RubyGems - bullet_train-outgoing_webhooks - Versions diffs - 1.0.3 → 1.1.0 - Mend

bullet_train-outgoing_webhooks 1.0.3 → 1.1.0

Files changed (53) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fd1762f370294c608f481e2b2b1ad2782d550180860a2932cda6e926b6400e4a
-  data.tar.gz: 4f8f18c48c13adbc8f1df26e7eb718572db33c3c8e2c9dd9712c77f6c8467e34
+  metadata.gz: 067e22f503dd4bf72b809ba6cd0d0e43d3930a50876a2bc5c846bc186700a3ff
+  data.tar.gz: fbddcd29981bdb80d81c7a66ed0fb15ef36d971ebeaf7eab50b4e8ae9d54fe99
 SHA512:
-  metadata.gz: 0541cf59eb0f505f0bf21ec0cce2a38bb25157f4e42fb568a1b8d9a9baf064b92fe0bb8261503546d0cab15e6a30ac81d447753f96bdc66b2591438117541643
-  data.tar.gz: 5620e58172c9eecfb6efcf7cde46b38d28d834256bf6e4346b6369d08a23dfa90155e69ae3c3ae466c3aa7ccb85ac6bd1f078e6ec164028ae06b0b18806045b2
+  metadata.gz: 20128e3bb542c2e40d0b93d331a8e0e5bec6cca33ec5b6a2ceaf0e2cbbb8fd155150c40cf82cd89aaedcc1242bce7a8cd5a8c571ff0cc2bd22d0348057b0ff04
+  data.tar.gz: b4ace453d0be7351e0ce89e9fc451a492c3e8fc11f4b5270c57012494caefba063cd7577f875bb5dccde9a46a9a17a4b188c4393e0926d2999978d9d992163ec

data/MIT-LICENSE CHANGED Viewed

@@ -1,4 +1,4 @@
-Copyright 2022 Andrew Culver
+Copyright 2022 Bullet Train, Inc.
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/app/assets/config/{bullet_train_outgoing_webhooks_web_manifest.js → bullet_train_outgoing_webhooks_manifest.js} RENAMED Viewed

File without changes

data/app/controllers/account/webhooks/outgoing/endpoints_controller.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 class Account::Webhooks::Outgoing::EndpointsController < Account::ApplicationController
-  account_load_and_authorize_resource :endpoint, through: :team, through_association: :webhooks_outgoing_endpoints
+  account_load_and_authorize_resource :endpoint, through: BulletTrain::OutgoingWebhooks.parent_association, through_association: :webhooks_outgoing_endpoints
+  before_action { @parent = instance_variable_get("@#{BulletTrain::OutgoingWebhooks.parent_association}") }
   # GET /account/teams/:team_id/webhooks/outgoing/endpoints
   # GET /account/teams/:team_id/webhooks/outgoing/endpoints.json
@@ -26,7 +27,7 @@ class Account::Webhooks::Outgoing::EndpointsController < Account::ApplicationCon
   def create
     respond_to do |format|
       if @endpoint.save
-        format.html { redirect_to [:account, @team, :webhooks_outgoing_endpoints], notice: I18n.t("webhooks/outgoing/endpoints.notifications.created") }
+        format.html { redirect_to [:account, @parent, :webhooks_outgoing_endpoints], notice: I18n.t("webhooks/outgoing/endpoints.notifications.created") }
         format.json { render :show, status: :created, location: [:account, @endpoint] }
       else
         format.html { render :new, status: :unprocessable_entity }
@@ -54,7 +55,7 @@ class Account::Webhooks::Outgoing::EndpointsController < Account::ApplicationCon
   def destroy
     @endpoint.destroy
     respond_to do |format|
-      format.html { redirect_to [:account, @team, :webhooks_outgoing_endpoints], notice: I18n.t("webhooks/outgoing/endpoints.notifications.destroyed") }
+      format.html { redirect_to [:account, @parent, :webhooks_outgoing_endpoints], notice: I18n.t("webhooks/outgoing/endpoints.notifications.destroyed") }
       format.json { head :no_content }
     end
   end

data/app/jobs/webhooks/outgoing/delivery_job.rb ADDED Viewed

@@ -0,0 +1,7 @@
+class Webhooks::Outgoing::DeliveryJob < ApplicationJob
+  queue_as :default
+  def perform(delivery)
+    delivery.deliver
+  end
+end

data/app/jobs/webhooks/outgoing/generate_job.rb ADDED Viewed

@@ -0,0 +1,7 @@
+class Webhooks::Outgoing::GenerateJob < ApplicationJob
+  queue_as :default
+  def perform(obj, action)
+    obj.generate_webhook_perform(action)
+  end
+end

data/app/models/concerns/webhooks/outgoing/delivery_attempt_support.rb ADDED Viewed

@@ -0,0 +1,64 @@
+module Webhooks::Outgoing::DeliveryAttemptSupport
+  extend ActiveSupport::Concern
+  include Webhooks::Outgoing::UriFiltering
+  SUCCESS_RESPONSE_CODES = [200, 201, 202, 203, 204, 205, 206, 207, 226].freeze
+  included do
+    belongs_to :delivery
+    has_one :team, through: :delivery unless BulletTrain::OutgoingWebhooks.parent_class_specified?
+    scope :successful, -> { where(response_code: SUCCESS_RESPONSE_CODES) }
+    before_create do
+      self.attempt_number = delivery.attempt_count + 1
+    end
+    validates :response_code, presence: true
+  end
+  def still_attempting?
+    error_message.nil? && response_code.nil?
+  end
+  def successful?
+    SUCCESS_RESPONSE_CODES.include?(response_code)
+  end
+  def failed?
+    !(successful? || still_attempting?)
+  end
+  def attempt
+    uri = URI.parse(delivery.endpoint_url)
+    unless allowed_uri?(uri)
+      self.response_code = 0
+      self.error_message = "URI is not allowed: " + uri
+      return false
+    end
+    http = Net::HTTP.new(resolve_ip_from_authoritative(uri.hostname.downcase), uri.port)
+    http.use_ssl = true if uri.scheme == "https"
+    request = Net::HTTP::Post.new(uri.path)
+    request.add_field("Host", uri.host)
+    request.add_field("Content-Type", "application/json")
+    request.body = delivery.event.payload.to_json
+    begin
+      response = http.request(request)
+      self.response_message = response.message
+      self.response_code = response.code
+      self.response_body = response.body
+    rescue => exception
+      self.response_code = 0
+      self.error_message = exception.message
+    end
+    save
+    successful?
+  end
+  def label_string
+    "#{attempt_number.ordinalize} Attempt"
+  end
+end

