bullet_train-outgoing_webhooks 1.0.2 → 1.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 79efb9fd4d7c770358101460461a724f999cedf19045814334dbe04493588ada
-  data.tar.gz: 60097da26f31a894bd041497b13920b0878ee8918f8972c1c3a3a78d87ef74b2
+  metadata.gz: a4d3884adf8d199b92ccf09ca749e8237e86a421224de5b8b81cf5ab0d9f4329
+  data.tar.gz: cec7b468644c484f8bcb0f4064b74764ab3e7b8873cb72ba5c8944009b95a576
 SHA512:
-  metadata.gz: 94444641ef863656b88cda03600e52967bcac8c2e864969673d66e98a0d0dd7e562446fad3a192044dee7a9a29eef99590862635e6dae668279964726f9d58ef
-  data.tar.gz: db6681ef6aec68bffc61c5b476aa6fb2349b849062813cf70e6af0a70b492e7b12fb269d2a77f8ae89f5ba4379ee2c11c3265bcf2cf7649806f4cf080e823077
+  metadata.gz: 98d7265e65165a0c2b55a0b2880063f00c72292e0a461e4bde667d54f077860f1b4861873f5131bd203e45b85ab03868822970071e626c34e2ed640059e5cc11
+  data.tar.gz: f36d57ccd33ba9268a106ef22c1457560f9b171ff0533b4f8102301e5962691f827ffa437c7f13d3fd7ab847b1b626a9c6374cca45efbbcab228caf7c265d2a9

data/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright 2022 Andrew Culver
+Copyright 2022 Bullet Train, Inc.
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/app/controllers/account/webhooks/outgoing/endpoints_controller.rb

@@ -1,5 +1,6 @@
 class Account::Webhooks::Outgoing::EndpointsController < Account::ApplicationController
-  account_load_and_authorize_resource :endpoint, through: :team, through_association: :webhooks_outgoing_endpoints
+  account_load_and_authorize_resource :endpoint, through: BulletTrain::OutgoingWebhooks.parent_association, through_association: :webhooks_outgoing_endpoints
+  before_action { @parent = instance_variable_get("@#{BulletTrain::OutgoingWebhooks.parent_association}") }
 
   # GET /account/teams/:team_id/webhooks/outgoing/endpoints
   # GET /account/teams/:team_id/webhooks/outgoing/endpoints.json
@@ -26,7 +27,7 @@ class Account::Webhooks::Outgoing::EndpointsController < Account::ApplicationCon
   def create
     respond_to do |format|
       if @endpoint.save
-        format.html { redirect_to [:account, @team, :webhooks_outgoing_endpoints], notice: I18n.t("webhooks/outgoing/endpoints.notifications.created") }
+        format.html { redirect_to [:account, @parent, :webhooks_outgoing_endpoints], notice: I18n.t("webhooks/outgoing/endpoints.notifications.created") }
         format.json { render :show, status: :created, location: [:account, @endpoint] }
       else
         format.html { render :new, status: :unprocessable_entity }
@@ -54,7 +55,7 @@ class Account::Webhooks::Outgoing::EndpointsController < Account::ApplicationCon
   def destroy
     @endpoint.destroy
     respond_to do |format|
-      format.html { redirect_to [:account, @team, :webhooks_outgoing_endpoints], notice: I18n.t("webhooks/outgoing/endpoints.notifications.destroyed") }
+      format.html { redirect_to [:account, @parent, :webhooks_outgoing_endpoints], notice: I18n.t("webhooks/outgoing/endpoints.notifications.destroyed") }
       format.json { head :no_content }
     end
   end

