Extended the webhook system to validate outputs being returned to clients,
complementing the existing input validation framework.
2026-02-19
feat/webhook_validate
New Methods Added:
_get_output_validation_list(package, archetype) - Retrieves output_patch_output_param(query) - Substitutes output parameters in SQL_validate_output_required() - Validates required RETURN parameters_validate_output_types() - Validates output value types (INT, FLOAT,_validate_output(package, archetype) - Executes custom SQL outputModified Methods:
_get_validation_list() - Added Active='Y' filter for consistencyRenderResult() - Added output validation calls before returningLines Added: ~230 lines
Validation Flow:
RenderResult()
|
v
Build results dictionary
|
v
_validate_output_required() → Checks required params
|
v [PASS]
_validate_output_types() → Validates data types
|
v [PASS]
_validate_output() → Custom SQL validations
|
v [PASS]
Return results
New Table Schema:
def_webhook_output_validations: |
CREATE TABLE `def_webhook_output_validations` (
`WebhookCode` varchar(255) NOT NULL,
`Package` varchar(100) NOT NULL DEFAULT '',
`Description` varchar(255) NOT NULL,
`Block` varchar(255) NOT NULL DEFAULT '',
`Rank` int(11) NOT NULL DEFAULT 1,
`ValidationSql` mediumtext DEFAULT NULL,
`ValidationNote` varchar(255) DEFAULT NULL,
`RemoteConnection` varchar(255) DEFAULT '',
`Active` char(1) DEFAULT 'Y',
PRIMARY KEY (`WebhookCode`, `Package`, `Description`, `Block`),
KEY `idx_package` (`Package`),
KEY `idx_rank` (`Rank`),
KEY `idx_webhookcode` (`WebhookCode`),
KEY `idx_active` (`Active`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
Modified Table: def_webhook
Added column:
`Buildoutputvalidation` char(1) DEFAULT 'N'
Modified Table: def_webhook_validations
Added column for consistency:
`Active` char(1) DEFAULT 'Y'
Created comprehensive documentation (2000+ lines) covering:
Layer 1: Required Parameter Validation
Layer 2: Type Validation
Layer 3: Custom SQL Validation
The _patch_output_param() method supports:
$guid$ - Execution GUID$input_param$ - Input parameters from self.params$output_param$ - Output values from self.resultsExample validation SQL:
SELECT IF(
EXISTS(SELECT 1 FROM customers WHERE id = $customer_id$),
'Y',
'N'
)
Failed validation returns:
{
"result": "Error",
"result_note": "Output validation failure: Customer ID not found",
"Statuscode": 400
}
Multiple failures are joined with semicolons.
Enable for specific webhook:
UPDATE def_webhook
SET Buildoutputvalidation = 'Y'
WHERE WebhookCode = 'CUSTOMER_CREATE';
Mark output as required:
UPDATE def_webhook_parameters
SET Required = 'Y'
WHERE WebhookCode = 'CUSTOMER_CREATE'
AND Parameter = 'customer_id'
AND PostType = 'RETURN';
Add custom validation:
INSERT INTO def_webhook_output_validations (
WebhookCode, Package, Description, Rank,
ValidationSql, ValidationNote
) VALUES (
'CUSTOMER_CREATE', 'homechoice',
'Verify customer exists', 1,
'SELECT IF(EXISTS(...), "Y", "N")',
'Customer not found in database'
);
Buildoutputvalidation = 'N' - no impact on existing webhooksTest each validation layer independently:
Test complete flow:
Measure impact:
Verified compliance with CLAUDE.md:
To enable output validation in existing database:
-- Add Buildoutputvalidation column
ALTER TABLE def_webhook
ADD COLUMN Buildoutputvalidation char(1) DEFAULT 'N'
AFTER Buildvalidation;
-- Add Active column to input validations
ALTER TABLE def_webhook_validations
ADD COLUMN Active char(1) DEFAULT 'Y';
-- Create output validations table
CREATE TABLE def_webhook_output_validations (
WebhookCode varchar(255) NOT NULL,
Package varchar(100) NOT NULL DEFAULT '',
Description varchar(255) NOT NULL,
Block varchar(255) NOT NULL DEFAULT '',
Rank int(11) NOT NULL DEFAULT 1,
ValidationSql mediumtext DEFAULT NULL,
ValidationNote varchar(255) DEFAULT NULL,
RemoteConnection varchar(255) DEFAULT '',
Active char(1) DEFAULT 'Y',
PRIMARY KEY (WebhookCode, Package, Description, Block),
KEY idx_package (Package),
KEY idx_rank (Rank),
KEY idx_webhookcode (WebhookCode),
KEY idx_active (Active)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
INSERT INTO def_webhook_output_validations VALUES (
'CREATE_ORDER',
'homechoice',
'Validate customer ID',
'',
1,
'SELECT IF(
EXISTS(SELECT 1 FROM customers WHERE customer_id = $customer_id$),
"Y",
"N"
)',
'Invalid customer ID',
'',
'Y'
);
INSERT INTO def_webhook_output_validations VALUES (
'CALCULATE_QUOTE',
'homechoice',
'Validate quote amount',
'',
2,
'SELECT IF($total_amount$ BETWEEN 100 AND 1000000, "Y", "N")',
'Quote amount out of valid range (R100-R1,000,000)',
'',
'Y'
);
INSERT INTO def_webhook_output_validations VALUES (
'HCSCORE',
'homechoice',
'Validate credit score range',
'',
1,
'SELECT IF($Score$ BETWEEN 300 AND 850, "Y", "N")',
'Credit score out of valid range (300-850)',
'',
'Y'
);
Estimated overhead per validation:
Total typical overhead: 2-15ms per webhook response
SQL Injection Protection
Information Disclosure
DoS Protection