chore: import upstream snapshot with attribution
CI / Migrate Dev DB (push) Has been skipped
CI / Detect Version (push) Has been cancelled
CI / Migrate DB (push) Has been cancelled
CI / Build Dev ECR (./docker/app.Dockerfile, ECR_APP) (push) Has been cancelled
CI / Build Dev ECR (./docker/db.Dockerfile, ECR_MIGRATIONS) (push) Has been cancelled
CI / Build Dev ECR (./docker/pii.Dockerfile, ECR_PII) (push) Has been cancelled
CI / Build Dev ECR (./docker/realtime.Dockerfile, ECR_REALTIME) (push) Has been cancelled
CI / Deploy Trigger.dev (Dev) (push) Has been cancelled
CI / Build AMD64 (./docker/app.Dockerfile, ECR_APP, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build AMD64 (./docker/db.Dockerfile, ECR_MIGRATIONS, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build AMD64 (./docker/pii.Dockerfile, ECR_PII, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build AMD64 (./docker/realtime.Dockerfile, ECR_REALTIME, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/app.Dockerfile, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/db.Dockerfile, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/pii.Dockerfile, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/realtime.Dockerfile, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Check Docs Changes (push) Has been cancelled
CI / Process Docs (push) Has been cancelled
CI / Create GitHub Release (push) Has been cancelled
CI / Test and Build (push) Has been cancelled
Publish CLI Package / publish-npm (push) Has been cancelled
Publish Python SDK / publish-pypi (push) Has been cancelled
Publish TypeScript SDK / publish-npm (push) Has been cancelled
CI / Migrate Dev DB (push) Has been skipped
CI / Detect Version (push) Has been cancelled
CI / Migrate DB (push) Has been cancelled
CI / Build Dev ECR (./docker/app.Dockerfile, ECR_APP) (push) Has been cancelled
CI / Build Dev ECR (./docker/db.Dockerfile, ECR_MIGRATIONS) (push) Has been cancelled
CI / Build Dev ECR (./docker/pii.Dockerfile, ECR_PII) (push) Has been cancelled
CI / Build Dev ECR (./docker/realtime.Dockerfile, ECR_REALTIME) (push) Has been cancelled
CI / Deploy Trigger.dev (Dev) (push) Has been cancelled
CI / Build AMD64 (./docker/app.Dockerfile, ECR_APP, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build AMD64 (./docker/db.Dockerfile, ECR_MIGRATIONS, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build AMD64 (./docker/pii.Dockerfile, ECR_PII, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build AMD64 (./docker/realtime.Dockerfile, ECR_REALTIME, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/app.Dockerfile, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/db.Dockerfile, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/pii.Dockerfile, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/realtime.Dockerfile, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Check Docs Changes (push) Has been cancelled
CI / Process Docs (push) Has been cancelled
CI / Create GitHub Release (push) Has been cancelled
CI / Test and Build (push) Has been cancelled
Publish CLI Package / publish-npm (push) Has been cancelled
Publish Python SDK / publish-pypi (push) Has been cancelled
Publish TypeScript SDK / publish-npm (push) Has been cancelled
This commit is contained in:
@@ -0,0 +1,953 @@
|
||||
/**
|
||||
* Integration tests for webhook trigger API route
|
||||
*
|
||||
* @vitest-environment node
|
||||
*/
|
||||
import {
|
||||
createMockRequest,
|
||||
encryptionMock,
|
||||
executionPreprocessingMock,
|
||||
executionPreprocessingMockFns,
|
||||
loggingSessionMock,
|
||||
workflowsPersistenceUtilsMock,
|
||||
workflowsPersistenceUtilsMockFns,
|
||||
workflowsUtilsMock,
|
||||
} from '@sim/testing'
|
||||
import { beforeEach, describe, expect, it, vi } from 'vitest'
|
||||
|
||||
vi.mock('@/lib/core/security/encryption', () => encryptionMock)
|
||||
|
||||
vi.mock('@/lib/logs/execution/trace-spans/trace-spans', () => ({
|
||||
buildTraceSpans: vi.fn().mockReturnValue({ traceSpans: [], totalDuration: 100 }),
|
||||
}))
|
||||
|
||||
vi.mock('@/lib/workflows/utils', () => workflowsUtilsMock)
|
||||
|
||||
vi.mock('@/serializer', () => ({
|
||||
Serializer: vi.fn().mockImplementation(() => ({
|
||||
serializeWorkflow: vi.fn().mockReturnValue({
|
||||
version: '1.0',
|
||||
blocks: [
|
||||
{
|
||||
id: 'starter-id',
|
||||
metadata: { id: 'starter', name: 'Start' },
|
||||
config: {},
|
||||
inputs: {},
|
||||
outputs: {},
|
||||
position: { x: 100, y: 100 },
|
||||
enabled: true,
|
||||
},
|
||||
{
|
||||
id: 'agent-id',
|
||||
metadata: { id: 'agent', name: 'Agent 1' },
|
||||
config: {},
|
||||
inputs: {},
|
||||
outputs: {},
|
||||
position: { x: 634, y: -167 },
|
||||
enabled: true,
|
||||
},
|
||||
],
|
||||
edges: [
|
||||
{
|
||||
id: 'edge-1',
|
||||
source: 'starter-id',
|
||||
target: 'agent-id',
|
||||
sourceHandle: 'source',
|
||||
targetHandle: 'target',
|
||||
},
|
||||
],
|
||||
loops: {},
|
||||
parallels: {},
|
||||
}),
|
||||
})),
|
||||
}))
|
||||
|
||||
/**
|
||||
* Test data store - isolated per test via beforeEach reset
|
||||
* This replaces the global mutable state pattern with local test data
|
||||
*/
|
||||
const testData = {
|
||||
webhooks: [] as Array<{
|
||||
id: string
|
||||
provider: string
|
||||
path: string
|
||||
isActive: boolean
|
||||
providerConfig?: Record<string, unknown>
|
||||
workflowId: string