data/app/controllers/api/v1/webhooks/outgoing/deliveries_endpoint.rb

@@ -0,0 +1,63 @@
+class Api::V1::Webhooks::Outgoing::DeliveriesEndpoint < Api::V1::Root
+  helpers do
+    params :endpoint_id do
+      requires :endpoint_id, type: Integer, allow_blank: false, desc: "Endpoint ID"
+    end
+
+    params :id do
+      requires :id, type: Integer, allow_blank: false, desc: "Delivery ID"
+    end
+
+    params :delivery do
+      optional :event_id, type: String, desc: Api.heading(:event_id)
+      optional :endpoint_url, type: String, desc: Api.heading(:endpoint_url)
+      optional :delivered_at, type: DateTime, desc: Api.heading(:delivered_at)
+      # 🚅 super scaffolding will insert new fields above this line.
+      # 🚅 super scaffolding will insert new arrays above this line.
+
+      # 🚅 super scaffolding will insert processing for new fields above this line.
+    end
+  end
+
+  resource "webhooks/outgoing/endpoints", desc: Api.title(:collection_actions) do
+    after_validation do
+      load_and_authorize_api_resource Webhooks::Outgoing::Delivery
+    end
+
+    #
+    # INDEX
+    #
+
+    desc Api.title(:index), &Api.index_desc
+    params do
+      use :endpoint_id
+    end
+    oauth2
+    paginate per_page: 100
+    get "/:endpoint_id/deliveries" do
+      @paginated_deliveries = paginate @deliveries
+      render @paginated_deliveries, serializer: Api.serializer
+    end
+  end
+
+  resource "webhooks/outgoing/deliveries", desc: Api.title(:member_actions) do
+    after_validation do
+      load_and_authorize_api_resource Webhooks::Outgoing::Delivery
+    end
+
+    #
+    # SHOW
+    #
+
+    desc Api.title(:show), &Api.show_desc
+    params do
+      use :id
+    end
+    oauth2
+    route_param :id do
+      get do
+        render @delivery, serializer: Api.serializer
+      end
+    end
+  end
+end

data/app/controllers/api/v1/webhooks/outgoing/delivery_attempts_endpoint.rb

@@ -0,0 +1,65 @@
+class Api::V1::Webhooks::Outgoing::DeliveryAttemptsEndpoint < Api::V1::Root
+  helpers do
+    params :delivery_id do
+      requires :delivery_id, type: Integer, allow_blank: false, desc: "Delivery ID"
+    end
+
+    params :id do
+      requires :id, type: Integer, allow_blank: false, desc: "Delivery Attempt ID"
+    end
+
+    params :delivery_attempt do
+      optional :response_code, type: String, desc: Api.heading(:response_code)
+      optional :response_body, type: String, desc: Api.heading(:response_body)
+      optional :response_message, type: String, desc: Api.heading(:response_message)
+      optional :error_message, type: String, desc: Api.heading(:error_message)
+      optional :attempt_number, type: String, desc: Api.heading(:attempt_number)
+      # 🚅 super scaffolding will insert new fields above this line.
+      # 🚅 super scaffolding will insert new arrays above this line.
+
+      # 🚅 super scaffolding will insert processing for new fields above this line.
+    end
+  end
+
+  resource "webhooks/outgoing/deliveries", desc: Api.title(:collection_actions) do
+    after_validation do
+      load_and_authorize_api_resource Webhooks::Outgoing::DeliveryAttempt
+    end
+
+    #
+    # INDEX
+    #
+
+    desc Api.title(:index), &Api.index_desc
+    params do
+      use :delivery_id
+    end
+    oauth2
+    paginate per_page: 100
+    get "/:delivery_id/delivery_attempts" do
+      @paginated_delivery_attempts = paginate @delivery_attempts
+      render @paginated_delivery_attempts, serializer: Api.serializer
+    end
+  end
+
+  resource "webhooks/outgoing/delivery_attempts", desc: Api.title(:member_actions) do
+    after_validation do
+      load_and_authorize_api_resource Webhooks::Outgoing::DeliveryAttempt
+    end
+
+    #
+    # SHOW
+    #
+
+    desc Api.title(:show), &Api.show_desc
+    params do
+      use :id
+    end
+    oauth2
+    route_param :id do
+      get do
+        render @delivery_attempt, serializer: Api.serializer
+      end
+    end
+  end
+end

