webhookdb 0.1.0

data/lib/webhookdb/customer.rb

@@ -0,0 +1,347 @@
+# frozen_string_literal: true
+
+require "appydays/configurable"
+require "bcrypt"
+require "openssl"
+require "webhookdb/id"
+require "webhookdb/postgres/model"
+require "webhookdb/demo_mode"
+
+class Webhookdb::Customer < Webhookdb::Postgres::Model(:customers)
+  extend Webhookdb::MethodUtilities
+  include Appydays::Configurable
+
+  class InvalidPassword < StandardError; end
+  class SignupDisabled < StandardError; end
+
+  configurable(:customer) do
+    setting :signup_email_allowlist, ["*"], convert: ->(s) { s.split }
+    setting :skip_authentication, false
+    setting :skip_authentication_allowlist, [], convert: ->(s) { s.split }
+  end
+
+  # The bcrypt hash cost. Changing this would invalidate all passwords!
+  # It's only here so we can change it for testing.
+  singleton_attr_accessor :password_hash_cost
+  @password_hash_cost = 10
+
+  MIN_PASSWORD_LENGTH = 8
+
+  # A bcrypt digest that's valid, but not a real digest. Used as a placeholder for
+  # accounts with no passwords, which makes them impossible to authenticate. Or at
+  # least much less likely than with a random string.
+  PLACEHOLDER_PASSWORD_DIGEST = "$2a$11$....................................................."
+
+  # Regex that matches the prefix of a deleted user's email
+  DELETED_EMAIL_PATTERN = /^(?<prefix>\d+(?:\.\d+)?)\+(?<rest>.*)$/
+
+  plugin :timestamps
+  plugin :soft_deletes
+
+  one_to_many :all_memberships, class: "Webhookdb::OrganizationMembership"
+  one_to_many :invited_memberships,
+              class: "Webhookdb::OrganizationMembership",
+              conditions: {verified: false},
+              adder: ->(om) { om.update(customer_id: id, verified: false) }
+  one_to_many :verified_memberships,
+              class: "Webhookdb::OrganizationMembership",
+              conditions: {verified: true},
+              adder: ->(om) { om.update(customer_id: id, verified: true) }
+  one_to_one :default_membership, class: "Webhookdb::OrganizationMembership", conditions: {is_default: true}
+  one_to_many :message_deliveries, key: :recipient_id, class: "Webhookdb::Message::Delivery"
+  one_to_many :reset_codes, class: "Webhookdb::Customer::ResetCode", order: Sequel.desc([:created_at])
+  many_to_many :roles, class: "Webhookdb::Role", join_table: :roles_customers
+
+  dataset_module do
+    def with_email(*emails)
+      emails = emails.map { |e| e.downcase.strip }
+      return self.where(email: emails)
+    end
+  end
+
+  def self.with_email(e)
+    return self.dataset.with_email(e).first
+  end
+
+  def self.find_or_create_for_email(email)
+    email = email.strip.downcase
+    # If there is no Customer object associated with the email, create one
+    me = Webhookdb::Customer[email:]
+    return [false, me] if me
+    signup_allowed = self.signup_email_allowlist.any? { |pattern| File.fnmatch(pattern, email) }
+    raise SignupDisabled unless signup_allowed
+    return [true, Webhookdb::Customer.create(email:, password: SecureRandom.hex(32))]
+  end
+
+  # Make sure the customer has a default organization.
+  # New registrants, or users who have been invited (so have an existing customer and invited org)
+  # get an org created. Default orgs must already be verified as per a DB constraint.
+  # @return [Array<TrueClass,FalseClass,Webhookdb::OrganizationMembership>] Tuple of [created, membership]
+  def self.find_or_create_default_organization(customer)
+    mem = customer.default_membership
+    return [false, mem] if mem
+    email = customer.email
+    # We could have no default, but already be in an organization, like if the default was deleted.
+    mem = customer.verified_memberships.first
+    return [false, mem] if mem
+    # We have no verified orgs, so create one.
+    # TODO: this will fail if not unique. We need to make sure we pick a unique name/key.
+    self_org = Webhookdb::Organization.create(name: "#{email} Org", billing_email: email.to_s)
+    mem = customer.add_membership(
+      organization: self_org, membership_role: Webhookdb::Role.admin_role, verified: true, is_default: true,
+    )
+    self_org.publish_deferred("syncdemodata", self_org.id) if Webhookdb::DemoMode.example_datasets_enabled
+    return [true, mem]
+  end
+
+  # @return Tuple of <Step, Customer>.
+  def self.register_or_login(email:)
+    self.db.transaction do
+      customer_created, me = self.find_or_create_for_email(email)
+      org_created, _membership = self.find_or_create_default_organization(me)
+      me.reset_codes_dataset.usable.each(&:expire!)
+      me.add_reset_code(transport: "email")
+      step = Webhookdb::Replicator::StateMachineStep.new
+      step.output = if customer_created || org_created
+                      %(To finish registering, please look for an email we just sent to #{email}.
+It contains a One Time Password code to validate your email.
+)
+      else
+        %(Hello again!
