feat: Add Status Change Source#20156
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub. 1 Skipped Deployment
|
dannyroosevelt
moved this to Ready for PR Review
in Component (Source and Action) Backlog
|
Thank you so much for submitting this! We've added it to our backlog to review, and our team has been notified. |
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
WalkthroughBumps package version to 0.5.0 and adds a FraudLabs Pro "status_changed" webhook source that subscribes/unsubscribes hooks, stores hookId in DB, handles incoming POSTs, emits deduplicated events, and responds 200. Changes
Sequence Diagram(s)sequenceDiagram
participant Source as FraudLabs Pro Source
participant API as FraudLabs Pro API
participant DB as Database
participant Sender as FraudLabs Pro Service
rect rgba(100, 200, 100, 0.5)
Note over Source,DB: Activation
Source->>DB: check hookId
DB-->>Source: null / hookId
alt no hookId
Source->>API: POST /subscribe (endpoint, description, api_key)
API-->>Source: { hookId }
Source->>DB: store hookId
end
end
rect rgba(100, 150, 200, 0.5)
Note over Sender,Source: Event delivery
Sender->>Source: POST /<endpoint> status_changed payload
Source->>Source: validate & emit (dedupe by order_id)
Source-->>Sender: 200 OK { success: true }
end
rect rgba(200, 100, 100, 0.5)
Note over Source,DB: Deactivation
Source->>DB: retrieve hookId
DB-->>Source: hookId
Source->>API: GET /unsubscribe (hookId, api_key)
API-->>Source: success
Source->>DB: clear hookId
end
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes 🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Tip Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs). Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 5
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@components/fraudlabs_pro/package.json`:
- Line 3: The package.json version was bumped to "0.5.0" but there is no
CHANGELOG entry; add or update CHANGELOG.md with a new release section for 0.5.0
describing the changes included in this PR and the release date, and commit that
file alongside the package.json change so the version bump in package.json and
the CHANGELOG entry are merged together.
In `@components/fraudlabs_pro/sources/status_changed/status_change.mjs`:
- Around line 9-16: Add a user-configurable status prop and filter emitted
webhook events against it: extend the existing props object (the "props" symbol
near fraudlabsProApp and db) to include a status or statuses prop (string or
array) that users can set, then update the webhook handler that currently emits
every event (the HTTP handler / webhook processor in this module) to check the
incoming event's status field and only emit/forward the event when it matches
the configured status(s). Apply the same props+filter change to the duplicate
block referenced around lines 69-79 so both handlers use the user-configured
status filter.
- Around line 61-67: The code currently clears this.db.set("hookId", null)
unconditionally after calling fetch (in the unsubscribe flow), which can orphan
an active webhook if the remote unsubscribe failed; update the unsubscribe logic
(the async method containing the fetch call) to only clear this.db.set("hookId",
null) after verifying the remote call succeeded (e.g., response.ok and/or
expected response body) and also handle fetch/network errors with a catch so you
don't clear the local hookId on failure; reference the fetch invocation and the
this.db.set("hookId", null) line to implement the conditional clear and error
handling.
- Around line 75-78: The current dedupe key in status_change.mjs uses only
order_id in the this.$emit call (id: body.order_id) which collapses multiple
status updates for the same order; change the emitted id to include the status
and/or a stable event timestamp so each status-change is unique (for example
compose id from body.order_id + body.flp_status + (body.updated_at ||
Date.now())), updating the id field in the this.$emit invocation so it uses that
composite key while keeping summary and ts as-is.
- Around line 71-77: The code assumes event.body is a valid object and directly
accesses body.flp_status and body.order_id in the this.$emit call; add a guard
that verifies event.body is an object (and not null) before accessing fields,
assign a safe fallback object (e.g., {}) to the local variable body when
event.body is missing or malformed, and use safe fallback values for the summary
and id (e.g., "unknown" for flp_status and a timestamp or UUID for id) so
this.$emit(body, {...}) will not throw when event.body is absent or not an
object.
