pandadoc webhook create app#248
Open
rayyanmridha wants to merge 6 commits into
Open
Conversation
…sions Adds a public POST /api/pandadoc-webhook endpoint that receives PandaDoc webhook payloads when a recipient completes the application form. The endpoint runs the payload through the existing pandadocMapper, sets defaults (appStatus=APP_SUBMITTED, derives applicantType from schoolDepartment), then creates Application, CandidateInfo, and LearnerInfo records in sequence with logging at each step. - New PandadocWebhookModule with controller, service, and tests - Export ApplicationsService and LearnerInfoService from their modules - Register PandadocWebhookModule and CandidateInfoModule in AppModule - Optional webhook signature verification via PANDADOC_WEBHOOK_KEY env var - Reuses existing error email filters for applicant notifications Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ilters The controller previously did the x-pandadoc-signature check inline and applied ApplicationCreationErrorFilter + ApplicationValidationEmailFilter intended for the human application-form route. Those filters use @catch(Error), which swallowed UnauthorizedException and rewrote it as 500, and also emailed the applicant on every failure — wrong actor on a webhook where PandaDoc, not the applicant, is the caller. Move the signature check into PandadocSignatureGuard so 401s flow through Nest's default handler, and remove @UseFilters from the webhook controller. The filters remain on POST /applications where they belong.
Previously the service called ApplicationsService.create, CandidateInfoService.create, and LearnerInfoService.create sequentially. Any failure mid-sequence — including the success-confirmation email inside ApplicationsService.create — left an Application row without its CandidateInfo / LearnerInfo siblings. Inject DataSource and run all three em.save calls inside dataSource.transaction so a failure rolls everything back. Drop the inter-service dependency from the module (now only ConfigModule is needed; entities are resolved via the global DataSource). Also harden formatDate to convert ISO-8601 strings to YYYY-MM-DD instead of returning them as-is.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
ℹ️ Issue
Closes #221
📝 Description
Write a short summary of what you added. Why is it important? Any member of C4C should be able to read this and understand your contribution -- not just your team members.
Briefly list the changes made to the code:
✔️ Verification
What steps did you take to verify your changes work? These should be clear enough for someone to be able to clone the branch and follow the steps themselves.
Provide screenshots of any new components, styling changes, or pages.
🏕️ (Optional) Future Work / Notes
Did you notice anything ugly during the course of this ticket? Any bugs, design challenges, or unexpected behavior? Write it down so we can clean it up in a future ticket!