LeadMagnet/leadchat
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
Files
95463230cbc32833e0fcedcc7f82d0cc096c96a2
leadchat/app/models/channel/api.rb
Shivam Mishra 95463230cb feat: sign webhooks for API channel and agentbots (#13892) 
Account webhooks sign outgoing payloads with HMAC-SHA256, but agent bot
and API inbox webhooks were delivered unsigned. This PR adds the same
signing to both.

Each model gets a dedicated `secret` column rather than reusing the
agent bot's `access_token` (for API auth back into Chatwoot) or the API
inbox's `hmac_token` (for inbound contact identity verification). These
serve different trust boundaries and shouldn't be coupled — rotating a
signing secret shouldn't invalidate API access or contact verification.

The existing `Webhooks::Trigger` already signs when a secret is present,
so the backend change is just passing `secret:` through to the jobs.
Shared token logic is extracted into a `WebhookSecretable` concern
included by `Webhook`, `AgentBot`, and `Channel::Api`. The frontend
reuses the existing `AccessToken` component for secret display. Secrets
are admin-only and excluded from enterprise audit logs.

### How to test

Point an agent bot or API inbox webhook URL at a request inspector. Send
a message and verify `X-Chatwoot-Signature` and `X-Chatwoot-Timestamp`
headers are present. Reset the secret from settings and confirm
subsequent deliveries use the new value.

---------

Co-authored-by: Sojan Jose <sojan@pepalo.com>
2026-04-06 15:28:25 +05:30

47 lines
1.3 KiB
Ruby
Raw Blame History

# == Schema Information
#
# Table name: channel_api
#
# id :bigint not null, primary key
# additional_attributes :jsonb
# hmac_mandatory :boolean default(FALSE)
# hmac_token :string
# identifier :string
# secret :string
# webhook_url :string
# created_at :datetime not null
# updated_at :datetime not null
# account_id :integer not null
#
# Indexes
#
# index_channel_api_on_hmac_token (hmac_token) UNIQUE
# index_channel_api_on_identifier (identifier) UNIQUE
#
class Channel::Api < ApplicationRecord
include Channelable
self.table_name = 'channel_api'
EDITABLE_ATTRS = [:webhook_url, :hmac_mandatory, { additional_attributes: {} }].freeze
has_secure_token :identifier
has_secure_token :hmac_token
include WebhookSecretable
validate :ensure_valid_agent_reply_time_window
validates :webhook_url, length: { maximum: Limits::URL_LENGTH_LIMIT }
def name
'API'
end
private
def ensure_valid_agent_reply_time_window
return if additional_attributes['agent_reply_time_window'].blank?
return if additional_attributes['agent_reply_time_window'].to_i.positive?
errors.add(:agent_reply_time_window, 'agent_reply_time_window must be greater than 0')
end
end
Reference in New Issue View Git Blame Copy Permalink