munster 0.4.0 → 0.4.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 86e72b8a849981c0e626054ed78660ba288628389933890d9d662daf2f22daa7
-  data.tar.gz: 62ab2ab22e5805158eb7f9f2d6fd622d03b32db4c985ed20d07d6e21a4b30c89
+  metadata.gz: 1cc63f1db75010013d7ad528bfcc3d4aa52c8d4242ee93a5baff4ecbe6673d01
+  data.tar.gz: b8458f7196754f2bde9440b37e4fac46f308e713ed21fca28b700c54aa599168
 SHA512:
-  metadata.gz: 5436a8a198fac9c1febfbd351bb44435307d88d7d1f87f70f293359ae88e304aaaa6378c0a0c14f89b534344f088ce14bb3afd8fdc323fd99788559c56362013
-  data.tar.gz: d2f7a667043d29b9bb46f5248963f6e02a6198f012f17ca5f9c9fdbc6c180d6ba0088273942e767b8feece8c1c985fba03183c5eb6a22377bce8853af70102df
+  metadata.gz: 4a8ee7017935cb805c69f7cf0f31b88356b00466159040d5f67b763d19643844246485b3db0d8f4302dfd3ab02b9ff862cabf1fb541a0b338e237897e1327723
+  data.tar.gz: 6ac65ba57bebe9fce221ae820369b20eb78c69823c021a9d74b58d38122a7ac6e6918ba84e63d16db4b60330684bf358f4ec72c55590afddccfaa3113ce7d841

data/CHANGELOG.md

@@ -3,6 +3,14 @@ All notable changes to this project will be documented in this file.
 
 This format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 0.4.2
+
+- When processing a webhook, print messages to the ActiveJob logger. This allows for quicker debugging if the app does not have an error tracking service set up
+
+## 0.4.1
+
+- Webhook processor now requires `active_job/railtie`, instead of `active_job`. It requires GlobalID to work and that get's required only with railtie.
+- Adding a state transition from `error` to `received`. Proccessing job will be enqueued automatic after this transition was executed.
 
 ## 0.4.0
 

data/README.md

@@ -30,6 +30,18 @@ Mount munster engine in your routes.
 mount Munster::Engine, at: "/webhooks"
 ```
 
+Define a class for your first handler (let's call it `ExampleHandler`) and inherit it from `Munster::BaseHandler`. Place it somewhere where Rails autoloading can find it, and add it to your `munster.rb` config file:
+
+```ruby
+config.active_handlers = {
+  "example" => "ExampleHandler"
+}
+```
+
+## Example handlers
+
+We provide a number of webhook handlers which demonstrate certain features of Munster. You will find them in `handler-examples`.
+
 ## Requirements
 
 This project depends on two dependencies:

data/handler-examples/customer_io_handler.rb

@@ -0,0 +1,36 @@
+# This is an example handler for Customer.io reporting webhooks. You
+# can find more documentation here https://customer.io/docs/api/webhooks/#operation/reportingWebhook
+class Webhooks::CustomerIoHandler < Munster::BaseHandler
+  def process(webhook)
+    json = JSON.parse(webhook.body, symbolize_names: true)
+    case json[:metric]
+    when "subscribed"
+      # ...
+    when "unsubscribed"
+      # ...
+    when "cio_subscription_preferences_changed"
+      # ...
+    end
+  end
+
+  def extract_event_id_from_request(action_dispatch_request)
+    action_dispatch_request.params.fetch(:event_id)
+  end
+
+  # Verify that request is actually comming from customer.io here
+  # @see https://customer.io/docs/api/webhooks/#section/Securely-Verifying-Requests
+  #
+  # - Should have "X-CIO-Signature", "X-CIO-Timestamp" headers.
+  # - Combine the version number, timestamp and body delimited by colons to form a string in the form v0:<timestamp>:<body>
+  # - Using HMAC-SHA256, hash the string using your webhook signing secret as the hash key.
+  # - Compare this value to the value of the X-CIO-Signature header sent with the request to confirm
+  def valid?(action_dispatch_request)
+    signing_key = Rails.application.secrets.customer_io_webhook_signing_key
+    xcio_signature = action_dispatch_request.headers["HTTP_X_CIO_SIGNATURE"]
+    xcio_timestamp = action_dispatch_request.headers["HTTP_X_CIO_TIMESTAMP"]
+    request_body = action_dispatch_request.body.read
+    string_to_sign = "v0:#{xcio_timestamp}:#{request_body}"
+    hmac = OpenSSL::HMAC.hexdigest("SHA256", signing_key, string_to_sign)
+    Rack::Utils.secure_compare(hmac, xcio_signature)
+  end
+end

data/handler-examples/revolut_business_v1_handler.rb

@@ -0,0 +1,29 @@
+# This is for Revolut V1 API for webhooks - https://developer.revolut.com/docs/business/webhooks-v-1-deprecated
+class RevolutBusinessV1Handler < Munster::BaseHandler
+  def valid?(_)
+    # V1 of Revolut webhooks does not support signatures
+    true
+  end
+
+  def self.process(webhook)
+    parsed_payload = JSON.parse(webhook.body)
+    topic = parsed_payload.fetch("Topic")
+    case topic
+    when "tokens" # Account access revocation payload
+      # ...
+    when "draftpayments/transfers" # Draft payment transfer notification payload
+      # ...
+    else
+      # ...
+    end
+  end
+
+  def self.extract_event_id_from_request(action_dispatch_request)
+    # Since b-tree indices generally divide from the start of the string, place the highest
+    # entropy component at the start (the EventId)
+    key_components = %w[EventId Topic Version]
+    key_components.map do |key|
+      action_dispatch_request.params.fetch(key)
+    end.join("-")
+  end
+end

data/handler-examples/revolut_business_v2_handler.rb

@@ -0,0 +1,42 @@
+# This is for Revolut V2 API for webhooks - https://developer.revolut.com/docs/business/webhooks-v-2
+class RevolutBusinessV2Handler < Munster::BaseHandler
+  def valid?(request)
+    # 1 - Validate the timestamp of the request. Prevent replay attacks.
+    # "To validate the event, make sure that the Revolut-Request-Timestamp date-time is within a 5-minute time tolerance of the current universal time (UTC)".
+    # Their examples list `timestamp = '1683650202360'` as a sample value, so their timestamp is in millis - not in seconds
+    timestamp_str_from_headers = request.headers["HTTP_REVOLUT_REQUEST_TIMESTAMP"]
+    delta_t_seconds = (timestamp_str_from_headers / 1000) - Time.now.to_i
+    return false unless delta_t_seconds.abs < (5 * 60)
+
+    # 2 - Validate the signature
+    # https://developer.revolut.com/docs/guides/manage-accounts/tutorials/work-with-webhooks/verify-the-payload-signature
+    string_to_sign = [
+      "v1",
+      timestamp_str_from_headers,
+      request.body.read
+    ].join(".")
+    computed_signature = "v1=" + OpenSSL::HMAC.hexdigest("SHA256", Rails.application.secrets.revolut_business_webhook_signing_key, string_to_sign)
+    # Note: "This means that in the period when multiple signing secrets remain valid, multiple signatures are sent."
+    # https://developer.revolut.com/docs/guides/manage-accounts/tutorials/work-with-webhooks/manage-webhooks#rotate-a-webhook-signing-secret
+    # https://developer.revolut.com/docs/guides/manage-accounts/tutorials/work-with-webhooks/about-webhooks#security
+    # An HTTP header may contain multiple values if it gets sent multiple times. But it does mean we need to test for multiple provided
+    # signatures in case of rotation.
+    provided_signatures = request.headers["HTTP_REVOLUT_SIGNATURE"].split(",")
+    # Use #select instead of `find` to compare all signatures even if only one matches - this to avoid timing leaks.
+    # Small effort but might be useful.
+    matches = provided_signatures.select do |provided_signature|
+      ActiveSupport::SecurityUtils.secure_compare(provided_signature, computed_signature)
+    end
+    matches.any?
+  end
+
+  def self.process(webhook)
+    Rails.logger.info { "Processing Revolut webhook #{webhook.body.inspect}" }
+  end
+
+  def self.extract_event_id_from_request(action_dispatch_request)
+    # The event ID is only available when you retrieve the failed webhooks, which is sad.
+    # We can divinate a synthetic ID though by taking a hash of the entire payload though.
+    Digest::SHA256.hexdigest(action_dispatch_request.body.read)
+  end
+end

data/handler-examples/starling_payments_handler.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+# This handler is an example for Starling Payments API,
+# you can find the documentation here https://developer.starlingbank.com/payments/docs#account-and-address-structure-1
+class StarlingPaymentsHandler < Munster::BaseHandler
+  # This method will be used to process webhook by async worker.
+  def process(received_webhook)
+    Rails.logger.info { received_webhook.body }
+  end
+
+  # Starling supplies signatures in the form SHA512(secret + request_body)
+  def valid?(action_dispatch_request)
+    supplied_signature = action_dispatch_request.headers.fetch("X-Hook-Signature")
+    supplied_digest_bytes = Base64.strict_decode64(supplied_signature)
+    sha512 = Digest::SHA2.new(512)
+    signing_secret = Rails.credentials.starling_payments_webhook_signing_secret
+    computed_digest_bytes = sha512.digest(signing_secret.b + action_dispatch_request.body.b)
+    ActiveSupport::SecurityUtils.secure_compare(computed_digest_bytes, supplied_digest_bytes)
+  end
+
+  # Some Starling webhooks do not provide a notification UID, but for those which do we can deduplicate
+  def extract_event_id_from_request(action_dispatch_request)
+    action_dispatch_request.params.fetch("notificationUid", SecureRandom.uuid)
+  end
+end

data/lib/munster/base_handler.rb

@@ -16,11 +16,27 @@ module Munster
       webhook = Munster::ReceivedWebhook.new(request: action_dispatch_request, handler_event_id: handler_event_id, handler_module_name: handler_module_name)
       webhook.save!
 
-      Munster.configuration.processing_job_class.perform_later(webhook)
+      enqueue(webhook)
     rescue ActiveRecord::RecordNotUnique # Webhook deduplicated
       Rails.logger.info { "#{inspect} Webhook #{handler_event_id} is a duplicate delivery and will not be stored." }
     end
 
+    # Enqueues the processing job to process webhook asynchronously. The job class could be configured.
+    #
+    # @param webhook [Munster::ReceivedWebhook]
+    # @return [void]
+    def enqueue(webhook)
+      # The configured job class can be a class name or a module, to support lazy loading
+      job_class_or_module_name = Munster.configuration.processing_job_class
+      job_class = if job_class_or_module_name.respond_to?(:perform_later)
+        job_class_or_module_name
+      else
+        job_class_or_module_name.constantize
+      end
+
+      job_class.perform_later(webhook)
+    end
+
     # This is the heart of your webhook processing. Override this method and define your processing inside of it.
     # The `received_webhook` will provide access to the `ReceivedWebhook` model, which contains the received
     # body of the webhook request, but also the full (as-full-as-possible) clone of the original ActionDispatch::Request

data/lib/munster/jobs/processing_job.rb

@@ -1,26 +1,28 @@
 # frozen_string_literal: true
 
-require "active_job" if defined?(Rails)
+require "active_job/railtie"
 
 module Munster
   class ProcessingJob < ActiveJob::Base
-    class WebhookPayloadInvalid < StandardError
-    end
-
     def perform(webhook)
       Rails.error.set_context(munster_handler_module_name: webhook.handler_module_name, **Munster.configuration.error_context)
 
+      webhook_details_for_logs = "Munster::ReceivedWebhook#%s (handler: %s)" % [webhook.id, webhook.handler]
       webhook.with_lock do
-        return unless webhook.received?
+        unless webhook.received?
+          logger.info { "#{webhook_details_for_logs} is being processed in a different job or has been processed already, skipping." }
+          return
+        end
         webhook.processing!
       end
 
       if webhook.handler.valid?(webhook.request)
+        logger.info { "#{webhook_details_for_logs} starting to process" }
         webhook.handler.process(webhook)
         webhook.processed! if webhook.processing?
+        logger.info { "#{webhook_details_for_logs} processed" }
       else
-        e = WebhookPayloadInvalid.new("#{webhook.class} #{webhook.id} did not pass validation and was skipped")
-        Rails.error.report(e, handled: true, severity: :error)
+        logger.info { "#{webhook_details_for_logs} did not pass validation by the handler. Marking it `failed_validation`." }
         webhook.failed_validation!
       end
     rescue => e

data/lib/munster/models/received_webhook.rb

@@ -15,6 +15,11 @@ module Munster
       s.permit_transition(:processing, :skipped)
       s.permit_transition(:processing, :processed)
       s.permit_transition(:processing, :error)
+      s.permit_transition(:error, :received)
+
+      s.after_committed_transition_to(:received) do |webhook|
+        webhook.handler.enqueue(webhook)
+      end
     end
 
     # Store the pertinent data from an ActionDispatch::Request into the webhook.

data/lib/munster/templates/munster.rb

@@ -1,10 +1,15 @@
 Munster.configure do |config|
   # Active Handlers are defined as hash with key as a service_id and handler class  that would handle webhook request.
+  # A Handler must respond to `.new` and return an object roughly matching `Munster::BaseHandler` in terms of interface.
