bullet_train-outgoing_webhooks 1.25.1 → 1.26.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6231c0042625ad6748864d4ca1e0beb7c19a429d8e44bbe80eb806fcce82131f
-  data.tar.gz: 4f54ddf9560e553ad35ae3e3a2b116fd935b84414c1d6a84feddca36a30089e8
+  metadata.gz: 36479ad4e919366dc9e89a68a38682e16806e5fc13871afca777677fe78e03c6
+  data.tar.gz: ee4b1266f2988a289b295708d90b45ede44e0e9dde8a0e890e992a0b41275611
 SHA512:
-  metadata.gz: 2dfcceb4b6e4bafece0d922b74153c2af6079ae6542ad2a907997c63a5cd3ab3ddaa36ef537aef6ebced323535cf7472fd6a165baae24c87101050cf1165777c
-  data.tar.gz: 48669fe6f62b620c2c44123476c8caa6c83286ba3b2f59b881e866dbb789be8a58fbbbcd92f3565a7b5781602bf3dd4211451e41d35066097a05ebcbe710dcc2
+  metadata.gz: f18aadf46809c1353f7b8b8596c9ffe1c26670c0eeb72dfd4ea0af5987a0afcdfd88502763e9672556b392f64459b8ba2ca36823743b659b94b818e02d7bd8cb
+  data.tar.gz: c0848a23a118193782037328ea2f8a6bdd94ea52b3ea2726906f8f7f91678dda750820aa89318e74cea6414722399830c6befb1d6dc37968523fdcf51f9226a3

data/app/controllers/account/webhooks/outgoing/endpoints_controller.rb

@@ -1,5 +1,8 @@
 class Account::Webhooks::Outgoing::EndpointsController < Account::ApplicationController
-  account_load_and_authorize_resource :endpoint, through: BulletTrain::OutgoingWebhooks.parent_association, through_association: :webhooks_outgoing_endpoints
+  account_load_and_authorize_resource :endpoint,
+    through: BulletTrain::OutgoingWebhooks.parent_association,
+    through_association: :webhooks_outgoing_endpoints,
+    member_actions: [:activate, :deactivate]
   before_action { @parent = instance_variable_get("@#{BulletTrain::OutgoingWebhooks.parent_association}") }
 
   # GET /account/teams/:team_id/webhooks/outgoing/endpoints
@@ -71,6 +74,32 @@ class Account::Webhooks::Outgoing::EndpointsController < Account::ApplicationCon
     end
   end
 
+  # POST /account/webhooks/outgoing/endpoints/:id/activate
+  def activate
+    respond_to do |format|
+      if @endpoint.reactivate!
+        format.html { redirect_to [:account, @parent, :webhooks_outgoing_endpoints], notice: I18n.t("webhooks/outgoing/endpoints.notifications.activated") }
+        format.json { render :show, status: :ok, location: [:account, @endpoint] }
+      else
+        format.html { redirect_to [:account, @parent, :webhooks_outgoing_endpoints], alert: I18n.t("webhooks/outgoing/endpoints.notifications.activation_failed") }
+        format.json { render json: @endpoint.errors, status: :unprocessable_entity }
+      end
+    end
+  end
+
+  # DELETE /account/webhooks/outgoing/endpoints/:id/deactivate
+  def deactivate
+    respond_to do |format|
+      if @endpoint.deactivate!
+        format.html { redirect_to [:account, @parent, :webhooks_outgoing_endpoints], notice: I18n.t("webhooks/outgoing/endpoints.notifications.deactivated") }
+        format.json { render :show, status: :ok, location: [:account, @endpoint] }
+      else
+        format.html { redirect_to [:account, @parent, :webhooks_outgoing_endpoints], alert: I18n.t("webhooks/outgoing/endpoints.notifications.deactivation_failed") }
+        format.json { render json: @endpoint.errors, status: :unprocessable_entity }
+      end
+    end
+  end
+
   private
 
   # Never trust parameters from the scary internet, only allow the white list through.

data/app/controllers/concerns/api/v1/webhooks/outgoing/endpoints/controller_base.rb

