cd87849358edbf15f9bbe6b1c3fbea6e99f49a86 — Conrad Hoffmann 6 months ago d2ad494
webhooks: skip webhooks with expired credentials

The documentation states [1]:

> When the original authentication method becomes invalid (such as the
> expiration of or revocation of an OAuth 2.0 bearer token), the
> webhook is disabled.

However, this is currently not the case. Expired webhooks are indeed
filtered out in virtually all GraphQL queries (by means of core-go's
FilterWebhooks [2]), so users cannot see or delete them. They are _not_
filtered out upon scheduling, however. This commit fixes that.

The symptoms of this are that active webhooks may simply not be run - if
a user has both an expired and a valid, active webhook for some event,
the scheduling will retrieve both, fail on the expired one, and stop
processing, without any feedback to the user who scheduled the hooks.

This is a problem across all services, so core-go seems like the best
place to fix this.

[1]: https://man.sr.ht/graphql.md#webhook-authentication
[2]: https://git.sr.ht/~sircmpwn/core-go/tree/master/item/webhooks/config.go#L74,81
1 files changed, 3 insertions(+), 1 deletions(-)

M webhooks/queue.go
M webhooks/queue.go => webhooks/queue.go +3 -1
@@ 152,7 152,9 @@ func (queue *WebhookQueue) fetchSubscriptions(ctx context.Context,
				&sub.NodeID); err != nil {
			subs = append(subs, &sub)
			if sub.Expires.After(time.Now()) {
				subs = append(subs, &sub)

		return nil