data/app/models/concerns/webhooks/outgoing/delivery_support.rb ADDED Viewed

@@ -0,0 +1,66 @@
+module Webhooks::Outgoing::DeliverySupport
+  extend ActiveSupport::Concern
+  included do
+    belongs_to :endpoint, class_name: "Webhooks::Outgoing::Endpoint"
+    belongs_to :event, class_name: "Webhooks::Outgoing::Event"
+    has_one :team, through: :endpoint unless BulletTrain::OutgoingWebhooks.parent_class_specified?
+    has_many :delivery_attempts, class_name: "Webhooks::Outgoing::DeliveryAttempt", dependent: :destroy, foreign_key: :delivery_id
+  end
+  ATTEMPT_SCHEDULE = {
+    1 => 15.seconds,
+    2 => 1.minute,
+    3 => 5.minutes,
+    4 => 15.minutes,
+    5 => 1.hour,
+  }
+  def label_string
+    event.short_uuid
+  end
+  def next_reattempt_delay
+    ATTEMPT_SCHEDULE[attempt_count]
+  end
+  def deliver_async
+    if still_attempting?
+      Webhooks::Outgoing::DeliveryJob.set(wait: next_reattempt_delay).perform_later(self)
+    end
+  end
+  def deliver
+    if delivery_attempts.create.attempt
+      touch(:delivered_at)
+    else
+      deliver_async
+    end
+  end
+  def attempt_count
+    delivery_attempts.count
+  end
+  def delivered?
+    delivered_at.present?
+  end
+  def still_attempting?
+    return false if delivered?
+    attempt_count < max_attempts
+  end
+  def failed?
+    !(delivered? || still_attempting?)
+  end
+  def name
+    event.short_uuid
+  end
+  def max_attempts
+    ATTEMPT_SCHEDULE.keys.max
+  end
+end

data/app/models/concerns/webhooks/outgoing/endpoint_support.rb ADDED Viewed

@@ -0,0 +1,37 @@
+module Webhooks::Outgoing::EndpointSupport
+  extend ActiveSupport::Concern
+  include Webhooks::Outgoing::UriFiltering
+  included do
+    belongs_to BulletTrain::OutgoingWebhooks.parent_association
+    has_many :deliveries, class_name: "Webhooks::Outgoing::Delivery", dependent: :destroy, foreign_key: :endpoint_id
+    has_many :events, -> { distinct }, through: :deliveries
+    scope :listening_for_event_type_id, ->(event_type_id) { where("event_type_ids @> ? OR event_type_ids = '[]'::jsonb", "\"#{event_type_id}\"") }
+    validates :name, presence: true
+    before_validation { url&.strip! }
+    validates :url, presence: true, allowed_uri: true
+    after_initialize do
+      self.event_type_ids ||= []
+    end
+    after_save :touch_parent
+  end
+  def valid_event_types
+    Webhooks::Outgoing::EventType.all
+  end
+  def event_types
+    event_type_ids.map { |id| Webhooks::Outgoing::EventType.find(id) }
+  end
+  def touch_parent
+    send(BulletTrain::OutgoingWebhooks.parent_association).touch
+  end
+end

data/app/models/concerns/webhooks/outgoing/event_support.rb ADDED Viewed

@@ -0,0 +1,45 @@
+module Webhooks::Outgoing::EventSupport
+  extend ActiveSupport::Concern
+  include HasUuid
+  included do
+    belongs_to BulletTrain::OutgoingWebhooks.parent_association
+    belongs_to :event_type, class_name: "Webhooks::Outgoing::EventType"
+    belongs_to :subject, polymorphic: true
+    has_many :deliveries, dependent: :destroy
+    before_create do
+      self.payload = generate_payload
+    end
+  end
+  def generate_payload
+    {
+      event_id: uuid,
+      event_type: event_type_id,
+      subject_id: subject_id,
+      subject_type: subject_type,
+      data: data
+    }
+  end
+  def event_type_name
+    payload.dig("event_type")
+  end
+  def endpoints
+    send(BulletTrain::OutgoingWebhooks.parent_association).webhooks_outgoing_endpoints.listening_for_event_type_id(event_type_id)
+  end
+  def deliver
+    endpoints.each do |endpoint|
+      unless endpoint.deliveries.where(event: self).any?
+        endpoint.deliveries.create(event: self, endpoint_url: endpoint.url).deliver_async
+      end
+    end
+  end
+  def label_string
+    short_uuid
+  end
+end

