hooksniff 0.3.0 → 1.0.0

data/lib/hooksniff/models/message_out.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+# This file is @generated
+require "json"
+
+module HookSniff
+  class MessageOut
+    # List of free-form identifiers that endpoints can filter by
+    attr_accessor :channels
+    attr_accessor :deliver_at
+    # Optional unique identifier for the message
+    attr_accessor :event_id
+    # The event type's name
+    attr_accessor :event_type
+    # The Message's ID.
+    attr_accessor :id
+    attr_accessor :payload
+    attr_accessor :tags
+    attr_accessor :timestamp
+
+    ALL_FIELD ||= ["channels", "deliver_at", "event_id", "event_type", "id", "payload", "tags", "timestamp"].freeze
+    private_constant :ALL_FIELD
+
+    def initialize(attributes = {})
+      unless attributes.is_a?(Hash)
+        fail(ArgumentError, "The input argument (attributes) must be a hash in `HookSniff::MessageOut` new method")
+      end
+
+      attributes.each do |k, v|
+        unless ALL_FIELD.include?(k.to_s)
+          fail(ArgumentError, "The field #{k} is not part of HookSniff::MessageOut")
+        end
+
+        instance_variable_set("@#{k}", v)
+        instance_variable_set("@__#{k}_is_defined", true)
+      end
+    end
+
+    def self.deserialize(attributes = {})
+      attributes = attributes.transform_keys(&:to_s)
+      attrs = Hash.new
+      attrs["channels"] = attributes["channels"]
+      attrs["deliver_at"] = DateTime.rfc3339(attributes["deliverAt"]).to_time if attributes["deliverAt"]
+      attrs["event_id"] = attributes["eventId"]
+      attrs["event_type"] = attributes["eventType"]
+      attrs["id"] = attributes["id"]
+      attrs["payload"] = attributes["payload"]
+      attrs["tags"] = attributes["tags"]
+      attrs["timestamp"] = DateTime.rfc3339(attributes["timestamp"]).to_time
+      new(attrs)
+    end
+
+    def serialize
+      out = Hash.new
+      out["channels"] = HookSniff::serialize_primitive(@channels) if @channels
+      out["deliverAt"] = HookSniff::serialize_primitive(@deliver_at) if @deliver_at
+      out["eventId"] = HookSniff::serialize_primitive(@event_id) if @event_id
+      out["eventType"] = HookSniff::serialize_primitive(@event_type) if @event_type
+      out["id"] = HookSniff::serialize_primitive(@id) if @id
+      out["payload"] = HookSniff::serialize_primitive(@payload) if @payload
+      out["tags"] = HookSniff::serialize_primitive(@tags) if @tags
+      out["timestamp"] = HookSniff::serialize_primitive(@timestamp) if @timestamp
+      out
+    end
+
+    # Serializes the object to a json string
+    # @return String
+    def to_json
+      JSON.dump(serialize)
+    end
+  end
+end

data/lib/hooksniff/models/message_status.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+# This file is @generated
+module HookSniff
+  # The sending status of the message:
+  #
+  # - Success = 0
+  # - Pending = 1
+  # - Fail = 2
+  # - Sending = 3
+  # - Canceled = 4
+  class MessageStatus
+    SUCCESS = 0.freeze
+    PENDING = 1.freeze
+    FAIL = 2.freeze
+    SENDING = 3.freeze
+    CANCELED = 4.freeze
+
+    def self.all_vars
+      @all_vars ||= [SUCCESS, PENDING, FAIL, SENDING, CANCELED].freeze
+    end
+
+    def initialize(value)
+      unless MessageStatus.all_vars.include?(value)
+        raise "Invalid ENUM value '#{value}' for class #MessageStatus"
+      end
+
+      @value = value
+    end
+
+    def self.deserialize(value)
+      return value if MessageStatus.all_vars.include?(value)
+      raise "Invalid ENUM value '#{value}' for class #MessageStatus"
+    end
+
+    def serialize
+      @value
+    end
+  end
+end

