({ request, rawBody, requestId, providerConfig })
| 199 | |
| 200 | export const whatsappHandler: WebhookProviderHandler = { |
| 201 | verifyAuth({ request, rawBody, requestId, providerConfig }) { |
| 202 | const appSecret = providerConfig.appSecret as string | undefined |
| 203 | if (!appSecret) { |
| 204 | logger.warn( |
| 205 | `[${requestId}] WhatsApp webhook missing appSecret in providerConfig — rejecting request` |
| 206 | ) |
| 207 | return new NextResponse('Unauthorized - WhatsApp app secret not configured', { status: 401 }) |
| 208 | } |
| 209 | |
| 210 | const signature = request.headers.get('x-hub-signature-256') |
| 211 | if (!signature) { |
| 212 | logger.warn(`[${requestId}] WhatsApp webhook missing signature header`) |
| 213 | return new NextResponse('Unauthorized - Missing WhatsApp signature', { status: 401 }) |
| 214 | } |
| 215 | |
| 216 | if (!validateWhatsAppSignature(appSecret, signature, rawBody)) { |
| 217 | logger.warn(`[${requestId}] WhatsApp signature verification failed`) |
| 218 | return new NextResponse('Unauthorized - Invalid WhatsApp signature', { status: 401 }) |
| 219 | } |
| 220 | |
| 221 | return null |
| 222 | }, |
| 223 | |
| 224 | async handleChallenge(_body: unknown, request: NextRequest, requestId: string, path: string) { |
| 225 | const url = new URL(request.url) |
nothing calls this directly
no test coverage detected