oscerd opened a new pull request, #24084: URL: https://github.com/apache/camel/pull/24084
Backport of #24034 (CAMEL-23762) to `camel-4.18.x`. ## What Adds an opt-in `webhookSecret` option to the camel-whatsapp webhook consumer. When set, inbound webhook event callbacks whose `X-Hub-Signature-256` HMAC-SHA256 signature is missing or invalid are rejected with HTTP 403 (constant-time comparison via `MessageDigest.isEqual`). When the option is not set, behaviour is unchanged. Mirrors the signature verification already provided by camel-clickup. ## Changes - `WhatsAppConfiguration.java` — new `webhookSecret` (`@UriParam(label = "security", secret = true)`) + accessors. - `WhatsAppWebhookProcessor.java` — verify the signature on event callbacks when `webhookSecret` is configured. - `WhatsAppWebhookSignatureTest.java` — 5 unit tests (valid / invalid / missing / tampered / wrong-secret). - Regenerated metadata (endpoint configurer, URI factory, module + catalog json, endpoint-dsl factory) — regenerated **on the 4.18.x branch** so the embedded version matches `4.18.3-SNAPSHOT`. ## Notes - New **opt-in** option; default behaviour is unchanged and backward compatible. - The upgrade-guide note for the new option is added separately on `main` (4_18 guide), per the backport upgrade-guide policy. - `camel-whatsapp` module build + the 5 new tests pass locally on `4.18.3-SNAPSHOT`. --- _Claude Code on behalf of Andrea Cosentino_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
