Merge remote-tracking branch 'tekkamanendless/twilio-message-callback…

…-url' into stage-main-81fast-b
chonigbe · Aug 24, 2020 · 57d6e4d · 57d6e4d
2 parents 74ed7bb + a369542
commit 57d6e4d
Show file tree

Hide file tree

Showing 5 changed files with 13 additions and 3 deletions.
diff --git a/.env.example b/.env.example
@@ -32,6 +32,7 @@ NEXMO_API_KEY=
 NEXMO_API_SECRET=
 TWILIO_ACCOUNT_SID=
 TWILIO_AUTH_TOKEN=
+TWILIO_MESSAGE_CALLBACK_URL=
 TWILIO_MESSAGE_SERVICE_SID=
 EXPERIMENTAL_TWILIO_PER_CAMPAIGN_MESSAGING_SERVICE=false
 TWILIO_STATUS_CALLBACK_URL=

diff --git a/docs/HOWTO_INTEGRATE_TWILIO.md b/docs/HOWTO_INTEGRATE_TWILIO.md
@@ -24,6 +24,7 @@ You will need to create a Twilio account in order to test outgoing and incoming
     - Make sure `SEND A WEBHOOK` is selected
     - `REQUEST URL` is `https://<YOUR_APP_URL>/twilio` using `HTTP POST`
     - Set `FALLBACK URL` to the same as `REQUEST URL`
+    - In your .env file, set `TWILIO_MESSAGE_CALLBACK_URL` to this same URL
   - Under `Outbound Settings`
     - `STATUS CALLBACK URL` in your Twilio console is `https://<YOUR_APP_URL>/twilio-message-report`
     - In your .env file, set `TWILIO_STATUS_CALLBACK_URL` to this same URL

diff --git a/docs/REFERENCE-environment_variables.md b/docs/REFERENCE-environment_variables.md
@@ -94,6 +94,7 @@
 | TWILIO_API_KEY                                   | _(Deprecated)_ Replaced by `TWILIO_ACCOUNT_SID`                                                                                                                                                                                                                                                                                                                                             |
 | TWILIO_AUTH_TOKEN                                | Global Twilio auth token. Required if using Twilio and `TWILIO_MULTI_ORG` is not set.                                                                                                                                                                                                                                                                                                       |
 | TWILIO_BASE_CALLBACK_URL                         | Base URL of the server handling twilio callbacks. Required if using EXPERIMENTAL_TWILIO_PER_CAMPAIGN_MESSAGING_SERVICE |
+| TWILIO_MESSAGE_CALLBACK_URL                      | Message callback URL of the server handling twilio callbacks.  Should end with `/twilio`.  This is helpful when running the server behind a proxy. |
 | TWILIO_MESSAGE_SERVICE_SID                       | Global Twilio message service ID. Required if using Twilio and `TWILIO_MULTI_ORG` is not set.                                                                                                                                                                                                                                                                                               |
 | TWILIO_MULTI_ORG                                 | Boolean value to indicate if organizations can override Twilio credentials in the organization settings. _Default_: false.                                                                                                                                                                                                                                                                  |
 | TWILIO_STATUS_CALLBACK_URL                       | URL for Twilio status callbacks. Should end with `/twilio-message-report`, e.g. `https://example.org/twilio-message-report`. Required if using Twilio.                                                                                                                                                                                                                                      |

diff --git a/src/server/api/lib/twilio.js b/src/server/api/lib/twilio.js
@@ -40,7 +40,12 @@ async function getTwilio(organization) {
   return null;
 }
 
-const headerValidator = () => {
+/**
+ * Validate that the message came from Twilio before proceeding.
+ *
+ * @param url The external-facing URL; this may be omitted to use the URL from the request.
+ */
+const headerValidator = (url) => {
   if (!!TWILIO_SKIP_VALIDATION) return (req, res, next) => next();
 
   return async (req, res, next) => {
@@ -52,7 +57,8 @@ const headerValidator = () => {
     );
     const options = {
       validate: true,
-      protocol: "https"
+      protocol: "https",
+      url: url,
     };
 
     return Twilio.webhook(authToken, options)(req, res, next);

diff --git a/src/server/index.js b/src/server/index.js
@@ -108,7 +108,7 @@ Object.keys(configuredIngestMethods).forEach(ingestMethodName => {
 
 app.post(
   "/twilio/:orgId?",
-  twilio.headerValidator(),
+  twilio.headerValidator(process.env.TWILIO_MESSAGE_CALLBACK_URL || global.TWILIO_MESSAGE_CALLBACK_URL),
   wrap(async (req, res) => {
     try {
       await twilio.handleIncomingMessage(req.body);
@@ -152,6 +152,7 @@ if (process.env.NEXMO_API_KEY) {
 
 app.post(
   "/twilio-message-report",
+  twilio.headerValidator(process.env.TWILIO_STATUS_CALLBACK_URL || global.TWILIO_STATUS_CALLBACK_URL),
   wrap(async (req, res) => {
     try {
       const body = req.body;