npm - @open-mercato/webhooks - Versions diffs - 0.5.1-develop.2912.8d7b1fef24 → 0.5.1-develop.2924.d13908516e - Mend

@open-mercato/webhooks 0.5.1-develop.2912.8d7b1fef24 → 0.5.1-develop.2924.d13908516e

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/modules/webhooks/lib/delivery.js +60 -32
package/dist/modules/webhooks/lib/delivery.js.map +2 -2
package/dist/modules/webhooks/lib/url-safety.js +14 -2
package/dist/modules/webhooks/lib/url-safety.js.map +2 -2
package/package.json +6 -6
package/src/modules/webhooks/lib/__tests__/url-safety.test.ts +52 -0
package/src/modules/webhooks/lib/delivery.ts +79 -35
package/src/modules/webhooks/lib/url-safety.ts +29 -0

package/dist/modules/webhooks/lib/delivery.js CHANGED Viewed

@@ -4,7 +4,11 @@ import { WebhookDeliveryEntity, WebhookEntity } from "../data/entities.js";
 import { emitWebhooksEvent } from "../events.js";
 import { enqueueWebhookDelivery } from "./queue.js";
 import { isWebhookIntegrationEnabled, WEBHOOK_INTEGRATION_DISABLED_MESSAGE } from "./integration-state.js";
-import { assertSafeWebhookDeliveryUrl, UnsafeWebhookUrlError } from "./url-safety.js";
+import {
+  assertSafeWebhookDeliveryUrl,
+  safeWebhookFetch,
+  UnsafeWebhookUrlError
+} from "./url-safety.js";
 async function createWebhookDelivery(input) {
   const bodyPayload = {
     type: input.eventId,
@@ -84,26 +88,12 @@ async function processWebhookDeliveryJob(em, job, options = {}) {
   try {
     await assertSafeWebhookDeliveryUrl(webhook.url);
   } catch (error) {
-    const message = error instanceof UnsafeWebhookUrlError ? error.message : "Webhook URL rejected by safety check";
-    delivery.status = "failed";
-    delivery.errorMessage = message;
-    delivery.nextRetryAt = null;
-    delivery.lastAttemptAt = /* @__PURE__ */ new Date();
-    delivery.attemptNumber += 1;
-    webhook.consecutiveFailures += 1;
-    webhook.lastFailureAt = /* @__PURE__ */ new Date();
-    await em.flush();
-    await emitWebhooksEvent("webhooks.delivery.failed", {
-      deliveryId: delivery.id,
-      webhookId: webhook.id,
-      eventType: delivery.eventType,
-      errorMessage: message,
-      durationMs: 0,
-      organizationId: delivery.organizationId,
-      tenantId: delivery.tenantId,
-      willRetry: false
+    return await recordWebhookSafetyFailure({
+      em,
+      delivery,
+      webhook,
+      error
     });
-    return { status: delivery.status, deliveryId: delivery.id };
   }
   const bodyPayload = normalizeWebhookBody(delivery.eventType, delivery.payload);
   delivery.payload = bodyPayload;
@@ -124,18 +114,22 @@ async function processWebhookDeliveryJob(em, job, options = {}) {
   try {
     const controller = new AbortController();
     const timeoutId = setTimeout(() => controller.abort(), webhook.timeoutMs);
-    const response = await fetch(webhook.url, {
-      method: webhook.httpMethod,
-      redirect: "manual",
-      headers: {
-        "content-type": "application/json",
-        ...headers,
-        ...webhook.customHeaders ?? {}
-      },
-      body,
-      signal: controller.signal
-    });
-    clearTimeout(timeoutId);
+    let response;
+    try {
+      response = await safeWebhookFetch(webhook.url, {
+        method: webhook.httpMethod,
+        redirect: "manual",
+        headers: {
+          "content-type": "application/json",
+          ...headers,
+          ...webhook.customHeaders ?? {}
+        },
+        body,
+        signal: controller.signal
+      });
+    } finally {
+      clearTimeout(timeoutId);
+    }
     delivery.attemptNumber += 1;
     delivery.responseStatus = response.status;
     delivery.responseBody = (await response.text()).slice(0, 4096);
@@ -179,6 +173,17 @@ async function processWebhookDeliveryJob(em, job, options = {}) {
     });
     return { status: delivery.status, deliveryId: delivery.id };
   } catch (error) {
+    if (error instanceof UnsafeWebhookUrlError) {
+      const durationMs = Date.now() - delivery.enqueuedAt.getTime();
+      delivery.durationMs = durationMs;
+      return await recordWebhookSafetyFailure({
+        em,
+        delivery,
+        webhook,
+        error,
+        durationMs
+      });
+    }
     delivery.attemptNumber += 1;
     delivery.durationMs = Date.now() - delivery.enqueuedAt.getTime();
     delivery.lastAttemptAt = /* @__PURE__ */ new Date();
@@ -206,6 +211,29 @@ async function processWebhookDeliveryJob(em, job, options = {}) {
     return { status: delivery.status, deliveryId: delivery.id };
   }
 }
+async function recordWebhookSafetyFailure(input) {
+  const { em, delivery, webhook, error } = input;
+  const message = error instanceof UnsafeWebhookUrlError ? error.message : "Webhook URL rejected by safety check";
+  delivery.status = "failed";
+  delivery.errorMessage = message;
+  delivery.nextRetryAt = null;
+  delivery.lastAttemptAt = /* @__PURE__ */ new Date();
+  delivery.attemptNumber += 1;
+  webhook.consecutiveFailures += 1;
+  webhook.lastFailureAt = /* @__PURE__ */ new Date();
+  await em.flush();
+  await emitWebhooksEvent("webhooks.delivery.failed", {
+    deliveryId: delivery.id,
+    webhookId: webhook.id,
+    eventType: delivery.eventType,
+    errorMessage: message,
+    durationMs: input.durationMs ?? 0,
+    organizationId: delivery.organizationId,
+    tenantId: delivery.tenantId,
+    willRetry: false
+  });
+  return { status: delivery.status, deliveryId: delivery.id };
+}
 async function handleFailedDelivery(input) {
   const { delivery, webhook } = input;
   const retriesRemaining = delivery.attemptNumber < Math.max(delivery.maxAttempts, 1);

package/dist/modules/webhooks/lib/delivery.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../src/modules/webhooks/lib/delivery.ts"],
-  "sourcesContent": ["import type { EntityManager } from '@mikro-orm/postgresql'\nimport { buildWebhookHeaders, generateMessageId } from '@open-mercato/shared/lib/webhooks'\nimport { findOneWithDecryption } from '@open-mercato/shared/lib/encryption/find'\nimport { WebhookDeliveryEntity, WebhookEntity } from '../data/entities'\nimport { emitWebhooksEvent } from '../events'\nimport { enqueueWebhookDelivery } from './queue'\nimport { isWebhookIntegrationEnabled, WEBHOOK_INTEGRATION_DISABLED_MESSAGE } from './integration-state'\nimport { assertSafeWebhookDeliveryUrl, UnsafeWebhookUrlError } from './url-safety'\n\nexport interface WebhookDeliveryJob {\n  deliveryId: string\n  tenantId: string\n  organizationId: string\n}\n\nexport interface CreateWebhookDeliveryInput {\n  em: EntityManager\n  webhook: WebhookEntity\n  eventId: string\n  payload: Record<string, unknown>\n}\n\ntype ProcessWebhookDeliveryOptions = {\n  scheduleRetries?: boolean\n}\n\ntype WebhookBody = {\n  type: string\n  timestamp: string\n  data: Record<string, unknown>\n}\n\nexport async function createWebhookDelivery(input: CreateWebhookDeliveryInput): Promise<WebhookDeliveryEntity> {\n  const bodyPayload: WebhookBody = {\n    type: input.eventId,\n    timestamp: new Date().toISOString(),\n    data: input.payload,\n  }\n  const now = new Date()\n\n  const delivery = input.em.create(WebhookDeliveryEntity, {\n    webhookId: input.webhook.id,\n    eventType: input.eventId,\n    messageId: generateMessageId(),\n    payload: bodyPayload,\n    status: 'pending',\n    attemptNumber: 0,\n    maxAttempts: input.webhook.maxRetries,\n    targetUrl: input.webhook.url,\n    organizationId: input.webhook.organizationId,\n    tenantId: input.webhook.tenantId,\n    enqueuedAt: now,\n    createdAt: now,\n    updatedAt: now,\n  })\n\n  await input.em.flush()\n  await emitWebhooksEvent('webhooks.delivery.enqueued', {\n    deliveryId: delivery.id,\n    webhookId: input.webhook.id,\n    