From ee279dfbfe7f6e47eaf446236857bd2e552c337b Mon Sep 17 00:00:00 2001
From: Jun-te Kim <junte.kim@mealcraft.com>
Date: Wed, 21 Jan 2026 19:41:03 +0000
Subject: [PATCH] deploy to dev

---
 .github/workflows/stripe-to-invoice.yml              |  9 +++++----
 stripe_to_invoice/app/api/stripe/webhook/route.ts    | 12 +++++++++++-
 stripe_to_invoice/app/page.tsx                       |  1 -
 stripe_to_invoice/deployment/deployment.yaml         |  6 ++++++
 stripe_to_invoice/deployment/secrets/.env            |  2 ++
 .../deployment/secrets/stripe-secrets.yaml           |  1 +
 6 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/stripe-to-invoice.yml b/.github/workflows/stripe-to-invoice.yml
index 73a009f..0e351cc 100644
--- a/.github/workflows/stripe-to-invoice.yml
+++ b/.github/workflows/stripe-to-invoice.yml
@@ -128,9 +128,8 @@ jobs:
             XERO_CLIENT_ID="$PROD_XERO_CLIENT_ID"
             XERO_CLIENT_SECRET="$PROD_XERO_SECRET_KEY"
             XERO_REDIRECT_URI="$PROD_REDIRECT_URI"
-            AWS_REGION="$DEV_AWS_REGION"
-
-
+            AWS_REGION="$PROD_AWS_REGION"
+            STRIPE_WEBHOOK_SECRET="$PROD_STRIPE_WEBHOOK_SECRET"
           else
             STRIPE_SECRET_KEY="$DEV_STRIPE_SECRET_KEY"
             STRIPE_CLIENT_ID="$DEV_STRIPE_CLIENT_ID"
@@ -139,7 +138,8 @@ jobs:
             XERO_CLIENT_ID="$DEV_XERO_CLIENT_ID"
             XERO_CLIENT_SECRET="$DEV_XERO_SECRET_KEY"
             XERO_REDIRECT_URI="$DEV_XERO_REDIRECT_URI"
-            AWS_REGION="$PROD_AWS_REGION"
+            AWS_REGION="$DEV_AWS_REGION"
+            STRIPE_WEBHOOK_SECRET="$DEV_STRIPE_WEBHOOK_SECRET"
           fi
 
           : "${STRIPE_SECRET_KEY:?missing STRIPE_SECRET_KEY}"
@@ -160,6 +160,7 @@ jobs:
             XERO_CLIENT_SECRET \
             XERO_REDIRECT_URI \
             AWS_REGION \
+            STRIPE_WEBHOOK_SECRET \
             NAMESPACE 
 
 
diff --git a/stripe_to_invoice/app/api/stripe/webhook/route.ts b/stripe_to_invoice/app/api/stripe/webhook/route.ts
index 20db5da..558e8b1 100644
--- a/stripe_to_invoice/app/api/stripe/webhook/route.ts
+++ b/stripe_to_invoice/app/api/stripe/webhook/route.ts
@@ -57,7 +57,17 @@ export async function POST(req: NextRequest) {
   // --------------------------------------------------
   const stripeAccountId =
     req.headers.get("stripe-account") ??
-    "acct_1Sds1LB99GOwj1Ea"; // DEV ONLY
+    (process.env.NODE_ENV === "development"
+      ? "acct_1Sds1LB99GOwj1Ea" // DEV ONLY
+      : null);
+
+  if (!stripeAccountId) {
+    console.error("❌ Missing stripe-account header in production");
+    return NextResponse.json(
+      { error: "Missing Stripe account context" },
+      { status: 400 }
+    );
+  }
 
