fuik 0.10.1 → 0.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 75982b79f02eab5a1ee77bb7a05e00c9dac8a584f9d17b43b1a3ae9ce8b15f17
-  data.tar.gz: e446a0526a042e8a0789f4a5bb967ddcd55fd806d0ca79f1c53b1315ac51f455
+  metadata.gz: b15633f53ffe1c5c7dad94fb1d5151a8c2bce010318854cc50a4e3afbe48c828
+  data.tar.gz: 0ba925e04a5271e77a8a8ed4c80bbda7a4a00a5d9d87c6b3b304104519988a29
 SHA512:
-  metadata.gz: f96fdca885fd963d87cf474d82bb6cc96d4416085f59a80ed70b85d0f0725de1eaf2ad1008400aa0362ae121b5ca5b099b2e44ed25e66b560fa01f8b5649d657
-  data.tar.gz: 1b86640a5c749590eebab88a3002197a278784f1643e72cf0f8550cc4663933853b9eb4b1949a66d697cddf491e3812305ce92cb276ac3c3f8adc8d906e82270
+  metadata.gz: 5c7c0c9ee432bd0702969c6238c0ceea4200da1370350a4d88337f14252bc6f4bce0990a0c80e49dd862de9f25459c4cd1a1f5b914e41de1b021e0ba3b21c255
+  data.tar.gz: 93e200fcc81563e5f6a9699067c6543c4e4b26af42f1504dff84aa0a2e59ce89efe2fb2a571dde5fd2bc298bded45b2c9b332d44c1deb79fea22ce4f0130248b

data/README.md

@@ -124,6 +124,24 @@ end
 If `Provider::Base.verify!` exists, Fuik calls it automatically. Invalid signatures return 401 without storing the webhook.
 
 
+### Provider allowlist
+
+By default:
+- **Development/test**: all providers are allowed
+- **Production/staging**: only providers in `app/webhooks/` are allowed
+
+Configure with `Fuik::Engine.config.providers_allowed`:
+```ruby
+# Allow all (including production)
+Fuik::Engine.config.providers_allowed = :all
+
+# Explicit allowlist (overrides directory scan)
+Fuik::Engine.config.providers_allowed = %w[stripe github shopify]
+```
+
+Unknown providers return `404 Not Found`.
+
+
 ### Pre-packaged providers
 
 Fuik includes ready-to-use [templates for common providers](https://github.com/Rails-Designer/fuik/tree/main/lib/generators/fuik/provider/templates).

data/app/helpers/fuik/highlight_helper.rb

@@ -31,7 +31,7 @@ module Fuik
 
       object.each_with_index.map do |(key, value), index|
         key_path = current_path + [key]
-        path_string = key_path.map { "[\"#{it}\"]" }.join
+        path_string = key_path.map { it.is_a?(String) ? "[\"#{it}\"]" : "[#{it}]" }.join
 
         comma = (index == object.size - 1) ? "" : '<span class="json-punctuation">,</span>'
 

data/config/routes.rb

@@ -5,5 +5,5 @@ Fuik::Engine.routes.draw do
   resources :events, only: %w[show]
   resources :downloads, only: %w[create]
 
-  post ":provider", to: "webhooks#create"
+  post ":provider", to: "webhooks#create", constraints: Fuik::Routing::ProviderConstraint.new
 end

data/lib/fuik/engine.rb

@@ -1,11 +1,14 @@
 # frozen_string_literal: true
 
+require "fuik/routing/provider_constraint"
+
 module Fuik
   class Engine < ::Rails::Engine
     isolate_namespace Fuik
 
     config.webhooks_controller_parent = "ActionController::Base"
     config.events_controller_parent = "ActionController::Base"
+    config.providers_allowed = Rails.env.local?
 
