chore: Logger for non-existent WhatsApp channels (#11064)

- Add a warning logger for cases where we are getting webhook events for
inactive numbers.
- Add config to discard events for inactive numbers so that the meta
will stop sending events

---------

Co-authored-by: Pranav <pranav@chatwoot.com>

app/controllers/webhooks/whatsapp_controller.rb

@@ -2,6 +2,12 @@ class Webhooks::WhatsappController < ActionController::API
   include MetaTokenVerifyConcern
 
   def process_payload
+    if inactive_whatsapp_number?
+      Rails.logger.warn("Rejected webhook for inactive WhatsApp number: #{params[:phone_number]}")
+      render json: { error: 'Inactive WhatsApp number' }, status: :unprocessable_entity
+      return
+    end
+
     Webhooks::WhatsappEventsJob.perform_later(params.to_unsafe_hash)
     head :ok
   end
@@ -13,4 +19,15 @@ class Webhooks::WhatsappController < ActionController::API
     whatsapp_webhook_verify_token = channel.provider_config['webhook_verify_token'] if channel.present?
     token == whatsapp_webhook_verify_token if whatsapp_webhook_verify_token.present?
   end
+
+  def inactive_whatsapp_number?
+    phone_number = params[:phone_number]
+    return false if phone_number.blank?
+
+    inactive_numbers = GlobalConfig.get_value('INACTIVE_WHATSAPP_NUMBERS').to_s
+    return false if inactive_numbers.blank?
+
+    inactive_numbers_array = inactive_numbers.split(',').map(&:strip)
+    inactive_numbers_array.include?(phone_number)
+  end
 end

app/jobs/webhooks/whatsapp_events_job.rb

@@ -3,7 +3,11 @@ class Webhooks::WhatsappEventsJob < ApplicationJob
 
   def perform(params = {})
     channel = find_channel_from_whatsapp_business_payload(params)
-    return if channel_is_inactive?(channel)
+
+    if channel_is_inactive?(channel)
+      Rails.logger.warn("Inactive WhatsApp channel: #{channel&.phone_number || "unknown - #{params[:phone_number]}"}")
+      return
+    end
 
     case channel.provider
     when 'whatsapp_cloud'

config/installation_config.yml

@@ -204,6 +204,11 @@
   display_title: 'Blocked Email Domains'
   description: 'Add a domain per line to block them from signing up, accepts Regex'
   type: code
+- name: INACTIVE_WHATSAPP_NUMBERS
+  value: ''
+  display_title: 'Inactive WhatsApp Numbers'
+  description: 'Comma-separated list of WhatsApp numbers that should be rejected with a 422 error'
+  type: code
 # ------- End of Chatwoot Internal Config for Cloud ----#
 
 # ------- Chatwoot Internal Config for Self Hosted ----#

enterprise/app/controllers/enterprise/super_admin/app_configs_controller.rb

@@ -32,7 +32,7 @@ module Enterprise::SuperAdmin::AppConfigsController
   end
 
   def internal_config_options
-    %w[CHATWOOT_INBOX_TOKEN CHATWOOT_INBOX_HMAC_KEY ANALYTICS_TOKEN CLEARBIT_API_KEY DASHBOARD_SCRIPTS BLOCKED_EMAIL_DOMAINS
+    %w[CHATWOOT_INBOX_TOKEN CHATWOOT_INBOX_HMAC_KEY ANALYTICS_TOKEN CLEARBIT_API_KEY DASHBOARD_SCRIPTS INACTIVE_WHATSAPP_NUMBERS BLOCKED_EMAIL_DOMAINS
        CAPTAIN_CLOUD_PLAN_LIMITS ACCOUNT_SECURITY_NOTIFICATION_WEBHOOK_URL]
   end
 end

spec/controllers/webhooks/whatsapp_controller_spec.rb

@@ -29,5 +29,34 @@ RSpec.describe 'Webhooks::WhatsappController', type: :request do
       post '/webhooks/whatsapp/123221321', params: { content: 'hello' }
       expect(response).to have_http_status(:success)
     end
+
+    context 'when phone number is in inactive list' do
+      before do
+        allow(GlobalConfig).to receive(:get_value).with('INACTIVE_WHATSAPP_NUMBERS').and_return('+1234567890,+9876543210')
+      end
+
+      it 'returns service unavailable for inactive phone number in URL params' do
+        allow(Rails.logger).to receive(:warn)
+        expect(Rails.logger).to receive(:warn).with('Rejected webhook for inactive WhatsApp number: +1234567890')
+
+        post '/webhooks/whatsapp/+1234567890', params: { content: 'hello' }
+        expect(response).to have_http_status(:unprocessable_entity)
+        expect(response.parsed_body['error']).to eq('Inactive WhatsApp number')
+      end
+    end
+
+    context 'when INACTIVE_WHATSAPP_NUMBERS config is not set' do
+      before do
+        allow(GlobalConfig).to receive(:get_value).with('INACTIVE_WHATSAPP_NUMBERS').and_return(nil)
+      end
+
+      it 'processes the webhook normally' do
+        allow(Webhooks::WhatsappEventsJob).to receive(:perform_later)
+        expect(Webhooks::WhatsappEventsJob).to receive(:perform_later)
+
+        post '/webhooks/whatsapp/+1234567890', params: { content: 'hello' }
+        expect(response).to have_http_status(:success)
+      end
+    end
   end
 end

spec/jobs/webhooks/whatsapp_events_job_spec.rb

@@ -81,6 +81,22 @@ RSpec.describe Webhooks::WhatsappEventsJob do
       expect(Whatsapp::IncomingMessageService).not_to receive(:new)
       job.perform_now(params)
     end
+
+    it 'logs a warning when channel is inactive' do
+      channel.prompt_reauthorization!
+      allow(Rails.logger).to receive(:warn)
+
+      expect(Rails.logger).to receive(:warn).with("Inactive WhatsApp channel: #{channel.phone_number}")
+      job.perform_now(params)
+    end
+
+    it 'logs a warning with unknown phone number when channel does not exist' do
+      unknown_phone = '+1234567890'
+      allow(Rails.logger).to receive(:warn)
+
+      expect(Rails.logger).to receive(:warn).with("Inactive WhatsApp channel: unknown - #{unknown_phone}")
+      job.perform_now(phone_number: unknown_phone)
+    end
   end
 
   context 'when default provider' do