+  # Use module names (strings) here to allow the handler modules to be lazy-loaded by Rails.
+  #
   # Example:
-  #   {:test => TestHandler, :inactive => InactiveHandler}
+  #   {:test => "TestHandler", :inactive => "InactiveHandler"}
   config.active_handlers = {}
 
-  # It's possible to overwrite default processing job to enahance it. As example if you want to add proper locking or retry mechanism.
+  # It's possible to overwrite default processing job to enahance it. As example if you want to add custom
+  # locking or retry mechanism. You want to inherit that job from Munster::ProcessingJob because the background
+  # job also manages the webhook state.
   #
   # Example:
   #
@@ -15,9 +20,9 @@ Munster.configure do |config|
   #     end
   #   end
   #
-  # This is how you can change processing job:
+  # In the config a string with your job' class name can be used so that the job can be lazy-loaded by Rails:
   #
-  # config.processing_job_class = WebhookProcessingJob
+  # config.processing_job_class = "WebhookProcessingJob"
 
   # We're using a common interface for error reporting provided by Rails, e.g Rails.error.report. In some cases
   # you want to enhance those errors with additional context. As example to provide a namespace:
@@ -25,4 +30,11 @@ Munster.configure do |config|
   # { appsignal: { namespace: "webhooks" } }
   #
   # config.error_context = { appsignal: { namespace: "webhooks" } }
+
+  # Incoming webhooks will be written into your DB without any prior validation. By default, Munster limits the
+  # request body size for webhooks to 512 KiB, so that it would not be too easy for an attacker to fill your
+  # database with junk. However, if you are receiving very large webhook payloads you might need to increase
+  # that limit (or make it even smaller for extra security)
+  #
+  # config.request_body_size_limit = 2.megabytes
 end

data/lib/munster/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Munster
-  VERSION = "0.4.0"
+  VERSION = "0.4.2"
 end

data/test/munster_test.rb

@@ -0,0 +1,214 @@
+# frozen_string_literal: true
+
+require "test_helper"
+require_relative "test_app"
+
+class TestMunster < ActionDispatch::IntegrationTest
+  teardown { Munster::ReceivedWebhook.delete_all }
+
+  def test_that_it_has_a_version_number
+    refute_nil ::Munster::VERSION
+  end
+
+  def webhook_body
+    <<~JSON
+      {
+        "provider_id": "musterbank-flyio",
+        "starts_at": "<%= Time.now.utc %>",
+        "external_source": "The Forge Of Downtime",
+        "external_ticket_title": "DOWN-123",
+        "internal_description_markdown": "A test has failed"
+      }
+    JSON
+  end
+
+  Munster.configure do |config|
+    config.active_handlers = {
+      test: WebhookTestHandler,
+      inactive: "InactiveHandler",
+      invalid: "InvalidHandler",
+      private: "PrivateHandler",
+      "failing-with-exposed-errors": "FailingWithExposedErrors",
+      "failing-with-concealed-errors": "FailingWithConcealedErrors",
+      extract_id: "ExtractIdHandler"
+    }
+  end
+  self.app = MunsterTestApp
+
+  def self.xtest(msg)
+    test(msg) { skip }
+  end
+
+  test "ensure webhook is processed only once during creation" do
+    tf = Tempfile.new
+    body = {isValid: true, outputToFilename: tf.path}
+    body_json = body.to_json
+
+    assert_enqueued_jobs 1, only: Munster::ProcessingJob do
+      post "/munster/test", params: body_json, headers: {"CONTENT_TYPE" => "application/json"}
+      assert_response 200
+    end
+  end
+
+  test "accepts a webhook, stores and processes it" do
+    tf = Tempfile.new
+    body = {isValid: true, outputToFilename: tf.path}
+    body_json = body.to_json
+
+    post "/munster/test", params: body_json, headers: {"CONTENT_TYPE" => "application/json"}
+    assert_response 200
+
+    webhook = Munster::ReceivedWebhook.last!
