npm - @hogsend/engine - Versions diffs - 0.21.0 → 0.21.1 - Mend

@hogsend/engine 0.21.0 → 0.21.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/package.json +7 -7
package/src/lib/provider-credentials.ts +19 -0
package/src/routes/admin/analytics.ts +6 -6
package/src/routes/admin/provider-credentials.ts +15 -6
package/src/routes/webhooks/sources.ts +10 -0

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@hogsend/engine",
-  "version": "0.21.0",
+  "version": "0.21.1",
   "type": "module",
   "license": "MIT",
   "repository": {
@@ -40,14 +40,14 @@
     "svix": "^1.95.1",
     "winston": "^3.19.0",
     "zod": "^4.4.3",
-    "@hogsend/core": "^0.21.0",
-    "@hogsend/db": "^0.21.0",
-    "@hogsend/email": "^0.21.0",
-    "@hogsend/plugin-posthog": "^0.21.0",
-    "@hogsend/plugin-resend": "^0.21.0"
+    "@hogsend/core": "^0.21.1",
+    "@hogsend/db": "^0.21.1",
+    "@hogsend/email": "^0.21.1",
+    "@hogsend/plugin-posthog": "^0.21.1",
+    "@hogsend/plugin-resend": "^0.21.1"
   },
   "optionalDependencies": {
-    "@hogsend/plugin-postmark": "^0.21.0"
+    "@hogsend/plugin-postmark": "^0.21.1"
   },
   "devDependencies": {
     "@types/node": "^22.15.3",

package/src/lib/provider-credentials.ts CHANGED Viewed

@@ -297,6 +297,25 @@ export async function deleteProviderCredential(
   return deleted.length > 0;
 }
+/**
+ * Purge EVERY stored credential for a provider — the oauth grant AND the
+ * server-derived config (minted webhook secret + grabbed phc_). Disconnect
+ * must leave no orphaned rows; the single-kind `deleteProviderCredential`
+ * stays unchanged so token-lifecycle callers can still target one kind.
+ * Returns which kinds were removed. Never decrypts.
+ */
+export async function deleteAllProviderCredentials(
+  db: Database,
+  providerId: string,
+): Promise<{ oauth: boolean; derived: boolean }> {
+  const [oauth, derived] = await Promise.all([
+    deleteProviderCredential(db, providerId, "oauth"),
+    deleteProviderCredential(db, providerId, "derived"),
+  ]);
+  return { oauth, derived };
+}
 /**
  * Read + decrypt the kind="derived" config for a provider. `null` when none
  * stored; throws `ProviderCredentialDecryptError` when a row exists but cannot

package/src/routes/admin/analytics.ts CHANGED Viewed

@@ -14,6 +14,7 @@ import {
   provisionPostHogLoop,
 } from "../../lib/provision-posthog-loop.js";
 import { errorSchema } from "../../lib/schemas.js";
+import { invalidateStoredPosthogSecret } from "../webhooks/sources.js";
 /**
  * Admin analytics-connection routes — the server half of
@@ -170,9 +171,8 @@ const provisionLoopRoute = createRoute({
       description:
         "Refused: `no_posthog_credential` (no OAuth credential and no " +
         "personal API key), `posthog_not_configured` (no PostHog env signal " +
-        "at all), `webhook_secret_missing` (POSTHOG_WEBHOOK_SECRET unset), " +
-        "or `api_public_url_unreachable` (API_PUBLIC_URL is loopback — " +
-        "PostHog cannot deliver to it)",
+        "at all), or `api_public_url_unreachable` (API_PUBLIC_URL is loopback " +
+        "— PostHog cannot deliver to it)",
     },
     502: {
       content: { "application/json": { schema: provisionFailureSchema } },
@@ -273,6 +273,9 @@ export const analyticsAdminRouter = new OpenAPIHono<AppEnv>()
         ...(storedDerived ?? {}),
         webhookSecret,
       });
+      // Bust the inbound posthog webhook source's cached secret so it enforces
+      // the freshly-minted value immediately instead of after the ~30s TTL.
+      invalidateStoredPosthogSecret();
     }
     try {
@@ -318,9 +321,6 @@ export const analyticsAdminRouter = new OpenAPIHono<AppEnv>()
       );
     } catch (error) {
       if (error instanceof ProvisionPostHogLoopError) {
-        if (error.code === "missing-webhook-secret") {
-          return c.json({ error: "webhook_secret_missing" }, 409);
-        }
         return c.json(
           {
             error: error.code,

package/src/routes/admin/provider-credentials.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { createRoute, OpenAPIHono, z } from "@hono/zod-openapi";
 import type { AppEnv } from "../../app.js";
 import {
-  deleteProviderCredential,
+  deleteAllProviderCredentials,
   getProviderCredential,
   ProviderCredentialDecryptError,
   type ProviderCredentialMeta,
@@ -108,7 +108,11 @@ const deleteRoute = createRoute({
   method: "delete",
   path: "/{providerId}",
   tags: ["Admin — Provider Credentials"],
-  summary: "Delete a provider credential",
+  summary: "Purge a provider's stored credentials (oauth + derived)",
+  description:
+    "Disconnect: hard-deletes EVERY stored credential for the provider — " +
+    "the oauth grant AND the server-derived config (minted webhook secret + " +
+    "grabbed phc_) — so no orphaned rows remain.",
   request: {
     params: providerIdParam,
   },
@@ -117,11 +121,11 @@ const deleteRoute = createRoute({
       content: {
         "application/json": { schema: z.object({ deleted: z.boolean() }) },
       },
-      description: "Credential hard-deleted",
+      description: "Credentials hard-deleted (at least one row removed)",
     },
     404: {
       content: { "application/json": { schema: errorSchema } },
-      description: "No credential stored for this provider",
+      description: "No credentials stored for this provider",
     },
   },
 });
@@ -180,8 +184,13 @@ export const providerCredentialsRouter = new OpenAPIHono<AppEnv>()
     // Never decrypts — DELETE must succeed even when the payload is
     // undecryptable (the operator's escape hatch after a secret rotation).
-    const deleted = await deleteProviderCredential(db, providerId);
-    if (!deleted) {
+    // Disconnect purges BOTH kinds (oauth grant + derived config) so the
+    // minted webhook secret + grabbed phc_ never linger orphaned.
+    const { oauth, derived } = await deleteAllProviderCredentials(
+      db,
+      providerId,
+    );
+    if (!oauth && !derived) {
       return c.json({ error: "Provider credential not found" }, 404);
     }
     return c.json({ deleted: true }, 200);

package/src/routes/webhooks/sources.ts CHANGED Viewed

@@ -52,6 +52,16 @@ async function resolveStoredPosthogSecret(
   return value;
 }
+/**
+ * Drop the module-level stored-secret cache so the next inbound PostHog webhook
+ * re-reads from the `kind="derived"` store. Called right after `hogsend connect`
+ * mints + persists a secret, so the freshly-minted value is enforced
+ * immediately instead of waiting out the `STORED_SECRET_RECHECK_MS` window.
+ */
+export function invalidateStoredPosthogSecret(): void {
+  storedPosthogSecret = undefined;
+}
 export function registerWebhookSourceRoutes(
   app: OpenAPIHono<AppEnv>,
   sources: DefinedWebhookSource[],