hivehook 0.1.0

data/lib/hivehook/resources/outbound_delivery_service.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Hivehook
+  module Resources
+    class OutboundDeliveryService < BaseService
+      FRAGMENT = "id messageId endpointId status attempts maxAttempts nextAttemptAt createdAt"
+
+      def list(options = {})
+        query = "query($messageId: UUID, $endpointId: UUID, $status: DeliveryStatus, $search: String, $limit: Int, $offset: Int, $after: String, $first: Int) {
+          outboundDeliveries(messageId: $messageId, endpointId: $endpointId, status: $status, search: $search, limit: $limit, offset: $offset, after: $after, first: $first) {
+            nodes { #{FRAGMENT} }
+            pageInfo { total limit offset endCursor hasNextPage }
+          }
+        }"
+        @transport.execute(query, build_variables(options, %w[messageId endpointId status search limit offset after first]))["outboundDeliveries"]
+      end
+
+      def get(id)
+        query = "query($id: UUID!) { outboundDelivery(id: $id) { #{FRAGMENT} } }"
+        @transport.execute(query, { "id" => id })["outboundDelivery"]
+      end
+    end
+  end
+end

data/lib/hivehook/resources/outbound_dlq_service.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module Hivehook
+  module Resources
+    class OutboundDLQService < BaseService
+      FRAGMENT = "id deliveryId messageId lastError replayedAt createdAt"
+
+      def list(options = {})
+        query = "query($messageId: UUID, $replayed: Boolean, $search: String, $limit: Int, $offset: Int, $after: String, $first: Int) {
+          outboundDlqEntries(messageId: $messageId, replayed: $replayed, search: $search, limit: $limit, offset: $offset, after: $after, first: $first) {
+            nodes { #{FRAGMENT} }
+            pageInfo { total limit offset endCursor hasNextPage }
+          }
+        }"
+        @transport.execute(query, build_variables(options, %w[messageId replayed search limit offset after first]))["outboundDlqEntries"]
+      end
+
+      def get(id)
+        query = "query($id: UUID!) { outboundDlqEntry(id: $id) { #{FRAGMENT} } }"
+        @transport.execute(query, { "id" => id })["outboundDlqEntry"]
+      end
+
+      def replay(id)
+        query = "mutation($id: UUID!) { replayOutboundDlqEntry(id: $id) }"
+        @transport.execute(query, { "id" => id })["replayOutboundDlqEntry"]
+      end
+
+      def replay_all
+        query = "mutation { replayAllOutboundDlq { deliveries } }"
+        @transport.execute(query)["replayAllOutboundDlq"]
+      end
+
+      def purge(older_than)
+        query = "mutation($olderThan: String!) { purgeOutboundDlq(olderThan: $olderThan) { purged } }"
+        @transport.execute(query, { "olderThan" => older_than })["purgeOutboundDlq"]
+      end
+    end
+  end
+end

data/lib/hivehook/resources/portal_service.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module Hivehook
+  module Resources
+    class PortalService < BaseService
+      def generate_token(application_id)
+        query = "mutation($applicationId: UUID!) { generatePortalToken(applicationId: $applicationId) { token expiresAt } }"
+        @transport.execute(query, { "applicationId" => application_id })["generatePortalToken"]
+      end
+    end
+  end
+end

