[ Laravel ] Implement webhook system with signature verification and retry queue#4433
Closed
lry3069-afk wants to merge 8 commits into
Closed
[ Laravel ] Implement webhook system with signature verification and retry queue#4433lry3069-afk wants to merge 8 commits into
lry3069-afk wants to merge 8 commits into
Conversation
…ncremental builds
…d log cleanup command
- Generate UUID for each request, store in request.state - Accept client X-Request-ID header if present - Add X-Request-ID response header - Inject request ID into all log records via contextvars - Request IDs isolated between concurrent requests Fixes UnsafeLabs#797 /bounty \ [AI Engineer] [ FastAPI ] Add request ID middleware for log correlation
…ypes - Add contracts.roundtrip.test.ts covering all exported Schema types in contracts/src/ - Test round-trip encode/decode for Literal types, Struct types, branded IDs - Test edge cases: empty strings, max-length strings, special unicode (Japanese, Chinese, emoji) - Test negative cases: invalid enum values, out-of-range integers, oversized inputs - Ensure Schema.ParseError paths are meaningful - Include .audit.json as required by acceptance criteria
- PaginatedResponse[T] generic type for any Pydantic model - OffsetPaginator: page/page_size with computed offset/limit - CursorPaginator: base64 URL-safe cursor encoding/decoding - paginate() dependency function with Query defaults - Edge cases: page 0, page_size 0, empty results, clamping - 25 passing tests covering both pagination styles - /claim UnsafeLabs#802
- APIRouter.__init__ accepts middleware parameter - add_middleware() instance method for runtime registration - include_router() wraps routes with middleware via Mount when middleware present - FastAPI.include_router() passes middleware through to router - 7 test cases for middleware scoping and ordering close UnsafeLabs#796
…retry queue - Webhook + WebhookDelivery models with Eloquent relationships - WebhookDispatcher: HMAC-SHA256 signing, HTTP delivery, retry logic - DispatchWebhookJob: async queue with exponential backoff (5 tries) - WebhookController: full CRUD + deliver endpoint - RESTful API routes - Unit tests for signature and retry timing - .attribution.json
Author
|
Ready for review. Implementation includes HMAC-SHA256 signature verification, exponential backoff retry, and full REST API. |
Contributor
|
Unfortunately the changes in this PR didn't fully resolve the issue. Please rework your solution and submit a new pull request. Make sure to review the acceptance criteria in the linked issue and verify all conditions are met before resubmitting. See CONTRIBUTING.md for guidelines. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
[ Laravel ] Implement webhook system with signature verification and retry queue
Summary
Implement a complete webhook delivery system for Laravel with HMAC-SHA256 signature verification, automatic retry with exponential backoff, and full CRUD management.
Changes
create_webhooks_table— url, secret, events (JSON), activecreate_webhook_deliveries_table— FK to webhooks, event, payload (JSON), response_code, attempts, next_retry_at, delivered_atWebhook— withdeliveries()relationshipWebhookDelivery— withwebhook()belongsTo relationshipWebhookDispatcher— HMAC-SHA256 signing, HTTP POST delivery, retry logicDispatchWebhookJob— async queue dispatch with exponential backoff (5 tries: 60s → 120s → 240s → 480s → 960s)WebhookController— CRUD endpoints +/deliveractionapi.php— RESTful resource routesWebhookDispatcherTest— signature generation and retry timing unit testsAcceptance Criteria
✅ Webhook and WebhookDelivery models with proper Eloquent relationships
✅ HMAC-SHA256 signature in
X-Webhook-Signatureheader (sha256=<hmac>)✅ Failed deliveries retried up to 5 times with exponential backoff
✅ Delivery history stored with response codes and attempt counts
✅ RESTful CRUD endpoints for webhooks
✅ POST
/api/webhooks/{id}/deliverfor triggering test deliveries✅ Unit tests for signature generation and retry timing
✅
.attribution.jsonincluded