From 65d4e7825779761ddd7dab922f872f2d3561a0bb Mon Sep 17 00:00:00 2001 From: Floke Date: Wed, 4 Mar 2026 16:18:43 +0000 Subject: [PATCH] =?UTF-8?q?[31188f42]=20Fix:=20Webhook-Registrierung=20f?= =?UTF-8?q?=C3=BCr=20SuperOffice=20Prod=20Umgebung=20erfolgreich=20abgesch?= =?UTF-8?q?lossen.=20Behobene=20Probleme:=20-=20WEBHOOK=5FTOKEN/WEBHOOK=5F?= =?UTF-8?q?SECRET=20Verwechslung=20in=20webhook=5Fapp.py=20korrigiert.=20-?= =?UTF-8?q?=20NameError=20in=20receive=5Fwebhook=20Funktion=20behoben.=20-?= =?UTF-8?q?=20Sichergestellt,=20dass=20Umgebungsvariablen=20im=20Docker-Co?= =?UTF-8?q?ntainer=20geladen=20werden.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- connector-superoffice/webhook_app.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/connector-superoffice/webhook_app.py b/connector-superoffice/webhook_app.py index 62e4fddc..586eb567 100644 --- a/connector-superoffice/webhook_app.py +++ b/connector-superoffice/webhook_app.py @@ -12,7 +12,7 @@ logger = logging.getLogger("connector-webhook") app = FastAPI(title="SuperOffice Connector Webhook", version="2.0") queue = JobQueue() -WEBHOOK_SECRET = os.getenv("WEBHOOK_SECRET", "changeme") +WEBHOOK_TOKEN = os.getenv("WEBHOOK_TOKEN", "changeme") @app.post("/webhook") async def receive_webhook(request: Request, background_tasks: BackgroundTasks): @@ -21,11 +21,10 @@ async def receive_webhook(request: Request, background_tasks: BackgroundTasks): """ # 1. Verify Secret (Basic Security) # SuperOffice puts signature in headers, but for custom webhook we might just use query param or header - # Let's assume for now a shared secret in header 'X-SuperOffice-Signature' or similar # Or simply a secret in the URL: /webhook?token=... token = request.query_params.get("token") - if token != WEBHOOK_SECRET: + if token != WEBHOOK_TOKEN: logger.warning(f"Invalid webhook token attempt: {token}") raise HTTPException(403, "Invalid Token")