|
||||
rateLimitCount?: number
|
||||
rateLimitPeriod?: number
|
||||
}>,
|
||||
workflows: [] as Array<{
|
||||
id: string
|
||||
userId: string
|
||||
workspaceId?: string
|
||||
}>,
|
||||
}
|
||||
|
||||
const {
|
||||
generateRequestHashMock,
|
||||
validateSlackSignatureMock,
|
||||
handleWhatsAppVerificationMock,
|
||||
handleSlackChallengeMock,
|
||||
processWhatsAppDeduplicationMock,
|
||||
processGenericDeduplicationMock,
|
||||
processWebhookMock,
|
||||
executeMock,
|
||||
getWorkspaceBilledAccountUserIdMock,
|
||||
queueWebhookExecutionMock,
|
||||
dispatchResolvedWebhookTargetMock,
|
||||
isWorkspaceApiExecutionEntitledMock,
|
||||
} = vi.hoisted(() => ({
|
||||
generateRequestHashMock: vi.fn().mockResolvedValue('test-hash-123'),
|
||||
validateSlackSignatureMock: vi.fn().mockResolvedValue(true),
|
||||
handleWhatsAppVerificationMock: vi.fn().mockResolvedValue(null),
|
||||
handleSlackChallengeMock: vi.fn().mockReturnValue(null),
|
||||
processWhatsAppDeduplicationMock: vi.fn().mockResolvedValue(null),
|
||||
processGenericDeduplicationMock: vi.fn().mockResolvedValue(null),
|
||||
processWebhookMock: vi.fn().mockResolvedValue(new Response('Webhook processed', { status: 200 })),
|
||||
executeMock: vi.fn().mockResolvedValue({
|
||||
success: true,
|
||||
output: { response: 'Webhook execution success' },
|
||||
logs: [],
|
||||
metadata: {
|
||||
duration: 100,
|
||||
startTime: new Date().toISOString(),
|
||||
endTime: new Date().toISOString(),
|
||||
},
|
||||
}),
|
||||
getWorkspaceBilledAccountUserIdMock: vi
|
||||
.fn()
|
||||
.mockImplementation(async (workspaceId: string | null | undefined) =>
|
||||
workspaceId ? 'test-user-id' : null
|
||||
),
|
||||
queueWebhookExecutionMock: vi.fn().mockImplementation(async () => {
|
||||
const { NextResponse } = await import('next/server')
|
||||
return NextResponse.json({ message: 'Webhook processed' })
|
||||
}),
|
||||
dispatchResolvedWebhookTargetMock: vi.fn(),
|
||||
isWorkspaceApiExecutionEntitledMock: vi.fn().mockResolvedValue(true),
|
||||
}))
|
||||
|
||||
vi.mock('@/lib/billing/core/api-access', () => ({
|
||||
API_EXECUTION_REQUIRES_PAID_PLAN_MESSAGE: 'paid plan required',
|
||||
isWorkspaceApiExecutionEntitled: isWorkspaceApiExecutionEntitledMock,
|
||||
}))
|
||||
|
||||
vi.mock('@trigger.dev/sdk', () => ({
|
||||
tasks: {
|
||||
trigger: vi.fn().mockResolvedValue({ id: 'mock-task-id' }),
|
||||
},
|
||||
task: vi.fn().mockReturnValue({}),
|
||||
}))
|
||||
|
||||
vi.mock('@/background/webhook-execution', () => ({
|
||||
executeWebhookJob: vi.fn().mockResolvedValue({
|
||||
success: true,
|
||||
workflowId: 'test-workflow-id',
|
||||
executionId: 'test-exec-id',
|
||||
output: {},
|
||||
executedAt: new Date().toISOString(),
|
||||
}),
|
||||
}))
|
||||
|
||||
vi.mock('@/background/logs-webhook-delivery', () => ({
|
||||
logsWebhookDelivery: {},
|
||||
}))
|
||||
|
||||
vi.mock('@/lib/webhooks/utils', () => ({
|
||||
handleWhatsAppVerification: handleWhatsAppVerificationMock,
|
||||
handleSlackChallenge: handleSlackChallengeMock,
|
||||
processWhatsAppDeduplication: processWhatsAppDeduplicationMock,
|
||||
processGenericDeduplication: processGenericDeduplicationMock,
|
||||
processWebhook: processWebhookMock,
|
||||
}))
|
||||
|
||||
vi.mock('@/app/api/webhooks/utils', () => ({
|
||||
generateRequestHash: generateRequestHashMock,
|
||||
validateSlackSignature: validateSlackSignatureMock,
|
||||
}))
|
||||
|
||||
vi.mock('@/executor', () => ({
|
||||
Executor: vi.fn().mockImplementation(() => ({
|
||||
execute: executeMock,
|
||||
})),
|
||||
}))
|
||||
|
||||
vi.mock('@/lib/execution/preprocessing', () => executionPreprocessingMock)
|
||||
|
||||
vi.mock('@/lib/logs/execution/logging-session', () => loggingSessionMock)
|
||||
|
||||
vi.mock('@/lib/workspaces/utils', () => ({
|
||||
getWorkspaceBillingSettings: vi.fn().mockResolvedValue(null),
|
||||
getWorkspaceBilledAccountUserId: getWorkspaceBilledAccountUserIdMock,
|
||||
}))
|
||||
|
||||
vi.mock('@/lib/core/rate-limiter', () => ({
|
||||
RateLimiter: vi.fn().mockImplementation(() => ({
|
||||
checkRateLimit: vi.fn().mockResolvedValue({
|
||||
allowed: true,
|
||||
remaining: 10,
|
||||
resetAt: new Date(),
|
||||
}),
|
||||
})),
|
||||
RateLimitError: class RateLimitError extends Error {
|
||||
constructor(
|
||||
message: string,
|
||||
public statusCode = 429
|
||||
) {
|
||||
super(message)
|
||||
this.name = 'RateLimitError'
|
||||
}
|
||||
},
|
||||
}))
|
||||
|
||||
vi.mock('@/lib/workflows/persistence/utils', () => workflowsPersistenceUtilsMock)
|
||||
|
||||
vi.mock('@/lib/webhooks/processor', () => ({
|
||||
findAllWebhooksForPath: vi.fn().mockImplementation(async (options: { path: string }) => {
|
||||
// Filter webhooks by path from testData
|
||||
const matchingWebhooks = testData.webhooks.filter(
|
||||
(wh) => wh.path === options.path && wh.isActive
|
||||
)
|
||||
|
||||
if (matchingWebhooks.length === 0) {
|
||||
return []
|
||||
}
|
||||
|
||||
// Return array of {webhook, workflow} objects
|
||||
return matchingWebhooks.map((wh) => {
|
||||
const matchingWorkflow = testData.workflows.find((w) => w.id === wh.workflowId) || {
|
||||
id: wh.workflowId || 'test-workflow-id',
|
||||
userId: 'test-user-id',
|
||||
workspaceId: 'test-workspace-id',
|
||||
}
|
||||
return {
|
||||
webhook: wh,
|
||||
workflow: matchingWorkflow,
|
||||
}
|
||||
})
|
||||
}),
|
||||
parseWebhookBody: vi.fn().mockImplementation(async (request: any) => {
|
||||
try {
|
||||
const cloned = request.clone()
|
||||
const rawBody = await cloned.text()
|
||||
const body = rawBody ? JSON.parse(rawBody) : {}
|
||||
return { body, rawBody }
|
||||
} catch {
|
||||
return { body: {}, rawBody: '' }
|
||||
}
|
||||
}),
|
||||
handleProviderChallenges: vi.fn().mockResolvedValue(null),
|
||||
handlePreLookupWebhookVerification: vi
|
||||
.fn()
|
||||
.mockImplementation(
|
||||
async (
|
||||
method: string,
|
||||
body: Record<string, unknown> | undefined,
|
||||
_requestId: string,
|
||||
path: string
|
||||
) => {
|
||||
if (path !== 'pending-verification-path') {
|
||||
return null
|
||||
}
|
||||
|
||||
const isVerificationProbe =
|
||||
method === 'GET' ||
|
||||
method === 'HEAD' ||
|
||||
(method === 'POST' && (!body || Object.keys(body).length === 0 || !body.type))
|
||||
|
||||
if (!isVerificationProbe) {
|
||||
return null
|
||||
}
|
||||
|
||||
const { NextResponse } = require('next/server')
|
||||
return NextResponse.json({ status: 'ok', message: 'Webhook endpoint verified' })
|
||||
}
|
||||
),
|
||||
handleProviderReachabilityTest: vi.fn().mockReturnValue(null),
|
||||
dispatchResolvedWebhookTarget: dispatchResolvedWebhookTargetMock.mockImplementation(
|
||||
async (
|
||||
foundWebhook: unknown,
|
||||
foundWorkflow: unknown,
|
||||
body: unknown,
|
||||
request: unknown,
|
||||
options: unknown
|
||||
) => ({
|
||||
outcome: 'queued',
|
||||
reason: 'queued',
|
||||
response: await queueWebhookExecutionMock(
|
||||
foundWebhook,
|
||||
foundWorkflow,
|
||||
body,
|
||||
request,
|
||||
options
|
||||
),
|
||||
})
|
||||
),
|
||||
verifyProviderAuth: vi
|
||||
.fn()
|
||||
.mockImplementation(
|
||||
async (
|
||||
foundWebhook: any,
|
||||
_foundWorkflow: any,
|
||||
request: any,
|
||||
_rawBody: string,
|
||||
_requestId: string
|
||||
) => {
|
||||
// Implement generic webhook auth verification for tests
|
||||
if (foundWebhook.provider === 'generic') {
|
||||
const providerConfig = foundWebhook.providerConfig || {}
|
||||
if (providerConfig.requireAuth) {
|
||||
const configToken = providerConfig.token
|
||||
const secretHeaderName = providerConfig.secretHeaderName
|
||||
|
||||
if (configToken) {
|
||||
let isTokenValid = false
|
||||
|
||||
if (secretHeaderName) {
|
||||
// Custom header auth
|
||||
const headerValue = request.headers.get(secretHeaderName.toLowerCase())
|
||||
if (headerValue === configToken) {
|
||||
isTokenValid = true
|
||||
}
|
||||
} else {
|
||||
// Bearer token auth
|
||||
const authHeader = request.headers.get('authorization')
|
||||
if (authHeader?.toLowerCase().startsWith('bearer ')) {
|
||||
const token = authHeader.substring(7)
|
||||
if (token === configToken) {
|
||||
isTokenValid = true
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (!isTokenValid) {
|
||||
const { NextResponse } = await import('next/server')
|
||||
return new NextResponse('Unauthorized - Invalid authentication token', {
|
||||
status: 401,
|
||||
})
|
||||
}
|
||||
} else {
|
||||
// Auth required but no token configured
|
||||
const { NextResponse } = await import('next/server')
|
||||
return new NextResponse('Unauthorized - Authentication required but not configured', {
|
||||
status: 401,
|
||||
})
|
||||
}
|
||||
}
|
||||
}
|
||||
return null
|
||||
}
|
||||
),
|
||||
checkWebhookPreprocessing: vi.fn().mockResolvedValue({
|
||||
error: null,
|
||||
actorUserId: 'test-user-id',
|
||||
executionId: 'preprocess-execution-id',
|
||||
correlation: {
|
||||
executionId: 'preprocess-execution-id',
|
||||
requestId: 'mock-request-id',
|
||||
source: 'webhook',
|
||||
workflowId: 'test-workflow-id',
|
||||
webhookId: 'generic-webhook-id',
|
||||
path: 'test-path',
|
||||
provider: 'generic',
|
||||
triggerType: 'webhook',
|
||||
},
|
||||
}),
|
||||
formatProviderErrorResponse: vi.fn().mockImplementation((_webhook, error, status) => {
|
||||
const { NextResponse } = require('next/server')
|
||||
return NextResponse.json({ error }, { status })
|
||||
}),
|
||||
shouldSkipWebhookEvent: vi.fn().mockReturnValue(false),
|
||||
handlePreDeploymentVerification: vi.fn().mockReturnValue(null),
|
||||
}))
|
||||
|
||||
vi.mock('drizzle-orm/postgres-js', () => ({
|
||||
drizzle: vi.fn().mockReturnValue({}),
|
||||
}))
|
||||
|
||||
vi.mock('postgres', () => vi.fn().mockReturnValue({}))
|
||||
|
||||
process.env.DATABASE_URL = 'postgresql://test:test@localhost:5432/test'
|
||||
|
||||
import { GET, POST } from '@/app/api/webhooks/trigger/[path]/route'
|
||||
|
||||
describe('Webhook Trigger API Route', () => {
|
||||
beforeEach(() => {
|
||||
vi.clearAllMocks()
|
||||
|
||||
// Reset test data arrays
|
||||
testData.webhooks.length = 0
|
||||
testData.workflows.length = 0
|
||||
|
||||
executionPreprocessingMockFns.mockPreprocessExecution.mockResolvedValue({
|
||||
success: true,
|
||||
actorUserId: 'test-user-id',
|
||||
workflowRecord: {
|
||||
id: 'test-workflow-id',
|
||||
userId: 'test-user-id',
|
||||
isDeployed: true,
|
||||
workspaceId: 'test-workspace-id',
|
||||
},
|
||||
userSubscription: {
|
||||
plan: 'pro',
|
||||
status: 'active',
|
||||
},
|
||||
rateLimitInfo: {
|
||||
allowed: true,
|
||||
remaining: 100,
|
||||
resetAt: new Date(),
|
||||
},
|
||||
})
|
||||
|
||||
workflowsPersistenceUtilsMockFns.mockLoadWorkflowFromNormalizedTables.mockResolvedValue({
|
||||
blocks: {},
|
||||
edges: [],
|
||||
loops: {},
|
||||
parallels: {},
|
||||
isFromNormalizedTables: true,
|
||||
})
|
||||
workflowsPersistenceUtilsMockFns.mockBlockExistsInDeployment.mockResolvedValue(true)
|
||||
isWorkspaceApiExecutionEntitledMock.mockResolvedValue(true)
|
||||
|
||||
// Set up default workflow for tests
|
||||
testData.workflows.push({
|
||||
id: 'test-workflow-id',
|
||||
userId: 'test-user-id',
|
||||
workspaceId: 'test-workspace-id',
|
||||
})
|
||||
|
||||
handleWhatsAppVerificationMock.mockResolvedValue(null)
|
||||
processGenericDeduplicationMock.mockResolvedValue(null)
|
||||
processWebhookMock.mockResolvedValue(new Response('Webhook processed', { status: 200 }))
|
||||
})
|
||||
|
||||
it('should handle 404 for non-existent webhooks', async () => {
|
||||
const req = createMockRequest('POST', { type: 'event.test' })
|
||||
|
||||
const params = Promise.resolve({ path: 'non-existent-path' })
|
||||
|
||||
const response = await POST(req as any, { params })
|
||||
|
||||
expect(response.status).toBe(404)
|
||||
|
||||
const text = await response.text()
|
||||
expect(text).toMatch(/not found/i)
|
||||
})
|
||||
|
||||
it('should return 405 for GET requests on unknown webhook paths', async () => {
|
||||
const req = createMockRequest(
|
||||
'GET',
|
||||
undefined,
|
||||
{},
|
||||
'http://localhost:3000/api/webhooks/trigger/non-existent-path'
|
||||
)
|
||||
|
||||
const params = Promise.resolve({ path: 'non-existent-path' })
|
||||
|
||||
const response = await GET(req as any, { params })
|
||||
|
||||
expect(response.status).toBe(405)
|
||||
})
|
||||
|
||||
it('should return 200 for GET verification probes on registered pending paths', async () => {
|
||||
const req = createMockRequest(
|
||||
'GET',
|
||||
undefined,
|
||||
{},
|
||||
'http://localhost:3000/api/webhooks/trigger/pending-verification-path'
|
||||
)
|
||||
|
||||
const params = Promise.resolve({ path: 'pending-verification-path' })
|
||||
|
||||
const response = await GET(req as any, { params })
|
||||
|
||||
expect(response.status).toBe(200)
|
||||
await expect(response.json()).resolves.toMatchObject({
|
||||
status: 'ok',
|
||||
message: 'Webhook endpoint verified',
|
||||
})
|
||||
})
|
||||
|
||||
it('should return 200 for empty POST verification probes on registered pending paths', async () => {
|
||||
const req = createMockRequest(
|
||||
'POST',
|
||||
undefined,
|
||||
{},
|
||||
'http://localhost:3000/api/webhooks/trigger/pending-verification-path'
|
||||
)
|
||||
|
||||
const params = Promise.resolve({ path: 'pending-verification-path' })
|
||||
|
||||
const response = await POST(req as any, { params })
|
||||
|
||||
expect(response.status).toBe(200)
|
||||
await expect(response.json()).resolves.toMatchObject({
|
||||
status: 'ok',
|
||||
message: 'Webhook endpoint verified',
|
||||
})
|
||||
})
|
||||
|
||||
it('should return 404 for POST requests without type on unknown webhook paths', async () => {
|
||||
const req = createMockRequest('POST', { event: 'test' })
|
||||
|
||||
const params = Promise.resolve({ path: 'non-existent-path' })
|
||||
|
||||
const response = await POST(req as any, { params })
|
||||
|
||||
expect(response.status).toBe(404)
|
||||
|
||||
const text = await response.text()
|
||||
expect(text).toMatch(/not found/i)
|
||||
})
|
||||
|
||||
describe('Non-path trigger providers', () => {
|
||||
it.each(['sim', 'table', 'tiktok'])(
|
||||
'rejects HTTP deliveries to %s trigger paths with 404',
|
||||
async (provider) => {
|
||||
testData.webhooks.push({
|
||||
id: `${provider}-webhook-id`,
|
||||
provider,
|
||||
path: 'internal-path',
|
||||
isActive: true,
|
||||
providerConfig: { eventType: 'execution_error' },
|
||||
workflowId: 'test-workflow-id',
|
||||
})
|
||||
|
||||
const req = createMockRequest('POST', { event: 'execution_error', forged: true })
|
||||
const params = Promise.resolve({ path: 'internal-path' })
|
||||
|
||||
const response = await POST(req as any, { params })
|
||||
|
||||
expect(response.status).toBe(404)
|
||||
expect(queueWebhookExecutionMock).not.toHaveBeenCalled()
|
||||
}
|
||||
)
|
||||
|
||||
it('does not affect normal provider paths', async () => {
|
||||
testData.webhooks.push({
|
||||
id: 'generic-webhook-id',
|
||||
provider: 'generic',
|
||||
path: 'normal-path',
|
||||
isActive: true,
|
||||
providerConfig: { requireAuth: false },
|
||||
workflowId: 'test-workflow-id',
|
||||
})
|
||||
|
||||
const req = createMockRequest('POST', { event: 'test' })
|
||||
const params = Promise.resolve({ path: 'normal-path' })
|
||||
|
||||
const response = await POST(req as any, { params })
|
||||
|
||||
expect(response.status).toBe(200)
|
||||
expect(queueWebhookExecutionMock).toHaveBeenCalledOnce()
|
||||
})
|
||||
})
|
||||
|
||||
describe('Generic Webhook Authentication', () => {
|
||||
it('passes request context into shared webhook dispatch', async () => {
|
||||
testData.webhooks.push({
|
||||
id: 'generic-webhook-id',
|
||||
provider: 'generic',
|
||||
path: 'test-path',
|
||||
isActive: true,
|
||||
providerConfig: { requireAuth: false },
|
||||
workflowId: 'test-workflow-id',
|
||||
})
|
||||
|
||||
const req = createMockRequest('POST', { event: 'test', id: 'test-123' })
|
||||
const params = Promise.resolve({ path: 'test-path' })
|
||||