ℹ️ Review info
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (2)
components/fraudlabs_pro/package.jsoncomponents/fraudlabs_pro/sources/status_changed/status_change.mjs
components/fraudlabs_pro/sources/status_changed/status_change.mjs
Outdated
Show resolved
Hide resolved
components/fraudlabs_pro/sources/status_changed/status_change.mjs
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@components/fraudlabs_pro/sources/status_changed/status_change.mjs`:
- Around line 5-7: Update the component metadata: change the key symbol from
"fraudlabspro_status_change" to the Pipedream-conformant
"fraudlabs_pro-status-change", and correct the description string (the symbol
"description") to read "Trigger to receive data from FraudLabs Pro Screen Order
API if the status change matches your setting." Ensure you update only the key
and description values (leaving version and other fields intact) so the
component follows naming conventions and fixes the grammar.
components/fraudlabs_pro/sources/status_changed/status_change.mjs
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (1)
components/fraudlabs_pro/sources/status_changed/status_change.mjs (1)
9-16:⚠️ Potential issue | 🔴 CriticalImplement the user-configured status filter end-to-end.
Line 9-16 and Line 86 currently allow emitting every valid webhook payload. This does not meet the PR objective (“status matches user-configured setting”). Add a user prop and guard before
$emit.Proposed fix
props: { fraudlabsProApp, + status: { + type: "string", + label: "Status to Match", + description: "Only emit events when the incoming order status matches this value.", + optional: true, + }, db: "$.service.db", http: { type: "$.interface.http", customResponse: true, }, }, @@ async run(event) { // 2. Capture the incoming POST data from the API const body = event.body; if (!body || typeof body !== "object") { this.http.respond({ status: 400, body: { message: "Invalid payload" }, }); return; } + + if (this.status && body.flp_status !== this.status) { + this.http.respond({ + status: 200, + body: { message: "Ignored (status does not match filter)" }, + }); + return; + } // Emit the data so it can be used in workflow stepsAlso applies to: 73-90
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/fraudlabs_pro/sources/status_changed/status_change.mjs` around lines 9 - 16, Add a new user prop (e.g., statusFilter) to the existing props block and enforce it before emitting webhook payloads: update the props object that currently lists fraudlabsProApp/db/http to include statusFilter (string, optional, default empty or "any"), then in the webhook handler where $emit is called (the code block around the existing $emit in lines ~73-90) add a guard that reads the incoming payload.status and only calls $emit when payload.status === props.statusFilter (or when statusFilter is empty/"any" to allow all). Use the exact prop name you add (statusFilter) in the comparison and normalize both values (trim/lowercase) to be robust.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@components/fraudlabs_pro/sources/status_changed/status_change.mjs`:
- Around line 43-48: The activation flow currently treats a successful subscribe
response as success even when the webhook `id` is missing; update the logic
around the response.json() handling so that after obtaining `data` you verify
`data.id` and, if it's absent, treat activation as failed (e.g., throw an error
or return a rejected result) instead of proceeding — ensure you do not call
this.db.set("hookId", ...) when data.id is falsy and surface an error so the
source does not become active without persisted hook state; modify the function
that awaits response.json() and sets the hookId accordingly to enforce this
check and early-fail on missing id.
---
Duplicate comments:
In `@components/fraudlabs_pro/sources/status_changed/status_change.mjs`:
- Around line 9-16: Add a new user prop (e.g., statusFilter) to the existing
props block and enforce it before emitting webhook payloads: update the props
object that currently lists fraudlabsProApp/db/http to include statusFilter
(string, optional, default empty or "any"), then in the webhook handler where
$emit is called (the code block around the existing $emit in lines ~73-90) add a
guard that reads the incoming payload.status and only calls $emit when
payload.status === props.statusFilter (or when statusFilter is empty/"any" to
allow all). Use the exact prop name you add (statusFilter) in the comparison and
normalize both values (trim/lowercase) to be robust.
components/fraudlabs_pro/sources/status_changed/status_change.mjs
Outdated
Show resolved
Hide resolved
michelle0927
moved this from Ready for PR Review
to In Review
in Component (Source and Action) Backlog
michelle0927
left a comment
michelle0927
left a comment
There was a problem hiding this comment.
