a3b14f8a2a
GHL's x-wh-signature uses RSA-PKCS1v15 + SHA-256, not Ed25519. The previous implementation parsed the wrong key type and would reject all incoming webhooks in production. Changes: - webhook.go: switch x-wh-signature verification to RSA-PKCS1v15+SHA-256 - webhook.go: add optional Ed25519 path for X-GHL-Signature (July 2026+) - config.go: add optional GHL_WEBHOOK_ED25519_KEY for future migration - main.go: pass ed25519 key to NewWebhookHandler - webhook_test.go: update test helpers to use RSA keys Co-Authored-By: SideKx <sidekx.ai@sds.dev>
109 lines
3.1 KiB
Go
109 lines
3.1 KiB
Go
package main
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"log/slog"
|
|
"net/http"
|
|
"os"
|
|
"os/signal"
|
|
"syscall"
|
|
"time"
|
|
|
|
"github.com/go-chi/chi/v5"
|
|
"github.com/go-chi/chi/v5/middleware"
|
|
|
|
"git.sds.dev/CAST/cast-ghl-plugin/internal/cast"
|
|
"git.sds.dev/CAST/cast-ghl-plugin/internal/config"
|
|
"git.sds.dev/CAST/cast-ghl-plugin/internal/crypto"
|
|
"git.sds.dev/CAST/cast-ghl-plugin/internal/ghl"
|
|
"git.sds.dev/CAST/cast-ghl-plugin/internal/store"
|
|
)
|
|
|
|
func main() {
|
|
slog.SetDefault(slog.New(slog.NewJSONHandler(os.Stderr, &slog.HandlerOptions{Level: slog.LevelInfo})))
|
|
if err := run(); err != nil {
|
|
slog.Error("fatal error", "err", err)
|
|
os.Exit(1)
|
|
}
|
|
}
|
|
|
|
func run() error {
|
|
cfg, err := config.Load()
|
|
if err != nil {
|
|
return fmt.Errorf("config: %w", err)
|
|
}
|
|
|
|
ctx := context.Background()
|
|
|
|
var cipher *crypto.Cipher
|
|
if cfg.CredentialsEncryptionKey != "" {
|
|
cipher, err = crypto.NewCipher(cfg.CredentialsEncryptionKey)
|
|
if err != nil {
|
|
return fmt.Errorf("credentials cipher: %w", err)
|
|
}
|
|
}
|
|
|
|
s, err := store.NewStoreWithCipher(ctx, cfg.MongoURI, cipher)
|
|
if err != nil {
|
|
return fmt.Errorf("mongodb: %w", err)
|
|
}
|
|
defer func() { _ = s.Close(ctx) }()
|
|
|
|
castClient := cast.NewClient(cfg.CastAPIURL, cfg.CastAPIKey, cfg.CastSenderID)
|
|
ghlAPI := ghl.NewAPIClient()
|
|
oauthHandler := ghl.NewOAuthHandler(cfg.GHLClientID, cfg.GHLClientSecret, cfg.BaseURL, cfg.GHLConversationProviderID, s)
|
|
|
|
webhookHandler, err := ghl.NewWebhookHandler(cfg.GHLWebhookPublicKey, cfg.GHLWebhookEd25519Key, castClient, ghlAPI, oauthHandler, s)
|
|
if err != nil {
|
|
return fmt.Errorf("webhook handler: %w", err)
|
|
}
|
|
|
|
adminHandler := ghl.NewAdminHandler(cfg.InboundAPIKey, s)
|
|
|
|
r := chi.NewRouter()
|
|
r.Use(middleware.RequestID)
|
|
r.Use(middleware.RealIP)
|
|
r.Use(middleware.Recoverer)
|
|
r.Use(middleware.Timeout(60 * time.Second))
|
|
|
|
r.Get("/health", healthCheck)
|
|
r.Get("/install", oauthHandler.HandleInstall)
|
|
r.Get("/oauth-callback", oauthHandler.HandleCallback)
|
|
r.Post("/api/ghl/v1/webhook/messages", webhookHandler.HandleWebhook)
|
|
r.Post("/api/ghl/v1/webhook/uninstall", webhookHandler.HandleUninstall)
|
|
r.Get("/api/admin/locations", adminHandler.HandleListLocations)
|
|
r.Get("/api/admin/locations/{locationId}/config", adminHandler.HandleGetLocationConfig)
|
|
r.Put("/api/admin/locations/{locationId}/config", adminHandler.HandleSetLocationConfig)
|
|
|
|
srv := &http.Server{
|
|
Addr: ":" + cfg.Port,
|
|
Handler: r,
|
|
ReadHeaderTimeout: 10 * time.Second,
|
|
}
|
|
|
|
go func() {
|
|
sigCh := make(chan os.Signal, 1)
|
|
signal.Notify(sigCh, syscall.SIGINT, syscall.SIGTERM)
|
|
<-sigCh
|
|
slog.Info("shutting down...")
|
|
shutdownCtx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
|
|
defer cancel()
|
|
if err := srv.Shutdown(shutdownCtx); err != nil {
|
|
slog.Error("shutdown error", "err", err)
|
|
}
|
|
}()
|
|
|
|
slog.Info("cast-ghl-provider started", "port", cfg.Port, "base_url", cfg.BaseURL)
|
|
if err := srv.ListenAndServe(); err != http.ErrServerClosed {
|
|
return fmt.Errorf("server: %w", err)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func healthCheck(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Set("Content-Type", "application/json")
|
|
w.WriteHeader(http.StatusOK)
|
|
_, _ = w.Write([]byte(`{"status":"ok","service":"cast-ghl-provider"}`))
|
|
}
|