chore: import upstream snapshot with attribution
CI / Migrate Dev DB (push) Has been skipped
CI / Detect Version (push) Has been cancelled
CI / Migrate DB (push) Has been cancelled
CI / Build Dev ECR (./docker/app.Dockerfile, ECR_APP) (push) Has been cancelled
CI / Build Dev ECR (./docker/db.Dockerfile, ECR_MIGRATIONS) (push) Has been cancelled
CI / Build Dev ECR (./docker/pii.Dockerfile, ECR_PII) (push) Has been cancelled
CI / Build Dev ECR (./docker/realtime.Dockerfile, ECR_REALTIME) (push) Has been cancelled
CI / Deploy Trigger.dev (Dev) (push) Has been cancelled
CI / Build AMD64 (./docker/app.Dockerfile, ECR_APP, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build AMD64 (./docker/db.Dockerfile, ECR_MIGRATIONS, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build AMD64 (./docker/pii.Dockerfile, ECR_PII, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build AMD64 (./docker/realtime.Dockerfile, ECR_REALTIME, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/app.Dockerfile, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/db.Dockerfile, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/pii.Dockerfile, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/realtime.Dockerfile, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Check Docs Changes (push) Has been cancelled
CI / Process Docs (push) Has been cancelled
CI / Create GitHub Release (push) Has been cancelled
CI / Test and Build (push) Has been cancelled
Publish CLI Package / publish-npm (push) Has been cancelled
Publish Python SDK / publish-pypi (push) Has been cancelled
Publish TypeScript SDK / publish-npm (push) Has been cancelled
CI / Migrate Dev DB (push) Has been skipped
CI / Detect Version (push) Has been cancelled
CI / Migrate DB (push) Has been cancelled
CI / Build Dev ECR (./docker/app.Dockerfile, ECR_APP) (push) Has been cancelled
CI / Build Dev ECR (./docker/db.Dockerfile, ECR_MIGRATIONS) (push) Has been cancelled
CI / Build Dev ECR (./docker/pii.Dockerfile, ECR_PII) (push) Has been cancelled
CI / Build Dev ECR (./docker/realtime.Dockerfile, ECR_REALTIME) (push) Has been cancelled
CI / Deploy Trigger.dev (Dev) (push) Has been cancelled
CI / Build AMD64 (./docker/app.Dockerfile, ECR_APP, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build AMD64 (./docker/db.Dockerfile, ECR_MIGRATIONS, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build AMD64 (./docker/pii.Dockerfile, ECR_PII, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build AMD64 (./docker/realtime.Dockerfile, ECR_REALTIME, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/app.Dockerfile, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/db.Dockerfile, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/pii.Dockerfile, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/realtime.Dockerfile, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Check Docs Changes (push) Has been cancelled
CI / Process Docs (push) Has been cancelled
CI / Create GitHub Release (push) Has been cancelled
CI / Test and Build (push) Has been cancelled
Publish CLI Package / publish-npm (push) Has been cancelled
Publish Python SDK / publish-pypi (push) Has been cancelled
Publish TypeScript SDK / publish-npm (push) Has been cancelled
This commit is contained in:
@@ -0,0 +1,299 @@