eventType: input.eventId,\n    organizationId: input.webhook.organizationId,\n    tenantId: input.webhook.tenantId,\n  })\n  return delivery\n}\n\nexport async function processWebhookDeliveryJob(\n  em: EntityManager,\n  job: WebhookDeliveryJob,\n  options: ProcessWebhookDeliveryOptions = {},\n): Promise<{ status: string; deliveryId: string } | null> {\n  const delivery = await em.findOne(WebhookDeliveryEntity, {\n    id: job.deliveryId,\n    tenantId: job.tenantId,\n    organizationId: job.organizationId,\n  })\n\n  if (!delivery) return null\n\n  const webhook = await findOneWithDecryption(\n    em,\n    WebhookEntity,\n    {\n      id: delivery.webhookId,\n      tenantId: job.tenantId,\n      organizationId: job.organizationId,\n      deletedAt: null,\n    },\n    {},\n    { tenantId: job.tenantId, organizationId: job.organizationId },\n  )\n\n  if (!webhook) {\n    delivery.status = 'failed'\n    delivery.errorMessage = 'Webhook not found'\n    delivery.nextRetryAt = null\n    await em.flush()\n    return { status: delivery.status, deliveryId: delivery.id }\n  }\n\n  if (!webhook.isActive) {\n    delivery.status = 'expired'\n    delivery.errorMessage = 'Webhook is inactive'\n    delivery.nextRetryAt = null\n    await em.flush()\n    return { status: delivery.status, deliveryId: delivery.id }\n  }\n\n  const integrationEnabled = await isWebhookIntegrationEnabled(em, {\n    tenantId: webhook.tenantId,\n    organizationId: webhook.organizationId,\n  })\n\n  if (!integrationEnabled) {\n    delivery.status = 'expired'\n    delivery.errorMessage = WEBHOOK_INTEGRATION_DISABLED_MESSAGE\n    delivery.nextRetryAt = null\n    await em.flush()\n    return { status: delivery.status, deliveryId: delivery.id }\n  }\n\n  try {\n    await assertSafeWebhookDeliveryUrl(webhook.url)\n  } catch (error) {\n    const message = error instanceof UnsafeWebhookUrlError\n      ? error.message\n      : 'Webhook URL rejected by safety check'\n    delivery.status = 'failed'\n    delivery.errorMessage = message\n    delivery.nextRetryAt = null\n    delivery.lastAttemptAt = new Date()\n    delivery.attemptNumber += 1\n    webhook.consecutiveFailures += 1\n    webhook.lastFailureAt = new Date()\n    await em.flush()\n    await emitWebhooksEvent('webhooks.delivery.failed', {\n      deliveryId: delivery.id,\n      webhookId: webhook.id,\n      eventType: delivery.eventType,\n      errorMessage: message,\n      durationMs: 0,\n      organizationId: delivery.organizationId,\n      tenantId: delivery.tenantId,\n      willRetry: false,\n    })\n    return { status: delivery.status, deliveryId: delivery.id }\n  }\n\n  const bodyPayload = normalizeWebhookBody(delivery.eventType, delivery.payload)\n  delivery.payload = bodyPayload\n  delivery.status = 'sending'\n  delivery.lastAttemptAt = new Date()\n  delivery.errorMessage = null\n  await em.flush()\n\n  const body = JSON.stringify(bodyPayload)\n  const timestamp = Math.floor(Date.now() / 1000)\n  const headers = buildWebhookHeaders(\n    delivery.messageId,\n    timestamp,\n    body,\n    webhook.secret,\n    webhook.previousSecret,\n  )\n\n  const attemptStartedAt = Date.now()\n\n  try {\n    const controller = new AbortController()\n    const timeoutId = setTimeout(() => controller.abort(), webhook.timeoutMs)\n\n    const response = await fetch(webhook.url, {\n      method: webhook.httpMethod,\n      redirect: 'manual',\n      headers: {\n        'content-type': 'application/json',\n        ...headers,\n        ...(webhook.customHeaders ?? {}),\n      },\n      body,\n      signal: controller.signal,\n    })\n\n    clearTimeout(timeoutId)\n\n    delivery.attemptNumber += 1\n    delivery.responseStatus = response.status\n    delivery.responseBody = (await response.text()).slice(0, 4096)\n    delivery.responseHeaders = Object.fromEntries(response.headers.entries())\n    delivery.durationMs = Date.now() - delivery.enqueuedAt.getTime()\n    delivery.lastAttemptAt = new Date()\n\n    if (response.ok) {\n      delivery.status = 'delivered'\n      delivery.deliveredAt = new Date()\n      delivery.nextRetryAt = null\n      webhook.consecutiveFailures = 0\n      webhook.lastSuccessAt = new Date()\n\n      await emitWebhooksEvent('webhooks.delivery.succeeded', {\n        deliveryId: delivery.id,\n        webhookId: webhook.id,\n        eventType: delivery.eventType,\n        organizationId: delivery.organizationId,\n        tenantId: delivery.tenantId,\n      })\n\n      await em.flush()\n      return { status: delivery.status, deliveryId: delivery.id }\n    }\n\n    webhook.consecutiveFailures += 1\n    webhook.lastFailureAt = new Date()\n\n    await handleFailedDelivery({\n      em,\n      webhook,\n      delivery,\n      canRetry: shouldRetryStatus(response.status),\n      scheduleRetries: options.scheduleRetries !== false,\n      fallbackMessage: `HTTP ${response.status}`,\n    })\n\n    await emitWebhooksEvent('webhooks.delivery.failed', {\n      deliveryId: delivery.id,\n      webhookId: webhook.id,\n      eventType: delivery.eventType,\n      responseStatus: response.status,\n      organizationId: delivery.organizationId,\n      tenantId: delivery.tenantId,\n      willRetry: delivery.status === 'pending',\n    })\n\n    return { status: delivery.status, deliveryId: delivery.id }\n  } catch (error) {\n    delivery.attemptNumber += 1\n    delivery.durationMs = Date.now() - delivery.enqueuedAt.getTime()\n    delivery.lastAttemptAt = new Date()\n    delivery.errorMessage = error instanceof Error ? error.message : 'Unknown delivery error'\n\n    webhook.consecutiveFailures += 1\n    webhook.lastFailureAt = new Date()\n\n    await handleFailedDelivery({\n      em,\n      webhook,\n      delivery,\n      canRetry: true,\n      scheduleRetries: options.scheduleRetries !== false,\n      fallbackMessage: delivery.errorMessage,\n    })\n\n    await emitWebhooksEvent('webhooks.delivery.failed', {\n      deliveryId: delivery.id,\n      webhookId: webhook.id,\n      eventType: delivery.eventType,\n      errorMessage: delivery.errorMessage,\n      durationMs: Date.now() - attemptStartedAt,\n      organizationId: delivery.organizationId,\n      tenantId: delivery.tenantId,\n      willRetry: delivery.status === 'pending',\n    })\n\n    return { status: delivery.status, deliveryId: delivery.id }\n  }\n}\n\ntype HandleFailedDeliveryInput = {\n  em: EntityManager\n  webhook: WebhookEntity\n  delivery: WebhookDeliveryEntity\n  canRetry: boolean\n  scheduleRetries: boolean\n  fallbackMessage: string\n}\n\nasync function handleFailedDelivery(input: HandleFailedDeliveryInput): Promise<void> {\n  const { delivery, webhook } = input\n  const retriesRemaining = delivery.attemptNumber < Math.max(delivery.maxAttempts, 1)\n  const shouldRetry = input.canRetry && retriesRemaining\n\n  if (shouldRetry) {\n    const nextRetryAt = calculateNextRetry(delivery.attemptNumber)\n    delivery.status = 'pending'\n    delivery.nextRetryAt = nextRetryAt\n\n    await input.em.flush()\n\n    if (input.scheduleRetries) {\n      try {\n        await enqueueWebhookDelivery(\n          {\n            deliveryId: delivery.id,\n            tenantId: delivery.tenantId,\n            organizationId: delivery.organizationId,\n          },\n          Math.max(nextRetryAt.getTime() - Date.now(), 0),\n        )\n      } catch (error) {\n        delivery.status = 'failed'\n        delivery.nextRetryAt = null\n        delivery.errorMessage = error instanceof Error\n          ? `Retry scheduling failed: ${error.message}`\n          : 'Retry scheduling failed'\n      }\n    }\n  } else {\n    delivery.status = 'expired'\n    delivery.nextRetryAt = null\n\n    await emitWebhooksEvent('webhooks.delivery.exhausted', {\n      