Skip to content

refactor(destwebhook)!: whsec_ prefix + eliminate hidden defaults#808

Merged
alexluong merged 3 commits intomainfrom
chore/update-signing-secret-default
Apr 8, 2026
Merged

refactor(destwebhook)!: whsec_ prefix + eliminate hidden defaults#808
alexluong merged 3 commits intomainfrom
chore/update-signing-secret-default

Conversation

@alexluong
Copy link
Copy Markdown
Collaborator

@alexluong alexluong commented Apr 7, 2026
edited
Loading

Summary

  • Default signing secret template changed from {{.RandomHex}} to whsec_{{.RandomHex}}
  • Default signature templates simplified — timestamp removed from content and header:
    • Content: {{.Body}} (was {{.Timestamp.Unix}}.{{.Body}})
    • Header: v0={{.Signatures | join ","}} (was t={{.Timestamp.Unix}},v0={{.Signatures | join ","}})
  • Config owns all defaults — no hidden internal defaults anywhere:
    • destwebhook.New() validates all required fields, rejects empty strings
    • destwebhookstandard.New() no longer defaults headerPrefix to "webhook-" — config must provide it
    • NewSignatureFormatter / NewHeaderFormatter panic on empty template strings
    • NewSignatureManager requires explicit WithSignatureFormatter and WithHeaderFormatter
  • WithHeaderPrefix changed from *string to string (both providers)
  • Test helpers NewTestProvider(t) / newTestProvider(t) centralize provider construction
  • Mock server updated for new signature header format

BREAKING CHANGE: New webhook destinations generate secrets with whsec_ prefix. Signature header format changes from t=<ts>,v0=<sig> to v0=<sig>. Existing destinations are unaffected. Set DESTINATIONS_WEBHOOK_SIGNING_SECRET_TEMPLATE, DESTINATIONS_WEBHOOK_SIGNATURE_CONTENT_TEMPLATE, and DESTINATIONS_WEBHOOK_SIGNATURE_HEADER_TEMPLATE to preserve previous behavior.

Test plan

  • All destwebhook tests pass
  • All destwebhookstandard tests pass
  • All config tests pass
  • Build succeeds with no compilation errors
  • Integration test with mock server verifies new signature format
  • Verify existing destinations with old secrets still work

🤖 Generated with Claude Code

@vercel
Copy link
Copy Markdown

vercel bot commented Apr 7, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
outpost-docs Ready Ready Preview, Comment Apr 7, 2026 5:21pm
outpost-website Ready Ready Preview, Comment Apr 7, 2026 5:21pm

Request Review

alexluong and others added 2 commits April 7, 2026 23:10
@alexluong
chore(destwebhook)!: change default signing secret template to whsec_…
10f3aad 
… prefix

Change default signing secret template from '{{.RandomHex}}' to
'whsec_{{.RandomHex}}' for better DX and consistency with Stripe-style secrets.

BREAKING CHANGE: New webhook destinations will generate secrets with
'whsec_' prefix by default. Existing secrets are unaffected.
Users can set DESTINATIONS_WEBHOOK_SIGNING_SECRET_TEMPLATE='{{.RandomHex}}'
to preserve previous behavior.
@alexluong @claude
refactor(destwebhook)!: eliminate hidden defaults, require explicit c…
c0fb7ec 
…onfig

- Remove internal fallback defaults from SignatureFormatter and
  HeaderFormatter — they now panic on empty template strings
- NewSignatureManager requires explicit WithSignatureFormatter and
  WithHeaderFormatter options
- Remove timestamp from default signature content/header templates:
  content: "{{.Body}}", header: "v0={{.Signatures | join \",\"}}"
- Fix all test files: use NewTestProvider helper, fix s.T() vs t,
  fix single-return-value call sites, fix *string→string for
  WithHeaderPrefix
- Update destinationmockserver to match new signature format
- Add test helper defaultSignatureManagerOpts() for signature_test.go
- Add panic tests for empty/invalid formatter construction

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@alexluong alexluong force-pushed the chore/update-signing-secret-default branch from c5774f0 to c0fb7ec Compare April 7, 2026 16:59
@alexluong alexluong changed the title chore(destwebhook)!: change default signing secret template to whsec_ prefix refactor(destwebhook)!: whsec_ prefix + eliminate hidden defaults Apr 7, 2026
@alexluong @claude
refactor(destwebhookstandard)!: remove hidden headerPrefix default
b0cde05 
Remove hardcoded "webhook-" default from New() — config must provide
it explicitly via WithHeaderPrefix. Mirrors the same principle applied
to destwebhook: no hidden internal defaults.

Add newTestProvider(t) helper for destwebhookstandard tests to provide
the "webhook-" prefix centrally. Convert all bare New() calls in test
suites to use the helper.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@alexluong alexluong merged commit 5936367 into main Apr 8, 2026
5 checks passed
@alexluong alexluong deleted the chore/update-signing-secret-default branch April 8, 2026 08:38
@alexluong alexluong mentioned this pull request Apr 8, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alexbouchardd alexbouchardd alexbouchardd approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alexluong @alexbouchardd