feat: webhook event-model und shared-secret auth

app/webhook/auth.py

@@ -0,0 +1,12 @@
+import hmac
+
+from fastapi import HTTPException
+
+
+def verify_secret(provided: str | None, expected: str) -> None:
+    """Constant-time comparison of the shared secret.
+
+    Raises HTTPException(401) on mismatch or missing header.
+    """
+    if provided is None or not hmac.compare_digest(provided, expected):
+        raise HTTPException(status_code=401, detail="invalid or missing secret")

app/webhook/models.py

@@ -0,0 +1,14 @@
+from enum import Enum
+from pydantic import BaseModel
+
+
+class EventType(str, Enum):
+    CREATED = "created"
+    UPDATED = "updated"
+    DELETED = "deleted"
+
+
+class NextcloudEvent(BaseModel):
+    event_type: EventType
+    file_path: str
+    file_name: str