feat: add per-webhook secret with backfill migration (#13573)

lib/webhooks/trigger.rb

@@ -1,14 +1,16 @@
 class Webhooks::Trigger
   SUPPORTED_ERROR_HANDLE_EVENTS = %w[message_created message_updated].freeze
 
-  def initialize(url, payload, webhook_type)
+  def initialize(url, payload, webhook_type, secret: nil, delivery_id: nil)
     @url = url
     @payload = payload
     @webhook_type = webhook_type
+    @secret = secret
+    @delivery_id = delivery_id
   end
 
-  def self.execute(url, payload, webhook_type)
-    new(url, payload, webhook_type).execute
+  def self.execute(url, payload, webhook_type, secret: nil, delivery_id: nil)
+    new(url, payload, webhook_type, secret: secret, delivery_id: delivery_id).execute
   end
 
   def execute
@@ -21,15 +23,27 @@ class Webhooks::Trigger
   private
 
   def perform_request
+    body = @payload.to_json
     RestClient::Request.execute(
       method: :post,
       url: @url,
-      payload: @payload.to_json,
-      headers: { content_type: :json, accept: :json },
+      payload: body,
+      headers: request_headers(body),
       timeout: webhook_timeout
     )
   end
 
+  def request_headers(body)
+    headers = { content_type: :json, accept: :json }
+    headers['X-Chatwoot-Delivery'] = @delivery_id if @delivery_id.present?
+    if @secret.present?
+      ts = Time.now.to_i.to_s
+      headers['X-Chatwoot-Timestamp'] = ts
+      headers['X-Chatwoot-Signature'] = "sha256=#{OpenSSL::HMAC.hexdigest('SHA256', @secret, "#{ts}.#{body}")}"
+    end
+    headers
+  end
+
   def handle_error(error)
     return unless SUPPORTED_ERROR_HANDLE_EVENTS.include?(@payload[:event])
     return unless message
@@ -72,7 +86,11 @@ class Webhooks::Trigger
   def message
     return if message_id.blank?
 
-    @message ||= Message.find_by(id: message_id)
+    if defined?(@message)
+      @message
+    else
+      @message = Message.find_by(id: message_id)
+    end
   end
 
   def message_id