Skip to content

Commit d1a28ea

Browse files
DavidsonGomesDavidsonGomes
authored
Merge pull request #1318 from victoreduardo/victoreduardos/jwt-webhook
Tornando Webhook mais seguro com JWT token
2 parents d2f1985 + 95827a2 commit d1a28ea

File tree

3 files changed

+121
-1
lines changed

3 files changed

+121
-1
lines changed

package-lock.json

Lines changed: 89 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -75,6 +75,7 @@
7575
"jimp": "^0.16.13",
7676
"json-schema": "^0.4.0",
7777
"jsonschema": "^1.4.1",
78+
"jsonwebtoken": "^9.0.2",
7879
"link-preview-js": "^3.0.13",
7980
"long": "^5.2.3",
8081
"mediainfo.js": "^0.3.4",

src/api/integrations/event/webhook/webhook.controller.ts

Lines changed: 31 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ import { configService, Log, Webhook } from '@config/env.config';
66
import { Logger } from '@config/logger.config';
77
import { BadRequestException } from '@exceptions';
88
import axios, { AxiosInstance } from 'axios';
9+
import * as jwt from 'jsonwebtoken';
910

1011
import { EmitData, EventController, EventControllerInterface } from '../event.controller';
1112

@@ -73,7 +74,16 @@ export class WebhookController extends EventController implements EventControlle
7374

7475
const webhookConfig = configService.get<Webhook>('WEBHOOK');
7576
const webhookLocal = instance?.events;
76-
const webhookHeaders = instance?.headers;
77+
const webhookHeaders = { ...((instance?.headers as Record<string, string>) || {}) };
78+
79+
if (webhookHeaders && 'jwt_key' in webhookHeaders) {
80+
const jwtKey = webhookHeaders['jwt_key'];
81+
const jwtToken = this.generateJwtToken(jwtKey);
82+
webhookHeaders['Authorization'] = `Bearer ${jwtToken}`;
83+
84+
delete webhookHeaders['jwt_key'];
85+
}
86+
7787
const we = event.replace(/[.-]/gm, '_').toUpperCase();
7888
const transformedWe = we.replace(/_/gm, '-').toLowerCase();
7989
const enabledLog = configService.get<Log>('LOG').LEVEL.includes('WEBHOOKS');
@@ -230,4 +240,24 @@ export class WebhookController extends EventController implements EventControlle
230240
}
231241
}
232242
}
243+
244+
private generateJwtToken(authToken: string): string {
245+
try {
246+
const payload = {
247+
iat: Math.floor(Date.now() / 1000),
248+
exp: Math.floor(Date.now() / 1000) + 600, // 10 min expiration
249+
app: 'evolution',
250+
action: 'webhook',
251+
};
252+
253+
const token = jwt.sign(payload, authToken, { algorithm: 'HS256' });
254+
return token;
255+
} catch (error) {
256+
this.logger.error({
257+
local: 'WebhookController.generateJwtToken',
258+
message: `JWT generation failed: ${error?.message}`,
259+
});
260+
throw error;
261+
}
262+
}
233263
}

0 commit comments

Comments
 (0)