CAST/cast-ghl-plugin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
cast-ghl-plugin/internal
History
Head of Product & Engineering a3b14f8a2a fix: correct webhook signature verification to RSA-PKCS1v15+SHA-256 
GHL's x-wh-signature uses RSA-PKCS1v15 + SHA-256, not Ed25519.
The previous implementation parsed the wrong key type and would reject
all incoming webhooks in production.

Changes:
- webhook.go: switch x-wh-signature verification to RSA-PKCS1v15+SHA-256
- webhook.go: add optional Ed25519 path for X-GHL-Signature (July 2026+)
- config.go: add optional GHL_WEBHOOK_ED25519_KEY for future migration
- main.go: pass ed25519 key to NewWebhookHandler
- webhook_test.go: update test helpers to use RSA keys

Co-Authored-By: SideKx <sidekx.ai@sds.dev>
2026-04-06 17:42:07 +02:00
..
cast
feat: per-location Cast API key and unified admin config API
2026-04-06 14:08:29 +02:00
config
fix: correct webhook signature verification to RSA-PKCS1v15+SHA-256
2026-04-06 17:42:07 +02:00
crypto
feat: AES-256-GCM encryption for per-location Cast API keys + MongoDB auth
2026-04-06 15:27:38 +02:00
ghl
fix: correct webhook signature verification to RSA-PKCS1v15+SHA-256
2026-04-06 17:42:07 +02:00
phone
fix: address remaining golangci-lint warnings
2026-04-05 21:33:03 +02:00
store
feat: AES-256-GCM encryption for per-location Cast API keys + MongoDB auth
2026-04-06 15:27:38 +02:00