deliveryId: delivery.id,\n      webhookId: webhook.id,\n      eventType: delivery.eventType,\n      organizationId: delivery.organizationId,\n      tenantId: delivery.tenantId,\n      errorMessage: delivery.errorMessage ?? input.fallbackMessage,\n    })\n  }\n\n  if (webhook.autoDisableThreshold > 0 && webhook.consecutiveFailures >= webhook.autoDisableThreshold) {\n    webhook.isActive = false\n    await emitWebhooksEvent('webhooks.webhook.disabled', {\n      webhookId: webhook.id,\n      organizationId: webhook.organizationId,\n      tenantId: webhook.tenantId,\n      consecutiveFailures: webhook.consecutiveFailures,\n    })\n  }\n\n  await input.em.flush()\n}\n\nfunction normalizeWebhookBody(eventType: string, payload: Record<string, unknown>): WebhookBody {\n  const candidateType = typeof payload.type === 'string' ? payload.type : null\n  const candidateTimestamp = typeof payload.timestamp === 'string' ? payload.timestamp : null\n  const candidateData = isRecord(payload.data) ? payload.data : null\n\n  if (candidateType && candidateTimestamp && candidateData) {\n    return {\n      type: candidateType,\n      timestamp: candidateTimestamp,\n      data: candidateData,\n    }\n  }\n\n  return {\n    type: eventType,\n    timestamp: new Date().toISOString(),\n    data: payload,\n  }\n}\n\nfunction isRecord(value: unknown): value is Record<string, unknown> {\n  return typeof value === 'object' && value !== null && !Array.isArray(value)\n}\n\nfunction shouldRetryStatus(status: number): boolean {\n  if (status >= 200 && status < 300) return false\n  if (status === 408 || status === 429) return true\n  return status >= 500\n}\n\nfunction calculateNextRetry(attemptNumber: number): Date {\n  const baseDelayMs = 1000\n  const jitterMs = Math.floor(Math.random() * 1000)\n  const delayMs = baseDelayMs * Math.pow(2, Math.max(attemptNumber - 1, 0)) + jitterMs\n  return new Date(Date.now() + delayMs)\n}\n"],
-  "mappings": "AACA,SAAS,qBAAqB,yBAAyB;AACvD,SAAS,6BAA6B;AACtC,SAAS,uBAAuB,qBAAqB;AACrD,SAAS,yBAAyB;AAClC,SAAS,8BAA8B;AACvC,SAAS,6BAA6B,4CAA4C;AAClF,SAAS,8BAA8B,6BAA6B;AAyBpE,eAAsB,sBAAsB,OAAmE;AAC7G,QAAM,cAA2B;AAAA,IAC/B,MAAM,MAAM;AAAA,IACZ,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,IAClC,MAAM,MAAM;AAAA,EACd;AACA,QAAM,MAAM,oBAAI,KAAK;AAErB,QAAM,WAAW,MAAM,GAAG,OAAO,uBAAuB;AAAA,IACtD,WAAW,MAAM,QAAQ;AAAA,IACzB,WAAW,MAAM;AAAA,IACjB,WAAW,kBAAkB;AAAA,IAC7B,SAAS;AAAA,IACT,QAAQ;AAAA,IACR,eAAe;AAAA,IACf,aAAa,MAAM,QAAQ;AAAA,IAC3B,WAAW,MAAM,QAAQ;AAAA,IACzB,gBAAgB,MAAM,QAAQ;AAAA,IAC9B,UAAU,MAAM,QAAQ;AAAA,IACxB,YAAY;AAAA,IACZ,WAAW;AAAA,IACX,WAAW;AAAA,EACb,CAAC;AAED,QAAM,MAAM,GAAG,MAAM;AACrB,QAAM,kBAAkB,8BAA8B;AAAA,IACpD,YAAY,SAAS;AAAA,IACrB,WAAW,MAAM,QAAQ;AAAA,IACzB,WAAW,MAAM;AAAA,IACjB,gBAAgB,MAAM,QAAQ;AAAA,IAC9B,UAAU,MAAM,QAAQ;AAAA,EAC1B,CAAC;AACD,SAAO;AACT;AAEA,eAAsB,0BACpB,IACA,KACA,UAAyC,CAAC,GACc;AACxD,QAAM,WAAW,MAAM,GAAG,QAAQ,uBAAuB;AAAA,IACvD,IAAI,IAAI;AAAA,IACR,UAAU,IAAI;AAAA,IACd,gBAAgB,IAAI;AAAA,EACtB,CAAC;AAED,MAAI,CAAC,SAAU,QAAO;AAEtB,QAAM,UAAU,MAAM;AAAA,IACpB;AAAA,IACA;AAAA,IACA;AAAA,MACE,IAAI,SAAS;AAAA,MACb,UAAU,IAAI;AAAA,MACd,gBAAgB,IAAI;AAAA,MACpB,WAAW;AAAA,IACb;AAAA,IACA,CAAC;AAAA,IACD,EAAE,UAAU,IAAI,UAAU,gBAAgB,IAAI,eAAe;AAAA,EAC/D;AAEA,MAAI,CAAC,SAAS;AACZ,aAAS,SAAS;AAClB,aAAS,eAAe;AACxB,aAAS,cAAc;AACvB,UAAM,GAAG,MAAM;AACf,WAAO,EAAE,QAAQ,SAAS,QAAQ,YAAY,SAAS,GAAG;AAAA,EAC5D;AAEA,MAAI,CAAC,QAAQ,UAAU;AACrB,aAAS,SAAS;AAClB,aAAS,eAAe;AACxB,aAAS,cAAc;AACvB,UAAM,GAAG,MAAM;AACf,WAAO,EAAE,QAAQ,SAAS,QAAQ,YAAY,SAAS,GAAG;AAAA,EAC5D;AAEA,QAAM,qBAAqB,MAAM,4BAA4B,IAAI;AAAA,IAC/D,UAAU,QAAQ;AAAA,IAClB,gBAAgB,QAAQ;AAAA,EAC1B,CAAC;AAED,MAAI,CAAC,oBAAoB;AACvB,aAAS,SAAS;AAClB,aAAS,eAAe;AACxB,aAAS,cAAc;AACvB,UAAM,GAAG,MAAM;AACf,WAAO,EAAE,QAAQ,SAAS,QAAQ,YAAY,SAAS,GAAG;AAAA,EAC5D;AAEA,MAAI;AACF,UAAM,6BAA6B,QAAQ,GAAG;AAAA,EAChD,SAAS,OAAO;AACd,UAAM,UAAU,iBAAiB,wBAC7B,MAAM,UACN;AACJ,aAAS,SAAS;AAClB,aAAS,eAAe;AACxB,aAAS,cAAc;AACvB,aAAS,gBAAgB,oBAAI,KAAK;AAClC,aAAS,iBAAiB;AAC1B,YAAQ,uBAAuB;AAC/B,YAAQ,gBAAgB,oBAAI,KAAK;AACjC,UAAM,GAAG,MAAM;AACf,UAAM,kBAAkB,4BAA4B;AAAA,MAClD,YAAY,SAAS;AAAA,MACrB,WAAW,QAAQ;AAAA,MACnB,WAAW,SAAS;AAAA,MACpB,cAAc;AAAA,MACd,YAAY;AAAA,MACZ,gBAAgB,SAAS;AAAA,MACzB,UAAU,SAAS;AAAA,MACnB,WAAW;AAAA,IACb,CAAC;AACD,WAAO,EAAE,QAAQ,SAAS,QAAQ,YAAY,SAAS,GAAG;AAAA,EAC5D;AAEA,QAAM,cAAc,qBAAqB,SAAS,WAAW,SAAS,OAAO;AAC7E,WAAS,UAAU;AACnB,WAAS,SAAS;AAClB,WAAS,gBAAgB,oBAAI,KAAK;AAClC,WAAS,eAAe;AACxB,QAAM,GAAG,MAAM;AAEf,QAAM,OAAO,KAAK,UAAU,WAAW;AACvC,QAAM,YAAY,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAC9C,QAAM,UAAU;AAAA,IACd,SAAS;AAAA,IACT;AAAA,IACA;AAAA,IACA,QAAQ;AAAA,IACR,QAAQ;AAAA,EACV;AAEA,QAAM,mBAAmB,KAAK,IAAI;AAElC,MAAI;AACF,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,QAAQ,SAAS;AAExE,UAAM,WAAW,MAAM,MAAM,QAAQ,KAAK;AAAA,MACxC,QAAQ,QAAQ;AAAA,MAChB,UAAU;AAAA,MACV,SAAS;AAAA,QACP,gBAAgB;AAAA,QAChB,GAAG;AAAA,QACH,GAAI,QAAQ,iBAAiB,CAAC;AAAA,MAChC;AAAA,MACA;AAAA,MACA,QAAQ,WAAW;AAAA,IACrB,CAAC;AAED,iBAAa,SAAS;AAEtB,aAAS,iBAAiB;AAC1B,aAAS,iBAAiB,SAAS;AACnC,aAAS,gBAAgB,MAAM,SAAS,KAAK,GAAG,MAAM,GAAG,IAAI;AAC7D,aAAS,kBAAkB,OAAO,YAAY,SAAS,QAAQ,QAAQ,CAAC;AACxE,aAAS,aAAa,KAAK,IAAI,IAAI,SAAS,WAAW,QAAQ;AAC/D,aAAS,gBAAgB,oBAAI,KAAK;AAElC,QAAI,SAAS,IAAI;AACf,eAAS,SAAS;AAClB,eAAS,cAAc,oBAAI,KAAK;AAChC,eAAS,cAAc;AACvB,cAAQ,sBAAsB;AAC9B,cAAQ,gBAAgB,oBAAI,KAAK;AAEjC,YAAM,kBAAkB,+BAA+B;AAAA,QACrD,YAAY,SAAS;AAAA,QACrB,WAAW,QAAQ;AAAA,QACnB,WAAW,SAAS;AAAA,QACpB,gBAAgB,SAAS;AAAA,QACzB,UAAU,SAAS;AAAA,MACrB,CAAC;AAED,YAAM,GAAG,MAAM;AACf,aAAO,EAAE,QAAQ,SAAS,QAAQ,YAAY,SAAS,GAAG;AAAA,IAC5D;AAEA,YAAQ,uBAAuB;AAC/B,YAAQ,gBAAgB,oBAAI,KAAK;AAEjC,UAAM,qBAAqB;AAAA,MACzB;AAAA,MACA;AAAA,MACA;AAAA,MACA,UAAU,kBAAkB,SAAS,MAAM;AAAA,MAC3C,iBAAiB,QAAQ,oBAAoB;AAAA,MAC7C,iBAAiB,QAAQ,SAAS,MAAM;AAAA,IAC1C,CAAC;AAED,UAAM,kBAAkB,4BAA4B;AAAA,MAClD,YAAY,SAAS;AAAA,MACrB,WAAW,QAAQ;AAAA,MACnB,WAAW,SAAS;AAAA,MACpB,gBAAgB,SAAS;AAAA,MACzB,gBAAgB,SAAS;AAAA,MACzB,UAAU,SAAS;AAAA,MACnB,WAAW,SAAS,WAAW;AAAA,IACjC,CAAC;AAED,WAAO,EAAE,QAAQ,SAAS,QAAQ,YAAY,SAAS,GAAG;AAAA,EAC5D,SAAS,OAAO;AACd,aAAS,iBAAiB;AAC1B,aAAS,aAAa,KAAK,IAAI,IAAI,SAAS,WAAW,QAAQ;AAC/D,aAAS,gBAAgB,oBAAI,KAAK;AAClC,aAAS,eAAe,iBAAiB,QAAQ,MAAM,UAAU;AAEjE,YAAQ,uBAAuB;AAC/B,YAAQ,gBAAgB,oBAAI,KAAK;AAEjC,UAAM,qBAAqB;AAAA,MACzB;AAAA,MACA;AAAA,MACA;AAAA,MACA,UAAU;AAAA,MACV,iBAAiB,QAAQ,oBAAoB;AAAA,MAC7C,iBAAiB,SAAS;AAAA,IAC5B,CAAC;AAED,UAAM,kBAAkB,4BAA4B;AAAA,MAClD,YAAY,SAAS;AAAA,MACrB,WAAW,QAAQ;AAAA,MACnB,WAAW,SAAS;AAAA,MACpB,cAAc,SAAS;AAAA,MACvB,YAAY,KAAK,IAAI,IAAI;AAAA,MACzB,gBAAgB,SAAS;AAAA,MACzB,UAAU,SAAS;AAAA,MACnB,WAAW,SAAS,WAAW;AAAA,IACjC,CAAC;AAED,WAAO,EAAE,QAAQ,SAAS,QAAQ,YAAY,SAAS,GAAG;AAAA,EAC5D;AACF;AAWA,eAAe,qBAAqB,OAAiD;AACnF,QAAM,EAAE,UAAU,QAAQ,IAAI;AAC9B,QAAM,mBAAmB,SAAS,gBAAgB,KAAK,IAAI,SAAS,aAAa,CAAC;AAClF,QAAM,cAAc,MAAM,YAAY;AAEtC,MAAI,aAAa;AACf,UAAM,cAAc,mBAAmB,SAAS,aAAa;AAC7D,aAAS,SAAS;AAClB,aAAS,cAAc;AAEvB,UAAM,MAAM,GAAG,MAAM;AAErB,QAAI,MAAM,iBAAiB;AACzB,UAAI;AACF,cAAM;AAAA,UACJ;AAAA,YACE,YAAY,SAAS;AAAA,YACrB,UAAU,SAAS;AAAA,YACnB,gBAAgB,SAAS;AAAA,UAC3B;AAAA,UACA,KAAK,IAAI,YAAY,QAAQ,IAAI,KAAK,IAAI,GAAG,CAAC;AAAA,QAChD;AAAA,MACF,SAAS,OAAO;AACd,iBAAS,SAAS;AAClB,iBAAS,cAAc;AACvB,iBAAS,eAAe,iBAAiB,QACrC,4BAA4B,MAAM,OAAO,KACzC;AAAA,MACN;AAAA,IACF;AAAA,EACF,OAAO;AACL,aAAS,SAAS;AAClB,aAAS,cAAc;AAEvB,UAAM,kBAAkB,+BAA+B;AAAA,MACrD,YAAY,SAAS;AAAA,MACrB,WAAW,QAAQ;AAAA,MACnB,WAAW,SAAS;AAAA,MACpB,gBAAgB,SAAS;AAAA,MACzB,UAAU,SAAS;AAAA,MACnB,cAAc,SAAS,gBAAgB,MAAM;AAAA,IAC/C,CAAC;AAAA,EACH;AAEA,MAAI,QAAQ,uBAAuB,KAAK,QAAQ,uBAAuB,QAAQ,sBAAsB;AACnG,YAAQ,WAAW;AACnB,UAAM,kBAAkB,6BAA6B;AAAA,MACnD,WAAW,QAAQ;AAAA,MACnB,gBAAgB,QAAQ;AAAA,MACxB,UAAU,QAAQ;AAAA,MAClB,qBAAqB,QAAQ;AAAA,IAC/B,CAAC;AAAA,EACH;AAEA,QAAM,MAAM,GAAG,MAAM;AACvB;AAEA,SAAS,qBAAqB,WAAmB,SAA+C;AAC9F,QAAM,gBAAgB,OAAO,QAAQ,SAAS,WAAW,QAAQ,OAAO;AACxE,QAAM,qBAAqB,OAAO,QAAQ,cAAc,WAAW,QAAQ,YAAY;AACvF,QAAM,gBAAgB,SAAS,QAAQ,IAAI,IAAI,QAAQ,OAAO;AAE9D,MAAI,iBAAiB,sBAAsB,eAAe;AACxD,WAAO;AAAA,MACL,MAAM;AAAA,MACN,WAAW;AAAA,MACX,MAAM;AAAA,IACR;AAAA,EACF;AAEA,SAAO;AAAA,IACL,MAAM;AAAA,IACN,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,IAClC,MAAM;AAAA,EACR;AACF;AAEA,SAAS,SAAS,OAAkD;AAClE,SAAO,OAAO,UAAU,YAAY,UAAU,QAAQ,CAAC,MAAM,QAAQ,KAAK;AAC5E;AAEA,SAAS,kBAAkB,QAAyB;AAClD,MAAI,UAAU,OAAO,SAAS,IAAK,QAAO;AAC1C,MAAI,WAAW,OAAO,WAAW,IAAK,QAAO;AAC7C,SAAO,UAAU;AACnB;AAEA,SAAS,mBAAmB,eAA6B;AACvD,QAAM,cAAc;AACpB,QAAM,WAAW,KAAK,MAAM,KAAK,OAAO,IAAI,GAAI;AAChD,QAAM,UAAU,cAAc,KAAK,IAAI,GAAG,KAAK,IAAI,gBAAgB,GAAG,CAAC,CAAC,IAAI;AAC5E,SAAO,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO;AACtC;",
+  "sourcesContent": ["import type { EntityManager } from '@mikro-orm/postgresql'\nimport { buildWebhookHeaders, generateMessageId } from '@open-mercato/shared/lib/webhooks'\nimport { findOneWithDecryption } from '@open-mercato/shared/lib/encryption/find'\nimport { WebhookDeliveryEntity, WebhookEntity } from '../data/entities'\nimport { emitWebhooksEvent } from '../events'\nimport { enqueueWebhookDelivery } from './queue'\nimport { isWebhookIntegrationEnabled, WEBHOOK_INTEGRATION_DISABLED_MESSAGE } from './integration-state'\nimport {\n  assertSafeWebhookDeliveryUrl,\n  safeWebhookFetch,\n  UnsafeWebhookUrlError,\n} from './url-safety'\n\nexport interface WebhookDeliveryJob {\n  deliveryId: string\n  tenantId: string\n  organizationId: string\n}\n\nexport interface CreateWebhookDeliveryInput {\n  em: EntityManager\n  webhook: WebhookEntity\n  eventId: string\n  payload: Record<string, unknown>\n}\n\ntype ProcessWebhookDeliveryOptions = {\n  scheduleRetries?: boolean\n}\n\ntype WebhookBody = {\n  type: string\n  timestamp: string\n  data: Record<string, unknown>\n}\n\nexport async function createWebhookDelivery(input: CreateWebhookDeliveryInput): Promise<WebhookDeliveryEntity> {\n  const bodyPayload: WebhookBody = {\n    type: input.eventId,\n    timestamp: new Date().toISOString(),\n    data: input.payload,\n  }\n  const now = new Date()\n\n  const delivery = input.em.create(WebhookDeliveryEntity, {\n    webhookId: input.webhook.id,\n    eventType: input.eventId,\n    messageId: generateMessageId(),\n    payload: bodyPayload,\n    status: 'pending',\n    attemptNumber: 0,\n    maxAttempts: input.webhook.maxRetries,\n    targetUrl: input.webhook.url,\n    organizationId: input.webhook.organizationId,\n    tenantId: input.webhook.tenantId,\n    enqueuedAt: now,\n    createdAt: now,\n    updatedAt: now,\n  })\n\n  await input.em.flush()\n  await emitWebhooksEvent('webhooks.delivery.enqueued', {\n    deliveryId: delivery.id,\n    webhookId: input.webhook.id,\n    eventType: input.eventId,\n    organizationId: input.webhook.organizationId,\n    tenantId: input.webhook.tenantId,\n  })\n  return delivery\n}\n\nexport async function processWebhookDeliveryJob(\n  em: EntityManager,\n  job: WebhookDeliveryJob,\n  options: ProcessWebhookDeliveryOptions = {},\n): Promise<{ status: string; deliveryId: string } | null> {\n  const delivery = await em.findOne(WebhookDeliveryEntity, {\n    id: job.deliveryId,\n    tenantId: job.tenantId,\n    organizationId: job.organizationId,\n  })\n\n  if (!delivery) return null\n\n  const webhook = await findOneWithDecryption(\n    em,\n    WebhookEntity,\n    {\n      id: delivery.webhookId,\n      tenantId: job.tenantId,\n      organizationId: job.organizationId,\n      deletedAt: null,\n    },\n    {},\n    { tenantId: job.tenantId, organizationId: job.organizationId },\n  )\n\n  if (!webhook) {\n    delivery.status = 'failed'\n    delivery.errorMessage = 'Webhook not found'\n    delivery.nextRetryAt = null\n    await em.flush()\n    return { status: delivery.status, deliveryId: delivery.id }\n  }\n\n  if (!webhook.isActive) {\n    delivery.status = 'expired'\n    delivery.errorMessage = 'Webhook is inactive'\n    delivery.nextRetryAt = null\n    await em.flush()\n    return { status: delivery.status, deliveryId: delivery.id }\n  }\n\n  const integrationEnabled = await isWebhookIntegrationEnabled(em, {\n    tenantId: webhook.tenantId,\n    organizationId: webhook.organizationId,\n  })\n\n  if (!integrationEnabled) {\n    delivery.status = 'expired'\n    delivery.errorMessage = WEBHOOK_INTEGRATION_DISABLED_MESSAGE\n    delivery.nextRetryAt = null\n    await em.flush()\n    return { status: delivery.status, deliveryId: delivery.id }\n  }\n\n  try {\n    await assertSafeWebhookDeliveryUrl(webhook.url)\n  } catch (error) {\n    return await recordWebhookSafetyFailure({\n      em,\n      delivery,\n      webhook,\n      error,\n    })\n  }\n\n  const bodyPayload = normalizeWebhookBody(delivery.eventType, delivery.payload)\n  delivery.payload = bodyPayload\n  delivery.status = 'sending'\n  delivery.lastAttemptAt = new Date()\n  delivery.errorMessage = null\n  await em.flush()\n\n  const body = JSON.stringify(bodyPayload)\n  const timestamp = Math.floor(Date.now() / 1000)\n  const headers = buildWebhookHeaders(\n    delivery.messageId,\n    timestamp,\n    body,\n    webhook.secret,\n    webhook.previousSecret,\n  )\n\n  const attemptStartedAt = Date.now()\n\n  try {\n    const controller = new AbortController()\n    const timeoutId = setTimeout(() => controller.abort(), webhook.timeoutMs)\n\n    let response: Response\n    try {\n      response = await safeWebhookFetch(webhook.url, {\n        method: webhook.httpMethod,\n        redirect: 'manual',\n        headers: {\n          'content-type': 'application/json',\n          ...headers,\n          ...(webhook.customHeaders ?? {}),\n        },\n        body,\n        signal: controller.signal,\n      })\n    } finally {\n      clearTimeout(timeoutId)\n    }\n\n    delivery.attemptNumber += 1\n    delivery.responseStatus = response.status\n    delivery.responseBody = (await response.text()).slice(0, 4096)\n    delivery.responseHeaders = Object.fromEntries(response.headers.entries())\n    delivery.durationMs = Date.now() - delivery.enqueuedAt.getTime()\n    delivery.lastAttemptAt = new Date()\n\n    if (response.ok) {\n      delivery.status = 'delivered'\n      delivery.deliveredAt = new Date()\n      delivery.nextRetryAt = null\n      webhook.consecutiveFailures = 0\n      webhook.lastSuccessAt = new Date()\n\n      await emitWebhooksEvent('webhooks.delivery.succeeded', {\n        deliveryId: delivery.id,\n        webhookId: webhook.id,\n        eventType: delivery.eventType,\n        organizationId: delivery.organizationId,\n        tenantId: delivery.tenantId,\n      })\n\n      await em.flush()\n      return { status: delivery.status, deliveryId: delivery.id }\n    }\n\n    webhook.consecutiveFailures += 1\n    webhook.lastFailureAt = new Date()\n\n    await handleFailedDelivery({\n      em,\n      webhook,\n      delivery,\n      canRetry: shouldRetryStatus(response.status),\n      scheduleRetries: options.scheduleRetries !== false,\n      fallbackMessage: `HTTP ${response.status}`,\n    })\n\n    await emitWebhooksEvent('webhooks.delivery.failed', {\n      deliveryId: delivery.id,\n      webhookId: webhook.id,\n      eventType: delivery.eventType,\n      responseStatus: response.status,\n      organizationId: delivery.organizationId,\n      tenantId: delivery.tenantId,\n      willRetry: delivery.status === 'pending',\n    })\n\n    return { status: delivery.status, deliveryId: delivery.id }\n  } catch (error) {\n    if (error instanceof UnsafeWebhookUrlError) {\n      // DNS rebinding caught between the upfront safety check and the pinned connect:\n      // the same attacker-controlled DNS would defeat retries too, so fail terminally.