Skip to content

Add Stripe webhook endpoint, Supabase analytics rollup and RLS hardening, and update env/docs#21

Open
feiscs wants to merge 2 commits into
codex/provide-professional-e-commerce-promptfrom
codex/configure-stripe-with-vercel-webhook-529aci
Open

Add Stripe webhook endpoint, Supabase analytics rollup and RLS hardening, and update env/docs#21
feiscs wants to merge 2 commits into
codex/provide-professional-e-commerce-promptfrom
codex/configure-stripe-with-vercel-webhook-529aci

Conversation

@feiscs
Copy link
Copy Markdown
Owner

@feiscs feiscs commented May 15, 2026

Motivation

  • Add server-side Stripe webhook handling so the app can verify webhook events with STRIPE_WEBHOOK_SECRET before processing.
  • Harden Supabase storefront security and add a backend-only analytics rollup to aggregate events and newsletter leads.
  • Surface required runtime variables and deployment steps in .env.example and documentation for easier go-live configuration.

Description

  • Added api/stripe-webhook.js which reads the raw request body, parses and validates the Stripe Stripe-Signature header, enforces timestamp freshness, computes the HMAC sha256 using STRIPE_WEBHOOK_SECRET, and returns verified JSON responses.
  • Introduced supabase/migrations/202605150001_analytics_rollup.sql to create analytics_event_cursor, analytics_event_daily, analytics_leads_daily, revoke public reads, grant service_role select access, and add public.process_store_events() as a security definer function to roll up events and leads.
  • Hardened storefront RLS in supabase/migrations/202605130002_harden_storefront_rls.sql by revoking SELECT for anon/authenticated and adding explicit insert policies for the authenticated role.
  • Updated .env.example to include Stripe placeholder keys, APP_URL, GITHUB_AGENT_WORKFLOW, adjusted SHOPIFY_ENABLE_REMOTE_PRODUCTS, and redacted Supabase anon key demo value.
  • Added docs/SUPABASE_DEPLOY_VERIFY.md with SQL checks to verify the analytics migration and updated docs/INTEGRATIONS.md and docs/GO_LIVE_CHECKLIST.md with Stripe webhook and Supabase deployment guidance.

Testing

  • No automated tests were run as part of this change; CI should run the existing npm run check and Vercel preview to validate runtime behavior.

Codex Task

@vercel
Copy link
Copy Markdown
Contributor

vercel Bot commented May 15, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
feishtml Ready Ready Preview, Comment May 15, 2026 8:40am

@supabase
Copy link
Copy Markdown

supabase Bot commented May 15, 2026
edited
Loading

Updates to Preview Branch (codex/configure-stripe-with-vercel-webhook-529aci) ↗︎

Deployments Status Updated
Database Fri, 15 May 2026 08:40:55 UTC
Services Fri, 15 May 2026 08:40:55 UTC
APIs Fri, 15 May 2026 08:40:55 UTC

Tasks are run on every commit but only new migration files are pushed.
Close and reopen this PR if you want to apply changes from existing seed or migration files.

Tasks Status Updated
Configurations Fri, 15 May 2026 08:40:55 UTC
Migrations Fri, 15 May 2026 08:40:55 UTC
Seeding Fri, 15 May 2026 08:40:55 UTC
Edge Functions Fri, 15 May 2026 08:40:59 UTC

View logs for this Workflow Run ↗︎.
Learn more about Supabase for Git ↗︎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@feiscs