regression: Twilio failing signature check

[KevLehman]

Proposed changes (including videos or screenshots)

Issue(s)

https://rocketchat.atlassian.net/browse/CTZ-178

Steps to test or reproduce

Further comments

(Note: 2 issues in one as one fix is not enough for the feature to work)

For some reason, Hono defaults to localhost in req.url (or it's using the localhost domain instead of the public site url)

For example, on candidate:

{"level":35,"time":"2025-05-26T16:21:11.617Z","pid":1,"hostname":"rocketchat-candidate-55c86cb5c-hnqdb","name":"API","method":"POST","url":"http://localhost/api/v1/livechat/message","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 Edg/135.0.0.0","length":"115","host":"candidate.qa.rocket.chat","referer":"https://candidate.qa.rocket.chat/livechat","remoteIP":"122.161.242.36","status":200,"responseTime":93} 

Since twilio assumed this property req.url was relative, it created its own URL based on it. Now, it's absolute, including hostname which caused the signature to mismatch from what twilio was sending.

The other issue was that the body was being re-parsed as json, which didn't work, causing an empty body which made the validation fail (as the signature from twilio includes the body)

Since on CI (dum, ik) we skip this twilio validation, the bug wasn't caught. A task will be created to change the CI tests to be more real-world and avoid the diff behavior when TEST_MODE is true.

[dionisio-bot]

Looks like this PR is ready to merge! 🎉
If you have any trouble, please check the PR guidelines

[changeset-bot]

⚠️ No Changeset found

Latest commit: 61e4745

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[github-actions]

PR Preview Action v1.6.1
🚀 View preview at https://RocketChat.github.io/Rocket.Chat/pr-preview/pr-36077/
Built to branch gh-pages at 2025-05-26 16:38 UTC. Preview will be ready when the GitHub Pages deployment is complete.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 64.75%. Comparing base (a8a7bc2) to head (61e4745).
Report is 1 commits behind head on release-7.7.0.

Additional details and impacted files

@@                Coverage Diff                @@
##           release-7.7.0   #36077      +/-   ##
=================================================
+ Coverage          64.22%   64.75%   +0.53%     
=================================================
  Files               3018     3110      +92     
  Lines              91836    93198    +1362     
  Branches           17435    17749     +314     
=================================================
+ Hits               58978    60347    +1369     
+ Misses             30172    30062     -110     
- Partials            2686     2789     +103     

Flag	Coverage Δ
e2e	58.42% <ø> (+1.74%)	⬆️
unit	71.50% <100.00%> (-0.03%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[scuciatto]

/patch

[dionisio-bot]

Pull request #36103 added to Project: "Patch 7.6.2"