fix: add WhatsApp webhook signature verification (X-Hub-Signature-256)

Closes #51 - Add HMAC-SHA256 signature verification for WhatsApp webhooks - Prevents message spoofing attacks (CWE-345) - Add whatsapp_app_secret config field with ZEROCLAW_WHATSAPP_APP_SECRET env override - Add 13 comprehensive unit tests Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-15 06:17:24 -05:00 · 2026-02-15 06:17:24 -05:00 · 5cc02c5813
commit 5cc02c5813
parent 026a917544
13 changed files with 453 additions and 17 deletions
--- a/src/providers/openai.rs
+++ b/src/providers/openai.rs
@ -91,8 +91,7 @@ impl Provider for OpenAiProvider {
            .await?;

        if !response.status().is_success() {
-            let error = response.text().await?;
-            anyhow::bail!("OpenAI API error: {error}");
+            return Err(super::api_error("OpenAI", response).await);
        }

        let chat_response: ChatResponse = response.json().await?;