RubyGems - bullet_train-outgoing_webhooks - Versions diffs - 1.0.3 → 1.1.0 - Mend

bullet_train-outgoing_webhooks 1.0.3 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (53) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fd1762f370294c608f481e2b2b1ad2782d550180860a2932cda6e926b6400e4a
-  data.tar.gz: 4f8f18c48c13adbc8f1df26e7eb718572db33c3c8e2c9dd9712c77f6c8467e34
+  metadata.gz: 067e22f503dd4bf72b809ba6cd0d0e43d3930a50876a2bc5c846bc186700a3ff
+  data.tar.gz: fbddcd29981bdb80d81c7a66ed0fb15ef36d971ebeaf7eab50b4e8ae9d54fe99
 SHA512:
-  metadata.gz: 0541cf59eb0f505f0bf21ec0cce2a38bb25157f4e42fb568a1b8d9a9baf064b92fe0bb8261503546d0cab15e6a30ac81d447753f96bdc66b2591438117541643
-  data.tar.gz: 5620e58172c9eecfb6efcf7cde46b38d28d834256bf6e4346b6369d08a23dfa90155e69ae3c3ae466c3aa7ccb85ac6bd1f078e6ec164028ae06b0b18806045b2
+  metadata.gz: 20128e3bb542c2e40d0b93d331a8e0e5bec6cca33ec5b6a2ceaf0e2cbbb8fd155150c40cf82cd89aaedcc1242bce7a8cd5a8c571ff0cc2bd22d0348057b0ff04
+  data.tar.gz: b4ace453d0be7351e0ce89e9fc451a492c3e8fc11f4b5270c57012494caefba063cd7577f875bb5dccde9a46a9a17a4b188c4393e0926d2999978d9d992163ec

data/MIT-LICENSE CHANGED Viewed

@@ -1,4 +1,4 @@
-Copyright 2022 Andrew Culver
+Copyright 2022 Bullet Train, Inc.
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/app/assets/config/{bullet_train_outgoing_webhooks_web_manifest.js → bullet_train_outgoing_webhooks_manifest.js} RENAMED Viewed

File without changes

data/app/controllers/account/webhooks/outgoing/endpoints_controller.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 class Account::Webhooks::Outgoing::EndpointsController < Account::ApplicationController
-  account_load_and_authorize_resource :endpoint, through: :team, through_association: :webhooks_outgoing_endpoints
+  account_load_and_authorize_resource :endpoint, through: BulletTrain::OutgoingWebhooks.parent_association, through_association: :webhooks_outgoing_endpoints
+  before_action { @parent = instance_variable_get("@#{BulletTrain::OutgoingWebhooks.parent_association}") }
   # GET /account/teams/:team_id/webhooks/outgoing/endpoints
   # GET /account/teams/:team_id/webhooks/outgoing/endpoints.json
@@ -26,7 +27,7 @@ class Account::Webhooks::Outgoing::EndpointsController < Account::ApplicationCon
   def create
     respond_to do |format|
       if @endpoint.save
-        format.html { redirect_to [:account, @team, :webhooks_outgoing_endpoints], notice: I18n.t("webhooks/outgoing/endpoints.notifications.created") }
+        format.html { redirect_to [:account, @parent, :webhooks_outgoing_endpoints], notice: I18n.t("webhooks/outgoing/endpoints.notifications.created") }
         format.json { render :show, status: :created, location: [:account, @endpoint] }
       else
         format.html { render :new, status: :unprocessable_entity }
@@ -54,7 +55,7 @@ class Account::Webhooks::Outgoing::EndpointsController < Account::ApplicationCon
   def destroy
     @endpoint.destroy
     respond_to do |format|
-      format.html { redirect_to [:account, @team, :webhooks_outgoing_endpoints], notice: I18n.t("webhooks/outgoing/endpoints.notifications.destroyed") }
+      format.html { redirect_to [:account, @parent, :webhooks_outgoing_endpoints], notice: I18n.t("webhooks/outgoing/endpoints.notifications.destroyed") }
       format.json { head :no_content }
     end
   end

data/app/jobs/webhooks/outgoing/delivery_job.rb ADDED Viewed

@@ -0,0 +1,7 @@
+class Webhooks::Outgoing::DeliveryJob < ApplicationJob
+  queue_as :default
+  def perform(delivery)
+    delivery.deliver
+  end
+end

data/app/jobs/webhooks/outgoing/generate_job.rb ADDED Viewed

@@ -0,0 +1,7 @@
+class Webhooks::Outgoing::GenerateJob < ApplicationJob
+  queue_as :default
+  def perform(obj, action)
+    obj.generate_webhook_perform(action)
+  end
+end

data/app/models/concerns/webhooks/outgoing/delivery_attempt_support.rb ADDED Viewed

@@ -0,0 +1,64 @@
+module Webhooks::Outgoing::DeliveryAttemptSupport
+  extend ActiveSupport::Concern
+  include Webhooks::Outgoing::UriFiltering
+  SUCCESS_RESPONSE_CODES = [200, 201, 202, 203, 204, 205, 206, 207, 226].freeze
+  included do
+    belongs_to :delivery
+    has_one :team, through: :delivery unless BulletTrain::OutgoingWebhooks.parent_class_specified?
+    scope :successful, -> { where(response_code: SUCCESS_RESPONSE_CODES) }
+    before_create do
+      self.attempt_number = delivery.attempt_count + 1
+    end
+    validates :response_code, presence: true
+  end
+  def still_attempting?
+    error_message.nil? && response_code.nil?
+  end
+  def successful?
+    SUCCESS_RESPONSE_CODES.include?(response_code)
+  end
+  def failed?
+    !(successful? || still_attempting?)
+  end
+  def attempt
+    uri = URI.parse(delivery.endpoint_url)
+    unless allowed_uri?(uri)
+      self.response_code = 0
+      self.error_message = "URI is not allowed: " + uri
+      return false
+    end
+    http = Net::HTTP.new(resolve_ip_from_authoritative(uri.hostname.downcase), uri.port)
+    http.use_ssl = true if uri.scheme == "https"
+    request = Net::HTTP::Post.new(uri.path)
+    request.add_field("Host", uri.host)
+    request.add_field("Content-Type", "application/json")
+    request.body = delivery.event.payload.to_json
+    begin
+      response = http.request(request)
+      self.response_message = response.message
+      self.response_code = response.code
+      self.response_body = response.body
+    rescue => exception
+      self.response_code = 0
+      self.error_message = exception.message
+    end
+    save
+    successful?
+  end
+  def label_string
+    "#{attempt_number.ordinalize} Attempt"
+  end
+end

