feat: add Resend inbound webhook endpoint and client (refs #155)

- ResendInboundClient: webhook signature verification via Svix, email fetch/download/parse with mailparser - POST /api/webhooks/resend/inbound endpoint with rawBody, signature verification, idempotency check, queue insertion, async processing - Config: resend_webhook_secret (optional) in secrets schema - Route registration in app.ts following Stripe webhook pattern Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13 08:22:25 -06:00
parent 877f844be6
commit 2462fff34d
8 changed files with 519 additions and 15 deletions
--- a/backend/src/features/email-ingestion/api/email-ingestion.routes.ts
+++ b/backend/src/features/email-ingestion/api/email-ingestion.routes.ts
@@ -0,0 +1,24 @@
+/**
+ * @ai-summary Resend inbound webhook route registration
+ * @ai-context Public endpoint (no JWT auth) with rawBody for signature verification
+ */
+
+import { FastifyPluginAsync } from 'fastify';
+import { EmailIngestionController } from './email-ingestion.controller';
+
+export const emailIngestionWebhookRoutes: FastifyPluginAsync = async (fastify) => {
+  const controller = new EmailIngestionController();
+
+  // POST /api/webhooks/resend/inbound - PUBLIC endpoint (no JWT auth)
+  // Resend authenticates via webhook signature verification (Svix)
+  // rawBody MUST be enabled for signature verification to work
+  fastify.post(
+    '/webhooks/resend/inbound',
+    {
+      config: {
+        rawBody: true,
+      },
+    },
+    controller.handleInboundWebhook.bind(controller)
+  );
+};