({ request, requestId, providerConfig }: AuthContext)
| 15 | |
| 16 | export const genericHandler: WebhookProviderHandler = { |
| 17 | verifyAuth({ request, requestId, providerConfig }: AuthContext) { |
| 18 | if (providerConfig.requireAuth) { |
| 19 | const configToken = providerConfig.token as string | undefined |
| 20 | if (!configToken) { |
| 21 | return new NextResponse('Unauthorized - Authentication required but no token configured', { |
| 22 | status: 401, |
| 23 | }) |
| 24 | } |
| 25 | |
| 26 | const secretHeaderName = providerConfig.secretHeaderName as string | undefined |
| 27 | if (!verifyTokenAuth(request, configToken, secretHeaderName)) { |
| 28 | return new NextResponse('Unauthorized - Invalid authentication token', { status: 401 }) |
| 29 | } |
| 30 | } |
| 31 | |
| 32 | const allowedIps = providerConfig.allowedIps |
| 33 | if (allowedIps && Array.isArray(allowedIps) && allowedIps.length > 0) { |
| 34 | const clientIp = getClientIp(request) |
| 35 | |
| 36 | if (clientIp === 'unknown' || !allowedIps.includes(clientIp)) { |
| 37 | logger.warn(`[${requestId}] Forbidden webhook access attempt - IP not allowed: ${clientIp}`) |
| 38 | return new NextResponse('Forbidden - IP not allowed', { |
| 39 | status: 403, |
| 40 | }) |
| 41 | } |
| 42 | } |
| 43 | |
| 44 | return null |
| 45 | }, |
| 46 | |
| 47 | enrichHeaders({ body, providerConfig }: EventFilterContext, headers: Record<string, string>) { |
| 48 | const idempotencyField = providerConfig.idempotencyField as string | undefined |
nothing calls this directly
no test coverage detected