data/lib/hooksniff/models/message_status_text.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+# This file is @generated
+module HookSniff
+  class MessageStatusText
+    SUCCESS = "success".freeze
+    PENDING = "pending".freeze
+    FAIL = "fail".freeze
+    SENDING = "sending".freeze
+    CANCELED = "canceled".freeze
+
+    def self.all_vars
+      @all_vars ||= [SUCCESS, PENDING, FAIL, SENDING, CANCELED].freeze
+    end
+
+    def initialize(value)
+      unless MessageStatusText.all_vars.include?(value)
+        raise "Invalid ENUM value '#{value}' for class #MessageStatusText"
+      end
+
+      @value = value
+    end
+
+    def self.deserialize(value)
+      return value if MessageStatusText.all_vars.include?(value)
+      raise "Invalid ENUM value '#{value}' for class #MessageStatusText"
+    end
+
+    def serialize
+      @value
+    end
+  end
+end

data/lib/hooksniff/models/ordering.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+# This file is @generated
+module HookSniff
+  # Defines the ordering in a listing of results.
+  class Ordering
+    ASCENDING = "ascending".freeze
+    DESCENDING = "descending".freeze
+
+    def self.all_vars
+      @all_vars ||= [ASCENDING, DESCENDING].freeze
+    end
+
+    def initialize(value)
+      unless Ordering.all_vars.include?(value)
+        raise "Invalid ENUM value '#{value}' for class #Ordering"
+      end
+
+      @value = value
+    end
+
+    def self.deserialize(value)
+      return value if Ordering.all_vars.include?(value)
+      raise "Invalid ENUM value '#{value}' for class #Ordering"
+    end
+
+    def serialize
+      @value
+    end
+  end
+end

data/lib/hooksniff/models/status_code_class.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+# This file is @generated
+module HookSniff
+  # The different classes of HTTP status codes:
+  #
+  # - CodeNone = 0
+  # - Code1xx = 100
+  # - Code2xx = 200
+  # - Code3xx = 300
+  # - Code4xx = 400
+  # - Code5xx = 500
+  class StatusCodeClass
+    CODE_NONE = 0.freeze
+    CODE1XX = 100.freeze
+    CODE2XX = 200.freeze
+    CODE3XX = 300.freeze
+    CODE4XX = 400.freeze
+    CODE5XX = 500.freeze
+
+    def self.all_vars
+      @all_vars ||= [CODE_NONE, CODE1XX, CODE2XX, CODE3XX, CODE4XX, CODE5XX].freeze
+    end
+
+    def initialize(value)
+      unless StatusCodeClass.all_vars.include?(value)
+        raise "Invalid ENUM value '#{value}' for class #StatusCodeClass"
+      end
+
+      @value = value
+    end
+
+    def self.deserialize(value)
+      return value if StatusCodeClass.all_vars.include?(value)
+      raise "Invalid ENUM value '#{value}' for class #StatusCodeClass"
+    end
+
+    def serialize
+      @value
+    end
+  end
+end

