feat: enable multiple webhook secrets for APP_WEBHOOK

packages/pieces/community/framework/package.json

@@ -1,5 +1,5 @@
 {
   "name": "@activepieces/pieces-framework",
-  "version": "0.7.42",
+  "version": "0.7.43",
   "type": "commonjs"
 }

packages/pieces/community/framework/src/lib/piece.ts

@@ -100,7 +100,7 @@ type CreatePieceParams<
 type PieceEventProcessors = {
   parseAndReply: (ctx: { payload: EventPayload }) => ParseEventResponse;
   verify: (ctx: {
-    webhookSecret: string;
+    webhookSecret: string | Record<string, string>;
     payload: EventPayload;
     appWebhookUrl: string;
   }) => boolean;

packages/pieces/community/intercom/package.json

@@ -1,4 +1,4 @@
 {
   "name": "@activepieces/piece-intercom",
-  "version": "0.4.6"
+  "version": "0.4.7"
 }

packages/pieces/community/intercom/src/index.ts

@@ -97,7 +97,17 @@ export const intercom = createPiece({
     },
     verify: ({ payload, webhookSecret }) => {
       const signature = payload.headers['x-hub-signature'];
-      const hmac = crypto.createHmac('sha1', webhookSecret);
+      let hmac: crypto.Hmac;
+      if (typeof webhookSecret === 'string') {
+        hmac = crypto.createHmac('sha1', webhookSecret);
+      } else {
+        const app_id = (payload.body as PayloadBody).app_id;
+        const webhookSecrets = webhookSecret as Record<string, string>;
+        if (!(app_id in webhookSecrets)) {
+          return false;
+        }
+        hmac = crypto.createHmac('sha1', webhookSecrets[app_id]);
+      }
       hmac.update(`${payload.rawBody}`);
       const computedSignature = `sha1=${hmac.digest('hex')}`;
       return signature === computedSignature;

packages/pieces/community/slack/package.json

@@ -1,4 +1,4 @@
 {
   "name": "@activepieces/piece-slack",
-  "version": "0.7.10"
+  "version": "0.7.11"
 }

packages/pieces/community/slack/src/index.ts

@@ -86,7 +86,7 @@ export const slack = createPiece({
       const timestamp = payload.headers['x-slack-request-timestamp'];
       const signature = payload.headers['x-slack-signature'];
       const signatureBaseString = `v0:${timestamp}:${payload.rawBody}`;
-      const hmac = crypto.createHmac('sha256', webhookSecret);
+      const hmac = crypto.createHmac('sha256', webhookSecret as string);
       hmac.update(signatureBaseString);
       const computedSignature = `v0=${hmac.digest('hex')}`;
       return signature === computedSignature;

packages/pieces/community/square/package.json

@@ -1,4 +1,4 @@
 {
   "name": "@activepieces/piece-square",
-  "version": "0.3.4"
-}
+  "version": "0.3.5"
+}

packages/pieces/community/square/src/index.ts

@@ -35,7 +35,7 @@ export const square = createPiece({
   events: {
     verify: ({ webhookSecret, payload, appWebhookUrl }) => {
       const signature = payload.headers['x-square-hmacsha256-signature'];
-      const hmac = crypto.createHmac('sha256', webhookSecret);
+      const hmac = crypto.createHmac('sha256', webhookSecret as string);
       hmac.update(appWebhookUrl + payload.rawBody);
       const hash = hmac.digest('base64');
       return hash === signature;

packages/server/shared/src/lib/webhook-secrets-util.ts

@@ -1,6 +1,13 @@
-import { assertNotNullOrUndefined, FlowVersion, isNil, parseToJsonIfPossible } from '@activepieces/shared'
+import {
+    assertNotNullOrUndefined,
+    FlowVersion,
+    isNil,
+    parseToJsonIfPossible,
+} from '@activepieces/shared'
 
-let webhookSecrets: Record<string, { webhookSecret: string }> | undefined = undefined
+let webhookSecrets:
+| Record<string, { webhookSecret: string | Record<string, string> }>
+| undefined = undefined
 
 export const webhookSecretsUtils = {
     init,
@@ -13,18 +20,35 @@ async function init(_webhookSecrets: string) {
     webhookSecrets = parsed
 }
 
-function parseWebhookSecrets(webhookSecrets: string): Record<string, { webhookSecret: string }> {
-    return parseToJsonIfPossible(webhookSecrets) as Record<string, { webhookSecret: string }> | undefined ?? {}
+function parseWebhookSecrets(webhookSecrets: string): Record<
+string,
+{
+    webhookSecret: string | Record<string, string>
+}
+> {
+    return (
+        (parseToJsonIfPossible(webhookSecrets) as
+      | Record<
+      string,
+      {
+          webhookSecret: string | Record<string, string>
+      }
+      >
+      | undefined) ?? {}
+    )
 }
 
 async function getWebhookSecret(
     flowVersion: FlowVersion,
-): Promise<string | undefined> {
+): Promise<string | Record<string, string> | undefined> {
     const appName = flowVersion.trigger.settings.pieceName
     if (!appName) {
         return undefined
     }
-    assertNotNullOrUndefined(webhookSecrets, 'Webhook secrets are not initialized')
+    assertNotNullOrUndefined(
+        webhookSecrets,
+        'Webhook secrets are not initialized',
+    )
     const appConfig = webhookSecrets[appName]
     if (isNil(appConfig)) {
         return undefined

packages/server/worker/package.json

@@ -5,7 +5,7 @@
   "main": "./src/index.js",
   "typings": "./src/index.d.ts",
   "dependencies": {
-    "@activepieces/pieces-framework": "0.7.42",
+    "@activepieces/pieces-framework": "0.7.43",
     "@activepieces/server-shared": "0.0.1",
     "@activepieces/shared": "0.10.146",
     "async-mutex": "0.4.0",

packages/server/worker/src/lib/utils/machine.ts

@@ -97,6 +97,7 @@ function appendSlashAndApi(url: string): string {
     return `${url}${slash}api/`
 }
 
+
 async function getContainerMemoryUsage() {
     const memLimitPath = '/sys/fs/cgroup/memory/memory.limit_in_bytes'
     const memUsagePath = '/sys/fs/cgroup/memory/memory.usage_in_bytes'

packages/shared/package.json

@@ -2,4 +2,4 @@
   "name": "@activepieces/shared",
   "version": "0.10.146",
   "type": "commonjs"
-}
+}

packages/shared/src/lib/engine/engine-operation.ts

@@ -99,7 +99,7 @@ export type ExecuteTriggerOperation<HT extends TriggerHookType> = BaseEngineOper
     webhookUrl: string
     triggerPayload?: TriggerPayload
     appWebhookUrl?: string
-    webhookSecret?: string
+    webhookSecret?: string | Record<string, string>
 }