Gandalf/sofarr
1
0
Fork 0
Code Issues 1 Pull Requests Actions 1 Packages Projects Releases 19 Wiki Activity

feat(webhook): implement Phase 1 webhook receiver for Sonarr and Radarr
All checks were successful
Build and Push Docker Image / build (push) Successful in 1m7s
Details
Licence Check / Licence compatibility and copyright header verification (push) Successful in 1m15s
Details
CI / Security audit (push) Successful in 1m44s
Details
CI / Tests & coverage (push) Successful in 1m53s
Details

Browse Source 
- Added POST /api/webhook/sonarr and POST /api/webhook/radarr endpoints
- Implemented webhook secret validation via SOFARR_WEBHOOK_SECRET environment variable
- Added logging for all incoming webhook events using existing logToFile utility
- Returns HTTP 200 immediately to prevent webhook retries
- Mounted webhook routes before CSRF middleware (called by external services)
- Non-breaking: no changes to polling, caching, SSE, or any existing behavior
- Lays groundwork for Phase 2 (cache + SSE integration) without implementing it yet
This commit is contained in:
Gronod
2026-05-19 15:15:53 +01:00
parent 934f5e3fd5
commit 99ddb05dbe
4 changed files with 106 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/app.js
View File

@@ -19,6 +19,7 @@ const embyRoutes = require('./routes/emby');
const dashboardRoutes = require('./routes/dashboard');
const historyRoutes = require('./routes/history');
const authRoutes = require('./routes/auth');
const webhookRoutes = require('./routes/webhook');
const verifyCsrf = require('./middleware/verifyCsrf');
function createApp({ skipRateLimits = false } = {}) {
@@ -94,6 +95,7 @@ function createApp({ skipRateLimits = false } = {}) {
// API routes
app.use('/api', apiLimiter);
app.use('/api/auth', authRoutes);
app.use('/api/webhook', webhookRoutes);
// CSRF protection for all state-changing API requests below
app.use('/api', verifyCsrf);