data/app/models/concerns/webhooks/outgoing/delivery_support.rb ADDED Viewed

@@ -0,0 +1,66 @@
+module Webhooks::Outgoing::DeliverySupport
+  extend ActiveSupport::Concern
+  included do
+    belongs_to :endpoint, class_name: "Webhooks::Outgoing::Endpoint"
+    belongs_to :event, class_name: "Webhooks::Outgoing::Event"
+    has_one :team, through: :endpoint unless BulletTrain::OutgoingWebhooks.parent_class_specified?
+    has_many :delivery_attempts, class_name: "Webhooks::Outgoing::DeliveryAttempt", dependent: :destroy, foreign_key: :delivery_id
+  end
+  ATTEMPT_SCHEDULE = {
+    1 => 15.seconds,
+    2 => 1.minute,
+    3 => 5.minutes,
+    4 => 15.minutes,
+    5 => 1.hour,
+  }
+  def label_string
+    event.short_uuid
+  end
+  def next_reattempt_delay
+    ATTEMPT_SCHEDULE[attempt_count]
+  end
+  def deliver_async
+    if still_attempting?
+      Webhooks::Outgoing::DeliveryJob.set(wait: next_reattempt_delay).perform_later(self)
+    end
+  end
+  def deliver
+    if delivery_attempts.create.attempt
+      touch(:delivered_at)
+    else
+      deliver_async
+    end
+  end
+  def attempt_count
+    delivery_attempts.count
+  end
+  def delivered?
+    delivered_at.present?
+  end
+  def still_attempting?
+    return false if delivered?
+    attempt_count < max_attempts
+  end
+  def failed?
+    !(delivered? || still_attempting?)
+  end
+  def name
+    event.short_uuid
+  end
+  def max_attempts
+    ATTEMPT_SCHEDULE.keys.max
+  end
+end

data/app/models/concerns/webhooks/outgoing/endpoint_support.rb ADDED Viewed

@@ -0,0 +1,37 @@
+module Webhooks::Outgoing::EndpointSupport
+  extend ActiveSupport::Concern
+  include Webhooks::Outgoing::UriFiltering
+  included do
+    belongs_to BulletTrain::OutgoingWebhooks.parent_association
+    has_many :deliveries, class_name: "Webhooks::Outgoing::Delivery", dependent: :destroy, foreign_key: :endpoint_id
+    has_many :events, -> { distinct }, through: :deliveries
+    scope :listening_for_event_type_id, ->(event_type_id) { where("event_type_ids @> ? OR event_type_ids = '[]'::jsonb", "\"#{event_type_id}\"") }
+    validates :name, presence: true
+    before_validation { url&.strip! }
+    validates :url, presence: true, allowed_uri: true
+    after_initialize do
+      self.event_type_ids ||= []
+    end
+    after_save :touch_parent
+  end
+  def valid_event_types
+    Webhooks::Outgoing::EventType.all
+  end
+  def event_types
+    event_type_ids.map { |id| Webhooks::Outgoing::EventType.find(id) }
+  end
+  def touch_parent
+    send(BulletTrain::OutgoingWebhooks.parent_association).touch
+  end
+end

data/app/models/concerns/webhooks/outgoing/event_support.rb ADDED Viewed

@@ -0,0 +1,45 @@
+module Webhooks::Outgoing::EventSupport
+  extend ActiveSupport::Concern
+  include HasUuid
+  included do
+    belongs_to BulletTrain::OutgoingWebhooks.parent_association
+    belongs_to :event_type, class_name: "Webhooks::Outgoing::EventType"
+    belongs_to :subject, polymorphic: true
+    has_many :deliveries, dependent: :destroy
+    before_create do
+      self.payload = generate_payload
+    end
+  end
+  def generate_payload
+    {
+      event_id: uuid,
+      event_type: event_type_id,
+      subject_id: subject_id,
+      subject_type: subject_type,
+      data: data
+    }
+  end
+  def event_type_name
+    payload.dig("event_type")
+  end
+  def endpoints
+    send(BulletTrain::OutgoingWebhooks.parent_association).webhooks_outgoing_endpoints.listening_for_event_type_id(event_type_id)
+  end
+  def deliver
+    endpoints.each do |endpoint|
+      unless endpoint.deliveries.where(event: self).any?
+        endpoint.deliveries.create(event: self, endpoint_url: endpoint.url).deliver_async
+      end
+    end
+  end
+  def label_string
+    short_uuid
+  end
+end

