anedot_webhooks 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 25399debdd7e8129a0321fe79bd06df0e54d537f0abe1dfd914042a88d2a84e4
+  data.tar.gz: 2a202294d03eefd9227d0e646cf785f39ee98bb751a8b24cf43ab0dff2a4796c
+SHA512:
+  metadata.gz: '094ee4eb8337c6f41827c03f6f1141ce50104bf051ec541a1e392984459d64f611c4676f68dba30465218acd3c25be50f327fe77eae89c0371f9a93f975923c1'
+  data.tar.gz: 77beba81b0f55a14202aeb79db89aa585bfc6861236c007691fd3fba234247ec412dee4b7ff31b14349aeab4b4b06c806227152e621b4e73e41619ef013d64b1

data/LICENSE.txt

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Jason Rogers
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,109 @@
+# AnedotWebhooks
+
+A mountable Rails engine for receiving [Anedot](https://anedot.com) webhook callbacks.
+Verifies request authenticity via HMAC-SHA256 and publishes events via
+`ActiveSupport::Notifications`.
+
+## Installation
+
+Add to your Gemfile:
+
+```ruby
+gem "anedot_webhooks"
+```
+
+## Configuration
+
+Mount the engine and configure your webhook secret:
+
+```ruby
+# config/routes.rb
+mount AnedotWebhooks::Engine, at: "/anedot_webhooks"
+```
+
+```ruby
+# config/initializers/anedot_webhooks.rb
+AnedotWebhooks.configure do |config|
+  config.webhook_secret = ENV["ANEDOT_WEBHOOK_SECRET"]
+end
+```
+
+Set the Anedot webhook URL to `https://yourapp.com/anedot_webhooks/events`.
+
+## Subscribing to events
+
+### Catch-all
+
+```ruby
+ActiveSupport::Notifications.subscribe("anedot_webhooks.event") do |*, payload|
+  event = payload[:event]  # AnedotWebhooks::Event
+  Rails.logger.info "Received #{event.name}: #{event.payload["id"]}"
+end
+```
+
+### Specific event type
+
+```ruby
+ActiveSupport::Notifications.subscribe("anedot_webhooks.donation_completed") do |*, payload|
+  event = payload[:event]
+  Donation.record!(event.payload)
+end
+```
+
+### Available event types
+
+| Event | Description |
+|-------|-------------|
+| `submission_created` | New submission created |
+| `submission_pledged` | Pledge submission created |
+| `donation_completed` | Successful donation processed |
+| `donation_ach_returned` | ACH/check return |
+| `donation_chargeback` | Chargeback initiated |
+| `donation_chargeback_reversed` | Chargeback reversed |
+| `donation_partially_refunded` | Partial refund |
+| `donation_refunded` | Full refund |
+| `donation_voided` | Donation voided |
+| `donation_settled` | Settlement completed |
+| `commitment_created` | New recurring commitment |
+| `commitment_updated` | Commitment modified |
+| `commitment_failed_to_process` | Recurring charge failed |
+
+## Async handling with ActiveJob
+
+Subclass `AnedotWebhooks::WebhookJob` and override `process`:
+
+```ruby
+class HandleDonation < AnedotWebhooks::WebhookJob
+  def process(event)
+    Donation.create!(event.payload)
+  end
+end
+```
+
+Then enqueue from a subscriber:
+
+```ruby
+ActiveSupport::Notifications.subscribe("anedot_webhooks.donation_completed") do |*, payload|
+  event = payload[:event]
+  HandleDonation.perform_later(event.name, event.payload)
+end
+```
+
+## Security
+
+All requests are verified via HMAC-SHA256 using your webhook secret. Requests with
+an invalid or missing `X-Request-Signature` header are rejected with `401 Unauthorized`
+before any processing occurs.
+
+**Important:** Configure a request body size limit at the web server layer (e.g.,
+`client_max_body_size 1m` in nginx) to limit exposure to unauthenticated large-payload
+requests. The gem does not enforce a body size limit.
+
+## Development
+
+```bash
+bundle exec rspec       # tests
+bin/rubocop             # lint
+bin/rubocop -a          # lint with autocorrect
+bin/brakeman            # security scan
+```

