feat(discord): Discord notification channel via OAuth2 webhook.incoming (#2596)

* feat(discord): add discord to channelTypeValidator and notificationChannels schema * feat(discord): add setDiscordOAuthChannelForUser mutation and set-discord-oauth HTTP handler * feat(discord): add OAuth2 webhook.incoming start and callback edge functions * feat(discord): add sendDiscord delivery function with SSRF guard, 429 retry, and deactivation * feat(discord): add frontend Connect Discord UI and vercel.json CSP header * fix(discord): reject discord in generic setChannel/setChannelForUser — must use set-discord-oauth * fix(discord): fix reflected XSS in OAuth callbacks, cap Discord content at 2000 chars, add retry depth guard
2026-04-25 17:14:57 +02:00 · 2026-04-01 18:25:27 +04:00
parent 35c36753c4
commit 29bf4aa3c8
11 changed files with 470 additions and 8 deletions
--- a/vercel.json
+++ b/vercel.json
@@ -86,6 +86,12 @@
        { "key": "Content-Security-Policy", "value": "default-src 'none'; script-src 'unsafe-inline'; style-src 'unsafe-inline';" }
      ]
    },
+    {
+      "source": "/api/discord/oauth/callback",
+      "headers": [
+        { "key": "Content-Security-Policy", "value": "default-src 'none'; script-src 'unsafe-inline'; style-src 'unsafe-inline';" }
+      ]
+    },
    {
      "source": "/",
      "headers": [