Files
simstudioai--sim/apps/sim/lib/webhooks/providers/ashby.ts
T
wehub-resource-sync d25d482dc2
Publish CLI Package / publish-npm (push) Waiting to run
Publish Python SDK / publish-pypi (push) Waiting to run
Publish TypeScript SDK / publish-npm (push) Waiting to run
CI / Migrate Dev DB (push) Has been skipped
CI / Detect Version (push) Has been cancelled
CI / Migrate DB (push) Has been cancelled
CI / Build Dev ECR (./docker/app.Dockerfile, ECR_APP) (push) Has been cancelled
CI / Build Dev ECR (./docker/db.Dockerfile, ECR_MIGRATIONS) (push) Has been cancelled
CI / Build Dev ECR (./docker/pii.Dockerfile, ECR_PII) (push) Has been cancelled
CI / Build Dev ECR (./docker/realtime.Dockerfile, ECR_REALTIME) (push) Has been cancelled
CI / Deploy Trigger.dev (Dev) (push) Has been cancelled
CI / Build AMD64 (./docker/app.Dockerfile, ECR_APP, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build AMD64 (./docker/db.Dockerfile, ECR_MIGRATIONS, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build AMD64 (./docker/pii.Dockerfile, ECR_PII, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build AMD64 (./docker/realtime.Dockerfile, ECR_REALTIME, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/app.Dockerfile, ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/db.Dockerfile, ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/pii.Dockerfile, ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Build ARM64 (GHCR Only) (./docker/realtime.Dockerfile, ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/migrations) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/pii) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/realtime) (push) Has been cancelled
CI / Create GHCR Manifests (ghcr.io/simstudioai/simstudio) (push) Has been cancelled
CI / Check Docs Changes (push) Has been cancelled
CI / Process Docs (push) Has been cancelled
CI / Create GitHub Release (push) Has been cancelled
CI / Test and Build (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 13:20:55 +08:00

316 lines
11 KiB
TypeScript

import { createLogger } from '@sim/logger'
import { safeCompare } from '@sim/security/compare'
import { hmacSha256Hex } from '@sim/security/hmac'
import { generateId } from '@sim/utils/id'
import { omit } from '@sim/utils/object'
import { NextResponse } from 'next/server'
import { getNotificationUrl, getProviderConfig } from '@/lib/webhooks/provider-subscription-utils'
import type {
AuthContext,
DeleteSubscriptionContext,
EventMatchContext,
FormatInputContext,
FormatInputResult,
SubscriptionContext,
SubscriptionResult,
WebhookProviderHandler,
} from '@/lib/webhooks/providers/types'
import { buildFallbackDeliveryFingerprint } from '@/lib/webhooks/providers/utils'
const logger = createLogger('WebhookProvider:Ashby')
function validateAshbySignature(secretToken: string, signature: string, body: string): boolean {
try {
if (!secretToken || !signature || !body) {
return false
}
if (!signature.startsWith('sha256=')) {
return false
}
const providedSignature = signature.substring(7)
const computedHash = hmacSha256Hex(body, secretToken)
return safeCompare(computedHash, providedSignature)
} catch (error) {
logger.error('Error validating Ashby signature:', error)
return false
}
}
export const ashbyHandler: WebhookProviderHandler = {
extractIdempotencyId(body: unknown): string | null {
const obj = body as Record<string, unknown>
const action = typeof obj.action === 'string' ? obj.action : undefined
const data = obj.data as Record<string, unknown> | undefined
if (!action || !data) return null
const application = data.application as Record<string, unknown> | undefined
const candidate = data.candidate as Record<string, unknown> | undefined
const job = data.job as Record<string, unknown> | undefined
const offer = data.offer as Record<string, unknown> | undefined
if (application?.id) {
const discriminator = application.updatedAt ?? buildFallbackDeliveryFingerprint(data)
const offerSuffix = offer?.id ? `:${offer.id}` : ''
return `ashby:${action}:${application.id}:${discriminator}${offerSuffix}`
}
if (offer?.id) {
return `ashby:${action}:${offer.id}`
}
if (candidate?.id) {
return `ashby:${action}:${candidate.id}`
}
if (job?.id) {
return `ashby:${action}:${job.id}`
}
return null
},