@@ -10,6 +10,7 @@ module Api::V1::Webhooks::Outgoing::Endpoints::ControllerBase
         :name,
         :api_version,
         :scaffolding_absolutely_abstract_creative_concept_id,
+        :deactivated_at,
         # 🚅 super scaffolding will insert new fields above this line.
         *permitted_arrays,
         event_type_ids: [],

data/app/mailers/webhooks/outgoing/endpoint_mailer.rb

@@ -0,0 +1,35 @@
+class Webhooks::Outgoing::EndpointMailer < ApplicationMailer
+  def deactivation_limit_reached(endpoint)
+    @endpoint = endpoint
+    email = @endpoint.team.formatted_email_address
+    return if email.blank?
+    set_values(@endpoint)
+
+    mail(
+      to: email,
+      subject: I18n.t("webhooks.outgoing.endpoint_mailer.deactivation_limit_reached.subject", endpoint_name: @endpoint.name)
+    )
+  end
+
+  def deactivated(endpoint)
+    @endpoint = endpoint
+    email = @endpoint.team.formatted_email_address
+    return if email.blank?
+    set_values(@endpoint)
+
+    mail(
+      to: email,
+      subject: I18n.t("webhooks.outgoing.endpoint_mailer.deactivated.subject", endpoint_name: @endpoint.name)
+    )
+  end
+
+  private
+
+  def set_values(endpoint)
+    @values ||= {
+      endpoint_name: endpoint.name,
+      endpoint_events: endpoint.event_type_ids.join(", "),
+      app_name: I18n.t("application.name"),
+    }
+  end
+end

data/app/models/concerns/webhooks/outgoing/delivery_support.rb

@@ -15,6 +15,7 @@ module Webhooks::Outgoing::DeliverySupport
     3 => 5.minutes,
     4 => 15.minutes,
     5 => 1.hour,
+    6 => 24.hours,
   }
 
   def label_string
@@ -28,14 +29,21 @@ module Webhooks::Outgoing::DeliverySupport
   def deliver_async
     if still_attempting?
       Webhooks::Outgoing::DeliveryJob.set(wait: next_reattempt_delay).perform_later(self)
+    else
+      # All delivery attempts have now failed, should we deactivate the endpoint?
+      endpoint.handle_exhausted_delivery_attempts
     end
   end
 
-  def deliver
+  # This method is used to create an attempt and deliver a webhook.
+  # If the endpoint is disabled, the attempt will not be created and the webhook will not be delivered.
+  # You can bypass this condition by passing `force: true`
+  def deliver(force: false)
+    return if endpoint.deactivated? && !force
     # TODO If we ever do away with the `async: true` default for webhook generation, then I believe this needs to
     # change otherwise we'd be attempting the first delivery of webhooks inline.
     if delivery_attempts.new.attempt
-      touch(:delivered_at)
+      mark_as_delivered!
     else
       deliver_async
     end
@@ -55,7 +63,24 @@ module Webhooks::Outgoing::DeliverySupport
   end
 
   def failed?
-    !(delivered? || still_attempting?)
+    !delivered? && !still_attempting?
+  end
+
+  def not_attempted?
+    attempt_count.zero?
+  end
+
+  def attempts_schedule_period_elapsed?
+    max_attempts_period = ATTEMPT_SCHEDULE.values.sum
+    created_at < max_attempts_period.ago
+  end
+
+  # This method is used to display delivery statuses in the UI.
+  # For deactivated endpoints, we don't make any delivery attempts, however, the delivery itself is still created,
+  # so we show it as "failed" in the UI.
+  # We also show deliveries as failed when the maximum attempt period has elapsed.
+  def failed_or_not_attempted_or_elapsed?
+    failed? || not_attempted? || attempts_schedule_period_elapsed?
   end
 
   def name
@@ -65,4 +90,11 @@ module Webhooks::Outgoing::DeliverySupport
   def max_attempts
     ATTEMPT_SCHEDULE.keys.max
   end
+
+  def mark_as_delivered!
+    ActiveRecord::Base.transaction do
+      touch(:delivered_at)
+      endpoint.reset_failed_deliveries_tracking!
+    end
+  end
 end