@ooi2018 Thank you for your contribution. Can you point me to the FraudLabs documentation for these endpoints?
https://www.fraudlabspro.com/pipedream-webhook-subscribe
https://www.fraudlabspro.com/pipedream-webhook-unsubscribe
I located this link that describes creating a webhook "by entering the callback URL at the settings page", but it doesn't say anything about creating webhooks programmatically.
michelle0927
moved this from In Review
to Changes Required
in Component (Source and Action) Backlog
Fixed various errors and warnings from Lint Code Base.
There was a problem hiding this comment.
♻️ Duplicate comments (1)
components/fraudlabs_pro/sources/status_changed/status_change.mjs (1)
90-94:⚠️ Potential issue | 🟡 MinorSummary may display "undefined" for missing fields.
If
body.flp_statusorbody.order_idis missing, the summary will show"New Status: undefined for Order#undefined". Consider providing fallback values.Proposed fix
this.$emit(body, { - summary: `New Status: ${body.flp_status} for Order #${body.order_id}`, - id: `${body.order_id}-${body.flp_status}-${body.updated_at ?? body.timestamp ?? Date.now()}`, + summary: `New Status: ${body.flp_status ?? "unknown"} for Order #${body.order_id ?? "unknown"}`, + id: `${body.order_id ?? "unknown"}-${body.flp_status ?? "unknown"}-${body.updated_at ?? body.timestamp ?? Date.now()}`, ts: Date.now(), });🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/fraudlabs_pro/sources/status_changed/status_change.mjs` around lines 90 - 94, The emitted summary and id currently interpolate body.flp_status and body.order_id and can render "undefined"; update the this.$emit call (the summary string and id construction) to use safe fallbacks (e.g., const status = body.flp_status ?? 'unknown' and const orderId = body.order_id ?? 'unknown') and use those variables when building the summary and id (retain the timestamp fallback logic for the id: body.updated_at ?? body.timestamp ?? Date.now()) so the summary reads "New Status: <status> for Order #<orderId>" even when fields are missing.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Duplicate comments:
In `@components/fraudlabs_pro/sources/status_changed/status_change.mjs`:
- Around line 90-94: The emitted summary and id currently interpolate
body.flp_status and body.order_id and can render "undefined"; update the
this.$emit call (the summary string and id construction) to use safe fallbacks
(e.g., const status = body.flp_status ?? 'unknown' and const orderId =
body.order_id ?? 'unknown') and use those variables when building the summary
and id (retain the timestamp fallback logic for the id: body.updated_at ??
body.timestamp ?? Date.now()) so the summary reads "New Status: <status> for
Order #<orderId>" even when fields are missing.
Hi @michelle0927, There is currently no documentation available for these two endpoints. However, once a user adds the trigger to the workflow, the webhook URL will automatically be registered in the FraudLabs Pro database. The user will then just need to configure the order status settings in the FraudLabs Pro merchant dashboard. A tutorial will be published once the trigger is approved. |
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (2)
components/fraudlabs_pro/sources/status_changed/status_change.mjs (2)
9-16:⚠️ Potential issue | 🔴 CriticalImplement user-configurable status filtering before emitting events.
The source still emits all status-change events and does not expose a prop for users to choose which status to match, so the core trigger behavior in the PR objective is not implemented.
Proposed fix
props: { fraudlabsProApp, + status: { + type: "string", + label: "Status to match", + description: "Only emit events when flp_status matches this value.", + optional: true, + }, db: "$.service.db", http: { type: "$.interface.http", customResponse: true, }, }, @@ async run(event) { // 2. Capture the incoming POST data from the API const body = event.body; if (!body || typeof body !== "object") { this.http.respond({ status: 400, body: { message: "Invalid payload" }, }); return; } + + if (this.status && body.flp_status !== this.status) { + this.http.respond({ + status: 200, + body: { + message: "Ignored", + }, + }); + return; + }Also applies to: 75-94
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/fraudlabs_pro/sources/status_changed/status_change.mjs` around lines 9 - 16, The source currently emits all status-change events without allowing users to configure which statuses to match; add a new prop (e.g., statusFilter or allowedStatuses) to the props object alongside fraudlabsProApp/db/http, expose it in the component config, and update the status-change handler (the function that processes incoming HTTP payloads in this file) to check the incoming event's status against the configured allowedStatuses before emitting; ensure the prop accepts a string or array, normalize it in initialization, and short-circuit/return early from the handler when the status does not match so only configured status changes are emitted.
