Open pavelbrm opened 1 month ago
The security team is monitoring all repositories for certain keywords. This PR includes the word(s) "authentication" and so security team members have been added as reviewers to take a look.
No need to request a full security review at this stage, the security team will take a look shortly and either clear the label or request more information/changes.
Notifications have already been sent, but if this is blocking your merge feel free to reach out directly to the security team on Slack so that we can expedite this check.
The security team is monitoring all repositories for certain keywords. This PR includes the word(s) "authentication" and so security team members have been added as reviewers to take a look. No need to request a full security review at this stage, the security team will take a look shortly and either clear the label or request more information/changes. Notifications have already been sent, but if this is blocking your merge feel free to reach out directly to the security team on Slack so that we can expedite this check.
This PR is already under a security review, robot.
[puLL-Merge] - brave-intl/bat-go@2560
This PR makes several changes related to handling Play Store notifications for subscriptions in the skus service:
HandleAndroidWebhook
function and related typeshandleWebhookPlayStore
function to process Play Store notificationsgcpPushNotificationValidator
to gpsNtfAuthenticator
for authenticating Play Store notificationsThe motivation for these changes seems to be to improve the handling of Play Store subscription notifications in the skus service.
No major security hotspots were identified in this change. The updates primarily focus on refactoring and improving the handling of Play Store notifications for subscriptions.
Summary
This PR introduces handling for Google Play Store Developer Notifications aka Android Webhooks. This functionality has been assumed to be implemented and working, but it was neither implemented properly, nor worked.
The new code is extensively covered with tests, unlike what was there before, which could be said to have not had test coverage at all (the original version prior to https://github.com/brave-intl/bat-go/pull/2318 and https://github.com/brave-intl/bat-go/pull/2360).
Also, this PR supersedes https://github.com/brave-intl/bat-go/pull/2341.
Main Changes
Developer notifications are received in the existing endpoint and are handled in a way similar to how App Store Server Notifications are handled:
2024-06-01
(i.e. 1 June 2024) will be skipped.Other Changes
A lot of the old garbage code has been purged, and it feels good.
Type of Change
Tested Environments
Before Requesting Review
Manual Test Plan