Restructure omni services and add Chatwoot research snapshot

2026-02-21 11:11:27 +07:00
parent edea7a0034
commit b73babbbf6
7732 changed files with 978203 additions and 32 deletions
--- a/research/chatwoot/app/controllers/webhooks/instagram_controller.rb
+++ b/research/chatwoot/app/controllers/webhooks/instagram_controller.rb
@@ -0,0 +1,42 @@
+class Webhooks::InstagramController < ActionController::API
+  include MetaTokenVerifyConcern
+
+  def events
+    Rails.logger.info('Instagram webhook received events')
+    if params['object'].casecmp('instagram').zero?
+      entry_params = params.to_unsafe_hash[:entry]
+
+      if contains_echo_event?(entry_params)
+        # Add delay to prevent race condition where echo arrives before send message API completes
+        # This avoids duplicate messages when echo comes early during API processing
+        ::Webhooks::InstagramEventsJob.set(wait: 2.seconds).perform_later(entry_params)
+      else
+        ::Webhooks::InstagramEventsJob.perform_later(entry_params)
+      end
+
+      render json: :ok
+    else
+      Rails.logger.warn("Message is not received from the instagram webhook event: #{params['object']}")
+      head :unprocessable_entity
+    end
+  end
+
+  private
+
+  def contains_echo_event?(entry_params)
+    return false unless entry_params.is_a?(Array)
+
+    entry_params.any? do |entry|
+      # Check messaging array for echo events
+      messaging_events = entry[:messaging] || []
+      messaging_events.any? { |messaging| messaging.dig(:message, :is_echo).present? }
+    end
+  end
+
+  def valid_token?(token)
+    # Validates against both IG_VERIFY_TOKEN (Instagram channel via Facebook page) and
+    # INSTAGRAM_VERIFY_TOKEN (Instagram channel via direct Instagram login)
+    token == GlobalConfigService.load('IG_VERIFY_TOKEN', '') ||
+      token == GlobalConfigService.load('INSTAGRAM_VERIFY_TOKEN', '')
+  end
+end
--- a/research/chatwoot/app/controllers/webhooks/line_controller.rb
+++ b/research/chatwoot/app/controllers/webhooks/line_controller.rb
@@ -0,0 +1,6 @@
+class Webhooks::LineController < ActionController::API
+  def process_payload
+    Webhooks::LineEventsJob.perform_later(params: params.to_unsafe_hash, signature: request.headers['x-line-signature'], post_body: request.raw_post)
+    head :ok
+  end
+end
--- a/research/chatwoot/app/controllers/webhooks/shopify_controller.rb
+++ b/research/chatwoot/app/controllers/webhooks/shopify_controller.rb
@@ -0,0 +1,35 @@
+class Webhooks::ShopifyController < ActionController::API
+  before_action :verify_hmac!
+
+  def events
+    case request.headers['X-Shopify-Topic']
+    when 'shop/redact'
+      handle_shop_redact
+    end
+
+    head :ok
+  end
+
+  private
+
+  def verify_hmac!
+    secret = GlobalConfigService.load('SHOPIFY_CLIENT_SECRET', nil)
+    return head :unauthorized if secret.blank?
+
+    data = request.body.read
+    request.body.rewind
+
+    hmac_header = request.headers['X-Shopify-Hmac-SHA256']
+    return head :unauthorized if hmac_header.blank?
+
+    computed = Base64.strict_encode64(OpenSSL::HMAC.digest('SHA256', secret, data))
+    return head :unauthorized unless ActiveSupport::SecurityUtils.secure_compare(computed, hmac_header)
+  end
+
+  def handle_shop_redact
+    shop_domain = params[:shop_domain]
+    return if shop_domain.blank?
