Skip to content

fix: require Sendblue webhook secret#2

Open
danielz1z wants to merge 1 commit into
pontusab:mainfrom
danielz1z:fix/require-sendblue-webhook-secret
Open

fix: require Sendblue webhook secret#2
danielz1z wants to merge 1 commit into
pontusab:mainfrom
danielz1z:fix/require-sendblue-webhook-secret

Conversation

@danielz1z
Copy link
Copy Markdown

@danielz1z danielz1z commented Jun 1, 2026

Summary

  • require incoming Sendblue webhooks to include the configured signing secret
  • accept Sendblue's documented sb-signing-secret header
  • add parser regression coverage for missing, invalid, and valid signing secrets

Test Plan

  • npm exec --yes bun@1.3.12 -- test apps/api/src/__tests__/sendblue.test.ts
  • npm exec --yes bun@1.3.12 -- run test
  • npm exec --yes bun@1.3.12 -- run lint
  • npm exec --yes bun@1.3.12 -- run typecheck
  • ./node_modules/.bin/turbo build --filter=@caltext/api

@vercel
Copy link
Copy Markdown

vercel Bot commented Jun 1, 2026

@danielz1z is attempting to deploy a commit to the Midday Labs AB Team on Vercel.

A member of the Team first needs to authorize it.

@danielz1z
Copy link
Copy Markdown
Author

danielz1z commented Jun 1, 2026

Thanks for the project. I kept this PR narrow: it only aligns the incoming webhook parser with Sendblue's documented signing-secret header and rejects unsigned webhook requests.\n\nI verified locally with Bun 1.3.12: test, lint, typecheck, and the filtered API build all pass. GitHub Actions is currently waiting for maintainer approval on the forked PR, and the Vercel preview checks show authorization required.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@danielz1z