\n      const durationMs = Date.now() - delivery.enqueuedAt.getTime()\n      delivery.durationMs = durationMs\n      return await recordWebhookSafetyFailure({\n        em,\n        delivery,\n        webhook,\n        error,\n        durationMs,\n      })\n    }\n\n    delivery.attemptNumber += 1\n    delivery.durationMs = Date.now() - delivery.enqueuedAt.getTime()\n    delivery.lastAttemptAt = new Date()\n    delivery.errorMessage = error instanceof Error ? error.message : 'Unknown delivery error'\n\n    webhook.consecutiveFailures += 1\n    webhook.lastFailureAt = new Date()\n\n    await handleFailedDelivery({\n      em,\n      webhook,\n      delivery,\n      canRetry: true,\n      scheduleRetries: options.scheduleRetries !== false,\n      fallbackMessage: delivery.errorMessage,\n    })\n\n    await emitWebhooksEvent('webhooks.delivery.failed', {\n      deliveryId: delivery.id,\n      webhookId: webhook.id,\n      eventType: delivery.eventType,\n      errorMessage: delivery.errorMessage,\n      durationMs: Date.now() - attemptStartedAt,\n      organizationId: delivery.organizationId,\n      tenantId: delivery.tenantId,\n      willRetry: delivery.status === 'pending',\n    })\n\n    return { status: delivery.status, deliveryId: delivery.id }\n  }\n}\n\ntype RecordWebhookSafetyFailureInput = {\n  em: EntityManager\n  delivery: WebhookDeliveryEntity\n  webhook: WebhookEntity\n  error: unknown\n  durationMs?: number | null\n}\n\nasync function recordWebhookSafetyFailure(\n  input: RecordWebhookSafetyFailureInput,\n): Promise<{ status: string; deliveryId: string }> {\n  const { em, delivery, webhook, error } = input\n  const message = error instanceof UnsafeWebhookUrlError\n    ? error.message\n    : 'Webhook URL rejected by safety check'\n\n  delivery.status = 'failed'\n  delivery.errorMessage = message\n  delivery.nextRetryAt = null\n  delivery.lastAttemptAt = new Date()\n  delivery.attemptNumber += 1\n  webhook.consecutiveFailures += 1\n  webhook.lastFailureAt = new Date()\n  await em.flush()\n\n  await emitWebhooksEvent('webhooks.delivery.failed', {\n    deliveryId: delivery.id,\n    webhookId: webhook.id,\n    eventType: delivery.eventType,\n    errorMessage: message,\n    durationMs: input.durationMs ?? 0,\n    organizationId: delivery.organizationId,\n    tenantId: delivery.tenantId,\n    willRetry: false,\n  })\n\n  return { status: delivery.status, deliveryId: delivery.id }\n}\n\ntype HandleFailedDeliveryInput = {\n  em: EntityManager\n  webhook: WebhookEntity\n  delivery: WebhookDeliveryEntity\n  canRetry: boolean\n  scheduleRetries: boolean\n  fallbackMessage: string\n}\n\nasync function handleFailedDelivery(input: HandleFailedDeliveryInput): Promise<void> {\n  const { delivery, webhook } = input\n  const retriesRemaining = delivery.attemptNumber < Math.max(delivery.maxAttempts, 1)\n  const shouldRetry = input.canRetry && retriesRemaining\n\n  if (shouldRetry) {\n    const nextRetryAt = calculateNextRetry(delivery.attemptNumber)\n    delivery.status = 'pending'\n    delivery.nextRetryAt = nextRetryAt\n\n    await input.em.flush()\n\n    if (input.scheduleRetries) {\n      try {\n        await enqueueWebhookDelivery(\n          {\n            deliveryId: delivery.id,\n            tenantId: delivery.tenantId,\n            organizationId: delivery.organizationId,\n          },\n          Math.max(nextRetryAt.getTime() - Date.now(), 0),\n        )\n      } catch (error) {\n        delivery.status = 'failed'\n        delivery.nextRetryAt = null\n        delivery.errorMessage = error instanceof Error\n          ? `Retry scheduling failed: ${error.message}`\n          : 'Retry scheduling failed'\n      }\n    }\n  } else {\n    delivery.status = 'expired'\n    delivery.nextRetryAt = null\n\n    await emitWebhooksEvent('webhooks.delivery.exhausted', {\n      deliveryId: delivery.id,\n      webhookId: webhook.id,\n      eventType: delivery.eventType,\n      organizationId: delivery.organizationId,\n      tenantId: delivery.tenantId,\n      errorMessage: delivery.errorMessage ?? input.fallbackMessage,\n    })\n  }\n\n  if (webhook.autoDisableThreshold > 0 && webhook.consecutiveFailures >= webhook.autoDisableThreshold) {\n    webhook.isActive = false\n    await emitWebhooksEvent('webhooks.webhook.disabled', {\n      webhookId: webhook.id,\n      organizationId: webhook.organizationId,\n      tenantId: webhook.tenantId,\n      consecutiveFailures: webhook.consecutiveFailures,\n    })\n  }\n\n  await input.em.flush()\n}\n\nfunction normalizeWebhookBody(eventType: string, payload: Record<string, unknown>): WebhookBody {\n  const candidateType = typeof payload.type === 'string' ? payload.type : null\n  const candidateTimestamp = typeof payload.timestamp === 'string' ? payload.timestamp : null\n  const candidateData = isRecord(payload.data) ? payload.data : null\n\n  if (candidateType && candidateTimestamp && candidateData) {\n    return {\n      type: candidateType,\n      timestamp: candidateTimestamp,\n      data: candidateData,\n    }\n  }\n\n  return {\n    type: eventType,\n    timestamp: new Date().toISOString(),\n    data: payload,\n  }\n}\n\nfunction isRecord(value: unknown): value is Record<string, unknown> {\n  return typeof value === 'object' && value !== null && !Array.isArray(value)\n}\n\nfunction shouldRetryStatus(status: number): boolean {\n  if (status >= 200 && status < 300) return false\n  if (status === 408 || status === 429) return true\n  return status >= 500\n}\n\nfunction calculateNextRetry(attemptNumber: number): Date {\n  const baseDelayMs = 1000\n  const jitterMs = Math.floor(Math.random() * 1000)\n  const delayMs = baseDelayMs * Math.pow(2, Math.max(attemptNumber - 1, 0)) + jitterMs\n  return new Date(Date.now() + delayMs)\n}\n"],
+  "mappings": "AACA,SAAS,qBAAqB,yBAAyB;AACvD,SAAS,6BAA6B;AACtC,SAAS,uBAAuB,qBAAqB;AACrD,SAAS,yBAAyB;AAClC,SAAS,8BAA8B;AACvC,SAAS,6BAA6B,4CAA4C;AAClF;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAyBP,eAAsB,sBAAsB,OAAmE;AAC7G,QAAM,cAA2B;AAAA,IAC/B,MAAM,MAAM;AAAA,IACZ,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,IAClC,MAAM,MAAM;AAAA,EACd;AACA,QAAM,MAAM,oBAAI,KAAK;AAErB,QAAM,WAAW,MAAM,GAAG,OAAO,uBAAuB;AAAA,IACtD,WAAW,MAAM,QAAQ;AAAA,IACzB,WAAW,MAAM;AAAA,IACjB,WAAW,kBAAkB;AAAA,IAC7B,SAAS;AAAA,IACT,QAAQ;AAAA,IACR,eAAe;AAAA,IACf,aAAa,MAAM,QAAQ;AAAA,IAC3B,WAAW,MAAM,QAAQ;AAAA,IACzB,gBAAgB,MAAM,QAAQ;AAAA,IAC9B,UAAU,MAAM,QAAQ;AAAA,IACxB,YAAY;AAAA,IACZ,WAAW;AAAA,IACX,WAAW;AAAA,EACb,CAAC;AAED,QAAM,MAAM,GAAG,MAAM;AACrB,QAAM,kBAAkB,8BAA8B;AAAA,IACpD,YAAY,SAAS;AAAA,IACrB,WAAW,MAAM,QAAQ;AAAA,IACzB,WAAW,MAAM;AAAA,IACjB,gBAAgB,MAAM,QAAQ;AAAA,IAC9B,UAAU,MAAM,QAAQ;AAAA,EAC1B,CAAC;AACD,SAAO;AACT;AAEA,eAAsB,0BACpB,IACA,KACA,UAAyC,CAAC,GACc;AACxD,QAAM,WAAW,MAAM,GAAG,QAAQ,uBAAuB;AAAA,IACvD,IAAI,IAAI;AAAA,IACR,UAAU,IAAI;AAAA,IACd,gBAAgB,IAAI;AAAA,EACtB,CAAC;AAED,MAAI,CAAC,SAAU,QAAO;AAEtB,QAAM,UAAU,MAAM;AAAA,IACpB;AAAA,IACA;AAAA,IACA;AAAA,MACE,IAAI,SAAS;AAAA,MACb,UAAU,IAAI;AAAA,MACd,gBAAgB,IAAI;AAAA,MACpB,WAAW;AAAA,IACb;AAAA,IACA,CAAC;AAAA,IACD,EAAE,UAAU,IAAI,UAAU,gBAAgB,IAAI,eAAe;AAAA,EAC/D;AAEA,MAAI,CAAC,SAAS;AACZ,aAAS,SAAS;AAClB,aAAS,eAAe;AACxB,aAAS,cAAc;AACvB,UAAM,GAAG,MAAM;AACf,WAAO,EAAE,QAAQ,SAAS,QAAQ,YAAY,SAAS,GAAG;AAAA,EAC5D;AAEA,MAAI,CAAC,QAAQ,UAAU;AACrB,aAAS,SAAS;AAClB,aAAS,eAAe;AACxB,aAAS,cAAc;AACvB,UAAM,GAAG,MAAM;AACf,WAAO,EAAE,QAAQ,SAAS,QAAQ,YAAY,SAAS,GAAG;AAAA,EAC5D;AAEA,QAAM,qBAAqB,MAAM,4BAA4B,IAAI;AAAA,IAC/D,UAAU,QAAQ;AAAA,IAClB,gBAAgB,QAAQ;AAAA,EAC1B,CAAC;AAED,MAAI,CAAC,oBAAoB;AACvB,aAAS,SAAS;AAClB,aAAS,eAAe;AACxB,aAAS,cAAc;AACvB,UAAM,GAAG,MAAM;AACf,WAAO,EAAE,QAAQ,SAAS,QAAQ,YAAY,SAAS,GAAG;AAAA,EAC5D;AAEA,MAAI;AACF,UAAM,6BAA6B,QAAQ,GAAG;AAAA,EAChD,SAAS,OAAO;AACd,WAAO,MAAM,2BAA2B;AAAA,MACtC;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH;AAEA,QAAM,cAAc,qBAAqB,SAAS,WAAW,SAAS,OAAO;AAC7E,WAAS,UAAU;AACnB,WAAS,SAAS;AAClB,WAAS,gBAAgB,oBAAI,KAAK;AAClC,WAAS,eAAe;AACxB,QAAM,GAAG,MAAM;AAEf,QAAM,OAAO,KAAK,UAAU,WAAW;AACvC,QAAM,YAAY,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAC9C,QAAM,UAAU;AAAA,IACd,SAAS;AAAA,IACT;AAAA,IACA;AAAA,IACA,QAAQ;AAAA,IACR,QAAQ;AAAA,EACV;AAEA,QAAM,mBAAmB,KAAK,IAAI;AAElC,MAAI;AACF,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,QAAQ,SAAS;AAExE,QAAI;AACJ,QAAI;AACF,iBAAW,MAAM,iBAAiB,QAAQ,KAAK;AAAA,QAC7C,QAAQ,QAAQ;AAAA,QAChB,UAAU;AAAA,QACV,SAAS;AAAA,UACP,gBAAgB;AAAA,UAChB,GAAG;AAAA,UACH,GAAI,QAAQ,iBAAiB,CAAC;AAAA,QAChC;AAAA,QACA;AAAA,QACA,QAAQ,WAAW;AAAA,MACrB,CAAC;AAAA,IACH,UAAE;AACA,mBAAa,SAAS;AAAA,IACxB;AAEA,aAAS,iBAAiB;AAC1B,aAAS,iBAAiB,SAAS;AACnC,aAAS,gBAAgB,MAAM,SAAS,KAAK,GAAG,MAAM,GAAG,IAAI;AAC7D,aAAS,kBAAkB,OAAO,YAAY,SAAS,QAAQ,QAAQ,CAAC;AACxE,aAAS,aAAa,KAAK,IAAI,IAAI,SAAS,WAAW,QAAQ;AAC/D,aAAS,gBAAgB,oBAAI,KAAK;AAElC,QAAI,SAAS,IAAI;AACf,eAAS,SAAS;AAClB,eAAS,cAAc,oBAAI,KAAK;AAChC,eAAS,cAAc;AACvB,cAAQ,sBAAsB;AAC9B,cAAQ,gBAAgB,oBAAI,KAAK;AAEjC,YAAM,kBAAkB,+BAA+B;AAAA,QACrD,YAAY,SAAS;AAAA,QACrB,WAAW,QAAQ;AAAA,QACnB,WAAW,SAAS;AAAA,QACpB,gBAAgB,SAAS;AAAA,QACzB,UAAU,SAAS;AAAA,MACrB,CAAC;AAED,YAAM,GAAG,MAAM;AACf,aAAO,EAAE,QAAQ,SAAS,QAAQ,YAAY,SAAS,GAAG;AAAA,IAC5D;AAEA,YAAQ,uBAAuB;AAC/B,YAAQ,gBAAgB,oBAAI,KAAK;AAEjC,UAAM,qBAAqB;AAAA,MACzB;AAAA,MACA;AAAA,MACA;AAAA,MACA,UAAU,kBAAkB,SAAS,MAAM;AAAA,MAC3C,iBAAiB,QAAQ,oBAAoB;AAAA,MAC7C,iBAAiB,QAAQ,SAAS,MAAM;AAAA,IAC1C,CAAC;AAED,UAAM,kBAAkB,4BAA4B;AAAA,MAClD,YAAY,SAAS;AAAA,MACrB,WAAW,QAAQ;AAAA,MACnB,WAAW,SAAS;AAAA,MACpB,gBAAgB,SAAS;AAAA,MACzB,gBAAgB,SAAS;AAAA,MACzB,UAAU,SAAS;AAAA,MACnB,WAAW,SAAS,WAAW;AAAA,IACjC,CAAC;AAED,WAAO,EAAE,QAAQ,SAAS,QAAQ,YAAY,SAAS,GAAG;AAAA,EAC5D,SAAS,OAAO;AACd,QAAI,iBAAiB,uBAAuB;AAG1C,YAAM,aAAa,KAAK,IAAI,IAAI,SAAS,WAAW,QAAQ;AAC5D,eAAS,aAAa;AACtB,aAAO,MAAM,2BAA2B;AAAA,QACtC;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF,CAAC;AAAA,IACH;AAEA,aAAS,iBAAiB;AAC1B,aAAS,aAAa,KAAK,IAAI,IAAI,SAAS,WAAW,QAAQ;AAC/D,aAAS,gBAAgB,oBAAI,KAAK;AAClC,aAAS,eAAe,iBAAiB,QAAQ,MAAM,UAAU;AAEjE,YAAQ,uBAAuB;AAC/B,YAAQ,gBAAgB,oBAAI,KAAK;AAEjC,UAAM,qBAAqB;AAAA,MACzB;AAAA,MACA;AAAA,MACA;AAAA,MACA,UAAU;AAAA,MACV,iBAAiB,QAAQ,oBAAoB;AAAA,MAC7C,iBAAiB,SAAS;AAAA,IAC5B,CAAC;AAED,UAAM,kBAAkB,4BAA4B;AAAA,MAClD,YAAY,SAAS;AAAA,MACrB,WAAW,QAAQ;AAAA,MACnB,WAAW,SAAS;AAAA,MACpB,cAAc,SAAS;AAAA,MACvB,YAAY,KAAK,IAAI,IAAI;AAAA,MACzB,gBAAgB,SAAS;AAAA,MACzB,UAAU,SAAS;AAAA,MACnB,WAAW,SAAS,WAAW;AAAA,IACjC,CAAC;AAED,WAAO,EAAE,QAAQ,SAAS,QAAQ,YAAY,SAAS,GAAG;AAAA,EAC5D;AACF;AAUA,eAAe,2BACb,OACiD;AACjD,QAAM,EAAE,IAAI,UAAU,SAAS,MAAM,IAAI;AACzC,QAAM,UAAU,iBAAiB,wBAC7B,MAAM,UACN;AAEJ,WAAS,SAAS;AAClB,WAAS,eAAe;AACxB,WAAS,cAAc;AACvB,WAAS,gBAAgB,oBAAI,KAAK;AAClC,WAAS,iBAAiB;AAC1B,UAAQ,uBAAuB;AAC/B,UAAQ,gBAAgB,oBAAI,KAAK;AACjC,QAAM,GAAG,MAAM;AAEf,QAAM,kBAAkB,4BAA4B;AAAA,IAClD,YAAY,SAAS;AAAA,IACrB,WAAW,QAAQ;AAAA,IACnB,WAAW,SAAS;AAAA,IACpB,cAAc;AAAA,IACd,YAAY,MAAM,cAAc;AAAA,IAChC,gBAAgB,SAAS;AAAA,IACzB,UAAU,SAAS;AAAA,IACnB,WAAW;AAAA,EACb,CAAC;AAED,SAAO,EAAE,QAAQ,SAAS,QAAQ,YAAY,SAAS,GAAG;AAC5D;AAWA,eAAe,qBAAqB,OAAiD;AACnF,QAAM,EAAE,UAAU,QAAQ,IAAI;AAC9B,QAAM,mBAAmB,SAAS,gBAAgB,KAAK,IAAI,SAAS,aAAa,CAAC;AAClF,QAAM,cAAc,MAAM,YAAY;AAEtC,MAAI,aAAa;AACf,UAAM,cAAc,mBAAmB,SAAS,aAAa;AAC7D,aAAS,SAAS;AAClB,aAAS,cAAc;AAEvB,UAAM,MAAM,GAAG,MAAM;AAErB,QAAI,MAAM,iBAAiB;AACzB,UAAI;AACF,cAAM;AAAA,UACJ;AAAA,YACE,YAAY,SAAS;AAAA,YACrB,UAAU,SAAS;AAAA,YACnB,gBAAgB,SAAS;AAAA,UAC3B;AAAA,UACA,KAAK,IAAI,YAAY,QAAQ,IAAI,KAAK,IAAI,GAAG,CAAC;AAAA,QAChD;AAAA,MACF,SAAS,OAAO;AACd,iBAAS,SAAS;AAClB,iBAAS,cAAc;AACvB,iBAAS,eAAe,iBAAiB,QACrC,4BAA4B,MAAM,OAAO,KACzC;AAAA,MACN;AAAA,IACF;AAAA,EACF,OAAO;AACL,aAAS,SAAS;AAClB,aAAS,cAAc;AAEvB,UAAM,kBAAkB,+BAA+B;AAAA,MACrD,YAAY,SAAS;AAAA,MACrB,WAAW,QAAQ;AAAA,MACnB,WAAW,SAAS;AAAA,MACpB,gBAAgB,SAAS;AAAA,MACzB,UAAU,SAAS;AAAA,MACnB,cAAc,SAAS,gBAAgB,MAAM;AAAA,IAC/C,CAAC;AAAA,EACH;AAEA,MAAI,QAAQ,uBAAuB,KAAK,QAAQ,uBAAuB,QAAQ,sBAAsB;AACnG,YAAQ,WAAW;AACnB,UAAM,kBAAkB,6BAA6B;AAAA,MACnD,WAAW,QAAQ;AAAA,MACnB,gBAAgB,QAAQ;AAAA,MACxB,UAAU,QAAQ;AAAA,MAClB,qBAAqB,QAAQ;AAAA,IAC/B,CAAC;AAAA,EACH;AAEA,QAAM,MAAM,GAAG,MAAM;AACvB;AAEA,SAAS,qBAAqB,WAAmB,SAA+C;AAC9F,QAAM,gBAAgB,OAAO,QAAQ,SAAS,WAAW,QAAQ,OAAO;AACxE,QAAM,qBAAqB,OAAO,QAAQ,cAAc,WAAW,QAAQ,YAAY;AACvF,QAAM,gBAAgB,SAAS,QAAQ,IAAI,IAAI,QAAQ,OAAO;AAE9D,MAAI,iBAAiB,sBAAsB,eAAe;AACxD,WAAO;AAAA,MACL,MAAM;AAAA,MACN,WAAW;AAAA,MACX,MAAM;AAAA,IACR;AAAA,EACF;AAEA,SAAO;AAAA,IACL,MAAM;AAAA,IACN,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,IAClC,MAAM;AAAA,EACR;AACF;AAEA,SAAS,SAAS,OAAkD;AAClE,SAAO,OAAO,UAAU,YAAY,UAAU,QAAQ,CAAC,MAAM,QAAQ,KAAK;AAC5E;AAEA,SAAS,kBAAkB,QAAyB;AAClD,MAAI,UAAU,OAAO,SAAS,IAAK,QAAO;AAC1C,MAAI,WAAW,OAAO,WAAW,IAAK,QAAO;AAC7C,SAAO,UAAU;AACnB;AAEA,SAAS,mBAAmB,eAA6B;AACvD,QAAM,cAAc;AACpB,QAAM,WAAW,KAAK,MAAM,KAAK,OAAO,IAAI,GAAI;AAChD,QAAM,UAAU,cAAc,KAAK,IAAI,GAAG,KAAK,IAAI,gBAAgB,GAAG,CAAC,CAAC,IAAI;AAC5E,SAAO,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO;AACtC;",
   "names": []
 }

package/dist/modules/webhooks/lib/url-safety.js CHANGED Viewed

@@ -1,7 +1,8 @@
 import {
   assertSafeOutboundUrl,
   assertStaticallySafeOutboundUrl,
-  parseOutboundUrl
+  parseOutboundUrl,
+  safeOutboundFetch
 } from "@open-mercato/shared/lib/url-safety";
 import { parseBooleanWithDefault } from "@open-mercato/shared/lib/boolean";
 import { isPrivateIpAddress } from "@open-mercato/shared/lib/network";
@@ -37,12 +38,23 @@ async function assertSafeWebhookDeliveryUrl(rawUrl, deps = {}) {
     lookupHost: deps.lookupHost
   });
 }
+async function safeWebhookFetch(rawUrl, init = {}, deps = {}) {
+  const allowPrivate = deps.allowPrivate ?? isAllowPrivateWebhookUrlsEnabled();
+  return safeOutboundFetch(rawUrl, init, {
+    errorFactory: webhookErrorFactory,
+    subject: SUBJECT,
+    allowPrivate,
+    lookupHost: deps.lookupHost,
+    fetchImpl: deps.fetchImpl
+  });
+}
 export {
   UnsafeWebhookUrlError,
   assertSafeWebhookDeliveryUrl,
   assertStaticallySafeWebhookUrl,
   isAllowPrivateWebhookUrlsEnabled,
   isPrivateIpAddress,
-  parseWebhookUrl
+  parseWebhookUrl,
+  safeWebhookFetch
 };
 //# sourceMappingURL=url-safety.js.map

package/dist/modules/webhooks/lib/url-safety.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../src/modules/webhooks/lib/url-safety.ts"],
-  "sourcesContent": ["import {\n  assertSafeOutboundUrl,\n  assertStaticallySafeOutboundUrl,\n  parseOutboundUrl,\n  type HostLookup,\n  type UrlSafetyReason,\n} from '@open-mercato/shared/lib/url-safety'\nimport { parseBooleanWithDefault } from '@open-mercato/shared/lib/boolean'\n\nexport { isPrivateIpAddress } from '@open-mercato/shared/lib/network'\n\nconst SUBJECT = 'Webhook URL'\n\n// reason: string (not UrlSafetyReason) preserves BC per BACKWARD_COMPATIBILITY.md \u00A72\nexport class UnsafeWebhookUrlError extends Error {\n  public readonly reason: string\n\n  constructor(reason: string, message?: string) {\n    super(message ?? `Webhook URL rejected: ${reason}`)\n    this.name = 'UnsafeWebhookUrlError'\n    this.reason = reason\n  }\n}\n\nconst webhookErrorFactory = (reason: UrlSafetyReason, message: string) =>\n  new UnsafeWebhookUrlError(reason, message)\n\ntype ParsedWebhookUrl = {\n  url: URL\n  hostname: string\n}\n\nexport function parseWebhookUrl(rawUrl: string): ParsedWebhookUrl {\n  return parseOutboundUrl(rawUrl, { errorFactory: webhookErrorFactory, subject: SUBJECT })\n}\n\nexport type AssertStaticWebhookUrlDeps = {\n  allowPrivate?: boolean\n}\n\nexport function assertStaticallySafeWebhookUrl(\n  rawUrl: string,\n  deps: AssertStaticWebhookUrlDeps = {},\n): void {\n  const allowPrivate = deps.allowPrivate ?? isAllowPrivateWebhookUrlsEnabled()\n  assertStaticallySafeOutboundUrl(rawUrl, {\n    errorFactory: webhookErrorFactory,\n    subject: SUBJECT,\n    allowPrivate,\n  })\n}\n\nexport function isAllowPrivateWebhookUrlsEnabled(): boolean {\n  return parseBooleanWithDefault(process.env.OM_WEBHOOKS_ALLOW_PRIVATE_URLS, false)\n}\n\nexport type AssertSafeWebhookDeliveryDeps = {\n  lookupHost?: HostLookup\n  allowPrivate?: boolean\n}\n\nexport async function assertSafeWebhookDeliveryUrl(\n  rawUrl: string,\n  deps: AssertSafeWebhookDeliveryDeps = {},\n): Promise<void> {\n  const allowPrivate = deps.allowPrivate ?? isAllowPrivateWebhookUrlsEnabled()\n  await assertSafeOutboundUrl(rawUrl, {\n    errorFactory: webhookErrorFactory,\n    subject: SUBJECT,\n    allowPrivate,\n    lookupHost: deps.lookupHost,\n  })\n}\n"],