|
||||
/**
|
||||
* @vitest-environment node
|
||||
*/
|
||||
import crypto from 'crypto'
|
||||
import { NextRequest } from 'next/server'
|
||||
import { describe, expect, it } from 'vitest'
|
||||
import { zendeskHandler } from '@/lib/webhooks/providers/zendesk'
|
||||
import { isZendeskEventMatch } from '@/triggers/zendesk/utils'
|
||||
|
||||
const SECRET = 'my-signing-secret'
|
||||
|
||||
function sign(secret: string, timestamp: string, body: string): string {
|
||||
return crypto
|
||||
.createHmac('sha256', secret)
|
||||
.update(timestamp + body, 'utf8')
|
||||
.digest('base64')
|
||||
}
|
||||
|
||||
function reqWithHeaders(headers: Record<string, string>): NextRequest {
|
||||
return new NextRequest('http://localhost/test', { headers })
|
||||
}
|
||||
|
||||
describe('Zendesk webhook provider', () => {
|
||||
describe('verifyAuth', () => {
|
||||
it('rejects when webhookSecret is missing', async () => {
|
||||
const res = await zendeskHandler.verifyAuth!({
|
||||
request: reqWithHeaders({}),
|
||||
rawBody: '{}',
|
||||
requestId: 't1',
|
||||
providerConfig: {},
|
||||
webhook: {},
|
||||
workflow: {},
|
||||
})
|
||||
expect(res?.status).toBe(401)
|
||||
})
|
||||
|
||||
it('rejects when signature headers are missing', async () => {
|
||||
const res = await zendeskHandler.verifyAuth!({
|
||||
request: reqWithHeaders({}),
|
||||
rawBody: '{}',
|
||||
requestId: 't2',
|
||||
providerConfig: { webhookSecret: SECRET },
|
||||
webhook: {},
|
||||
workflow: {},
|
||||
})
|
||||
expect(res?.status).toBe(401)
|
||||
})
|
||||
|
||||
it('rejects a stale timestamp outside the allowed skew window', async () => {
|
||||
const body = '{}'
|
||||
const timestamp = new Date(Date.now() - 10 * 60 * 1000).toISOString()
|
||||
const signature = sign(SECRET, timestamp, body)
|
||||
const res = await zendeskHandler.verifyAuth!({
|
||||
request: reqWithHeaders({
|
||||
'X-Zendesk-Webhook-Signature': signature,
|
||||
'X-Zendesk-Webhook-Signature-Timestamp': timestamp,
|
||||
}),
|
||||
rawBody: body,
|
||||
requestId: 't3',
|
||||
providerConfig: { webhookSecret: SECRET },
|
||||
webhook: {},
|
||||
workflow: {},
|
||||
})
|
||||
expect(res?.status).toBe(401)
|
||||
})
|
||||
|
||||
it('rejects an invalid signature', async () => {
|
||||
const body = '{}'
|
||||
const timestamp = new Date().toISOString()
|
||||
const res = await zendeskHandler.verifyAuth!({
|
||||
request: reqWithHeaders({
|
||||
'X-Zendesk-Webhook-Signature': 'not-a-real-signature',
|
||||
'X-Zendesk-Webhook-Signature-Timestamp': timestamp,
|
||||
}),
|
||||
rawBody: body,
|
||||
requestId: 't4',
|
||||
providerConfig: { webhookSecret: SECRET },
|
||||
webhook: {},
|
||||
workflow: {},
|
||||
})
|
||||
expect(res?.status).toBe(401)
|
||||
})
|
||||
|
||||
it('accepts a valid base64 HMAC-SHA256 signature over timestamp + body', async () => {
|
||||
const body = JSON.stringify({ id: 'evt-1', type: 'zen:event-type:ticket.created' })
|
||||
const timestamp = new Date().toISOString()
|
||||
const signature = sign(SECRET, timestamp, body)
|
||||
const res = await zendeskHandler.verifyAuth!({
|
||||
request: reqWithHeaders({
|
||||
'X-Zendesk-Webhook-Signature': signature,
|
||||
'X-Zendesk-Webhook-Signature-Timestamp': timestamp,
|
||||
}),
|
||||