data/app/models/concerns/webhooks/outgoing/endpoint_deactivatable.rb

@@ -0,0 +1,78 @@
+module Webhooks::Outgoing::EndpointDeactivatable
+  extend ActiveSupport::Concern
+
+  def active?
+    deactivated_at.nil?
+  end
+
+  def deactivated?
+    deactivated_at.present?
+  end
+
+  def marked_for_deactivation?
+    deactivation_limit_reached_at.present? && deactivated_at.nil?
+  end
+
+  def reset_failed_deliveries_tracking!
+    update_columns(deactivation_limit_reached_at: nil, consecutive_failed_deliveries: 0)
+  end
+
+  def deactivate!
+    return if deactivated?
+
+    update!(deactivated_at: Time.current)
+  end
+
+  def mark_for_deactivation!
+    return if marked_for_deactivation?
+    return if deactivated?
+
+    update!(deactivation_limit_reached_at: Time.current)
+  end
+
+  def reactivate!
+    return unless deactivated?
+
+    update!(deactivated_at: nil, deactivation_limit_reached_at: nil, consecutive_failed_deliveries: 0)
+  end
+
+  def handle_exhausted_delivery_attempts
+    return unless BulletTrain::OutgoingWebhooks::Engine.config.outgoing_webhooks[:automatic_endpoint_deactivation_enabled]
+    return if deactivated?
+
+    increment!(:consecutive_failed_deliveries)
+
+    # If the endpoint is marked for deactivation, we check if the cooling-off period (deactivation_in setting) has passed.
+    # If so, we mark it as deactivated.
+    if should_be_deactivated?
+      deactivate!
+      notify_deactivated
+    elsif should_be_marked_for_deactivation?
+      mark_for_deactivation!
+      notify_deactivation_limit_reached
+    end
+  end
+
+  def should_be_deactivated?
+    return false unless marked_for_deactivation?
+    return false if deactivated?
+
+    deactivation_limit_reached_at <= BulletTrain::OutgoingWebhooks::Engine.config.outgoing_webhooks.dig(:automatic_endpoint_deactivation_settings, :deactivation_in).ago
+  end
+
+  def should_be_marked_for_deactivation?
+    return false if deactivated?
+    return false if marked_for_deactivation?
+
+    max_limit = BulletTrain::OutgoingWebhooks::Engine.config.outgoing_webhooks.dig(:automatic_endpoint_deactivation_settings, :max_limit)
+    consecutive_failed_deliveries >= max_limit
+  end
+
+  def notify_deactivation_limit_reached
+    Webhooks::Outgoing::EndpointMailer.deactivation_limit_reached(self).deliver_later
+  end
+
+  def notify_deactivated
+    Webhooks::Outgoing::EndpointMailer.deactivated(self).deliver_later
+  end
+end

data/app/models/webhooks/outgoing/endpoint.rb

@@ -1,5 +1,6 @@
 class Webhooks::Outgoing::Endpoint < BulletTrain::OutgoingWebhooks.base_class.constantize
   include Webhooks::Outgoing::EndpointSupport
+  include Webhooks::Outgoing::EndpointDeactivatable
   # 🚅 add concerns above.
 
   # 🚅 add belongs_to associations above.

data/app/views/account/webhooks/outgoing/deliveries/_index.html.erb

@@ -31,7 +31,7 @@
                   <td><%= render 'shared/attributes/code', attribute: :event_type_name %></td>
                 <% end %>
                 <td><%= render 'shared/attributes/code', attribute: :endpoint_url %></td>
-                <td class="text-center"><%= render 'shared/attributes/attempt', attribute: :status, success_method: :delivered?, attempting_method: :still_attempting?, failure_method: :failed? %></td>
+                <td class="text-center"><%= render 'shared/attributes/attempt', attribute: :status, success_method: :delivered?, attempting_method: :still_attempting?, failure_method: :failed_or_not_attempted_or_elapsed? %></td>
                 <%# 🚅 super scaffolding will insert new fields above this line. %>
                 <td><%= render 'shared/attributes/date_and_time', attribute: :created_at %></td>
                 <td class="buttons">