     config.to_prepare do
       ActiveSupport.on_load(:action_view) do

data/lib/fuik/routing/provider_constraint.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module Fuik
+  module Routing
+    class ProviderConstraint
+      def matches?(request)
+        return true if allow_all?
+        return explicit_allowlist.include?(request.params[:provider]) if explicit_allowlist?
+
+        return Rails.env.local? if providers_allowed.nil?
+        return Rails.env.local? if providers_allowed == true
+
+        scanned_allowlist.include?(request.params[:provider])
+      end
+
+      private
+
+      def allow_all? = Fuik::Engine.config.providers_allowed.in?([:all, "all"])
+
+      def explicit_allowlist? = Fuik::Engine.config.providers_allowed.is_a?(Array)
+
+      def explicit_allowlist = Fuik::Engine.config.providers_allowed.to_set
+
+      def providers_allowed = Fuik::Engine.config.providers_allowed
+
+      def scanned_allowlist
+        @scanned_allowlist ||= Dir["#{Rails.root}/app/webhooks/*"]
+          .select { File.directory?(it) }
+          .map { File.basename(it) }
+          .to_set
+      end
+    end
+  end
+end

data/lib/fuik/version.rb

@@ -1,3 +1,3 @@
 module Fuik
-  VERSION = "0.10.1"
+  VERSION = "0.11.0"
 end

data/lib/generators/fuik/provider/templates/github/installation_created.rb.tt

@@ -1,8 +1,8 @@
 module <%= provider_module_name %>
   class InstallationCreated < Base
     def process!
-      installation_id = payload.dig("installation", "id")
-      account = payload.dig("installation", "account", "login")
+      # payload["installation"]["id"]      # GitHub app installation ID
+      # payload["installation"]["account"] # user/org that installed
 
       # TODO: Add business logic
 

data/lib/generators/fuik/provider/templates/github/push.rb.tt

@@ -1,10 +1,8 @@
 module <%= provider_module_name %>
   class Push < Base
     def process!
-      # This fires when a pull request is merged (default branch push)
-
-      repository = payload.dig("repository", "full_name")
-      ref = payload["ref"]
+      # payload["ref"]                     # git ref (e.g., "refs/heads/main")
+      # payload["repository"]["full_name"] # "owner/repo"
 
       # TODO: Add business logic
 

data/lib/generators/fuik/provider/templates/github/star_created.rb.tt

@@ -1,8 +1,8 @@
 module <%= provider_module_name %>
   class StarCreated < Base
     def process!
-      repository = payload.dig("repository", "full_name")
-      stargazer = payload.dig("sender", "login")
+      # payload["repository"]["full_name"] # "owner/repo"
+      # payload["sender"]["login"]         # user who starred
 
       # TODO: Add business logic
 

data/lib/generators/fuik/provider/templates/loops/base.rb.tt

@@ -0,0 +1,17 @@
+module <%= provider_module_name %>
+  class Base < Fuik::Event
+    def self.verify!(request)
+      secret = Rails.application.credentials.dig(:loops, :signing_secret)
+      secret_bytes = Base64.strict_decode64(secret.split("_")[1])
+
+      webhook_id = request.headers["webhook-id"]
+      timestamp = request.headers["webhook-timestamp"]
+      signature = request.headers["webhook-signature"]
+
+      signed_content = "#{webhook_id}.#{timestamp}.#{request.raw_post}"
+      expected_signature = OpenSSL::HMAC.digest("SHA256", secret_bytes, signed_content)
+
+      raise Fuik::InvalidSignature unless signature.split(" ").any? { |sig| sig.include?(",#{expected_signature}") }
+    end
+  end
+end

data/lib/generators/fuik/provider/templates/loops/contact_unsubscribed.rb.tt

@@ -0,0 +1,12 @@
+module <%= provider_module_name %>
+  class ContactUnsubscribed < Base
+    def process!
+      # payload["contactIdentity"]["email"] # user email
+      # payload["contactIdentity"]["id"]    # Loops contact ID
+
+      # TODO: Add business logic
+
+      @webhook_event.processed!
+    end
+  end
+end

