https://mobileaws.atlassian.net/browse/CLOUD-2712#1
Open
dlopezallcode wants to merge 1 commit intomainfrom
Open
https://mobileaws.atlassian.net/browse/CLOUD-2712#1dlopezallcode wants to merge 1 commit intomainfrom
dlopezallcode wants to merge 1 commit intomainfrom
Conversation
️✅ There are no secrets present in this pull request anymore.If these secrets were true positive and are still valid, we highly recommend you to revoke them. 🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request. |
dlopezallcode
force-pushed
the
CLOUD-2712
branch
4 times, most recently
from
5278353 to
5cd2656
Compare
dlopezallcode
force-pushed
the
CLOUD-2712
branch
4 times, most recently
from
5b7e022 to
1b2547c
Compare
dlopezallcode
force-pushed
the
CLOUD-2712
branch
from
1b2547c to
8d164bc
Compare
criscantillo
approved these changes
Apr 20, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR Summary — Node.js SDK (
ccai-node)Overview
The Node.js/TypeScript SDK has been brought to complete parity with the reference Java SDK. Critical bugs with hardcoded URLs, hardcoded
accountId, andverifySignatureplaceholder were fixed. Contact Service and MD5 caching in MMS were added. The SDK compiles without TypeScript errors and passes 21/21 integration tests.Implemented Changes
1. Hardcoded Base URL Fix in CCAI Client (
src/ccai.ts) 🔴Before: the default of
baseUrlpointed tohttps://core-test-cloudcontactai.allcode.com/api(test environment).After: the default now points to
https://core.cloudcontactai.com/api(production).2. Hardcoded URL Fix in Email Service (
src/email/email.ts) 🔴Before: the service had a hardcoded
baseUrlconstant pointing to the test environment.After: uses
this.ccai.getEmailBaseUrl()from Config dynamically. Also added the methodsend(accounts, subject, message, senderEmail, replyEmail, senderName, title?, options?)compatible with Java.3. Hardcoded
accountIdFix in Email (src/email/email.ts) 🔴Before: email headers had hardcoded
'accountId': '1223'.After: uses
this.ccai.getClientId()dynamically in headersAccountIdandClientId.4.
verifySignatureFix — Security Bug (src/webhook/webhook.ts) 🔴Before: placeholder implementation (always returned
trueor did not verify correctly).After: real implementation with HMAC-SHA256 using Node.js native
cryptomodule:createHmac('sha256', secret).update(body).digest('hex')timingSafeEqual()for constant-time comparison (prevents timing attacks)sha256=prefix in signatureparseEvent(payload: string)to parse JSON payloads5. Multi-URL Support and Test/Prod Environment (
src/ccai.ts)CCAIConfignow supports:useTestEnvironment?: boolean(default:false)baseUrl?: string,emailBaseUrl?: string,filesBaseUrl?: stringCCAI_BASE_URL,CCAI_EMAIL_BASE_URL,CCAI_FILES_BASE_URLgetBaseUrl(),getEmailBaseUrl(),getFilesBaseUrl(),isTestEnvironment()6. MD5 Cache in MMS (
src/sms/mms.ts)Before:
sendWithImage()always uploaded the image without checking for duplicates.After:
md5File(filePath)private — usescrypto.createHash('md5')with file streamingcheckFileUploaded(fileKey)public — queriesGET /clients/{clientId}/storedUrl?fileKey={fileKey}sendWithImage()rewritten: computes MD5 → constructs{clientId}/campaign/{md5}.{ext}→ checks if exists → if yes, skips upload → sendsgetSignedUploadUrl()now usesclient.getFilesBaseUrl()instead of hardcoded URL7. New Service: Contact (
src/contact/contact.ts)Before: the SDK had no contact management support.
After:
setDoNotText(doNotText: boolean, contactId?: string, phone?: string): Promise<SetDoNotTextResponse>— SMS opt-out / opt-inEndpoint:
PUT /account/do-not-textRegistered in
ccai.tsaspublic contact: Contactand exported fromsrc/index.ts.8. Next.js Webhook Handler (
src/webhook/nextjs.ts)Exclusive utility of Node.js SDK to integrate CCAI webhooks in Next.js App Router routes:
Automatically verifies signature and dispatches to the corresponding handler (
onMessageSent,onMessageReceived).9. Real Integration Test (
src/test_real.ts)File created with 18+ integration tests: SMS (1-2), MMS (3-7, 7b, 7c), Email (8-9), Webhook (11-16), Contact (17-18). Loads
.envwithdotenv.Compatibility Notes
accountIdfix may affect integrations that relied on the hardcoded value.verifySignatureno longer accepts any signature — intentional security breaking change.setDoNotTextis a new method and does not break anything existing.