|
||||
const response = await POST(req as any, { params })
|
||||
|
||||
expect(response.status).toBe(200)
|
||||
expect(queueWebhookExecutionMock).toHaveBeenCalledOnce()
|
||||
const call = dispatchResolvedWebhookTargetMock.mock.calls[0]
|
||||
expect(call[0]).toEqual(expect.objectContaining({ id: 'generic-webhook-id' }))
|
||||
expect(call[1]).toEqual(expect.objectContaining({ id: 'test-workflow-id' }))
|
||||
expect(call[2]).toEqual(expect.objectContaining({ event: 'test', id: 'test-123' }))
|
||||
expect(call[4]).toEqual(
|
||||
expect.objectContaining({
|
||||
requestId: 'mock-request-id',
|
||||
path: 'test-path',
|
||||
})
|
||||
)
|
||||
})
|
||||
|
||||
it('should process generic webhook without authentication', async () => {
|
||||
testData.webhooks.push({
|
||||
id: 'generic-webhook-id',
|
||||
provider: 'generic',
|
||||
path: 'test-path',
|
||||
isActive: true,
|
||||
providerConfig: { requireAuth: false },
|
||||
workflowId: 'test-workflow-id',
|
||||
rateLimitCount: 100,
|
||||
rateLimitPeriod: 60,
|
||||
})
|
||||
testData.workflows.push({
|
||||
id: 'test-workflow-id',
|
||||
userId: 'test-user-id',
|
||||
workspaceId: 'test-workspace-id',
|
||||
})
|
||||
|
||||
const req = createMockRequest('POST', { event: 'test', id: 'test-123' })
|
||||
const params = Promise.resolve({ path: 'test-path' })
|
||||
|
||||
const response = await POST(req as any, { params })
|
||||
|
||||
expect(response.status).toBe(200)
|
||||
|
||||
const data = await response.json()
|
||||
expect(data.message).toBe('Webhook processed')
|
||||
})
|
||||
|
||||
it('blocks a generic webhook when the workspace is on the free plan', async () => {
|
||||
testData.webhooks.push({
|
||||
id: 'generic-webhook-id',
|
||||
provider: 'generic',
|
||||
path: 'test-path',
|
||||
isActive: true,
|
||||
providerConfig: { requireAuth: false },
|
||||
workflowId: 'test-workflow-id',
|
||||
rateLimitCount: 100,
|
||||
rateLimitPeriod: 60,
|
||||
})
|
||||
testData.workflows.push({
|
||||
id: 'test-workflow-id',
|
||||
userId: 'test-user-id',
|
||||
workspaceId: 'test-workspace-id',
|
||||
})
|
||||
isWorkspaceApiExecutionEntitledMock.mockResolvedValueOnce(false)
|
||||
|
||||
const req = createMockRequest('POST', { event: 'test', id: 'test-123' })
|
||||
const params = Promise.resolve({ path: 'test-path' })
|
||||
|
||||
const response = await POST(req as any, { params })
|
||||
|
||||
expect(response.status).toBe(402)
|
||||
})
|
||||
|
||||
it('returns 402 (not 500) when every webhook in a shared path is generic and free', async () => {
|
||||
testData.webhooks.push(
|
||||
{
|
||||
id: 'generic-webhook-a',
|
||||
provider: 'generic',
|
||||
path: 'test-path',
|
||||
isActive: true,
|
||||
providerConfig: { requireAuth: false },
|
||||
workflowId: 'test-workflow-id',
|
||||
rateLimitCount: 100,
|
||||
rateLimitPeriod: 60,
|
||||
},
|
||||
{
|
||||
id: 'generic-webhook-b',
|
||||
provider: 'generic',
|
||||
path: 'test-path',
|
||||
isActive: true,
|
||||
providerConfig: { requireAuth: false },
|
||||
workflowId: 'test-workflow-id',
|
||||
rateLimitCount: 100,
|
||||
rateLimitPeriod: 60,
|
||||
}
|
||||
)
|
||||
testData.workflows.push({
|
||||
id: 'test-workflow-id',
|
||||
userId: 'test-user-id',
|
||||
workspaceId: 'test-workspace-id',
|
||||
})
|
||||
isWorkspaceApiExecutionEntitledMock.mockResolvedValue(false)
|
||||
|
||||
const req = createMockRequest('POST', { event: 'test', id: 'test-123' })
|
||||
const params = Promise.resolve({ path: 'test-path' })
|
||||
|
||||
const response = await POST(req as any, { params })
|
||||
|
||||
expect(response.status).toBe(402)
|
||||
})
|
||||
|
||||
it('should authenticate with Bearer token when no custom header is configured', async () => {
|
||||
testData.webhooks.push({
|
||||
id: 'generic-webhook-id',
|
||||
provider: 'generic',
|
||||
path: 'test-path',
|
||||
isActive: true,
|
||||
providerConfig: { requireAuth: true, token: 'test-token-123' },
|
||||
workflowId: 'test-workflow-id',
|
||||
})
|
||||
testData.workflows.push({
|
||||
id: 'test-workflow-id',
|
||||
userId: 'test-user-id',
|
||||
workspaceId: 'test-workspace-id',
|
||||
})
|
||||
|
||||
const headers = {
|
||||
'Content-Type': 'application/json',
|
||||
Authorization: 'Bearer test-token-123',
|
||||
}
|
||||
const req = createMockRequest('POST', { event: 'bearer.test' }, headers)
|
||||
const params = Promise.resolve({ path: 'test-path' })
|
||||
|
||||
const response = await POST(req as any, { params })
|
||||
|
||||
expect(response.status).toBe(200)
|
||||
})
|
||||
|
||||
it('should authenticate with custom header when configured', async () => {
|
||||
testData.webhooks.push({
|
||||
id: 'generic-webhook-id',
|
||||
provider: 'generic',
|
||||
path: 'test-path',
|
||||
isActive: true,
|
||||
providerConfig: {
|
||||
requireAuth: true,
|
||||
token: 'secret-token-456',
|
||||
secretHeaderName: 'X-Custom-Auth',
|
||||
},
|
||||
workflowId: 'test-workflow-id',
|
||||
})
|
||||
testData.workflows.push({
|
||||
id: 'test-workflow-id',
|
||||
userId: 'test-user-id',
|
||||
workspaceId: 'test-workspace-id',
|
||||
})
|
||||
|
||||
const headers = {
|
||||
'Content-Type': 'application/json',
|
||||
'X-Custom-Auth': 'secret-token-456',
|
||||
}
|
||||
const req = createMockRequest('POST', { event: 'custom.header.test' }, headers)
|
||||
const params = Promise.resolve({ path: 'test-path' })
