server/webhooks.js

// Outbound webhook delivery. emit(event, tenantId, payload) fans the event out to every
// active per-tenant subscription registered for that event, plus the legacy global
// BIZGAZE_WEBHOOK_URL (back-compat). Each delivery is HMAC-signed and retried on failure.
//
// NOTE (roadmap): retries are in-memory/best-effort. For guaranteed delivery this should
// move to a persistent queue when the app scales to multiple instances (see ARCHITECTURE.md).
const R = require('./repos');
const crypto = require('crypto');

const EVENTS = ['session.started', 'session.ended'];

function sign(secret, body) {
  return crypto.createHmac('sha256', secret || '').update(body).digest('base64url');
}

const RETRY_DELAYS = [2000, 10000, 30000]; // after the first attempt
function deliver(url, secret, body, onDone) {
  let attempt = 0;
  const go = async () => {
    attempt++;
    let ok = false, status = 0, err = null;
    try {
      const res = await fetch(url, {
        method: 'POST',
        headers: { 'Content-Type': 'application/json', 'X-BizGaze-Signature': sign(secret, body), 'X-BizGaze-Event': (() => { try { return JSON.parse(body).event; } catch { return ''; } })() },
        body,
        signal: AbortSignal.timeout(10000),
      });
      status = res.status; ok = res.ok;
    } catch (e) { err = (e && e.message) || 'delivery failed'; }
    if (ok || attempt > RETRY_DELAYS.length) { if (onDone) onDone({ ok, status, err }); return; }
    setTimeout(go, RETRY_DELAYS[attempt - 1]);
  };
  go();
}

function emit(event, tenantId, payload) {
  const body = JSON.stringify({ event, ...payload });
  // Per-tenant subscriptions
  try {
    for (const h of R.webhooks.activeForTenant(tenantId)) {
      const subs = String(h.events || '').split(',').map((s) => s.trim());
      if (subs.includes('*') || subs.includes(event)) {
        deliver(h.url, h.secret, body, (r) => { try { R.webhooks.setStatus(h.id, r.ok ? 1 : 0, r.err || ('HTTP ' + r.status)); } catch (_) {} });
      }
    }
  } catch (_) {}
  // Legacy global webhook (back-compat): session.ended → BIZGAZE_WEBHOOK_URL, signed with SSO_SECRET.
  if (event === 'session.ended' && process.env.BIZGAZE_WEBHOOK_URL) {
    deliver(process.env.BIZGAZE_WEBHOOK_URL, process.env.SSO_SECRET || '', body);
  }
}

module.exports = { emit, sign, EVENTS };
Merge origin/master (TURN/coturn + BizGaze-only login) into feature tree 2026-06-23 16:27:59 +05:30			`// Outbound webhook delivery. emit(event, tenantId, payload) fans the event out to every`
			`// active per-tenant subscription registered for that event, plus the legacy global`
			`// BIZGAZE_WEBHOOK_URL (back-compat). Each delivery is HMAC-signed and retried on failure.`
			`//`
			`// NOTE (roadmap): retries are in-memory/best-effort. For guaranteed delivery this should`
			`// move to a persistent queue when the app scales to multiple instances (see ARCHITECTURE.md).`
			`const R = require('./repos');`
			`const crypto = require('crypto');`

			`const EVENTS = ['session.started', 'session.ended'];`

			`function sign(secret, body) {`
			`return crypto.createHmac('sha256', secret \|\| '').update(body).digest('base64url');`
			`}`

			`const RETRY_DELAYS = [2000, 10000, 30000]; // after the first attempt`
			`function deliver(url, secret, body, onDone) {`
			`let attempt = 0;`
			`const go = async () => {`
			`attempt++;`
			`let ok = false, status = 0, err = null;`
			`try {`
			`const res = await fetch(url, {`
			`method: 'POST',`
			`headers: { 'Content-Type': 'application/json', 'X-BizGaze-Signature': sign(secret, body), 'X-BizGaze-Event': (() => { try { return JSON.parse(body).event; } catch { return ''; } })() },`
			`body,`
			`signal: AbortSignal.timeout(10000),`
			`});`
			`status = res.status; ok = res.ok;`
			`} catch (e) { err = (e && e.message) \|\| 'delivery failed'; }`
			`if (ok \|\| attempt > RETRY_DELAYS.length) { if (onDone) onDone({ ok, status, err }); return; }`
			`setTimeout(go, RETRY_DELAYS[attempt - 1]);`
			`};`
			`go();`
			`}`

			`function emit(event, tenantId, payload) {`
			`const body = JSON.stringify({ event, ...payload });`
			`// Per-tenant subscriptions`
			`try {`
			`for (const h of R.webhooks.activeForTenant(tenantId)) {`
			`const subs = String(h.events \|\| '').split(',').map((s) => s.trim());`
			`if (subs.includes('*') \|\| subs.includes(event)) {`
			`deliver(h.url, h.secret, body, (r) => { try { R.webhooks.setStatus(h.id, r.ok ? 1 : 0, r.err \|\| ('HTTP ' + r.status)); } catch (_) {} });`
			`}`
			`}`
			`} catch (_) {}`
			`// Legacy global webhook (back-compat): session.ended → BIZGAZE_WEBHOOK_URL, signed with SSO_SECRET.`
			`if (event === 'session.ended' && process.env.BIZGAZE_WEBHOOK_URL) {`
			`deliver(process.env.BIZGAZE_WEBHOOK_URL, process.env.SSO_SECRET \|\| '', body);`
			`}`
			`}`

			`module.exports = { emit, sign, EVENTS };`