async formatInput({ body }: FormatInputContext): Promise<FormatInputResult> {
const b = body as Record<string, unknown>
const data = (b.data as Record<string, unknown>) || {}
const application = data.application as Record<string, unknown> | undefined
const currentInterviewStage = application?.currentInterviewStage as
| Record<string, unknown>
| undefined
return {
input: {
...data,
...(application && currentInterviewStage
? {
application: {
...application,
currentInterviewStage: {
...omit(currentInterviewStage, ['type']),
stageType: currentInterviewStage.type,
},
},
}
: {}),
action: b.action,
},
}
},
verifyAuth({ request, rawBody, requestId, providerConfig }: AuthContext): NextResponse | null {
const secretToken = (providerConfig.secretToken as string | undefined)?.trim()
if (!secretToken) {
logger.warn(
`[${requestId}] Ashby webhook missing secretToken in providerConfig — rejecting request`
)
return new NextResponse(
'Unauthorized - Ashby webhook signing secret is not configured. Re-save the trigger so a webhook can be registered.',
{ status: 401 }
)
}
const signature = request.headers.get('ashby-signature')
if (!signature) {
logger.warn(`[${requestId}] Ashby webhook missing signature header`)
return new NextResponse('Unauthorized - Missing Ashby signature', { status: 401 })
}
if (!validateAshbySignature(secretToken, signature, rawBody)) {
logger.warn(`[${requestId}] Ashby signature verification failed`, {
signatureLength: signature.length,
secretLength: secretToken.length,
})
return new NextResponse('Unauthorized - Invalid Ashby signature', { status: 401 })
}
return null
},
async matchEvent({
webhook,
body,
requestId,
providerConfig,
}: EventMatchContext): Promise<boolean> {
const triggerId = providerConfig.triggerId as string | undefined
const obj = body as Record<string, unknown>
const action = typeof obj?.action === 'string' ? obj.action : ''
if (action === 'ping') {
logger.debug(`[${requestId}] Ashby ping event received. Skipping execution.`, {
webhookId: webhook.id,
triggerId,
})
return false
}
if (!triggerId) return true
const { isAshbyEventMatch } = await import('@/triggers/ashby/utils')
if (!isAshbyEventMatch(triggerId, action)) {
logger.debug(
`[${requestId}] Ashby event mismatch for trigger ${triggerId}. Action: ${action || '(missing)'}. Skipping execution.`,
{
webhookId: webhook.id,
triggerId,
receivedAction: action,
}
)
return false
}
return true
},
async createSubscription(ctx: SubscriptionContext): Promise<SubscriptionResult | undefined> {
try {
const providerConfig = getProviderConfig(ctx.webhook)
const { apiKey, triggerId } = providerConfig as {
apiKey?: string
triggerId?: string
}
if (!apiKey) {
throw new Error(
'Ashby API Key is required. Please provide your API Key with apiKeysWrite permission in the trigger configuration.'
)
}
if (!triggerId) {
throw new Error('Trigger ID is required to create Ashby webhook.')
}
const { ASHBY_TRIGGER_ACTION_MAP } = await import('@/triggers/ashby/utils')
const webhookType = ASHBY_TRIGGER_ACTION_MAP[triggerId]
if (!webhookType) {
throw new Error(
`Unknown Ashby triggerId: ${triggerId}. Add it to ASHBY_TRIGGER_ACTION_MAP.`
)
}
const notificationUrl = getNotificationUrl(ctx.webhook)
const authString = Buffer.from(`${apiKey}:`).toString('base64')
logger.info(`[${ctx.requestId}] Creating Ashby webhook`, {
triggerId,
webhookType,
webhookId: ctx.webhook.id,
})
const secretToken = generateId()
const requestBody: Record<string, unknown> = {
requestUrl: notificationUrl,
webhookType,
secretToken,
}
const ashbyResponse = await fetch('https://api.ashbyhq.com/webhook.create', {
method: 'POST',
headers: {
Authorization: `Basic ${authString}`,
'Content-Type': 'application/json',
},
body: JSON.stringify(requestBody),
})
const responseBody = (await ashbyResponse.json().catch(() => ({}))) as Record<string, unknown>
if (!ashbyResponse.ok || !responseBody.success) {
const errorInfo = responseBody.errorInfo as Record<string, string> | undefined
const errorMessage =
errorInfo?.message || (responseBody.message as string) || 'Unknown Ashby API error'
let userFriendlyMessage = 'Failed to create webhook subscription in Ashby'
if (ashbyResponse.status === 401) {
userFriendlyMessage =
'Invalid Ashby API Key. Please verify your API Key is correct and has apiKeysWrite permission.'
