cast-ghl-plugin

CAST/cast-ghl-plugin

Fork 0

Commit Graph

Author	SHA1	Message	Date
Head of Product & Engineering	a3b14f8a2a	fix: correct webhook signature verification to RSA-PKCS1v15+SHA-256 GHL's x-wh-signature uses RSA-PKCS1v15 + SHA-256, not Ed25519. The previous implementation parsed the wrong key type and would reject all incoming webhooks in production. Changes: - webhook.go: switch x-wh-signature verification to RSA-PKCS1v15+SHA-256 - webhook.go: add optional Ed25519 path for X-GHL-Signature (July 2026+) - config.go: add optional GHL_WEBHOOK_ED25519_KEY for future migration - main.go: pass ed25519 key to NewWebhookHandler - webhook_test.go: update test helpers to use RSA keys Co-Authored-By: SideKx <sidekx.ai@sds.dev>	2026-04-06 17:42:07 +02:00
Head of Product & Engineering	4d8e1eb352	feat: AES-256-GCM encryption for per-location Cast API keys + MongoDB auth All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details - Add internal/crypto package: AES-256-GCM encrypt/decrypt with migration passthrough for existing plain-text records (no "enc:" prefix = plain text) - Store.NewStoreWithCipher injects cipher; SaveToken/UpdateLocationConfig encrypt cast_api_key before write; GetToken/ListTokens decrypt on read - Add CREDENTIALS_ENCRYPTION_KEY env var (64-hex / 32-byte); warns if unset - Add MongoDB authentication: MONGO_ROOT_USERNAME / MONGO_ROOT_PASSWORD via docker-compose MONGO_INITDB_ROOT_USERNAME/PASSWORD; MONGO_URI now requires credentials in .env.example - Update .env.example with generation instructions for all secrets Co-Authored-By: SideKx <sidekx.ai@sds.dev>	2026-04-06 15:27:38 +02:00
Head of Product & Engineering	a40a4aa626	feat: initial implementation of Cast GHL Provider Some checks failed ci/woodpecker/push/woodpecker Pipeline failed Details Complete MVP implementation of the Cast GHL Conversation Provider bridge: - Go module setup with chi router and mongo-driver dependencies - Config loading with env var validation and defaults - MongoDB token store with upsert, get, update, delete operations - Cast.ph SMS client with 429 retry logic and typed errors - Phone number normalization (E.164 ↔ Philippine local format) - GHL OAuth 2.0 install/callback/refresh flow - GHL webhook handler with ECDSA signature verification (async dispatch) - GHL API client for message status updates and inbound message stubs - Multi-stage Dockerfile, docker-compose with MongoDB, Woodpecker CI pipeline - Unit tests for phone normalization, Cast client, GHL webhook, and OAuth handlers Co-Authored-By: SideKx <sidekx.ai@sds.dev>	2026-04-04 17:27:05 +02:00

Author

SHA1

Message

Date

Head of Product & Engineering

a3b14f8a2a

fix: correct webhook signature verification to RSA-PKCS1v15+SHA-256

GHL's x-wh-signature uses RSA-PKCS1v15 + SHA-256, not Ed25519.
The previous implementation parsed the wrong key type and would reject
all incoming webhooks in production.

Changes:
- webhook.go: switch x-wh-signature verification to RSA-PKCS1v15+SHA-256
- webhook.go: add optional Ed25519 path for X-GHL-Signature (July 2026+)
- config.go: add optional GHL_WEBHOOK_ED25519_KEY for future migration
- main.go: pass ed25519 key to NewWebhookHandler
- webhook_test.go: update test helpers to use RSA keys

Co-Authored-By: SideKx <sidekx.ai@sds.dev>

2026-04-06 17:42:07 +02:00

Head of Product & Engineering

4d8e1eb352

feat: AES-256-GCM encryption for per-location Cast API keys + MongoDB auth

ci/woodpecker/push/woodpecker Pipeline was successful

Details

- Add internal/crypto package: AES-256-GCM encrypt/decrypt with migration
  passthrough for existing plain-text records (no "enc:" prefix = plain text)
- Store.NewStoreWithCipher injects cipher; SaveToken/UpdateLocationConfig
  encrypt cast_api_key before write; GetToken/ListTokens decrypt on read
- Add CREDENTIALS_ENCRYPTION_KEY env var (64-hex / 32-byte); warns if unset
- Add MongoDB authentication: MONGO_ROOT_USERNAME / MONGO_ROOT_PASSWORD via
  docker-compose MONGO_INITDB_ROOT_USERNAME/PASSWORD; MONGO_URI now requires
  credentials in .env.example
- Update .env.example with generation instructions for all secrets

Co-Authored-By: SideKx <sidekx.ai@sds.dev>

2026-04-06 15:27:38 +02:00

Head of Product & Engineering

a40a4aa626

feat: initial implementation of Cast GHL Provider

ci/woodpecker/push/woodpecker Pipeline failed

Details

Complete MVP implementation of the Cast GHL Conversation Provider bridge:
- Go module setup with chi router and mongo-driver dependencies
- Config loading with env var validation and defaults
- MongoDB token store with upsert, get, update, delete operations
- Cast.ph SMS client with 429 retry logic and typed errors
- Phone number normalization (E.164 ↔ Philippine local format)
- GHL OAuth 2.0 install/callback/refresh flow
- GHL webhook handler with ECDSA signature verification (async dispatch)
- GHL API client for message status updates and inbound message stubs
- Multi-stage Dockerfile, docker-compose with MongoDB, Woodpecker CI pipeline
- Unit tests for phone normalization, Cast client, GHL webhook, and OAuth handlers

Co-Authored-By: SideKx <sidekx.ai@sds.dev>

2026-04-04 17:27:05 +02:00

3 Commits