[LFXV2-918] fix(zoom): default to mock zoom webhook validator

[bramwelt]

This pull request updates the Zoom platform configuration to ensure that a mock webhook validator is used when the standard Zoom webhook validation is not configured. This change improves reliability during development and testing by providing a fallback mechanism.

Error handling and fallback improvements:

• In zoom.go, when the Zoom webhook validation is not configured, the system now logs a more descriptive warning and assigns a mock validator (webhook.NewMockWebhookValidator()) to config.Validator instead of leaving it unset.

[coderabbitai]

Walkthrough

A fallback mock validator is added to the Zoom webhook setup flow. When webhook validation is not configured, a MockWebhookValidator is now instantiated and assigned to the configuration instead of remaining unconfigured, ensuring a validator is always present. The log message is updated to reflect this change.

Changes

Cohort / File(s)	Summary
Zoom webhook validation fallback cmd/meeting-api/platforms/zoom.go	Updated log message to indicate mock validator usage; added MockWebhookValidator instantiation when webhook validation is not configured, ensuring a validator is always present in the config

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

• Verify that MockWebhookValidator is properly implemented and suitable for the fallback scenario
• Confirm the behavioral intent of always having a validator instance available

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: defaulting to a mock Zoom webhook validator when validation is not configured.
Description check	✅ Passed	The description is related to the changeset, explaining the purpose of using a mock webhook validator as a fallback mechanism for development and testing.
Linked Issues check	✅ Passed	The PR addresses the core requirement from LFXV2-918: providing a fallback mock validator so the service gracefully handles missing Zoom configuration and doesn't fail during startup.
Out of Scope Changes check	✅ Passed	The changes are focused and scoped to the Zoom webhook validator configuration in zoom.go, directly addressing the linked issue without introducing unrelated modifications.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch bramwelt/fix-meetings-service-start

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This pull request modifies the Zoom webhook validator configuration to use a mock validator as a fallback when webhook validation is not properly configured. While this aims to improve development experience by preventing nil validator errors, it introduces a critical security vulnerability by allowing production systems to operate without webhook signature validation.

Key Changes

• Added a mock webhook validator fallback in the default case when neither MOCK_ZOOM_WEBHOOK nor ZOOM_WEBHOOK_SECRET_TOKEN environment variables are configured
• Updated the warning message to indicate that a mock validator is being used
• Added logging.PriorityCritical() to flag this misconfiguration

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Using a mock webhook validator in production is a critical security vulnerability. The mock validator bypasses all signature validation (always returns nil), which means any attacker could send fake webhook events to your system without authentication.

This default case is reached when neither MOCK_ZOOM_WEBHOOK=true nor ZOOM_WEBHOOK_SECRET_TOKEN is set. In production environments, this should either fail fast to prevent the service from starting with insecure configuration, or at minimum not set any validator at all.

Consider these alternatives:

1. Require ZOOM_WEBHOOK_SECRET_TOKEN in production and fail to start if not provided
2. Leave config.Validator as nil in the default case and check for nil before processing webhooks
3. Add an environment check (e.g., LFX_ENVIRONMENT) to only allow mock validators in dev/staging

The PriorityCritical() log attribute is appropriate but insufficient - it logs the issue but still proceeds with an insecure configuration.

Suggested change

	slog.Warn("Zoom webhook validation not configured - using mock validator", logging.PriorityCritical())
	env := os.Getenv("LFX_ENVIRONMENT")
	if env == "prod" || env == "production" {
	slog.Error("Zoom webhook validation not configured in production - refusing to start", logging.PriorityCritical())
	os.Exit(1)
	}
	slog.Warn("Zoom webhook validation not configured - using mock validator (non-production environment)", logging.PriorityCritical())

[Copilot]

The logging priority is inconsistent with how the case above (MockWebhook=true) is handled. Line 74 logs with slog.Warn without PriorityCritical(), but line 81 uses PriorityCritical(). Both cases result in the same outcome - using a mock validator that bypasses security checks.

If PriorityCritical() is warranted here (which it is, given the security implications), it should also be used on line 74 for consistency. The difference is that line 74 is an explicit opt-in via MOCK_ZOOM_WEBHOOK=true, while line 81 is a fallback due to missing configuration - both are equally critical from a security perspective if they occur in production.

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 71f3aee and 8673370.

📒 Files selected for processing (1)

• cmd/meeting-api/platforms/zoom.go (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.go

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.go: Use structured logging with slog throughout the application
Format Go code with gofmt (enforced by make fmt)

Files:

• cmd/meeting-api/platforms/zoom.go

🧬 Code graph analysis (1)

cmd/meeting-api/platforms/zoom.go (2)

internal/logging/logging.go (1)

• PriorityCritical (125-127)

internal/infrastructure/zoom/webhook/mock.go (1)

• NewMockWebhookValidator (14-16)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: CodeQL analysis (go)
• GitHub Check: Agent
• GitHub Check: MegaLinter
• GitHub Check: Build and Test

🔇 Additional comments (1)

cmd/meeting-api/platforms/zoom.go (1)

82-82: Change successfully addresses the PR objective.

The assignment of the mock validator here provides the fallback mechanism described in the PR objectives. This prevents the nil validator issue that was causing health check failures and service restarts when Zoom environment variables were not configured.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Search for environment detection patterns that distinguish production from development

# Search for common environment variable patterns
rg -n --type=go -C3 '\b(ENV|ENVIRONMENT|DEPLOYMENT|STAGE)\b' -g '!vendor/**' -g '!*_test.go'

# Search for other configuration validation or startup checks
rg -n --type=go -C3 'IsConfigured|ValidateConfig|checkConfig' -g '!vendor/**' -g '!*_test.go'

Repository: linuxfoundation/lfx-v2-meeting-service

Length of output: 1185

---

🏁 Script executed:

#!/bin/bash
# Read the zoom.go file to see the full context of SetupZoom function
cat -n cmd/meeting-api/platforms/zoom.go | head -90

Repository: linuxfoundation/lfx-v2-meeting-service

Length of output: 3740

---

🏁 Script executed:

#!/bin/bash
# Search for SetupZoom function calls
echo "=== SetupZoom function calls ==="
rg -n 'SetupZoom' --type=go -B2 -A2 -g '!vendor/**'

# Search for main function or initialization
echo -e "\n=== Main function and app initialization ==="
rg -n 'func main|func init' --type=go -B1 -A10 -g '!vendor/**' | head -100

# Search for app configuration or startup validation
echo -e "\n=== Configuration/startup validation patterns ==="
rg -n 'panic|fatal|os\.Exit|log\.Fatal' --type=go -B2 -A2 -g '!vendor/**' -g '!*_test.go' | head -80

Repository: linuxfoundation/lfx-v2-meeting-service

Length of output: 2812

---

🏁 Script executed:

#!/bin/bash
# Read main.go to see full run() function and initialization
cat -n cmd/meeting-api/main.go | head -100

Repository: linuxfoundation/lfx-v2-meeting-service

Length of output: 3845

---

🏁 Script executed:

#!/bin/bash
# Read config.go to see environment parsing and validation
cat -n cmd/meeting-api/config.go

Repository: linuxfoundation/lfx-v2-meeting-service

Length of output: 5150

---

Add environment-based safeguards to prevent mock webhook validation in production.

While this change successfully prevents service crashes, defaulting to a mock webhook validator means webhook signature validation will be bypassed when Zoom configuration is missing. Since the service defaults to production mode (see LFX_ENVIRONMENT in config.go), this could pose a security risk if the service runs without proper Zoom webhook configuration.

The codebase already detects environment via LFX_ENVIRONMENT variable (dev/staging/prod, defaulting to prod). Consider:

• Fail startup in production if webhook validation is not properly configured (neither ZOOM_WEBHOOK_SECRET_TOKEN nor MOCK_ZOOM_WEBHOOK=true)
• Only allow mock validator when explicitly in development/testing mode
• Validate webhook configuration status before returning from SetupZoom

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Clarify the log level or priority.

The log uses slog.Warn level but includes logging.PriorityCritical() as an attribute. This creates a mismatch: if the situation is critical enough to warrant PriorityCritical(), should it be logged at Error or Fatal level instead? Alternatively, if Warn is appropriate (since the service can still function with the mock validator), the PriorityCritical() attribute may be unnecessary.

Consider one of these approaches:

-		slog.Warn("Zoom webhook validation not configured - using mock validator", logging.PriorityCritical())
+		slog.Error("Zoom webhook validation not configured - using mock validator", logging.PriorityCritical())

Or remove the priority attribute if a warning is sufficient:

-		slog.Warn("Zoom webhook validation not configured - using mock validator", logging.PriorityCritical())
+		slog.Warn("Zoom webhook validation not configured - using mock validator")

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	slog.Warn("Zoom webhook validation not configured - using mock validator", logging.PriorityCritical())
	slog.Error("Zoom webhook validation not configured - using mock validator", logging.PriorityCritical())

Suggested change

	slog.Warn("Zoom webhook validation not configured - using mock validator", logging.PriorityCritical())
	slog.Warn("Zoom webhook validation not configured - using mock validator")

🤖 Prompt for AI Agents

In cmd/meeting-api/platforms/zoom.go around line 81, the code logs a warning
with slog.Warn but adds logging.PriorityCritical() which mismatches level;
either change the call to a higher severity (e.g., use slog.Error or slog.Warn
with appropriate semantics) if this truly merits a critical priority, or remove
the PriorityCritical() attribute if a warning is sufficient; update the log
invocation so the severity and the priority attribute are consistent (e.g.,
replace slog.Warn(..., logging.PriorityCritical()) with slog.Error(...,
logging.PriorityCritical()) for critical, or keep slog.Warn(...) and drop the
PriorityCritical() argument).