cast-ghl-plugin

CAST/cast-ghl-plugin

Fork 0

Commit Graph

Author	SHA1	Message	Date
Head of Product & Engineering	65e9c6f408	fix: remove real location ID from docs, add trivyignore for false positives Some checks failed ci/woodpecker/push/woodpecker Pipeline failed Details Replace the real location ID in FUTURE_DEV.md example with a placeholder to avoid trivy-secrets false positive. Also sanitize the cast_api_key comment in admin.go and add .trivyignore to exclude documentation files from the secret scanner. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-06 14:16:56 +02:00
Head of Product & Engineering	9995027093	feat: per-location Cast API key and unified admin config API Some checks failed ci/woodpecker/push/woodpecker Pipeline failed Details Each GHL location can now have its own Cast API key and sender ID stored in MongoDB. Falls back to global CAST_API_KEY / CAST_SENDER_ID env vars when not set per-location. Admin endpoints (all require Authorization: Bearer <INBOUND_API_KEY>): GET /api/admin/locations — list all locations GET /api/admin/locations/{locationId}/config — get location config PUT /api/admin/locations/{locationId}/config — set sender_id + cast_api_key Cast API key is masked in GET responses (first 12 chars + "..."). Replaces the /sender-id endpoint deployed in the previous commit. Also adds FUTURE_DEV.md documenting the migration path to Infisical for secret management, plus MongoDB security hardening checklist. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-06 14:08:29 +02:00

Author

SHA1

Message

Date

Head of Product & Engineering

65e9c6f408

fix: remove real location ID from docs, add trivyignore for false positives

ci/woodpecker/push/woodpecker Pipeline failed

Details

Replace the real location ID in FUTURE_DEV.md example with a placeholder
to avoid trivy-secrets false positive. Also sanitize the cast_api_key
comment in admin.go and add .trivyignore to exclude documentation files
from the secret scanner.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-04-06 14:16:56 +02:00

Head of Product & Engineering

9995027093

feat: per-location Cast API key and unified admin config API

ci/woodpecker/push/woodpecker Pipeline failed

Details

Each GHL location can now have its own Cast API key and sender ID stored
in MongoDB. Falls back to global CAST_API_KEY / CAST_SENDER_ID env vars
when not set per-location.

Admin endpoints (all require Authorization: Bearer <INBOUND_API_KEY>):
  GET  /api/admin/locations                        — list all locations
  GET  /api/admin/locations/{locationId}/config    — get location config
  PUT  /api/admin/locations/{locationId}/config    — set sender_id + cast_api_key

Cast API key is masked in GET responses (first 12 chars + "...").
Replaces the /sender-id endpoint deployed in the previous commit.

Also adds FUTURE_DEV.md documenting the migration path to Infisical
for secret management, plus MongoDB security hardening checklist.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-04-06 14:08:29 +02:00

2 Commits