rescue => error
+    Sentry.capture_exception(error)
+    render json: { error: "Invalid webhook: #{error.message}" }, status: :bad_request
+  end
+
+  def plaid_eu
+    webhook_body = request.body.read
+    plaid_verification_header = request.headers["Plaid-Verification"]
+
+    client = Provider::Plaid.new(Rails.application.config.plaid_eu, region: :eu)
+
+    client.validate_webhook!(plaid_verification_header, webhook_body)
+    client.process_webhook(webhook_body)

    render json: { received: true }, status: :ok
  rescue => error