+
+    assert_predicate webhook, :received?
+    assert_equal "WebhookTestHandler", webhook.handler_module_name
+    assert_equal webhook.status, "received"
+    assert_equal webhook.body, body_json
+
+    perform_enqueued_jobs
+    assert_predicate webhook.reload, :processed?
+    tf.rewind
+    assert_equal tf.read, body_json
+  end
+
+  test "accepts a webhook but does not process it if it is invalid" do
+    tf = Tempfile.new
+    body = {isValid: false, outputToFilename: tf.path}
+    body_json = body.to_json
+
+    post "/munster/test", params: body_json, headers: {"CONTENT_TYPE" => "application/json"}
+    assert_response 200
+
+    webhook = Munster::ReceivedWebhook.last!
+
+    assert_predicate webhook, :received?
+    assert_equal "WebhookTestHandler", webhook.handler_module_name
+    assert_equal webhook.status, "received"
+    assert_equal webhook.body, body_json
+
+    perform_enqueued_jobs
+    assert_predicate webhook.reload, :failed_validation?
+
+    tf.rewind
+    assert_predicate tf.read, :empty?
+  end
+
+  test "marks a webhook as errored if it raises during processing" do
+    tf = Tempfile.new
+    body = {isValid: true, raiseDuringProcessing: true, outputToFilename: tf.path}
+    body_json = body.to_json
+
+    post "/munster/test", params: body_json, headers: {"CONTENT_TYPE" => "application/json"}
+    assert_response 200
+
+    webhook = Munster::ReceivedWebhook.last!
+
+    assert_predicate webhook, :received?
+    assert_equal "WebhookTestHandler", webhook.handler_module_name
+    assert_equal webhook.status, "received"
+    assert_equal webhook.body, body_json
+
+    assert_raises(StandardError) { perform_enqueued_jobs }
+    assert_predicate webhook.reload, :error?
+
+    tf.rewind
+    assert_predicate tf.read, :empty?
+  end
+
+  test "does not accept a test payload that is larger than the configured maximum size" do
+    oversize = Munster.configuration.request_body_size_limit + 1
+    utf8_junk = Base64.strict_encode64(Random.bytes(oversize))
+    body = {isValid: true, filler: utf8_junk, raiseDuringProcessing: false, outputToFilename: "/tmp/nothing"}
+    body_json = body.to_json
+
+    post "/munster/test", params: body_json, headers: {"CONTENT_TYPE" => "application/json"}
+    assert_raises(ActiveRecord::RecordNotFound) { Munster::ReceivedWebhook.last! }
+  end
+
+  test "does not try to process a webhook if it is not in `received' state" do
+    tf = Tempfile.new
+    body = {isValid: true, raiseDuringProcessing: true, outputToFilename: tf.path}
+    body_json = body.to_json
+
+    post "/munster/test", params: body_json, headers: {"CONTENT_TYPE" => "application/json"}
+    assert_response 200
+
+    webhook = Munster::ReceivedWebhook.last!
+    webhook.processing!
+
+    perform_enqueued_jobs
+    assert_predicate webhook.reload, :processing?
+
+    tf.rewind
+    assert_predicate tf.read, :empty?
+  end
+
+  test "raises an error if the service_id is not known" do
+    post "/munster/missing_service", params: webhook_body, headers: {"CONTENT_TYPE" => "application/json"}
+    assert_response 404
+  end
+
+  test "returns a 503 when a handler is inactive" do
+    post "/munster/inactive", params: webhook_body, headers: {"CONTENT_TYPE" => "application/json"}
+
+    assert_response 503
+    assert_equal 'Webhook handler "inactive" is inactive', response.parsed_body["error"]
+  end
+
+  test "returns a 200 status and error message if the handler does not expose errors" do
+    post "/munster/failing-with-concealed-errors", params: webhook_body, headers: {"CONTENT_TYPE" => "application/json"}
+
+    assert_response 200
+    assert_equal false, response.parsed_body["ok"]
+    assert response.parsed_body["error"]
+  end
+
+  test "returns a 500 status and error message if the handler does not expose errors" do
+    post "/munster/failing-with-exposed-errors", params: webhook_body, headers: {"CONTENT_TYPE" => "application/json"}
+
+    assert_response 500
+    # The response generation in this case is done by Rails, through the
+    # common Rails error page
+  end
+
+  test "deduplicates received webhooks based on the event ID" do
+    body = {event_id: SecureRandom.uuid, body: "test"}.to_json
+
+    assert_changes_by -> { Munster::ReceivedWebhook.count }, exactly: 1 do
+      3.times do
+        post "/munster/extract_id", params: body, headers: {"CONTENT_TYPE" => "application/json"}
+        assert_response 200
+      end
+    end
+  end
+
+  test "preserves the route params and the request params in the serialised request stored with the webhook" do
+    body = {user_name: "John", number_of_dependents: 14}.to_json
+
+    Munster::ReceivedWebhook.delete_all
+    post "/per-user-munster/123/private", params: body, headers: {"CONTENT_TYPE" => "application/json"}
+    assert_response 200
+
+    received_webhook = Munster::ReceivedWebhook.first!
