munster 0.4.0 → 0.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 86e72b8a849981c0e626054ed78660ba288628389933890d9d662daf2f22daa7
-  data.tar.gz: 62ab2ab22e5805158eb7f9f2d6fd622d03b32db4c985ed20d07d6e21a4b30c89
+  metadata.gz: 7d3f84bd06c033ef585c3282701915793b981142351824cc7bba2f41c5bcde4b
+  data.tar.gz: 9e614a61681b3bed5667905ae378a357fcfa96d85c79b7d85c32473c2b763c4f
 SHA512:
-  metadata.gz: 5436a8a198fac9c1febfbd351bb44435307d88d7d1f87f70f293359ae88e304aaaa6378c0a0c14f89b534344f088ce14bb3afd8fdc323fd99788559c56362013
-  data.tar.gz: d2f7a667043d29b9bb46f5248963f6e02a6198f012f17ca5f9c9fdbc6c180d6ba0088273942e767b8feece8c1c985fba03183c5eb6a22377bce8853af70102df
+  metadata.gz: 616dc8e6585239309106444bb65de90d572e946e08479044459e5f8deb764d0d308d22da895152e3d7250345a81640f627ea72485daf17d6d51b03299d29f5c3
+  data.tar.gz: 369a9b8ce33c83e876836f652b57fc618a82e3028818531f6bc98d8732fad53cc7a926d6faf2ad8711c5e08ac3e0c9ec23de06a95b597087f86091dfb78e6240

data/CHANGELOG.md

@@ -3,6 +3,10 @@ All notable changes to this project will be documented in this file.
 
 This format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 0.4.1
+
+- Webhook processor now requires `active_job/railtie`, instead of `active_job`. It requires GlobalID to work and that get's required only with railtie.
+- Adding a state transition from `error` to `received`. Proccessing job will be enqueued automatic after this transition was executed.
 