|
||||
|
||||
const response = await POST(req as any, { params })
|
||||
|
||||
expect(response.status).toBe(200)
|
||||
})
|
||||
|
||||
it('should handle case insensitive Bearer token authentication', async () => {
|
||||
testData.webhooks.push({
|
||||
id: 'generic-webhook-id',
|
||||
provider: 'generic',
|
||||
path: 'test-path',
|
||||
isActive: true,
|
||||
providerConfig: { requireAuth: true, token: 'case-test-token' },
|
||||
workflowId: 'test-workflow-id',
|
||||
})
|
||||
testData.workflows.push({
|
||||
id: 'test-workflow-id',
|
||||
userId: 'test-user-id',
|
||||
workspaceId: 'test-workspace-id',
|
||||
})
|
||||
|
||||
const testCases = [
|
||||
'Bearer case-test-token',
|
||||
'bearer case-test-token',
|
||||
'BEARER case-test-token',
|
||||
'BeArEr case-test-token',
|
||||
]
|
||||
|
||||
for (const authHeader of testCases) {
|
||||
const headers = {
|
||||
'Content-Type': 'application/json',
|
||||
Authorization: authHeader,
|
||||
}
|
||||
const req = createMockRequest('POST', { event: 'case.test' }, headers)
|
||||
const params = Promise.resolve({ path: 'test-path' })
|
||||
|
||||
const response = await POST(req as any, { params })
|
||||
|
||||
expect(response.status).toBe(200)
|
||||
}
|
||||
})
|
||||
|
||||
it('should handle case insensitive custom header authentication', async () => {
|
||||
testData.webhooks.push({
|
||||
id: 'generic-webhook-id',
|
||||
provider: 'generic',
|
||||
path: 'test-path',
|
||||
isActive: true,
|
||||
providerConfig: {
|
||||
requireAuth: true,
|
||||
token: 'custom-token-789',
|
||||
secretHeaderName: 'X-Secret-Key',
|
||||
},
|
||||
workflowId: 'test-workflow-id',
|
||||
})
|
||||
testData.workflows.push({
|
||||
id: 'test-workflow-id',
|
||||
userId: 'test-user-id',
|
||||
workspaceId: 'test-workspace-id',
|
||||
})
|
||||
|
||||
const testCases = ['X-Secret-Key', 'x-secret-key', 'X-SECRET-KEY', 'x-Secret-Key']
|
||||
|
||||
for (const headerName of testCases) {
|
||||
const headers = {
|
||||
'Content-Type': 'application/json',
|
||||
[headerName]: 'custom-token-789',
|
||||
}
|
||||
const req = createMockRequest('POST', { event: 'custom.case.test' }, headers)
|
||||
const params = Promise.resolve({ path: 'test-path' })
|
||||
|
||||
const response = await POST(req as any, { params })
|
||||
|
||||
expect(response.status).toBe(200)
|
||||
}
|
||||
})
|
||||
|
||||
it('should reject wrong Bearer token', async () => {
|
||||
testData.webhooks.push({
|
||||
id: 'generic-webhook-id',
|
||||
provider: 'generic',
|
||||
path: 'test-path',
|
||||
isActive: true,
|
||||
providerConfig: { requireAuth: true, token: 'correct-token' },
|
||||
workflowId: 'test-workflow-id',
|
||||
})
|
||||
|
||||
const headers = {
|
||||
'Content-Type': 'application/json',
|
||||
Authorization: 'Bearer wrong-token',
|
||||
}
|
||||
const req = createMockRequest('POST', { event: 'wrong.token.test' }, headers)
|
||||
const params = Promise.resolve({ path: 'test-path' })
|
||||
|
||||
const response = await POST(req as any, { params })
|
||||
|
||||
expect(response.status).toBe(401)
|
||||
expect(await response.text()).toContain('Unauthorized - Invalid authentication token')
|
||||
expect(processWebhookMock).not.toHaveBeenCalled()
|
||||
})
|
||||
|
||||
it('should reject wrong custom header token', async () => {
|
||||
testData.webhooks.push({
|
||||
id: 'generic-webhook-id',
|
||||
provider: 'generic',
|
||||
path: 'test-path',
|
||||
isActive: true,
|
||||
providerConfig: {
|
||||
requireAuth: true,
|
||||
token: 'correct-custom-token',
|
||||
secretHeaderName: 'X-Auth-Key',
|
||||
},
|
||||
workflowId: 'test-workflow-id',
|
||||
})
|
||||
|
||||
const headers = {
|
||||
'Content-Type': 'application/json',
|
||||
'X-Auth-Key': 'wrong-custom-token',
|
||||
}
|
||||
const req = createMockRequest('POST', { event: 'wrong.custom.test' }, headers)
|
||||
const params = Promise.resolve({ path: 'test-path' })
|
||||
|
||||
const response = await POST(req as any, { params })
|
||||
|
||||
expect(response.status).toBe(401)
|
||||
expect(await response.text()).toContain('Unauthorized - Invalid authentication token')
|
||||
expect(processWebhookMock).not.toHaveBeenCalled()
|
||||
})
|
||||
|
||||
it('should reject missing authentication when required', async () => {
|
||||
testData.webhooks.push({
|
||||
id: 'generic-webhook-id',
|
||||
provider: 'generic',
|
||||
path: 'test-path',
|
||||
isActive: true,
|
||||
providerConfig: { requireAuth: true, token: 'required-token' },
|
||||
workflowId: 'test-workflow-id',
|
||||
})
|
||||
|
||||
const req = createMockRequest('POST', { event: 'no.auth.test' })
|
||||
const params = Promise.resolve({ path: 'test-path' })
|
||||
|
||||
const response = await POST(req as any, { params })
|
||||
|
||||
expect(response.status).toBe(401)
|
||||
expect(await response.text()).toContain('Unauthorized - Invalid authentication token')
|
||||
expect(processWebhookMock).not.toHaveBeenCalled()
|
||||
})
|
||||
|
||||
it('should reject Bearer token when custom header is configured', async () => {
|
||||
testData.webhooks.push({
|
||||
id: 'generic-webhook-id',
|
||||
provider: 'generic',
|
||||
path: 'test-path',
|
||||
isActive: true,
|
||||
providerConfig: {
|
||||
requireAuth: true,
|
||||
token: 'exclusive-token',
|
||||
secretHeaderName: 'X-Only-Header',
|
||||
},
|
||||
workflowId: 'test-workflow-id',
|
||||
})
