Refactor webhook endpoints to use session API key authentication (#11926)

Co-authored-by: openhands <openhands@all-hands.dev>
2026-03-22 13:47:19 +08:00 · 2025-12-08 07:40:01 -07:00
parent ed7adb335c
commit db64abc580
7 changed files with 82 additions and 14 deletions
--- a/tests/unit/app_server/test_remote_sandbox_service.py
+++ b/tests/unit/app_server/test_remote_sandbox_service.py
@@ -291,9 +291,7 @@ class TestEnvironmentInitialization:
        )

        # Verify
-        expected_webhook_url = (
-            'https://web.example.com/api/v1/webhooks/test-sandbox-123'
-        )
+        expected_webhook_url = 'https://web.example.com/api/v1/webhooks'
        assert environment['EXISTING_VAR'] == 'existing_value'
        assert environment[WEBHOOK_CALLBACK_VARIABLE] == expected_webhook_url
        assert environment[ALLOW_CORS_ORIGINS_VARIABLE] == 'https://web.example.com'
--- a/tests/unit/app_server/test_sandbox_service.py
+++ b/tests/unit/app_server/test_sandbox_service.py
@@ -27,6 +27,7 @@ class MockSandboxService(SandboxService):
    def __init__(self):
        self.search_sandboxes_mock = AsyncMock()
        self.get_sandbox_mock = AsyncMock()
+        self.get_sandbox_by_session_api_key_mock = AsyncMock()
        self.start_sandbox_mock = AsyncMock()
        self.resume_sandbox_mock = AsyncMock()
        self.pause_sandbox_mock = AsyncMock()
@@ -40,6 +41,11 @@ class MockSandboxService(SandboxService):
    async def get_sandbox(self, sandbox_id: str) -> SandboxInfo | None:
        return await self.get_sandbox_mock(sandbox_id)

+    async def get_sandbox_by_session_api_key(
+        self, session_api_key: str
+    ) -> SandboxInfo | None:
+        return await self.get_sandbox_by_session_api_key_mock(session_api_key)
+
    async def start_sandbox(self, sandbox_spec_id: str | None = None) -> SandboxInfo:
        return await self.start_sandbox_mock(sandbox_spec_id)