 ## 0.4.0
 

data/README.md

@@ -30,6 +30,18 @@ Mount munster engine in your routes.
 mount Munster::Engine, at: "/webhooks"
 ```
 
+Define a class for your first handler (let's call it `ExampleHandler`) and inherit it from `Munster::BaseHandler`. Place it somewhere where Rails autoloading can find it, and add it to your `munster.rb` config file:
+
+```ruby
+config.active_handlers = {
+  "example" => "ExampleHandler"
+}
+```
+
+## Example handlers
+
+We provide a number of webhook handlers which demonstrate certain features of Munster. You will find them in `handler-examples`.
+
 ## Requirements
 
 This project depends on two dependencies:

data/handler-examples/customer_io_handler.rb

@@ -0,0 +1,36 @@
+# This is an example handler for Customer.io reporting webhooks. You
+# can find more documentation here https://customer.io/docs/api/webhooks/#operation/reportingWebhook
+class Webhooks::CustomerIoHandler < Munster::BaseHandler
+  def process(webhook)
+    json = JSON.parse(webhook.body, symbolize_names: true)
+    case json[:metric]
+    when "subscribed"
+      # ...
+    when "unsubscribed"
+      # ...
+    when "cio_subscription_preferences_changed"
+      # ...
+    end
+  end
+
+  def extract_event_id_from_request(action_dispatch_request)
+    action_dispatch_request.params.fetch(:event_id)
+  end
+
+  # Verify that request is actually comming from customer.io here
+  # @see https://customer.io/docs/api/webhooks/#section/Securely-Verifying-Requests
+  #
+  # - Should have "X-CIO-Signature", "X-CIO-Timestamp" headers.
+  # - Combine the version number, timestamp and body delimited by colons to form a string in the form v0:<timestamp>:<body>
+  # - Using HMAC-SHA256, hash the string using your webhook signing secret as the hash key.
+  # - Compare this value to the value of the X-CIO-Signature header sent with the request to confirm
+  def valid?(action_dispatch_request)
+    signing_key = Rails.application.secrets.customer_io_webhook_signing_key
+    xcio_signature = action_dispatch_request.headers["HTTP_X_CIO_SIGNATURE"]
+    xcio_timestamp = action_dispatch_request.headers["HTTP_X_CIO_TIMESTAMP"]
+    request_body = action_dispatch_request.body.read
+    string_to_sign = "v0:#{xcio_timestamp}:#{request_body}"
+    hmac = OpenSSL::HMAC.hexdigest("SHA256", signing_key, string_to_sign)
+    Rack::Utils.secure_compare(hmac, xcio_signature)
+  end
+end

data/handler-examples/revolut_business_v1_handler.rb

@@ -0,0 +1,29 @@
+# This is for Revolut V1 API for webhooks - https://developer.revolut.com/docs/business/webhooks-v-1-deprecated
+class RevolutBusinessV1Handler < Munster::BaseHandler
+  def valid?(_)
+    # V1 of Revolut webhooks does not support signatures
+    true
+  end
+
+  def self.process(webhook)
+    parsed_payload = JSON.parse(webhook.body)
+    topic = parsed_payload.fetch("Topic")
+    case topic
+    when "tokens" # Account access revocation payload
+      # ...
+    when "draftpayments/transfers" # Draft payment transfer notification payload
+      # ...
+    else
+      # ...
+    end
+  end
+
+  def self.extract_event_id_from_request(action_dispatch_request)
+    # Since b-tree indices generally divide from the start of the string, place the highest
+    # entropy component at the start (the EventId)
+    key_components = %w[EventId Topic Version]
+    key_components.map do |key|
+      action_dispatch_request.params.fetch(key)
+    end.join("-")
+  end
+end

data/handler-examples/revolut_business_v2_handler.rb

@@ -0,0 +1,42 @@
+# This is for Revolut V2 API for webhooks - https://developer.revolut.com/docs/business/webhooks-v-2
+class RevolutBusinessV2Handler < Munster::BaseHandler
+  def valid?(request)
+    # 1 - Validate the timestamp of the request. Prevent replay attacks.
+    # "To validate the event, make sure that the Revolut-Request-Timestamp date-time is within a 5-minute time tolerance of the current universal time (UTC)".
+    # Their examples list `timestamp = '1683650202360'` as a sample value, so their timestamp is in millis - not in seconds
+    timestamp_str_from_headers = request.headers["HTTP_REVOLUT_REQUEST_TIMESTAMP"]
+    delta_t_seconds = (timestamp_str_from_headers / 1000) - Time.now.to_i
+    return false unless delta_t_seconds.abs < (5 * 60)
+
+    # 2 - Validate the signature
+    # https://developer.revolut.com/docs/guides/manage-accounts/tutorials/work-with-webhooks/verify-the-payload-signature
+    string_to_sign = [
+      "v1",
+      timestamp_str_from_headers,
+      request.body.read
+    ].join(".")
+    computed_signature = "v1=" + OpenSSL::HMAC.hexdigest("SHA256", Rails.application.secrets.revolut_business_webhook_signing_key, string_to_sign)
+    # Note: "This means that in the period when multiple signing secrets remain valid, multiple signatures are sent."
+    # https://developer.revolut.com/docs/guides/manage-accounts/tutorials/work-with-webhooks/manage-webhooks#rotate-a-webhook-signing-secret
+    # https://developer.revolut.com/docs/guides/manage-accounts/tutorials/work-with-webhooks/about-webhooks#security
+    # An HTTP header may contain multiple values if it gets sent multiple times. But it does mean we need to test for multiple provided
+    # signatures in case of rotation.
+    provided_signatures = request.headers["HTTP_REVOLUT_SIGNATURE"].split(",")
+    # Use #select instead of `find` to compare all signatures even if only one matches - this to avoid timing leaks.
+    # Small effort but might be useful.
+    matches = provided_signatures.select do |provided_signature|
+      ActiveSupport::SecurityUtils.secure_compare(provided_signature, computed_signature)
+    end
+    matches.any?
+  end
+
+  def self.process(webhook)
+    Rails.logger.info { "Processing Revolut webhook #{webhook.body.inspect}" }
+  end
+
+  def self.extract_event_id_from_request(action_dispatch_request)
+    # The event ID is only available when you retrieve the failed webhooks, which is sad.
+    # We can divinate a synthetic ID though by taking a hash of the entire payload though.
+    Digest::SHA256.hexdigest(action_dispatch_request.body.read)
+  end
+end

data/handler-examples/starling_payments_handler.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+# This handler is an example for Starling Payments API,
+# you can find the documentation here https://developer.starlingbank.com/payments/docs#account-and-address-structure-1