data/app/models/concerns/webhooks/outgoing/issuing_model.rb ADDED Viewed

@@ -0,0 +1,69 @@
+module Webhooks::Outgoing::IssuingModel
+  extend ActiveSupport::Concern
+  # define relationships.
+  included do
+    after_commit :generate_created_webhook, on: [:create]
+    after_commit :generate_updated_webhook, on: [:update]
+    after_commit :generate_deleted_webhook, on: [:destroy]
+    has_many :webhooks_outgoing_events, as: :subject, class_name: "Webhooks::Outgoing::Event", dependent: :nullify
+  end
+  def skip_generate_webhook?(action)
+    false
+  end
+  def parent
+    return unless respond_to? BulletTrain::OutgoingWebhooks.parent_association
+    send(BulletTrain::OutgoingWebhooks.parent_association)
+  end
+  def generate_webhook(action, async: true)
+    # allow individual models to opt out of generating webhooks
+    return if skip_generate_webhook?(action)
+    # we can only generate webhooks for objects that return their their team / parent.
+    return unless parent.present?
+    # Try to find an event type definition for this action.
+    event_type = Webhooks::Outgoing::EventType.find_by(id: "#{self.class.name.underscore}.#{action}")
+    # If the event type is defined as one that people can be subscribed to,
+    # and this object has a parent where an associated outgoing webhooks endpoint could be registered.
+    if event_type
+      # Only generate an event record if an endpoint is actually listening for this event type.
+      if parent.endpoints_listening_for_event_type?(event_type)
+        if async
+          # serialization can be heavy so run it as a job
+          Webhooks::Outgoing::GenerateJob.perform_later(self, action)
+        else
+          generate_webhook_perform(action)
+        end
+      end
+    end
+  end
+  def generate_webhook_perform(action)
+    event_type = Webhooks::Outgoing::EventType.find_by(id: "#{self.class.name.underscore}.#{action}")
+    # TODO This is crazy that we generate JSON just to parse it. Can't be good for performance.
+    # Does Jbuilder support generating a hash instead of a JSON string?
+    data = JSON.parse(to_api_json)
+    webhook = send(BulletTrain::OutgoingWebhooks.parent_association).webhooks_outgoing_events.create(event_type_id: event_type.id, subject: self, data: data)
+    webhook.deliver
+  end
+  def generate_created_webhook
+    generate_webhook(:created)
+  end
+  def generate_updated_webhook
+    generate_webhook(:updated)
+  end
+  def generate_deleted_webhook
+    return false unless parent.present?
+    return false if parent.being_destroyed?
+    generate_webhook(:deleted, async: false)
+  end
+end

data/app/models/concerns/webhooks/outgoing/team_support.rb ADDED Viewed

@@ -0,0 +1,31 @@
+module Webhooks::Outgoing::TeamSupport
+  extend ActiveSupport::Concern
+  included do
+    has_many :webhooks_outgoing_endpoints, class_name: "Webhooks::Outgoing::Endpoint", dependent: :destroy
+    has_many :webhooks_outgoing_events, class_name: "Webhooks::Outgoing::Event", dependent: :destroy
+    before_destroy :mark_for_destruction, prepend: true
+  end
+  def should_cache_endpoints_listening_for_event_type?
+    true
+  end
+  def endpoints_listening_for_event_type?(event_type)
+    if should_cache_endpoints_listening_for_event_type?
+      key = "#{cache_key_with_version}/endpoints_for_event_type/#{event_type.cache_key}"
+      Rails.cache.fetch(key, expires_in: 24.hours, race_condition_ttl: 5.seconds) do
+        webhooks_outgoing_endpoints.listening_for_event_type_id(event_type.id).any?
+      end
+    else
+      webhooks_outgoing_endpoints.listening_for_event_type_id(event_type.id).any?
+    end
+  end
+  def mark_for_destruction
+    # This allows downstream logic to check whether a team is being destroyed in order to bypass webhook issuance.
+    update_column(:being_destroyed, true)
+  end
+end

