RubyGems - bullet_train-outgoing_webhooks - Versions diffs - 1.0.2 → 1.0.5 - Mend

bullet_train-outgoing_webhooks 1.0.2 → 1.0.5

Files changed (59) hide show

data/app/models/concerns/webhooks/outgoing/uri_filtering.rb ADDED Viewed

@@ -0,0 +1,149 @@
+require "resolv"
+require "public_suffix"
+module Webhooks::Outgoing::UriFiltering
+  extend ActiveSupport::Concern
+  # WEBHOOK SECURITY PRIMER
+  # =============================================================================
+  # Outgoing webhooks can be dangerous. By allowing your users to set
+  # up outgoing webhooks, you"re giving them permission to call arbitrary
+  # URLs from your server, including URLs that could represent resources
+  # internal to your company. Malicious actors can use this permission to
+  # examine your infrastructure, call internal APIs, and generally cause
+  # havok.
+  # This module attempts to block malicious actors with the following algorithm
+  #   1. Block anything but http and https requests
+  #   2. Block or allow defined hostnames, both regex and strings
+  #   3. Block if `custom_block_callback` returns true (args: self, uri)
+  #   4. Allow if `custom_allow_callback` returns true (args: self, uri)
+  #   5. Resolve the IP associated with the webhook"s host directly from
+  #      the authoritative name server for the host"s domain. This IP
+  #      is cached for the returned DNS TTL
+  #   6. Match the given IP against lists of allowed and blocked cidr ranges.
+  #      The blocked list by default includes all of the defined private address
+  #      ranges, localhost, the private IPv6 prefix, and the AWS metadata
+  #      API endpoint.
+  # If at any point a URI is determined to be blocked we call `audit_callback`
+  # (args: self, uri) so it can be logged for auditing.
+  # We resolve the IP from the authoritative name server directly so we can avoid
+  # certain classes of DNS poisoning attacks.
+  # Users of this gem are _strongly_ enouraged to add additional cidr ranges
+  # and hostnames to the appropriate lists and/or implement `custom_block_callback`.
+  # At the very least you should add the public hostname that your
+  # application uses to the blocked_hostnames list.
+  class AllowedUriValidator < ActiveModel::EachValidator
+    def validate_each(record, attribute, value)
+      uri = URI.parse(value)
+      unless record.allowed_uri?(uri)
+        record.errors.add attribute, "is not an allowed uri"
+      end
+    end
+  end
+  def resolve_ip_from_authoritative(hostname)
+    begin
+      ip = IPAddr.new(hostname)
+      return ip.to_s
+    rescue IPAddr::InvalidAddressError
+      # this is fine, proceed with resolver path
+    end
+    cache_key = "#{cache_key_with_version}/uri_ip/#{Digest::SHA2.hexdigest(hostname)}"
+    cached = Rails.cache.read(cache_key)
+    if cached
+      return cached == "invalid" ? nil : cached
+    end
+    begin
+      # This is sort of a half-recursive DNS resolver.
+      # We can't implement a full recursive resolver using just Resolv::DNS so instead
+      # this asks a public cache for the NS record for the given domain. Then it asks
+      # the authoritative nameserver directly for the address and caches it according
+      # to the returned TTL.
+      config = Rails.configuration.outgoing_webhooks
+      ns_resolver = Resolv::DNS.new(nameserver: config[:public_resolvers])
+      ns_resolver.timeouts = 1
+      domain = PublicSuffix.domain(hostname)
+      authoritative = ns_resolver.getresource(domain, Resolv::DNS::Resource::IN::NS)
+      authoritative_resolver = Resolv::DNS.new(nameserver: [authoritative.name.to_s])
+      authoritative_resolver.timeouts = 1
+      resource = authoritative_resolver.getresource(hostname, Resolv::DNS::Resource::IN::A)
+      Rails.cache.write(cache_key, resource.address.to_s, expires_in: resource.ttl, race_condition_ttl: 5)
+      resource.address.to_s
+    rescue IPAddr::InvalidAddressError, ArgumentError # standard:disable Lint/ShadowedException
+      Rails.cache.write(cache_key, "invalid", expires_in: 10.minutes, race_condition_ttl: 5)
+      nil
+    end
+  end
+  def allowed_uri?(uri)
+    unless _allowed_uri?(uri)
+      config = Rails.configuration.outgoing_webhooks
+      if config[:audit_callback].present?
+        config[:audit_callback].call(self, uri)
+      end
+      return false
+    end
+    true
+  end
+  def _allowed_uri?(uri)
+    config = Rails.configuration.outgoing_webhooks
+    hostname = uri.hostname.downcase
+    return false unless config[:allowed_schemes].include?(uri.scheme)
+    config[:blocked_hostnames].each do |blocked|
+      if blocked.is_a?(Regexp)
+        return false if blocked.match?(hostname)
+      end
+      return false if blocked == hostname
+    end
+    config[:allowed_hostnames].each do |allowed|
+      if allowed.is_a?(Regexp)
+        return true if allowed.match?(hostname)
+      end
+      return true if allowed == hostname
+    end
+    if config[:custom_allow_callback].present?
+      return true if config[:custom_allow_callback].call(self, uri)
+    end
+    if config[:custom_block_callback].present?
+      return false if config[:custom_block_callback].call(self, uri)
+    end
+    resolved_ip = resolve_ip_from_authoritative(hostname)
+    return false if resolved_ip.nil?
+    begin
+      config[:allowed_cidrs].each do |cidr|
+        return true if IPAddr.new(cidr).include?(resolved_ip)
+      end
+      config[:blocked_cidrs].each do |cidr|
+        return false if IPAddr.new(cidr).include?(resolved_ip)
+      end
+    rescue IPAddr::InvalidAddressError
+      return false
+    end
+    true
+  end
+end

data/app/models/webhooks/outgoing/delivery.rb ADDED Viewed

@@ -0,0 +1,20 @@
+class Webhooks::Outgoing::Delivery < BulletTrain::OutgoingWebhooks.base_class.constantize
+  include Webhooks::Outgoing::DeliverySupport
+  # 🚅 add concerns above.
+  # 🚅 add belongs_to associations above.
+  # 🚅 add has_many associations above.
+  # 🚅 add has_one associations above.
+  # 🚅 add scopes above.
+  # 🚅 add validations above.
+  # 🚅 add callbacks above.
+  # 🚅 add delegations above.
+  # 🚅 add methods above.
+end

data/app/models/webhooks/outgoing/delivery_attempt.rb ADDED Viewed

@@ -0,0 +1,20 @@
+class Webhooks::Outgoing::DeliveryAttempt < BulletTrain::OutgoingWebhooks.base_class.constantize
+  include Webhooks::Outgoing::DeliveryAttemptSupport
+  # 🚅 add concerns above.
+  # 🚅 add belongs_to associations above.
+  # 🚅 add has_many associations above.
+  # 🚅 add has_one associations above.
+  # 🚅 add scopes above.
+  # 🚅 add validations above.
+  # 🚅 add callbacks above.
+  # 🚅 add delegations above.
+  # 🚅 add methods above.
+end

data/app/models/webhooks/outgoing/endpoint.rb ADDED Viewed

@@ -0,0 +1,20 @@
+class Webhooks::Outgoing::Endpoint < BulletTrain::OutgoingWebhooks.base_class.constantize
+  include Webhooks::Outgoing::EndpointSupport
+  # 🚅 add concerns above.
+  # 🚅 add belongs_to associations above.
+  # 🚅 add has_many associations above.
+  # 🚅 add has_one associations above.
+  # 🚅 add scopes above.
+  # 🚅 add validations above.
+  # 🚅 add callbacks above.
+  # 🚅 add delegations above.
+  # 🚅 add methods above.
+end

data/app/models/webhooks/outgoing/event.rb ADDED Viewed

@@ -0,0 +1,3 @@
+class Webhooks::Outgoing::Event < BulletTrain::OutgoingWebhooks.base_class.constantize
+  include Webhooks::Outgoing::EventSupport
+end

data/app/models/webhooks/outgoing/event_type.rb ADDED Viewed

@@ -0,0 +1,13 @@
+class Webhooks::Outgoing::EventType < ApplicationHash
+  self.data = YAML.load_file("config/models/webhooks/outgoing/event_types.yml").map do |topic, events|
+    events.map { |event| event == "crud" ? ["created", "updated", "deleted"] : event }.flatten.map { |event| {id: "#{topic}.#{event}"} }
+  end.flatten
+  def label_string
+    name
+  end
+  def name
+    id
+  end
+end

data/app/models/webhooks/outgoing.rb ADDED Viewed

@@ -0,0 +1,5 @@
+module Webhooks::Outgoing
+  def self.table_name_prefix
+    "webhooks_outgoing_"
+  end
+end

data/app/models/webhooks.rb ADDED Viewed

@@ -0,0 +1,5 @@
+module Webhooks
+  def self.table_name_prefix
+    "webhooks_"
+  end
+end

data/app/serializers/api/v1/webhooks/outgoing/delivery_attempt_serializer.rb ADDED Viewed

@@ -0,0 +1,16 @@
+class Api::V1::Webhooks::Outgoing::DeliveryAttemptSerializer < Api::V1::ApplicationSerializer
+  set_type "webhooks/outgoing/delivery_attempt"
+  attributes :id,
+    :delivery_id,
+    :response_code,
+    :response_body,
+    :response_message,
+    :error_message,
+    :attempt_number,
+    # 🚅 super scaffolding will insert new fields above this line.
+    :created_at,
+    :updated_at
+  belongs_to :delivery, serializer: Api::V1::Webhooks::Outgoing::DeliverySerializer
+end

data/app/serializers/api/v1/webhooks/outgoing/delivery_serializer.rb ADDED Viewed

@@ -0,0 +1,14 @@
+class Api::V1::Webhooks::Outgoing::DeliverySerializer < Api::V1::ApplicationSerializer
+  set_type "webhooks/outgoing/delivery"
+  attributes :id,
+    :endpoint_id,
+    :event_id,
+    :endpoint_url,
+    :delivered_at,
+    # 🚅 super scaffolding will insert new fields above this line.
+    :created_at,
+    :updated_at
+  belongs_to :endpoint, serializer: Api::V1::Webhooks::Outgoing::EndpointSerializer
+end

data/app/serializers/api/v1/webhooks/outgoing/endpoint_serializer.rb ADDED Viewed

@@ -0,0 +1,14 @@
+class Api::V1::Webhooks::Outgoing::EndpointSerializer < Api::V1::ApplicationSerializer
+  set_type "webhooks/outgoing/endpoint"
+  attributes :id,
+    :team_id,
+    :name,
+    :url,
+    :event_type_ids,
+    # 🚅 super scaffolding will insert new fields above this line.
+    :created_at,
+    :updated_at
+  belongs_to :team, serializer: Api::V1::TeamSerializer
+end

data/app/views/account/webhooks/outgoing/deliveries/_menu_item.html.erb CHANGED Viewed

@@ -1,6 +1,6 @@
-<% if can? :read, Webhooks::Outgoing::Delivery.new(team: current_team) %>
+<% if can? :read, Webhooks::Outgoing::Delivery.new(BulletTrain::OutgoingWebhooks.parent_association => send(BulletTrain::OutgoingWebhooks.current_parent_method)) %>
   <%= render 'account/shared/menu/item', {
-    url: main_app.polymorphic_path([:account, current_team, :webhooks_outgoing_deliveries]),
+    url: main_app.polymorphic_path([:account, send(BulletTrain::OutgoingWebhooks.current_parent_method), :webhooks_outgoing_deliveries]),
     label: t('webhooks/outgoing/deliveries.navigation.label'),
   } do |p| %>
     <% p.content_for :icon do %>

data/app/views/account/webhooks/outgoing/delivery_attempts/_menu_item.html.erb CHANGED Viewed

@@ -1,6 +1,6 @@
-<% if can? :read, Webhooks::Outgoing::DeliveryAttempt.new(team: current_team) %>
+<% if can? :read, Webhooks::Outgoing::DeliveryAttempt.new(BulletTrain::OutgoingWebhooks.parent_association => send(BulletTrain::OutgoingWebhooks.current_parent_method)) %>
   <%= render 'account/shared/menu/item', {
-    url: main_app.polymorphic_path([:account, current_team, :webhooks_outgoing_delivery_attempts]),
+    url: main_app.polymorphic_path([:account, send(BulletTrain::OutgoingWebhooks.current_parent_method), :webhooks_outgoing_delivery_attempts]),
     label: t('webhooks/outgoing/delivery_attempts.navigation.label'),
   } do |p| %>
     <% p.content_for :icon do %>

data/app/views/account/webhooks/outgoing/endpoints/_breadcrumbs.html.erb CHANGED Viewed

@@ -1,5 +1,5 @@
 <% endpoint ||= @endpoint %>
-<% team ||= @team || endpoint&.team %>
+<% team ||= @parent || endpoint&.send(BulletTrain::OutgoingWebhooks.parent_association) %>
 <%= render 'account/teams/breadcrumbs', team: team %>
 <%= render 'account/shared/breadcrumb', label: t('.label'), url: [:account, team, :webhooks_outgoing_endpoints] %>
 <% if endpoint&.persisted? %>

data/app/views/account/webhooks/outgoing/endpoints/_form.html.erb CHANGED Viewed

@@ -1,4 +1,4 @@
-<%= form_with model: endpoint, url: (endpoint.persisted? ? [:account, endpoint] : [:account, @team, :webhooks_outgoing_endpoints]), local: true, class: 'form' do |form| %>
+<%= form_with model: endpoint, url: (endpoint.persisted? ? [:account, endpoint] : [:account, @parent, :webhooks_outgoing_endpoints]), local: true, class: 'form' do |form| %>
   <%= render 'account/shared/forms/errors', form: form %>
   <% with_field_settings form: form do %>
@@ -14,7 +14,7 @@
     <% if form.object.persisted? %>
     <%= link_to t('global.buttons.cancel'), [:account, endpoint], class: "button-secondary" %>
     <% else %>
-    <%= link_to t('global.buttons.cancel'), [:account, @team, :webhooks_outgoing_endpoints], class: "button-secondary" %>
+    <%= link_to t('global.buttons.cancel'), [:account, @parent, :webhooks_outgoing_endpoints], class: "button-secondary" %>
     <% end %>
   </div>

data/app/views/account/webhooks/outgoing/endpoints/_index.html.erb CHANGED Viewed

@@ -1,4 +1,4 @@
-<% team = @team || @team %>
+<% team = @parent %>
 <% context ||= team %>
 <% collection ||= :webhooks_outgoing_endpoints %>
 <% hide_actions ||= false %>
@@ -49,8 +49,8 @@
   <% p.content_for :actions do %>
     <% unless hide_actions %>
       <% if context == team %>
-        <% if can? :create, Webhooks::Outgoing::Endpoint.new(team: team) %>
-          <%= link_to t('.buttons.new'), [:new, :account, team, :webhooks_outgoing_endpoint], class: "#{first_button_primary(:webhooks_outgoing_endpoint)} new" %>
+        <% if can? :create, Webhooks::Outgoing::Endpoint.new(BulletTrain::OutgoingWebhooks.parent_association => @parent) %>
+          <%= link_to t('.buttons.new'), [:new, :account, @parent, :webhooks_outgoing_endpoint], class: "#{first_button_primary(:webhooks_outgoing_endpoint)} new" %>
         <% end %>
       <% end %>

data/app/views/account/webhooks/outgoing/endpoints/_menu_item.html.erb CHANGED Viewed

@@ -1,6 +1,6 @@
-<% if can? :read, Webhooks::Outgoing::Endpoint.new(team: current_team) %>
+<% if can? :read, Webhooks::Outgoing::Endpoint.new(BulletTrain::OutgoingWebhooks.parent_association => send(BulletTrain::OutgoingWebhooks.current_parent_method)) %>
   <%= render 'account/shared/menu/item', {
-    url: main_app.polymorphic_path([:account, current_team, :webhooks_outgoing_endpoints]),
+    url: main_app.polymorphic_path([:account, send(BulletTrain::OutgoingWebhooks.current_parent_method), :webhooks_outgoing_endpoints]),
     label: t('webhooks/outgoing/endpoints.navigation.label'),
   } do |p| %>
     <% p.content_for :icon do %>

data/app/views/account/webhooks/outgoing/endpoints/show.html.erb CHANGED Viewed

@@ -32,7 +32,7 @@
       <% p.content_for :actions do %>
         <%= link_to t('.buttons.edit'), [:edit, :account, @endpoint], class: first_button_primary if can? :edit, @endpoint %>
         <%= button_to t('.buttons.destroy'), [:account, @endpoint], method: :delete, class: first_button_primary, data: { confirm: t('.buttons.confirmations.destroy', model_locales(@endpoint)) } if can? :destroy, @endpoint %>
-        <%= link_to t('global.buttons.back'), [:account, @team, :webhooks_outgoing_endpoints], class: first_button_primary %>
+        <%= link_to t('global.buttons.back'), [:account, @parent, :webhooks_outgoing_endpoints], class: first_button_primary %>
       <% end %>
     <% end %>

data/config/routes.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 Rails.application.routes.draw do
   namespace :account do
     shallow do
-      resources :teams do
+      resources BulletTrain::OutgoingWebhooks.parent_resource do
         namespace :webhooks do
           namespace :outgoing do
             resources :events

data/db/migrate/20180420013127_create_webhooks_outgoing_endpoints.rb ADDED Viewed

@@ -0,0 +1,10 @@
+class CreateWebhooksOutgoingEndpoints < ActiveRecord::Migration[5.2]
+  def change
+    create_table :webhooks_outgoing_endpoints do |t|
+      t.references :team, foreign_key: true
+      t.text :url
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20180420013505_create_webhooks_outgoing_endpoint_event_types.rb ADDED Viewed

@@ -0,0 +1,10 @@
+class CreateWebhooksOutgoingEndpointEventTypes < ActiveRecord::Migration[5.2]
+  def change
+    create_table :webhooks_outgoing_endpoint_event_types do |t|
+      t.integer :endpoint_id
+      t.integer :event_type_id
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20180420013852_create_webhooks_outgoing_event_types.rb ADDED Viewed

@@ -0,0 +1,9 @@
+class CreateWebhooksOutgoingEventTypes < ActiveRecord::Migration[5.2]
+  def change
+    create_table :webhooks_outgoing_event_types do |t|
+      t.string :name
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20180420014623_create_webhooks_outgoing_events.rb ADDED Viewed

@@ -0,0 +1,12 @@
+class CreateWebhooksOutgoingEvents < ActiveRecord::Migration[5.2]
+  def change
+    create_table :webhooks_outgoing_events do |t|
+      t.integer :event_type_id
+      t.integer :subject_id
+      t.string :subject_type
+      t.jsonb :body
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20180420021016_create_webhooks_outgoing_deliveries.rb ADDED Viewed

@@ -0,0 +1,11 @@
+class CreateWebhooksOutgoingDeliveries < ActiveRecord::Migration[5.2]
+  def change
+    create_table :webhooks_outgoing_deliveries do |t|
+      t.integer :endpoint_id
+      t.integer :event_id
+      t.text :endpoint_url
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20180420022027_add_team_to_webhooks_outgoing_events.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddTeamToWebhooksOutgoingEvents < ActiveRecord::Migration[5.2]
+  def change
+    add_reference :webhooks_outgoing_events, :team, foreign_key: true
+  end
+end

data/db/migrate/20180420165345_create_webhooks_outgoing_delivery_attempts.rb ADDED Viewed

@@ -0,0 +1,11 @@
+class CreateWebhooksOutgoingDeliveryAttempts < ActiveRecord::Migration[5.2]
+  def change
+    create_table :webhooks_outgoing_delivery_attempts do |t|
+      t.integer :delivery_id
+      t.integer :response_code
+      t.text :response_body
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20180420172112_add_error_message_to_webhooks_outgoing_delivery_attempt.rb ADDED Viewed

@@ -0,0 +1,6 @@
+class AddErrorMessageToWebhooksOutgoingDeliveryAttempt < ActiveRecord::Migration[5.2]
+  def change
+    add_column :webhooks_outgoing_delivery_attempts, :response_message, :text
+    add_column :webhooks_outgoing_delivery_attempts, :error_message, :text
+  end
+end

data/db/migrate/20181012234232_add_name_to_webhooks_outgoing_endpoints.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddNameToWebhooksOutgoingEndpoints < ActiveRecord::Migration[5.2]
+  def change
+    add_column :webhooks_outgoing_endpoints, :name, :string
+  end
+end

data/db/migrate/20181013030208_add_delivered_at_to_webhooks_outgoing_deliveries.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddDeliveredAtToWebhooksOutgoingDeliveries < ActiveRecord::Migration[5.2]
+  def change
+    add_column :webhooks_outgoing_deliveries, :delivered_at, :datetime
+  end
+end

data/db/migrate/20181013165056_add_uuid_to_webhooks_outgoing_events.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddUuidToWebhooksOutgoingEvents < ActiveRecord::Migration[5.2]
+  def change
+    add_column :webhooks_outgoing_events, :uuid, :string
+  end
+end

data/db/migrate/20181013174539_add_payload_to_webhooks_outgoing_events.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddPayloadToWebhooksOutgoingEvents < ActiveRecord::Migration[5.2]
+  def change
+    add_column :webhooks_outgoing_events, :payload, :jsonb
+  end
+end

data/db/migrate/20181013192951_add_attempt_number_to_webhooks_outgoing_delivery_attempts.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddAttemptNumberToWebhooksOutgoingDeliveryAttempts < ActiveRecord::Migration[5.2]
+  def change
+    add_column :webhooks_outgoing_delivery_attempts, :attempt_number, :integer
+  end
+end

data/db/migrate/20210805060451_change_body_to_data_on_webhooks_outgoing_events.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class ChangeBodyToDataOnWebhooksOutgoingEvents < ActiveRecord::Migration[6.1]
+  def change
+    rename_column :webhooks_outgoing_events, :body, :data
+  end
+end

data/db/migrate/20211126230846_add_event_type_ids_to_webhooks_outgoing_endpoints.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddEventTypeIdsToWebhooksOutgoingEndpoints < ActiveRecord::Migration[6.1]
+  def change
+    add_column :webhooks_outgoing_endpoints, :event_type_ids, :jsonb, default: []
+  end
+end

data/db/migrate/20211126230847_migrate_event_type_ids_on_webhooks_outgoing_endpoints.rb ADDED Viewed

@@ -0,0 +1,8 @@
+class MigrateEventTypeIdsOnWebhooksOutgoingEndpoints < ActiveRecord::Migration[6.1]
+  def change
+    Webhooks::Outgoing::Endpoint.find_each do |endpoint|
+      event_type_ids = ActiveRecord::Base.connection.execute("SELECT * FROM webhooks_outgoing_endpoint_event_types JOIN webhooks_outgoing_event_types ON webhooks_outgoing_endpoint_event_types.event_type_id = webhooks_outgoing_event_types.id WHERE endpoint_id = #{endpoint.id}").to_a.map { |result| result.dig("name") }
+      endpoint.update(event_type_ids: event_type_ids)
+    end
+  end
+end

data/db/migrate/20211127013539_remove_event_type_from_webhooks_outgoing_events.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class RemoveEventTypeFromWebhooksOutgoingEvents < ActiveRecord::Migration[6.1]
+  def change
+    remove_reference :webhooks_outgoing_events, :event_type, null: false, foreign_key: false
+  end
+end

data/db/migrate/20211127013800_add_new_event_type_id_to_webhooks_outgoing_events.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddNewEventTypeIdToWebhooksOutgoingEvents < ActiveRecord::Migration[6.1]
+  def change
+    add_column :webhooks_outgoing_events, :event_type_id, :string
+  end
+end

data/db/migrate/20211127014001_migrate_event_types_on_webhooks_outgoing_events.rb ADDED Viewed

@@ -0,0 +1,10 @@
+class MigrateEventTypesOnWebhooksOutgoingEvents < ActiveRecord::Migration[6.1]
+  def up
+    Webhooks::Outgoing::Event.find_each do |event|
+      event.update_column(:event_type_id, event.payload.dig("event_type"))
+    end
+  end
+  def down
+  end
+end

data/db/migrate/20211127015712_drop_webhooks_outgoing_endpoint_event_types.rb ADDED Viewed

@@ -0,0 +1,9 @@
+class DropWebhooksOutgoingEndpointEventTypes < ActiveRecord::Migration[6.1]
+  def up
+    drop_table :webhooks_outgoing_endpoint_event_types
+  end
+  def down
+    raise ActiveRecord::IrreversibleMigration
+  end
+end

data/db/migrate/20211127015713_drop_webhooks_outgoing_event_types.rb ADDED Viewed

@@ -0,0 +1,9 @@
+class DropWebhooksOutgoingEventTypes < ActiveRecord::Migration[6.1]
+  def up
+    drop_table :webhooks_outgoing_event_types
+  end
+  def down
+    raise ActiveRecord::IrreversibleMigration
+  end
+end

data/lib/bullet_train/outgoing_webhooks/engine.rb CHANGED Viewed

@@ -1,6 +1,38 @@
 module BulletTrain
   module OutgoingWebhooks
     class Engine < ::Rails::Engine
+      config.before_configuration do
+        default_blocked_cidrs = %w[
+          10.0.0.0/8
+          172.16.0.0/12
+          192.168.0.0/16
+          100.64.0.0/10
+          127.0.0.0/8
+          169.254.169.254/32
+          fc00::/7
+          ::1
+        ]
+        config.outgoing_webhooks = {
+          blocked_cidrs: default_blocked_cidrs,
+          allowed_cidrs: [],
+          blocked_hostnames: %w[localhost],
+          allowed_hostnames: [],
+          public_resolvers: %w[8.8.8.8 1.1.1.1],
+          allowed_schemes: %w[http https],
+          custom_block_callback: nil,
+          custom_allow_callback: nil,
+          audit_callback: ->(obj, uri) { Rails.logger.error("BlockedURI obj=#{obj.persisted? ? obj.to_global_id : "New #{obj.class}"} uri=#{uri}") }
+        }
+      end
+      initializer "bullet_train.outgoing_webhooks.register_api_endpoints" do |app|
+        if Object.const_defined?("BulletTrain::Api")
+          BulletTrain::Api.endpoints << "Api::V1::Webhooks::Outgoing::EndpointsEndpoint"
+          BulletTrain::Api.endpoints << "Api::V1::Webhooks::Outgoing::DeliveriesEndpoint"
+          BulletTrain::Api.endpoints << "Api::V1::Webhooks::Outgoing::DeliveryAttemptsEndpoint"
+        end
+      end
     end
   end
 end

data/lib/bullet_train/outgoing_webhooks/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module BulletTrain
   module OutgoingWebhooks
-    VERSION = "1.0.2"
+    VERSION = "1.0.5"
   end
 end