95463230cb
Account webhooks sign outgoing payloads with HMAC-SHA256, but agent bot and API inbox webhooks were delivered unsigned. This PR adds the same signing to both. Each model gets a dedicated `secret` column rather than reusing the agent bot's `access_token` (for API auth back into Chatwoot) or the API inbox's `hmac_token` (for inbound contact identity verification). These serve different trust boundaries and shouldn't be coupled — rotating a signing secret shouldn't invalidate API access or contact verification. The existing `Webhooks::Trigger` already signs when a secret is present, so the backend change is just passing `secret:` through to the jobs. Shared token logic is extracted into a `WebhookSecretable` concern included by `Webhook`, `AgentBot`, and `Channel::Api`. The frontend reuses the existing `AccessToken` component for secret display. Secrets are admin-only and excluded from enterprise audit logs. ### How to test Point an agent bot or API inbox webhook URL at a request inspector. Send a message and verify `X-Chatwoot-Signature` and `X-Chatwoot-Timestamp` headers are present. Reset the secret from settings and confirm subsequent deliveries use the new value. --------- Co-authored-by: Sojan Jose <sojan@pepalo.com>
47 lines
1.6 KiB
Ruby
47 lines
1.6 KiB
Ruby
# == Schema Information
|
|
#
|
|
# Table name: webhooks
|
|
#
|
|
# id :bigint not null, primary key
|
|
# name :string
|
|
# secret :string
|
|
# subscriptions :jsonb
|
|
# url :text
|
|
# webhook_type :integer default("account_type")
|
|
# created_at :datetime not null
|
|
# updated_at :datetime not null
|
|
# account_id :integer
|
|
# inbox_id :integer
|
|
#
|
|
# Indexes
|
|
#
|
|
# index_webhooks_on_account_id_and_url (account_id,url) UNIQUE
|
|
#
|
|
|
|
class Webhook < ApplicationRecord
|
|
belongs_to :account
|
|
belongs_to :inbox, optional: true
|
|
|
|
include WebhookSecretable
|
|
|
|
validates :account_id, presence: true
|
|
validates :url, uniqueness: { scope: [:account_id] }, format: URI::DEFAULT_PARSER.make_regexp(%w[http https])
|
|
validate :validate_webhook_subscriptions
|
|
enum webhook_type: { account_type: 0, inbox_type: 1 }
|
|
|
|
ALLOWED_WEBHOOK_EVENTS = %w[conversation_status_changed conversation_updated conversation_created contact_created contact_updated
|
|
message_created message_updated webwidget_triggered inbox_created inbox_updated
|
|
conversation_typing_on conversation_typing_off].freeze
|
|
|
|
private
|
|
|
|
def validate_webhook_subscriptions
|
|
invalid_subscriptions = !subscriptions.instance_of?(Array) ||
|
|
subscriptions.blank? ||
|
|
(subscriptions.uniq - ALLOWED_WEBHOOK_EVENTS).length.positive?
|
|
errors.add(:subscriptions, I18n.t('errors.webhook.invalid')) if invalid_subscriptions
|
|
end
|
|
end
|
|
|
|
Webhook.include_mod_with('Audit::Webhook')
|