data/app/models/concerns/webhooks/outgoing/uri_filtering.rb ADDED Viewed

@@ -0,0 +1,149 @@
+require "resolv"
+require "public_suffix"
+module Webhooks::Outgoing::UriFiltering
+  extend ActiveSupport::Concern
+  # WEBHOOK SECURITY PRIMER
+  # =============================================================================
+  # Outgoing webhooks can be dangerous. By allowing your users to set
+  # up outgoing webhooks, you"re giving them permission to call arbitrary
+  # URLs from your server, including URLs that could represent resources
+  # internal to your company. Malicious actors can use this permission to
+  # examine your infrastructure, call internal APIs, and generally cause
+  # havok.
+  # This module attempts to block malicious actors with the following algorithm
+  #   1. Block anything but http and https requests
+  #   2. Block or allow defined hostnames, both regex and strings
+  #   3. Block if `custom_block_callback` returns true (args: self, uri)
+  #   4. Allow if `custom_allow_callback` returns true (args: self, uri)
+  #   5. Resolve the IP associated with the webhook"s host directly from
+  #      the authoritative name server for the host"s domain. This IP
+  #      is cached for the returned DNS TTL
+  #   6. Match the given IP against lists of allowed and blocked cidr ranges.
+  #      The blocked list by default includes all of the defined private address
+  #      ranges, localhost, the private IPv6 prefix, and the AWS metadata
+  #      API endpoint.
+  # If at any point a URI is determined to be blocked we call `audit_callback`
+  # (args: self, uri) so it can be logged for auditing.
+  # We resolve the IP from the authoritative name server directly so we can avoid
+  # certain classes of DNS poisoning attacks.
+  # Users of this gem are _strongly_ enouraged to add additional cidr ranges
+  # and hostnames to the appropriate lists and/or implement `custom_block_callback`.
+  # At the very least you should add the public hostname that your
+  # application uses to the blocked_hostnames list.
+  class AllowedUriValidator < ActiveModel::EachValidator
+    def validate_each(record, attribute, value)
+      uri = URI.parse(value)
+      unless record.allowed_uri?(uri)
+        record.errors.add attribute, "is not an allowed uri"
+      end
+    end
+  end
+  def resolve_ip_from_authoritative(hostname)
+    begin
+      ip = IPAddr.new(hostname)
+      return ip.to_s
+    rescue IPAddr::InvalidAddressError
+      # this is fine, proceed with resolver path
+    end
+    cache_key = "#{cache_key_with_version}/uri_ip/#{Digest::SHA2.hexdigest(hostname)}"
+    cached = Rails.cache.read(cache_key)
+    if cached
+      return cached == "invalid" ? nil : cached
+    end
+    begin
+      # This is sort of a half-recursive DNS resolver.
+      # We can't implement a full recursive resolver using just Resolv::DNS so instead
+      # this asks a public cache for the NS record for the given domain. Then it asks
+      # the authoritative nameserver directly for the address and caches it according
+      # to the returned TTL.
+      config = Rails.configuration.outgoing_webhooks
+      ns_resolver = Resolv::DNS.new(nameserver: config[:public_resolvers])
+      ns_resolver.timeouts = 1
+      domain = PublicSuffix.domain(hostname)
+      authoritative = ns_resolver.getresource(domain, Resolv::DNS::Resource::IN::NS)
+      authoritative_resolver = Resolv::DNS.new(nameserver: [authoritative.name.to_s])
+      authoritative_resolver.timeouts = 1
+      resource = authoritative_resolver.getresource(hostname, Resolv::DNS::Resource::IN::A)
+      Rails.cache.write(cache_key, resource.address.to_s, expires_in: resource.ttl, race_condition_ttl: 5)
+      resource.address.to_s
+    rescue IPAddr::InvalidAddressError, ArgumentError # standard:disable Lint/ShadowedException
+      Rails.cache.write(cache_key, "invalid", expires_in: 10.minutes, race_condition_ttl: 5)
+      nil
+    end
+  end
+  def allowed_uri?(uri)
+    unless _allowed_uri?(uri)
+      config = Rails.configuration.outgoing_webhooks
+      if config[:audit_callback].present?
+        config[:audit_callback].call(self, uri)
+      end
+      return false
+    end
+    true
+  end
+  def _allowed_uri?(uri)
+    config = Rails.configuration.outgoing_webhooks
+    hostname = uri.hostname.downcase
+    return false unless config[:allowed_schemes].include?(uri.scheme)
+    config[:blocked_hostnames].each do |blocked|
+      if blocked.is_a?(Regexp)
+        return false if blocked.match?(hostname)
+      end
+      return false if blocked == hostname
+    end
+    config[:allowed_hostnames].each do |allowed|
+      if allowed.is_a?(Regexp)
+        return true if allowed.match?(hostname)
+      end
+      return true if allowed == hostname
+    end
+    if config[:custom_allow_callback].present?
+      return true if config[:custom_allow_callback].call(self, uri)
+    end
+    if config[:custom_block_callback].present?
+      return false if config[:custom_block_callback].call(self, uri)
+    end
+    resolved_ip = resolve_ip_from_authoritative(hostname)
+    return false if resolved_ip.nil?
+    begin
+      config[:allowed_cidrs].each do |cidr|
+        return true if IPAddr.new(cidr).include?(resolved_ip)
+      end
+      config[:blocked_cidrs].each do |cidr|
+        return false if IPAddr.new(cidr).include?(resolved_ip)
+      end
+    rescue IPAddr::InvalidAddressError
+      return false
+    end
+    true
+  end
+end

data/app/models/webhooks/outgoing/delivery.rb ADDED Viewed

@@ -0,0 +1,20 @@
+class Webhooks::Outgoing::Delivery < BulletTrain::OutgoingWebhooks.base_class.constantize
+  include Webhooks::Outgoing::DeliverySupport
+  # 🚅 add concerns above.
+  # 🚅 add belongs_to associations above.
+  # 🚅 add has_many associations above.
+  # 🚅 add has_one associations above.
+  # 🚅 add scopes above.
+  # 🚅 add validations above.
+  # 🚅 add callbacks above.
+  # 🚅 add delegations above.
+  # 🚅 add methods above.
+end

data/app/models/webhooks/outgoing/delivery_attempt.rb ADDED Viewed

@@ -0,0 +1,20 @@
+class Webhooks::Outgoing::DeliveryAttempt < BulletTrain::OutgoingWebhooks.base_class.constantize
+  include Webhooks::Outgoing::DeliveryAttemptSupport
+  # 🚅 add concerns above.
+  # 🚅 add belongs_to associations above.
+  # 🚅 add has_many associations above.
+  # 🚅 add has_one associations above.
+  # 🚅 add scopes above.
+  # 🚅 add validations above.
+  # 🚅 add callbacks above.
+  # 🚅 add delegations above.
+  # 🚅 add methods above.
+end

data/app/models/webhooks/outgoing/endpoint.rb ADDED Viewed

@@ -0,0 +1,20 @@
+class Webhooks::Outgoing::Endpoint < BulletTrain::OutgoingWebhooks.base_class.constantize
+  include Webhooks::Outgoing::EndpointSupport
+  # 🚅 add concerns above.
+  # 🚅 add belongs_to associations above.
+  # 🚅 add has_many associations above.
+  # 🚅 add has_one associations above.
+  # 🚅 add scopes above.
+  # 🚅 add validations above.
+  # 🚅 add callbacks above.
+  # 🚅 add delegations above.
+  # 🚅 add methods above.
+end

data/app/models/webhooks/outgoing/event.rb ADDED Viewed

@@ -0,0 +1,3 @@
+class Webhooks::Outgoing::Event < BulletTrain::OutgoingWebhooks.base_class.constantize
+  include Webhooks::Outgoing::EventSupport
+end

