Skip to content

Deduplicate the identical url/events webhook validation shared by POST and PATCH #150

Description

@mikewheeleer

Refactor the duplicated webhook url/events validation into one validator

Description

POST /api/v1/webhooks and PATCH /api/v1/webhooks/:id in src/index.ts contain the same validation logic copy-pasted: the url check (typeof url !== "string" || !/^https?:\/\//.test(url) || url.length > 2048) and the events check (!Array.isArray(events) || events.length === 0 || events.some(...)), each emitting the identical 400 invalid_request body. Two copies means a fix or rule change (e.g. the event-name taxonomy validation) must be made twice and can silently diverge. This issue extracts a single shared validator.

Requirements and context

  • Repository scope: Agentpay-Org/Agentpay-backend only.
  • Extract validateWebhookUrl(url) and validateWebhookEvents(events) (or one validateWebhookInput) used by both handlers, returning the same error messages.
  • Keep PATCH's partial-update semantics (only validate a field when it is present) and POST's required-field semantics.
  • Produce byte-for-byte identical error and success responses; pure de-duplication, no behaviour change.
  • Leave room for the event-taxonomy validation issue to plug into the shared events validator.

Suggested execution

  • Fork the repo and create a branch
  • git checkout -b refactor/webhooks-76-shared-validator
  • Implement changes
    • Write code in: the two webhook handlers and a shared validator in src/index.ts.
    • Write comprehensive tests in: new src/webhook-validator.test.ts — POST and PATCH reject the same bad inputs with the same messages, valid inputs accepted, PATCH partial updates work.
    • Add documentation: none beyond TSDoc.
    • Add TSDoc on the validator(s).
    • Validate security assumptions: the URL regex and length cap are enforced identically on both paths.
  • Test and commit

Test and commit

  • Run npm test and npm run lint.
  • Cover edge cases: bad url on POST vs PATCH, empty events array, non-string event, partial PATCH.
  • Include the full npm test output in the PR description.

Example commit message

refactor: share webhook url/events validation between post and patch

Guidelines

  • Minimum 95 percent test coverage for impacted modules.
  • Clear, reviewer-focused documentation.
  • Timeframe: 96 hours.

Community & contribution rewards

  • 💬 Join the AgentPay community on Discord for questions, reviews, and faster merges: https://discord.gg/eXvRKkgcv
  • ⭐ This is a GrantFox OSS / Official Campaign task and may be rewarded. When your PR is merged you'll be prompted to rate the project — if this issue and the maintainers helped you ship, we'd be grateful for a 5-star rating. Clear questions in Discord and tidy, well-tested PRs are the fastest path to a merge and a reward.

Metadata

Metadata

Assignees

No one assigned
    No fields configured for Feature.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions