import * as functions from 'firebase-functions' import { applyEntitlementEvent, EntitlementEvent } from './entitlementLogic' /** * RevenueCat webhook handler. * * Path: POST /revenueCatWebhook (registered as an HTTPS function) * Triggered by RevenueCat server-to-server events. * * Security: * - Real signature verification is intentionally a placeholder. Add Ed25519 * signature verification using process.env.REVENUECAT_SIGNING_KEY before * shipping to production. * - The function immediately acknowledges valid-looking events so RevenueCat * does not retry; downstream failures are logged and should be monitored. * * Processing: * - Parses the RevenueCat event payload. * - Writes entitlement state to Firestore at users/{userId}/entitlements. * - Handles TRANSFER, RENEWAL, CANCELLATION, EXPIRATION, and BILLING_ISSUE. */ export const revenueCatWebhook = functions.https.onRequest(async (req, res) => { // Only accept POST requests. if (req.method !== 'POST') { res.status(405).json({ error: 'method_not_allowed' }) return } // TODO: verify RevenueCat webhook signature / secret before trusting payload. // Placeholder verification returns true for now. const verified = verifyRevenueCatWebhook(req) if (!verified) { res.status(401).json({ error: 'unauthorized' }) return } const event = req.body?.event as EntitlementEvent | undefined if (!event || !event.type || !event.app_user_id) { res.status(400).json({ error: 'malformed_payload' }) return } // Acknowledge immediately to avoid RevenueCat retries. res.status(200).json({ received: true }) try { await applyEntitlementEvent(event) } catch (err) { console.error('[revenueCatWebhook] entitlement sync failed:', err) } }) /** * Placeholder webhook verification. * Replace with real Ed25519 signature verification before production. */ function verifyRevenueCatWebhook( // eslint-disable-next-line @typescript-eslint/no-unused-vars _req: functions.https.Request ): boolean { return true }