diff --git a/apps/web/app/api/db/webhook/route.ts b/apps/web/app/api/db/webhook/route.ts index c5081848f..4e594b240 100644 --- a/apps/web/app/api/db/webhook/route.ts +++ b/apps/web/app/api/db/webhook/route.ts @@ -10,8 +10,19 @@ export const POST = enhanceRouteHandler( const service = getDatabaseWebhookHandlerService(); try { + const signature = request.headers.get('X-Supabase-Event-Signature'); + + if (!signature) { + return new Response('Missing signature', { status: 400 }); + } + + const body = await request.clone().json(); + // handle the webhook event - await service.handleWebhook(request); + await service.handleWebhook({ + body, + signature, + }); // return a successful response return new Response(null, { status: 200 }); diff --git a/packages/database-webhooks/src/server/services/database-webhook-handler.service.ts b/packages/database-webhooks/src/server/services/database-webhook-handler.service.ts index c000cd659..53c759c9d 100644 --- a/packages/database-webhooks/src/server/services/database-webhook-handler.service.ts +++ b/packages/database-webhooks/src/server/services/database-webhook-handler.service.ts @@ -28,13 +28,13 @@ class DatabaseWebhookHandlerService { /** * @name handleWebhook * @description Handle the webhook event - * @param request * @param params */ async handleWebhook( - request: Request, - params?: { - handleEvent( + params: { + body: RecordChange; + signature: string; + handleEvent?
( payload: Table extends keyof Tables ? DatabaseChangePayload
: never, @@ -42,9 +42,7 @@ class DatabaseWebhookHandlerService { }, ) { const logger = await getLogger(); - - const json = await request.clone().json(); - const { table, type } = json as RecordChange; + const { table, type } = params.body; const ctx = { name: this.namespace, @@ -57,7 +55,7 @@ class DatabaseWebhookHandlerService { // check if the signature is valid const verifier = await getDatabaseWebhookVerifier(); - await verifier.verifySignatureOrThrow(request); + await verifier.verifySignatureOrThrow(params.signature); // all good, we can now the webhook @@ -68,11 +66,12 @@ class DatabaseWebhookHandlerService { try { // handle the webhook event based on the table - await service.handleWebhook(json); + await service.handleWebhook(params.body); // if a custom handler is provided, call it if (params?.handleEvent) { - await params.handleEvent(json); + /* eslint-disable-next-line @typescript-eslint/no-explicit-any */ + await params.handleEvent(params.body as any); } logger.info(ctx, 'Webhook processed successfully'); diff --git a/packages/database-webhooks/src/server/services/verifier/database-webhook-verifier.service.ts b/packages/database-webhooks/src/server/services/verifier/database-webhook-verifier.service.ts index 582206209..bc7355c28 100644 --- a/packages/database-webhooks/src/server/services/verifier/database-webhook-verifier.service.ts +++ b/packages/database-webhooks/src/server/services/verifier/database-webhook-verifier.service.ts @@ -1,3 +1,3 @@ export abstract class DatabaseWebhookVerifierService { - abstract verifySignatureOrThrow(request: Request): Promise; + abstract verifySignatureOrThrow(header: string): Promise; } diff --git a/packages/database-webhooks/src/server/services/verifier/postgres-database-webhook-verifier.service.ts b/packages/database-webhooks/src/server/services/verifier/postgres-database-webhook-verifier.service.ts index c0c515a63..ad29a675b 100644 --- a/packages/database-webhooks/src/server/services/verifier/postgres-database-webhook-verifier.service.ts +++ b/packages/database-webhooks/src/server/services/verifier/postgres-database-webhook-verifier.service.ts @@ -17,9 +17,7 @@ export function createDatabaseWebhookVerifierService() { class PostgresDatabaseWebhookVerifierService implements DatabaseWebhookVerifierService { - verifySignatureOrThrow(request: Request) { - const header = request.headers.get('X-Supabase-Event-Signature'); - + verifySignatureOrThrow(header: string) { if (header !== webhooksSecret) { throw new Error('Invalid signature'); }