data/app/models/concerns/webhooks/outgoing/issuing_model.rb ADDED Viewed

@@ -0,0 +1,69 @@
+module Webhooks::Outgoing::IssuingModel
+  extend ActiveSupport::Concern
+  # define relationships.
+  included do
+    after_commit :generate_created_webhook, on: [:create]
+    after_commit :generate_updated_webhook, on: [:update]
+    after_commit :generate_deleted_webhook, on: [:destroy]
+    has_many :webhooks_outgoing_events, as: :subject, class_name: "Webhooks::Outgoing::Event", dependent: :nullify
+  end
+  def skip_generate_webhook?(action)
+    false
+  end
+  def parent
+    return unless respond_to? BulletTrain::OutgoingWebhooks.parent_association
+    send(BulletTrain::OutgoingWebhooks.parent_association)
+  end
+  def generate_webhook(action, async: true)
+    # allow individual models to opt out of generating webhooks
+    return if skip_generate_webhook?(action)
+    # we can only generate webhooks for objects that return their their team / parent.
+    return unless parent.present?
+    # Try to find an event type definition for this action.
+    event_type = Webhooks::Outgoing::EventType.find_by(id: "#{self.class.name.underscore}.#{action}")
+    # If the event type is defined as one that people can be subscribed to,
+    # and this object has a parent where an associated outgoing webhooks endpoint could be registered.
+    if event_type
+      # Only generate an event record if an endpoint is actually listening for this event type.
+      if parent.endpoints_listening_for_event_type?(event_type)
+        if async
+          # serialization can be heavy so run it as a job
+          Webhooks::Outgoing::GenerateJob.perform_later(self, action)
+        else
+          generate_webhook_perform(action)
+        end
+      end
+    end
+  end
+  def generate_webhook_perform(action)
+    event_type = Webhooks::Outgoing::EventType.find_by(id: "#{self.class.name.underscore}.#{action}")
+    # TODO This is crazy that we generate JSON just to parse it. Can't be good for performance.
+    # Does Jbuilder support generating a hash instead of a JSON string?
+    data = JSON.parse(to_api_json)
+    webhook = send(BulletTrain::OutgoingWebhooks.parent_association).webhooks_outgoing_events.create(event_type_id: event_type.id, subject: self, data: data)
+    webhook.deliver
+  end
+  def generate_created_webhook
+    generate_webhook(:created)
+  end
+  def generate_updated_webhook
+    generate_webhook(:updated)
+  end
+  def generate_deleted_webhook
+    return false unless parent.present?
+    return false if parent.being_destroyed?
+    generate_webhook(:deleted, async: false)
+  end
+end

data/app/models/concerns/webhooks/outgoing/team_support.rb ADDED Viewed

@@ -0,0 +1,31 @@
+module Webhooks::Outgoing::TeamSupport
+  extend ActiveSupport::Concern
+  included do
+    has_many :webhooks_outgoing_endpoints, class_name: "Webhooks::Outgoing::Endpoint", dependent: :destroy
+    has_many :webhooks_outgoing_events, class_name: "Webhooks::Outgoing::Event", dependent: :destroy
+    before_destroy :mark_for_destruction, prepend: true
+  end
+  def should_cache_endpoints_listening_for_event_type?
+    true
+  end
+  def endpoints_listening_for_event_type?(event_type)
+    if should_cache_endpoints_listening_for_event_type?
+      key = "#{cache_key_with_version}/endpoints_for_event_type/#{event_type.cache_key}"
+      Rails.cache.fetch(key, expires_in: 24.hours, race_condition_ttl: 5.seconds) do
+        webhooks_outgoing_endpoints.listening_for_event_type_id(event_type.id).any?
+      end
+    else
+      webhooks_outgoing_endpoints.listening_for_event_type_id(event_type.id).any?
+    end
+  end
+  def mark_for_destruction
+    # This allows downstream logic to check whether a team is being destroyed in order to bypass webhook issuance.
+    update_column(:being_destroyed, true)
+  end
+end