data/app/views/account/webhooks/outgoing/deliveries/show.html.erb

@@ -17,7 +17,7 @@
               <pre><%= JSON.pretty_generate(@delivery.event.payload) %></pre>
             <% end %>
           <% end %>
-          <%= render 'shared/attributes/attempt', attribute: :status, success_method: :delivered?, attempting_method: :still_attempting?, failure_method: :failed? %>
+          <%= render 'shared/attributes/attempt', attribute: :status, success_method: :delivered?, attempting_method: :still_attempting?, failure_method: :failed_or_not_attempted_or_elapsed? %>
           <%= render 'shared/attributes/code', attribute: :endpoint_url %>
           <%= render 'shared/attributes/date_and_time', attribute: :delivered_at %>
           <%# 🚅 super scaffolding will insert new fields above this line. %>

data/app/views/account/webhooks/outgoing/endpoints/_index.html.erb

@@ -16,6 +16,7 @@
             <th><%= t('.fields.name.heading') %></th>
             <th><%= t('.fields.url.heading') %></th>
             <th><%= t('.fields.webhook_secret.heading') %></th>
+            <th><%= t('.status.heading') %></th>
             <%# 🚅 super scaffolding will insert new field headers above this line. %>
             <th class="text-right"></th>
           </tr>
@@ -27,12 +28,30 @@
                 <td><%= render 'shared/attributes/text', attribute: :name, url: [:account, endpoint] %></td>
                 <td><%= render 'shared/attributes/code', attribute: :url %></td>
                 <td><%= render 'shared/attributes/code', attribute: :webhook_secret, secret: true %></td>
+                <td>
+                  <% if endpoint.active? %>
+                    <%= t('.status.active') %>
+                    <% if endpoint.deactivation_limit_reached_at.present? %>
+                      <br>
+                      <%= t('.deactivation_limit_reached.description', reached_at: l(endpoint.deactivation_limit_reached_at, format: :date_and_time_field)) %>
+                    <% end %>
+                  <% else %>
+                    <%= t('.status.deactivated') %>
+                  <% end %>
+                </td>
                 <%# 🚅 super scaffolding will insert new fields above this line. %>
                 <td class="buttons">
                   <% unless hide_actions %>
                     <% if can? :edit, endpoint %>
                       <%= link_to t('.buttons.shorthand.edit'), [:edit, :account, endpoint], class: 'button-secondary button-smaller' %>
                     <% end %>
+                    <% if can? :edit, endpoint %>
+                      <% if endpoint.active? %>
+                        <%= button_to t('.buttons.shorthand.deactivate'), [:deactivate, :account, endpoint], method: :delete, data: { turbo_confirm: t('.buttons.confirmations.deactivate', model_locales(endpoint)) }, class: 'button-secondary button-smaller' %>
+                      <% else %>
+                        <%= button_to t('.buttons.shorthand.activate'), [:activate, :account, endpoint], method: :post, class: 'button-secondary button-smaller' %>
+                      <% end %>
+                    <% end %>
                     <% if can? :destroy, endpoint %>
                       <%= button_to t('.buttons.shorthand.destroy'), [:account, endpoint], method: :delete, data: { turbo_confirm: t('.buttons.confirmations.destroy', model_locales(endpoint)) }, class: 'button-secondary button-smaller' %>
                     <% end %>

data/app/views/api/v1/webhooks/outgoing/endpoints/_endpoint.json.jbuilder

@@ -4,6 +4,9 @@ json.extract! endpoint,
   :url,
   :name,
   :event_type_ids,
+  :deactivation_limit_reached_at,
+  :deactivated_at,
+  :consecutive_failed_deliveries,
   # 🚅 super scaffolding will insert new fields above this line.
   :created_at,
   :updated_at

