package com.saas.voip.controller; import com.saas.shared.security.WebhookSecurityService; import com.saas.voip.service.RetellWebhookService; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.responses.ApiResponse; import io.swagger.v3.oas.annotations.tags.Tag; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.*; import java.util.Map; /** * Retell AI Webhook Controller * * Phase 4.2 - Webhook endpoints for Retell AI events * * Handles webhooks from Retell AI: * - call_started: Call initiated * - call_ended: Call finished (transcript, cost, duration) * - call_analyzed: Call analysis complete * - agent_response: Real-time agent responses * * Security: HMAC-SHA256 signature verification (Phase 2.1) */ @RestController @RequestMapping("/api/retell/webhook") @RequiredArgsConstructor @Slf4j @Tag(name = "Retell AI Webhooks", description = "Webhook endpoints for Retell AI events") public class RetellWebhookController { private final RetellWebhookService webhookService; private final WebhookSecurityService webhookSecurityService; /** * Main webhook endpoint for all Retell AI events * Retell sends webhook with X-Retell-Signature header (HMAC-SHA256) */ @PostMapping @Operation(summary = "Receive Retell webhook", description = "Process Retell AI webhook events with HMAC verification") @ApiResponse(responseCode = "200", description = "Webhook processed successfully") @ApiResponse(responseCode = "401", description = "Invalid webhook signature") public ResponseEntity handleWebhook( @RequestHeader(value = "X-Retell-Signature", required = false) String providedSignature, @RequestBody String rawPayload) { log.info("📥 Retell webhook received"); // PHASE 2.1: HMAC-SHA256 signature verification if (!webhookSecurityService.verifyRetellSignature(rawPayload, providedSignature)) { log.error("❌ Invalid Retell webhook signature"); return ResponseEntity.status(HttpStatus.UNAUTHORIZED) .body(Map.of("error", "Invalid webhook signature")); } try { // Parse payload Map payload = parsePayload(rawPayload); String eventType = (String) payload.get("event"); if (eventType == null) { log.error("❌ No event type in Retell webhook payload"); return ResponseEntity.badRequest() .body(Map.of("error", "Missing event type")); } log.info("📋 Processing Retell event: {}", eventType); // Route webhook based on event type switch (eventType) { case "call_started": webhookService.processCallStarted(payload); return ResponseEntity.ok(Map.of("status", "processed")); case "call_ended": webhookService.processCallEnded(payload); return ResponseEntity.ok(Map.of("status", "processed")); case "call_analyzed": webhookService.processCallAnalyzed(payload); return ResponseEntity.ok(Map.of("status", "processed")); case "agent_response": webhookService.processAgentResponse(payload); return ResponseEntity.ok(Map.of("status", "processed")); default: log.warn("⚠️ Unknown Retell webhook event: {}", eventType); return ResponseEntity.ok(Map.of("status", "ignored", "message", "Unknown event type")); } } catch (Exception e) { log.error("❌ Error processing Retell webhook: {}", e.getMessage(), e); return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR) .body(Map.of("error", e.getMessage())); } } /** * Parse JSON payload */ private Map parsePayload(String rawPayload) { try { com.fasterxml.jackson.databind.ObjectMapper mapper = new com.fasterxml.jackson.databind.ObjectMapper(); return mapper.readValue(rawPayload, Map.class); } catch (Exception e) { throw new RuntimeException("Failed to parse webhook payload", e); } } }