Commit Graph

4 Commits (01500400562a9a767449fdc71129aa02689b9ab0)

Author SHA1 Message Date
boojack eb826455b6 chore(webhook): reveal-later signing secret flow
Generate webhook signing secrets server-side and let users reveal them on
demand, replacing the create-dialog secret controls that surfaced internal
mask state (Status / Generate & Copy / Clear / Pending) to users.

- Add owner-gated GetUserWebhookSigningSecret RPC — the only path that
  returns the secret; list/create/update responses still omit it.
- Generate the secret server-side on create (webhook.GenerateSigningSecret),
  so validity no longer depends on the client.
- Rename UserWebhook.has_signing_secret -> signing_secret_set for parity
  with the existing api_key_set field.
- Create dialog drops the secret section to a one-line note; the generated
  secret is shown once right after create and revealable from Edit later.
2 weeks ago
boojack f497f009ce fix(webhook): fail loud on malformed signing secret and add tests
Follow-up to #6013. The signing path silently fell back to using the raw
secret string as the HMAC key when a whsec_-prefixed secret had invalid
base64, producing signatures no receiver could verify with no server-side
signal.

- Extract resolveSigningKey helper that errors on invalid whsec_ base64
- Post returns that error (logged by the async dispatcher); ValidateSigningSecret
  rejects it at write time so a bad secret is never stored
- Fix stale comment referencing a nonexistent Authorization header
- Add Go tests: key derivation, secret validation, end-to-end signature
  round-trip, and the invariant that the secret never leaks into API responses
1 month ago
boojack c45663761d fix(api): reduce memory pressure in backend paths 3 months ago
boojack 10a955fd62 refactor: move plugin packages under internal 3 months ago