rawBody: body,
|
||||
requestId: 't5',
|
||||
providerConfig: { webhookSecret: SECRET },
|
||||
webhook: {},
|
||||
workflow: {},
|
||||
})
|
||||
expect(res).toBeNull()
|
||||
})
|
||||
})
|
||||
|
||||
describe('isZendeskEventMatch', () => {
|
||||
it('matches the configured trigger to its native event type', () => {
|
||||
expect(isZendeskEventMatch('zendesk_ticket_created', 'zen:event-type:ticket.created')).toBe(
|
||||
true
|
||||
)
|
||||
expect(
|
||||
isZendeskEventMatch('zendesk_ticket_created', 'zen:event-type:ticket.status_changed')
|
||||
).toBe(false)
|
||||
expect(isZendeskEventMatch('zendesk_webhook', 'zen:event-type:ticket.created')).toBe(true)
|
||||
})
|
||||
})
|
||||
|
||||
describe('matchEvent', () => {
|
||||
it('passes through all events for the all-events trigger', async () => {
|
||||
const result = await zendeskHandler.matchEvent!({
|
||||
body: { type: 'zen:event-type:ticket.status_changed' },
|
||||
requestId: 't6',
|
||||
providerConfig: { triggerId: 'zendesk_webhook' },
|
||||
webhook: {},
|
||||
workflow: {},
|
||||
request: reqWithHeaders({}),
|
||||
})
|
||||
expect(result).toBe(true)
|
||||
})
|
||||
|
||||
it('filters events that do not match the configured trigger', async () => {
|
||||
const result = await zendeskHandler.matchEvent!({
|
||||
body: { type: 'zen:event-type:ticket.status_changed' },
|
||||
requestId: 't7',
|
||||
providerConfig: { triggerId: 'zendesk_ticket_created' },
|
||||
webhook: {},
|
||||
workflow: {},
|
||||
request: reqWithHeaders({}),
|
||||
})
|
||||
expect(result).toBe(false)
|
||||
})
|
||||
|
||||
it('does not throw when body is null', async () => {
|
||||
const result = await zendeskHandler.matchEvent!({
|
||||
body: null,
|
||||
requestId: 't8',
|
||||
providerConfig: { triggerId: 'zendesk_ticket_created' },
|
||||
webhook: {},
|
||||
workflow: {},
|
||||
request: reqWithHeaders({}),
|
||||
})
|
||||
expect(result).toBe(false)
|
||||
})
|
||||
})
|
||||
|
||||
describe('formatInput', () => {
|
||||
it('maps the event-subscription envelope to the declared output schema', async () => {
|
||||
const { input } = await zendeskHandler.formatInput!({
|
||||
body: {
|
||||
id: 'evt-1',
|
||||
type: 'zen:event-type:ticket.created',
|
||||
time: '2026-01-01T00:00:00Z',
|
||||
account_id: 123,
|
||||
detail: {
|
||||
id: '456',
|
||||
subject: 'Help',
|
||||
status: 'new',
|
||||
priority: 'high',
|
||||
type: 'incident',
|
||||
description: 'desc',
|
||||
requester_id: '1',
|
||||
assignee_id: '2',
|
||||
group_id: '3',
|
||||
organization_id: '4',
|
||||
tags: ['a', 'b'],
|
||||
via: { channel: 'web' },
|
||||
is_public: true,
|
||||
created_at: '2026-01-01T00:00:00Z',
|
||||
updated_at: '2026-01-01T00:00:00Z',
|
||||
},
|
||||
event: { current: 'high', previous: 'normal' },
|
||||
},
|
||||
headers: {},
|
||||
requestId: 't9',
|
||||
webhook: {},
|
||||
workflow: { id: 'w', userId: 'u' },
|
||||
})
|
||||
const i = input as Record<string, unknown>
|
||||
expect(i.event_id).toBe('evt-1')
|
||||
expect(i.event_type).toBe('zen:event-type:ticket.created')
|
||||
expect(i.account_id).toBe(123)
|
||||
const ticket = i.ticket as Record<string, unknown>
|
||||
expect(ticket.id).toBe('456')
|
||||
expect(ticket.ticket_type).toBe('incident')
|
||||
expect(ticket.via_channel).toBe('web')