data/lib/generators/fuik/provider/templates/loops/email_hard_bounced.rb.tt

@@ -0,0 +1,14 @@
+module <%= provider_module_name %>
+  class EmailHardBounced < Base
+    def process!
+      # payload["contact"]["email"]        # recipient email
+      # payload["email"]["id"]             # Loops email ID
+      # payload["email"]["emailMessageId"] # Postmark message ID
+      # payload["email"]["subject"]        # email subject
+
+      # TODO: Add business logic
+
+      @webhook_event.processed!
+    end
+  end
+end

data/lib/generators/fuik/provider/templates/mailgun/base.rb.tt

@@ -0,0 +1,18 @@
+module <%= provider_module_name %>
+  class Base < Fuik::Event
+    def self.verify!(request)
+      secret = Rails.application.credentials.dig(:mailgun, :signing_key)
+      signature_base64 = request.headers["Signature"]
+      timestamp = request.headers["Timestamp"]
+      token = request.headers["Token"]
+
+      signature = Base64.strict_decode64(signature_base64)
+      data = "#{timestamp}#{token}"
+
+      raise Fuik::InvalidSignature unless ActiveSupport::SecurityUtils.secure_compare(
+        OpenSSL::HMAC.digest("SHA256", secret, data),
+        signature
+      )
+    end
+  end
+end

data/lib/generators/fuik/provider/templates/mailgun/bounced.rb.tt

@@ -0,0 +1,14 @@
+module <%= provider_module_name %>
+  class Bounced < Base
+    def process!
+      # payload["recipient"] # email address that bounced
+      # payload["code"]      # bounce code (e.g., "MAILBOX_FULL")
+      # payload["error"]     # SMTP error response
+      # payload["reason"]    # human-readable reason
+
+      # TODO: Add business logic
+
+      @webhook_event.processed!
+    end
+  end
+end

data/lib/generators/fuik/provider/templates/mailgun/complained.rb.tt

@@ -0,0 +1,12 @@
+module <%= provider_module_name %>
+  class Complained < Base
+    def process!
+      # payload["recipient"] # email address that marked as spam
+      # payload["timestamp"] # when the complaint occurred
+
+      # TODO: Add business logic
+
+      @webhook_event.processed!
+    end
+  end
+end

data/lib/generators/fuik/provider/templates/mailpace/email_bounced.rb.tt

@@ -1,7 +1,8 @@
 module <%= provider_module_name %>
   class EmailBounced < Base
     def process!
-      bounce_type = payload["bounce_type"]
+      # payload["to"]          # recipient email
+      # payload["bounce_type"] # e.g., "hard", "soft"
 
       # TODO: Add business logic
 

data/lib/generators/fuik/provider/templates/mailpace/email_spam.rb.tt

@@ -1,6 +1,9 @@
 module <%= provider_module_name %>
   class EmailSpam < Base
     def process!
+      # payload["to"]        # recipient email
+      # payload["timestamp"] # when marked as spam
+
       # TODO: Add business logic
 
       @webhook_event.processed!

data/lib/generators/fuik/provider/templates/postmark/base.rb.tt

@@ -0,0 +1,4 @@
+module <%= provider_module_name %>
+  class Base < Fuik::Event
+  end
+end

data/lib/generators/fuik/provider/templates/postmark/bounce.rb.tt

@@ -0,0 +1,17 @@
+module <%= provider_module_name %>
+  class Bounce < Base
+    def process!
+      # payload["Email"]       # email address that bounced
+      # payload["Type"]        # bounce type (e.g., "HardBounce", "SoftBounce")
+      # payload["BouncedAt"]   # ISO 8601 timestamp
+      # payload["Inactive"]    # boolean - address is deactivated
+      # payload["CanActivate"] # boolean - can be reactivated
+      # payload["MessageID"]   # Postmark message ID
+      # payload["Description"] # human-readable description
+
+      # TODO: Add business logic
+
+      @webhook_event.processed!
+    end
+  end
+end