data/app/controllers/api/v1/webhooks/outgoing/endpoints_endpoint.rb

@@ -0,0 +1,119 @@
+class Api::V1::Webhooks::Outgoing::EndpointsEndpoint < Api::V1::Root
+  helpers do
+    params BulletTrain::OutgoingWebhooks.parent_association_id do
+      requires BulletTrain::OutgoingWebhooks.parent_association_id, type: Integer, allow_blank: false, desc: "#{BulletTrain::OutgoingWebhooks.parent_class} ID"
+    end
+
+    params :id do
+      requires :id, type: Integer, allow_blank: false, desc: "Endpoint ID"
+    end
+
+    params :endpoint do
+      optional :name, type: String, desc: Api.heading(:name)
+      optional :url, type: String, desc: Api.heading(:url)
+      # 🚅 super scaffolding will insert new fields above this line.
+      optional :event_type_ids, type: Array, desc: Api.heading(:event_type_ids)
+      # 🚅 super scaffolding will insert new arrays above this line.
+
+      # 🚅 super scaffolding will insert processing for new fields above this line.
+    end
+  end
+
+  resource BulletTrain::OutgoingWebhooks.parent_resource, desc: Api.title(:collection_actions) do
+    after_validation do
+      load_and_authorize_api_resource Webhooks::Outgoing::Endpoint
+    end
+
+    #
+    # INDEX
+    #
+
+    desc Api.title(:index), &Api.index_desc
+    params do
+      use BulletTrain::OutgoingWebhooks.parent_association_id
+    end
+    oauth2
+    paginate per_page: 100
+    get "/:#{BulletTrain::OutgoingWebhooks.parent_association_id}/webhooks/outgoing/endpoints" do
+      @paginated_endpoints = paginate @endpoints
+      render @paginated_endpoints, serializer: Api.serializer
+    end
+
+    #
+    # CREATE
+    #
+
+    desc Api.title(:create), &Api.create_desc
+    params do
+      use BulletTrain::OutgoingWebhooks.parent_association_id
+      use :endpoint
+    end
+    route_setting :api_resource_options, permission: :create
+    oauth2 "write"
+    post "/:#{BulletTrain::OutgoingWebhooks.parent_association_id}/webhooks/outgoing/endpoints" do
+      if @endpoint.save
+        render @endpoint, serializer: Api.serializer
+      else
+        record_not_saved @endpoint
+      end
+    end
+  end
+
+  resource "webhooks/outgoing/endpoints", desc: Api.title(:member_actions) do
+    after_validation do
+      load_and_authorize_api_resource Webhooks::Outgoing::Endpoint
+    end
+
+    #
+    # SHOW
+    #
+
+    desc Api.title(:show), &Api.show_desc
+    params do
+      use :id
+    end
+    oauth2
+    route_param :id do
+      get do
+        render @endpoint, serializer: Api.serializer
+      end
+    end
+
+    #
+    # UPDATE
+    #
+
+    desc Api.title(:update), &Api.update_desc
+    params do
+      use :id
+      use :endpoint
+    end
+    route_setting :api_resource_options, permission: :update
+    oauth2 "write"
+    route_param :id do
+      put do
+        if @endpoint.update(declared(params, include_missing: false))
+          render @endpoint, serializer: Api.serializer
+        else
+          record_not_saved @endpoint
+        end
+      end
+    end
+
+    #
+    # DESTROY
+    #
+
+    desc Api.title(:destroy), &Api.destroy_desc
+    params do
+      use :id
+    end
+    route_setting :api_resource_options, permission: :destroy
+    oauth2 "delete"
+    route_param :id do
+      delete do
+        render @endpoint.destroy, serializer: Api.serializer
+      end
+    end
+  end
+end

data/app/jobs/webhooks/outgoing/delivery_job.rb

@@ -0,0 +1,7 @@
+class Webhooks::Outgoing::DeliveryJob < ApplicationJob
+  queue_as :default
+
+  def perform(delivery)
+    delivery.deliver
+  end
+end

data/app/jobs/webhooks/outgoing/generate_job.rb

@@ -0,0 +1,7 @@
+class Webhooks::Outgoing::GenerateJob < ApplicationJob
+  queue_as :default
+
+  def perform(obj, action)
+    obj.generate_webhook_perform(action)
+  end
+end

data/app/models/concerns/webhooks/outgoing/delivery_attempt_support.rb

@@ -0,0 +1,64 @@
+module Webhooks::Outgoing::DeliveryAttemptSupport
+  extend ActiveSupport::Concern
+  include Webhooks::Outgoing::UriFiltering
+
+  SUCCESS_RESPONSE_CODES = [200, 201, 202, 203, 204, 205, 206, 207, 226].freeze
+
+  included do
+    belongs_to :delivery
+    has_one :team, through: :delivery unless BulletTrain::OutgoingWebhooks.parent_class_specified?
+    scope :successful, -> { where(response_code: SUCCESS_RESPONSE_CODES) }
+
+    before_create do
+      self.attempt_number = delivery.attempt_count + 1
+    end
+
+    validates :response_code, presence: true
+  end
+
+  def still_attempting?
+    error_message.nil? && response_code.nil?
+  end
+
+  def successful?
+    SUCCESS_RESPONSE_CODES.include?(response_code)
+  end
+
+  def failed?
+    !(successful? || still_attempting?)
+  end
+
+  def attempt
+    uri = URI.parse(delivery.endpoint_url)
+
+    unless allowed_uri?(uri)
+      self.response_code = 0
+      self.error_message = "URI is not allowed: " + uri
+      return false
+    end
+
+    http = Net::HTTP.new(resolve_ip_from_authoritative(uri.hostname.downcase), uri.port)
+    http.use_ssl = true if uri.scheme == "https"
+    request = Net::HTTP::Post.new(uri.path)
+    request.add_field("Host", uri.host)
+    request.add_field("Content-Type", "application/json")
+    request.body = delivery.event.payload.to_json
+
+    begin
+      response = http.request(request)
+      self.response_message = response.message
+      self.response_code = response.code
+      self.response_body = response.body
+    rescue => exception
+      self.response_code = 0
+      self.error_message = exception.message
+    end
+
+    save
+    successful?
+  end
+
+  def label_string
+    "#{attempt_number.ordinalize} Attempt"
+  end
+end

data/app/models/concerns/webhooks/outgoing/delivery_support.rb

@@ -0,0 +1,66 @@
+module Webhooks::Outgoing::DeliverySupport
+  extend ActiveSupport::Concern
+
+  included do
+    belongs_to :endpoint, class_name: "Webhooks::Outgoing::Endpoint"
+    belongs_to :event, class_name: "Webhooks::Outgoing::Event"
+
+    has_one :team, through: :endpoint unless BulletTrain::OutgoingWebhooks.parent_class_specified?
+    has_many :delivery_attempts, class_name: "Webhooks::Outgoing::DeliveryAttempt", dependent: :destroy, foreign_key: :delivery_id
+  end
+
+  ATTEMPT_SCHEDULE = {
+    1 => 15.seconds,
+    2 => 1.minute,
+    3 => 5.minutes,
+    4 => 15.minutes,
+    5 => 1.hour,
+  }
+
+  def label_string
+    event.short_uuid
+  end
+
+  def next_reattempt_delay
+    ATTEMPT_SCHEDULE[attempt_count]
+  end
+
+  def deliver_async
+    if still_attempting?
+      Webhooks::Outgoing::DeliveryJob.set(wait: next_reattempt_delay).perform_later(self)
+    end
+  end
+
+  def deliver
+    if delivery_attempts.create.attempt
+      touch(:delivered_at)
+    else
+      deliver_async
+    end
+  end
+
+  def attempt_count
+    delivery_attempts.count
+  end
+
+  def delivered?
+    delivered_at.present?
+  end
+
+  def still_attempting?
+    return false if delivered?
+    attempt_count < max_attempts
+  end
+
+  def failed?
+    !(delivered? || still_attempting?)
+  end
+
+  def name
+    event.short_uuid
+  end
+
+  def max_attempts
+    ATTEMPT_SCHEDULE.keys.max
+  end
+end

data/app/models/concerns/webhooks/outgoing/endpoint_support.rb

@@ -0,0 +1,37 @@
+module Webhooks::Outgoing::EndpointSupport
+  extend ActiveSupport::Concern
+  include Webhooks::Outgoing::UriFiltering
+
+  included do
+    belongs_to BulletTrain::OutgoingWebhooks.parent_association
+
+    has_many :deliveries, class_name: "Webhooks::Outgoing::Delivery", dependent: :destroy, foreign_key: :endpoint_id
+    has_many :events, -> { distinct }, through: :deliveries
+
+    scope :listening_for_event_type_id, ->(event_type_id) { where("event_type_ids @> ? OR event_type_ids = '[]'::jsonb", "\"#{event_type_id}\"") }
+
+    validates :name, presence: true
+
+    before_validation { url&.strip! }
+
+    validates :url, presence: true, allowed_uri: true
+
+    after_initialize do
+      self.event_type_ids ||= []
+    end
+
+    after_save :touch_parent
+  end
+
+  def valid_event_types
+    Webhooks::Outgoing::EventType.all
+  end
+
+  def event_types
+    event_type_ids.map { |id| Webhooks::Outgoing::EventType.find(id) }
+  end
+
+  def touch_parent
+    send(BulletTrain::OutgoingWebhooks.parent_association).touch
+  end
+end

data/app/models/concerns/webhooks/outgoing/event_support.rb

@@ -0,0 +1,45 @@
+module Webhooks::Outgoing::EventSupport
+  extend ActiveSupport::Concern
+  include HasUuid
+
+  included do
+    belongs_to BulletTrain::OutgoingWebhooks.parent_association
+    belongs_to :event_type, class_name: "Webhooks::Outgoing::EventType"
+    belongs_to :subject, polymorphic: true
+    has_many :deliveries, dependent: :destroy
+
+    before_create do
+      self.payload = generate_payload
+    end
+  end
+
+  def generate_payload
+    {
+      event_id: uuid,
+      event_type: event_type_id,
+      subject_id: subject_id,
+      subject_type: subject_type,
+      data: data
+    }
+  end
+
+  def event_type_name
+    payload.dig("event_type")
+  end
+
+  def endpoints
+    send(BulletTrain::OutgoingWebhooks.parent_association).webhooks_outgoing_endpoints.listening_for_event_type_id(event_type_id)
+  end
+
+  def deliver
+    endpoints.each do |endpoint|
+      unless endpoint.deliveries.where(event: self).any?
+        endpoint.deliveries.create(event: self, endpoint_url: endpoint.url).deliver_async
+      end
+    end
+  end
+
+  def label_string
+    short_uuid
+  end
+end

data/app/models/concerns/webhooks/outgoing/issuing_model.rb

@@ -0,0 +1,67 @@
+module Webhooks::Outgoing::IssuingModel
+  extend ActiveSupport::Concern
+
+  # define relationships.
+  included do
+    after_commit :generate_created_webhook, on: [:create]
+    after_commit :generate_updated_webhook, on: [:update]
+    after_commit :generate_deleted_webhook, on: [:destroy]
+    has_many :webhooks_outgoing_events, as: :subject, class_name: "Webhooks::Outgoing::Event", dependent: :nullify
+  end
+
+  def skip_generate_webhook?(action)
+    false
+  end
+
+  def parent
+    return unless respond_to? BulletTrain::OutgoingWebhooks.parent_association
+    send(BulletTrain::OutgoingWebhooks.parent_association)
+  end
+
+  def generate_webhook(action, async: true)
+    # allow individual models to opt out of generating webhooks
+    return if skip_generate_webhook?(action)
+
+    # we can only generate webhooks for objects that return their their team / parent.
+    return unless parent.present?
+
+    # Try to find an event type definition for this action.
+    event_type = Webhooks::Outgoing::EventType.find_by(id: "#{self.class.name.underscore}.#{action}")
+
+    # If the event type is defined as one that people can be subscribed to,
+    # and this object has a parent where an associated outgoing webhooks endpoint could be registered.
+    if event_type
+      # Only generate an event record if an endpoint is actually listening for this event type.
+      if parent.endpoints_listening_for_event_type?(event_type)
+        if async
+          # serialization can be heavy so run it as a job
+          Webhooks::Outgoing::GenerateJob.perform_later(self, action)
+        else
+          generate_webhook_perform(action)
+        end
+      end
+    end
+  end
+
+  def generate_webhook_perform(action)
+    event_type = Webhooks::Outgoing::EventType.find_by(id: "#{self.class.name.underscore}.#{action}")
+    data = "Api::V1::#{self.class.name}Serializer".constantize.new(self).serializable_hash[:data]
+    webhook = send(BulletTrain::OutgoingWebhooks.parent_association).webhooks_outgoing_events.create(event_type_id: event_type.id, subject: self, data: data)
+    webhook.deliver
+  end
+
+  def generate_created_webhook
+    generate_webhook(:created)
+  end
+
+  def generate_updated_webhook
+    generate_webhook(:updated)
+  end
+
+  def generate_deleted_webhook
+    return false unless parent.present?
+    return false if parent.being_destroyed?
+
+    generate_webhook(:deleted, async: false)
+  end
+end

data/app/models/concerns/webhooks/outgoing/team_support.rb

@@ -0,0 +1,31 @@
+module Webhooks::Outgoing::TeamSupport
+  extend ActiveSupport::Concern
+
+  included do
+    has_many :webhooks_outgoing_endpoints, class_name: "Webhooks::Outgoing::Endpoint", dependent: :destroy
+    has_many :webhooks_outgoing_events, class_name: "Webhooks::Outgoing::Event", dependent: :destroy
+
+    before_destroy :mark_for_destruction, prepend: true
+  end
+
+  def should_cache_endpoints_listening_for_event_type?
+    true
+  end
+
+  def endpoints_listening_for_event_type?(event_type)
+    if should_cache_endpoints_listening_for_event_type?
+      key = "#{cache_key_with_version}/endpoints_for_event_type/#{event_type.cache_key}"
+
+      Rails.cache.fetch(key, expires_in: 24.hours, race_condition_ttl: 5.seconds) do
+        webhooks_outgoing_endpoints.listening_for_event_type_id(event_type.id).any?
+      end
+    else
+      webhooks_outgoing_endpoints.listening_for_event_type_id(event_type.id).any?
+    end
+  end
+
+  def mark_for_destruction
+    # This allows downstream logic to check whether a team is being destroyed in order to bypass webhook issuance.
+    update_column(:being_destroyed, true)
+  end
+end