|
||||
expect(ticket.tags).toEqual(['a', 'b'])
|
||||
expect(i.event).toEqual({ current: 'high', previous: 'normal' })
|
||||
})
|
||||
|
||||
it('does not throw and degrades gracefully when body is null', async () => {
|
||||
const { input } = await zendeskHandler.formatInput!({
|
||||
body: null,
|
||||
headers: {},
|
||||
requestId: 't10',
|
||||
webhook: {},
|
||||
workflow: { id: 'w', userId: 'u' },
|
||||
})
|
||||
const i = input as Record<string, unknown>
|
||||
expect(i.event_id).toBeUndefined()
|
||||
const ticket = i.ticket as Record<string, unknown>
|
||||
expect(ticket.id).toBeUndefined()
|
||||
expect(ticket.tags).toEqual([])
|
||||
})
|
||||
})
|
||||
|
||||
describe('createSubscription', () => {
|
||||
it('rejects a subdomain containing a path separator to prevent host-boundary escape', async () => {
|
||||
await expect(
|
||||
zendeskHandler.createSubscription!({
|
||||
webhook: {
|
||||
id: 'wh-1',
|
||||
path: 'p',
|
||||
providerConfig: {
|
||||
subdomain: 'evil.example.com/x',
|
||||
email: 'admin@example.com',
|
||||
apiToken: 'token',
|
||||
},
|
||||
},
|
||||
workflow: {},
|
||||
userId: 'u1',
|
||||
requestId: 't11',
|
||||
request: reqWithHeaders({}),
|
||||
})
|
||||
).rejects.toThrow(/subdomain must contain only letters, numbers, and hyphens/)
|
||||
})
|
||||
|
||||
it('rejects a subdomain that is missing entirely', async () => {
|
||||
await expect(
|
||||
zendeskHandler.createSubscription!({
|
||||
webhook: { id: 'wh-2', path: 'p', providerConfig: {} },
|
||||
workflow: {},
|
||||
userId: 'u1',
|
||||
requestId: 't12',
|
||||
request: reqWithHeaders({}),
|
||||
})
|
||||
).rejects.toThrow(/subdomain is required/)
|
||||
})
|
||||
})
|
||||
|
||||
describe('deleteSubscription', () => {
|
||||
it('skips (non-strict) when the stored subdomain is invalid', async () => {
|
||||
await expect(
|
||||
zendeskHandler.deleteSubscription!({
|
||||
webhook: {
|
||||
id: 'wh-3',
|
||||
providerConfig: {
|
||||
subdomain: 'evil.example.com/x',
|
||||
email: 'admin@example.com',
|
||||
apiToken: 'token',
|
||||
externalId: 'ext-1',
|
||||
},
|
||||
},
|
||||
workflow: {},
|
||||
requestId: 't13',
|
||||
})
|
||||
).resolves.toBeUndefined()
|
||||
})
|
||||
|
||||
it('throws (strict) when the stored subdomain is invalid', async () => {
|
||||
await expect(
|
||||
zendeskHandler.deleteSubscription!({
|
||||
webhook: {
|
||||
id: 'wh-4',
|
||||
providerConfig: {
|
||||
subdomain: 'evil.example.com/x',
|
||||
email: 'admin@example.com',
|
||||
apiToken: 'token',
|
||||
externalId: 'ext-1',
|
||||
},
|
||||
},
|
||||
workflow: {},
|
||||
requestId: 't14',
|
||||
strict: true,
|
||||
})
|
||||
).rejects.toThrow(/Invalid Zendesk subdomain/)
|
||||
})
|
||||
})
|
||||
|
||||
describe('extractIdempotencyId', () => {
|
||||
it('returns the stable event id', () => {
|
||||
expect(zendeskHandler.extractIdempotencyId!({ id: 'evt-1' })).toBe('evt-1')
|
||||
})
|
||||
|
||||
it('returns null when there is no id', () => {
|
||||
expect(zendeskHandler.extractIdempotencyId!({})).toBeNull()
|
||||
})
|
||||
|
||||
it('does not throw when body is null', () => {
|
||||
expect(zendeskHandler.extractIdempotencyId!(null)).toBeNull()
|
||||
})
|
||||
})
|
||||
})
|
||||
Reference in New Issue
Block a user