senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/veza-backend-api/internal/models/webhook.go
senke 3cfefaa24c [BE-SEC-012] be-sec: Implement API key authentication for webhooks 
- Added APIKey field to Webhook model with unique index
- Implemented GenerateAPIKey() method using crypto/rand for secure key generation
- Implemented ValidateAPIKey() method to authenticate webhook requests
- Implemented RegenerateAPIKey() method to rotate API keys
- Created WebhookAPIKeyMiddleware for validating API keys in requests
- Middleware supports X-API-Key header and Authorization: Bearer format
- Added endpoint POST /api/v1/webhooks/:id/regenerate-key
- API keys are prefixed with 'whk_' for identification
- Comprehensive unit tests for all API key functionality
- Inactive webhooks cannot authenticate with their API keys

Phase: PHASE-4
Priority: P2
Progress: 119/267 (44.57%)
2025-12-24 18:03:52 +01:00

48 lines
1.6 KiB
Go
Raw Blame History

package models
import (
"time"
"github.com/google/uuid"
"github.com/lib/pq"
"gorm.io/gorm"
)
// Webhook représente une configuration de webhook
type Webhook struct {
ID uuid.UUID `gorm:"type:uuid;primaryKey" json:"id"`
UserID uuid.UUID `gorm:"type:uuid;not null;index" json:"user_id"`
URL string `gorm:"not null" json:"url"`
Events pq.StringArray `gorm:"type:text[]" json:"events"`
Active bool `gorm:"default:true" json:"active"`
Secret string `gorm:"not null" json:"secret,omitempty"` // Ne pas exposer dans l'API
APIKey string `gorm:"type:varchar(64);uniqueIndex" json:"api_key,omitempty"` // BE-SEC-012: API key for webhook authentication
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
}
// BeforeCreate hook GORM pour générer UUID si non défini
func (w *Webhook) BeforeCreate(tx *gorm.DB) error {
if w.ID == uuid.Nil {
w.ID = uuid.New()
}
return nil
}
// WebhookFailure représente un échec de livraison de webhook
type WebhookFailure struct {
ID uuid.UUID `gorm:"type:uuid;primaryKey"`
WebhookID uuid.UUID `gorm:"type:uuid;not null;index" json:"webhook_id"`
Event string `gorm:"not null" json:"event"`
Error string `gorm:"not null" json:"error"`
Retries int `gorm:"default:0" json:"retries"`
CreatedAt time.Time `gorm:"not null" json:"created_at"`
}
// BeforeCreate hook GORM pour générer UUID si non défini
func (wf *WebhookFailure) BeforeCreate(tx *gorm.DB) error {
if wf.ID == uuid.Nil {
wf.ID = uuid.New()
}
return nil
}
Reference in a new issue View git blame Copy permalink