data/lib/hivehook/resources/source_service.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module Hivehook
+  module Resources
+    class SourceService < BaseService
+      FRAGMENT = "id name slug providerType verifyConfig status rateLimitRps spikeProtection maxIngestRps brokerConfig responseConfig { statusCode body contentType } dedupConfig { strategy fields window } createdAt"
+
+      def list(options = {})
+        query = "query($status: SourceStatus, $providerType: String, $search: String, $limit: Int, $offset: Int, $after: String, $first: Int) {
+          sources(status: $status, providerType: $providerType, search: $search, limit: $limit, offset: $offset, after: $after, first: $first) {
+            nodes { #{FRAGMENT} }
+            pageInfo { total limit offset endCursor hasNextPage }
+          }
+        }"
+        @transport.execute(query, build_variables(options, %w[status providerType search limit offset after first]))["sources"]
+      end
+
+      def get(id)
+        query = "query($id: UUID!) { source(id: $id) { #{FRAGMENT} } }"
+        @transport.execute(query, { "id" => id })["source"]
+      end
+
+      def create(input)
+        query = "mutation($input: CreateSourceInput!) { createSource(input: $input) { #{FRAGMENT} } }"
+        @transport.execute(query, { "input" => input })["createSource"]
+      end
+
+      def update(id, input)
+        query = "mutation($id: UUID!, $input: UpdateSourceInput!) { updateSource(id: $id, input: $input) { #{FRAGMENT} } }"
+        @transport.execute(query, { "id" => id, "input" => input })["updateSource"]
+      end
+
+      def delete(id)
+        query = "mutation($id: UUID!) { deleteSource(id: $id) }"
+        @transport.execute(query, { "id" => id })["deleteSource"]
+      end
+
+      def rotate_secret(id)
+        query = "mutation($id: UUID!) { rotateSourceSecret(id: $id) { #{FRAGMENT} } }"
+        @transport.execute(query, { "id" => id })["rotateSourceSecret"]
+      end
+
+      def clear_secondary_secret(id)
+        query = "mutation($id: UUID!) { clearSourceSecondarySecret(id: $id) { #{FRAGMENT} } }"
+        @transport.execute(query, { "id" => id })["clearSourceSecondarySecret"]
+      end
+    end
+  end
+end

data/lib/hivehook/resources/status_service.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module Hivehook
+  module Resources
+    class StatusService < BaseService
+      def get
+        query = "query { status { status dlqSize outboundDlqSize queueDepth activeWorkers totalWorkers uptime version sourcesTotal destinationsTotal subscriptionsTotal eventsTotal eventsFailed deliveriesTotal deliveriesPending deliveriesDelivered messagesTotal outboundDeliveriesTotal outboundDeliveriesPending outboundDeliveriesFailed } }"
+        @transport.execute(query)["status"]
+      end
+    end
+  end
+end

data/lib/hivehook/resources/stream_consumer_service.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+module Hivehook
+  module Resources
+    class StreamConsumerService < BaseService
+      FRAGMENT = "id streamId name cursorSequence createdAt updatedAt"
+
+      def list(stream_id, options = {})
+        query = "query($streamId: UUID!, $search: String, $limit: Int, $offset: Int, $after: String, $first: Int) {
+          streamConsumers(streamId: $streamId, search: $search, limit: $limit, offset: $offset, after: $after, first: $first) {
+            nodes { #{FRAGMENT} }
+            pageInfo { total limit offset endCursor hasNextPage }
+          }
+        }"
+        vars = { "streamId" => stream_id }.merge(build_variables(options, %w[search limit offset after first]))
+        @transport.execute(query, vars)["streamConsumers"]
+      end
+
+      def get(id)
+        query = "query($id: UUID!) { streamConsumer(id: $id) { #{FRAGMENT} } }"
+        @transport.execute(query, { "id" => id })["streamConsumer"]
+      end
+
+      def create(input)
+        query = "mutation($input: CreateStreamConsumerInput!) { createStreamConsumer(input: $input) { #{FRAGMENT} } }"
+        @transport.execute(query, { "input" => input })["createStreamConsumer"]
+      end
+
+      def delete(id)
+        query = "mutation($id: UUID!) { deleteStreamConsumer(id: $id) }"
+        @transport.execute(query, { "id" => id })["deleteStreamConsumer"]
+      end
+
+      def advance_cursor(id, sequence)
+        query = "mutation($id: UUID!, $sequence: Int!) { advanceConsumerCursor(id: $id, sequence: $sequence) { #{FRAGMENT} } }"
+        @transport.execute(query, { "id" => id, "sequence" => sequence })["advanceConsumerCursor"]
+      end
+    end
+  end
+end

