CAST/cast-ghl-plugin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
25 Commits 1 Branch 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Head of Product & Engineering ffb27acc11
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
fix: use Ed25519 for webhook signature verification (x-wh-signature) 
GHL signs x-wh-signature webhooks with an Ed25519 key from the
Marketplace app settings, not RSA. The previous RSA implementation
caused all webhook signature checks to fail, blocking every outbound
SMS send.

Changes:
- Replace parseRSAPublicKey + RSA verification with parseEd25519PublicKey
  + ed25519.Verify for x-wh-signature
- Both x-wh-signature (current) and X-GHL-Signature (July 2026) now
  use the same Ed25519 key from GHL_WEBHOOK_PUBLIC_KEY
- Remove unused crypto/rsa, crypto/sha256, crypto imports
- Update webhook_test.go to generate/sign with Ed25519 instead of RSA

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-06 08:47:56 +02:00
.claude/tasks
feat: initial implementation of Cast GHL Provider
2026-04-04 17:27:05 +02:00
cmd/server
fix: resolve gosec findings G112 and G602
2026-04-05 23:03:47 +02:00
deploy
fix: add container log output to deploy.sh for crash diagnostics
2026-04-05 23:39:30 +02:00
internal
fix: use Ed25519 for webhook signature verification (x-wh-signature)
2026-04-06 08:47:56 +02:00
.env.example
fix: correct MONGO_URI to use Docker service hostname
2026-04-05 18:48:29 +02:00
.gitignore
fix: resolve golangci-lint failures and .gitignore scope issue
2026-04-05 21:22:03 +02:00
.golangci.yml
fix: resolve all golangci-lint v2 failures
2026-04-05 21:52:36 +02:00
.woodpecker.yml
fix: bump Go image to 1.26 to match go.mod requirement
2026-04-05 18:34:21 +02:00
CAST_API_REFERENCE.md
feat: initial implementation of Cast GHL Provider
2026-04-04 17:27:05 +02:00
cast-ghl-provider-plan.md
fix: correct domain from ghl.cast.ph to hl.cast.ph throughout
2026-04-05 14:09:43 +02:00
CLAUDE.md
fix: bump Go image to 1.26 to match go.mod requirement
2026-04-05 18:34:21 +02:00
docker-compose.yaml
feat: add production deployment artifacts for ghl.cast.ph (Vultr)
2026-04-05 14:12:27 +02:00
Dockerfile
fix: add USER nobody to Dockerfile to pass semgrep security check
2026-04-05 22:49:28 +02:00
GHL_API_REFERENCE.md
fix: correct domain from ghl.cast.ph to hl.cast.ph throughout
2026-04-05 14:09:43 +02:00
go.mod
fix: upgrade golang.org/x/crypto to v0.35.0 (CVE-2025-22869)
2026-04-05 23:20:05 +02:00
go.sum
fix: upgrade golang.org/x/crypto to v0.35.0 (CVE-2025-22869)
2026-04-05 23:20:05 +02:00
README.md
Initial commit
2026-04-04 14:57:29 +00:00

README.md

cast-ghl-plugin

Description
No description provided
Readme 314 KiB
Languages
Go 98.4%
Shell 0.9%
Dockerfile 0.7%