data/app/models/webhooks/outgoing/event_type.rb ADDED Viewed

@@ -0,0 +1,13 @@
+class Webhooks::Outgoing::EventType < ApplicationHash
+  self.data = YAML.load_file("config/models/webhooks/outgoing/event_types.yml").map do |topic, events|
+    events.map { |event| event == "crud" ? ["created", "updated", "deleted"] : event }.flatten.map { |event| {id: "#{topic}.#{event}"} }
+  end.flatten
+  def label_string
+    name
+  end
+  def name
+    id
+  end
+end

data/app/models/webhooks/outgoing.rb ADDED Viewed

@@ -0,0 +1,5 @@
+module Webhooks::Outgoing
+  def self.table_name_prefix
+    "webhooks_outgoing_"
+  end
+end

data/app/models/webhooks.rb ADDED Viewed

@@ -0,0 +1,5 @@
+module Webhooks
+  def self.table_name_prefix
+    "webhooks_"
+  end
+end

data/app/views/account/webhooks/outgoing/deliveries/_menu_item.html.erb CHANGED Viewed

@@ -1,6 +1,6 @@
-<% if can? :read, Webhooks::Outgoing::Delivery.new(team: current_team) %>
+<% if can? :read, Webhooks::Outgoing::Delivery.new(BulletTrain::OutgoingWebhooks.parent_association => send(BulletTrain::OutgoingWebhooks.current_parent_method)) %>
   <%= render 'account/shared/menu/item', {
-    url: main_app.polymorphic_path([:account, current_team, :webhooks_outgoing_deliveries]),
+    url: main_app.polymorphic_path([:account, send(BulletTrain::OutgoingWebhooks.current_parent_method), :webhooks_outgoing_deliveries]),
     label: t('webhooks/outgoing/deliveries.navigation.label'),
   } do |p| %>
     <% p.content_for :icon do %>

data/app/views/account/webhooks/outgoing/delivery_attempts/_menu_item.html.erb CHANGED Viewed

@@ -1,6 +1,6 @@
-<% if can? :read, Webhooks::Outgoing::DeliveryAttempt.new(team: current_team) %>
+<% if can? :read, Webhooks::Outgoing::DeliveryAttempt.new(BulletTrain::OutgoingWebhooks.parent_association => send(BulletTrain::OutgoingWebhooks.current_parent_method)) %>
   <%= render 'account/shared/menu/item', {
-    url: main_app.polymorphic_path([:account, current_team, :webhooks_outgoing_delivery_attempts]),
+    url: main_app.polymorphic_path([:account, send(BulletTrain::OutgoingWebhooks.current_parent_method), :webhooks_outgoing_delivery_attempts]),
     label: t('webhooks/outgoing/delivery_attempts.navigation.label'),
   } do |p| %>
     <% p.content_for :icon do %>

data/app/views/account/webhooks/outgoing/endpoints/_breadcrumbs.html.erb CHANGED Viewed

@@ -1,5 +1,5 @@
 <% endpoint ||= @endpoint %>
-<% team ||= @team || endpoint&.team %>
+<% team ||= @parent || endpoint&.send(BulletTrain::OutgoingWebhooks.parent_association) %>
 <%= render 'account/teams/breadcrumbs', team: team %>
 <%= render 'account/shared/breadcrumb', label: t('.label'), url: [:account, team, :webhooks_outgoing_endpoints] %>
 <% if endpoint&.persisted? %>

data/app/views/account/webhooks/outgoing/endpoints/_form.html.erb CHANGED Viewed

@@ -1,4 +1,4 @@
-<%= form_with model: endpoint, url: (endpoint.persisted? ? [:account, endpoint] : [:account, @team, :webhooks_outgoing_endpoints]), local: true, class: 'form' do |form| %>
+<%= form_with model: endpoint, url: (endpoint.persisted? ? [:account, endpoint] : [:account, @parent, :webhooks_outgoing_endpoints]), local: true, class: 'form' do |form| %>
   <%= render 'account/shared/forms/errors', form: form %>
   <% with_field_settings form: form do %>
@@ -14,7 +14,7 @@
     <% if form.object.persisted? %>
     <%= link_to t('global.buttons.cancel'), [:account, endpoint], class: "button-secondary" %>
     <% else %>
-    <%= link_to t('global.buttons.cancel'), [:account, @team, :webhooks_outgoing_endpoints], class: "button-secondary" %>
+    <%= link_to t('global.buttons.cancel'), [:account, @parent, :webhooks_outgoing_endpoints], class: "button-secondary" %>
     <% end %>
   </div>

data/app/views/account/webhooks/outgoing/endpoints/_index.html.erb CHANGED Viewed

@@ -1,4 +1,4 @@
-<% team = @team || @team %>
+<% team = @parent %>
 <% context ||= team %>
 <% collection ||= :webhooks_outgoing_endpoints %>
 <% hide_actions ||= false %>
@@ -49,8 +49,8 @@
   <% p.content_for :actions do %>
     <% unless hide_actions %>
       <% if context == team %>
-        <% if can? :create, Webhooks::Outgoing::Endpoint.new(team: team) %>
-          <%= link_to t('.buttons.new'), [:new, :account, team, :webhooks_outgoing_endpoint], class: "#{first_button_primary(:webhooks_outgoing_endpoint)} new" %>
+        <% if can? :create, Webhooks::Outgoing::Endpoint.new(BulletTrain::OutgoingWebhooks.parent_association => @parent) %>
+          <%= link_to t('.buttons.new'), [:new, :account, @parent, :webhooks_outgoing_endpoint], class: "#{first_button_primary(:webhooks_outgoing_endpoint)} new" %>
         <% end %>
       <% end %>

data/app/views/account/webhooks/outgoing/endpoints/_menu_item.html.erb CHANGED Viewed