|
||||
|
||||
const headers = {
|
||||
'Content-Type': 'application/json',
|
||||
Authorization: 'Bearer exclusive-token',
|
||||
}
|
||||
const req = createMockRequest('POST', { event: 'exclusivity.test' }, headers)
|
||||
const params = Promise.resolve({ path: 'test-path' })
|
||||
|
||||
const response = await POST(req as any, { params })
|
||||
|
||||
expect(response.status).toBe(401)
|
||||
expect(await response.text()).toContain('Unauthorized - Invalid authentication token')
|
||||
expect(processWebhookMock).not.toHaveBeenCalled()
|
||||
})
|
||||
|
||||
it('should reject wrong custom header name', async () => {
|
||||
testData.webhooks.push({
|
||||
id: 'generic-webhook-id',
|
||||
provider: 'generic',
|
||||
path: 'test-path',
|
||||
isActive: true,
|
||||
providerConfig: {
|
||||
requireAuth: true,
|
||||
token: 'correct-token',
|
||||
secretHeaderName: 'X-Expected-Header',
|
||||
},
|
||||
workflowId: 'test-workflow-id',
|
||||
})
|
||||
|
||||
const headers = {
|
||||
'Content-Type': 'application/json',
|
||||
'X-Wrong-Header': 'correct-token',
|
||||
}
|
||||
const req = createMockRequest('POST', { event: 'wrong.header.name.test' }, headers)
|
||||
const params = Promise.resolve({ path: 'test-path' })
|
||||
|
||||
const response = await POST(req as any, { params })
|
||||
|
||||
expect(response.status).toBe(401)
|
||||
expect(await response.text()).toContain('Unauthorized - Invalid authentication token')
|
||||
expect(processWebhookMock).not.toHaveBeenCalled()
|
||||
})
|
||||
|
||||
it('should reject when auth is required but no token is configured', async () => {
|
||||
testData.webhooks.push({
|
||||
id: 'generic-webhook-id',
|
||||
provider: 'generic',
|
||||
path: 'test-path',
|
||||
isActive: true,
|
||||
providerConfig: { requireAuth: true },
|
||||
workflowId: 'test-workflow-id',
|
||||
})
|
||||
testData.workflows.push({ id: 'test-workflow-id', userId: 'test-user-id' })
|
||||
|
||||
const headers = {
|
||||
'Content-Type': 'application/json',
|
||||
Authorization: 'Bearer any-token',
|
||||
}
|
||||
const req = createMockRequest('POST', { event: 'no.token.config.test' }, headers)
|
||||
const params = Promise.resolve({ path: 'test-path' })
|
||||
|
||||
const response = await POST(req as any, { params })
|
||||
|
||||
expect(response.status).toBe(401)
|
||||
expect(await response.text()).toContain(
|
||||
'Unauthorized - Authentication required but not configured'
|
||||
)
|
||||
expect(processWebhookMock).not.toHaveBeenCalled()
|
||||
})
|
||||
})
|
||||
})
|
||||
@@ -0,0 +1,220 @@
|
||||
import { createLogger } from '@sim/logger'
|
||||
import { type NextRequest, NextResponse } from 'next/server'
|
||||
import { webhookTriggerGetContract, webhookTriggerPostContract } from '@/lib/api/contracts/webhooks'
|
||||
import { parseRequest } from '@/lib/api/server'
|
||||
import {
|
||||
API_EXECUTION_REQUIRES_PAID_PLAN_MESSAGE,
|
||||
isWorkspaceApiExecutionEntitled,
|
||||
} from '@/lib/billing/core/api-access'
|
||||
import { admissionRejectedResponse, tryAdmit } from '@/lib/core/admission/gate'
|
||||
import { generateRequestId } from '@/lib/core/utils/request'
|
||||
import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
|
||||
import {
|
||||
dispatchResolvedWebhookTarget,
|
||||
findAllWebhooksForPath,
|
||||
handlePreLookupWebhookVerification,
|
||||
handleProviderChallenges,
|
||||
handleProviderReachabilityTest,
|
||||
parseWebhookBody,
|
||||
verifyProviderAuth,
|
||||
} from '@/lib/webhooks/processor'
|
||||
import { acceptsPathWebhookDelivery } from '@/lib/webhooks/providers'
|
||||
import { isInternalTriggerProvider } from '@/triggers/constants'
|
||||
|
||||
const logger = createLogger('WebhookTriggerAPI')
|
||||
|
||||
export const dynamic = 'force-dynamic'
|
||||
export const runtime = 'nodejs'
|
||||
export const maxDuration = 60
|
||||
|
||||
export const GET = withRouteHandler(
|
||||
async (request: NextRequest, context: { params: Promise<{ path: string }> }) => {
|
||||
const requestId = generateRequestId()
|
||||
const parsed = await parseRequest(webhookTriggerGetContract, request, context)
|
||||
if (!parsed.success) return parsed.response
|
||||
const { path } = parsed.data.params
|
||||
|
||||
// Handle provider-specific GET verifications (Microsoft Graph, WhatsApp, etc.)
|
||||
const challengeResponse = await handleProviderChallenges({}, request, requestId, path)
|
||||
if (challengeResponse) {
|
||||
return challengeResponse
|
||||
}
|
||||
|
||||
return (
|
||||
(await handlePreLookupWebhookVerification(request.method, undefined, requestId, path)) ||
|
||||
new NextResponse('Method not allowed', { status: 405 })
|
||||
)
|
||||
}
|
||||
)
|
||||
|
||||
export const POST = withRouteHandler(
|
||||
async (request: NextRequest, context: { params: Promise<{ path: string }> }) => {
|
||||
const ticket = tryAdmit()
|
||||
if (!ticket) {
|
||||
return admissionRejectedResponse()
|
||||
}
|
||||
|
||||
try {
|
||||
return await handleWebhookPost(request, context)
|
||||
} finally {
|
||||
ticket.release()
|
||||
}
|
||||
}
|
||||
)
|
||||
|
||||
async function handleWebhookPost(
|
||||
request: NextRequest,
|
||||
context: { params: Promise<{ path: string }> }
|
||||
): Promise<NextResponse> {
|
||||
const receivedAt = Date.now()
|
||||
/**
|
||||
* Slack signs every interactive request with the originating interaction time.