data/lib/hooksniff/util.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+require "date"
+
+# Constant time string comparison, for fixed length strings.
+# Code borrowed from ActiveSupport
+# https://github.com/rails/rails/blob/75ac626c4e21129d8296d4206a1960563cc3d4aa/activesupport/lib/active_support/security_utils.rb#L33
+#
+# The values compared should be of fixed length, such as strings
+# that have already been processed by HMAC. Raises in case of length mismatch.
+module HookSniff
+  if defined?(OpenSSL.fixed_length_secure_compare)
+    def fixed_length_secure_compare(a, b)
+      OpenSSL.fixed_length_secure_compare(a, b)
+    end
+  else
+    def fixed_length_secure_compare(a, b)
+      raise ArgumentError, "string length mismatch." unless a.bytesize == b.bytesize
+
+      l = a.unpack("C#{a.bytesize}")
+
+      res = 0
+      b.each_byte { |byte| res |= byte ^ l.shift }
+      res == 0
+    end
+  end
+
+  module_function :fixed_length_secure_compare
+
+  # Secure string comparison for strings of variable length.
+  #
+  # While a timing attack would not be able to discern the content of
+  # a secret compared via secure_compare, it is possible to determine
+  # the secret length. This should be considered when using secure_compare
+  # to compare weak, short secrets to user input.
+  def secure_compare(a, b)
+    a.length == b.length && fixed_length_secure_compare(a, b)
+  end
+
+  module_function :secure_compare
+
+  def serialize_primitive(v)
+    if v.kind_of?(Time)
+      v.utc.to_datetime.rfc3339
+    else
+      v
+    end
+  end
+
+  module_function :serialize_primitive
+
+  def deserialize_date(v)
+    DateTime.rfc3339(v)
+  end
+
+  module_function :deserialize_date
+
+  def serialize_schema_ref(v)
+    # Enums are a schema_ref but since we pass them around using the underlying value
+    # we need to check if they have the serialize method before calling it
+    if v.class.method_defined? :serialize
+      v.serialize
+    else
+      v
+    end
+  end
+
+  module_function :serialize_schema_ref
+
+end

data/lib/hooksniff/validation_error.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module HookSniff
+  # Validation errors have their own schema to provide context for invalid requests eg. mismatched types and out of bounds values. There may be any number of these per 422 UNPROCESSABLE ENTITY error.
+  class ValidationError
+    # The location as a [`Vec`] of [`String`]s -- often in the form `[\"body\", \"field_name\"]`, `[\"query\", \"field_name\"]`, etc. They may, however, be arbitrarily deep.
+    attr_accessor :loc
+
+    # The message accompanying the validation error item.
+    attr_accessor :msg
+
+    # The type of error, often \"type_error\" or \"value_error\", but sometimes with more context like as \"value_error.number.not_ge\"
+    attr_accessor :type
+
+    def initialize(attributes = {})
+      if (!attributes.is_a?(Hash))
+        fail(
+          ArgumentError,
+          "The input argument (attributes) must be a hash in `HookSniff::ValidationError` initialize method"
+        )
+      end
+
+      @loc = attributes[:"loc"]
+      @msg = attributes[:"msg"]
+      @type = attributes[:"type"]
+    end
+  end
+end

data/lib/hooksniff/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module HookSniff
+  VERSION = "1.0.0"
+end

data/lib/hooksniff/webhook.rb

@@ -0,0 +1,84 @@
+# frozen_string_literal: true
+
+module HookSniff
+  class Webhook
+
+    def self.new_using_raw_bytes(secret)
+      self.new(secret.pack("C*").force_encoding("UTF-8"))
+    end
+
+    def initialize(secret)
+      if secret.start_with?(SECRET_PREFIX)
+        secret = secret[SECRET_PREFIX.length..-1]
+      end
+
+      @secret = Base64.decode64(secret)
+    end
+
+    def verify(payload, headers)
+      msgId = headers["hooksniff-id"]
+      msgSignature = headers["hooksniff-signature"]
+      msgTimestamp = headers["hooksniff-timestamp"]
+      if !msgSignature || !msgId || !msgTimestamp
+        msgId = headers["webhook-id"]
+        msgSignature = headers["webhook-signature"]
+        msgTimestamp = headers["webhook-timestamp"]
+        if !msgSignature || !msgId || !msgTimestamp
+          raise WebhookVerificationError, "Missing required headers"
+        end
+      end
+
+      verify_timestamp(msgTimestamp)
+
+      _, signature = sign(msgId, msgTimestamp, payload).split(",", 2)
+
+      passedSignatures = msgSignature.split(" ")
+      passedSignatures.each do |versionedSignature|
+        version, expectedSignature = versionedSignature.split(",", 2)
+        if version != "v1"
+          next
+        end
+
+        if ::HookSniff::secure_compare(signature, expectedSignature)
+          return nil if payload.empty?
+          return JSON.parse(payload, symbolize_names: true)
+        end
+      end
+
+      raise WebhookVerificationError, "No matching signature found"
+    end
+
+    def sign(msgId, timestamp, payload)
+      begin
+        now = Integer(timestamp)
+      rescue
+        raise WebhookSigningError, "Invalid timestamp"
+      end
+
+      toSign = "#{msgId}.#{timestamp}.#{payload}"
+      signature = Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest.new("sha256"), @secret, toSign)).strip
+      return "v1,#{signature}"
+    end
+
+    private
+    SECRET_PREFIX = "whsec_"
+    TOLERANCE = 5 * 60
+
+    def verify_timestamp(timestampHeader)
+      begin
+        now = Integer(Time.now)
+        timestamp = Integer(timestampHeader)
+      rescue
+        raise WebhookVerificationError, "Invalid Signature Headers"
+      end
+
+      if timestamp < (now - TOLERANCE)
+        raise WebhookVerificationError, "Message timestamp too old"
+      end
+
+      if timestamp > (now + TOLERANCE)
+        raise WebhookVerificationError, "Message timestamp too new"
+      end
+    end
+  end
+end