data/app/views/webhooks/outgoing/endpoint_mailer/deactivated.html.erb

@@ -0,0 +1,49 @@
+<% content_for :preheader do %>
+  <%= t('.preview', @values) %>
+<% end %>
+
+<h1><%= t('.heading') %></h1>
+<br>
+<%= t('.body.html', @values) %>
+
+<br>
+<div class="endpoint-details">
+  <%= t('.details.html', @values) %>
+</div>
+
+<br>
+<h2><%= t('.explanation.heading', @values) %></h2>
+<br>
+<p><%= t('.explanation.text', @values) %></p>
+
+<br>
+<h2><%= t('.action.heading', @values) %></h2>
+<br>
+<%= t('.action.html', @values) %>
+<br>
+
+<table class="body-action" align="center" width="100%" cellpadding="0" cellspacing="0">
+  <tr>
+    <td align="center">
+      <!-- Border based button https://litmus.com/blog/a-guide-to-bulletproof-buttons-in-email-design -->
+      <table width="100%" border="0" cellspacing="0" cellpadding="0">
+        <tr>
+          <td align="center">
+            <table border="0" cellspacing="0" cellpadding="0">
+              <tr>
+                <td>
+                  <a href="<%= account_webhooks_outgoing_endpoint_url(@endpoint) %>" target="_blank" class="button">
+                    <%= t('.action.button', @values) %>
+                  </a>
+                </td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+
+<br>
+<%= t('.signature.html', @values.merge({support_email: t('application.support_email')})) %>

data/app/views/webhooks/outgoing/endpoint_mailer/deactivation_limit_reached.html.erb

@@ -0,0 +1,45 @@
+<% content_for :preheader do %>
+  <%= t('.preview', @values) %>
+<% end %>
+
+<h1><%= t('.heading') %></h1>
+<br>
+<%= t('.body.html', @values) %>
+<br>
+<div class="endpoint-details">
+  <%= t('.details.html', @values) %>
+</div>
+<br>
+<h2><%= t('.explanation.heading', @values) %></h2>
+<br>
+<p><%= t('.explanation.text', @values) %></p>
+<br>
+<h2><%= t('.action.heading', @values) %></h2>
+<br>
+<%= t('.action.html', @values) %>
+
+<table class="body-action" align="center" width="100%" cellpadding="0" cellspacing="0">
+  <tr>
+    <td align="center">
+      <!-- Border based button https://litmus.com/blog/a-guide-to-bulletproof-buttons-in-email-design -->
+      <table width="100%" border="0" cellspacing="0" cellpadding="0">
+        <tr>
+          <td align="center">
+            <table border="0" cellspacing="0" cellpadding="0">
+              <tr>
+                <td>
+                  <a href="<%= account_webhooks_outgoing_endpoint_url(@endpoint) %>" target="_blank" class="button">
+                    <%= t('.action.button', @values) %>
+                  </a>
+                </td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+
+<br>
+<%= t('.signature.html', @values.merge({support_email: t('application.support_email')})) %>

data/config/locales/en/webhooks/outgoing/endpoint_mailer.en.yml

@@ -0,0 +1,55 @@
+en:
+  webhooks:
+    outgoing:
+      endpoint_mailer:
+        deactivation_limit_reached:
+          subject: "Webhook Endpoint Failure Limit Reached - %{endpoint_name}"
+          preview: "Your webhook endpoint %{endpoint_name} has reached the failure limit and may be deactivated"
+          heading: "Webhook Endpoint Failure Limit Reached"
+          body:
+            html: |
+              <p>Hello,</p>
+              <p>We wanted to notify you that your webhook endpoint "<strong>%{endpoint_name}</strong>" has reached the maximum number of consecutive failed delivery attempts. The endpoint is now marked for potential deactivation.</p>
+          details:
+            html: |
+              <p>Endpoint Name: <strong>%{endpoint_name}</strong></p>
+              <p>Endpoint Events: <strong>%{endpoint_events}</strong></p>
+          explanation:
+            heading: "What this means:"
+            text: "Your webhook endpoint is experiencing delivery failures. If this continues, the endpoint will be automatically deactivated to prevent further failed attempts."
+          action:
+            heading: "What you should do:"
+            html: |
+              <ul>
+                <li>Check that your webhook endpoint URL is accessible and responding correctly</li>
+                <li>Verify that your endpoint is returning HTTP 2xx status codes</li>
+              </ul>
+            button: &open_endpoint Open the endpoint
+          signature: &SIGNATURE
+            html:
+              <p>If you have any questions, please don't hesitate to <a href="mailto:%{support_email}">send us an email</a>.</p>
+              <p>Thanks,<br>%{app_name}</p>
+        deactivated:
+          subject: "Webhook Endpoint Deactivated - %{endpoint_name}"
+          preview: "Your webhook endpoint %{endpoint_name} has been deactivated due to repeated failures"
+          heading: "Webhook Endpoint Deactivated"
+          body:
+            html: |
+              <p>Hello,</p>
+              <p>We wanted to notify you that your webhook endpoint "<strong>%{endpoint_name}</strong>" has been automatically deactivated due to repeated delivery failures.</p>
+          details:
+            html: |
+              <p>Endpoint Name: <strong>%{endpoint_name}</strong></p>
+              <p>Endpoint Events: <strong>%{endpoint_events}</strong></p>
+          explanation:
+            heading: "What this means:"
+            text: "Your webhook endpoint has been deactivated to prevent further failed delivery attempts. No webhook events will be sent to this endpoint until it is reactivated."
+          action:
+            heading: "What you can do:"
+            html: |
+              <ul>
+                <li>Leave it deactivated</li>
+                <li>Open the endpoint and reactivate it again if you fixed the initial delivery error</li>
+              </ul>
+            button: *open_endpoint
+          signature: *SIGNATURE

