Skip to content

[LFXV2-918] fix(zoom): default to mock zoom webhook validator #101

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
bramwelt wants to merge 1 commit into
base: main
Choose a base branch
from
+2 −1
Draft

[LFXV2-918] fix(zoom): default to mock zoom webhook validator #101

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion cmd/meeting-api/platforms/zoom.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,8 @@ func SetupZoom(config ZoomConfig) ZoomConfig {
slog.Info("Zoom webhook validation configured")
config.Validator = validator
default:
slog.Warn("Zoom webhook validation not configured", logging.PriorityCritical())
slog.Warn("Zoom webhook validation not configured - using mock validator", logging.PriorityCritical())
Copy link

Copilot AI Dec 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using a mock webhook validator in production is a critical security vulnerability. The mock validator bypasses all signature validation (always returns nil), which means any attacker could send fake webhook events to your system without authentication.

This default case is reached when neither MOCK_ZOOM_WEBHOOK=true nor ZOOM_WEBHOOK_SECRET_TOKEN is set. In production environments, this should either fail fast to prevent the service from starting with insecure configuration, or at minimum not set any validator at all.

Consider these alternatives:

  1. Require ZOOM_WEBHOOK_SECRET_TOKEN in production and fail to start if not provided
  2. Leave config.Validator as nil in the default case and check for nil before processing webhooks
  3. Add an environment check (e.g., LFX_ENVIRONMENT) to only allow mock validators in dev/staging

The PriorityCritical() log attribute is appropriate but insufficient - it logs the issue but still proceeds with an insecure configuration.

Suggested change
slog.Warn("Zoom webhook validation not configured - using mock validator", logging.PriorityCritical())
env := os.Getenv("LFX_ENVIRONMENT")
if env == "prod" || env == "production" {
slog.Error("Zoom webhook validation not configured in production - refusing to start", logging.PriorityCritical())
os.Exit(1)
}
slog.Warn("Zoom webhook validation not configured - using mock validator (non-production environment)", logging.PriorityCritical())

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Dec 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The logging priority is inconsistent with how the case above (MockWebhook=true) is handled. Line 74 logs with slog.Warn without PriorityCritical(), but line 81 uses PriorityCritical(). Both cases result in the same outcome - using a mock validator that bypasses security checks.

If PriorityCritical() is warranted here (which it is, given the security implications), it should also be used on line 74 for consistency. The difference is that line 74 is an explicit opt-in via MOCK_ZOOM_WEBHOOK=true, while line 81 is a fallback due to missing configuration - both are equally critical from a security perspective if they occur in production.

Copilot uses AI. Check for mistakes.
Copy link

@coderabbitai coderabbitai bot Dec 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Clarify the log level or priority.

The log uses slog.Warn level but includes logging.PriorityCritical() as an attribute. This creates a mismatch: if the situation is critical enough to warrant PriorityCritical(), should it be logged at Error or Fatal level instead? Alternatively, if Warn is appropriate (since the service can still function with the mock validator), the PriorityCritical() attribute may be unnecessary.

Consider one of these approaches:

-		slog.Warn("Zoom webhook validation not configured - using mock validator", logging.PriorityCritical())
+		slog.Error("Zoom webhook validation not configured - using mock validator", logging.PriorityCritical())

Or remove the priority attribute if a warning is sufficient:

-		slog.Warn("Zoom webhook validation not configured - using mock validator", logging.PriorityCritical())
+		slog.Warn("Zoom webhook validation not configured - using mock validator")
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
slog.Warn("Zoom webhook validation not configured - using mock validator", logging.PriorityCritical())
slog.Error("Zoom webhook validation not configured - using mock validator", logging.PriorityCritical())
Suggested change
slog.Warn("Zoom webhook validation not configured - using mock validator", logging.PriorityCritical())
slog.Warn("Zoom webhook validation not configured - using mock validator")
🤖 Prompt for AI Agents 
In cmd/meeting-api/platforms/zoom.go around line 81, the code logs a warning
with slog.Warn but adds logging.PriorityCritical() which mismatches level;
either change the call to a higher severity (e.g., use slog.Error or slog.Warn
with appropriate semantics) if this truly merits a critical priority, or remove
the PriorityCritical() attribute if a warning is sufficient; update the log
invocation so the severity and the priority attribute are consistent (e.g.,
replace slog.Warn(..., logging.PriorityCritical()) with slog.Error(...,
logging.PriorityCritical()) for critical, or keep slog.Warn(...) and drop the
PriorityCritical() argument).

config.Validator = webhook.NewMockWebhookValidator()
}
Comment on lines 80 to 83
Copy link

@coderabbitai coderabbitai bot Dec 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Search for environment detection patterns that distinguish production from development

# Search for common environment variable patterns
rg -n --type=go -C3 '\b(ENV|ENVIRONMENT|DEPLOYMENT|STAGE)\b' -g '!vendor/**' -g '!*_test.go'

# Search for other configuration validation or startup checks
rg -n --type=go -C3 'IsConfigured|ValidateConfig|checkConfig' -g '!vendor/**' -g '!*_test.go'

Repository: linuxfoundation/lfx-v2-meeting-service

Length of output: 1185

🏁 Script executed:

#!/bin/bash
# Read the zoom.go file to see the full context of SetupZoom function
cat -n cmd/meeting-api/platforms/zoom.go | head -90

Repository: linuxfoundation/lfx-v2-meeting-service

Length of output: 3740

🏁 Script executed:

#!/bin/bash
# Search for SetupZoom function calls
echo "=== SetupZoom function calls ==="
rg -n 'SetupZoom' --type=go -B2 -A2 -g '!vendor/**'

# Search for main function or initialization
echo -e "\n=== Main function and app initialization ==="
rg -n 'func main|func init' --type=go -B1 -A10 -g '!vendor/**' | head -100

# Search for app configuration or startup validation
echo -e "\n=== Configuration/startup validation patterns ==="
rg -n 'panic|fatal|os\.Exit|log\.Fatal' --type=go -B2 -A2 -g '!vendor/**' -g '!*_test.go' | head -80

Repository: linuxfoundation/lfx-v2-meeting-service

Length of output: 2812

🏁 Script executed:

#!/bin/bash
# Read main.go to see full run() function and initialization
cat -n cmd/meeting-api/main.go | head -100

Repository: linuxfoundation/lfx-v2-meeting-service

Length of output: 3845

🏁 Script executed:

#!/bin/bash
# Read config.go to see environment parsing and validation
cat -n cmd/meeting-api/config.go

Repository: linuxfoundation/lfx-v2-meeting-service

Length of output: 5150

Add environment-based safeguards to prevent mock webhook validation in production.

While this change successfully prevents service crashes, defaulting to a mock webhook validator means webhook signature validation will be bypassed when Zoom configuration is missing. Since the service defaults to production mode (see LFX_ENVIRONMENT in config.go), this could pose a security risk if the service runs without proper Zoom webhook configuration.

The codebase already detects environment via LFX_ENVIRONMENT variable (dev/staging/prod, defaulting to prod). Consider:

  • Fail startup in production if webhook validation is not properly configured (neither ZOOM_WEBHOOK_SECRET_TOKEN nor MOCK_ZOOM_WEBHOOK=true)
  • Only allow mock validator when explicitly in development/testing mode
  • Validate webhook configuration status before returning from SetupZoom


return config
Expand Down