+    assert_predicate received_webhook, :received?
+    assert_equal body, received_webhook.request.body.read
+    assert_equal "John", received_webhook.request.params["user_name"]
+    assert_equal 14, received_webhook.request.params["number_of_dependents"]
+    assert_equal "123", received_webhook.request.params["user_id"]
+  end
+
+  test "erroneous webhook could be processed again" do
+    webhook = Munster::ReceivedWebhook.create(
+      handler_event_id: "test",
+      handler_module_name: "WebhookTestHandler",
+      status: "error",
+      body: {isValid: true}.to_json
+    )
+
+    assert_enqueued_jobs 1, only: Munster::ProcessingJob do
+      webhook.received!
+
+      assert_equal "received", webhook.status
+    end
+  end
+end

data/test/test-webhook-handlers/extract_id_handler.rb

@@ -0,0 +1,5 @@
+class ExtractIdHandler < WebhookTestHandler
+  def extract_event_id_from_request(action_dispatch_request)
+    JSON.parse(action_dispatch_request.body.read).fetch("event_id")
+  end
+end

data/test/test-webhook-handlers/failing_with_concealed_errors.rb

@@ -0,0 +1,7 @@
+class FailingWithConcealedErrors < Munster::BaseHandler
+  def handle(_request)
+    raise "oops"
+  end
+
+  def expose_errors_to_sender? = false
+end

data/test/test-webhook-handlers/failing_with_exposed_errors.rb

@@ -0,0 +1,7 @@
+class FailingWithExposedErrors < Munster::BaseHandler
+  def handle(_request)
+    raise "oops"
+  end
+
+  def expose_errors_to_sender? = true
+end

data/test/test-webhook-handlers/inactive_handler.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+class InactiveHandler < WebhookTestHandler
+  def active? = false
+end

data/test/test-webhook-handlers/invalid_handler.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+class InvalidHandler < WebhookTestHandler
+  def valid?(request) = false
+end

data/test/test-webhook-handlers/private_handler.rb

@@ -0,0 +1,3 @@
+class PrivateHandler < WebhookTestHandler
+  def expose_errors_to_sender? = false
+end

data/test/test-webhook-handlers/webhook_test_handler.rb

@@ -0,0 +1,13 @@
+class WebhookTestHandler < Munster::BaseHandler
+  def valid?(request)
+    request.params.fetch(:isValid, false)
+  end
+
+  def process(webhook)
+    raise "Oops, failed" if webhook.request.params[:raiseDuringProcessing]
+    filename = webhook.request.params.fetch(:outputToFilename)
+    File.binwrite(filename, webhook.body)
+  end
+
+  def expose_errors_to_sender? = true
+end

data/test/test_app.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+require "active_record"
+require "action_pack"
+require "action_controller"
+require "rails"
+
+database = "development.sqlite3"
+ENV["DATABASE_URL"] = "sqlite3:#{database}"
+ActiveRecord::Base.establish_connection(adapter: "sqlite3", database: database)
+ActiveRecord::Base.logger = Logger.new(nil)
+ActiveRecord::Schema.define do
+  create_table "received_webhooks", force: :cascade do |t|
+    t.string "handler_event_id", null: false
+    t.string "handler_module_name", null: false
+    t.string "status", default: "received", null: false
+    t.binary "body", null: false
+    t.json "request_headers", null: true
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["handler_module_name", "handler_event_id"], name: "webhook_dedup_idx", unique: true
+    t.index ["status"], name: "index_received_webhooks_on_status"
+  end
+end
+
+require_relative "../lib/munster"
+require_relative "test-webhook-handlers/webhook_test_handler"
+
+class MunsterTestApp < Rails::Application
+  config.logger = Logger.new(nil)
+  config.autoload_paths << File.dirname(__FILE__) + "/test-webhook-handlers"
+  config.root = __dir__
+  config.eager_load = false
+  config.consider_all_requests_local = true
+  config.secret_key_base = "i_am_a_secret"
+  config.active_support.cache_format_version = 7.0
+  config.hosts << ->(host) { true } # Permit all hosts
+
+  routes.append do
+    mount Munster::Engine, at: "/munster"
+    post "/per-user-munster/:user_id/:service_id" => "munster/receive_webhooks#create"
+  end
+end
+
+MunsterTestApp.initialize!
