actionhook 1.0.1 → 1.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Dockerfile +8 -0
- data/Gemfile.lock +1 -1
- data/README.md +16 -15
- data/buildspec.yml +57 -0
- data/lib/actionhook/core/configuration.rb +8 -5
- data/lib/actionhook/version.rb +1 -1
- metadata +5 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 111528871816887536f0a86bb12725f173f4bfbb81ccc9b386c3416a61a4e8a5
|
4
|
+
data.tar.gz: 1801549784630e61f7c6634c77235c1a1344adb96407fa234f5f446792d35198
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 352fcaefc122e052ef55348d0835a0563e0e25c47291b63c3f892578568ab00a2f999256c0824dcc1499dd8b5b421bdf65a6c9f55eff55cfa1f908d4b1213730
|
7
|
+
data.tar.gz: c2f27a19e2b6ff4c2371587567e26b2a1f0dca9a22abb51bf2f828a5ae36e986d412c74e6da2e29cab4881147e6896513a33c9baff3e0d0539c235284f86e442
|
data/Dockerfile
ADDED
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -1,7 +1,6 @@
|
|
1
1
|
# Why?
|
2
2
|
|
3
|
-
`ActionHook` is a drop-in
|
4
|
-
|
3
|
+
`ActionHook` is a drop-in ruby gem for sending webhooks. You specify the content and destination, `ActionHook` takes care of securely delivering it.
|
5
4
|
|
6
5
|
## Build Status
|
7
6
|
|
@@ -11,26 +10,25 @@
|
|
11
10
|
|
12
11
|
- [x] **Core** Send webhooks
|
13
12
|
- [x] **Configuration** Timeout, IP blocking, etc.
|
14
|
-
- [x] **Security** Supports HTTP Basic, Token, and Bearer Token auth
|
13
|
+
- [x] **Security** Supports HTTP Basic, Token, and Bearer Token auth
|
15
14
|
- [x] **Security** Blocks private IPs and allows custom IP blocking
|
16
|
-
- [x] **Security** 2-factor authentication using a secret for each receiver
|
15
|
+
- [x] **Security** 2-factor authentication using a secret for each receiver
|
17
16
|
- [x] **Usability** Works seamlessly on Ruby on Rails. [Example](examples/actionhook-rails-example)
|
18
17
|
- [x] **Scale** Works seamlessly on AWS Lambda. [Example](examples/actionhook-aws-lambda-example)
|
19
18
|
- [x] **More** Logging
|
20
19
|
|
21
|
-
|
22
20
|
## Send Webhooks
|
23
21
|
|
24
22
|
```ruby
|
25
23
|
request = ActionHook::Core::JSONRequest.new(url: 'https://example.com',
|
26
24
|
method: :post, body: { hello: "world" }, headers: {})
|
27
25
|
|
28
|
-
ActionHook::Core::
|
26
|
+
ActionHook::Core::NetHTTPSender.send(request)
|
29
27
|
```
|
30
28
|
|
31
29
|
## Configuration
|
32
30
|
|
33
|
-
All
|
31
|
+
All configs are optional, only use these if you want to override the defaults.
|
34
32
|
You can set the following configs in `ActionHook.configuration` object.
|
35
33
|
|
36
34
|
|Name|Description|Default Value|
|
@@ -41,10 +39,10 @@ You can set the following configs in `ActionHook.configuration` object.
|
|
41
39
|
|`allow_private_ips` | If loopback or private IPs should be allowed as receiver | `false` |
|
42
40
|
|`blocked_ip_ranges` | Custom IP ranges to block, e.g. `%w{172.8.9.8/24}`| `[]`|
|
43
41
|
|
44
|
-
Instead of
|
42
|
+
Instead of `ActionHook.configuration`, you can provide an instance of `ActionHook::Core::Configuration` to the `send` method as follows:
|
45
43
|
|
46
44
|
```ruby
|
47
|
-
ActionHook::Core::
|
45
|
+
ActionHook::Core::NetHTTPSender.send(request, ActionHook::Core::Configuration.new)
|
48
46
|
```
|
49
47
|
|
50
48
|
## Security: Authentication
|
@@ -63,26 +61,28 @@ ActionHook supports `Basic`, `Token`, and `BearerToken` authentication out of th
|
|
63
61
|
|
64
62
|
## Security: 2-Factor Authentication: Hashing With a Secure Key
|
65
63
|
|
66
|
-
You can generate secure key for each receiving endpoint and pass it to `ActionHook`
|
67
|
-
for adding a 2
|
64
|
+
You can generate a secure key for each receiving endpoint and pass it to `ActionHook`
|
65
|
+
for adding a 2<sup>nd</sup> factor authentication. Using this key, `ActionHook` will automatically add the `SHA256-FINGERPRINT` header to the webhook. The receiver can compute the SHA256 digest of the request body using the same secret to verify you as the sender and message integrity.
|
68
66
|
|
69
67
|
```ruby
|
70
68
|
request = ActionHook::Core::JSONRequest.new(url: 'https://example.com',
|
71
69
|
secret: '<Your Secret For This Hook>', # Remember to provide your secret
|
72
70
|
method: :post, body: { hello: "world" }, headers: {})
|
73
71
|
|
74
|
-
ActionHook::Core::
|
72
|
+
ActionHook::Core::NetHTTPSender.send(request)
|
75
73
|
```
|
76
74
|
|
77
75
|
## Security: IP Blocking
|
78
76
|
|
79
|
-
When a request is blocked due to private IP, `send` raises `ActionHook::Security::IPBlocking::PrivateIPError`.
|
77
|
+
When a request is blocked due to private IP receiver, `send` raises `ActionHook::Security::IPBlocking::PrivateIPError`.
|
78
|
+
|
80
79
|
When a request is blocked due to the `blocked_ip_ranges`, `send` raises `ActionHook::Security::IPBlocking::BlockedRequestError`.
|
80
|
+
|
81
81
|
In both cases, the error message includes necessary context for debugging / logging.
|
82
82
|
|
83
83
|
## Logging
|
84
84
|
|
85
|
-
You should pass an instance of `Logger` to put all `
|
85
|
+
You should pass an instance of `Logger` to put all `ActionHook` logs into where your application log is. Otherwise, logs are written into `STDOUT` by default.
|
86
86
|
|
87
87
|
```ruby
|
88
88
|
# For example, in Rails, you can pass the Rails logger in an initializer
|
@@ -90,4 +90,5 @@ You should pass an instance of `Logger` to put all `ActionLog`. Otherwise, logs
|
|
90
90
|
|
91
91
|
ActionHook.logger = Rails.logger
|
92
92
|
```
|
93
|
-
|
93
|
+
|
94
|
+
Set the log level to `debug` for detailed information. Even in debug, the secure header values aren't logged for accidental credential leakage, only the header names are mentioned.
|
data/buildspec.yml
ADDED
@@ -0,0 +1,57 @@
|
|
1
|
+
version: 0.2
|
2
|
+
|
3
|
+
#env:
|
4
|
+
#variables:
|
5
|
+
# key: "value"
|
6
|
+
# key: "value"
|
7
|
+
#parameter-store:
|
8
|
+
# key: "value"
|
9
|
+
# key: "value"
|
10
|
+
#secrets-manager:
|
11
|
+
# key: secret-id:json-key:version-stage:version-id
|
12
|
+
# key: secret-id:json-key:version-stage:version-id
|
13
|
+
#exported-variables:
|
14
|
+
# - variable
|
15
|
+
# - variable
|
16
|
+
#git-credential-helper: yes
|
17
|
+
|
18
|
+
phases:
|
19
|
+
#install:
|
20
|
+
#If you use the Ubuntu standard image 2.0 or later, you must specify runtime-versions.
|
21
|
+
#If you specify runtime-versions and use an image other than Ubuntu standard image 2.0, the build fails.
|
22
|
+
#runtime-versions:
|
23
|
+
# name: version
|
24
|
+
# name: version
|
25
|
+
#commands:
|
26
|
+
# - command
|
27
|
+
# - command
|
28
|
+
#pre_build:
|
29
|
+
#commands:
|
30
|
+
# - command
|
31
|
+
# - command
|
32
|
+
build:
|
33
|
+
commands:
|
34
|
+
- docker build . -t actionhook:latest && docker run --rm actionhook:latest rspec
|
35
|
+
# - command
|
36
|
+
#post_build:
|
37
|
+
#commands:
|
38
|
+
# - command
|
39
|
+
# - command
|
40
|
+
#reports:
|
41
|
+
#report-name-or-arn:
|
42
|
+
#files:
|
43
|
+
# - location
|
44
|
+
# - location
|
45
|
+
#base-directory: location
|
46
|
+
#discard-paths: yes
|
47
|
+
#file-format: JunitXml | CucumberJson
|
48
|
+
#artifacts:
|
49
|
+
#files:
|
50
|
+
# - location
|
51
|
+
# - location
|
52
|
+
#name: $(date +%Y-%m-%d)
|
53
|
+
#discard-paths: yes
|
54
|
+
#base-directory: location
|
55
|
+
#cache:
|
56
|
+
#paths:
|
57
|
+
# - paths
|
@@ -7,7 +7,7 @@ module ActionHook
|
|
7
7
|
DEFAULT_READ_TIMEOUT_IN_SECONDS = 15
|
8
8
|
DEFAULT_HASH_HEADER_NAME = 'SHA256-FINGERPRINT'
|
9
9
|
attr_accessor :open_timeout, :read_timeout, :hash_header_name,
|
10
|
-
:allow_private_ips
|
10
|
+
:allow_private_ips, :ca_file
|
11
11
|
|
12
12
|
attr_writer :blocked_custom_ip_ranges
|
13
13
|
|
@@ -15,20 +15,23 @@ module ActionHook
|
|
15
15
|
read_timeout: DEFAULT_READ_TIMEOUT_IN_SECONDS,
|
16
16
|
hash_header_name: DEFAULT_HASH_HEADER_NAME,
|
17
17
|
allow_private_ips: false,
|
18
|
-
blocked_custom_ip_ranges: []
|
18
|
+
blocked_custom_ip_ranges: [],
|
19
|
+
ca_file: nil
|
19
20
|
)
|
20
21
|
@open_timeout = open_timeout
|
21
22
|
@read_timeout = read_timeout
|
22
23
|
@hash_header_name = hash_header_name
|
23
24
|
@allow_private_ips = allow_private_ips
|
24
25
|
@blocked_custom_ip_ranges = blocked_custom_ip_ranges || []
|
26
|
+
@ca_file = ca_file
|
25
27
|
end
|
26
28
|
|
27
29
|
def net_http_options
|
28
30
|
{
|
29
31
|
open_timeout: @open_timeout,
|
30
|
-
read_timeout: @read_timeout
|
31
|
-
|
32
|
+
read_timeout: @read_timeout,
|
33
|
+
ca_file: @ca_file
|
34
|
+
}.compact
|
32
35
|
end
|
33
36
|
|
34
37
|
def blocked_custom_ip_ranges
|
@@ -41,4 +44,4 @@ module ActionHook
|
|
41
44
|
|
42
45
|
end
|
43
46
|
end
|
44
|
-
end
|
47
|
+
end
|
data/lib/actionhook/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: actionhook
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- smsohan
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-07-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rspec
|
@@ -50,6 +50,7 @@ files:
|
|
50
50
|
- ".gitignore"
|
51
51
|
- ".rspec"
|
52
52
|
- CODE_OF_CONDUCT.md
|
53
|
+
- Dockerfile
|
53
54
|
- Gemfile
|
54
55
|
- Gemfile.lock
|
55
56
|
- LICENSE.txt
|
@@ -58,6 +59,7 @@ files:
|
|
58
59
|
- actionhook.gemspec
|
59
60
|
- bin/console
|
60
61
|
- bin/setup
|
62
|
+
- buildspec.yml
|
61
63
|
- lib/actionhook.rb
|
62
64
|
- lib/actionhook/core/configuration.rb
|
63
65
|
- lib/actionhook/core/json_request.rb
|
@@ -89,7 +91,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
89
91
|
- !ruby/object:Gem::Version
|
90
92
|
version: '0'
|
91
93
|
requirements: []
|
92
|
-
rubygems_version: 3.
|
94
|
+
rubygems_version: 3.2.22
|
93
95
|
signing_key:
|
94
96
|
specification_version: 4
|
95
97
|
summary: Drop-in library for sending webhooks
|