data/config/locales/en/webhooks/outgoing/endpoints.en.yml

@@ -16,11 +16,14 @@ en:
       shorthand:
         edit: Settings
         destroy: Delete
+        activate: Activate
+        deactivate: Deactivate
       confirmations:
         destroy: Are you sure you want to remove %{endpoint_name}? This will also remove it's associated data. This can't be undone.
         rotate_secret: >
           Are you sure you want to rotate the secret of the endpoint %{endpoint_name}?
           Your webhook event verification system will need to start handling the new secret.
+        deactivate: Are you sure you want to deactivate %{endpoint_name}? This will prevent webhooks from being sent to this endpoint.
     fields: &fields
       id:
         _: &id Endpoint ID
@@ -68,7 +71,8 @@ en:
         all: All Events
       event_types: *event_types
 
-      scaffolding_absolutely_abstract_creative_concept_id: &scaffolding_absolutely_abstract_creative_concept
+      scaffolding_absolutely_abstract_creative_concept_id:
+        &scaffolding_absolutely_abstract_creative_concept
         _: &scaffolding_absolutely_abstract_creative_concept_id Within Creative Concept
         label: *scaffolding_absolutely_abstract_creative_concept_id
         heading: *scaffolding_absolutely_abstract_creative_concept_id
@@ -86,6 +90,28 @@ en:
           via the API, the secret is only shown after creating the endpoint. If you missed to store
           it, you will need to look it up on the app's UI endpoint show or index pages.
         truncation_with_instructions: ... (use button below to rotate)
+
+      deactivation_limit_reached_at:
+        _: &deactivation_limit_reached_at Deactivation Limit Reached At
+        label: *deactivation_limit_reached_at
+        heading: *deactivation_limit_reached_at
+        api_title: *deactivation_limit_reached_at
+        api_description: *deactivation_limit_reached_at
+
+      deactivated_at:
+        _: &deactivated_at Deactivated At
+        label: *deactivated_at
+        heading: *deactivated_at
+        api_title: *deactivated_at
+        api_description: *deactivated_at
+
+      consecutive_failed_deliveries:
+        _: &consecutive_failed_deliveries Consecutive Failed Deliveries
+        label: *consecutive_failed_deliveries
+        heading: *consecutive_failed_deliveries
+        api_title: *consecutive_failed_deliveries
+        api_description: *consecutive_failed_deliveries
+
       # 🚅 super scaffolding will insert new fields above this line.
       created_at:
         _: &created_at Added
@@ -118,6 +144,12 @@ en:
           description_empty: No Endpoints have been added for %{team_name}.
       fields: *fields
       buttons: *buttons
+      status:
+        heading: Status
+        active: Active
+        deactivated: Deactivated
+      deactivation_limit_reached:
+        description: ⚠️ You have reached the maximum number of failed deliveries allowed for the endpoint. The limit was reached at %{reached_at}, and the endpoint will soon be deactivated if it does not process the webhooks.
     show:
       section: "%{endpoint_name}"
       header: Webhooks Endpoint Details
@@ -143,6 +175,10 @@ en:
       updated: Endpoint was successfully updated.
       destroyed: Endpoint was successfully destroyed.
       secret_rotated: Endpoint's webhook secret successfully rotated.
+      activated: Endpoint was successfully activated.
+      deactivated: Endpoint was successfully deactivated.
+      activation_failed: Failed to activate endpoint.
+      deactivation_failed: Failed to deactivate endpoint.
   account:
     webhooks:
       outgoing:

