ece6821766
- Updated PLESK_DEPLOYMENT.md to include new Salesforce credentials and webhook security configurations. - Refactored order fulfillment controller to streamline the process and improve readability. - Introduced EnhancedWebhookSignatureGuard for improved HMAC signature validation and nonce management. - Updated various documentation files to reflect changes in endpoint naming from `/provision` to `/fulfill` for clarity and consistency. - Enhanced Redis integration for nonce storage to prevent replay attacks. - Removed deprecated WebhookSignatureGuard in favor of the new enhanced guard.
58 lines
2.3 KiB
TypeScript
58 lines
2.3 KiB
TypeScript
import {
|
|
Controller,
|
|
Post,
|
|
Body,
|
|
Headers,
|
|
UseGuards,
|
|
HttpCode,
|
|
HttpStatus,
|
|
BadRequestException,
|
|
} from "@nestjs/common";
|
|
import { WebhooksService } from "./webhooks.service";
|
|
import { ApiTags, ApiOperation, ApiResponse, ApiHeader } from "@nestjs/swagger";
|
|
import { ThrottlerGuard } from "@nestjs/throttler";
|
|
import { EnhancedWebhookSignatureGuard } from "./guards/enhanced-webhook-signature.guard";
|
|
import { Public } from "../auth/decorators/public.decorator";
|
|
|
|
@ApiTags("webhooks")
|
|
@Controller("webhooks")
|
|
@Public() // Webhooks use signature-based authentication, not JWT
|
|
@UseGuards(ThrottlerGuard) // Rate limit webhook endpoints
|
|
export class WebhooksController {
|
|
constructor(private webhooksService: WebhooksService) {}
|
|
|
|
@Post("whmcs")
|
|
@HttpCode(HttpStatus.OK)
|
|
@UseGuards(EnhancedWebhookSignatureGuard)
|
|
@ApiOperation({ summary: "WHMCS webhook endpoint" })
|
|
@ApiResponse({ status: 200, description: "Webhook processed successfully" })
|
|
@ApiResponse({ status: 400, description: "Invalid webhook data" })
|
|
@ApiResponse({ status: 401, description: "Invalid signature" })
|
|
@ApiHeader({ name: "X-WHMCS-Signature", description: "WHMCS webhook signature" })
|
|
handleWhmcsWebhook(@Body() payload: unknown, @Headers("x-whmcs-signature") signature: string) {
|
|
try {
|
|
this.webhooksService.processWhmcsWebhook(payload, signature);
|
|
return { success: true, message: "Webhook processed successfully" };
|
|
} catch {
|
|
throw new BadRequestException("Failed to process webhook");
|
|
}
|
|
}
|
|
|
|
@Post("salesforce")
|
|
@HttpCode(HttpStatus.OK)
|
|
@UseGuards(EnhancedWebhookSignatureGuard)
|
|
@ApiOperation({ summary: "Salesforce webhook endpoint" })
|
|
@ApiResponse({ status: 200, description: "Webhook processed successfully" })
|
|
@ApiResponse({ status: 400, description: "Invalid webhook data" })
|
|
@ApiResponse({ status: 401, description: "Invalid signature" })
|
|
@ApiHeader({ name: "X-SF-Signature", description: "Salesforce webhook signature" })
|
|
handleSalesforceWebhook(@Body() payload: unknown, @Headers("x-sf-signature") signature: string) {
|
|
try {
|
|
this.webhooksService.processSalesforceWebhook(payload, signature);
|
|
return { success: true, message: "Webhook processed successfully" };
|
|
} catch {
|
|
throw new BadRequestException("Failed to process webhook");
|
|
}
|
|
}
|
|
}
|