feat(backend): add webhook delivery system for card view events#187
feat(backend): add webhook delivery system for card view events#187Dipti45sktech wants to merge 3 commits into
Conversation
|
Hi @ShantKhatri, could you please review my PR? |
Harxhit
added
gssoc:approved
Could you please add the test proofs in the PR description as well? Since this PR involves schema changes, I have marked it as |
|
Error handling around the business logic can be improved here. |
|
Hi @ShantKhatri , I've corrected all the issues mentioned by @Harxhit . I'm also adding the test proofs here for review. |
- Add updatedAt, errorMessage, deliveredAt fields to WebhookDelivery - Add indexes on endpointId and status+nextRetryAt for query performance - Add Fastify request schema to POST and GET webhook routes - Wrap count check and create in to prevent race conditions - Add limit to GET /api/webhooks findMany query - Fix mock in webhook tests - All 25 tests passing
CC: @Harxhit |
|
@Dipti45sktech Please fix merge conflicts and please add tests results for apps/backend/src/tests/webhooks.test.ts this file. |
Sure sorry for the wait I had my exams going , I will fix the merge conflicts and add test cases asap |
CI Results — ❌ Some checks failed🖥️ Backend (❌ failure)
📱 Mobile (⏭️ skipped)
🌐 Web (⏭️ skipped)
🕐 Last updated: |
Resolve conflicts in schema.prisma, app.ts, and public.ts: - Keep both webhook and team relations on User - Restore EventAttendee relations (were wrongly folded into WebhookDelivery) - Add missing WebhookEndpoint model referenced by webhook routes/dispatch - Relocate card.viewed webhook dispatch into publicService after main's refactor - Combine team + webhook route registrations and imports
Greetings @Harxhit I have fixed the merge conflicts could you please have a review again . |
I have given you inline suggestions please make changes. |
|
Hi @Harxhit I'm closing this PR due to failing test issues. I'll be opening a new PR for this.. Thank you. |
3 participants
Summary
Implements the webhook delivery system described in issue #40. Users can register external URLs to receive signed POST requests whenever their card or profile is viewed. The system handles payload signing with HMAC-SHA256, retries failed deliveries with exponential backoff, and logs every attempt for observability.
The
contact.savedevent is wired into the schema and validation but isn't dispatched yet since the contact-save feature doesn't exist in the codebase - left a TODO for when that gets built.Closes #40
What Changed
prisma/schema.prisma- AddedWebhookEndpointandWebhookDeliverymodels with a relation back toUser. Endpoints store an encrypted secret and a list of subscribed event types. Deliveries track status, response codes, attempt counts, and retry scheduling.src/utils/webhookDispatch.ts(new) - Core dispatch logic.dispatchWebhook()finds matching endpoints for a user+event, creates delivery records, then fires off async HTTP POSTs. Each request is signed withX-DevCard-Signature: sha256=<hex>using HMAC-SHA256. Failed deliveries retry up to 3 times at 30s, 5min, and 30min intervals.src/routes/webhooks.ts(new) - CRUD routes for managing webhook endpoints: register (max 5 per user), list, delete, view delivery logs (paginated), and rotate secret. Secrets are auto-generated, encrypted at rest, and only shown in plaintext once at creation/rotation.src/app.ts- Registered the new webhook routes at/api/webhooks.src/routes/public.ts- HookeddispatchWebhook()into the two card/profile view handlers socard.viewedevents fire after view tracking.src/__tests__/webhooks.test.ts(new) - 17 tests covering endpoint registration, max limit enforcement, validation, listing, deletion, delivery logs pagination, secret rotation, HMAC signature correctness, and delivery success/failure/timeout scenarios.How to Test
pnpm installfrom the repo rootpnpm testfromapps/backend- all 25 tests should pass (17 new + 8 existing)npx prisma migrate devfromapps/backend(requires a running Postgres instance)POST /api/webhookswith{ "url": "https://your-endpoint.com", "events": ["card.viewed"] }(needs auth token)GET /api/u/:username- your endpoint should receive a signed POSTAdditional Context
tscbuild has errors but they're all pre-existing across the codebase (e.g.app.authenticatetype augmentation missing from every route file, implicitanyparams incards.ts,follow.ts, etc.). My new files only carry the sameauthenticatepattern -webhookDispatch.tscompiles clean.setTimeoutfor now. For production at scale, this should probably move to a proper job queue (e.g. BullMQ backed by the existing Redis instance), but that felt out of scope for this PR.contact.savedevent type is accepted in endpoint registration and validation, but nothing dispatches it yet since there's no contact-save feature. Added a TODO comment inpublic.tsso it's easy to wire up later.encryption.ts- no new crypto dependencies.