data/app/models/concerns/webhooks/outgoing/uri_filtering.rb ADDED Viewed

@@ -0,0 +1,149 @@
+require "resolv"
+require "public_suffix"
+module Webhooks::Outgoing::UriFiltering
+  extend ActiveSupport::Concern
+  # WEBHOOK SECURITY PRIMER
+  # =============================================================================
+  # Outgoing webhooks can be dangerous. By allowing your users to set
+  # up outgoing webhooks, you"re giving them permission to call arbitrary
+  # URLs from your server, including URLs that could represent resources
+  # internal to your company. Malicious actors can use this permission to
+  # examine your infrastructure, call internal APIs, and generally cause
+  # havok.
+  # This module attempts to block malicious actors with the following algorithm
+  #   1. Block anything but http and https requests
+  #   2. Block or allow defined hostnames, both regex and strings
+  #   3. Block if `custom_block_callback` returns true (args: self, uri)
+  #   4. Allow if `custom_allow_callback` returns true (args: self, uri)
+  #   5. Resolve the IP associated with the webhook"s host directly from
+  #      the authoritative name server for the host"s domain. This IP
+  #      is cached for the returned DNS TTL
+  #   6. Match the given IP against lists of allowed and blocked cidr ranges.
+  #      The blocked list by default includes all of the defined private address
+  #      ranges, localhost, the private IPv6 prefix, and the AWS metadata
+  #      API endpoint.
+  # If at any point a URI is determined to be blocked we call `audit_callback`
+  # (args: self, uri) so it can be logged for auditing.
+  # We resolve the IP from the authoritative name server directly so we can avoid
+  # certain classes of DNS poisoning attacks.
+  # Users of this gem are _strongly_ enouraged to add additional cidr ranges
+  # and hostnames to the appropriate lists and/or implement `custom_block_callback`.
+  # At the very least you should add the public hostname that your
+  # application uses to the blocked_hostnames list.
+  class AllowedUriValidator < ActiveModel::EachValidator
+    def validate_each(record, attribute, value)
+      uri = URI.parse(value)
+      unless record.allowed_uri?(uri)
+        record.errors.add attribute, "is not an allowed uri"
+      end
+    end
+  end
+  def resolve_ip_from_authoritative(hostname)
+    begin
+      ip = IPAddr.new(hostname)
+      return ip.to_s
+    rescue IPAddr::InvalidAddressError
+      # this is fine, proceed with resolver path
+    end
+    cache_key = "#{cache_key_with_version}/uri_ip/#{Digest::SHA2.hexdigest(hostname)}"
+    cached = Rails.cache.read(cache_key)
+    if cached
+      return cached == "invalid" ? nil : cached
+    end
+    begin
+      # This is sort of a half-recursive DNS resolver.
+      # We can't implement a full recursive resolver using just Resolv::DNS so instead
+      # this asks a public cache for the NS record for the given domain. Then it asks
+      # the authoritative nameserver directly for the address and caches it according
+      # to the returned TTL.
+      config = Rails.configuration.outgoing_webhooks
+      ns_resolver = Resolv::DNS.new(nameserver: config[:public_resolvers])
+      ns_resolver.timeouts = 1
+      domain = PublicSuffix.domain(hostname)
+      authoritative = ns_resolver.getresource(domain, Resolv::DNS::Resource::IN::NS)
+      authoritative_resolver = Resolv::DNS.new(nameserver: [authoritative.name.to_s])
+      authoritative_resolver.timeouts = 1
+      resource = authoritative_resolver.getresource(hostname, Resolv::DNS::Resource::IN::A)
+      Rails.cache.write(cache_key, resource.address.to_s, expires_in: resource.ttl, race_condition_ttl: 5)
+      resource.address.to_s
+    rescue IPAddr::InvalidAddressError, ArgumentError # standard:disable Lint/ShadowedException
+      Rails.cache.write(cache_key, "invalid", expires_in: 10.minutes, race_condition_ttl: 5)
+      nil
+    end
+  end
+  def allowed_uri?(uri)
+    unless _allowed_uri?(uri)
+      config = Rails.configuration.outgoing_webhooks
+      if config[:audit_callback].present?
+        config[:audit_callback].call(self, uri)
+      end
+      return false
+    end
+    true
+  end
+  def _allowed_uri?(uri)
+    config = Rails.configuration.outgoing_webhooks
+    hostname = uri.hostname.downcase
+    return false unless config[:allowed_schemes].include?(uri.scheme)
+    config[:blocked_hostnames].each do |blocked|
+      if blocked.is_a?(Regexp)
+        return false if blocked.match?(hostname)
+      end
+      return false if blocked == hostname
+    end
+    config[:allowed_hostnames].each do |allowed|
+      if allowed.is_a?(Regexp)
+        return true if allowed.match?(hostname)
+      end
+      return true if allowed == hostname
+    end
+    if config[:custom_allow_callback].present?
+      return true if config[:custom_allow_callback].call(self, uri)
+    end
+    if config[:custom_block_callback].present?
+      return false if config[:custom_block_callback].call(self, uri)
+    end
+    resolved_ip = resolve_ip_from_authoritative(hostname)
+    return false if resolved_ip.nil?
+    begin
+      config[:allowed_cidrs].each do |cidr|
+        return true if IPAddr.new(cidr).include?(resolved_ip)
+      end
+      config[:blocked_cidrs].each do |cidr|
+        return false if IPAddr.new(cidr).include?(resolved_ip)
+      end
+    rescue IPAddr::InvalidAddressError
+      return false
+    end
+    true
+  end
+end

data/app/models/webhooks/outgoing/delivery.rb ADDED Viewed

@@ -0,0 +1,20 @@
+class Webhooks::Outgoing::Delivery < BulletTrain::OutgoingWebhooks.base_class.constantize
+  include Webhooks::Outgoing::DeliverySupport
+  # 🚅 add concerns above.
+  # 🚅 add belongs_to associations above.
+  # 🚅 add has_many associations above.
+  # 🚅 add has_one associations above.
+  # 🚅 add scopes above.
+  # 🚅 add validations above.
+  # 🚅 add callbacks above.
+  # 🚅 add delegations above.
+  # 🚅 add methods above.
+end

data/app/models/webhooks/outgoing/delivery_attempt.rb ADDED Viewed

@@ -0,0 +1,20 @@
+class Webhooks::Outgoing::DeliveryAttempt < BulletTrain::OutgoingWebhooks.base_class.constantize
+  include Webhooks::Outgoing::DeliveryAttemptSupport
+  # 🚅 add concerns above.
+  # 🚅 add belongs_to associations above.
+  # 🚅 add has_many associations above.
+  # 🚅 add has_one associations above.
+  # 🚅 add scopes above.
+  # 🚅 add validations above.
+  # 🚅 add callbacks above.
+  # 🚅 add delegations above.
+  # 🚅 add methods above.
+end

data/app/models/webhooks/outgoing/endpoint.rb ADDED Viewed

@@ -0,0 +1,20 @@
+class Webhooks::Outgoing::Endpoint < BulletTrain::OutgoingWebhooks.base_class.constantize
+  include Webhooks::Outgoing::EndpointSupport
+  # 🚅 add concerns above.
+  # 🚅 add belongs_to associations above.
+  # 🚅 add has_many associations above.
+  # 🚅 add has_one associations above.
+  # 🚅 add scopes above.
+  # 🚅 add validations above.
+  # 🚅 add callbacks above.
+  # 🚅 add delegations above.
+  # 🚅 add methods above.
+end

data/app/models/webhooks/outgoing/event.rb ADDED Viewed

@@ -0,0 +1,3 @@
+class Webhooks::Outgoing::Event < BulletTrain::OutgoingWebhooks.base_class.constantize
+  include Webhooks::Outgoing::EventSupport
+end