data/lib/hooksniff.rb

@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+
+require "json"
+require "openssl"
+require "base64"
+require "uri"
+require "logger"
+
+# API
+require "hooksniff/api/authentication"
+require "hooksniff/api/endpoint"
+require "hooksniff/api/event_type"
+require "hooksniff/api/health"
+require "hooksniff/api/message"
+require "hooksniff/api/message_attempt"
+require "hooksniff/api/statistics"
+
+# Models
+require "hooksniff/models/aggregate_event_types_out"
+require "hooksniff/models/endpoint_created_event"
+require "hooksniff/models/endpoint_created_event_data"
+require "hooksniff/models/endpoint_deleted_event"
+require "hooksniff/models/endpoint_deleted_event_data"
+require "hooksniff/models/endpoint_disabled_event"
+require "hooksniff/models/endpoint_disabled_event_data"
+require "hooksniff/models/endpoint_enabled_event"
+require "hooksniff/models/endpoint_enabled_event_data"
+require "hooksniff/models/endpoint_headers_in"
+require "hooksniff/models/endpoint_headers_out"
+require "hooksniff/models/endpoint_headers_patch_in"
+require "hooksniff/models/endpoint_in"
+require "hooksniff/models/endpoint_out"
+require "hooksniff/models/endpoint_patch"
+require "hooksniff/models/endpoint_secret_out"
+require "hooksniff/models/endpoint_secret_rotate_in"
+require "hooksniff/models/endpoint_update"
+require "hooksniff/models/endpoint_updated_event"
+require "hooksniff/models/endpoint_updated_event_data"
+require "hooksniff/models/event_in"
+require "hooksniff/models/event_out"
+require "hooksniff/models/event_type_in"
+require "hooksniff/models/event_type_out"
+require "hooksniff/models/event_type_patch"
+require "hooksniff/models/event_type_update"
+require "hooksniff/models/list_response_endpoint_out"
+require "hooksniff/models/list_response_event_type_out"
+require "hooksniff/models/list_response_message_attempt_out"
+require "hooksniff/models/list_response_message_out"
+require "hooksniff/models/message_attempt_exhausted_event"
+require "hooksniff/models/message_attempt_exhausted_event_data"
+require "hooksniff/models/message_attempt_failed_data"
+require "hooksniff/models/message_attempt_failing_event"
+require "hooksniff/models/message_attempt_failing_event_data"
+require "hooksniff/models/message_attempt_log"
+require "hooksniff/models/message_attempt_log_event"
+require "hooksniff/models/message_attempt_out"
+require "hooksniff/models/message_attempt_recovered_event"
+require "hooksniff/models/message_attempt_recovered_event_data"
+require "hooksniff/models/message_attempt_trigger_type"
+require "hooksniff/models/message_in"
+require "hooksniff/models/message_out"
+require "hooksniff/models/message_status"
+require "hooksniff/models/message_status_text"
+require "hooksniff/models/ordering"
+require "hooksniff/models/status_code_class"
+
+# Core
+require "hooksniff/api_error"
+require "hooksniff/errors"
+require "hooksniff/hooksniff"
+require "hooksniff/util"
+require "hooksniff/version"
+require "hooksniff/webhook"
+require "hooksniff/http_error_out"
+require "hooksniff/http_validation_error"
+require "hooksniff/validation_error"
+require "hooksniff/hooksniff_http_client"
+require "hooksniff/internal"

