forest_liana 9.17.7 → 9.18.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 55b4065b5a2334f7fec593dbb43d62558fcd2786cde6765ba60099c3c3ff0b03
-  data.tar.gz: ec40d991bf17242d482846b8c2495b4747b0cf590c7a77031624af333b5dbb5a
+  metadata.gz: bf3f27387c51c6e72f363fa0f92a788ed62b57874e685bc26b58642d5b57ed64
+  data.tar.gz: 87d8c7ee8492972fcc9172714b8056f4bd6003842bdaa64c590b07744735517a
 SHA512:
-  metadata.gz: 90d60f43668a322d66005702e3b079a751d979e65157265cf70ab2bfe1a56f873c9a5cf717cdbadcda75b0d503ef5a237f7b634a1a6e1245314268c41aa23b3f
-  data.tar.gz: 9fa2bbce56a9db1ee0ed6fbf62eee6e455d167b8c7f4235fe111fa7c1fdc394f6365c13c10e0db2b2dea1e59144d1489fd9c95a1cfd923c42f0b7ff91a5c3c7c
+  metadata.gz: e642957d6f0925fd6a2567c44c3fce1f386e85da1ebc0abfc1fac9c36c19ee5fdc38ed33430d8ad2fd4e7e1a4a72f64c3c7894c187bb3d8445c511bcd3c2eead
+  data.tar.gz: 66098b227f8abcd58e3e8da41954e560d8dae0e32ad8f4c995cb1f5daab4a2481af0c4b3c1f9e35bd7f7a816a68c826dc4df161f6b83eec78be1b592b4834896

data/app/controllers/forest_liana/workflow_executions_controller.rb

@@ -0,0 +1,71 @@
+require 'httparty'
+
+module ForestLiana
+  class WorkflowExecutionsController < ApplicationController
+    FORWARDED_HEADERS = %w[Authorization Cookie].freeze
+    UPSTREAM_TIMEOUT_IN_SECONDS = 10
+    UPSTREAM_ERRORS = [
+      HTTParty::Error,
+      SocketError,
+      Errno::ECONNREFUSED,
+      Net::OpenTimeout,
+      Net::ReadTimeout,
+      Timeout::Error
+    ].freeze
+
+    def show
+      forward_to_executor(method: :get, suffix: '')
+    end
+
+    def trigger
+      forward_to_executor(method: :post, suffix: '/trigger')
+    end
+
+    private
+
+    def forward_to_executor(method:, suffix:)
+      base = ForestLiana.workflow_executor_url
+      if base.blank?
+        head :not_found
+        return
+      end
+
+      url = "#{base.sub(%r{/+\z}, '')}/runs/#{params[:run_id]}#{suffix}"
+      response = HTTParty.send(
+        method,
+        url,
+        headers: forwarded_headers,
+        query: forwarded_query,
+        body: forwarded_body(method),
+        verify: Rails.env.production?,
+        timeout: UPSTREAM_TIMEOUT_IN_SECONDS
+      )
+
+      render json: response.parsed_response, status: response.code
+    rescue *UPSTREAM_ERRORS => e
+      Rails.logger.error("[ForestLiana] workflow executor proxy error: #{e.class}: #{e.message}")
+      render json: { error: 'workflow_executor_unreachable' }, status: :service_unavailable
+    end
+
+    def forwarded_headers
+      base = { 'Content-Type' => 'application/json' }
+      FORWARDED_HEADERS.each_with_object(base) do |name, acc|
+        value = request.headers[name]
+        acc[name] = value if value.present?
+      end
+    end
+
+    def forwarded_query
+      params
+        .except(:run_id, :controller, :action, :format)
+        .to_unsafe_h
+    end
+
+    def forwarded_body(method)
+      return nil if method == :get
+
+      raw = request.raw_post
+      raw.presence
+    end
+  end
+end

data/app/services/forest_liana/token.rb

@@ -9,7 +9,8 @@ module ForestLiana
     end
 
     def self.expiration_in_seconds
-      return Time.now.to_i + EXPIRATION_IN_SECONDS
+      # NOTICE: Cast to Integer so the JWT exp claim is an RFC 7519 NumericDate.
+      return Time.now.to_i + EXPIRATION_IN_SECONDS.to_i
     end
 
     def self.create_token(user, rendering_id)

data/config/routes.rb

@@ -23,6 +23,12 @@ ForestLiana::Engine.routes.draw do
   # Scopes
   post '/scope-cache-invalidation' => 'scopes#invalidate_scope_cache'
 