+
+    Integrations::Hook.where(app_id: 'shopify', reference_id: shop_domain).destroy_all
+  end
+end
--- a/research/chatwoot/app/controllers/webhooks/sms_controller.rb
+++ b/research/chatwoot/app/controllers/webhooks/sms_controller.rb
@@ -0,0 +1,6 @@
+class Webhooks::SmsController < ActionController::API
+  def process_payload
+    Webhooks::SmsEventsJob.perform_later(params['_json']&.first&.to_unsafe_hash)
+    head :ok
+  end
+end
--- a/research/chatwoot/app/controllers/webhooks/telegram_controller.rb
+++ b/research/chatwoot/app/controllers/webhooks/telegram_controller.rb
@@ -0,0 +1,6 @@
+class Webhooks::TelegramController < ActionController::API
+  def process_payload
+    Webhooks::TelegramEventsJob.perform_later(params.to_unsafe_hash)
+    head :ok
+  end
+end
--- a/research/chatwoot/app/controllers/webhooks/tiktok_controller.rb
+++ b/research/chatwoot/app/controllers/webhooks/tiktok_controller.rb
@@ -0,0 +1,53 @@
+class Webhooks::TiktokController < ActionController::API
+  before_action :verify_signature!
+
+  def events
+    event = JSON.parse(request_payload)
+    if echo_event?
+      # Add delay to prevent race condition where echo arrives before send message API completes
+      # This avoids duplicate messages when echo comes early during API processing
+      ::Webhooks::TiktokEventsJob.set(wait: 2.seconds).perform_later(event)
+    else
+      ::Webhooks::TiktokEventsJob.perform_later(event)
+    end
+
+    head :ok
+  end
+
+  private
+
+  def request_payload
+    @request_payload ||= request.body.read
+  end
+
+  def verify_signature!
+    signature_header = request.headers['Tiktok-Signature']
+    client_secret = GlobalConfigService.load('TIKTOK_APP_SECRET', nil)
+    received_timestamp, received_signature = extract_signature_parts(signature_header)
+
+    return head :unauthorized unless client_secret && received_timestamp && received_signature
+
+    signature_payload = "#{received_timestamp}.#{request_payload}"
+    computed_signature = OpenSSL::HMAC.hexdigest('SHA256', client_secret, signature_payload)
+
+    return head :unauthorized unless ActiveSupport::SecurityUtils.secure_compare(computed_signature, received_signature)
+
+    # Check timestamp delay (acceptable delay: 5 seconds)
+    current_timestamp = Time.current.to_i
+    delay = current_timestamp - received_timestamp
+
+    return head :unauthorized if delay > 5
+  end
+
+  def extract_signature_parts(signature_header)
+    return [nil, nil] if signature_header.blank?
+
+    keys = signature_header.split(',')
+    signature_parts = keys.map { |part| part.split('=') }.to_h
+    [signature_parts['t']&.to_i, signature_parts['s']]
+  end
+
+  def echo_event?
+    params[:event] == 'im_send_msg'
+  end
+end
--- a/research/chatwoot/app/controllers/webhooks/whatsapp_controller.rb
+++ b/research/chatwoot/app/controllers/webhooks/whatsapp_controller.rb
@@ -0,0 +1,33 @@
+class Webhooks::WhatsappController < ActionController::API
+  include MetaTokenVerifyConcern
+
+  def process_payload
+    if inactive_whatsapp_number?
+      Rails.logger.warn("Rejected webhook for inactive WhatsApp number: #{params[:phone_number]}")
+      render json: { error: 'Inactive WhatsApp number' }, status: :unprocessable_entity
+      return
+    end
+
+    Webhooks::WhatsappEventsJob.perform_later(params.to_unsafe_hash)
+    head :ok
+  end
+
+  private
+
+  def valid_token?(token)
+    channel = Channel::Whatsapp.find_by(phone_number: params[:phone_number])
+    whatsapp_webhook_verify_token = channel.provider_config['webhook_verify_token'] if channel.present?
+    token == whatsapp_webhook_verify_token if whatsapp_webhook_verify_token.present?
+  end
+
+  def inactive_whatsapp_number?
+    phone_number = params[:phone_number]
+    return false if phone_number.blank?
+
+    inactive_numbers = GlobalConfig.get_value('INACTIVE_WHATSAPP_NUMBERS').to_s
+    return false if inactive_numbers.blank?
+
+    inactive_numbers_array = inactive_numbers.split(',').map(&:strip)
+    inactive_numbers_array.include?(phone_number)
+  end
+end