-  "mappings": "AAAA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OAGK;AACP,SAAS,+BAA+B;AAExC,SAAS,0BAA0B;AAEnC,MAAM,UAAU;AAGT,MAAM,8BAA8B,MAAM;AAAA,EAG/C,YAAY,QAAgB,SAAkB;AAC5C,UAAM,WAAW,yBAAyB,MAAM,EAAE;AAClD,SAAK,OAAO;AACZ,SAAK,SAAS;AAAA,EAChB;AACF;AAEA,MAAM,sBAAsB,CAAC,QAAyB,YACpD,IAAI,sBAAsB,QAAQ,OAAO;AAOpC,SAAS,gBAAgB,QAAkC;AAChE,SAAO,iBAAiB,QAAQ,EAAE,cAAc,qBAAqB,SAAS,QAAQ,CAAC;AACzF;AAMO,SAAS,+BACd,QACA,OAAmC,CAAC,GAC9B;AACN,QAAM,eAAe,KAAK,gBAAgB,iCAAiC;AAC3E,kCAAgC,QAAQ;AAAA,IACtC,cAAc;AAAA,IACd,SAAS;AAAA,IACT;AAAA,EACF,CAAC;AACH;AAEO,SAAS,mCAA4C;AAC1D,SAAO,wBAAwB,QAAQ,IAAI,gCAAgC,KAAK;AAClF;AAOA,eAAsB,6BACpB,QACA,OAAsC,CAAC,GACxB;AACf,QAAM,eAAe,KAAK,gBAAgB,iCAAiC;AAC3E,QAAM,sBAAsB,QAAQ;AAAA,IAClC,cAAc;AAAA,IACd,SAAS;AAAA,IACT;AAAA,IACA,YAAY,KAAK;AAAA,EACnB,CAAC;AACH;",
+  "sourcesContent": ["import {\n  assertSafeOutboundUrl,\n  assertStaticallySafeOutboundUrl,\n  parseOutboundUrl,\n  safeOutboundFetch,\n  type HostLookup,\n  type SafeOutboundFetchOptions,\n  type UrlSafetyReason,\n} from '@open-mercato/shared/lib/url-safety'\nimport { parseBooleanWithDefault } from '@open-mercato/shared/lib/boolean'\n\nexport { isPrivateIpAddress } from '@open-mercato/shared/lib/network'\n\nconst SUBJECT = 'Webhook URL'\n\n// reason: string (not UrlSafetyReason) preserves BC per BACKWARD_COMPATIBILITY.md \u00A72\nexport class UnsafeWebhookUrlError extends Error {\n  public readonly reason: string\n\n  constructor(reason: string, message?: string) {\n    super(message ?? `Webhook URL rejected: ${reason}`)\n    this.name = 'UnsafeWebhookUrlError'\n    this.reason = reason\n  }\n}\n\nconst webhookErrorFactory = (reason: UrlSafetyReason, message: string) =>\n  new UnsafeWebhookUrlError(reason, message)\n\ntype ParsedWebhookUrl = {\n  url: URL\n  hostname: string\n}\n\nexport function parseWebhookUrl(rawUrl: string): ParsedWebhookUrl {\n  return parseOutboundUrl(rawUrl, { errorFactory: webhookErrorFactory, subject: SUBJECT })\n}\n\nexport type AssertStaticWebhookUrlDeps = {\n  allowPrivate?: boolean\n}\n\nexport function assertStaticallySafeWebhookUrl(\n  rawUrl: string,\n  deps: AssertStaticWebhookUrlDeps = {},\n): void {\n  const allowPrivate = deps.allowPrivate ?? isAllowPrivateWebhookUrlsEnabled()\n  assertStaticallySafeOutboundUrl(rawUrl, {\n    errorFactory: webhookErrorFactory,\n    subject: SUBJECT,\n    allowPrivate,\n  })\n}\n\nexport function isAllowPrivateWebhookUrlsEnabled(): boolean {\n  return parseBooleanWithDefault(process.env.OM_WEBHOOKS_ALLOW_PRIVATE_URLS, false)\n}\n\nexport type AssertSafeWebhookDeliveryDeps = {\n  lookupHost?: HostLookup\n  allowPrivate?: boolean\n}\n\nexport async function assertSafeWebhookDeliveryUrl(\n  rawUrl: string,\n  deps: AssertSafeWebhookDeliveryDeps = {},\n): Promise<void> {\n  const allowPrivate = deps.allowPrivate ?? isAllowPrivateWebhookUrlsEnabled()\n  await assertSafeOutboundUrl(rawUrl, {\n    errorFactory: webhookErrorFactory,\n    subject: SUBJECT,\n    allowPrivate,\n    lookupHost: deps.lookupHost,\n  })\n}\n\nexport type SafeWebhookFetchDeps = {\n  lookupHost?: HostLookup\n  allowPrivate?: boolean\n  fetchImpl?: SafeOutboundFetchOptions['fetchImpl']\n}\n\n/**\n * Validates the webhook URL and performs a `fetch()` with the connection pinned to a\n * pre-validated address \u2014 defeats DNS rebinding by ensuring the validation lookup and\n * the connect lookup return the same IP. Always sets `redirect: 'manual'` unless the\n * caller overrides it.\n */\nexport async function safeWebhookFetch(\n  rawUrl: string,\n  init: RequestInit = {},\n  deps: SafeWebhookFetchDeps = {},\n): Promise<Response> {\n  const allowPrivate = deps.allowPrivate ?? isAllowPrivateWebhookUrlsEnabled()\n  return safeOutboundFetch(rawUrl, init, {\n    errorFactory: webhookErrorFactory,\n    subject: SUBJECT,\n    allowPrivate,\n    lookupHost: deps.lookupHost,\n    fetchImpl: deps.fetchImpl,\n  })\n}\n"],
+  "mappings": "AAAA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OAIK;AACP,SAAS,+BAA+B;AAExC,SAAS,0BAA0B;AAEnC,MAAM,UAAU;AAGT,MAAM,8BAA8B,MAAM;AAAA,EAG/C,YAAY,QAAgB,SAAkB;AAC5C,UAAM,WAAW,yBAAyB,MAAM,EAAE;AAClD,SAAK,OAAO;AACZ,SAAK,SAAS;AAAA,EAChB;AACF;AAEA,MAAM,sBAAsB,CAAC,QAAyB,YACpD,IAAI,sBAAsB,QAAQ,OAAO;AAOpC,SAAS,gBAAgB,QAAkC;AAChE,SAAO,iBAAiB,QAAQ,EAAE,cAAc,qBAAqB,SAAS,QAAQ,CAAC;AACzF;AAMO,SAAS,+BACd,QACA,OAAmC,CAAC,GAC9B;AACN,QAAM,eAAe,KAAK,gBAAgB,iCAAiC;AAC3E,kCAAgC,QAAQ;AAAA,IACtC,cAAc;AAAA,IACd,SAAS;AAAA,IACT;AAAA,EACF,CAAC;AACH;AAEO,SAAS,mCAA4C;AAC1D,SAAO,wBAAwB,QAAQ,IAAI,gCAAgC,KAAK;AAClF;AAOA,eAAsB,6BACpB,QACA,OAAsC,CAAC,GACxB;AACf,QAAM,eAAe,KAAK,gBAAgB,iCAAiC;AAC3E,QAAM,sBAAsB,QAAQ;AAAA,IAClC,cAAc;AAAA,IACd,SAAS;AAAA,IACT;AAAA,IACA,YAAY,KAAK;AAAA,EACnB,CAAC;AACH;AAcA,eAAsB,iBACpB,QACA,OAAoB,CAAC,GACrB,OAA6B,CAAC,GACX;AACnB,QAAM,eAAe,KAAK,gBAAgB,iCAAiC;AAC3E,SAAO,kBAAkB,QAAQ,MAAM;AAAA,IACrC,cAAc;AAAA,IACd,SAAS;AAAA,IACT;AAAA,IACA,YAAY,KAAK;AAAA,IACjB,WAAW,KAAK;AAAA,EAClB,CAAC;AACH;",
   "names": []
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@open-mercato/webhooks",
-  "version": "0.5.1-develop.2912.8d7b1fef24",
+  "version": "0.5.1-develop.2924.d13908516e",
   "description": "Webhooks module for Open Mercato — Standard Webhooks compliant outbound/inbound delivery",
   "type": "module",
   "main": "./dist/index.js",
@@ -69,18 +69,18 @@
     }
   },
   "dependencies": {
-    "@open-mercato/core": "0.5.1-develop.2912.8d7b1fef24",
-    "@open-mercato/queue": "0.5.1-develop.2912.8d7b1fef24",
-    "@open-mercato/ui": "0.5.1-develop.2912.8d7b1fef24"
+    "@open-mercato/core": "0.5.1-develop.2924.d13908516e",
+    "@open-mercato/queue": "0.5.1-develop.2924.d13908516e",
+    "@open-mercato/ui": "0.5.1-develop.2924.d13908516e"
   },
   "peerDependencies": {
     "@mikro-orm/postgresql": "^7.0.10",
-    "@open-mercato/shared": "0.5.1-develop.2912.8d7b1fef24",
+    "@open-mercato/shared": "0.5.1-develop.2924.d13908516e",
     "react": "^19.0.0",
     "react-dom": "^19.0.0"
   },
   "devDependencies": {
-    "@open-mercato/shared": "0.5.1-develop.2912.8d7b1fef24",
+    "@open-mercato/shared": "0.5.1-develop.2924.d13908516e",
     "@types/jest": "^30.0.0",
     "esbuild": "^0.28.0",
     "glob": "^13.0.6",

package/src/modules/webhooks/lib/__tests__/url-safety.test.ts CHANGED Viewed

@@ -3,6 +3,7 @@ import {
   assertStaticallySafeWebhookUrl,
   isPrivateIpAddress,
   parseWebhookUrl,
+  safeWebhookFetch,
   UnsafeWebhookUrlError,
 } from '../url-safety'
@@ -191,3 +192,54 @@ describe('url-safety — assertSafeWebhookDeliveryUrl (DNS rebinding guard)', ()
     ).rejects.toMatchObject({ reason: 'forbidden_protocol' })
   })
 })
+describe('url-safety — safeWebhookFetch', () => {
+  it('rejects DNS-rebinding hosts before any fetch attempt', async () => {
+    const fetchImpl = jest.fn() as unknown as typeof fetch
+    const lookupHost = async () => [{ address: '10.0.0.5', family: 4 }]
+    await expect(
+      safeWebhookFetch('https://rebind.evil.example/', {}, {
+        fetchImpl,
+        lookupHost,
+        allowPrivate: false,
+      }),
+    ).rejects.toBeInstanceOf(UnsafeWebhookUrlError)
