feature (Numbers/Webhooks): Support webhook calls validation for serv…

…er template
sinch · Jul 24, 2024 · abfe850 · abfe850
1 parent 22f77f5
commit abfe850
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 1 deletion.
diff --git a/templates/server/src/main/java/com/mycompany/app/numbers/Controller.java b/templates/server/src/main/java/com/mycompany/app/numbers/Controller.java
@@ -3,19 +3,35 @@
 import com.sinch.sdk.SinchClient;
 import com.sinch.sdk.domains.numbers.api.v1.WebHooksService;
 import com.sinch.sdk.domains.numbers.models.v1.webhooks.NumberEvent;
+import java.util.Map;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestHeader;
 import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.server.ResponseStatusException;
 
 @RestController("Numbers")
 public class Controller {
 
   private final SinchClient sinchClient;
   private final ServerBusinessLogic webhooksBusinessLogic;
 
+  /**
+   * The secret value used for webhook calls validation have to equals to the one configured at
+   * number property (HmacSecret).
+   *
+   * @see <a
+   *     href="https://developers.sinch.com/java-sdk/apidocs/com/sinch/sdk/domains/numbers/api/v1/CallbackConfigurationService.html#update(com.sinch.sdk.domains.numbers.models.v1.callbacks.request.CallbackConfigurationUpdateRequest)">update
+   *     function Javadoc</a>
+   */
+  @Value("${numbers.webhooks.secret}")
+  private String webhooksSecret;
+
   @Autowired
   public Controller(SinchClient sinchClient, ServerBusinessLogic webhooksBusinessLogic) {
     this.sinchClient = sinchClient;
@@ -26,10 +42,25 @@ public Controller(SinchClient sinchClient, ServerBusinessLogic webhooksBusinessL
       value = "/NumbersEvent",
       consumes = MediaType.APPLICATION_JSON_VALUE,
       produces = MediaType.APPLICATION_JSON_VALUE)
-  public ResponseEntity<Void> NumbersEvent(@RequestBody String body) {
+  public ResponseEntity<Void> NumbersEvent(
+      @RequestHeader Map<String, String> headers, @RequestBody String body) {
 
     WebHooksService webhooks = sinchClient.numbers().v1().webhooks();
 
+    // ensure valid authentication to handle request
+    var validAuth =
+        webhooks.validateAuthenticationHeader(
+            webhooksSecret,
+            // request headers
+            headers,
+            // request payload body
+            body);
+
+    // token validation failed
+    if (!validAuth) {
+      throw new ResponseStatusException(HttpStatus.UNAUTHORIZED);
+    }
+
     // decode the request payload
     NumberEvent event = webhooks.parseEvent(body);
 

diff --git a/templates/server/src/main/resources/application.yaml b/templates/server/src/main/resources/application.yaml
@@ -20,3 +20,6 @@ credentials:
   # - Voice
   application-api-key:
   application-api-secret: 
+
+# Secret value set for Numbers webhooks calls validation
+numbers.webhooks.secret: