Skip to content

fix: Add a webhook for WorkOS, update middleware to allow webhooks #3048

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
perkinsjr merged 5 commits into from
Mar 30, 2025
Merged

fix: Add a webhook for WorkOS, update middleware to allow webhooks #3048

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
cb82a09
Update checks for open API endpoints, Adds back our webhook alert.
perkinsjr Mar 30, 2025
099ef2b
remove logs
perkinsjr Mar 30, 2025
6c302cf
fmt
perkinsjr Mar 30, 2025
147a65a
Add back the env checks
perkinsjr Mar 30, 2025
c2efbdd
revert: auditLogId
chronark Mar 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions apps/dashboard/lib/env.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ export const env = () =>

WORKOS_API_KEY: z.string().optional(),
WORKOS_CLIENT_ID: z.string().optional(),
WORKOS_WEBHOOK_SECRET: z.string().optional(),
NEXT_PUBLIC_WORKOS_REDIRECT_URI: z
.string()
.default("http://localhost:3000/auth/sso-callback"),
Expand Down
3 changes: 3 additions & 0 deletions apps/dashboard/middleware.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,9 @@ export default async function (req: NextRequest, _evt: NextFetchEvent) {
"/auth/oauth-sign-in",
"/auth/join",
"/favicon.ico",
"/api/webhooks/stripe",
"/api/v1/workos/webhooks",
"/api/v1/github/verify",
"/_next",
],
})(req);
Expand Down
111 changes: 0 additions & 111 deletions apps/dashboard/pages/api/v1/clerk/webhooks.ts
View file
Open in desktop

This file was deleted.

98 changes: 98 additions & 0 deletions apps/dashboard/pages/api/v1/workos/webhooks.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
import { WorkOS } from "@workos-inc/node";
import { env } from "@/lib/env";
import { Resend } from "@unkey/resend";
import freeDomains from "free-email-domains";
import type { NextApiRequest, NextApiResponse } from "next";

export default async (req: NextApiRequest, res: NextApiResponse) => {
if (req.method === "POST") {
const payload = req.body;
const sigHeader = req.headers["workos-signature"] as string | undefined;
const { RESEND_API_KEY, RESEND_AUDIENCE_ID, WORKOS_API_KEY, WORKOS_WEBHOOK_SECRET } = env();
if (!WORKOS_API_KEY || !WORKOS_WEBHOOK_SECRET || !RESEND_API_KEY || !RESEND_AUDIENCE_ID) {
return res.status(400).json({ Error: "Missing environment variables" });
}

if (!payload || !sigHeader) {
return res.status(400).json({ Error: "Nope" });
}
const workos = new WorkOS(WORKOS_API_KEY);

const webhook = await workos.webhooks.constructEvent({
payload: payload,
sigHeader: sigHeader,
secret: WORKOS_WEBHOOK_SECRET,
});

if (!webhook) {
return res.status(400).json({ Error: "Invalid payload" });
}

if (webhook.event === "user.created") {
const webhookData = webhook.data;

const resend = new Resend({ apiKey: RESEND_API_KEY });

if (!webhookData.email) {
return res.status(400).json({ Error: "No email address found" });
}
try {
await alertSlack(webhookData.email);
await resend.client.contacts.create({
audienceId: RESEND_AUDIENCE_ID,
email: webhookData.email,
});
await resend.sendWelcomeEmail({
email: webhookData.email,
});
return res.status(200).json({});
} catch (err) {
return res.status(400).json({
error: (err as Error).message,
});
}
}
return res.status(200).json({});
}
};

async function alertSlack(email: string): Promise<void> {
const url = process.env.SLACK_WEBHOOK_URL_SIGNUP;
if (!url) {
return;
}
const domain = email.split("@").at(-1);
if (!domain) {
return;
}
if (freeDomains.includes(domain)) {
return;
}

await fetch(url, {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
text: `${email} signed up`,
blocks: [
{
type: "section",
fields: [
{
type: "mrkdwn",
text: `${email} signed up`,
},
{
type: "mrkdwn",
text: `<https://${domain}>`,
},
],
},
],
}),
}).catch((err: Error) => {
console.error(err);
});
}
16 changes: 11 additions & 5 deletions internal/db/src/schema/audit_logs.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,20 @@
import { relations } from "drizzle-orm";
import { bigint, index, int, json, mysqlTable, primaryKey, uniqueIndex, varchar } from "drizzle-orm/mysql-core";
import {
bigint,
index,
int,
json,
mysqlTable,
primaryKey,
uniqueIndex,
varchar,
} from "drizzle-orm/mysql-core";
import { lifecycleDates } from "./util/lifecycle_dates";
import { workspaces } from "./workspaces";

import { newId } from "@unkey/id";
import { deleteProtection } from "./util/delete_protection";



export const auditLogBucket = mysqlTable(
"audit_log_bucket",
{
Expand All @@ -34,7 +41,6 @@ export const auditLogBucket = mysqlTable(
}),
);


export const auditLog = mysqlTable(
"audit_log",
{
Expand Down Expand Up @@ -96,7 +102,7 @@ export const auditLogTarget = mysqlTable(

// bucket is the name of the bucket that the target belongs to
bucket: varchar("bucket", { length: 256 }).notNull().default("unkey_mutations"),
auditLogId: varchar("audit_log_id", { length: 256 }),
auditLogId: varchar("audit_log_id", { length: 256 }).notNull(),

// A human readable name to display in the UI
displayName: varchar("display_name", { length: 256 }).notNull(),
Expand Down
Loading