|
||||
* Capturing it lets the executor surface the true trigger_id age (the window
|
||||
* that expires at 3s) instead of only the in-workflow block timings.
|
||||
*/
|
||||
const slackRequestTimestamp = request.headers.get('x-slack-request-timestamp')
|
||||
const triggerTimestampMs = slackRequestTimestamp
|
||||
? Number(slackRequestTimestamp) * 1000
|
||||
: undefined
|
||||
|
||||
const requestId = generateRequestId()
|
||||
const parsed = await parseRequest(webhookTriggerPostContract, request, context)
|
||||
if (!parsed.success) return parsed.response
|
||||
const { path } = parsed.data.params
|
||||
|
||||
const earlyChallenge = await handleProviderChallenges({}, request, requestId, path)
|
||||
if (earlyChallenge) {
|
||||
return earlyChallenge
|
||||
}
|
||||
|
||||
const parseResult = await parseWebhookBody(request, requestId)
|
||||
|
||||
// Check if parseWebhookBody returned an error response
|
||||
if (parseResult instanceof NextResponse) {
|
||||
return parseResult
|
||||
}
|
||||
|
||||
const { body, rawBody } = parseResult
|
||||
|
||||
const challengeResponse = await handleProviderChallenges(body, request, requestId, path, rawBody)
|
||||
if (challengeResponse) {
|
||||
return challengeResponse
|
||||
}
|
||||
|
||||
// Find all webhooks for this path (multiple webhooks in one workflow may share a path)
|
||||
const allWebhooksForPath = await findAllWebhooksForPath({ requestId, path })
|
||||
|
||||
/** Exclude in-process triggers and providers that own an app-level ingress route. */
|
||||
const webhooksForPath = allWebhooksForPath.filter(
|
||||
({ webhook: foundWebhook }) =>
|
||||
!isInternalTriggerProvider(foundWebhook.provider) &&
|
||||
acceptsPathWebhookDelivery(foundWebhook.provider)
|
||||
)
|
||||
|
||||
if (allWebhooksForPath.length > 0 && webhooksForPath.length === 0) {
|
||||
logger.warn(`[${requestId}] Rejected HTTP delivery to non-path trigger: ${path}`)
|
||||
return new NextResponse('Not Found', { status: 404 })
|
||||
}
|
||||
|
||||
if (webhooksForPath.length === 0) {
|
||||
const verificationResponse = await handlePreLookupWebhookVerification(
|
||||
request.method,
|
||||
body as Record<string, unknown> | undefined,
|
||||
requestId,
|
||||
path
|
||||
)
|
||||
if (verificationResponse) {
|
||||
return verificationResponse
|
||||
}
|
||||
|
||||
logger.warn(`[${requestId}] Webhook or workflow not found for path: ${path}`)
|
||||
return new NextResponse('Not Found', { status: 404 })
|
||||
}
|
||||
|
||||
// Process each webhook matched on this path
|
||||
const responses: NextResponse[] = []
|
||||
let billingBlocked = false
|
||||
|
||||
for (const { webhook: foundWebhook, workflow: foundWorkflow } of webhooksForPath) {
|
||||
// Generic ("custom") webhooks are an unauthenticated programmatic execution
|
||||
// surface, so they fall under the same paid-plan gate as the API. Provider
|
||||
// webhooks (slack, github, ...) are unaffected.
|
||||
if (
|
||||
foundWebhook.provider === 'generic' &&
|
||||
!(await isWorkspaceApiExecutionEntitled(foundWorkflow.workspaceId))
|
||||
) {
|
||||
logger.warn(`[${requestId}] Generic webhook blocked: workspace on free plan`)
|
||||
billingBlocked = true
|
||||
if (webhooksForPath.length > 1) continue
|
||||
return NextResponse.json({ error: API_EXECUTION_REQUIRES_PAID_PLAN_MESSAGE }, { status: 402 })
|
||||
}
|
||||
|
||||
const authError = await verifyProviderAuth(
|
||||
foundWebhook,
|
||||
foundWorkflow,
|
||||
request,
|
||||
rawBody,
|
||||
requestId
|
||||
)
|
||||
if (authError) {
|
||||
if (webhooksForPath.length > 1) {
|
||||
logger.warn(`[${requestId}] Auth failed for webhook ${foundWebhook.id}, continuing to next`)
|
||||
continue
|
||||
}
|
||||
return authError
|
||||
}
|
||||
|
||||
const reachabilityResponse = handleProviderReachabilityTest(foundWebhook, body, requestId)
|
||||
if (reachabilityResponse) {
|
||||
return reachabilityResponse
|
||||
}
|
||||
|
||||
const dispatchResult = await dispatchResolvedWebhookTarget(
|
||||
foundWebhook,
|
||||
foundWorkflow,
|
||||
body,
|
||||
request,
|
||||
{
|
||||
requestId,
|
||||
path,
|
||||
receivedAt,
|
||||
triggerTimestampMs: Number.isFinite(triggerTimestampMs) ? triggerTimestampMs : undefined,
|
||||
}
|
||||
)
|
||||
|
||||
if (dispatchResult.reason === 'filtered') {
|
||||
continue
|
||||
}
|
||||
|
||||
if (dispatchResult.outcome === 'failed' || dispatchResult.reason === 'block-missing') {
|
||||
if (webhooksForPath.length > 1) {
|
||||
logger.warn(
|
||||
`[${requestId}] Webhook dispatch failed for ${foundWebhook.id}, continuing to next`,
|
||||
{ reason: dispatchResult.reason, status: dispatchResult.response.status }
|
||||
)
|
||||
continue
|
||||
}
|
||||
return dispatchResult.response
|
||||
}
|
||||
|
||||
responses.push(dispatchResult.response)
|
||||
}
|
||||
|
||||
if (responses.length === 0) {
|
||||
if (billingBlocked) {
|
||||
return NextResponse.json({ error: API_EXECUTION_REQUIRES_PAID_PLAN_MESSAGE }, { status: 402 })
|
||||
}
|
||||
return new NextResponse('No webhooks processed successfully', { status: 500 })
|
||||
}
|
||||
|
||||
if (responses.length === 1) {
|
||||
return responses[0]
|
||||
}
|
||||
|
||||
// For multiple webhooks, return success if at least one succeeded
|
||||
logger.info(`[${requestId}] Processed ${responses.length} webhooks for path: ${path}`)
|
||||
return NextResponse.json({
|
||||
success: true,
|
||||
webhooksProcessed: responses.length,
|
||||
})
|
||||
}
|
||||
Reference in New Issue
Block a user