feat(revalidate): accept X-Webhook-Secret header for RustyCMS webhooks
RustyCMS now sends its optional shared secret as X-Webhook-Secret. Keep existing X-Revalidate-Token + ?token= query param for compatibility.
This commit is contained in:
@@ -7,7 +7,8 @@ import { invalidateAll, invalidateCollection } from '$lib/cms';
|
||||
* RustyCMS Webhook Receiver.
|
||||
*
|
||||
* Erwartet Payload mit `event` (z.B. "content.updated") und optional `collection` + `slug`.
|
||||
* Auth via X-Revalidate-Token Header (shared secret aus REVALIDATE_TOKEN env var).
|
||||
* Auth via X-Revalidate-Token Header, X-Webhook-Secret Header oder ?token=…
|
||||
* Query-Param (shared secret aus REVALIDATE_TOKEN env var).
|
||||
* Purged TTL-Cache: per-collection wenn collection bekannt, sonst komplett.
|
||||
*/
|
||||
|
||||
@@ -24,7 +25,9 @@ export const POST: RequestHandler = async ({ request, url }) => {
|
||||
throw error(500, 'REVALIDATE_TOKEN not configured');
|
||||
}
|
||||
const provided =
|
||||
request.headers.get('x-revalidate-token') ?? url.searchParams.get('token');
|
||||
request.headers.get('x-revalidate-token') ??
|
||||
request.headers.get('x-webhook-secret') ??
|
||||
url.searchParams.get('token');
|
||||
if (provided !== token) {
|
||||
throw error(401, 'invalid token');
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user