Files
2026-07-13 13:32:57 +08:00

45 lines
1.8 KiB
TypeScript

import { type ActionFunctionArgs, json } from "@remix-run/server-runtime";
import { logger } from "~/services/logger.server";
import { ssoController } from "~/services/sso.server";
import { accountsWebhookWorker } from "~/v3/accountsWebhookWorker.server";
// Thin, vendor-neutral passthrough for inbound account-management
// webhooks. This route does NOT verify or interpret the payload — it
// forwards the raw body + headers to the plugin, which owns the
// provider-specific signature scheme, then enqueues the verified event
// for the background worker. When no plugin is installed the controller
// returns `feature_disabled` and we 404 (don't advertise the endpoint).
export async function action({ request }: ActionFunctionArgs) {
if (request.method !== "POST") {
return json({ error: "Method not allowed" }, { status: 405 });
}
const rawBody = await request.text();
const headers = Object.fromEntries(request.headers);
const verified = await ssoController.verifyWebhook({ rawBody, headers });
if (verified.isErr()) {
switch (verified.error) {
case "invalid_signature":
return json({ error: "invalid signature" }, { status: 400 });
case "feature_disabled":
return json({ error: "not found" }, { status: 404 });
default:
// Transient/internal — let the provider retry.
logger.error("accounts webhook verify failed", { reason: verified.error });
return json({ error: "internal error" }, { status: 500 });
}
}
// Idempotent enqueue keyed on the event id — providers redeliver, so
// dedupe at the door. Processing happens async in accountsWebhookWorker.
await accountsWebhookWorker.enqueueOnce({
id: verified.value.event.id,
job: "account.webhook.event",
payload: verified.value.event,
});
return json({ received: true }, { status: 200 });
}