+    expect(fetchImpl).not.toHaveBeenCalled()
+  })
+  it('reports the private resolved address in the error reason', async () => {
+    const fetchImpl = jest.fn() as unknown as typeof fetch
+    const lookupHost = async () => [{ address: '10.0.0.5', family: 4 }]
+    try {
+      await safeWebhookFetch('https://rebind.evil.example/', {}, {
+        fetchImpl,
+        lookupHost,
+        allowPrivate: false,
+      })
+      throw new Error('expected throw')
+    } catch (error) {
+      expect(error).toBeInstanceOf(UnsafeWebhookUrlError)
+      expect((error as UnsafeWebhookUrlError).reason).toBe('private_ip_resolved')
+    }
+  })
+  it('forwards init through fetchImpl with redirect:"manual"', async () => {
+    const fetchImpl = jest.fn(async () => new Response('ok', { status: 200 })) as unknown as typeof fetch
+    const lookupHost = async () => [{ address: '93.184.216.34', family: 4 }]
+    const response = await safeWebhookFetch(
+      'https://hooks.example.com/in',
+      { method: 'POST', body: 'payload' },
+      { fetchImpl, lookupHost, allowPrivate: false },
+    )
+    expect(response.status).toBe(200)
+    expect(fetchImpl).toHaveBeenCalledTimes(1)
+    const [, init] = (fetchImpl as unknown as jest.Mock).mock.calls[0]
+    expect(init).toEqual(
+      expect.objectContaining({
+        method: 'POST',
+        body: 'payload',
+        redirect: 'manual',
+      }),
+    )
+  })
+})

package/src/modules/webhooks/lib/delivery.ts CHANGED Viewed

@@ -5,7 +5,11 @@ import { WebhookDeliveryEntity, WebhookEntity } from '../data/entities'
 import { emitWebhooksEvent } from '../events'
 import { enqueueWebhookDelivery } from './queue'
 import { isWebhookIntegrationEnabled, WEBHOOK_INTEGRATION_DISABLED_MESSAGE } from './integration-state'
-import { assertSafeWebhookDeliveryUrl, UnsafeWebhookUrlError } from './url-safety'
+import {
+  assertSafeWebhookDeliveryUrl,
+  safeWebhookFetch,
+  UnsafeWebhookUrlError,
+} from './url-safety'
 export interface WebhookDeliveryJob {
   deliveryId: string
@@ -123,28 +127,12 @@ export async function processWebhookDeliveryJob(
   try {
     await assertSafeWebhookDeliveryUrl(webhook.url)
   } catch (error) {
-    const message = error instanceof UnsafeWebhookUrlError
-      ? error.message
-      : 'Webhook URL rejected by safety check'
-    delivery.status = 'failed'
-    delivery.errorMessage = message
-    delivery.nextRetryAt = null
-    delivery.lastAttemptAt = new Date()
-    delivery.attemptNumber += 1
-    webhook.consecutiveFailures += 1
-    webhook.lastFailureAt = new Date()
-    await em.flush()
-    await emitWebhooksEvent('webhooks.delivery.failed', {
-      deliveryId: delivery.id,
-      webhookId: webhook.id,
-      eventType: delivery.eventType,
-      errorMessage: message,
-      durationMs: 0,
-      organizationId: delivery.organizationId,
-      tenantId: delivery.tenantId,
-      willRetry: false,
+    return await recordWebhookSafetyFailure({
+      em,
+      delivery,
+      webhook,
+      error,
     })
-    return { status: delivery.status, deliveryId: delivery.id }
   }
   const bodyPayload = normalizeWebhookBody(delivery.eventType, delivery.payload)
@@ -170,19 +158,22 @@ export async function processWebhookDeliveryJob(
     const controller = new AbortController()
     const timeoutId = setTimeout(() => controller.abort(), webhook.timeoutMs)
-    const response = await fetch(webhook.url, {
-      method: webhook.httpMethod,
-      redirect: 'manual',
-      headers: {
-        'content-type': 'application/json',
-        ...headers,
-        ...(webhook.customHeaders ?? {}),
-      },
-      body,
-      signal: controller.signal,
-    })
-    clearTimeout(timeoutId)
+    let response: Response
+    try {
+      response = await safeWebhookFetch(webhook.url, {
+        method: webhook.httpMethod,
+        redirect: 'manual',
+        headers: {
+          'content-type': 'application/json',
+          ...headers,
+          ...(webhook.customHeaders ?? {}),
+        },
+        body,
+        signal: controller.signal,
+      })
+    } finally {
+      clearTimeout(timeoutId)
+    }
     delivery.attemptNumber += 1
     delivery.responseStatus = response.status
@@ -234,6 +225,20 @@ export async function processWebhookDeliveryJob(
     return { status: delivery.status, deliveryId: delivery.id }
   } catch (error) {
+    if (error instanceof UnsafeWebhookUrlError) {
+      // DNS rebinding caught between the upfront safety check and the pinned connect:
+      // the same attacker-controlled DNS would defeat retries too, so fail terminally.
+      const durationMs = Date.now() - delivery.enqueuedAt.getTime()
+      delivery.durationMs = durationMs
+      return await recordWebhookSafetyFailure({
+        em,
+        delivery,
+        webhook,
+        error,
+        durationMs,
+      })
+    }
     delivery.attemptNumber += 1
     delivery.durationMs = Date.now() - delivery.enqueuedAt.getTime()
     delivery.lastAttemptAt = new Date()
@@ -266,6 +271,45 @@ export async function processWebhookDeliveryJob(
   }
 }
+type RecordWebhookSafetyFailureInput = {
+  em: EntityManager
+  delivery: WebhookDeliveryEntity
+  webhook: WebhookEntity
+  error: unknown
+  durationMs?: number | null
+}
+async function recordWebhookSafetyFailure(
+  input: RecordWebhookSafetyFailureInput,
+): Promise<{ status: string; deliveryId: string }> {
+  const { em, delivery, webhook, error } = input
+  const message = error instanceof UnsafeWebhookUrlError
+    ? error.message
+    : 'Webhook URL rejected by safety check'
+  delivery.status = 'failed'
+  delivery.errorMessage = message
+  delivery.nextRetryAt = null
+  delivery.lastAttemptAt = new Date()
+  delivery.attemptNumber += 1
+  webhook.consecutiveFailures += 1
+  webhook.lastFailureAt = new Date()
+  await em.flush()
+  await emitWebhooksEvent('webhooks.delivery.failed', {
+    deliveryId: delivery.id,
+    webhookId: webhook.id,
+    eventType: delivery.eventType,
+    errorMessage: message,
+    durationMs: input.durationMs ?? 0,
+    organizationId: delivery.organizationId,
+    tenantId: delivery.tenantId,
+    willRetry: false,
+  })
+  return { status: delivery.status, deliveryId: delivery.id }
+}
 type HandleFailedDeliveryInput = {
   em: EntityManager
   webhook: WebhookEntity

package/src/modules/webhooks/lib/url-safety.ts CHANGED Viewed

@@ -2,7 +2,9 @@ import {
   assertSafeOutboundUrl,
   assertStaticallySafeOutboundUrl,
   parseOutboundUrl,
+  safeOutboundFetch,
   type HostLookup,
+  type SafeOutboundFetchOptions,
   type UrlSafetyReason,
 } from '@open-mercato/shared/lib/url-safety'
 import { parseBooleanWithDefault } from '@open-mercato/shared/lib/boolean'
@@ -71,3 +73,30 @@ export async function assertSafeWebhookDeliveryUrl(
     lookupHost: deps.lookupHost,
   })
 }
+export type SafeWebhookFetchDeps = {
+  lookupHost?: HostLookup
+  allowPrivate?: boolean
+  fetchImpl?: SafeOutboundFetchOptions['fetchImpl']
+}
+/**
+ * Validates the webhook URL and performs a `fetch()` with the connection pinned to a
+ * pre-validated address — defeats DNS rebinding by ensuring the validation lookup and
+ * the connect lookup return the same IP. Always sets `redirect: 'manual'` unless the
+ * caller overrides it.
+ */
+export async function safeWebhookFetch(
+  rawUrl: string,
+  init: RequestInit = {},
+  deps: SafeWebhookFetchDeps = {},
+): Promise<Response> {
+  const allowPrivate = deps.allowPrivate ?? isAllowPrivateWebhookUrlsEnabled()
+  return safeOutboundFetch(rawUrl, init, {
+    errorFactory: webhookErrorFactory,
+    subject: SUBJECT,
+    allowPrivate,
+    lookupHost: deps.lookupHost,
+    fetchImpl: deps.fetchImpl,
+  })
+}