data/lib/hivehook/resources/stream_service.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module Hivehook
+  module Resources
+    class StreamService < BaseService
+      FRAGMENT = "id applicationId name status retentionDays createdAt"
+
+      def list(options = {})
+        query = "query($applicationId: UUID, $status: StreamStatus, $search: String, $limit: Int, $offset: Int, $after: String, $first: Int) {
+          streams(applicationId: $applicationId, status: $status, search: $search, limit: $limit, offset: $offset, after: $after, first: $first) {
+            nodes { #{FRAGMENT} }
+            pageInfo { total limit offset endCursor hasNextPage }
+          }
+        }"
+        @transport.execute(query, build_variables(options, %w[applicationId status search limit offset after first]))["streams"]
+      end
+
+      def get(id)
+        query = "query($id: UUID!) { stream(id: $id) { #{FRAGMENT} } }"
+        @transport.execute(query, { "id" => id })["stream"]
+      end
+
+      def create(input)
+        query = "mutation($input: CreateStreamInput!) { createStream(input: $input) { #{FRAGMENT} } }"
+        @transport.execute(query, { "input" => input })["createStream"]
+      end
+
+      def update(id, input)
+        query = "mutation($id: UUID!, $input: UpdateStreamInput!) { updateStream(id: $id, input: $input) { #{FRAGMENT} } }"
+        @transport.execute(query, { "id" => id, "input" => input })["updateStream"]
+      end
+
+      def delete(id)
+        query = "mutation($id: UUID!) { deleteStream(id: $id) }"
+        @transport.execute(query, { "id" => id })["deleteStream"]
+      end
+    end
+  end
+end

data/lib/hivehook/resources/stream_sink_service.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+module Hivehook
+  module Resources
+    class StreamSinkService < BaseService
+      FRAGMENT = "id streamId name sinkType config batchSize flushInterval cursorSequence status lastFlushedAt createdAt"
+
+      def list(stream_id, options = {})
+        query = "query($streamId: UUID!, $status: SinkStatus, $search: String, $limit: Int, $offset: Int, $after: String, $first: Int) {
+          streamSinks(streamId: $streamId, status: $status, search: $search, limit: $limit, offset: $offset, after: $after, first: $first) {
+            nodes { #{FRAGMENT} }
+            pageInfo { total limit offset endCursor hasNextPage }
+          }
+        }"
+        vars = { "streamId" => stream_id }.merge(build_variables(options, %w[status search limit offset after first]))
+        @transport.execute(query, vars)["streamSinks"]
+      end
+
+      def get(id)
+        query = "query($id: UUID!) { streamSink(id: $id) { #{FRAGMENT} } }"
+        @transport.execute(query, { "id" => id })["streamSink"]
+      end
+
+      def create(input)
+        query = "mutation($input: CreateStreamSinkInput!) { createStreamSink(input: $input) { #{FRAGMENT} } }"
+        @transport.execute(query, { "input" => input })["createStreamSink"]
+      end
+
+      def update(id, input)
+        query = "mutation($id: UUID!, $input: UpdateStreamSinkInput!) { updateStreamSink(id: $id, input: $input) { #{FRAGMENT} } }"
+        @transport.execute(query, { "id" => id, "input" => input })["updateStreamSink"]
+      end
+
+      def delete(id)
+        query = "mutation($id: UUID!) { deleteStreamSink(id: $id) }"
+        @transport.execute(query, { "id" => id })["deleteStreamSink"]
+      end
+    end
+  end
+end

