fix: added webhook verify token for security

2025-01-19 22:25:23 +05:30 · 2025-01-19 22:25:23 +05:30 · 8e45656c86
commit 8e45656c86
parent 9c800417bb
2 changed files with 35 additions and 3 deletions
--- a/crm/fcrm/doctype/crm_exotel_settings/crm_exotel_settings.json
+++ b/crm/fcrm/doctype/crm_exotel_settings/crm_exotel_settings.json
@ -10,6 +10,8 @@
  "record_call",
  "section_break_kfez",
  "account_sid",
  "column_break_qwfn",
  "webhook_verify_token",
  "section_break_iuct",
  "api_key",
  "column_break_hyen",
@ -70,12 +72,23 @@
   "fieldname": "record_call",
   "fieldtype": "Check",
   "label": "Record Call"
  },
  {
   "fieldname": "column_break_qwfn",
   "fieldtype": "Column Break"
  },
  {
   "depends_on": "enabled",
   "fieldname": "webhook_verify_token",
   "fieldtype": "Data",
   "label": "Webhook Verify Token",
   "mandatory_depends_on": "enabled"
  }
 ],
 "index_web_pages_for_search": 1,
 "issingle": 1,
 "links": [],
- "modified": "2025-01-15 19:31:00.310049",
+ "modified": "2025-01-19 22:19:20.713970",
 "modified_by": "Administrator",
 "module": "FCRM",
 "name": "CRM Exotel Settings",
--- a/crm/integrations/exotel/handler.py
+++ b/crm/integrations/exotel/handler.py
@ -1,5 +1,3 @@
 import json
 import bleach
 import frappe
 import requests
@ -8,10 +6,20 @@ from frappe.integrations.utils import create_request_log
 from crm.integrations.api import get_contact_by_phone_number
 # Endpoints for webhook
 # Incoming Call:
 # <site>/api/method/crm.integrations.exotel.handler.handle_request?key=<exotel-webhook-verify-token>
 # Exotel Reference:
 # https://developer.exotel.com/api/
 # https://support.exotel.com/support/solutions/articles/48283-working-with-passthru-applet
 # Incoming Call
@frappe.whitelist(allow_guest=True)
 def handle_request(**kwargs):
 	validate_request()
 	if not is_integration_enabled():
 		return
@ -149,6 +157,17 @@ def get_exotel_settings():
 	return frappe.get_single("CRM Exotel Settings")
 def validate_request():
 	# workaround security since exotel does not support request signature
 	# /api/method/<exotel-integration-method>?key=<exotel-webhook=verify-token>
 	webhook_verify_token = frappe.db.get_single_value("CRM Exotel Settings", "webhook_verify_token")
 	key = frappe.request.args.get('key')
 	is_valid = key and key == webhook_verify_token
 	if not is_valid:
 		frappe.throw(_("Unauthorized request"), exc=frappe.PermissionError)
@frappe.whitelist()
 def is_integration_enabled():
 	return frappe.db.get_single_value("CRM Exotel Settings", "enabled", True)