data/test/test_hooksniff.rb

@@ -0,0 +1,86 @@
+# frozen_string_literal: true
+
+require "test_helper"
+require "hooksniff"
+
+class WebhookTest < Minitest::Test
+  SECRET = "whsec_dGVzdA=="
+  MSG_ID = "msg_test123"
+  TIMESTAMP = Time.now.to_i
+  PAYLOAD = '{"event":"test"}'
+
+  def sign(secret, msg_id, timestamp, payload)
+    decoded = Base64.decode64(secret.sub("whsec_", ""))
+    to_sign = "#{msg_id}.#{timestamp}.#{payload}"
+    sig = Base64.strict_encode64(
+      OpenSSL::HMAC.digest("SHA256", decoded, to_sign)
+    )
+    "v1,#{sig}"
+  end
+
+  def test_verify_valid_signature
+    wh = HookSniff::Webhook.new(SECRET)
+    sig = sign(SECRET, MSG_ID, TIMESTAMP, PAYLOAD)
+    headers = {
+      "webhook-id" => MSG_ID,
+      "webhook-timestamp" => TIMESTAMP.to_s,
+      "webhook-signature" => sig,
+    }
+    result = wh.verify(PAYLOAD, headers)
+    assert_equal({"event" => "test"}, result)
+  end
+
+  def test_reject_invalid_signature
+    wh = HookSniff::Webhook.new(SECRET)
+    headers = {
+      "webhook-id" => MSG_ID,
+      "webhook-timestamp" => TIMESTAMP.to_s,
+      "webhook-signature" => "v1,invalid",
+    }
+    assert_raises(HookSniff::WebhookVerificationError) do
+      wh.verify(PAYLOAD, headers)
+    end
+  end
+
+  def test_reject_old_timestamp
+    wh = HookSniff::Webhook.new(SECRET)
+    old_ts = Time.now.to_i - 600
+    sig = sign(SECRET, MSG_ID, old_ts, PAYLOAD)
+    headers = {
+      "webhook-id" => MSG_ID,
+      "webhook-timestamp" => old_ts.to_s,
+      "webhook-signature" => sig,
+    }
+    assert_raises(HookSniff::WebhookVerificationError) do
+      wh.verify(PAYLOAD, headers)
+    end
+  end
+
+  def test_svix_branded_headers
+    wh = HookSniff::Webhook.new(SECRET)
+    sig = sign(SECRET, MSG_ID, TIMESTAMP, PAYLOAD)
+    headers = {
+      "svix-id" => MSG_ID,
+      "svix-timestamp" => TIMESTAMP.to_s,
+      "svix-signature" => sig,
+    }
+    result = wh.verify(PAYLOAD, headers)
+    assert_equal({"event" => "test"}, result)
+  end
+end
+
+class ErrorTest < Minitest::Test
+  def test_create_error_from_status
+    err = HookSniff.create_error_from_status(400)
+    assert_instance_of HookSniff::BadRequestError, err
+    assert_equal 400, err.code
+
+    err = HookSniff.create_error_from_status(429)
+    assert_instance_of HookSniff::RateLimitError, err
+    assert_equal 429, err.code
+
+    err = HookSniff.create_error_from_status(500)
+    assert_instance_of HookSniff::InternalServerError, err
+    assert_equal 500, err.code
+  end
+end