} else if (ashbyResponse.status === 403) {
userFriendlyMessage =
'Access denied. Please ensure your Ashby API Key has the apiKeysWrite permission.'
} else if (/duplicate webhook/i.test(errorMessage)) {
userFriendlyMessage =
'A webhook for this URL and event already exists in Ashby. This usually happens when a previous save succeeded in Ashby but Sim failed to record it. Delete the duplicate webhook under Ashby Settings > API/Webhooks, then re-save this trigger.'
} else if (errorMessage && errorMessage !== 'Unknown Ashby API error') {
userFriendlyMessage = `Ashby error: ${errorMessage}`
}
throw new Error(userFriendlyMessage)
}
const results = responseBody.results as Record<string, unknown> | undefined
const externalId = results?.id as string | undefined
if (!externalId) {
throw new Error('Ashby webhook creation succeeded but no webhook ID was returned')
}
logger.info(
`[${ctx.requestId}] Successfully created Ashby webhook subscription ${externalId} for webhook ${ctx.webhook.id}`
)
return { providerConfigUpdates: { externalId, secretToken } }
} catch (error: unknown) {
const err = error as Error
logger.error(
`[${ctx.requestId}] Exception during Ashby webhook creation for webhook ${ctx.webhook.id}.`,
{
message: err.message,
stack: err.stack,
}
)
throw error
}
},
async deleteSubscription(ctx: DeleteSubscriptionContext): Promise<void> {
try {
const config = getProviderConfig(ctx.webhook)
const apiKey = config.apiKey as string | undefined
const externalId = config.externalId as string | undefined
if (!apiKey) {
logger.warn(
`[${ctx.requestId}] Missing apiKey for Ashby webhook deletion ${ctx.webhook.id}, skipping cleanup`
)
if (ctx.strict) throw new Error('Missing Ashby apiKey for webhook deletion')
return
}
if (!externalId) {
logger.warn(
`[${ctx.requestId}] Missing externalId for Ashby webhook deletion ${ctx.webhook.id}, skipping cleanup`
)
if (ctx.strict) throw new Error('Missing Ashby externalId for webhook deletion')
return
}
const authString = Buffer.from(`${apiKey}:`).toString('base64')
const ashbyResponse = await fetch('https://api.ashbyhq.com/webhook.delete', {
method: 'POST',
headers: {
Authorization: `Basic ${authString}`,
'Content-Type': 'application/json',
},
body: JSON.stringify({ webhookId: externalId }),
})
if (ashbyResponse.ok) {
await ashbyResponse.body?.cancel()
logger.info(
`[${ctx.requestId}] Successfully deleted Ashby webhook subscription ${externalId}`
)
} else if (ashbyResponse.status === 404) {
await ashbyResponse.body?.cancel()
logger.info(
`[${ctx.requestId}] Ashby webhook ${externalId} not found during deletion (already removed)`
)
} else {
const responseBody = await ashbyResponse.json().catch(() => ({}))
logger.warn(
`[${ctx.requestId}] Failed to delete Ashby webhook (non-fatal): ${ashbyResponse.status}`,
{ response: responseBody }
)
if (ctx.strict) throw new Error(`Failed to delete Ashby webhook: ${ashbyResponse.status}`)
}
} catch (error) {
logger.warn(`[${ctx.requestId}] Error deleting Ashby webhook (non-fatal)`, error)
if (ctx.strict) throw error
}
},
}