[pull] main from hookdeck:main#136
Merged
Merged
Conversation
* feat(api): accept created_at/updated_at/disabled_at on destination Create; disabled_at on Update Enables importing destinations from another system (e.g. Svix migrations) with their original timestamps preserved. The Update API also accepts disabled_at (omit/null/timestamp) so callers can enable/disable as part of a normal PATCH without a separate /enable or /disable round-trip. Validation: created_at <= updated_at <= now and created_at <= disabled_at <= now. Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]> * feat(api): default created_at to disabled_at when only disabled_at is provided on Create Importers can now send disabled_at alone without also having to send a created_at; the destination's created_at silently mirrors disabled_at in that case. Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]> * refactor: drop timestamp validation on Create and Update Trust import payloads — accept created_at/updated_at/disabled_at as-is instead of enforcing future and ordering checks. Importers from other systems may carry inconsistent data, and rejecting it would block migrations for no real benefit. Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]> * feat(api): reject future disabled_at on Create and Update The only validation worth keeping — a disabled_at in the future would mean "scheduled to disable later," which is not a feature we support. Other timestamp fields stay unvalidated; importers can carry whatever their source system has. Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]> * feat(api): reject future created_at and updated_at on destination Create Mirrors the disabled_at future check. None of these timestamps make sense in the future at create time. Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]> * feat(api): gate created_at/updated_at on Create to admin (API key) auth JWT-authenticated tenants can no longer rewrite their own audit timestamps; sending created_at or updated_at without admin auth returns 403. disabled_at stays accessible to both roles, matching the existing /enable and /disable endpoint semantics. Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]> * test: harden 403 coverage for admin-only timestamp fields - Verify destination is not persisted when 403 is returned - Cover both fields together - Regression guard: JWT can still create destinations without these fields Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]> * fix(api): set status field to 422 in validation error responses ErrorResponse.Parse leaves Code unset when it falls through to the default branch (e.g. plain errors.New from handlers), which caused AbortWithValidationError to emit {"status":0,...} alongside an HTTP 422. Set Code at the call site since AbortWithValidationError is always 422 by definition; Parse stays caller-agnostic. Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]> --------- Co-authored-by: Claude Opus 4.7 (1M context) <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )