/** * Stripe webhook handler — authoritative Stripe-event reconciliation path * for payment and refund state on bookings. * * ADR 0006 supersedes ADR 0002's old webhook-only claim for * bookings.status = confirmed. The current ACP complete path may also write * confirmed after Stripe confirms the payment intent. This webhook remains * authoritative for Stripe-sent event reconciliation and refund_status. * * Events handled: * - payment_intent.succeeded → bookings.status = 'confirmed' * - payment_intent.payment_failed → bookings.status = 'cancelled' * - charge.refunded → bookings.refund_status = 'succeeded' * - charge.refund.updated → may set 'failed' * * Chargeback boundary: * - charge.dispute.created is not handled by HemmaBo. Stripe chargebacks * are operated by the host in the host's Stripe Dashboard. Do not model * disputes as bookings.status or as a HemmaBo-owned dispute workflow. * * Endpoint: POST /api/stripe-webhook * Vercel rewrite: see vercel.json. Configure the URL in Stripe Dashboard * → Developers → Webhooks → "Add endpoint" and copy the signing secret * into STRIPE_WEBHOOK_SECRET on Vercel. * * Security: * - Verifies Stripe-Signature using HMAC-SHA256 with timingSafeEqual. * - Rejects timestamps older than 5 minutes (replay protection per * Stripe's signature spec). * - Returns 400 on any verification failure. Never 401 — Stripe retries * on non-2xx, and we don't want it to retry on signature failures. */ import type { VercelRequest, VercelResponse } from "./_types.js"; /** * Verify a Stripe webhook signature against the raw request body. * Exported for the contract test (uses the same code, no shortcut). * * `nowSeconds` is injectable so tests can run with a fixed clock. */ export declare function verifyStripeSignature(rawBody: string, signatureHeader: string | undefined, secret: string, nowSeconds?: number): { valid: true; } | { valid: false; reason: string; }; export default function handler(req: VercelRequest, res: VercelResponse): Promise; export declare const config: { api: { bodyParser: boolean; }; };