Void-Homelab/lib/api/routes/ingest.js

import { Router } from 'express';
import crypto from 'node:crypto';
import * as queue from '../../jobs/queue.js';
import { asyncWrap } from '../errors.js';

function verify(rawBody, headerSig) {
  const secret = process.env.KARAKEEP_WEBHOOK_SECRET || '';
  if (!headerSig || !secret || !rawBody) return false;
  const expected = 'sha256=' +
    crypto.createHmac('sha256', secret).update(rawBody).digest('hex');
  try { return crypto.timingSafeEqual(Buffer.from(expected), Buffer.from(headerSig)); }
  catch { return false; }
}

export const router = Router();

router.post('/karakeep', asyncWrap(async (req, res) => {
  const sig = req.headers['x-karakeep-signature'];
  if (!verify(req.rawBody, sig)) {
    return res.status(401).json({ error: { code: 'unauthorized', message: 'bad signature' } });
  }
  const payload = req.body;
  if (payload.event !== 'bookmark.created') return res.status(202).json({ skipped: true });
  const space_id = process.env.KARAKEEP_DEFAULT_SPACE_ID;
  if (!space_id) {
    return res.status(503).json({
      error: { code: 'unconfigured', message: 'KARAKEEP_DEFAULT_SPACE_ID not set' }
    });
  }
  const job_id = await queue.enqueue('ingest.karakeep', {
    bookmark_id: payload.bookmark_id, space_id
  });
  res.status(202).json({ job_id });
}));