data/lib/hivehook/resources/subscription_service.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module Hivehook
+  module Resources
+    class SubscriptionService < BaseService
+      FRAGMENT = "id name sourceId destinationId filterConfig enabled createdAt"
+
+      def list(options = {})
+        query = "query($sourceId: UUID, $destinationId: UUID, $enabled: Boolean, $search: String, $limit: Int, $offset: Int, $after: String, $first: Int) {
+          subscriptions(sourceId: $sourceId, destinationId: $destinationId, enabled: $enabled, search: $search, limit: $limit, offset: $offset, after: $after, first: $first) {
+            nodes { #{FRAGMENT} }
+            pageInfo { total limit offset endCursor hasNextPage }
+          }
+        }"
+        @transport.execute(query, build_variables(options, %w[sourceId destinationId enabled search limit offset after first]))["subscriptions"]
+      end
+
+      def get(id)
+        query = "query($id: UUID!) { subscription(id: $id) { #{FRAGMENT} } }"
+        @transport.execute(query, { "id" => id })["subscription"]
+      end
+
+      def create(input)
+        query = "mutation($input: CreateSubscriptionInput!) { createSubscription(input: $input) { #{FRAGMENT} } }"
+        @transport.execute(query, { "input" => input })["createSubscription"]
+      end
+
+      def update(id, input)
+        query = "mutation($id: UUID!, $input: UpdateSubscriptionInput!) { updateSubscription(id: $id, input: $input) { #{FRAGMENT} } }"
+        @transport.execute(query, { "id" => id, "input" => input })["updateSubscription"]
+      end
+
+      def delete(id)
+        query = "mutation($id: UUID!) { deleteSubscription(id: $id) }"
+        @transport.execute(query, { "id" => id })["deleteSubscription"]
+      end
+    end
+  end
+end

data/lib/hivehook/resources/transformation_service.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+module Hivehook
+  module Resources
+    class TransformationService < BaseService
+      FRAGMENT = "id name description code enabled failOpen timeoutMs createdAt updatedAt"
+
+      def list(options = {})
+        query = "query($enabled: Boolean, $search: String, $limit: Int, $offset: Int, $after: String, $first: Int) {
+          transformations(enabled: $enabled, search: $search, limit: $limit, offset: $offset, after: $after, first: $first) {
+            nodes { #{FRAGMENT} }
+            pageInfo { total limit offset endCursor hasNextPage }
+          }
+        }"
+        @transport.execute(query, build_variables(options, %w[enabled search limit offset after first]))["transformations"]
+      end
+
+      def get(id)
+        query = "query($id: UUID!) { transformation(id: $id) { #{FRAGMENT} } }"
+        @transport.execute(query, { "id" => id })["transformation"]
+      end
+
+      def create(input)
+        query = "mutation($input: CreateTransformationInput!) { createTransformation(input: $input) { #{FRAGMENT} } }"
+        @transport.execute(query, { "input" => input })["createTransformation"]
+      end
+
+      def update(id, input)
+        query = "mutation($id: UUID!, $input: UpdateTransformationInput!) { updateTransformation(id: $id, input: $input) { #{FRAGMENT} } }"
+        @transport.execute(query, { "id" => id, "input" => input })["updateTransformation"]
+      end
+
+      def delete(id)
+        query = "mutation($id: UUID!) { deleteTransformation(id: $id) }"
+        @transport.execute(query, { "id" => id })["deleteTransformation"]
+      end
+
+      def test(input)
+        query = "mutation($input: TestTransformationInput!) { testTransformation(input: $input) { success output error durationMs } }"
+        @transport.execute(query, { "input" => input })["testTransformation"]
+      end
+    end
+  end
+end

data/lib/hivehook/resources/user_service.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module Hivehook
+  module Resources
+    class UserService < BaseService
+      FRAGMENT = "id organizationId email name role lastLoginAt createdAt updatedAt"
+
+      def list(options = {})
+        query = "query($organizationId: UUID, $search: String, $limit: Int, $offset: Int) {
+          users(organizationId: $organizationId, search: $search, limit: $limit, offset: $offset) {
+            nodes { #{FRAGMENT} }
+            pageInfo { total limit offset endCursor hasNextPage }
+          }
+        }"
+        @transport.execute(query, build_variables(options, %w[organizationId search limit offset]))["users"]
+      end
+
+      def me
+        query = "query { me { #{FRAGMENT} } }"
+        @transport.execute(query, {})["me"]
+      end
+
+      def invite(organization_id, input)
+        query = "mutation($organizationId: UUID!, $input: InviteUserInput!) { inviteUser(organizationId: $organizationId, input: $input) { #{FRAGMENT} } }"
+        @transport.execute(query, { "organizationId" => organization_id, "input" => input })["inviteUser"]
+      end
+
+      def remove(id)
+        query = "mutation($id: UUID!) { removeUser(id: $id) }"
+        @transport.execute(query, { "id" => id })["removeUser"]
+      end
+
+      def update_role(id, input)
+        query = "mutation($id: UUID!, $input: UpdateUserRoleInput!) { updateUserRole(id: $id, input: $input) { #{FRAGMENT} } }"
+        @transport.execute(query, { "id" => id, "input" => input })["updateUserRole"]
+      end
+    end
+  end
+end

