pn-new-crm

letsbe/pn-new-crm

Fork 0

Commit Graph

Author	SHA1	Message	Date
Matt Ciaccio	c4085265ff	fix(documenso): align webhook receiver with Documenso v1.13 + 2.x protocol Documenso authenticates outbound webhooks via the X-Documenso-Secret header carrying the plaintext secret (no HMAC). The previous receiver verified an HMAC against a non-existent x-documenso-signature header and switched on parsed.type, neither of which Documenso emits — so every real delivery was being silently rejected. - Read X-Documenso-Secret, compare timing-safe to env secret - Switch on parsed.event with uppercase normalization for both v1.13 (DOCUMENT_SIGNED) and 2.x (lowercase-dotted UI labels) wire formats - Alias DOCUMENT_RECIPIENT_COMPLETED to DOCUMENT_SIGNED (same semantics across versions) - Handle DOCUMENT_OPENED / DOCUMENT_REJECTED / DOCUMENT_CANCELLED in addition to the existing DOCUMENT_SIGNED + DOCUMENT_COMPLETED paths - Bypass session middleware for /api/webhooks/* (signature is the auth) Verified end-to-end against signatures.letsbe.solutions: real DOCUMENT_RECIPIENT_COMPLETED + DOCUMENT_COMPLETED deliveries now pass secret verification, dispatch correctly, and the handler updates state (or warns gracefully when the documensoId is unknown). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-27 13:46:48 +02:00
Matt	4c20bcffcd	Fix all ESLint errors: remove unused imports, replace any types Some checks failed Build & Push Docker Images / lint (push) Failing after 1m10s Details Build & Push Docker Images / build-and-push (push) Has been skipped Details Build & Push Docker Images / deploy (push) Has been skipped Details - Remove ~60 unused imports and variables across 88 files - Replace ~80 `any` type annotations with proper types (unknown, Record<string, unknown>, or specific types) - Prefix unused callback args with underscore - Fix unescaped JSX entities - Lint now passes cleanly (0 errors, 2 intentional img warnings) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-26 12:06:18 +01:00
Matt	67d7e6e3d5	Initial commit: Port Nimara CRM (Layers 0-4) Some checks failed Build & Push Docker Images / build-and-push (push) Has been cancelled Details Build & Push Docker Images / deploy (push) Has been cancelled Details Build & Push Docker Images / lint (push) Has been cancelled Details Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM, PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source files covering clients, berths, interests/pipeline, documents/EOI, expenses/invoices, email, notifications, dashboard, admin, and client portal. CI/CD via Gitea Actions with Docker builds. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-26 11:52:51 +01:00

Author

SHA1

Message

Date

Matt Ciaccio

c4085265ff

fix(documenso): align webhook receiver with Documenso v1.13 + 2.x protocol

Documenso authenticates outbound webhooks via the X-Documenso-Secret
header carrying the plaintext secret (no HMAC). The previous receiver
verified an HMAC against a non-existent x-documenso-signature header
and switched on parsed.type, neither of which Documenso emits — so
every real delivery was being silently rejected.

- Read X-Documenso-Secret, compare timing-safe to env secret
- Switch on parsed.event with uppercase normalization for both v1.13
  (DOCUMENT_SIGNED) and 2.x (lowercase-dotted UI labels) wire formats
- Alias DOCUMENT_RECIPIENT_COMPLETED to DOCUMENT_SIGNED (same
  semantics across versions)
- Handle DOCUMENT_OPENED / DOCUMENT_REJECTED / DOCUMENT_CANCELLED in
  addition to the existing DOCUMENT_SIGNED + DOCUMENT_COMPLETED paths
- Bypass session middleware for /api/webhooks/* (signature is the auth)

Verified end-to-end against signatures.letsbe.solutions: real
DOCUMENT_RECIPIENT_COMPLETED + DOCUMENT_COMPLETED deliveries now pass
secret verification, dispatch correctly, and the handler updates
state (or warns gracefully when the documensoId is unknown).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-27 13:46:48 +02:00

Matt

4c20bcffcd

Fix all ESLint errors: remove unused imports, replace any types

Build & Push Docker Images / lint (push) Failing after 1m10s

Details

Build & Push Docker Images / build-and-push (push) Has been skipped

Details

Build & Push Docker Images / deploy (push) Has been skipped

Details

- Remove ~60 unused imports and variables across 88 files
- Replace ~80 `any` type annotations with proper types (unknown,
  Record<string, unknown>, or specific types)
- Prefix unused callback args with underscore
- Fix unescaped JSX entities
- Lint now passes cleanly (0 errors, 2 intentional img warnings)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-26 12:06:18 +01:00

Matt

67d7e6e3d5

Initial commit: Port Nimara CRM (Layers 0-4)

Build & Push Docker Images / build-and-push (push) Has been cancelled

Details

Build & Push Docker Images / deploy (push) Has been cancelled

Details

Build & Push Docker Images / lint (push) Has been cancelled

Details

Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM,
PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source
files covering clients, berths, interests/pipeline, documents/EOI,
expenses/invoices, email, notifications, dashboard, admin, and
client portal. CI/CD via Gitea Actions with Docker builds.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-26 11:52:51 +01:00

3 Commits