data/app/models/webhooks/outgoing/event_type.rb ADDED Viewed

@@ -0,0 +1,13 @@
+class Webhooks::Outgoing::EventType < ApplicationHash
+  self.data = YAML.load_file("config/models/webhooks/outgoing/event_types.yml").map do |topic, events|
+    events.map { |event| event == "crud" ? ["created", "updated", "deleted"] : event }.flatten.map { |event| {id: "#{topic}.#{event}"} }
+  end.flatten
+  def label_string
+    name
+  end
+  def name
+    id
+  end
+end

data/app/models/webhooks/outgoing.rb ADDED Viewed

@@ -0,0 +1,5 @@
+module Webhooks::Outgoing
+  def self.table_name_prefix
+    "webhooks_outgoing_"
+  end
+end

data/app/models/webhooks.rb ADDED Viewed

@@ -0,0 +1,5 @@
+module Webhooks
+  def self.table_name_prefix
+    "webhooks_"
+  end
+end

data/app/views/account/webhooks/outgoing/deliveries/_menu_item.html.erb CHANGED Viewed

@@ -1,6 +1,6 @@
-<% if can? :read, Webhooks::Outgoing::Delivery.new(team: current_team) %>
+<% if can? :read, Webhooks::Outgoing::Delivery.new(BulletTrain::OutgoingWebhooks.parent_association => send(BulletTrain::OutgoingWebhooks.current_parent_method)) %>
   <%= render 'account/shared/menu/item', {
-    url: main_app.polymorphic_path([:account, current_team, :webhooks_outgoing_deliveries]),
+    url: main_app.polymorphic_path([:account, send(BulletTrain::OutgoingWebhooks.current_parent_method), :webhooks_outgoing_deliveries]),
     label: t('webhooks/outgoing/deliveries.navigation.label'),
   } do |p| %>
     <% p.content_for :icon do %>

data/app/views/account/webhooks/outgoing/delivery_attempts/_menu_item.html.erb CHANGED Viewed

@@ -1,6 +1,6 @@
-<% if can? :read, Webhooks::Outgoing::DeliveryAttempt.new(team: current_team) %>
+<% if can? :read, Webhooks::Outgoing::DeliveryAttempt.new(BulletTrain::OutgoingWebhooks.parent_association => send(BulletTrain::OutgoingWebhooks.current_parent_method)) %>
   <%= render 'account/shared/menu/item', {
-    url: main_app.polymorphic_path([:account, current_team, :webhooks_outgoing_delivery_attempts]),
+    url: main_app.polymorphic_path([:account, send(BulletTrain::OutgoingWebhooks.current_parent_method), :webhooks_outgoing_delivery_attempts]),
     label: t('webhooks/outgoing/delivery_attempts.navigation.label'),
   } do |p| %>
     <% p.content_for :icon do %>

data/app/views/account/webhooks/outgoing/endpoints/_breadcrumbs.html.erb CHANGED Viewed

@@ -1,5 +1,5 @@
 <% endpoint ||= @endpoint %>
-<% team ||= @team || endpoint&.team %>
+<% team ||= @parent || endpoint&.send(BulletTrain::OutgoingWebhooks.parent_association) %>
 <%= render 'account/teams/breadcrumbs', team: team %>
 <%= render 'account/shared/breadcrumb', label: t('.label'), url: [:account, team, :webhooks_outgoing_endpoints] %>
 <% if endpoint&.persisted? %>

data/app/views/account/webhooks/outgoing/endpoints/_form.html.erb CHANGED Viewed

@@ -1,4 +1,4 @@
-<%= form_with model: endpoint, url: (endpoint.persisted? ? [:account, endpoint] : [:account, @team, :webhooks_outgoing_endpoints]), local: true, class: 'form' do |form| %>
+<%= form_with model: endpoint, url: (endpoint.persisted? ? [:account, endpoint] : [:account, @parent, :webhooks_outgoing_endpoints]), local: true, class: 'form' do |form| %>
   <%= render 'account/shared/forms/errors', form: form %>
   <% with_field_settings form: form do %>
@@ -14,7 +14,7 @@
     <% if form.object.persisted? %>
     <%= link_to t('global.buttons.cancel'), [:account, endpoint], class: "button-secondary" %>
     <% else %>
-    <%= link_to t('global.buttons.cancel'), [:account, @team, :webhooks_outgoing_endpoints], class: "button-secondary" %>
+    <%= link_to t('global.buttons.cancel'), [:account, @parent, :webhooks_outgoing_endpoints], class: "button-secondary" %>
     <% end %>
   </div>

data/app/views/account/webhooks/outgoing/endpoints/_index.html.erb CHANGED Viewed

@@ -1,4 +1,4 @@
-<% team = @team || @team %>
+<% team = @parent %>
 <% context ||= team %>
 <% collection ||= :webhooks_outgoing_endpoints %>
 <% hide_actions ||= false %>
@@ -49,8 +49,8 @@
   <% p.content_for :actions do %>
     <% unless hide_actions %>
       <% if context == team %>
-        <% if can? :create, Webhooks::Outgoing::Endpoint.new(team: team) %>
-          <%= link_to t('.buttons.new'), [:new, :account, team, :webhooks_outgoing_endpoint], class: "#{first_button_primary(:webhooks_outgoing_endpoint)} new" %>
+        <% if can? :create, Webhooks::Outgoing::Endpoint.new(BulletTrain::OutgoingWebhooks.parent_association => @parent) %>
+          <%= link_to t('.buttons.new'), [:new, :account, @parent, :webhooks_outgoing_endpoint], class: "#{first_button_primary(:webhooks_outgoing_endpoint)} new" %>
         <% end %>
       <% end %>

data/app/views/account/webhooks/outgoing/endpoints/_menu_item.html.erb CHANGED Viewed

@@ -1,6 +1,6 @@
-<% if can? :read, Webhooks::Outgoing::Endpoint.new(team: current_team) %>
+<% if can? :read, Webhooks::Outgoing::Endpoint.new(BulletTrain::OutgoingWebhooks.parent_association => send(BulletTrain::OutgoingWebhooks.current_parent_method)) %>
   <%= render 'account/shared/menu/item', {
-    url: main_app.polymorphic_path([:account, current_team, :webhooks_outgoing_endpoints]),
+    url: main_app.polymorphic_path([:account, send(BulletTrain::OutgoingWebhooks.current_parent_method), :webhooks_outgoing_endpoints]),
     label: t('webhooks/outgoing/endpoints.navigation.label'),
   } do |p| %>
     <% p.content_for :icon do %>

data/app/views/account/webhooks/outgoing/endpoints/show.html.erb CHANGED Viewed

@@ -32,7 +32,7 @@
       <% p.content_for :actions do %>
         <%= link_to t('.buttons.edit'), [:edit, :account, @endpoint], class: first_button_primary if can? :edit, @endpoint %>
         <%= button_to t('.buttons.destroy'), [:account, @endpoint], method: :delete, class: first_button_primary, data: { confirm: t('.buttons.confirmations.destroy', model_locales(@endpoint)) } if can? :destroy, @endpoint %>
-        <%= link_to t('global.buttons.back'), [:account, @team, :webhooks_outgoing_endpoints], class: first_button_primary %>
+        <%= link_to t('global.buttons.back'), [:account, @parent, :webhooks_outgoing_endpoints], class: first_button_primary %>
       <% end %>
     <% end %>

data/config/routes.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 Rails.application.routes.draw do
   namespace :account do
     shallow do
-      resources :teams do
+      resources BulletTrain::OutgoingWebhooks.parent_resource do
         namespace :webhooks do
           namespace :outgoing do
             resources :events

data/db/migrate/20180420013127_create_webhooks_outgoing_endpoints.rb ADDED Viewed

@@ -0,0 +1,10 @@
+class CreateWebhooksOutgoingEndpoints < ActiveRecord::Migration[5.2]
+  def change
+    create_table :webhooks_outgoing_endpoints do |t|
+      t.references :team, foreign_key: true
+      t.text :url
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20180420013505_create_webhooks_outgoing_endpoint_event_types.rb ADDED Viewed

@@ -0,0 +1,10 @@
+class CreateWebhooksOutgoingEndpointEventTypes < ActiveRecord::Migration[5.2]
+  def change
+    create_table :webhooks_outgoing_endpoint_event_types do |t|
+      t.integer :endpoint_id
+      t.integer :event_type_id
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20180420013852_create_webhooks_outgoing_event_types.rb ADDED Viewed

@@ -0,0 +1,9 @@
+class CreateWebhooksOutgoingEventTypes < ActiveRecord::Migration[5.2]
+  def change
+    create_table :webhooks_outgoing_event_types do |t|
+      t.string :name
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20180420014623_create_webhooks_outgoing_events.rb ADDED Viewed

@@ -0,0 +1,12 @@
+class CreateWebhooksOutgoingEvents < ActiveRecord::Migration[5.2]
+  def change
+    create_table :webhooks_outgoing_events do |t|
+      t.integer :event_type_id
+      t.integer :subject_id
+      t.string :subject_type
+      t.jsonb :body
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20180420021016_create_webhooks_outgoing_deliveries.rb ADDED Viewed

@@ -0,0 +1,11 @@
+class CreateWebhooksOutgoingDeliveries < ActiveRecord::Migration[5.2]
+  def change
+    create_table :webhooks_outgoing_deliveries do |t|
+      t.integer :endpoint_id
+      t.integer :event_id
+      t.text :endpoint_url
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20180420022027_add_team_to_webhooks_outgoing_events.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddTeamToWebhooksOutgoingEvents < ActiveRecord::Migration[5.2]
+  def change
+    add_reference :webhooks_outgoing_events, :team, foreign_key: true
+  end
+end

data/db/migrate/20180420165345_create_webhooks_outgoing_delivery_attempts.rb ADDED Viewed

@@ -0,0 +1,11 @@
+class CreateWebhooksOutgoingDeliveryAttempts < ActiveRecord::Migration[5.2]
+  def change
+    create_table :webhooks_outgoing_delivery_attempts do |t|
+      t.integer :delivery_id
+      t.integer :response_code
+      t.text :response_body
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20180420172112_add_error_message_to_webhooks_outgoing_delivery_attempt.rb ADDED Viewed

@@ -0,0 +1,6 @@
+class AddErrorMessageToWebhooksOutgoingDeliveryAttempt < ActiveRecord::Migration[5.2]
+  def change
+    add_column :webhooks_outgoing_delivery_attempts, :response_message, :text
+    add_column :webhooks_outgoing_delivery_attempts, :error_message, :text
+  end
+end

data/db/migrate/20181012234232_add_name_to_webhooks_outgoing_endpoints.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddNameToWebhooksOutgoingEndpoints < ActiveRecord::Migration[5.2]
+  def change
+    add_column :webhooks_outgoing_endpoints, :name, :string
+  end
+end

data/db/migrate/20181013030208_add_delivered_at_to_webhooks_outgoing_deliveries.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddDeliveredAtToWebhooksOutgoingDeliveries < ActiveRecord::Migration[5.2]
+  def change
+    add_column :webhooks_outgoing_deliveries, :delivered_at, :datetime
+  end
+end

data/db/migrate/20181013165056_add_uuid_to_webhooks_outgoing_events.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddUuidToWebhooksOutgoingEvents < ActiveRecord::Migration[5.2]
+  def change
+    add_column :webhooks_outgoing_events, :uuid, :string
+  end
+end

data/db/migrate/20181013174539_add_payload_to_webhooks_outgoing_events.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddPayloadToWebhooksOutgoingEvents < ActiveRecord::Migration[5.2]
+  def change
+    add_column :webhooks_outgoing_events, :payload, :jsonb
+  end
+end

data/db/migrate/20181013192951_add_attempt_number_to_webhooks_outgoing_delivery_attempts.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddAttemptNumberToWebhooksOutgoingDeliveryAttempts < ActiveRecord::Migration[5.2]
+  def change
+    add_column :webhooks_outgoing_delivery_attempts, :attempt_number, :integer
+  end
+end

data/db/migrate/20210805060451_change_body_to_data_on_webhooks_outgoing_events.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class ChangeBodyToDataOnWebhooksOutgoingEvents < ActiveRecord::Migration[6.1]
+  def change
+    rename_column :webhooks_outgoing_events, :body, :data
+  end
+end

data/db/migrate/20211126230846_add_event_type_ids_to_webhooks_outgoing_endpoints.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddEventTypeIdsToWebhooksOutgoingEndpoints < ActiveRecord::Migration[6.1]
+  def change
+    add_column :webhooks_outgoing_endpoints, :event_type_ids, :jsonb, default: []
+  end
+end

data/db/migrate/20211126230847_migrate_event_type_ids_on_webhooks_outgoing_endpoints.rb ADDED Viewed

@@ -0,0 +1,8 @@
+class MigrateEventTypeIdsOnWebhooksOutgoingEndpoints < ActiveRecord::Migration[6.1]
+  def change
+    Webhooks::Outgoing::Endpoint.find_each do |endpoint|
+      event_type_ids = ActiveRecord::Base.connection.execute("SELECT * FROM webhooks_outgoing_endpoint_event_types JOIN webhooks_outgoing_event_types ON webhooks_outgoing_endpoint_event_types.event_type_id = webhooks_outgoing_event_types.id WHERE endpoint_id = #{endpoint.id}").to_a.map { |result| result.dig("name") }
+      endpoint.update(event_type_ids: event_type_ids)
+    end
+  end
+end

data/db/migrate/20211127013539_remove_event_type_from_webhooks_outgoing_events.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class RemoveEventTypeFromWebhooksOutgoingEvents < ActiveRecord::Migration[6.1]
+  def change
+    remove_reference :webhooks_outgoing_events, :event_type, null: false, foreign_key: false
+  end
+end

data/db/migrate/20211127013800_add_new_event_type_id_to_webhooks_outgoing_events.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddNewEventTypeIdToWebhooksOutgoingEvents < ActiveRecord::Migration[6.1]
+  def change
+    add_column :webhooks_outgoing_events, :event_type_id, :string
+  end
+end

data/db/migrate/20211127014001_migrate_event_types_on_webhooks_outgoing_events.rb ADDED Viewed

@@ -0,0 +1,10 @@
+class MigrateEventTypesOnWebhooksOutgoingEvents < ActiveRecord::Migration[6.1]
+  def up
+    Webhooks::Outgoing::Event.find_each do |event|
+      event.update_column(:event_type_id, event.payload.dig("event_type"))
+    end
+  end
+  def down
+  end
+end

data/db/migrate/20211127015712_drop_webhooks_outgoing_endpoint_event_types.rb ADDED Viewed

@@ -0,0 +1,9 @@
+class DropWebhooksOutgoingEndpointEventTypes < ActiveRecord::Migration[6.1]
+  def up
+    drop_table :webhooks_outgoing_endpoint_event_types
+  end
+  def down
+    raise ActiveRecord::IrreversibleMigration
+  end
+end

data/db/migrate/20211127015713_drop_webhooks_outgoing_event_types.rb ADDED Viewed

@@ -0,0 +1,9 @@
+class DropWebhooksOutgoingEventTypes < ActiveRecord::Migration[6.1]
+  def up
+    drop_table :webhooks_outgoing_event_types
+  end
+  def down
+    raise ActiveRecord::IrreversibleMigration
+  end
+end

data/lib/bullet_train/outgoing_webhooks/engine.rb CHANGED Viewed

@@ -1,6 +1,30 @@
 module BulletTrain
   module OutgoingWebhooks
     class Engine < ::Rails::Engine
+      config.before_configuration do
+        default_blocked_cidrs = %w[
+          10.0.0.0/8
+          172.16.0.0/12
+          192.168.0.0/16
+          100.64.0.0/10
+          127.0.0.0/8
+          169.254.169.254/32
+          fc00::/7
+          ::1
+        ]
+        config.outgoing_webhooks = {
+          blocked_cidrs: default_blocked_cidrs,
+          allowed_cidrs: [],
+          blocked_hostnames: %w[localhost],
+          allowed_hostnames: [],
+          public_resolvers: %w[8.8.8.8 1.1.1.1],
+          allowed_schemes: %w[http https],
+          custom_block_callback: nil,
+          custom_allow_callback: nil,
+          audit_callback: ->(obj, uri) { Rails.logger.error("BlockedURI obj=#{obj.persisted? ? obj.to_global_id : "New #{obj.class}"} uri=#{uri}") }
+        }
+      end
     end
   end
 end

data/lib/bullet_train/outgoing_webhooks/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module BulletTrain
   module OutgoingWebhooks
-    VERSION = "1.0.3"
+    VERSION = "1.1.0"
   end
 end

data/lib/bullet_train/outgoing_webhooks.rb CHANGED Viewed

@@ -3,6 +3,31 @@ require "bullet_train/outgoing_webhooks/engine"
 module BulletTrain
   module OutgoingWebhooks
-    # Your code goes here...
+    def self.default_for(klass, method, default_value)
+      klass.respond_to?(method) ? klass.send(method) || default_value : default_value
+    end
+    mattr_accessor :parent_class, default: default_for(BulletTrain, :parent_class, "Team")
+    mattr_accessor :base_class, default: default_for(BulletTrain, :base_class, "ApplicationRecord")
+    def self.parent_association
+      parent_class.underscore.to_sym
+    end
+    def self.parent_resource
+      parent_class.underscore.pluralize.to_sym
+    end
+    def self.parent_class_specified?
+      parent_class != "Team"
+    end
+    def self.current_parent_method
+      "current_#{parent_association}"
+    end
+    def self.parent_association_id
+      "#{parent_association}_id".to_sym
+    end
   end
 end

metadata CHANGED Viewed

@@ -1,30 +1,59 @@
 --- !ruby/object:Gem::Specification
 name: bullet_train-outgoing_webhooks
 version: !ruby/object:Gem::Version
-  version: 1.0.3
+  version: 1.1.0
 platform: ruby
 authors:
 - Andrew Culver
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-01-23 00:00:00.000000000 Z
+date: 2022-09-02 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: standard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 7.0.0
+        version: 6.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 6.0.0
+- !ruby/object:Gem::Dependency
+  name: public_suffix
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 7.0.0
-description: Bullet Train Outgoing Webhooks
+        version: '0'
+description: Allow users of your Rails application to subscribe and receive webhooks
+  when activity takes place in your application.
 email:
 - andrew.culver@gmail.com
 executables: []
@@ -34,10 +63,26 @@ files:
 - MIT-LICENSE
 - README.md
 - Rakefile
-- app/assets/config/bullet_train_outgoing_webhooks_web_manifest.js
+- app/assets/config/bullet_train_outgoing_webhooks_manifest.js
 - app/controllers/account/webhooks/outgoing/deliveries_controller.rb
 - app/controllers/account/webhooks/outgoing/delivery_attempts_controller.rb
 - app/controllers/account/webhooks/outgoing/endpoints_controller.rb
+- app/jobs/webhooks/outgoing/delivery_job.rb
+- app/jobs/webhooks/outgoing/generate_job.rb
+- app/models/concerns/webhooks/outgoing/delivery_attempt_support.rb
+- app/models/concerns/webhooks/outgoing/delivery_support.rb
+- app/models/concerns/webhooks/outgoing/endpoint_support.rb
+- app/models/concerns/webhooks/outgoing/event_support.rb
+- app/models/concerns/webhooks/outgoing/issuing_model.rb
+- app/models/concerns/webhooks/outgoing/team_support.rb
+- app/models/concerns/webhooks/outgoing/uri_filtering.rb
+- app/models/webhooks.rb
+- app/models/webhooks/outgoing.rb
+- app/models/webhooks/outgoing/delivery.rb
+- app/models/webhooks/outgoing/delivery_attempt.rb
+- app/models/webhooks/outgoing/endpoint.rb
+- app/models/webhooks/outgoing/event.rb
+- app/models/webhooks/outgoing/event_type.rb
 - app/views/account/webhooks/outgoing/deliveries/_breadcrumbs.html.erb
 - app/views/account/webhooks/outgoing/deliveries/_delivery.json.jbuilder
 - app/views/account/webhooks/outgoing/deliveries/_form.html.erb
@@ -78,6 +123,27 @@ files:
 - config/locales/en/webhooks/outgoing/endpoints.en.yml
 - config/locales/en/webhooks/outgoing/events.en.yml
 - config/routes.rb
+- db/migrate/20180420013127_create_webhooks_outgoing_endpoints.rb
+- db/migrate/20180420013505_create_webhooks_outgoing_endpoint_event_types.rb
+- db/migrate/20180420013852_create_webhooks_outgoing_event_types.rb
+- db/migrate/20180420014623_create_webhooks_outgoing_events.rb
+- db/migrate/20180420021016_create_webhooks_outgoing_deliveries.rb
+- db/migrate/20180420022027_add_team_to_webhooks_outgoing_events.rb
+- db/migrate/20180420165345_create_webhooks_outgoing_delivery_attempts.rb
+- db/migrate/20180420172112_add_error_message_to_webhooks_outgoing_delivery_attempt.rb
+- db/migrate/20181012234232_add_name_to_webhooks_outgoing_endpoints.rb
+- db/migrate/20181013030208_add_delivered_at_to_webhooks_outgoing_deliveries.rb
+- db/migrate/20181013165056_add_uuid_to_webhooks_outgoing_events.rb
+- db/migrate/20181013174539_add_payload_to_webhooks_outgoing_events.rb
+- db/migrate/20181013192951_add_attempt_number_to_webhooks_outgoing_delivery_attempts.rb
+- db/migrate/20210805060451_change_body_to_data_on_webhooks_outgoing_events.rb
+- db/migrate/20211126230846_add_event_type_ids_to_webhooks_outgoing_endpoints.rb
+- db/migrate/20211126230847_migrate_event_type_ids_on_webhooks_outgoing_endpoints.rb
+- db/migrate/20211127013539_remove_event_type_from_webhooks_outgoing_events.rb
+- db/migrate/20211127013800_add_new_event_type_id_to_webhooks_outgoing_events.rb
+- db/migrate/20211127014001_migrate_event_types_on_webhooks_outgoing_events.rb
+- db/migrate/20211127015712_drop_webhooks_outgoing_endpoint_event_types.rb
+- db/migrate/20211127015713_drop_webhooks_outgoing_event_types.rb
 - lib/bullet_train/outgoing_webhooks.rb
 - lib/bullet_train/outgoing_webhooks/engine.rb
 - lib/bullet_train/outgoing_webhooks/version.rb
@@ -103,8 +169,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.22
+rubygems_version: 3.3.7
 signing_key:
 specification_version: 4
-summary: Bullet Train Outgoing Webhooks
+summary: Allow users of your Rails application to subscribe and receive webhooks when
+  activity takes place in your application.
 test_files: []