Wrap webhook handler in try-catch

vdavid · vdavid · commit 7398965b5d39 · 2026-02-08T10:33:41.000+01:00
diff --git a/apps/license-server/src/index.ts b/apps/license-server/src/index.ts
@@ -167,82 +167,100 @@ app.post('/webhook/paddle', async (c) => {
         return c.json({ error: 'Invalid signature' }, 401)
     }
 
-    const payload = JSON.parse(body) as PaddleWebhookPayload
+    let payload: PaddleWebhookPayload
+    try {
+        payload = JSON.parse(body) as PaddleWebhookPayload
+    } catch {
+        console.error('Failed to parse webhook body as JSON')
+        return c.json({ error: 'Invalid JSON' }, 400)
+    }
     console.log('Received webhook:', payload.event_type)
 
     // Only handle completed purchases
     if (payload.event_type !== 'transaction.completed') {
         return c.json({ status: 'ignored', event: payload.event_type })
     }
 
-    // Extract purchase data from webhook
-    const purchaseData = extractPurchaseData(payload)
-    if (!purchaseData) {
-        console.error('Missing customer_id or transaction ID in webhook payload')
-        return c.json({ error: 'Missing customer_id or transaction ID' }, 400)
-    }
+    try {
+        // Extract purchase data from webhook
+        const purchaseData = extractPurchaseData(payload)
+        if (!purchaseData) {
+            console.error('Missing customer_id or transaction ID in webhook payload')
+            return c.json({ error: 'Missing customer_id or transaction ID' }, 400)
+        }
 
-    // Idempotency: skip if this transaction was already processed
-    const idempotencyKey = `transaction:${purchaseData.transactionId}`
-    const alreadyProcessed = await c.env.LICENSE_CODES.get(idempotencyKey)
-    if (alreadyProcessed) {
-        console.log('Transaction already processed:', purchaseData.transactionId)
-        return c.json({ status: 'already_processed', transactionId: purchaseData.transactionId })
-    }
+        // Idempotency: skip if this transaction was already processed
+        const idempotencyKey = `transaction:${purchaseData.transactionId}`
+        const alreadyProcessed = await c.env.LICENSE_CODES.get(idempotencyKey)
+        if (alreadyProcessed) {
+            console.log('Transaction already processed:', purchaseData.transactionId)
+            return c.json({ status: 'already_processed', transactionId: purchaseData.transactionId })
+        }
 
-    console.log('Processing transaction:', purchaseData.transactionId, 'for customer:', purchaseData.customerId)
+        console.log('Processing transaction:', purchaseData.transactionId, 'for customer:', purchaseData.customerId)
 
-    // Determine Paddle API config (sandbox vs live based on transaction ID)
-    const paddleConfig = getPaddleConfig(purchaseData.transactionId, c.env)
-    if (!paddleConfig) {
-        console.error('No Paddle API key configured')
-        return c.json({ error: 'Server configuration error' }, 500)
-    }
+        // Determine Paddle API config (sandbox vs live based on transaction ID)
+        const paddleConfig = getPaddleConfig(purchaseData.transactionId, c.env)
+        if (!paddleConfig) {
+            console.error('No Paddle API key configured')
+            return c.json({ error: 'Server configuration error' }, 500)
+        }
 
-    // Fetch customer details from Paddle API
-    const customer = await getCustomerDetails(purchaseData.customerId, paddleConfig)
-    if (!customer) {
-        console.error('Failed to fetch customer details for:', purchaseData.customerId)
-        return c.json({ error: 'Failed to fetch customer details' }, 500)
-    }
+        // Fetch customer details from Paddle API
+        const customer = await getCustomerDetails(purchaseData.customerId, paddleConfig)
+        if (!customer) {
+            console.error('Failed to fetch customer details for:', purchaseData.customerId)
+            return c.json({ error: 'Failed to fetch customer details' }, 500)
+        }
 
-    console.log('Customer email:', customer.email, 'business:', customer.businessName)
+        console.log('Customer email:', customer.email, 'business:', customer.businessName)
 
-    // Determine license type from price ID
-    const priceIds: PriceIdMapping = {
-        supporter: c.env.PRICE_ID_SUPPORTER,
-        commercialSubscription: c.env.PRICE_ID_COMMERCIAL_SUBSCRIPTION,
-        commercialPerpetual: c.env.PRICE_ID_COMMERCIAL_PERPETUAL,
-    }
-    const licenseType = purchaseData.priceId
-        ? getLicenseTypeFromPriceId(purchaseData.priceId, priceIds)
-        : 'commercial_subscription'
-
-    // Get organization name: prefer customer's business name, fall back to custom_data
-    const organizationName =
-        licenseType !== 'supporter' ? (customer.businessName ?? purchaseData.organizationName) : undefined
-
-    // Generate and send license(s) - one per quantity
-    const result = await generateAndSendLicenses({
-        customerEmail: customer.email,
-        customerName: customer.name ?? 'there',
-        transactionId: purchaseData.transactionId,
-        quantity: purchaseData.quantity,
-        licenseType: licenseType ?? 'commercial_subscription',
-        organizationName,
-        privateKey: c.env.ED25519_PRIVATE_KEY,
-        productName: c.env.PRODUCT_NAME,
-        supportEmail: c.env.SUPPORT_EMAIL,
-        resendApiKey: c.env.RESEND_API_KEY,
-        kv: c.env.LICENSE_CODES,
-    })
+        // Determine license type from price ID
+        const priceIds: PriceIdMapping = {
+            supporter: c.env.PRICE_ID_SUPPORTER,
+            commercialSubscription: c.env.PRICE_ID_COMMERCIAL_SUBSCRIPTION,
+            commercialPerpetual: c.env.PRICE_ID_COMMERCIAL_PERPETUAL,
+        }
+        const licenseType = purchaseData.priceId
+            ? getLicenseTypeFromPriceId(purchaseData.priceId, priceIds)
+            : 'commercial_subscription'
+
+        // Get organization name: prefer customer's business name, fall back to custom_data
+        const organizationName =
+            licenseType !== 'supporter' ? (customer.businessName ?? purchaseData.organizationName) : undefined
+
+        // Generate and send license(s) - one per quantity
+        // If email fails after KV writes, we intentionally don't mark the transaction as processed
+        // so the next Paddle retry will re-generate and re-send the licenses.
+        const result = await generateAndSendLicenses({
+            customerEmail: customer.email,
+            customerName: customer.name ?? 'there',
+            transactionId: purchaseData.transactionId,
+            quantity: purchaseData.quantity,
+            licenseType: licenseType ?? 'commercial_subscription',
+            organizationName,
+            privateKey: c.env.ED25519_PRIVATE_KEY,
+            productName: c.env.PRODUCT_NAME,
+            supportEmail: c.env.SUPPORT_EMAIL,
+            resendApiKey: c.env.RESEND_API_KEY,
+            kv: c.env.LICENSE_CODES,
+        })
 
-    // Mark transaction as processed (7-day TTL)
-    const sevenDaysInSeconds = 604_800
-    await c.env.LICENSE_CODES.put(idempotencyKey, 'processed', { expirationTtl: sevenDaysInSeconds })
+        // Mark transaction as processed (7-day TTL)
+        const sevenDaysInSeconds = 604_800
+        await c.env.LICENSE_CODES.put(idempotencyKey, 'processed', { expirationTtl: sevenDaysInSeconds })
 
-    console.log('Licenses sent to:', customer.email, 'type:', result.licenseType, 'quantity:', result.quantity)
-    return c.json({ status: 'ok', email: customer.email, licenseType: result.licenseType, quantity: result.quantity })
+        console.log('Licenses sent to:', customer.email, 'type:', result.licenseType, 'quantity:', result.quantity)
+        return c.json({
+            status: 'ok',
+            email: customer.email,
+            licenseType: result.licenseType,
+            quantity: result.quantity,
+        })
+    } catch (error) {
+        console.error('Webhook processing failed:', error instanceof Error ? error.message : String(error))
+        return c.json({ error: 'Internal server error' }, 500)
+    }
 })
 
 /** Extract purchase data from webhook payload (customer fetched separately via API) */
