Refactor Taiga actions to utilize parseObject utility

- Added parseObject utility for tags, watchers, and points in update-issue, update-task, and update-userstory actions.
- Removed the update-project action as it is no longer needed.
- Enhanced base source to include secret key validation for webhook security.

Author: luancazarine

components/taiga/actions/update-issue/update-issue.mjs

@@ -1,4 +1,6 @@
-import { cleanObj } from "../../common/utils.mjs";
+import {
+  cleanObj, parseObject,
+} from "../../common/utils.mjs";
 import taiga from "../../taiga.app.mjs";
 
 export default {
@@ -151,11 +153,11 @@ export default {
         status: this.status,
         type: this.type,
         assigned_to: this.assignedTo,
-        tags: this.tags,
+        tags: parseObject(this.tags),
         blocked_note: this.blockedNote,
         is_blocked: this.isBlocked,
         milestone: this.milestone,
-        watchers: this.watchers,
+        watchers: parseObject(this.watchers),
         project: this.projectId,
       }),
     });

components/taiga/actions/update-project/update-project.mjs

@@ -1,4 +1,6 @@
-import { cleanObj } from "../../common/utils.mjs";
+import {
+  cleanObj, parseObject,
+} from "../../common/utils.mjs";
 import taiga from "../../taiga.app.mjs";
 
 export default {
@@ -140,8 +142,8 @@ export default {
         status: this.status,
         assigned_to: this.assignedTo,
         user_story: this.userStoryId,
-        tags: this.tags,
-        watchers: this.watchers,
+        tags: parseObject(this.tags),
+        watchers: parseObject(this.watchers),
         is_blocked: this.isBlocked,
         milestone: this.milestone,
         us_order: this.usOrder,

components/taiga/actions/update-task/update-task.mjs

@@ -1,4 +1,6 @@
-import { cleanObj } from "../../common/utils.mjs";
+import {
+  cleanObj, parseObject,
+} from "../../common/utils.mjs";
 import taiga from "../../taiga.app.mjs";
 
 export default {
@@ -156,14 +158,14 @@ export default {
         description: this.description,
         status: this.status,
         assigned_to: this.assignedTo,
-        tags: this.tags,
+        tags: parseObject(this.tags),
         backlog_order: this.backlogOrder,
         client_requirement: this.clientRequirement,
         is_blocked: this.isBlocked,
         milestone: this.milestone,
-        points: this.points,
+        points: parseObject(this.points),
         team_requirement: this.teamRequirement,
-        watchers: this.watchers,
+        watchers: parseObject(this.watchers),
       }),
     });
 

components/taiga/actions/update-userstory/update-userstory.mjs

@@ -5,7 +5,7 @@ export default {
   ...common,
   key: "taiga-changed-issue-instant",
   name: "Changed Issue (Instant)",
-  description: "Emit new event when a issue is updated in the selected project. [See the documentation](https://docs.taiga.io/api.html#webhooks-create)",
+  description: "Emit new event when an issue is updated in the selected project. [See the documentation](https://docs.taiga.io/api.html#webhooks-create)",
   version: "0.0.1",
   type: "source",
   dedupe: "unique",

components/taiga/sources/changed-issue-instant/changed-issue-instant.mjs

@@ -5,7 +5,7 @@ export default {
   ...common,
   key: "taiga-changed-issue-status-instant",
   name: "Changed Issue Status (Instant)",
-  description: "Emit new event when a issue status is changed in the selected project. [See the documentation](https://docs.taiga.io/api.html#webhooks-create)",
+  description: "Emit new event when an issue status is changed in the selected project. [See the documentation](https://docs.taiga.io/api.html#webhooks-create)",
   version: "0.0.1",
   type: "source",
   dedupe: "unique",

components/taiga/sources/changed-issue-status-instant/changed-issue-status-instant.mjs

@@ -5,7 +5,10 @@ export default {
   props: {
     taiga,
     db: "$.service.db",
-    http: "$.interface.http",
+    http: {
+      type: "$.interface.http",
+      customResponse: true,
+    },
     projectId: {
       propDefinition: [
         taiga,
@@ -25,26 +28,50 @@ export default {
     _getWebhookId() {
       return this.db.get("webhookId");
     },
+    _getSecretKey() {
+      return this.db.get("secretKey");
+    },
+    _setSecretKey(secretKey) {
+      this.db.set("secretKey", secretKey);
+    },
+    validateSecretKey(headers, bodyRaw) {
+      const secretKey = this._getSecretKey();
+      const signature = headers["x-taiga-webhook-signature"];
+      const hmac = crypto.createHmac("sha1", secretKey);
+      hmac.update(bodyRaw);
+      const signedMessage = hmac.digest("hex");
+
+      if (signature !== signedMessage) {
+        return this.http.respond({
+          status: 401,
+        });
+      }
+    },
   },
   hooks: {
     async activate() {
+      const secretKey = crypto.randomUUID();
       const response = await this.taiga.createHook({
         data: {
-          key: crypto.randomUUID(),
+          key: secretKey,
           name: this.name,
           url: this.http.endpoint,
           project: this.projectId,
         },
       });
       this._setWebhookId(response.id);
+      this._setSecretKey(secretKey);
     },
     async deactivate() {
       const webhookId = this._getWebhookId();
       await this.taiga.deleteHook(webhookId);
     },
   },
-  async run({ body }) {
+  async run({
+    body, headers, bodyRaw,
+  }) {
     if (!this.filterEvent(body)) return;
+    this.validateSecretKey(headers, bodyRaw);
 
     const ts = body.created || Date.now();
     this.$emit(body, {