tiennm99/claude-status-webhook
1
0
Fork 0
mirror of https://github.com/tiennm99/claude-status-webhook.git synced 2026-04-17 13:21:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: per-subscriber KV keys, HMAC verification, cron trigger

Browse Source 
Major refactor addressing scalability, security, and reliability:

- KV schema: single-key → per-subscriber keys (sub:{chatId}:{threadId})
  eliminates read-modify-write race conditions
- Component-specific subscriptions: /subscribe component <name>
- HMAC-SHA256 webhook verification with URL secret fallback
- Cron trigger (every 5 min) polls status.claude.com as safety net
- Shared telegram-api.js module (DRY fix)
- Error logging in all catch blocks
- Migration endpoint for existing subscribers
- Setup moved to standalone script (scripts/setup-bot.js)
- Removed setup HTTP route to reduce attack surface
This commit is contained in:
tiennm99
2026-04-09 00:43:07 +07:00
parent 30ffaae612
commit b728ae7d38
12 changed files with 443 additions and 117 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
README.md
View File

@@ -9,8 +9,11 @@ Hosted on [Cloudflare Workers](https://workers.cloudflare.com/) with KV for stor
- **Incident notifications** — new incidents, updates, and resolutions with impact severity
- **Component status changes** — e.g., API goes from Operational → Degraded Performance
- **Per-user subscription preferences** — subscribe to incidents only, components only, or both
- **Component-specific filtering** — subscribe to specific components (e.g., API only)
- **Supergroup topic support** — send `/start` in a specific topic and notifications go to that topic
- **On-demand status check** — `/status` fetches live data from status.claude.com
- **Automatic status monitoring** — cron checks every 5 minutes as a safety net
- **HMAC webhook verification** — validates Statuspage webhook signatures
- **Self-healing** — automatically removes subscribers who block the bot
## Bot Commands
@@ -24,7 +27,9 @@ Hosted on [Cloudflare Workers](https://workers.cloudflare.com/) with KV for stor
| `/status <name>` | Show status of a specific component (fuzzy match) |
| `/subscribe incident` | Receive incident notifications only |
| `/subscribe component` | Receive component update notifications only |
| `/subscribe all` | Receive both (default) |
| `/subscribe component <name>` | Filter to a specific component (e.g., `/subscribe component api`) |
| `/subscribe component all` | Clear component filter (receive all) |
| `/subscribe all` | Receive both incidents and components (default) |
| `/history` | Show 5 most recent incidents with impact and links |
| `/history <count>` | Show up to 10 recent incidents |
| `/uptime` | Component health overview with last status change time |
@@ -74,6 +79,10 @@ npx wrangler secret put BOT_TOKEN
npx wrangler secret put WEBHOOK_SECRET
# Choose a random secret string for the Statuspage webhook URL
# Optional: HMAC verification for Statuspage webhooks
npx wrangler secret put STATUSPAGE_HMAC_KEY
# Paste the HMAC key from Statuspage webhook settings
```
### 5. Deploy
@@ -86,13 +95,13 @@ Note the worker URL from the output (e.g., `https://claude-status-webhook.<your-
### 6. Set up Telegram bot
Visit the setup URL in your browser to register bot commands and set the Telegram webhook in one step:
Run the setup script to register bot commands and set the Telegram webhook:
```
https://<WORKER_URL>/webhook/setup/<WEBHOOK_SECRET>
```bash
BOT_TOKEN=your-token WORKER_URL=https://your-worker.workers.dev node scripts/setup-bot.js
```
You should see a JSON response with `{"ok":true}` for both `webhook` and `commands`.
You should see `{"ok":true}` for both webhook and commands.
### 7. Configure Statuspage webhook
@@ -102,6 +111,22 @@ You should see a JSON response with `{"ok":true}` for both `webhook` and `comman
Replace `<WEBHOOK_SECRET>` with the secret you set in step 4.
### 8. Run migration (if upgrading)
If you have existing subscribers from an older version, run the migration endpoint once:
```
https://<WORKER_URL>/migrate/<WEBHOOK_SECRET>
```
This converts the old single-key format to per-subscriber KV keys. Remove the `/migrate` route from `src/index.js` after confirming success.
## Automatic Status Monitoring
The bot checks status.claude.com every 5 minutes via Cloudflare Cron Triggers (free tier). If a component status changes between checks, subscribers are notified automatically. This acts as a safety net in case Statuspage webhooks are delayed or missed.
Cron-detected changes are tagged with "(detected by status check)" to distinguish from webhook notifications.
## Local Development
```bash
@@ -140,6 +165,7 @@ curl -X POST http://localhost:8787/webhook/status/your-test-secret \
- **Runtime**: [Cloudflare Workers](https://workers.cloudflare.com/)
- **Storage**: [Cloudflare KV](https://developers.cloudflare.com/kv/)
- **Queue**: [Cloudflare Queues](https://developers.cloudflare.com/queues/)
- **Cron**: [Cloudflare Cron Triggers](https://developers.cloudflare.com/workers/configuration/cron-triggers/)
- **HTTP framework**: [Hono](https://hono.dev/)
- **Telegram framework**: [grammY](https://grammy.dev/)