+
+# run MunsterTestApp

data/test/test_helper.rb

@@ -0,0 +1,50 @@
+require_relative "test_app"
+require "rails/test_help"
+
+class ActiveSupport::TestCase
+  # Same as "assert_changes" in Rails but for countable entities.
+  # @return [*] return value of the block
+  # @example
+  #   assert_changes_by("Notification.count", exactly: 2) do
+  #     cause_two_notifications_to_get_delivered
+  #   end
+  def assert_changes_by(expression, message = nil, exactly: nil, at_least: nil, at_most: nil, &block)
+    # rubocop:disable Security/Eval
+    exp = expression.respond_to?(:call) ? expression : -> { eval(expression.to_s, block.binding) }
+    # rubocop:enable Security/Eval
+
+    raise "either exactly:, at_least: or at_most: must be specified" unless exactly || at_least || at_most
+    raise "exactly: is mutually exclusive with other options" if exactly && (at_least || at_most)
+    raise "at_most: must be larger than at_least:" if at_least && at_most && at_most < at_least
+
+    before = exp.call
+    retval = assert_nothing_raised(&block)
+
+    after = exp.call
+    delta = after - before
+
+    if exactly
+      at_most = exactly
+      at_least = exactly
+    end
+
+    # We do not make these an if/else since we allow both at_most and at_least
+    if at_most
+      error = "#{expression.inspect} changed by #{delta} which is more than #{at_most}"
+      error = "#{error}. It was #{before} and became #{after}"
+      error = "#{message.call}.\n" if message&.respond_to?(:call)
+      error = "#{message}.\n#{error}" if message && !message.respond_to?(:call)
+      assert delta <= at_most, error
+    end
+
+    if at_least
+      error = "#{expression.inspect} changed by #{delta} which is less than #{at_least}"
+      error = "#{error}. It was #{before} and became #{after}"
+      error = "#{message.call}.\n" if message&.respond_to?(:call)
+      error = "#{message}.\n#{error}" if message && !message.respond_to?(:call)
+      assert delta >= at_least, error
+    end
+
+    retval
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: munster
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.4.2
 platform: ruby
 authors:
 - Stanislav Katkov
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-07-24 00:00:00.000000000 Z
+date: 2024-08-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -170,6 +170,10 @@ files:
 - example/tmp/.keep
 - example/tmp/pids/.keep
 - example/vendor/.keep
+- handler-examples/customer_io_handler.rb
+- handler-examples/revolut_business_v1_handler.rb
+- handler-examples/revolut_business_v2_handler.rb
+- handler-examples/starling_payments_handler.rb
 - lib/munster.rb
 - lib/munster/base_handler.rb
 - lib/munster/controllers/receive_webhooks_controller.rb
@@ -182,6 +186,17 @@ files:
 - lib/munster/templates/munster.rb
 - lib/munster/version.rb
 - lib/tasks/munster_tasks.rake
+- test/munster_test.rb
+- test/test-webhook-handlers/.DS_Store
+- test/test-webhook-handlers/extract_id_handler.rb
+- test/test-webhook-handlers/failing_with_concealed_errors.rb
+- test/test-webhook-handlers/failing_with_exposed_errors.rb
+- test/test-webhook-handlers/inactive_handler.rb
+- test/test-webhook-handlers/invalid_handler.rb
+- test/test-webhook-handlers/private_handler.rb
+- test/test-webhook-handlers/webhook_test_handler.rb
+- test/test_app.rb
+- test/test_helper.rb
 homepage: https://www.cheddar.me/
 licenses:
 - MIT
@@ -204,7 +219,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.9
+rubygems_version: 3.3.7
 signing_key:
 specification_version: 4
 summary: Webhooks processing engine for Rails applications