feat(security): security

docs/webhook/seguranca/_category_.json

@@ -0,0 +1,13 @@
+{
+  "label": "Segurança",
+  "collapsible": true,
+  "collapsed": true,
+  "className": "red",
+  "link": {
+    "type": "generated-index",
+    "title": "Segurança visão geral"
+  },
+  "customProps": {
+    "description": "Segurança documentação"
+  }
+}

docs/webhook/webhook-hmac.mdx → docs/webhook/seguranca/webhook-hmac.mdx

@@ -37,9 +37,9 @@ defaultValue="PHP"
 ```php
   <?php 
     $headers['X-OpenPix-Signature'] = 'jgR2XF0PKDiAwHP1s+TryvxMySQ='; // vira da chamada do webhook
-    $body = '{"data_criacao":"2021-08-10T20:32:14.429Z","evento":"teste_webhook"}'; // vira da chamada do webhook
+    $body = '{"data_criacao":"2021-08-10T20:32:14.429Z","evento":"teste_webhook","event":"OPENPIX:CHARGE_COMPLETED"}'; // vira da chamada do webhook
 
-    $secretKeyOnOpenpixPlatform = 'hmac-secret-key'; // secret key da chave de acesso do Woovi
+    $secretKeyOnOpenpixPlatform = 'hmac-secret-key'; // secret key da chave de acesso do OpenPix
 
     $algorithm = 'sha1'; // algoritmo de hash
 
@@ -71,9 +71,9 @@ defaultValue="PHP"
 
     const openpixSignatureHeader = 'jgR2XF0PKDiAwHP1s+TryvxMySQ='; // vem da chamada do webhook
 
-    const body = '{"data_criacao":"2021-08-10T20:32:14.429Z","evento":"teste_webhook"}'; // vem da chamada do webhook
+    const body = '{"data_criacao":"2021-08-10T20:32:14.429Z","evento":"teste_webhook","event":"OPENPIX:CHARGE_COMPLETED"}'; // vem da chamada do webhook
 
-    const key = 'hmac-secret-key'; // secret key da chave de acesso do Woovi
+    const key = 'hmac-secret-key'; // secret key da chave de acesso do OpenPix
 
     const signature = hmacCalculateSignature(key, body, 'base64');
 
@@ -91,11 +91,18 @@ defaultValue="PHP"
 
   ```bash
 
-  echo -n '{"data_criacao":"2021-08-10T20:32:14.429Z","evento":"teste_webhook"}' | openssl dgst -sha1 -hmac "hmac-secret-key" -binary | base64
-  
+  echo -n '{"data_criacao":"2021-08-10T20:32:14.429Z","evento":"teste_webhook","event":"OPENPIX:CHARGE_COMPLETED"}' | openssl dgst -sha1 -hmac "hmac-secret-key" -binary | base64
+
   ```
 </TabItem>
 </Tabs>
 
+:::info
+
+O campo `event` enviado junto ao payload do webhook tem seu valor conforme o tipo de evento que você escolheu no momento em que criou o webhook.
+Para saber mais sobre os tipos de eventos, acesse a [documentação de eventos](./webhook-events-type).
+
+:::
+
 Nesse link temos um exemplo de validação do HMAC usando JavaScript
 [WebhookPost](https://github.com/Open-Pix/node-backend-integration/blob/master/src/webhook/webhookPost.ts)

docs/webhook/seguranca/webhook-ips.md

@@ -0,0 +1,18 @@
+---
+id: webhook-ips
+title: "Webhook IPs"
+description: "Webhook IPs"
+tags:
+  - webhook
+  - ip
+---
+
+Esta página lista os endereços IP que a Woovi/OpenPix usa para enviar webhooks.