45-50:⚠️ Potential issue | 🟠 MajorFail activation when subscribe response has no webhook
id.If subscribe returns 2xx but omits
id, activation currently succeeds without persisted state, which can cause duplicate subscriptions and broken deactivation.Proposed fix
const data = await response.json(); // Store the ID returned by FraudLabs Pro - if (data && data.id) { - this.db.set("hookId", data.id); - } + if (!data?.id) { + throw new Error(`Activation failed: missing webhook id in response: ${JSON.stringify(data)}`); + } + this.db.set("hookId", data.id);🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@components/fraudlabs_pro/sources/status_changed/status_change.mjs` around lines 45 - 50, The activation flow currently accepts a 2xx subscribe response even when the parsed response (data from response.json()) lacks a webhook id, so modify the activation logic around the response handling (the code that calls response.json() and this.db.set("hookId", data.id)) to treat missing data.id as a failure: after awaiting response.json(), if !data || !data.id then throw an Error (or return a rejected promise) so activation fails and no hookId is persisted; only call this.db.set("hookId", data.id) when data.id is present.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@components/fraudlabs_pro/sources/status_changed/status_change.mjs`:
- Around line 90-93: The dedupe id uses Date.now() which makes retries appear
unique; change the id generation in the this.$emit call so it uses a
deterministic fallback instead of Date.now() — e.g. replace
`${body.order_id}-${body.flp_status}-${body.updated_at ?? body.timestamp ??
Date.now()}` with `${body.order_id}-${body.flp_status}-${body.updated_at ??
body.timestamp ?? 'missing_timestamp'}` (or `'0'`) so retrying the same webhook
produces the same id; update the expression where this.$emit is called to use
the deterministic fallback.
---
Duplicate comments:
In `@components/fraudlabs_pro/sources/status_changed/status_change.mjs`:
- Around line 9-16: The source currently emits all status-change events without
allowing users to configure which statuses to match; add a new prop (e.g.,
statusFilter or allowedStatuses) to the props object alongside
fraudlabsProApp/db/http, expose it in the component config, and update the
status-change handler (the function that processes incoming HTTP payloads in
this file) to check the incoming event's status against the configured
allowedStatuses before emitting; ensure the prop accepts a string or array,
normalize it in initialization, and short-circuit/return early from the handler
when the status does not match so only configured status changes are emitted.
- Around line 45-50: The activation flow currently accepts a 2xx subscribe
response even when the parsed response (data from response.json()) lacks a
webhook id, so modify the activation logic around the response handling (the
code that calls response.json() and this.db.set("hookId", data.id)) to treat
missing data.id as a failure: after awaiting response.json(), if !data ||
!data.id then throw an Error (or return a rejected promise) so activation fails
and no hookId is persisted; only call this.db.set("hookId", data.id) when
data.id is present.
There was a problem hiding this comment.
Hi @ooi2018. I made some updates to align the code better with Pipedream standards.
I'm able to create a webhook and get an id. However, I'm getting a 404 error when calling the unsubscribe endpoint (GET https://www.fraudlabspro.com/pipedream-webhook-unsubscribe). I tried changing a transaction from Approved to Reject, and then back to Approved, but I didn't receive any requests to the webhook.
Are you able to try testing the source by using the Pipedream CLI?
michelle0927
moved this from In Review
to Changes Required
in Component (Source and Action) Backlog
|
Hi @michelle0927,
|
4 participants
WHY
Summary by CodeRabbit
New Features
Updates