data/app/controllers/anedot_webhooks/application_controller.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module AnedotWebhooks
+  class ApplicationController < ActionController::API
+    before_action :verify_signature!
+    before_action :parse_payload
+
+    private
+
+    def parse_payload
+      @payload = JSON.parse(@raw_body)
+      head :unprocessable_content unless @payload.is_a?(Hash)
+    rescue JSON::ParserError
+      head :unprocessable_content
+    end
+
+    def verify_signature!
+      secret = AnedotWebhooks.configuration.webhook_secret
+      return head :internal_server_error if secret.nil? || secret.empty?
+      @raw_body = request.body.read
+      expected  = OpenSSL::HMAC.hexdigest("SHA256", secret, @raw_body)
+      actual    = request.headers["X-Request-Signature"].to_s
+      head :unauthorized unless ActiveSupport::SecurityUtils.secure_compare(expected, actual)
+    end
+  end
+end

data/app/controllers/anedot_webhooks/webhooks_controller.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module AnedotWebhooks
+  class WebhooksController < ApplicationController
+    def receive
+      event = Event.new(name: @payload["event"], payload: @payload["payload"])
+      ActiveSupport::Notifications.instrument(event.notification_name, event: event)
+      ActiveSupport::Notifications.instrument("anedot_webhooks.event", event: event)
+      head :ok
+    end
+  end
+end

data/config/routes.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+AnedotWebhooks::Engine.routes.draw do
+  post "events", to: "webhooks#receive"
+end

data/lib/anedot_webhooks/configuration.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module AnedotWebhooks
+  class Configuration
+    attr_accessor :webhook_secret
+  end
+end

data/lib/anedot_webhooks/engine.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module AnedotWebhooks
+  class Engine < ::Rails::Engine
+    isolate_namespace AnedotWebhooks
+  end
+end

data/lib/anedot_webhooks/event.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module AnedotWebhooks
+  Event = Data.define(:name, :payload) do
+    def notification_name
+      "anedot_webhooks.#{name}"
+    end
+  end
+end

data/lib/anedot_webhooks/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module AnedotWebhooks
+  VERSION = "0.1.0"
+end

data/lib/anedot_webhooks/webhook_job.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module AnedotWebhooks
+  class WebhookJob < ActiveJob::Base
+    def perform(event_name, payload)
+      process(Event.new(name: event_name, payload: payload))
+    end
+
+    def process(event)
+      raise NotImplementedError, "#{self.class}#process must be implemented"
+    end
+  end
+end

data/lib/anedot_webhooks.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require "anedot_webhooks/configuration"
+require "anedot_webhooks/event"
+require "anedot_webhooks/version"
+require "anedot_webhooks/webhook_job"
+require "anedot_webhooks/engine"
+
+module AnedotWebhooks
+  class << self
+    def configure
+      yield configuration
+    end
+
+    def configuration
+      @configuration ||= Configuration.new
+    end
+
+    def reset_configuration!
+      @configuration = nil
+    end
+  end
+end

metadata

@@ -0,0 +1,110 @@
+--- !ruby/object:Gem::Specification
+name: anedot_webhooks
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Jason Rogers
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: actionpack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '8.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '8.0'
+- !ruby/object:Gem::Dependency
+  name: activejob
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '8.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '8.0'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '8.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '8.0'
+- !ruby/object:Gem::Dependency
+  name: railties
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '8.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '8.0'
+description: A mountable Rails engine that receives Anedot webhook callbacks, verifies
+  their authenticity via HMAC-SHA256, and publishes events via ActiveSupport::Notifications.
+email:
+- jason@wordsanddeeds.org
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE.txt
+- README.md
+- app/controllers/anedot_webhooks/application_controller.rb
+- app/controllers/anedot_webhooks/webhooks_controller.rb
+- config/routes.rb
+- lib/anedot_webhooks.rb
+- lib/anedot_webhooks/configuration.rb
+- lib/anedot_webhooks/engine.rb
+- lib/anedot_webhooks/event.rb
+- lib/anedot_webhooks/version.rb
+- lib/anedot_webhooks/webhook_job.rb
+homepage: https://github.com/jacaetevha/anedot-webhooks
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/jacaetevha/anedot-webhooks
+  changelog_uri: https://github.com/jacaetevha/anedot-webhooks/blob/main/CHANGELOG.md
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '3.2'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.6.9
+specification_version: 4
+summary: Mountable Rails engine for receiving Anedot webhook callbacks
+test_files: []