feat(plugin/webhook) [STORY-3598] Implement webhook plugin with custom headers#339
Merged
Merged
Conversation
…m headers Headers are encrypted in storage backend
leo-scalingo
force-pushed
the
feat/STORY-3598/link-plugin-webhook
branch
from
b59f96a to
bd05729
Compare
…uly, make election id configurable
leo-scalingo
force-pushed
the
feat/STORY-3598/link-plugin-webhook
branch
from
bd05729 to
e673fbd
Compare
leo-scalingo
force-pushed
the
feat/STORY-3598/link-plugin-webhook
branch
from
5ff46e2 to
589becd
Compare
leo-scalingo
force-pushed
the
feat/STORY-3598/link-plugin-webhook
branch
from
589becd to
40bf7e0
Compare
…secret without reading the body
leo-scalingo
force-pushed
the
feat/STORY-3598/link-plugin-webhook
branch
from
c03c661 to
8c5f4b7
Compare
|
|
||
| expectedSignature := cryptoutils.HMAC256([]byte(secret), []byte(timestamp+"."+string(body))) | ||
|
|
||
| return subtle.ConstantTimeCompare(signatureBytes, expectedSignature) == 1, payload, nil |
Contributor
There was a problem hiding this comment.
I'm wondering if we shouldn't just send an error if the signature is invalid here.
The issue is that I think that ignoring the boolean could be an error easily missed when using this method. But ignoring an error is always caught by reviewer and static analyzers.
Maybe the method name would ParseAndValidateWebhook.
Member
Author
There was a problem hiding this comment.
Hmm I actually agree that the API would be cleaner
john-scalingo
approved these changes
Apr 24, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Headers are encrypted in storage backend