45 lines
1.8 KiB
TypeScript
45 lines
1.8 KiB
TypeScript
import { type ActionFunctionArgs, json } from "@remix-run/server-runtime";
|
|
import { logger } from "~/services/logger.server";
|
|
import { ssoController } from "~/services/sso.server";
|
|
import { accountsWebhookWorker } from "~/v3/accountsWebhookWorker.server";
|
|
|
|
// Thin, vendor-neutral passthrough for inbound account-management
|
|
// webhooks. This route does NOT verify or interpret the payload — it
|
|
// forwards the raw body + headers to the plugin, which owns the
|
|
// provider-specific signature scheme, then enqueues the verified event
|
|
// for the background worker. When no plugin is installed the controller
|
|
// returns `feature_disabled` and we 404 (don't advertise the endpoint).
|
|
export async function action({ request }: ActionFunctionArgs) {
|
|
if (request.method !== "POST") {
|
|
return json({ error: "Method not allowed" }, { status: 405 });
|
|
}
|
|
|
|
const rawBody = await request.text();
|
|
const headers = Object.fromEntries(request.headers);
|
|
|
|
const verified = await ssoController.verifyWebhook({ rawBody, headers });
|
|
|
|
if (verified.isErr()) {
|
|
switch (verified.error) {
|
|
case "invalid_signature":
|
|
return json({ error: "invalid signature" }, { status: 400 });
|
|
case "feature_disabled":
|
|
return json({ error: "not found" }, { status: 404 });
|
|
default:
|
|
// Transient/internal — let the provider retry.
|
|
logger.error("accounts webhook verify failed", { reason: verified.error });
|
|
return json({ error: "internal error" }, { status: 500 });
|
|
}
|
|
}
|
|
|
|
// Idempotent enqueue keyed on the event id — providers redeliver, so
|
|
// dedupe at the door. Processing happens async in accountsWebhookWorker.
|
|
await accountsWebhookWorker.enqueueOnce({
|
|
id: verified.value.event.id,
|
|
job: "account.webhook.event",
|
|
payload: verified.value.event,
|
|
});
|
|
|
|
return json({ received: true }, { status: 200 });
|
|
}
|