feat(revalidate): accept X-Webhook-Secret header for RustyCMS webhooks
RustyCMS now sends its optional shared secret as X-Webhook-Secret. Keep existing X-Revalidate-Token + ?token= query param for compatibility.
This commit is contained in:
@@ -7,7 +7,8 @@ import { invalidateAll, invalidateCollection } from '$lib/cms';
|
|||||||
* RustyCMS Webhook Receiver.
|
* RustyCMS Webhook Receiver.
|
||||||
*
|
*
|
||||||
* Erwartet Payload mit `event` (z.B. "content.updated") und optional `collection` + `slug`.
|
* Erwartet Payload mit `event` (z.B. "content.updated") und optional `collection` + `slug`.
|
||||||
* Auth via X-Revalidate-Token Header (shared secret aus REVALIDATE_TOKEN env var).
|
* Auth via X-Revalidate-Token Header, X-Webhook-Secret Header oder ?token=…
|
||||||
|
* Query-Param (shared secret aus REVALIDATE_TOKEN env var).
|
||||||
* Purged TTL-Cache: per-collection wenn collection bekannt, sonst komplett.
|
* Purged TTL-Cache: per-collection wenn collection bekannt, sonst komplett.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
@@ -24,7 +25,9 @@ export const POST: RequestHandler = async ({ request, url }) => {
|
|||||||
throw error(500, 'REVALIDATE_TOKEN not configured');
|
throw error(500, 'REVALIDATE_TOKEN not configured');
|
||||||
}
|
}
|
||||||
const provided =
|
const provided =
|
||||||
request.headers.get('x-revalidate-token') ?? url.searchParams.get('token');
|
request.headers.get('x-revalidate-token') ??
|
||||||
|
request.headers.get('x-webhook-secret') ??
|
||||||
|
url.searchParams.get('token');
|
||||||
if (provided !== token) {
|
if (provided !== token) {
|
||||||
throw error(401, 'invalid token');
|
throw error(401, 'invalid token');
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user