+  # Workflow executor proxy (mounted only when ForestLiana.workflow_executor_url is set)
+  if ForestLiana.workflow_executor_url.present?
+    get  '_internal/workflow-executions/:run_id'         => 'workflow_executions#show'
+    post '_internal/workflow-executions/:run_id/trigger' => 'workflow_executions#trigger'
+  end
+
   # Stripe Integration
   get '(*collection)_stripe_payments' => 'stripe#payments'
   get ':collection/:id/stripe_payments' => 'stripe#payments'

data/lib/forest_liana/version.rb

@@ -1,3 +1,3 @@
 module ForestLiana
-  VERSION = "9.17.7"
+  VERSION = "9.18.0"
 end

data/lib/forest_liana.rb

@@ -30,6 +30,7 @@ module ForestLiana
   mattr_accessor :logger
   mattr_accessor :reporter
   mattr_accessor :skip_schema_update
+  mattr_accessor :workflow_executor_url
   # TODO: Remove once lianas prior to 2.0.0 are not supported anymore.
   mattr_accessor :names_old_overriden
 

data/spec/dummy/config/initializers/forest_liana.rb

@@ -1,3 +1,4 @@
 ForestLiana.env_secret = 'env_secret_test'
 ForestLiana.auth_secret = 'auth_secret_test'
 ForestLiana.application_url = 'http://localhost:3000'
+ForestLiana.workflow_executor_url = 'http://workflow-executor.test:4001'

