firefrost-services/services/_archived/arbiter/src/middleware/validateWebhook.js

// src/middleware/validateWebhook.js
// Zod-based payload validation for Paymenter webhooks

const { z } = require('zod');

const webhookSchema = z.object({
    event: z.string(),
    customer_email: z.string().email(),
    customer_name: z.string().optional(),
    tier: z.string(),
    product_id: z.string().optional(),
    subscription_id: z.string().optional(),
    discord_id: z.string().optional().nullable()
});

/**
 * Validate webhook payload structure using Zod
 * @param {Object} req - Express request
 * @param {Object} res - Express response
 * @param {Function} next - Express next function
 */
function validateBillingPayload(req, res, next) {
    try {
        req.body = webhookSchema.parse(req.body);
        next();
    } catch (error) {
        // Log the validation error for debugging, but return 400
        console.error('[Webhook] Validation Error:', error.errors);
        return res.status(400).json({ error: 'Invalid payload structure' });
    }
}

module.exports = validateBillingPayload;