data/lib/generators/fuik/provider/templates/resend/base.rb.tt

@@ -0,0 +1,11 @@
+module <%= provider_module_name %>
+  class Base < Fuik::Event
+    def self.verify!(request)
+      secret = Rails.application.credentials.dig(:resend, :signing_secret)
+      signature = request.headers["Resend-Signature"]
+      expected_signature = "sha256=" + OpenSSL::HMAC.hexdigest("SHA256", secret, request.raw_post)
+
+      raise Fuik::InvalidSignature unless Rack::Utils.secure_compare(signature, expected_signature)
+    end
+  end
+end

data/lib/generators/fuik/provider/templates/resend/email_bounced.rb.tt

@@ -0,0 +1,14 @@
+module <%= provider_module_name %>
+  class EmailBounced < Base
+    def process!
+      # payload["data"]["emails"][0]["to"]          # recipient email
+      # payload["data"]["bounce"]["classification"] # bounce type
+      # payload["data"]["bounce"]["subtype"]        # bounce subtype
+      # payload["ts"]                               # timestamp
+
+      # TODO: Add business logic
+
+      @webhook_event.processed!
+    end
+  end
+end

data/lib/generators/fuik/provider/templates/resend/email_complained.rb.tt

@@ -0,0 +1,12 @@
+module <%= provider_module_name %>
+  class EmailComplained < Base
+    def process!
+      # payload["data"]["email"]["to"] # recipient email
+      # payload["ts"]                  # timestamp
+
+      # TODO: Add business logic
+
+      @webhook_event.processed!
+    end
+  end
+end

data/lib/generators/fuik/provider/templates/stripe/checkout_session_completed.rb.tt

@@ -1,14 +1,14 @@
 module Stripe
   class CheckoutSessionCompleted < Base
     def process!
+      # payload["data"]["object"]["id"]                  # session ID
+      # payload["data"]["object"]["customer"]            # customer ID
+      # payload["data"]["object"]["client_reference_id"] # your internal reference
+      # payload["data"]["object"]["amount_total"]        # amount in cents
+
       # TODO: Add business logic
-      # session = Stripe::Checkout::Session.retrieve(session_id) # this assumes the Stripe gem is available
 
       @webhook_event.processed!
     end
-
-    private
-
-    def session_id = payload.dig("data", "object", "id")
   end
 end

data/lib/generators/fuik/provider/templates/stripe/customer_subscription_deleted.rb.tt

@@ -1,7 +1,8 @@
 module Stripe
   class CustomerSubscriptionDeleted < Base
     def process!
-      subscription_id = payload.dig("data", "object", "id")
+      # payload["data"]["object"]["id"]       # subscription ID
+      # payload["data"]["object"]["customer"] # customer ID
 
       # TODO: Add business logic
 

data/lib/generators/fuik/provider/templates/stripe/customer_subscription_updated.rb.tt

@@ -1,13 +1,14 @@
 module Stripe
   class CustomerSubscriptionUpdated < Base
     def process!
+      # payload["data"]["object"]["id"]       # subscription ID
+      # payload["data"]["object"]["customer"] # customer ID
+      # payload["data"]["object"]["status"]   # e.g., "active", "past_due"
+      # payload["data"]["object"]["price"]    # price object
+
       # TODO: Add business logic
 
       @webhook_event.processed!
     end
-
-    private
-
-    def subscription_id = payload.dig("data", "object", "id")
   end
 end

data/lib/generators/fuik/provider/templates/stripe/payment_intent_succeeded.rb.tt

@@ -1,13 +1,14 @@
 module Stripe
   class PaymentIntentSucceeded < Base
     def process!
+      # payload["data"]["object"]["id"]       # payment intent ID
+      # payload["data"]["object"]["amount"]   # amount in cents
+      # payload["data"]["object"]["customer"] # customer ID
+      # payload["data"]["object"]["currency"] # e.g., "usd"
+
       # TODO: Add business logic
 