@@ -1,6 +1,6 @@
-<% if can? :read, Webhooks::Outgoing::Endpoint.new(team: current_team) %>
+<% if can? :read, Webhooks::Outgoing::Endpoint.new(BulletTrain::OutgoingWebhooks.parent_association => send(BulletTrain::OutgoingWebhooks.current_parent_method)) %>
   <%= render 'account/shared/menu/item', {
-    url: main_app.polymorphic_path([:account, current_team, :webhooks_outgoing_endpoints]),
+    url: main_app.polymorphic_path([:account, send(BulletTrain::OutgoingWebhooks.current_parent_method), :webhooks_outgoing_endpoints]),
     label: t('webhooks/outgoing/endpoints.navigation.label'),
   } do |p| %>
     <% p.content_for :icon do %>

data/app/views/account/webhooks/outgoing/endpoints/show.html.erb CHANGED Viewed

@@ -32,7 +32,7 @@
       <% p.content_for :actions do %>
         <%= link_to t('.buttons.edit'), [:edit, :account, @endpoint], class: first_button_primary if can? :edit, @endpoint %>
         <%= button_to t('.buttons.destroy'), [:account, @endpoint], method: :delete, class: first_button_primary, data: { confirm: t('.buttons.confirmations.destroy', model_locales(@endpoint)) } if can? :destroy, @endpoint %>
-        <%= link_to t('global.buttons.back'), [:account, @team, :webhooks_outgoing_endpoints], class: first_button_primary %>
+        <%= link_to t('global.buttons.back'), [:account, @parent, :webhooks_outgoing_endpoints], class: first_button_primary %>
       <% end %>
     <% end %>

data/config/routes.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 Rails.application.routes.draw do
   namespace :account do
     shallow do
-      resources :teams do
+      resources BulletTrain::OutgoingWebhooks.parent_resource do
         namespace :webhooks do
           namespace :outgoing do
             resources :events

data/db/migrate/20180420013127_create_webhooks_outgoing_endpoints.rb ADDED Viewed

@@ -0,0 +1,10 @@
+class CreateWebhooksOutgoingEndpoints < ActiveRecord::Migration[5.2]
+  def change
+    create_table :webhooks_outgoing_endpoints do |t|
+      t.references :team, foreign_key: true
+      t.text :url
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20180420013505_create_webhooks_outgoing_endpoint_event_types.rb ADDED Viewed

@@ -0,0 +1,10 @@
+class CreateWebhooksOutgoingEndpointEventTypes < ActiveRecord::Migration[5.2]
+  def change
+    create_table :webhooks_outgoing_endpoint_event_types do |t|
+      t.integer :endpoint_id
+      t.integer :event_type_id
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20180420013852_create_webhooks_outgoing_event_types.rb ADDED Viewed

@@ -0,0 +1,9 @@
+class CreateWebhooksOutgoingEventTypes < ActiveRecord::Migration[5.2]
+  def change
+    create_table :webhooks_outgoing_event_types do |t|
+      t.string :name
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20180420014623_create_webhooks_outgoing_events.rb ADDED Viewed

@@ -0,0 +1,12 @@
+class CreateWebhooksOutgoingEvents < ActiveRecord::Migration[5.2]
+  def change
+    create_table :webhooks_outgoing_events do |t|
+      t.integer :event_type_id
+      t.integer :subject_id
+      t.string :subject_type
+      t.jsonb :body
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20180420021016_create_webhooks_outgoing_deliveries.rb ADDED Viewed

@@ -0,0 +1,11 @@
+class CreateWebhooksOutgoingDeliveries < ActiveRecord::Migration[5.2]
+  def change
+    create_table :webhooks_outgoing_deliveries do |t|
+      t.integer :endpoint_id
+      t.integer :event_id
+      t.text :endpoint_url
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20180420022027_add_team_to_webhooks_outgoing_events.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddTeamToWebhooksOutgoingEvents < ActiveRecord::Migration[5.2]
+  def change
+    add_reference :webhooks_outgoing_events, :team, foreign_key: true
+  end
+end

data/db/migrate/20180420165345_create_webhooks_outgoing_delivery_attempts.rb ADDED Viewed

@@ -0,0 +1,11 @@
+class CreateWebhooksOutgoingDeliveryAttempts < ActiveRecord::Migration[5.2]
+  def change
+    create_table :webhooks_outgoing_delivery_attempts do |t|
+      t.integer :delivery_id
+      t.integer :response_code
+      t.text :response_body
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20180420172112_add_error_message_to_webhooks_outgoing_delivery_attempt.rb ADDED Viewed

@@ -0,0 +1,6 @@
+class AddErrorMessageToWebhooksOutgoingDeliveryAttempt < ActiveRecord::Migration[5.2]
+  def change
+    add_column :webhooks_outgoing_delivery_attempts, :response_message, :text
+    add_column :webhooks_outgoing_delivery_attempts, :error_message, :text
+  end
+end

data/db/migrate/20181012234232_add_name_to_webhooks_outgoing_endpoints.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddNameToWebhooksOutgoingEndpoints < ActiveRecord::Migration[5.2]
+  def change
+    add_column :webhooks_outgoing_endpoints, :name, :string
+  end
+end

data/db/migrate/20181013030208_add_delivered_at_to_webhooks_outgoing_deliveries.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddDeliveredAtToWebhooksOutgoingDeliveries < ActiveRecord::Migration[5.2]
+  def change
+    add_column :webhooks_outgoing_deliveries, :delivered_at, :datetime
+  end
+end

data/db/migrate/20181013165056_add_uuid_to_webhooks_outgoing_events.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddUuidToWebhooksOutgoingEvents < ActiveRecord::Migration[5.2]
+  def change
+    add_column :webhooks_outgoing_events, :uuid, :string
+  end
+end

