nodebb-plugin-onekite-calendar 2.0.93 → 2.0.94
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/shared.js +0 -1
- package/library.js +2 -10
- package/package.json +1 -1
package/lib/shared.js
CHANGED
package/library.js
CHANGED
|
@@ -127,24 +127,16 @@ Plugin.init = async function (params) {
|
|
|
127
127
|
// Purge outings by year
|
|
128
128
|
router.post(`${adminBase}/outings/purge`, ...adminMws, admin.purgeOutingsByYear);
|
|
129
129
|
|
|
130
|
-
// HelloAsso
|
|
131
|
-
// - Only accepts POST
|
|
130
|
+
// HelloAsso webhook endpoint (hardened)
|
|
132
131
|
// - Verifies x-ha-signature (HMAC SHA-256) using the configured client secret
|
|
133
|
-
// - Basic replay protection
|
|
134
|
-
// NOTE: we capture the raw body for signature verification.
|
|
132
|
+
// - Basic replay protection; raw body captured for signature verification
|
|
135
133
|
const helloassoJson = bodyParser.json({
|
|
136
134
|
verify: (req, _res, buf) => {
|
|
137
135
|
req.rawBody = buf;
|
|
138
136
|
},
|
|
139
137
|
type: ['application/json', 'application/*+json'],
|
|
140
138
|
});
|
|
141
|
-
// Accept webhook on both legacy root path and namespaced plugin path.
|
|
142
|
-
// Some reverse proxies block unknown root paths, so /plugins/... is recommended.
|
|
143
|
-
router.post('/helloasso', helloassoJson, helloassoWebhook.handler);
|
|
144
139
|
router.post('/plugins/calendar-onekite/helloasso', helloassoJson, helloassoWebhook.handler);
|
|
145
|
-
|
|
146
|
-
// Optional: health checks
|
|
147
|
-
router.get('/helloasso', (req, res) => res.json({ ok: true }));
|
|
148
140
|
router.get('/plugins/calendar-onekite/helloasso', (req, res) => res.json({ ok: true }));
|
|
149
141
|
|
|
150
142
|
scheduler.start();
|
package/package.json
CHANGED