grant/keysat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6ac118ae7017bd42147f24a16acaff90243328a5
keysat/startos/actions/registerWebhook.ts
T
Grant 6ac118ae70 v0.1.0:24 — Keysat licensing service end-to-end 
Daemon, StartOS wrapper, admin SPA, public buy/thank-you pages,
discount codes, free-license redemption, Apply-discount UX,
self-licensing, and v0.1.0 release notes.
2026-05-07 10:33:39 -05:00

109 lines
3.5 KiB
TypeScript
Raw Blame History

// Action: register an outbound webhook subscriber.
//
// After registration, Keysat will POST signed JSON bodies to the URL when
// relevant events fire (license.issued, license.revoked, machine.activated,
// machine.deactivated, invoice.settled, etc.). Signatures use HMAC-SHA256
// over the body, carried in the `X-Keysat-Signature` header as
// `sha256=<hex>` — same shape as BTCPay's outbound hooks.
import { sdk } from '../sdk'
import { store } from '../fileModels/store'
import { adminCall, LICENSING_URL } from '../utils'
const { InputSpec, Value } = sdk
const input = InputSpec.of({
url: Value.text({
name: 'Webhook URL',
description: 'HTTPS endpoint that will receive POSTed event bodies.',
required: true,
default: null,
patterns: [{ regex: '^https?://', description: 'must be an HTTP(S) URL' }],
}),
event_types: Value.text({
name: 'Event types',
description:
'Comma-separated list of events to subscribe to, or "*" for all. ' +
'E.g., "license.issued,license.revoked". Known events: license.issued, ' +
'license.revoked, license.suspended, license.unsuspended, ' +
'machine.activated, machine.deactivated, invoice.settled.',
required: true,
default: '*',
}),
description: Value.text({
name: 'Description',
description: 'Free-form label, shown in the admin list.',
required: false,
default: null,
}),
})
export const registerWebhook = sdk.Action.withInput(
'register-webhook',
async () => ({
name: 'Register webhook endpoint',
description:
'Tell Keysat to POST signed event notifications to an HTTPS URL you ' +
'control. A fresh HMAC secret is generated and shown once — save it.',
warning:
'The HMAC secret is returned in plaintext exactly once, on creation. ' +
'If you lose it, you will need to delete and recreate the endpoint.',
allowedStatuses: 'only-running',
group: 'Webhooks',
visibility: 'enabled',
}),
input,
async () => null,
async ({ effects: _effects, input: formInput }) => {
const storeData = await store.read().once()
if (!storeData) throw new Error('Store not initialized — restart the service.')
const eventTypes = formInput.event_types
.split(',')
.map((s) => s.trim())
.filter((s) => s.length > 0)
if (eventTypes.length === 0) {
throw new Error('Provide at least one event type (or "*" for all).')
}
const resp = await adminCall(
LICENSING_URL,
storeData.admin_api_key,
'/v1/admin/webhook-endpoints',
{
method: 'POST',
body: JSON.stringify({
url: formInput.url,
event_types: eventTypes,
description: formInput.description ?? '',
}),
},
)
if (!resp.ok) {
throw new Error(`Register webhook failed: HTTP ${resp.status}${await resp.text()}`)
}
const ep = (await resp.json()) as {
id: string
url: string
secret: string
event_types: string[]
}
return {
version: '1',
title: 'Webhook registered',
message:
`Registered webhook endpoint (id ${ep.id}).\n` +
`URL: ${ep.url}\n` +
`Events: ${ep.event_types.join(', ')}\n\n` +
`Save the HMAC secret shown below — it will not be displayed again.\n\n` +
`Verify incoming requests with header X-Keysat-Signature: sha256=<hex> ` +
`(HMAC-SHA256 of the raw request body using this secret).`,
result: {
type: 'single',
value: ep.secret,
copyable: true,
qr: false,
masked: true,
},
}
},
)
Reference in New Issue View Git Blame Copy Permalink