data/config/routes.rb

@@ -7,6 +7,10 @@ Rails.application.routes.draw do
         namespace :webhooks do
           namespace :outgoing do
             resources :endpoints do
+              member do
+                post :activate
+                delete :deactivate
+              end
               resources :deliveries, only: %i[index show] do
                 resources :delivery_attempts, only: %i[index show]
               end

data/db/migrate/20250522080219_add_deactivation_fields_to_endpoints.rb

@@ -0,0 +1,10 @@
+class AddDeactivationFieldsToEndpoints < ActiveRecord::Migration[8.0]
+  disable_ddl_transaction!
+
+  def change
+    add_column :webhooks_outgoing_endpoints, :deactivation_limit_reached_at, :datetime
+    add_column :webhooks_outgoing_endpoints, :deactivated_at, :datetime
+    parent_association = BulletTrain::OutgoingWebhooks.parent_association.to_s.foreign_key.to_sym
+    add_index :webhooks_outgoing_endpoints, [parent_association, :deactivated_at], algorithm: :concurrently
+  end
+end

data/db/migrate/20250526132225_add_invitations_table.rb

@@ -0,0 +1,16 @@
+class AddInvitationsTable < ActiveRecord::Migration[8.0]
+  def change
+    create_table "invitations", id: :serial, force: :cascade do |t|
+      t.string "email"
+      t.string "uuid"
+      t.integer "from_membership_id"
+      t.datetime "created_at", precision: nil, null: false
+      t.datetime "updated_at", precision: nil, null: false
+      t.integer "team_id"
+      t.bigint "invitation_list_id"
+      t.index ["invitation_list_id"], name: "index_invitations_on_invitation_list_id"
+      t.index ["team_id"], name: "index_invitations_on_team_id"
+    end
+    add_reference :memberships, :invitation, index: true
+  end
+end

data/db/migrate/20250528082127_update_users_table_for_dummy_app.rb

@@ -0,0 +1,34 @@
+class UpdateUsersTableForDummyApp < ActiveRecord::Migration[8.0]
+  def change
+    change_table :users do |t|
+      t.string "reset_password_token"
+      t.datetime "reset_password_sent_at", precision: nil
+      t.datetime "remember_created_at", precision: nil
+      t.integer "sign_in_count", default: 0, null: false
+      t.datetime "current_sign_in_at", precision: nil
+      t.datetime "last_sign_in_at", precision: nil
+      t.inet "current_sign_in_ip"
+      t.inet "last_sign_in_ip"
+      t.datetime "last_seen_at", precision: nil
+      t.string "profile_photo_id"
+      t.datetime "last_notification_email_sent_at", precision: nil
+      t.boolean "former_user", default: false, null: false
+      t.string "encrypted_otp_secret"
+      t.string "encrypted_otp_secret_iv"
+      t.string "encrypted_otp_secret_salt"
+      t.integer "consumed_timestep"
+      t.boolean "otp_required_for_login"
+      t.string "otp_backup_codes", array: true
+      t.string "locale"
+      t.bigint "platform_agent_of_id"
+      t.string "otp_secret"
+      t.integer "failed_attempts", default: 0, null: false
+      t.string "unlock_token"
+      t.datetime "locked_at"
+      t.index ["email"], name: "index_users_on_email", unique: true
+      t.index ["platform_agent_of_id"], name: "index_users_on_platform_agent_of_id"
+      t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
+      t.index ["unlock_token"], name: "index_users_on_unlock_token", unique: true
+    end
+  end
+end

data/db/migrate/20250528083628_add_locale_to_team.rb

@@ -0,0 +1,5 @@
+class AddLocaleToTeam < ActiveRecord::Migration[8.0]
+  def change
+    add_column :teams, :locale, :string
+  end
+end