   // --------------------------------------------------
   // 2️⃣ IDEMPOTENCY CHECK
diff --git a/stripe_to_invoice/app/page.tsx b/stripe_to_invoice/app/page.tsx
index 3c95830..99a477a 100644
--- a/stripe_to_invoice/app/page.tsx
+++ b/stripe_to_invoice/app/page.tsx
@@ -67,7 +67,6 @@ export default async function Home() {
           Log in →
         </a>
       </section>
-
     </main>
   );
 }
diff --git a/stripe_to_invoice/deployment/deployment.yaml b/stripe_to_invoice/deployment/deployment.yaml
index 76e867d..5d2c961 100644
--- a/stripe_to_invoice/deployment/deployment.yaml
+++ b/stripe_to_invoice/deployment/deployment.yaml
@@ -102,6 +102,12 @@ spec:
                   name: stripe-secrets
                   key: XERO_REDIRECT_URI
 
+            - name: STRIPE_WEBHOOK_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: stripe-secrets
+                  key: STRIPE_WEBHOOK_SECRET
+
       imagePullSecrets:
         - name: registrypullsecret
 
diff --git a/stripe_to_invoice/deployment/secrets/.env b/stripe_to_invoice/deployment/secrets/.env
index 0028a16..47dbf3b 100644
--- a/stripe_to_invoice/deployment/secrets/.env
+++ b/stripe_to_invoice/deployment/secrets/.env
@@ -7,6 +7,7 @@ DEV_AWS_ACCESS_KEY_ID=AKIAQL67W6HI2547OPVG
 DEV_AWS_SECRET_ACCESS_KEY=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
 DEV_SES_FROM_EMAIL=no-reply@juntekim.com
 DEV_STRIPE_REDIRECT_URI=https://stripe-to-invoice.dev.juntekim.com/api/stripe/callback
+DEV_STRIPE_WEBHOOK_SECRET=whsec_e6e760a5abf0cde5b31a005f754172a445ff1d710b4ee58c79f87ff7344ff08d
 DEV_XERO_CLIENT_ID=4C24EEA5583046519AD39B3905ED2BD3
 DEV_XERO_SECRET_KEY=PAYDhzqMLvNtPrN5vDC7iwtXkgu99yG8Gbu86IlrdHH8hGjA
 DEV_XERO_REDIRECT_URI=https://stripe-to-invoice.dev.juntekim.com/api/xero/callback
@@ -22,6 +23,7 @@ PROD_AWS_ACCESS_KEY_ID=AKIAQL67W6HI2547OPVG
 PROD_AWS_SECRET_ACCESS_KEY=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
 PROD_SES_FROM_EMAIL=no-reply@juntekim.com
 PROD_STRIPE_REDIRECT_URI=https://stripe-to-invoice.dev.juntekim.com/api/stripe/callback
+PROD_STRIPE_WEBHOOK_SECRET=whsec_e6e760a5abf0cde5b31a005f754172a445ff1d710b4ee58c79f87ff7344ff08d
 PROD_XERO_CLIENT_ID=4C24EEA5583046519AD39B3905ED2BD3
 PROD_XERO_SECRET_KEY=PAYDhzqMLvNtPrN5vDC7iwtXkgu99yG8Gbu86IlrdHH8hGjA
 PROD_XERO_REDIRECT_URI=https://stripe-to-invoice.juntekim.com/api/xero/callback
diff --git a/stripe_to_invoice/deployment/secrets/stripe-secrets.yaml b/stripe_to_invoice/deployment/secrets/stripe-secrets.yaml
index b9a0539..d213c85 100644
--- a/stripe_to_invoice/deployment/secrets/stripe-secrets.yaml
+++ b/stripe_to_invoice/deployment/secrets/stripe-secrets.yaml
@@ -16,3 +16,4 @@ stringData:
   XERO_CLIENT_ID: ${XERO_CLIENT_ID}
   XERO_CLIENT_SECRET: ${XERO_CLIENT_SECRET}
   XERO_REDIRECT_URI: ${XERO_REDIRECT_URI}
+  STRIPE_WEBHOOK_SECRET: ${STRIPE_WEBHOOK_SECRET}