Refactor the duplicated webhook url/events validation into one validator
Description
POST /api/v1/webhooks and PATCH /api/v1/webhooks/:id in src/index.ts contain the same validation logic copy-pasted: the url check (typeof url !== "string" || !/^https?:\/\//.test(url) || url.length > 2048) and the events check (!Array.isArray(events) || events.length === 0 || events.some(...)), each emitting the identical 400 invalid_request body. Two copies means a fix or rule change (e.g. the event-name taxonomy validation) must be made twice and can silently diverge. This issue extracts a single shared validator.
Requirements and context
- Repository scope: Agentpay-Org/Agentpay-backend only.
- Extract
validateWebhookUrl(url) and validateWebhookEvents(events) (or one validateWebhookInput) used by both handlers, returning the same error messages.
- Keep PATCH's partial-update semantics (only validate a field when it is present) and POST's required-field semantics.
- Produce byte-for-byte identical error and success responses; pure de-duplication, no behaviour change.
- Leave room for the event-taxonomy validation issue to plug into the shared
events validator.
Suggested execution
- Fork the repo and create a branch
git checkout -b refactor/webhooks-76-shared-validator- Implement changes
- Write code in: the two webhook handlers and a shared validator in
src/index.ts.
- Write comprehensive tests in: new
src/webhook-validator.test.ts — POST and PATCH reject the same bad inputs with the same messages, valid inputs accepted, PATCH partial updates work.
- Add documentation: none beyond TSDoc.
- Add TSDoc on the validator(s).
- Validate security assumptions: the URL regex and length cap are enforced identically on both paths.
- Test and commit
Test and commit
- Run
npm test and npm run lint.
- Cover edge cases: bad url on POST vs PATCH, empty events array, non-string event, partial PATCH.
- Include the full
npm test output in the PR description.
Example commit message
refactor: share webhook url/events validation between post and patch
Guidelines
- Minimum 95 percent test coverage for impacted modules.
- Clear, reviewer-focused documentation.
- Timeframe: 96 hours.
Community & contribution rewards
- 💬 Join the AgentPay community on Discord for questions, reviews, and faster merges: https://discord.gg/eXvRKkgcv
- ⭐ This is a GrantFox OSS / Official Campaign task and may be rewarded. When your PR is merged you'll be prompted to rate the project — if this issue and the maintainers helped you ship, we'd be grateful for a 5-star rating. Clear questions in Discord and tidy, well-tested PRs are the fastest path to a merge and a reward.
Refactor the duplicated webhook url/events validation into one validator
Description
POST /api/v1/webhooksandPATCH /api/v1/webhooks/:idinsrc/index.tscontain the same validation logic copy-pasted: theurlcheck (typeof url !== "string" || !/^https?:\/\//.test(url) || url.length > 2048) and theeventscheck (!Array.isArray(events) || events.length === 0 || events.some(...)), each emitting the identical400 invalid_requestbody. Two copies means a fix or rule change (e.g. the event-name taxonomy validation) must be made twice and can silently diverge. This issue extracts a single shared validator.Requirements and context
validateWebhookUrl(url)andvalidateWebhookEvents(events)(or onevalidateWebhookInput) used by both handlers, returning the same error messages.eventsvalidator.Suggested execution
git checkout -b refactor/webhooks-76-shared-validatorsrc/index.ts.src/webhook-validator.test.ts— POST and PATCH reject the same bad inputs with the same messages, valid inputs accepted, PATCH partial updates work.Test and commit
npm testandnpm run lint.npm testoutput in the PR description.Example commit message
refactor: share webhook url/events validation between post and patchGuidelines
Community & contribution rewards