data/spec/requests/workflow_executions_spec.rb

@@ -0,0 +1,153 @@
+require 'rails_helper'
+
+describe 'Workflow executor proxy', type: :request do
+  let(:run_id) { 'run_abc123' }
+  let(:executor_url) { 'http://workflow-executor.test:4001' }
+  let(:bearer_token) do
+    JWT.encode(
+      {
+        id: 38,
+        email: 'michael.kelso@that70.show',
+        first_name: 'Michael',
+        last_name: 'Kelso',
+        team: 'Operations',
+        rendering_id: 16,
+        exp: Time.now.to_i + 2.weeks.to_i,
+        permission_level: 'admin'
+      },
+      ForestLiana.auth_secret,
+      'HS256'
+    )
+  end
+  let(:auth_headers) do
+    {
+      'Accept' => 'application/json',
+      'Content-Type' => 'application/json',
+      'Authorization' => "Bearer #{bearer_token}",
+      'Cookie' => 'forest_session_token=session-xyz'
+    }
+  end
+  let(:executor_response) do
+    instance_double(
+      HTTParty::Response,
+      parsed_response: { 'id' => run_id, 'state' => 'pending' },
+      code: 200
+    )
+  end
+
+  before do
+    allow(ForestLiana::IpWhitelist).to receive(:retrieve) { true }
+    allow(ForestLiana::IpWhitelist).to receive(:is_ip_whitelist_retrieved) { true }
+    allow(ForestLiana::IpWhitelist).to receive(:is_ip_valid) { true }
+
+    allow(HTTParty).to receive(:get).and_return(executor_response)
+    allow(HTTParty).to receive(:post).and_return(executor_response)
+  end
+
+  describe 'GET /forest/_internal/workflow-executions/:run_id' do
+    it 'forwards GET to the executor /runs/:run_id endpoint' do
+      get "/forest/_internal/workflow-executions/#{run_id}", params: { foo: 'bar' }, headers: auth_headers
+
+      expect(HTTParty).to have_received(:get).with(
+        "#{executor_url}/runs/#{run_id}",
+        hash_including(
+          headers: hash_including(
+            'Authorization' => "Bearer #{bearer_token}",
+            'Cookie' => 'forest_session_token=session-xyz'
+          ),
+          query: hash_including('foo' => 'bar')
+        )
+      )
+    end
+
+    it 'returns the executor status and body verbatim' do
+      get "/forest/_internal/workflow-executions/#{run_id}", headers: auth_headers
+
+      expect(response.status).to eq(200)
+      expect(JSON.parse(response.body)).to eq('id' => run_id, 'state' => 'pending')
+    end
+
+    it 'rejects unauthenticated requests with 401' do
+      get "/forest/_internal/workflow-executions/#{run_id}"
+
+      expect(response.status).to eq(401)
+      expect(HTTParty).not_to have_received(:get)
+    end
+  end
+
+  describe 'POST /forest/_internal/workflow-executions/:run_id/trigger' do
+    let(:trigger_body) { { step: 'approve', value: 42 } }
+
+    it 'forwards POST to the executor /runs/:run_id/trigger endpoint with the body' do
+      post(
+        "/forest/_internal/workflow-executions/#{run_id}/trigger",
+        params: trigger_body.to_json,
+        headers: auth_headers
+      )
+
+      expect(HTTParty).to have_received(:post).with(
+        "#{executor_url}/runs/#{run_id}/trigger",
+        hash_including(
+          headers: hash_including('Authorization' => "Bearer #{bearer_token}"),
+          body: trigger_body.to_json
+        )
+      )
+    end
+
+    it 'returns the executor response' do
+      post(
+        "/forest/_internal/workflow-executions/#{run_id}/trigger",
+        params: trigger_body.to_json,
+        headers: auth_headers
+      )
+
+      expect(response.status).to eq(200)
+      expect(JSON.parse(response.body)).to eq('id' => run_id, 'state' => 'pending')
+    end
+  end
+
+  describe 'when the executor returns an error status' do
+    let(:executor_response) do
+      instance_double(HTTParty::Response, parsed_response: { 'error' => 'invalid_step' }, code: 422)
+    end
+
+    it 'forwards the executor status and body to the client' do
+      get "/forest/_internal/workflow-executions/#{run_id}", headers: auth_headers
+
+      expect(response.status).to eq(422)
+      expect(JSON.parse(response.body)).to eq('error' => 'invalid_step')
+    end
+  end
+
+  describe 'when the executor is unreachable' do
+    before do
+      allow(HTTParty).to receive(:get).and_raise(Errno::ECONNREFUSED.new('boom'))
+    end
+
+    it 'returns 503 service_unavailable' do
+      get "/forest/_internal/workflow-executions/#{run_id}", headers: auth_headers
+
+      expect(response.status).to eq(503)
+      expect(JSON.parse(response.body)).to eq('error' => 'workflow_executor_unreachable')
+    end
+  end
+
+  describe 'when ForestLiana.workflow_executor_url is blank' do
+    around do |example|
+      original = ForestLiana.workflow_executor_url
+      ForestLiana.workflow_executor_url = nil
+      example.run
+    ensure
+      ForestLiana.workflow_executor_url = original
+    end
+
+    it 'returns 404 (controller-level guard for cases where routes were drawn but config was reset)' do
+      # Note: routes are mounted at boot based on workflow_executor_url being
+      # present. This test exercises the runtime guard inside the controller
+      # for scenarios where config is mutated after boot (e.g. tests).
+      get "/forest/_internal/workflow-executions/#{run_id}", headers: auth_headers
+
+      expect(response.status).to eq(404)
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: forest_liana
 version: !ruby/object:Gem::Version
-  version: 9.17.7
+  version: 9.18.0
 platform: ruby
 authors:
 - Sandro Munda
@@ -250,6 +250,7 @@ files:
 - app/controllers/forest_liana/smart_actions_controller.rb
 - app/controllers/forest_liana/stats_controller.rb
 - app/controllers/forest_liana/stripe_controller.rb
+- app/controllers/forest_liana/workflow_executions_controller.rb
 - app/deserializers/forest_liana/resource_deserializer.rb
 - app/helpers/forest_liana/adapter_helper.rb
 - app/helpers/forest_liana/application_helper.rb
@@ -448,6 +449,7 @@ files:
 - spec/requests/resources_spec.rb
 - spec/requests/stats_spec.rb
 - spec/requests/test.ru
+- spec/requests/workflow_executions_spec.rb
 - spec/routing/routes_spec.rb
 - spec/services/forest_liana/ability/ability_spec.rb
 - spec/services/forest_liana/ability/permission/smart_action_checker_spec.rb
@@ -760,6 +762,7 @@ test_files:
 - spec/requests/resources_spec.rb
 - spec/requests/stats_spec.rb
 - spec/requests/test.ru
+- spec/requests/workflow_executions_spec.rb
 - spec/routing/routes_spec.rb
 - spec/services/forest_liana/ability/ability_spec.rb
 - spec/services/forest_liana/ability/permission/smart_action_checker_spec.rb