debug: add webhook signature verification logging

author: Fuwn <[email protected]> 2026-02-08 07:57:18 -0800
committer: Fuwn <[email protected]> 2026-02-08 07:57:18 -0800
commit: 1e29d343c2e8226df110023828e27d92080e7168 (patch)
tree: 8a9a1ec8312f72e9894e0c0cfe116e5c9c872f66 /apps/web/app/api
parent: fix: exclude webhook route from auth middleware to prevent 405 (diff)
download: asa.news-1e29d343c2e8226df110023828e27d92080e7168.tar.xz
asa.news-1e29d343c2e8226df110023828e27d92080e7168.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/apps/web/app/api/billing/webhook/route.ts b/apps/web/app/api/billing/webhook/route.ts
index 52b1420..dc87249 100644
--- a/apps/web/app/api/billing/webhook/route.ts
+++ b/apps/web/app/api/billing/webhook/route.ts
@@ -144,6 +144,7 @@ export async function POST(request: Request) {
   const signature = request.headers.get("stripe-signature")
 
   if (!signature) {
+    console.error("webhook: missing stripe-signature header")
     return NextResponse.json({ error: "missing signature" }, { status: 400 })
   }
 
@@ -155,7 +156,10 @@ export async function POST(request: Request) {
       signature,
       process.env.STRIPE_WEBHOOK_SECRET!
     )
-  } catch {
+  } catch (verificationError) {
+    console.error("webhook: signature verification failed:", verificationError)
+    console.error("webhook: secret defined:", !!process.env.STRIPE_WEBHOOK_SECRET)
+    console.error("webhook: body length:", body.length)
     return NextResponse.json({ error: "invalid signature" }, { status: 400 })
   }
author	Fuwn <[email protected]>	2026-02-08 07:57:18 -0800
committer	Fuwn <[email protected]>	2026-02-08 07:57:18 -0800
commit	1e29d343c2e8226df110023828e27d92080e7168 (patch)
tree	8a9a1ec8312f72e9894e0c0cfe116e5c9c872f66 /apps/web/app/api
parent	fix: exclude webhook route from auth middleware to prevent 405 (diff)
download	asa.news-1e29d343c2e8226df110023828e27d92080e7168.tar.xz asa.news-1e29d343c2e8226df110023828e27d92080e7168.zip