data/db/migrate/20250616143032_add_failed_count_to_webhook_endpoints.rb

@@ -0,0 +1,5 @@
+class AddFailedCountToWebhookEndpoints < ActiveRecord::Migration[8.0]
+  def change
+    add_column :webhooks_outgoing_endpoints, :consecutive_failed_deliveries, :integer, default: 0, null: false
+  end
+end

data/lib/bullet_train/outgoing_webhooks/engine.rb

@@ -24,7 +24,12 @@ module BulletTrain
           custom_allow_callback: nil,
           audit_callback: ->(obj, uri) { Rails.logger.error("BlockedURI obj=#{obj.persisted? ? obj.to_global_id : "New #{obj.class}"} uri=#{uri}") },
           webhook_headers_namespace: "X-Webhook-Bullet-Train",
-          event_verification_tolerance_seconds: 600 # 5-10 minutes is industry-default.
+          event_verification_tolerance_seconds: 600, # 5-10 minutes is industry-default.
+          automatic_endpoint_deactivation_enabled: false,
+          automatic_endpoint_deactivation_settings: {
+            max_limit: 50,
+            deactivation_in: 3.days
+          },
         }
       end
     end

data/lib/bullet_train/outgoing_webhooks/version.rb

@@ -1,5 +1,5 @@
 module BulletTrain
   module OutgoingWebhooks
-    VERSION = "1.25.1"
+    VERSION = "1.26.0"
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bullet_train-outgoing_webhooks
 version: !ruby/object:Gem::Version
-  version: 1.25.1
+  version: 1.26.0
 platform: ruby
 authors:
 - Andrew Culver
@@ -117,8 +117,10 @@ files:
 - app/controllers/concerns/api/v1/webhooks/outgoing/events/controller_base.rb
 - app/jobs/webhooks/outgoing/delivery_job.rb
 - app/jobs/webhooks/outgoing/generate_job.rb
+- app/mailers/webhooks/outgoing/endpoint_mailer.rb
 - app/models/concerns/webhooks/outgoing/delivery_attempt_support.rb
 - app/models/concerns/webhooks/outgoing/delivery_support.rb
+- app/models/concerns/webhooks/outgoing/endpoint_deactivatable.rb
 - app/models/concerns/webhooks/outgoing/endpoint_support.rb
 - app/models/concerns/webhooks/outgoing/event_support.rb
 - app/models/concerns/webhooks/outgoing/issuing_model.rb
@@ -163,8 +165,11 @@ files:
 - app/views/api/v1/webhooks/outgoing/events/_event.json.jbuilder
 - app/views/api/v1/webhooks/outgoing/events/index.json.jbuilder
 - app/views/api/v1/webhooks/outgoing/events/show.json.jbuilder
+- app/views/webhooks/outgoing/endpoint_mailer/deactivated.html.erb
+- app/views/webhooks/outgoing/endpoint_mailer/deactivation_limit_reached.html.erb
 - config/locales/en/webhooks/outgoing/deliveries.en.yml
 - config/locales/en/webhooks/outgoing/delivery_attempts.en.yml
+- config/locales/en/webhooks/outgoing/endpoint_mailer.en.yml
 - config/locales/en/webhooks/outgoing/endpoints.en.yml
 - config/locales/en/webhooks/outgoing/events.en.yml
 - config/routes.rb
@@ -194,6 +199,11 @@ files:
 - db/migrate/20221230235326_add_api_version_to_webhooks_outgoing_events.rb
 - db/migrate/20221231003437_remove_default_from_webhooks_outgoing_endpoints.rb
 - db/migrate/20221231003438_remove_default_from_webhooks_outgoing_events.rb
+- db/migrate/20250522080219_add_deactivation_fields_to_endpoints.rb
+- db/migrate/20250526132225_add_invitations_table.rb
+- db/migrate/20250528082127_update_users_table_for_dummy_app.rb
+- db/migrate/20250528083628_add_locale_to_team.rb
+- db/migrate/20250616143032_add_failed_count_to_webhook_endpoints.rb
 - lib/bullet_train/outgoing_webhooks.rb
 - lib/bullet_train/outgoing_webhooks/engine.rb
 - lib/bullet_train/outgoing_webhooks/signature.rb