feat: Enterprise-grade Resilient Webhook Dispatcher with HMAC Signature#2154
Open
Ingenieralejo wants to merge 1 commit intoOpenSignLabs:stagingfrom
Open
feat: Enterprise-grade Resilient Webhook Dispatcher with HMAC Signature#2154Ingenieralejo wants to merge 1 commit intoOpenSignLabs:stagingfrom
Ingenieralejo wants to merge 1 commit intoOpenSignLabs:stagingfrom
Conversation
|
@Ingenieralejo is attempting to deploy a commit to the prafull 's projects Team on Vercel. A member of the Team first needs to authorize it. |
Add webhookDispatcher.js to send secure, reliable webhook events
from OpenSignServer to user-configured endpoints.
Key improvements over a naive HTTP call:
- **HMAC-SHA256 signature** (X-OpenSign-Signature) on every payload,
allowing receiving servers to verify authenticity and prevent MITM/
replay attacks.
- **Smart exponential backoff** (2 s → 4 s → 8 s): retries on network
failures and 5xx errors; drops 4xx immediately to avoid wasting CPU
on permanent client-side misconfigurations.
- **Idempotency-Key** header (os_evt_{eventId}_attempt_{n}) so
receiving servers can safely deduplicate retries and prevent double
processing (e.g., a document being 'signed' twice on network glitch).
- **Structured result object** with success, �ttempts, statusCode,
error, and isRetryable — enabling callers to log and audit every
delivery outcome.
Files added:
- �pps/OpenSignServer/cloud/parsefunction/webhookDispatcher.js
Core dispatcher module. Pure ESM, zero new dependencies (uses axios
already present in OpenSignServer and Node.js built-in crypto).
- �pps/OpenSignServer/spec/webhookDispatcher.test.js
16-case Jest test suite covering: signature integrity, determinism,
successful delivery, header correctness, 5xx smart retry, network
timeout retry, 429 retry, non-retryable 4xx blocking (6 status codes),
MAX_RETRIES exhaustion, and idempotency key increment per attempt.
Author
|
Updated: enterprise webhook dispatcher - HMAC-SHA256 + smart retry + idempotency. Files now at correct paths: apps/OpenSignServer/cloud/parsefunction/webhookDispatcher.js + apps/OpenSignServer/spec/webhookDispatcher.test.js |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
… Dispatcher with HMAC Signaturervice for webhook handling