Skip to main content

forge_core/webhook/
mod.rs

1//! Webhook handling with signature verification.
2//!
3//! Forge provides a structured way to receive webhooks from external services
4//! with automatic signature verification and idempotency handling.
5//!
6//! # Signature Verification
7//!
8//! Webhooks can verify signatures using HMAC-SHA256 or other algorithms:
9//!
10//! ```ignore
11//! #[forge::webhook(
12//!     path = "/webhooks/stripe",
13//!     signature = "hmac_sha256",
14//!     secret_env = "STRIPE_WEBHOOK_SECRET"
15//! )]
16//! async fn handle_stripe(ctx: &WebhookContext, payload: StripeEvent) -> WebhookResult {
17//!     // Signature already verified
18//! }
19//! ```
20//!
21//! # Idempotency
22//!
23//! Webhooks can be configured to deduplicate based on a header or payload field:
24//!
25//! ```ignore
26//! #[forge::webhook(
27//!     path = "/webhooks/github",
28//!     idempotency_key = "header:X-GitHub-Delivery"
29//! )]
30//! ```
31//!
32//! # Key Types
33//!
34//! - [`WebhookContext`] - Request context with headers and raw body
35//! - [`SignatureConfig`] - Signature verification settings
36//! - [`IdempotencyConfig`] - Deduplication settings
37
38mod context;
39mod signature;
40mod traits;
41
42pub use context::WebhookContext;
43pub use signature::{
44    IdempotencyConfig, IdempotencySource, SignatureAlgorithm, SignatureConfig, WebhookSignature,
45};
46pub use traits::{ForgeWebhook, WebhookInfo, WebhookResult};