data/db/migrate/20181013174539_add_payload_to_webhooks_outgoing_events.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddPayloadToWebhooksOutgoingEvents < ActiveRecord::Migration[5.2]
+  def change
+    add_column :webhooks_outgoing_events, :payload, :jsonb
+  end
+end

data/db/migrate/20181013192951_add_attempt_number_to_webhooks_outgoing_delivery_attempts.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddAttemptNumberToWebhooksOutgoingDeliveryAttempts < ActiveRecord::Migration[5.2]
+  def change
+    add_column :webhooks_outgoing_delivery_attempts, :attempt_number, :integer
+  end
+end

data/db/migrate/20210805060451_change_body_to_data_on_webhooks_outgoing_events.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class ChangeBodyToDataOnWebhooksOutgoingEvents < ActiveRecord::Migration[6.1]
+  def change
+    rename_column :webhooks_outgoing_events, :body, :data
+  end
+end

data/db/migrate/20211126230846_add_event_type_ids_to_webhooks_outgoing_endpoints.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddEventTypeIdsToWebhooksOutgoingEndpoints < ActiveRecord::Migration[6.1]
+  def change
+    add_column :webhooks_outgoing_endpoints, :event_type_ids, :jsonb, default: []
+  end
+end

data/db/migrate/20211126230847_migrate_event_type_ids_on_webhooks_outgoing_endpoints.rb ADDED Viewed

@@ -0,0 +1,8 @@
+class MigrateEventTypeIdsOnWebhooksOutgoingEndpoints < ActiveRecord::Migration[6.1]
+  def change
+    Webhooks::Outgoing::Endpoint.find_each do |endpoint|
+      event_type_ids = ActiveRecord::Base.connection.execute("SELECT * FROM webhooks_outgoing_endpoint_event_types JOIN webhooks_outgoing_event_types ON webhooks_outgoing_endpoint_event_types.event_type_id = webhooks_outgoing_event_types.id WHERE endpoint_id = #{endpoint.id}").to_a.map { |result| result.dig("name") }
+      endpoint.update(event_type_ids: event_type_ids)
+    end
+  end
+end

data/db/migrate/20211127013539_remove_event_type_from_webhooks_outgoing_events.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class RemoveEventTypeFromWebhooksOutgoingEvents < ActiveRecord::Migration[6.1]
+  def change
+    remove_reference :webhooks_outgoing_events, :event_type, null: false, foreign_key: false
+  end
+end

data/db/migrate/20211127013800_add_new_event_type_id_to_webhooks_outgoing_events.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddNewEventTypeIdToWebhooksOutgoingEvents < ActiveRecord::Migration[6.1]
+  def change
+    add_column :webhooks_outgoing_events, :event_type_id, :string
+  end
+end

data/db/migrate/20211127014001_migrate_event_types_on_webhooks_outgoing_events.rb ADDED Viewed

@@ -0,0 +1,10 @@
+class MigrateEventTypesOnWebhooksOutgoingEvents < ActiveRecord::Migration[6.1]
+  def up
+    Webhooks::Outgoing::Event.find_each do |event|
+      event.update_column(:event_type_id, event.payload.dig("event_type"))
+    end
+  end
+  def down
+  end
+end

data/db/migrate/20211127015712_drop_webhooks_outgoing_endpoint_event_types.rb ADDED Viewed

@@ -0,0 +1,9 @@
+class DropWebhooksOutgoingEndpointEventTypes < ActiveRecord::Migration[6.1]
+  def up
+    drop_table :webhooks_outgoing_endpoint_event_types
+  end
+  def down
+    raise ActiveRecord::IrreversibleMigration
+  end
+end

data/db/migrate/20211127015713_drop_webhooks_outgoing_event_types.rb ADDED Viewed

@@ -0,0 +1,9 @@
+class DropWebhooksOutgoingEventTypes < ActiveRecord::Migration[6.1]
+  def up
+    drop_table :webhooks_outgoing_event_types
+  end
+  def down
+    raise ActiveRecord::IrreversibleMigration
+  end
+end

data/lib/bullet_train/outgoing_webhooks/engine.rb CHANGED Viewed

@@ -1,6 +1,30 @@
 module BulletTrain
   module OutgoingWebhooks
     class Engine < ::Rails::Engine
+      config.before_configuration do
+        default_blocked_cidrs = %w[
+          10.0.0.0/8
+          172.16.0.0/12
+          192.168.0.0/16
+          100.64.0.0/10
+          127.0.0.0/8
+          169.254.169.254/32
+          fc00::/7
+          ::1
+        ]
+        config.outgoing_webhooks = {
+          blocked_cidrs: default_blocked_cidrs,
+          allowed_cidrs: [],
+          blocked_hostnames: %w[localhost],
+          allowed_hostnames: [],
+          public_resolvers: %w[8.8.8.8 1.1.1.1],
+          allowed_schemes: %w[http https],
+          custom_block_callback: nil,
+          custom_allow_callback: nil,
+          audit_callback: ->(obj, uri) { Rails.logger.error("BlockedURI obj=#{obj.persisted? ? obj.to_global_id : "New #{obj.class}"} uri=#{uri}") }
+        }
+      end
     end
   end
 end

data/lib/bullet_train/outgoing_webhooks/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module BulletTrain
   module OutgoingWebhooks
-    VERSION = "1.0.3"
+    VERSION = "1.1.0"
   end
 end

data/lib/bullet_train/outgoing_webhooks.rb CHANGED Viewed

@@ -3,6 +3,31 @@ require "bullet_train/outgoing_webhooks/engine"
 module BulletTrain
   module OutgoingWebhooks
-    # Your code goes here...
+    def self.default_for(klass, method, default_value)
+      klass.respond_to?(method) ? klass.send(method) || default_value : default_value
+    end
+    mattr_accessor :parent_class, default: default_for(BulletTrain, :parent_class, "Team")
+    mattr_accessor :base_class, default: default_for(BulletTrain, :base_class, "ApplicationRecord")
+    def self.parent_association
+      parent_class.underscore.to_sym
+    end
+    def self.parent_resource
+      parent_class.underscore.pluralize.to_sym
+    end
+    def self.parent_class_specified?
+      parent_class != "Team"
+    end
+    def self.current_parent_method
+      "current_#{parent_association}"
+    end
+    def self.parent_association_id
+      "#{parent_association}_id".to_sym
+    end
   end
 end

