harald/zeroclaw
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3

fix: add WhatsApp webhook signature verification (X-Hub-Signature-256)

Browse source 
Closes #51

- Add HMAC-SHA256 signature verification for WhatsApp webhooks
- Prevents message spoofing attacks (CWE-345)
- Add whatsapp_app_secret config field with ZEROCLAW_WHATSAPP_APP_SECRET env override
- Add 13 comprehensive unit tests

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Argenis 2026-02-15 06:17:24 -05:00 committed by GitHub
parent 026a917544
commit 5cc02c5813
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
13 changed files with 453 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/providers/ollama.rs
View file

@ -88,10 +88,8 @@ impl Provider for OllamaProvider {
let response = self.client.post(&url).json(&request).send().await?;
if !response.status().is_success() {
let error = response.text().await?;
anyhow::bail!(
"Ollama error: {error}. Is Ollama running? (brew install ollama && ollama serve)"
);
let err = super::api_error("Ollama", response).await;
anyhow::bail!("{err}. Is Ollama running? (brew install ollama && ollama serve)");
}
let chat_response: ChatResponse = response.json().await?;