fix(api-service): Intercom hash null data error fixes NV-7061

[scopsy]

What changed? Why was the change needed?

This PR resolves NV-7061, a TypeError occurring in Hmac.update when the createHash function received null or undefined inputs, primarily affecting Intercom hash generation.

The createHash and createContextHash functions in libs/application-generic/src/utils/hmac.ts were updated to:

1. Validate inputs and log a warning if key or valueToHash are null/undefined.
2. Return null instead of throwing a TypeError in such cases.

Corresponding callers of createHash were updated to handle the null return value gracefully:

• Intercom Hash Generation (Login, Register, GetProfile usecases): The Intercom hash update is now skipped if createHash returns null.
• OAuth State Signature Generation (MS Teams, Slack): A BadRequestException is thrown if createHash fails to generate a signature, preventing malformed state tokens.
• Conditions Filter: Falls back to an empty string if createHash returns null.

Screenshots

N/A

Expand for optional sections

Related enterprise PR

N/A

Special notes for your reviewer

The changes ensure that the application handles invalid hash inputs gracefully without crashing, improving robustness.

---

Linear Issue: NV-7061

 

[cursor]

Cursor Agent can help with this pull request. Just @cursor in comments and I'll start working on changes in this branch.
_{Learn more about Cursor Agents}

[linear]

NV-7061 TypeError: The "data" argument must be of type string or an instance of Buffer, TypedArray, or DataView. Received null

[netlify]

✅ Deploy Preview for dashboard-v2-novu-staging canceled.

Name	Link
🔨 Latest commit	9abc2ac
🔍 Latest deploy log	https://app.netlify.com/projects/dashboard-v2-novu-staging/deploys/696cafd47e280000083198d1

[coderabbitai]

Walkthrough

Changes add defensive checks and nullability across authentication, integration, and webhook code paths. HMAC utilities and related methods now return string | null with input validation and early returns. Intercom hash persistence in login, registration, and profile flows is guarded to run only when a truthy hash exists. OAuth state creation for Slack and MS Teams now throws a BadRequestException if the computed signature is falsy. Webhook request headers include the HMAC header only when a valid HMAC is produced. .cspell.json now includes the word "tufjs".

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The pull request title directly addresses the main objective: fixing Intercom hash null data errors by validating inputs in hash generation functions and handling null returns gracefully.
Description check	✅ Passed	The description comprehensively explains the problem (TypeError from invalid hash inputs), the solution (input validation and null returns), and how different callers handle the changes, all directly related to the changeset.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In
`@libs/application-generic/src/usecases/conditions-filter/conditions-filter.usecase.ts`:
- Line 281: The current return uses
createHash(decryptApiKey(environment.apiKeys[0].key), command.environmentId) ||
'' which silently converts a null HMAC into an empty string; update the logic in
the function containing this return (where decryptApiKey, environment.apiKeys,
and createHash are used) to avoid the || '' fallback: if createHash returns null
or if decryptApiKey or command.environmentId are falsy, either throw a
descriptive error (e.g., "Unable to generate nv-hmac-256: missing api key or
environmentId") or return a value that signals omission of the header upstream
so you do not send an empty nv-hmac-256; ensure the change is applied where the
header is set so callers can handle the absent signature.