apunkt/dograh
1
0
Fork 0
mirror of https://github.com/dograh-hq/dograh.git synced 2026-06-25 08:48:13 +02:00
Code Issues Projects Releases Packages Wiki Activity

feat: verify telnyx webhook signature optionally (#279)

Browse source
This commit is contained in:
Sabiha Khan 2026-05-12 19:47:28 +05:30 committed by GitHub
parent 7249a9f8ed
commit b670004725
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 53 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

9
api/constants.py
View file

@ -142,3 +142,12 @@ FORCE_TURN_RELAY = os.getenv("FORCE_TURN_RELAY", "false").lower() == "true"
# OSS Email/Password Auth
OSS_JWT_SECRET = os.getenv("OSS_JWT_SECRET", "change-me-in-production")
OSS_JWT_EXPIRY_HOURS = int(os.getenv("OSS_JWT_EXPIRY_HOURS", "720")) # 30 days
# REMOVE-AFTER 2026-05-15: transitional flag. When True, Telnyx webhook
# signature verification is skipped for configs that have no
# webhook_public_key set (existing configs predating the field). Set in prod
# through 2026-05-15 to give users time to add their key; once removed,
# configs without a key will fail signature verification.
TELNYX_WEBHOOK_VERIFICATION_OPTIONAL = (
os.getenv("TELNYX_WEBHOOK_VERIFICATION_OPTIONAL", "false").lower() == "true"
)