+
+```
+189.51.60.9
+138.97.124.129
+177.71.136.66
+```
+
+Você pode restrigir os seus Webhooks para somente aceitarem requests desses IPs

docs/webhook/weebhook-signature-validation.mdx → docs/webhook/seguranca/weebhook-signature-validation.mdx

@@ -40,7 +40,7 @@ function verifyPayload($payload, $signature) {
   return $verify;
 }
 // replace to the payload received
-$payload = '{ "pixQrCode": null, "charge": { "status": "COMPLETED", "customer": { "name": "Antonio Victor", "taxID": { "taxID": "12345678976", "type": "BR:CPF" }, "email": "[email protected]", "correlationID": "4979ceba-2132-4292-bd90-bee7fb2125e4" }, "value": 1000, "comment": "Pagamento Woovi", "transactionID": "ea83401ed4834b3ea6f1f283b389af29", "correlationID": "417bae21-3d08-4cdb-9c2d-fee63c89e9e4", "paymentLinkID": "34697ed2-3790-4b60-8512-e7465b142d84", "createdAt": "2021-03-12T12:43:54.528Z", "updatedAt": "2021-03-12T12:44:09.360Z", "brCode": "https://api.woovi.com/openpix/openpix/testing?transactionID=ea83401ed4834b3ea6f1f283b389af29" }, "pix": { "charge": { "status": "COMPLETED", "customer": { "name": "Antonio Victor", "taxID": { "taxID": "12345678976", "type": "BR:CPF" }, "email": "[email protected]", "correlationID": "4979ceba-2132-4292-bd90-bee7fb2125e4" }, "value": 1000, "comment": "Pagamento Woovi", "transactionID": "ea83401ed4834b3ea6f1f283b389af29", "correlationID": "417bae21-3d08-4cdb-9c2d-fee63c89e9e4", "paymentLinkID": "34697ed2-3790-4b60-8512-e7465b142d84", "createdAt": "2021-03-12T12:43:54.528Z", "updatedAt": "2021-03-12T12:44:09.360Z" }, "customer": { "correlationID": "9134e286-6f71-427a-bf00-241681624586", "email": "[email protected]", "name": "Loma", "phone": "+5511999999999", "taxID": { "taxID": "47043622050", "type": "BR:CPF" } }, "payer": { "correlationID": "9134e286-6f71-427a-bf00-241681624586", "email": "[email protected]", "name": "Loma", "phone": "+5511999999999", "taxID": { "taxID": "47043622050", "type": "BR:CPF" } }, "time": "2021-03-12T12:44:09.269Z", "value": 1, "transactionID": "ea83401ed4834b3ea6f1f283b389af29", "infoPagador": "Woovi testing" }, "company": { "id": "624f46f9e93f9f521c8308d7", "name": "Pizzaria do José", "taxID": "4722767300014" }, "account": { "clientId": "ZOJ64B9B-ZM1W-89MI-4UCI-OP2LVIU6NY75" } }';
+$payload = '{ "pixQrCode": null, "charge": { "status": "COMPLETED", "customer": { "name": "Antonio Victor", "taxID": { "taxID": "12345678976", "type": "BR:CPF" }, "email": "[email protected]", "correlationID": "4979ceba-2132-4292-bd90-bee7fb2125e4" }, "value": 1000, "comment": "Pagamento OpenPix", "transactionID": "ea83401ed4834b3ea6f1f283b389af29", "correlationID": "417bae21-3d08-4cdb-9c2d-fee63c89e9e4", "paymentLinkID": "34697ed2-3790-4b60-8512-e7465b142d84", "createdAt": "2021-03-12T12:43:54.528Z", "updatedAt": "2021-03-12T12:44:09.360Z", "brCode": "https://api.openpix.com.br/openpix/openpix/testing?transactionID=ea83401ed4834b3ea6f1f283b389af29" }, "pix": { "charge": { "status": "COMPLETED", "customer": { "name": "Antonio Victor", "taxID": { "taxID": "12345678976", "type": "BR:CPF" }, "email": "[email protected]", "correlationID": "4979ceba-2132-4292-bd90-bee7fb2125e4" }, "value": 1000, "comment": "Pagamento OpenPix", "transactionID": "ea83401ed4834b3ea6f1f283b389af29", "correlationID": "417bae21-3d08-4cdb-9c2d-fee63c89e9e4", "paymentLinkID": "34697ed2-3790-4b60-8512-e7465b142d84", "createdAt": "2021-03-12T12:43:54.528Z", "updatedAt": "2021-03-12T12:44:09.360Z" }, "customer": { "correlationID": "9134e286-6f71-427a-bf00-241681624586", "email": "[email protected]", "name": "Loma", "phone": "+5511999999999", "taxID": { "taxID": "47043622050", "type": "BR:CPF" } }, "payer": { "correlationID": "9134e286-6f71-427a-bf00-241681624586", "email": "[email protected]", "name": "Loma", "phone": "+5511999999999", "taxID": { "taxID": "47043622050", "type": "BR:CPF" } }, "time": "2021-03-12T12:44:09.269Z", "value": 1, "transactionID": "ea83401ed4834b3ea6f1f283b389af29", "infoPagador": "OpenPix testing" }, "company": { "id": "624f46f9e93f9f521c8308d7", "name": "Pizzaria do José", "taxID": "4722767300014" }, "account": { "clientId": "ZOJ64B9B-ZM1W-89MI-4UCI-OP2LVIU6NY75" } }';
 