       @webhook_event.processed!
     end
-
-    private
-
-    def payment_intent_id = payload["data"]["object"]["id"]
   end
 end

data/lib/generators/fuik/provider/templates/userlist/base.rb.tt

@@ -0,0 +1,18 @@
+module <%= provider_module_name %>
+  class Base < Fuik::Event
+    def self.verify!(request)
+      secret = Rails.application.credentials.dig(:userlist, :webhook_secret)
+      header = request.headers["Userlist-Signature"]
+      body = request.raw_post
+
+      parts = header.split(",")
+      timestamp = parts[0].split("=")[1]
+      signature = parts[1].split("=")[1]
+
+      signed_payload = "#{timestamp}.#{body}"
+      expected_signature = OpenSSL::HMAC.hexdigest("SHA256", secret, signed_payload)
+
+      raise Fuik::InvalidSignature unless Rack::Utils.secure_compare(signature, expected_signature)
+    end
+  end
+end

data/lib/generators/fuik/provider/templates/userlist/user_unsubscribed.rb.tt

@@ -0,0 +1,14 @@
+module <%= provider_module_name %>
+  class UserUnsubscribed < Base
+    def process!
+      # payload["user"]["id"]         # Userlist user ID
+      # payload["user"]["identifier"] # your internal user ID
+      # payload["user"]["email"]      # user email
+      # payload["user"]["properties"] # custom user properties
+
+      # TODO: Add business logic
+
+      @webhook_event.processed!
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: fuik
 version: !ruby/object:Gem::Version
-  version: 0.10.1
+  version: 0.11.0
 platform: ruby
 authors:
 - Rails Designer
@@ -85,6 +85,7 @@ files:
 - lib/fuik.rb
 - lib/fuik/dot_access.rb
 - lib/fuik/engine.rb
+- lib/fuik/routing/provider_constraint.rb
 - lib/fuik/version.rb
 - lib/generators/fuik/install/install_generator.rb
 - lib/generators/fuik/provider/provider_generator.rb
@@ -95,14 +96,27 @@ files:
 - lib/generators/fuik/provider/templates/github/installation_created.rb.tt
 - lib/generators/fuik/provider/templates/github/push.rb.tt
 - lib/generators/fuik/provider/templates/github/star_created.rb.tt
+- lib/generators/fuik/provider/templates/loops/base.rb.tt
+- lib/generators/fuik/provider/templates/loops/contact_unsubscribed.rb.tt
+- lib/generators/fuik/provider/templates/loops/email_hard_bounced.rb.tt
+- lib/generators/fuik/provider/templates/mailgun/base.rb.tt
+- lib/generators/fuik/provider/templates/mailgun/bounced.rb.tt
+- lib/generators/fuik/provider/templates/mailgun/complained.rb.tt
 - lib/generators/fuik/provider/templates/mailpace/base.rb.tt
 - lib/generators/fuik/provider/templates/mailpace/email_bounced.rb.tt
 - lib/generators/fuik/provider/templates/mailpace/email_spam.rb.tt
+- lib/generators/fuik/provider/templates/postmark/base.rb.tt
+- lib/generators/fuik/provider/templates/postmark/bounce.rb.tt
+- lib/generators/fuik/provider/templates/resend/base.rb.tt
+- lib/generators/fuik/provider/templates/resend/email_bounced.rb.tt
+- lib/generators/fuik/provider/templates/resend/email_complained.rb.tt
 - lib/generators/fuik/provider/templates/stripe/base.rb.tt
 - lib/generators/fuik/provider/templates/stripe/checkout_session_completed.rb.tt
 - lib/generators/fuik/provider/templates/stripe/customer_subscription_deleted.rb.tt
 - lib/generators/fuik/provider/templates/stripe/customer_subscription_updated.rb.tt
 - lib/generators/fuik/provider/templates/stripe/payment_intent_succeeded.rb.tt
+- lib/generators/fuik/provider/templates/userlist/base.rb.tt
+- lib/generators/fuik/provider/templates/userlist/user_unsubscribed.rb.tt
 homepage: https://railsdesigner.com/fuik/
 licenses:
 - MIT
@@ -123,7 +137,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 4.0.8
+rubygems_version: 4.0.9
 specification_version: 4
 summary: A fish trap for webhooks
 test_files: []