Initial commit: Add logistics and order_detail message types

- Add Logistics component with progress tracking
- Add OrderDetail component for order information
- Support data-driven steps and actions
- Add blue color scale to widget SCSS
- Fix node overflow and progress bar rendering issues
- Add English translations for dashboard components

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

app/controllers/webhooks/instagram_controller.rb

@@ -0,0 +1,42 @@
+class Webhooks::InstagramController < ActionController::API
+  include MetaTokenVerifyConcern
+
+  def events
+    Rails.logger.info('Instagram webhook received events')
+    if params['object'].casecmp('instagram').zero?
+      entry_params = params.to_unsafe_hash[:entry]
+
+      if contains_echo_event?(entry_params)
+        # Add delay to prevent race condition where echo arrives before send message API completes
+        # This avoids duplicate messages when echo comes early during API processing
+        ::Webhooks::InstagramEventsJob.set(wait: 2.seconds).perform_later(entry_params)
+      else
+        ::Webhooks::InstagramEventsJob.perform_later(entry_params)
+      end
+
+      render json: :ok
+    else
+      Rails.logger.warn("Message is not received from the instagram webhook event: #{params['object']}")
+      head :unprocessable_entity
+    end
+  end
+
+  private
+
+  def contains_echo_event?(entry_params)
+    return false unless entry_params.is_a?(Array)
+
+    entry_params.any? do |entry|
+      # Check messaging array for echo events
+      messaging_events = entry[:messaging] || []
+      messaging_events.any? { |messaging| messaging.dig(:message, :is_echo).present? }
+    end
+  end
+
+  def valid_token?(token)
+    # Validates against both IG_VERIFY_TOKEN (Instagram channel via Facebook page) and
+    # INSTAGRAM_VERIFY_TOKEN (Instagram channel via direct Instagram login)
+    token == GlobalConfigService.load('IG_VERIFY_TOKEN', '') ||
+      token == GlobalConfigService.load('INSTAGRAM_VERIFY_TOKEN', '')
+  end
+end

app/controllers/webhooks/line_controller.rb

@@ -0,0 +1,6 @@
+class Webhooks::LineController < ActionController::API
+  def process_payload
+    Webhooks::LineEventsJob.perform_later(params: params.to_unsafe_hash, signature: request.headers['x-line-signature'], post_body: request.raw_post)
+    head :ok
+  end
+end

app/controllers/webhooks/sms_controller.rb

@@ -0,0 +1,6 @@
+class Webhooks::SmsController < ActionController::API
+  def process_payload
+    Webhooks::SmsEventsJob.perform_later(params['_json']&.first&.to_unsafe_hash)
+    head :ok
+  end
+end

app/controllers/webhooks/telegram_controller.rb

@@ -0,0 +1,6 @@
+class Webhooks::TelegramController < ActionController::API
+  def process_payload
+    Webhooks::TelegramEventsJob.perform_later(params.to_unsafe_hash)
+    head :ok
+  end
+end

app/controllers/webhooks/tiktok_controller.rb

@@ -0,0 +1,53 @@
+class Webhooks::TiktokController < ActionController::API
+  before_action :verify_signature!
+
+  def events
+    event = JSON.parse(request_payload)
+    if echo_event?
+      # Add delay to prevent race condition where echo arrives before send message API completes
+      # This avoids duplicate messages when echo comes early during API processing
+      ::Webhooks::TiktokEventsJob.set(wait: 2.seconds).perform_later(event)
+    else
+      ::Webhooks::TiktokEventsJob.perform_later(event)
+    end
+
+    head :ok
+  end
+
+  private
+
+  def request_payload
+    @request_payload ||= request.body.read
+  end
+
+  def verify_signature!
+    signature_header = request.headers['Tiktok-Signature']
+    client_secret = GlobalConfigService.load('TIKTOK_APP_SECRET', nil)
+    received_timestamp, received_signature = extract_signature_parts(signature_header)
+
+    return head :unauthorized unless client_secret && received_timestamp && received_signature
+
+    signature_payload = "#{received_timestamp}.#{request_payload}"
+    computed_signature = OpenSSL::HMAC.hexdigest('SHA256', client_secret, signature_payload)
+
+    return head :unauthorized unless ActiveSupport::SecurityUtils.secure_compare(computed_signature, received_signature)
+
+    # Check timestamp delay (acceptable delay: 5 seconds)
+    current_timestamp = Time.current.to_i
+    delay = current_timestamp - received_timestamp
+
+    return head :unauthorized if delay > 5
+  end
+
+  def extract_signature_parts(signature_header)
+    return [nil, nil] if signature_header.blank?
+
+    keys = signature_header.split(',')
+    signature_parts = keys.map { |part| part.split('=') }.to_h
+    [signature_parts['t']&.to_i, signature_parts['s']]
+  end
+
+  def echo_event?
+    params[:event] == 'im_send_msg'
+  end
+end

app/controllers/webhooks/whatsapp_controller.rb

@@ -0,0 +1,33 @@
+class Webhooks::WhatsappController < ActionController::API
+  include MetaTokenVerifyConcern
+
+  def process_payload
+    if inactive_whatsapp_number?
+      Rails.logger.warn("Rejected webhook for inactive WhatsApp number: #{params[:phone_number]}")
+      render json: { error: 'Inactive WhatsApp number' }, status: :unprocessable_entity
+      return
+    end
+
+    Webhooks::WhatsappEventsJob.perform_later(params.to_unsafe_hash)
+    head :ok
+  end
+
+  private
+
+  def valid_token?(token)
+    channel = Channel::Whatsapp.find_by(phone_number: params[:phone_number])
+    whatsapp_webhook_verify_token = channel.provider_config['webhook_verify_token'] if channel.present?
+    token == whatsapp_webhook_verify_token if whatsapp_webhook_verify_token.present?
+  end
+
+  def inactive_whatsapp_number?
+    phone_number = params[:phone_number]
+    return false if phone_number.blank?
+
+    inactive_numbers = GlobalConfig.get_value('INACTIVE_WHATSAPP_NUMBERS').to_s
+    return false if inactive_numbers.blank?
+
+    inactive_numbers_array = inactive_numbers.split(',').map(&:strip)
+    inactive_numbers_array.include?(phone_number)
+  end
+end