metadata CHANGED Viewed

@@ -1,30 +1,59 @@
 --- !ruby/object:Gem::Specification
 name: bullet_train-outgoing_webhooks
 version: !ruby/object:Gem::Version
-  version: 1.0.3
+  version: 1.1.0
 platform: ruby
 authors:
 - Andrew Culver
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-01-23 00:00:00.000000000 Z
+date: 2022-09-02 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: standard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 7.0.0
+        version: 6.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 6.0.0
+- !ruby/object:Gem::Dependency
+  name: public_suffix
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 7.0.0
-description: Bullet Train Outgoing Webhooks
+        version: '0'
+description: Allow users of your Rails application to subscribe and receive webhooks
+  when activity takes place in your application.
 email:
 - andrew.culver@gmail.com
 executables: []
@@ -34,10 +63,26 @@ files:
 - MIT-LICENSE
 - README.md
 - Rakefile
-- app/assets/config/bullet_train_outgoing_webhooks_web_manifest.js
+- app/assets/config/bullet_train_outgoing_webhooks_manifest.js
 - app/controllers/account/webhooks/outgoing/deliveries_controller.rb
 - app/controllers/account/webhooks/outgoing/delivery_attempts_controller.rb
 - app/controllers/account/webhooks/outgoing/endpoints_controller.rb
+- app/jobs/webhooks/outgoing/delivery_job.rb
+- app/jobs/webhooks/outgoing/generate_job.rb
+- app/models/concerns/webhooks/outgoing/delivery_attempt_support.rb
+- app/models/concerns/webhooks/outgoing/delivery_support.rb
+- app/models/concerns/webhooks/outgoing/endpoint_support.rb
+- app/models/concerns/webhooks/outgoing/event_support.rb
+- app/models/concerns/webhooks/outgoing/issuing_model.rb
+- app/models/concerns/webhooks/outgoing/team_support.rb
+- app/models/concerns/webhooks/outgoing/uri_filtering.rb
+- app/models/webhooks.rb
+- app/models/webhooks/outgoing.rb
+- app/models/webhooks/outgoing/delivery.rb
+- app/models/webhooks/outgoing/delivery_attempt.rb
+- app/models/webhooks/outgoing/endpoint.rb
+- app/models/webhooks/outgoing/event.rb
+- app/models/webhooks/outgoing/event_type.rb
 - app/views/account/webhooks/outgoing/deliveries/_breadcrumbs.html.erb
 - app/views/account/webhooks/outgoing/deliveries/_delivery.json.jbuilder
 - app/views/account/webhooks/outgoing/deliveries/_form.html.erb
@@ -78,6 +123,27 @@ files:
 - config/locales/en/webhooks/outgoing/endpoints.en.yml
 - config/locales/en/webhooks/outgoing/events.en.yml
 - config/routes.rb
+- db/migrate/20180420013127_create_webhooks_outgoing_endpoints.rb
+- db/migrate/20180420013505_create_webhooks_outgoing_endpoint_event_types.rb
+- db/migrate/20180420013852_create_webhooks_outgoing_event_types.rb
+- db/migrate/20180420014623_create_webhooks_outgoing_events.rb
+- db/migrate/20180420021016_create_webhooks_outgoing_deliveries.rb
+- db/migrate/20180420022027_add_team_to_webhooks_outgoing_events.rb
+- db/migrate/20180420165345_create_webhooks_outgoing_delivery_attempts.rb
+- db/migrate/20180420172112_add_error_message_to_webhooks_outgoing_delivery_attempt.rb
+- db/migrate/20181012234232_add_name_to_webhooks_outgoing_endpoints.rb
+- db/migrate/20181013030208_add_delivered_at_to_webhooks_outgoing_deliveries.rb
+- db/migrate/20181013165056_add_uuid_to_webhooks_outgoing_events.rb
+- db/migrate/20181013174539_add_payload_to_webhooks_outgoing_events.rb
+- db/migrate/20181013192951_add_attempt_number_to_webhooks_outgoing_delivery_attempts.rb
+- db/migrate/20210805060451_change_body_to_data_on_webhooks_outgoing_events.rb
+- db/migrate/20211126230846_add_event_type_ids_to_webhooks_outgoing_endpoints.rb
+- db/migrate/20211126230847_migrate_event_type_ids_on_webhooks_outgoing_endpoints.rb
+- db/migrate/20211127013539_remove_event_type_from_webhooks_outgoing_events.rb
+- db/migrate/20211127013800_add_new_event_type_id_to_webhooks_outgoing_events.rb
+- db/migrate/20211127014001_migrate_event_types_on_webhooks_outgoing_events.rb
+- db/migrate/20211127015712_drop_webhooks_outgoing_endpoint_event_types.rb
+- db/migrate/20211127015713_drop_webhooks_outgoing_event_types.rb
 - lib/bullet_train/outgoing_webhooks.rb
 - lib/bullet_train/outgoing_webhooks/engine.rb
 - lib/bullet_train/outgoing_webhooks/version.rb
@@ -103,8 +169,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.22
+rubygems_version: 3.3.7
 signing_key:
 specification_version: 4
-summary: Bullet Train Outgoing Webhooks
+summary: Allow users of your Rails application to subscribe and receive webhooks when
+  activity takes place in your application.
 test_files: []