Interface IWebhookReplayStore

Namespace

FlowOrchestrator.Core.Storage

Assembly

FlowOrchestrator.Core.dll

Persistence contract for webhook replay-attack protection. Maintains a set of (flowId, triggerKey, nonce) tuples with expiry; a successful registration means the nonce has not been seen before, a conflict means a replay attack is in progress.

public interface IWebhookReplayStore

Remarks

Storage-neutral by design — in-memory, Sql Server, and PostgreSQL impls ship in their respective projects. Pick the backend that matches your deployment topology: in-memory for single-replica, Sql/Postgres for multi-replica coordination.

Methods

PurgeExpiredAsync(DateTimeOffset, CancellationToken)

Drops every entry whose ExpiresAt is at or before now.

ValueTask<int> PurgeExpiredAsync(DateTimeOffset now, CancellationToken ct = default)

Parameters

now DateTimeOffset

Reference instant; entries with ExpiresAt <= now are removed.

ct CancellationToken

Cancellation token.

Returns

ValueTask<int>

TryRegisterAsync(Guid, string, string, DateTimeOffset, CancellationToken)

Atomically records the nonce. Returns true when the nonce had not been seen for this flow + trigger; false when the same tuple is already present (replay).

ValueTask<bool> TryRegisterAsync(Guid flowId, string triggerKey, string nonce, DateTimeOffset expiresAt, CancellationToken ct = default)

Parameters

flowId Guid

Flow identifier scoping the dedup window.

triggerKey string

Trigger key scoping the dedup window.

nonce string

Unique-per-event token (timestamp + delivery-id, etc.).

expiresAt DateTimeOffset

When the entry may be purged.

ct CancellationToken

Cancellation propagated from the host pipeline.

Returns

ValueTask<bool>