data/lib/hivehook/transport.rb

@@ -0,0 +1,151 @@
+# frozen_string_literal: true
+
+require "net/http"
+require "uri"
+require "json"
+require_relative "version"
+
+module Hivehook
+  class GraphQLTransport
+    DEFAULT_OPEN_TIMEOUT = 10
+    DEFAULT_READ_TIMEOUT = 30
+    DEFAULT_MAX_RETRIES = 2
+
+    def initialize(base_url, api_key = nil, open_timeout: DEFAULT_OPEN_TIMEOUT,
+                   read_timeout: DEFAULT_READ_TIMEOUT, max_retries: DEFAULT_MAX_RETRIES)
+      @base_url = base_url
+      @api_key = api_key
+      @open_timeout = open_timeout
+      @read_timeout = read_timeout
+      @max_retries = max_retries
+    end
+
+    def execute(query, variables = {})
+      uri = URI("#{@base_url}/graphql")
+
+      attempt = 0
+      loop do
+        response = do_request(uri, query, variables)
+        status = response.code.to_i
+
+        if status == 429
+          retry_after = parse_retry_after(response["Retry-After"])
+          if attempt < @max_retries
+            attempt += 1
+            sleep(retry_after || backoff(attempt))
+            next
+          end
+          msg = extract_message(response, "rate limited")
+          raise RateLimitError.new(msg, 429, retry_after: retry_after,
+                                   extensions: extract_extensions(response))
+        end
+
+        if status >= 500
+          if attempt < @max_retries
+            attempt += 1
+            sleep(backoff(attempt))
+            next
+          end
+          msg = extract_message(response, "server error")
+          raise ServerError.new(msg, status, extensions: extract_extensions(response))
+        end
+
+        return handle_response(response, status)
+      end
+    end
+
+    private
+
+    def do_request(uri, query, variables)
+      http = Net::HTTP.new(uri.host, uri.port)
+      http.use_ssl = uri.scheme == "https"
+      http.open_timeout = @open_timeout
+      http.read_timeout = @read_timeout
+
+      request = Net::HTTP::Post.new(uri.path)
+      request["Content-Type"] = "application/json"
+      request["User-Agent"] = "hivehook-ruby/#{Hivehook::VERSION}"
+      request["Authorization"] = "Bearer #{@api_key}" if @api_key
+
+      request.body = JSON.generate({ query: query, variables: variables })
+      http.request(request)
+    end
+
+    def handle_response(response, status)
+      if status == 401
+        msg = extract_message(response, "unauthorized")
+        raise AuthError.new(msg, 401, extensions: extract_extensions(response))
+      end
+
+      if status >= 400
+        msg = extract_message(response, response.body)
+        raise APIError.new(msg, status, extensions: extract_extensions(response))
+      end
+
+      begin
+        json = JSON.parse(response.body)
+      rescue JSON::ParserError => e
+        raise APIError.new("malformed JSON response: #{e.message}", status)
+      end
+
+      if json["errors"]&.any?
+        err = json["errors"][0]
+        ext = err["extensions"]
+        code = ext.is_a?(Hash) ? ext["code"] : nil
+        msg = err["message"]
+
+        case code
+        when "UNAUTHENTICATED", "UNAUTHORIZED"
+          raise AuthError.new(msg, 401, extensions: ext, graphql_code: code)
+        when "NOT_FOUND"
+          raise NotFoundError.new(msg, status, extensions: ext, graphql_code: code)
+        when "CONFLICT"
+          raise ConflictError.new(msg, status, extensions: ext, graphql_code: code)
+        when "VALIDATION", "BAD_USER_INPUT"
+          raise ValidationError.new(msg, status, extensions: ext, graphql_code: code)
+        else
+          raise APIError.new(msg, status, extensions: ext, graphql_code: code)
+        end
+      end
+
+      raise APIError.new("empty response data", 500) unless json["data"]
+
+      json["data"]
+    end
+
+    def extract_message(response, fallback)
+      json = JSON.parse(response.body)
+      json.dig("errors", 0, "message") || json["message"] || fallback
+    rescue JSON::ParserError
+      fallback
+    end
+
+    def extract_extensions(response)
+      json = JSON.parse(response.body)
+      json.dig("errors", 0, "extensions")
+    rescue JSON::ParserError
+      nil
+    end
+
+    # Parse Retry-After header. RFC 7231 allows seconds or HTTP-date.
+    # Returns Float seconds, or nil if unparseable.
+    def parse_retry_after(value)
+      return nil if value.nil? || value.empty?
+      if value =~ /\A\d+(\.\d+)?\z/
+        value.to_f
+      else
+        begin
+          t = Time.httpdate(value)
+          [t.to_f - Time.now.to_f, 0.0].max
+        rescue ArgumentError
+          nil
+        end
+      end
+    end
+
+    def backoff(attempt)
+      # 0.1s, 0.2s, 0.4s, ...
+      0.1 * (2**(attempt - 1))
+    end
+  end
+end