+class StarlingPaymentsHandler < Munster::BaseHandler
+  # This method will be used to process webhook by async worker.
+  def process(received_webhook)
+    Rails.logger.info { received_webhook.body }
+  end
+
+  # Starling supplies signatures in the form SHA512(secret + request_body)
+  def valid?(action_dispatch_request)
+    supplied_signature = action_dispatch_request.headers.fetch("X-Hook-Signature")
+    supplied_digest_bytes = Base64.strict_decode64(supplied_signature)
+    sha512 = Digest::SHA2.new(512)
+    signing_secret = Rails.credentials.starling_payments_webhook_signing_secret
+    computed_digest_bytes = sha512.digest(signing_secret.b + action_dispatch_request.body.b)
+    ActiveSupport::SecurityUtils.secure_compare(computed_digest_bytes, supplied_digest_bytes)
+  end
+
+  # Some Starling webhooks do not provide a notification UID, but for those which do we can deduplicate
+  def extract_event_id_from_request(action_dispatch_request)
+    action_dispatch_request.params.fetch("notificationUid", SecureRandom.uuid)
+  end
+end

data/lib/munster/base_handler.rb

@@ -16,11 +16,27 @@ module Munster
       webhook = Munster::ReceivedWebhook.new(request: action_dispatch_request, handler_event_id: handler_event_id, handler_module_name: handler_module_name)
       webhook.save!
 
-      Munster.configuration.processing_job_class.perform_later(webhook)
+      enqueue(webhook)
     rescue ActiveRecord::RecordNotUnique # Webhook deduplicated
       Rails.logger.info { "#{inspect} Webhook #{handler_event_id} is a duplicate delivery and will not be stored." }
     end
 
+    # Enqueues the processing job to process webhook asynchronously. The job class could be configured.
+    #
+    # @param webhook [Munster::ReceivedWebhook]
+    # @return [void]
+    def enqueue(webhook)
+      # The configured job class can be a class name or a module, to support lazy loading
+      job_class_or_module_name = Munster.configuration.processing_job_class
+      job_class = if job_class_or_module_name.respond_to?(:perform_later)
+        job_class_or_module_name
+      else
+        job_class_or_module_name.constantize
+      end
+
+      job_class.perform_later(webhook)
+    end
+
     # This is the heart of your webhook processing. Override this method and define your processing inside of it.
     # The `received_webhook` will provide access to the `ReceivedWebhook` model, which contains the received
     # body of the webhook request, but also the full (as-full-as-possible) clone of the original ActionDispatch::Request

data/lib/munster/jobs/processing_job.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require "active_job" if defined?(Rails)
+require "active_job/railtie"
 
 module Munster
   class ProcessingJob < ActiveJob::Base

data/lib/munster/models/received_webhook.rb

@@ -15,6 +15,11 @@ module Munster
       s.permit_transition(:processing, :skipped)
       s.permit_transition(:processing, :processed)
       s.permit_transition(:processing, :error)
+      s.permit_transition(:error, :received)
+
+      s.after_committed_transition_to(:received) do |webhook|
+        webhook.handler.enqueue(webhook)
+      end
     end
 
     # Store the pertinent data from an ActionDispatch::Request into the webhook.

data/lib/munster/templates/munster.rb

@@ -1,10 +1,15 @@
 Munster.configure do |config|
   # Active Handlers are defined as hash with key as a service_id and handler class  that would handle webhook request.
+  # A Handler must respond to `.new` and return an object roughly matching `Munster::BaseHandler` in terms of interface.
+  # Use module names (strings) here to allow the handler modules to be lazy-loaded by Rails.
+  #
   # Example:
-  #   {:test => TestHandler, :inactive => InactiveHandler}
+  #   {:test => "TestHandler", :inactive => "InactiveHandler"}
   config.active_handlers = {}
 
-  # It's possible to overwrite default processing job to enahance it. As example if you want to add proper locking or retry mechanism.
+  # It's possible to overwrite default processing job to enahance it. As example if you want to add custom
+  # locking or retry mechanism. You want to inherit that job from Munster::ProcessingJob because the background
+  # job also manages the webhook state.
   #
   # Example:
   #
@@ -15,9 +20,9 @@ Munster.configure do |config|
   #     end
   #   end
   #
-  # This is how you can change processing job:
+  # In the config a string with your job' class name can be used so that the job can be lazy-loaded by Rails:
   #
-  # config.processing_job_class = WebhookProcessingJob
+  # config.processing_job_class = "WebhookProcessingJob"
 
   # We're using a common interface for error reporting provided by Rails, e.g Rails.error.report. In some cases
   # you want to enhance those errors with additional context. As example to provide a namespace:
@@ -25,4 +30,11 @@ Munster.configure do |config|
   # { appsignal: { namespace: "webhooks" } }
   #
   # config.error_context = { appsignal: { namespace: "webhooks" } }
+
+  # Incoming webhooks will be written into your DB without any prior validation. By default, Munster limits the
+  # request body size for webhooks to 512 KiB, so that it would not be too easy for an attacker to fill your
+  # database with junk. However, if you are receiving very large webhook payloads you might need to increase
+  # that limit (or make it even smaller for extra security)
+  #
+  # config.request_body_size_limit = 2.megabytes
 end

data/lib/munster/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Munster
-  VERSION = "0.4.0"
+  VERSION = "0.4.1"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: munster
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.4.1
 platform: ruby
 authors:
 - Stanislav Katkov
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-07-24 00:00:00.000000000 Z
+date: 2024-07-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -170,6 +170,10 @@ files:
 - example/tmp/.keep
 - example/tmp/pids/.keep
 - example/vendor/.keep
+- handler-examples/customer_io_handler.rb
+- handler-examples/revolut_business_v1_handler.rb
+- handler-examples/revolut_business_v2_handler.rb
+- handler-examples/starling_payments_handler.rb
 - lib/munster.rb
 - lib/munster/base_handler.rb
 - lib/munster/controllers/receive_webhooks_controller.rb