a2826a3da7
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
GHL uses RSA + SHA-256 for x-wh-signature, not ECDSA P-256 as documented in the original task files. Also adds forward-compatible Ed25519 support for X-GHL-Signature (GHL migration scheduled July 2026): handler checks X-GHL-Signature first, falls back to x-wh-signature. - webhook.go: replace ecdsa.VerifyASN1 with rsa.VerifyPKCS1v15; add verifyEd25519 + verifyIncomingSignature dispatch; update struct fields - webhook_test.go: regenerate test keys as RSA-2048, sign with PKCS1v15 - CLAUDE.md: correct crypto stack and key implementation notes - .env.example: clarify GHL_WEBHOOK_PUBLIC_KEY is a static RSA key from docs Co-Authored-By: SideKx <sidekx.ai@sds.dev>
21 lines
388 B
Plaintext
21 lines
388 B
Plaintext
PORT=3002
|
|
BASE_URL=https://ghl.cast.ph
|
|
|
|
# GHL OAuth
|
|
GHL_CLIENT_ID=
|
|
GHL_CLIENT_SECRET=
|
|
# RSA public key from GHL docs (static, not per-app). Paste the full PEM block.
|
|
GHL_WEBHOOK_PUBLIC_KEY=
|
|
GHL_CONVERSATION_PROVIDER_ID=
|
|
|
|
# Cast.ph
|
|
CAST_API_KEY=
|
|
CAST_API_URL=https://api.cast.ph
|
|
CAST_SENDER_ID=
|
|
|
|
# MongoDB
|
|
MONGO_URI=mongodb://localhost:27017/cast-ghl
|
|
|
|
# Inbound (Phase 2)
|
|
INBOUND_API_KEY=
|