data/lib/hivehook/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Hivehook
+  VERSION = "0.1.0"
+end

data/lib/hivehook/webhook.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+require "openssl"
+
+module Hivehook
+  module Webhook
+    HEADER_SIGNATURE = "X-Hivehook-Signature"
+    HEADER_TIMESTAMP = "X-Hivehook-Timestamp"
+    HEADER_MESSAGE_ID = "X-Hivehook-Message-ID"
+
+    def self.sign(payload, secret, timestamp)
+      message = "#{timestamp}.#{payload}"
+      digest = OpenSSL::HMAC.hexdigest("SHA256", secret, message)
+      "v1=#{digest}"
+    end
+
+    # Verify a webhook signature.
+    #
+    # tolerance_seconds semantics:
+    #   nil      -> skip timestamp check
+    #   0        -> strict, any drift fails
+    #   positive -> allow past drift up to N seconds, reject future timestamps beyond N seconds
+    def self.verify(payload, secret, signature, timestamp, tolerance_seconds = nil)
+      unless tolerance_seconds.nil?
+        delta = Time.now.to_i - timestamp
+        # delta > 0  -> timestamp is in the past
+        # delta < 0  -> timestamp is in the future
+        if delta > tolerance_seconds || -delta > tolerance_seconds
+          return false
+        end
+      end
+
+      v1 = extract_v1(signature)
+      return false unless v1
+
+      expected = sign(payload, secret, timestamp)
+      secure_compare(expected, v1)
+    end
+
+    def self.verify_with_rotation(payload, primary, secondary, signature, timestamp, tolerance_seconds = nil)
+      # Compute both verifications without short-circuiting to keep
+      # timing characteristics uniform regardless of which secret matched.
+      primary_ok = verify(payload, primary, signature, timestamp, tolerance_seconds)
+      secondary_ok = secondary ? verify(payload, secondary, signature, timestamp, tolerance_seconds) : false
+      primary_ok | secondary_ok
+    end
+
+    # Parse a multi-scheme signature header value and return the full "v1=..."
+    # element, or nil if absent. Supports comma-separated lists like
+    # "v1=abc,v2=xyz" or "t=123,v1=abc".
+    def self.extract_v1(signature)
+      return nil if signature.nil?
+      signature.split(",").map(&:strip).find { |part| part.start_with?("v1=") }
+    end
+
+    def self.secure_compare(a, b)
+      return false unless a.bytesize == b.bytesize
+      OpenSSL.fixed_length_secure_compare(a, b)
+    end
+
+    private_class_method :secure_compare
+  end
+end