LightningWeb.Plugs.WebhookAuth (Lightning v2.14.5-pre1)
View SourceA Plug to authenticate and authorize requests based on paths starting with '/i/'. It verifies the presence of correct API keys or Basic Authentication credentials.
Summary
Functions
@spec call(Plug.Conn.t(), any()) :: Plug.Conn.t()
Handles webhook auth for /i/:webhook
requests.
CORS preflight: If the request method is
OPTIONS
, this plug is a no-op and returns the connection unchanged so upstream CORS handling can respond. This avoids doing DB lookups or emitting 401/404 on preflight requests.Auth flow: For non-
OPTIONS
requests whose path matches/i/:webhook
, this plug:- Looks up the webhook trigger (with
workflow
andedges
) and itswebhook_auth_methods
, wrapped inLightning.Retry.with_webhook_retry/2
so transient DB errors are retried. - If the trigger is missing → responds 404
{"error":"webhook_not_found"}
. - If auth methods are configured:
- If credentials match → assigns
:trigger
and continues. - If credentials are present but wrong → responds 404 (hide existence).
- If credentials are missing → responds 401.
- If credentials match → assigns
- If retries exhaust due to DB issues → responds 503 with
Retry-After
based onWEBHOOK_RETRY_TIMEOUT_MS
.
- Looks up the webhook trigger (with
Returns the (possibly halted) connection.
Initializes the options.