 // replace to the header signature received into x-webhook-signature
 $signature = 'lL2nnXgmLFGgxJ8+jCDguqouU4ucrIxYJcU5SPrJFaNcJajTJHYVldqc/z4YFIjAjtPEALe699WosgPY08W7CLpidvtm06Qwa4YMB0l/DcTS93O91NdSH/adjugEKiOb76Zj/0jB8mqOmWCFYbweOBa17bssuEkd5Lw7Q5L314Y=';
@@ -87,7 +87,7 @@ export const verifyPayload = ({ payload, signature }: VerifyPayloadType) => {
 
 // replace to the payload received into body
 const payload =
-  '{ "pixQrCode": null, "charge": { "status": "COMPLETED", "customer": { "name": "Antonio Victor", "taxID": { "taxID": "12345678976", "type": "BR:CPF" }, "email": "[email protected]", "correlationID": "4979ceba-2132-4292-bd90-bee7fb2125e4" }, "value": 1000, "comment": "Pagamento Woovi", "transactionID": "ea83401ed4834b3ea6f1f283b389af29", "correlationID": "417bae21-3d08-4cdb-9c2d-fee63c89e9e4", "paymentLinkID": "34697ed2-3790-4b60-8512-e7465b142d84", "createdAt": "2021-03-12T12:43:54.528Z", "updatedAt": "2021-03-12T12:44:09.360Z", "brCode": "https://api.woovi.com/openpix/openpix/testing?transactionID=ea83401ed4834b3ea6f1f283b389af29" }, "pix": { "charge": { "status": "COMPLETED", "customer": { "name": "Antonio Victor", "taxID": { "taxID": "12345678976", "type": "BR:CPF" }, "email": "[email protected]", "correlationID": "4979ceba-2132-4292-bd90-bee7fb2125e4" }, "value": 1000, "comment": "Pagamento Woovi", "transactionID": "ea83401ed4834b3ea6f1f283b389af29", "correlationID": "417bae21-3d08-4cdb-9c2d-fee63c89e9e4", "paymentLinkID": "34697ed2-3790-4b60-8512-e7465b142d84", "createdAt": "2021-03-12T12:43:54.528Z", "updatedAt": "2021-03-12T12:44:09.360Z" }, "customer": { "correlationID": "9134e286-6f71-427a-bf00-241681624586", "email": "[email protected]", "name": "Loma", "phone": "+5511999999999", "taxID": { "taxID": "47043622050", "type": "BR:CPF" } }, "payer": { "correlationID": "9134e286-6f71-427a-bf00-241681624586", "email": "[email protected]", "name": "Loma", "phone": "+5511999999999", "taxID": { "taxID": "47043622050", "type": "BR:CPF" } }, "time": "2021-03-12T12:44:09.269Z", "value": 1, "transactionID": "ea83401ed4834b3ea6f1f283b389af29", "infoPagador": "Woovi testing" }, "company": { "id": "624f46f9e93f9f521c8308d7", "name": "Pizzaria do José", "taxID": "4722767300014" }, "account": { "clientId": "ZOJ64B9B-ZM1W-89MI-4UCI-OP2LVIU6NY75" } }';
+  '{ "pixQrCode": null, "charge": { "status": "COMPLETED", "customer": { "name": "Antonio Victor", "taxID": { "taxID": "12345678976", "type": "BR:CPF" }, "email": "[email protected]", "correlationID": "4979ceba-2132-4292-bd90-bee7fb2125e4" }, "value": 1000, "comment": "Pagamento OpenPix", "transactionID": "ea83401ed4834b3ea6f1f283b389af29", "correlationID": "417bae21-3d08-4cdb-9c2d-fee63c89e9e4", "paymentLinkID": "34697ed2-3790-4b60-8512-e7465b142d84", "createdAt": "2021-03-12T12:43:54.528Z", "updatedAt": "2021-03-12T12:44:09.360Z", "brCode": "https://api.openpix.com.br/openpix/openpix/testing?transactionID=ea83401ed4834b3ea6f1f283b389af29" }, "pix": { "charge": { "status": "COMPLETED", "customer": { "name": "Antonio Victor", "taxID": { "taxID": "12345678976", "type": "BR:CPF" }, "email": "[email protected]", "correlationID": "4979ceba-2132-4292-bd90-bee7fb2125e4" }, "value": 1000, "comment": "Pagamento