From d226efe56948b5ef3aeae8b276c3b6332e008e95 Mon Sep 17 00:00:00 2001
From: Teddy Wing
Date: Thu, 8 Nov 2018 00:51:44 +0100
Subject: Add 'paddle' crate

Should verify a Paddle webhook. This ensures that the request really
does come from Paddle.

In order to verify the request, we need to sign the serialized POST
parameters. And, weirdly, Paddle requires you to serialize parameters in
PHP's serialization format.

Using this Gist by 'drewmccormack' as a reference for the format:
https://gist.github.com/drewmccormack/a51b18ffeda8f596a11a8623481344d8
---
 license-generator/Cargo.lock        |  4 ++++
 license-generator/Cargo.toml        |  5 ++++-
 license-generator/paddle/Cargo.toml |  5 +++++
 license-generator/paddle/src/lib.rs | 40 +++++++++++++++++++++++++++++++++++++
 4 files changed, 53 insertions(+), 1 deletion(-)
 create mode 100644 license-generator/paddle/Cargo.toml
 create mode 100644 license-generator/paddle/src/lib.rs

diff --git a/license-generator/Cargo.lock b/license-generator/Cargo.lock
index cee7dd9..d615538 100644
--- a/license-generator/Cargo.lock
+++ b/license-generator/Cargo.lock
@@ -146,6 +146,10 @@ dependencies = [
  "vcpkg 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
+[[package]]
+name = "paddle"
+version = "0.0.1"
+
 [[package]]
 name = "pkg-config"
 version = "0.3.14"
diff --git a/license-generator/Cargo.toml b/license-generator/Cargo.toml
index 55d1a3f..99c9a3c 100644
--- a/license-generator/Cargo.toml
+++ b/license-generator/Cargo.toml
@@ -6,4 +6,7 @@ version = "0.0.1"
 fastcgi = "1.0.0"
 
 [workspace]
-members = ["aquatic-prime"]
+members = [
+	"aquatic-prime",
+	"paddle",
+]
diff --git a/license-generator/paddle/Cargo.toml b/license-generator/paddle/Cargo.toml
new file mode 100644
index 0000000..0a4f677
--- /dev/null
+++ b/license-generator/paddle/Cargo.toml
@@ -0,0 +1,5 @@
+[package]
+name = "paddle"
+version = "0.0.1"
+
+[dependencies]
diff --git a/license-generator/paddle/src/lib.rs b/license-generator/paddle/src/lib.rs
new file mode 100644
index 0000000..a1db417
--- /dev/null
+++ b/license-generator/paddle/src/lib.rs
@@ -0,0 +1,40 @@
+// https://paddle.com/docs/reference-verifying-webhooks/
+fn verify_signature<'a, I>(params: I) -> bool
+where I: ExactSizeIterator<Item = (&'a str, &'a str)> {
+    false
+}
+
+fn php_serialize<'a, I>(pairs: I) -> String
+where I: ExactSizeIterator<Item = (&'a str, &'a str)> {
+    let mut serialized = String::with_capacity(500);
+
+    serialized.push_str(
+        &format!("a:{pairs_count}:{{", pairs_count = pairs.len())
+    );
+
+    for (key, value) in pairs {
+        serialized.push_str(
+            &format!(
+                "s:{key_length}:\"{key}\";s:{value_length}:\"{value}\";",
+                key_length = key.len(),
+                key = key,
+                value_length = value.len(),
+                value = value
+            )
+        );
+    }
+
+    serialized.push_str("}");
+
+    serialized
+}
+
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn php_serialize_serializes_key_values_as_php_string() {
+    }
+}
-- 
cgit v1.2.3