rodrigo/iachat
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
8fab08ba57
iachat/app/controllers/webhooks
History
Rodribm10 713bb16012 feat(captain): MCP controller aceita Bearer token além de HMAC 
Hermes Agent (cliente MCP) usa `--auth header` que envia
`Authorization: Bearer <token>` — padrão MCP. Antes o Captain MCP server
só aceitava HMAC-SHA256 (X-Hub-Signature-256), incompatível com o que
Hermes manda nativamente.

Agora aceita qualquer um dos 2 modos:
- Bearer token (recomendado, padrão MCP) — Hermes envia automaticamente
- HMAC-SHA256 do body — pra clientes que preferem assinar payload

Ambos validados com ActiveSupport::SecurityUtils.secure_compare contra
o mesmo CAPTAIN_MCP_SECRET. Sem secret = validação desabilitada (PoC/dev).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-01 15:42:57 -03:00
..
captain feat(captain): MCP controller aceita Bearer token além de HMAC 2026-05-01 15:42:57 -03:00
instagram_controller.rb fix: Add delay to instagram/messenger echo events to prevent duplicate messages (#12032) 2025-07-24 21:11:02 +04:00
line_controller.rb feat: Line Channel (#2904) 2021-09-11 01:31:17 +05:30
shopify_controller.rb feat(shopify): Add mandatory compliance webhooks with HMAC verification (#13549) 2026-02-17 16:52:13 +05:30
sms_controller.rb chore: Provider APIs for SMS Channel - Bandwidth (#3889) 2022-02-03 15:22:13 -08:00
telegram_controller.rb feat: Telegram Channel (#2901) 2021-09-10 00:00:52 +05:30
tiktok_controller.rb feat: TikTok channel (#12741) 2025-12-17 07:54:50 -08:00
whatsapp_controller.rb Fix Wuzapi webhook handling 2026-02-26 10:49:00 -03:00
wuzapi_controller.rb chore(style): fix rubocop offenses and update typing indicators 2026-02-25 15:06:58 -03:00