Add authorization header in webhooks stored in secrets table (#941)

Summary: Adding authorization header support for webhooks. Issue: https://github.com/gristlabs/grist-core/issues/827 --------- Co-authored-by: Florent <florent.git@zeteo.me>
2026-03-02 04:09:24 +00:00 · 2024-07-04 14:17:10 +02:00
parent 2750ed6bd9
commit 0bfdaa9c02
9 changed files with 91 additions and 21 deletions
--- a/app/gen-server/lib/HomeDBManager.ts
+++ b/app/gen-server/lib/HomeDBManager.ts
@@ -1608,7 +1608,7 @@ export class HomeDBManager extends EventEmitter {
      .where("id = :id AND doc_id = :docId", {id, docId})
      .execute();
    if (res.affected !== 1) {
-      throw new ApiError('secret with given id not found', 404);
+      throw new ApiError('secret with given id not found or nothing was updated', 404);
    }
  }

@@ -1623,14 +1623,32 @@ export class HomeDBManager extends EventEmitter {

  // Update the webhook url in the webhook's corresponding secret (note: the webhook identifier is
  // its secret identifier).
-  public async updateWebhookUrl(id: string, docId: string, url: string, outerManager?: EntityManager) {
+  public async updateWebhookUrlAndAuth(
+    props: {
+      id: string,
+      docId: string,
+      url: string | undefined,
+      auth: string | undefined,
+      outerManager?: EntityManager}
+    ) {
+    const {id, docId, url, auth, outerManager} = props;
    return await this._runInTransaction(outerManager, async manager => {
+      if (url === undefined && auth === undefined) {
+        throw new ApiError('None of the Webhook url and auth are defined', 404);
+      }
      const value = await this.getSecret(id, docId, manager);
      if (!value) {
        throw new ApiError('Webhook with given id not found', 404);
      }
      const webhookSecret = JSON.parse(value);
-      webhookSecret.url = url;
+      // As we want to patch the webhookSecret object, only set the url and the authorization when they are defined.
+      // When the user wants to empty the value, we are expected to receive empty strings.
+      if (url !== undefined) {
+        webhookSecret.url = url;
+      }
+      if (auth !== undefined) {
+        webhookSecret.authorization = auth;
+      }
      await this.updateSecret(id, docId, JSON.stringify(webhookSecret), manager);
    });
  }