CAST/cast-ghl-plugin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
43 Commits 1 Branch 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Head of Product & Engineering a3b14f8a2a fix: correct webhook signature verification to RSA-PKCS1v15+SHA-256 
GHL's x-wh-signature uses RSA-PKCS1v15 + SHA-256, not Ed25519.
The previous implementation parsed the wrong key type and would reject
all incoming webhooks in production.

Changes:
- webhook.go: switch x-wh-signature verification to RSA-PKCS1v15+SHA-256
- webhook.go: add optional Ed25519 path for X-GHL-Signature (July 2026+)
- config.go: add optional GHL_WEBHOOK_ED25519_KEY for future migration
- main.go: pass ed25519 key to NewWebhookHandler
- webhook_test.go: update test helpers to use RSA keys

Co-Authored-By: SideKx <sidekx.ai@sds.dev>
2026-04-06 17:42:07 +02:00
.claude/tasks
feat: initial implementation of Cast GHL Provider
2026-04-04 17:27:05 +02:00
cmd/server
fix: correct webhook signature verification to RSA-PKCS1v15+SHA-256
2026-04-06 17:42:07 +02:00
deploy
fix: add git pull to deploy.sh so docker-compose.yaml stays in sync
2026-04-06 16:15:27 +02:00
internal
fix: correct webhook signature verification to RSA-PKCS1v15+SHA-256
2026-04-06 17:42:07 +02:00
.env.example
feat: AES-256-GCM encryption for per-location Cast API keys + MongoDB auth
2026-04-06 15:27:38 +02:00
.gitignore
fix: resolve golangci-lint failures and .gitignore scope issue
2026-04-05 21:22:03 +02:00
.golangci.yml
fix: resolve all golangci-lint v2 failures
2026-04-05 21:52:36 +02:00
.trivyignore
fix: remove real location ID from docs, add trivyignore for false positives
2026-04-06 14:16:56 +02:00
.woodpecker.yml
fix: bump Go image to 1.26 to match go.mod requirement
2026-04-05 18:34:21 +02:00
CAST_API_REFERENCE.md
feat: initial implementation of Cast GHL Provider
2026-04-04 17:27:05 +02:00
cast-ghl-provider-plan.md
fix: correct domain from ghl.cast.ph to hl.cast.ph throughout
2026-04-05 14:09:43 +02:00
CLAUDE.md
fix: bump Go image to 1.26 to match go.mod requirement
2026-04-05 18:34:21 +02:00
docker-compose.yaml
feat: AES-256-GCM encryption for per-location Cast API keys + MongoDB auth
2026-04-06 15:27:38 +02:00
Dockerfile
fix: add USER nobody to Dockerfile to pass semgrep security check
2026-04-05 22:49:28 +02:00
FUTURE_DEV.md
fix: remove real location ID from docs, add trivyignore for false positives
2026-04-06 14:16:56 +02:00
GHL_API_REFERENCE.md
fix: correct domain from ghl.cast.ph to hl.cast.ph throughout
2026-04-05 14:09:43 +02:00
go.mod
fix: upgrade golang.org/x/crypto to v0.35.0 (CVE-2025-22869)
2026-04-05 23:20:05 +02:00
go.sum
fix: upgrade golang.org/x/crypto to v0.35.0 (CVE-2025-22869)
2026-04-05 23:20:05 +02:00
README.md
Initial commit
2026-04-04 14:57:29 +00:00

README.md

cast-ghl-plugin

Description
No description provided
Readme 314 KiB
Languages
Go 98.4%
Shell 0.9%
Dockerfile 0.7%