Files
OmniRoute/src/app/api/webhooks/route.ts
T
diegosouzapw 9248ab4dfd fix(ci): route validation, CodeQL alerts, Docker workflow
- Add Zod schemas + validateBody() to 5 routes missing validation:
  model-combo-mappings (POST, PUT), webhooks (POST, PUT), openapi/try (POST)
- Fix 6 polynomial-redos CodeQL alerts in provider.ts and chatCore.ts
  by replacing (?:^|/) alternation patterns with segment-based matching
- Fix insecure-randomness in acp/manager.ts (crypto.randomUUID)
- Fix shell-command-injection in prepublish.mjs (JSON.stringify)
- Upgrade docker/setup-buildx-action from v3 to v4 (Node.js 20 deprecation)

CI check:route-validation:t06 PASS (176/176 routes validated)
Tests: 926/926 pass
2026-03-24 16:08:02 -03:00

60 lines
1.6 KiB
TypeScript

/**
* API: Webhooks
* GET — List all webhooks
* POST — Create a new webhook
*/
import { z } from "zod";
import { NextResponse } from "next/server";
import { getWebhooks, createWebhook } from "@/lib/localDb";
import { validateBody, isValidationFailure } from "@/shared/validation/helpers";
const createWebhookSchema = z.object({
url: z.string().url("Invalid URL format").max(2000),
events: z.array(z.string()).optional().default(["*"]),
secret: z.string().max(500).optional(),
description: z.string().max(1000).optional().default(""),
});
export async function GET() {
try {
const webhooks = getWebhooks();
// Mask secrets in listing
const masked = webhooks.map((w) => ({
...w,
secret: w.secret ? `${w.secret.slice(0, 10)}...` : null,
}));
return NextResponse.json({ webhooks: masked });
} catch (error: any) {
return NextResponse.json(
{ error: error.message || "Failed to list webhooks" },
{ status: 500 }
);
}
}
export async function POST(request: Request) {
try {
const rawBody = await request.json();
const validation = validateBody(createWebhookSchema, rawBody);
if (isValidationFailure(validation)) {
return NextResponse.json({ error: validation.error }, { status: 400 });
}
const { data } = validation;
const webhook = createWebhook({
url: data.url,
events: data.events,
secret: data.secret,
description: data.description,
});
return NextResponse.json({ webhook }, { status: 201 });
} catch (error: any) {
return NextResponse.json(
{ error: error.message || "Failed to create webhook" },
{ status: 500 }
);
}
}