OpenPix", "transactionID": "ea83401ed4834b3ea6f1f283b389af29", "correlationID": "417bae21-3d08-4cdb-9c2d-fee63c89e9e4", "paymentLinkID": "34697ed2-3790-4b60-8512-e7465b142d84", "createdAt": "2021-03-12T12:43:54.528Z", "updatedAt": "2021-03-12T12:44:09.360Z" }, "customer": { "correlationID": "9134e286-6f71-427a-bf00-241681624586", "email": "[email protected]", "name": "Loma", "phone": "+5511999999999", "taxID": { "taxID": "47043622050", "type": "BR:CPF" } }, "payer": { "correlationID": "9134e286-6f71-427a-bf00-241681624586", "email": "[email protected]", "name": "Loma", "phone": "+5511999999999", "taxID": { "taxID": "47043622050", "type": "BR:CPF" } }, "time": "2021-03-12T12:44:09.269Z", "value": 1, "transactionID": "ea83401ed4834b3ea6f1f283b389af29", "infoPagador": "OpenPix testing" }, "company": { "id": "624f46f9e93f9f521c8308d7", "name": "Pizzaria do José", "taxID": "4722767300014" }, "account": { "clientId": "ZOJ64B9B-ZM1W-89MI-4UCI-OP2LVIU6NY75" } }';
 
 // replace to the payload received into x-webhook-signature header
 const signature =

docs/webhook/webhook-events-type.md

@@ -0,0 +1,59 @@
+---
+title: "Tipos de eventos do Webhook"
+description: "Tipos de eventos do Webhook"
+tags:
+  - webhook
+---
+
+## Tipos de eventos do Webhook
+
+O Webhook é um recurso que permite que a OpenPix envie notificações para sua aplicação quando um evento ocorre. 
+Por exemplo, quando uma cobrança é paga, a OpenPix envia uma notificação para o seu servidor.
+
+Abaixo, você pode ver uma lista de todos os eventos que a OpenPix envia para sua aplicação.
+
+## Eventos de cobrança
+
+Os eventos de cobrança são enviados quando uma cobrança é paga.
+
+### OPENPIX:CHARGE_COMPLETED
+
+Esse evento é enviado quando uma cobrança é paga.
+
+### OPENPIX:CHARGE_EXPIRED
+
+Esse evento é enviado quando uma cobrança expira.
+
+### OPENPIX:CHARGE_CREATED
+
+Esse evento é enviado quando uma cobrança é criada.
+
+### OPENPIX:CHARGE_COMPLETED_NOT_SAME_CUSTOMER_PAYER
+
+Esse evento é enviado quando uma cobrança é paga com um `payer` diferente do `customer`.
+
+## Eventos de transação
+
+Os eventos de transação são enviados quando uma transação é recebida.
+
+### OPENPIX:TRANSACTION_RECEIVED
+
+Esse evento é enviado qunado uma transação é recebida, seja ela de uma cobrança ou de um QR code estático.
+
+### OPENPIX:TRANSACTION_REFUND_RECEIVED
+
+Esse evento é enviado quando é realizado o reembolso de uma transação.
+
+## Eventos de Pagamento Instantâneo
+
+### OPENPIX:MOVEMENT_CONFIRMED
+
+Esse evento é enviado quando um pagamento é confirmado.
+
+### OPENPIX:MOVEMENT_FAILED
+
+Esse evento é enviado quando um pagamento confirmado falha.
+
+#### OPENPIX:MOVEMENT_REMOVED
+
+Esse evento é enviado quando um pagamento é removido.

docs/webhook/webhook-test.md

@@ -0,0 +1,37 @@
+---
+title: "Validando o webhook de teste"
+tags:
+  - webhook
+  - test
+---
+
+## Validando o webhook de teste
+
+Quando é criado um novo webhook, a OpenPix envia uma requisição de teste para o seu endpoint. 
+Essa requisição é enviada para garantir que o seu endpoint está funcionando corretamente.
+
+### 1. Recebendo o webhook de teste
+
+Quando a OpenPix envia um webhook de teste, o corpo da requisição é:
+
+```json
+{
+  "data_criacao":"2024-01-23T20:32:14.429Z",
+  "event":"OPENPIX:CHARGE_COMPLETED",
+}
+```
+
+:::info
+
+O campo `event` é o tipo de evento que está sendo enviado. Ele é escolhido conforme o evento selecionado na plataforma.
+Você pode olhar os tipos de eventos disponíveis [aqui](./webhook-events-type.md).
+
+:::
+
+### 2. Respondendo o webhook de teste
+
+Para responder o webhook de teste, basta retornar o status code `200` e o corpo da resposta vazio.
+
+```php
+return response()->json([], 200);
+```