+
+To finish logging in, please look for an email we just sent to #{email}.
+It contains a One Time Password used to log in.
+)
+                    end
+      step.output += %(You can enter it here, or if you want to finish up from a new prompt, use:
+
+  webhookdb auth login --username=#{email} --token=<#{Webhookdb::Customer::ResetCode::TOKEN_LENGTH} digit token>
+)
+      step.prompt = "Enter the token from your email:"
+      step.prompt_is_secret = true
+      step.needs_input = true
+      step.post_to_url = "/v1/auth"
+      step.post_params = {email:}
+      step.post_params_value_key = "token"
+      return [step, me]
+    end
+  end
+
+  # @return Tuple of <Step, Customer>. Customer is nil if token was invalid.
+  def self.finish_otp(me, token:)
+    if me.nil?
+      step = Webhookdb::Replicator::StateMachineStep.new
+      step.output = %(Sorry, no one with that email exists. Try running:
+
+  webhookdb auth login [email]
+      )
+      step.needs_input = false
+      step.complete = true
+      step.error_code = "email_not_exist"
+      return [step, nil]
+    end
+
+    unless me.should_skip_authentication?
+      begin
+        Webhookdb::Customer::ResetCode.use_code_with_token(token) do |code|
+          raise Webhookdb::Customer::ResetCode::Unusable unless code.customer === me
+          code.customer.save_changes
+          me.refresh
+        end
+      rescue Webhookdb::Customer::ResetCode::Unusable
+        step = Webhookdb::Replicator::StateMachineStep.new
+        step.output = %(Sorry, that token is invalid. Please try again.
+If you have not gotten a code, use Ctrl+C to close this prompt and request a new code:
+
+  webhookdb auth login #{me.email}
+)
+        step.error_code = "invalid_otp"
+        step.prompt_is_secret = true
+        step.prompt = "Enter the token from your email:"
+        step.needs_input = true
+        step.post_to_url = "/v1/auth"
+        step.post_params = {email: me.email}
+        step.post_params_value_key = "token"
+        return [step, nil]
+      end
+    end
+
+    welcome_tutorial = "Quick tip: Use `webhookdb services list` to see what services are available."
+    if me.invited_memberships.present?
+      welcome_tutorial = "You have the following pending invites:\n\n" +
+        me.invited_memberships.map { |om| "  #{om.organization.display_string}: #{om.invitation_code}" }.join("\n") +
+        "\n\nUse `webhookdb org join [code]` to accept an invitation."
+    end
+    step = Webhookdb::Replicator::StateMachineStep.new
+    step.output = %(Welcome! For help getting started, please check out
+our docs at https://docs.webhookdb.com.
+
+#{welcome_tutorial})
+    step.needs_input = false
+    step.complete = true
+    return [step, me]
+  end
+
+  # If the SKIP_PHONE|EMAIL_VERIFICATION are set, verify the phone/email.
+  # Also verify phone and email if the customer email matches the allowlist.
+  def should_skip_authentication?
+    return true if self.class.skip_authentication
+    return true if self.class.skip_authentication_allowlist.any? { |pattern| File.fnmatch(pattern, self.email) }
+    return false
+  end
+
+  def ensure_role(role_or_name)
+    role = role_or_name.is_a?(Webhookdb::Role) ? role_or_name : Webhookdb::Role[name: role_or_name]
+    raise "No role for #{role_or_name}" unless role.present?
+    self.add_role(role) unless self.roles_dataset[role.id]
+  end
+
+  def admin?
+    return self.roles.include?(Webhookdb::Role.admin_role)
+  end
+
+  def greeting
+    return self.name.present? ? self.name : "there"
+  end
+
+  #
+  # :section: Memberships
+  #
+
+  def add_membership(opts={})
+    if !opts.is_a?(Webhookdb::OrganizationMembership) && !opts.key?(:verified)
+      raise ArgumentError, "must pass :verified or a model into add_membership, it is ambiguous otherwise"
+    end
+    self.associations.delete(opts[:verified] ? :verified_memberships : :invited_memberships)
+    return self.add_all_membership(opts)
+  end
+
+  def verified_member_of?(org)
+    return !org.verified_memberships_dataset.where(customer_id: self.id).empty?
+  end
+
+  def default_organization
+    return self.default_membership&.organization
+  end
+
+  def replace_default_membership(new_mem)
+    self.verified_memberships_dataset.update(is_default: false)
+    self.associations.delete(:verified_memberships)
+    new_mem.update(is_default: true)
+  end
+
+  #
+  # :section: Password
+  #
+
+  ### Fetch the user's password as an BCrypt::Password object.
+  def encrypted_password
+    digest = self.password_digest or return nil
+    return BCrypt::Password.new(digest)
+  end
+
+  ### Set the password to the given +unencrypted+ String.
+  def password=(unencrypted)
+    if unencrypted
+      self.check_password_complexity(unencrypted)
+      self.password_digest = BCrypt::Password.create(unencrypted, cost: self.class.password_hash_cost)
+    else
+      self.password_digest = BCrypt::Password.new(PLACEHOLDER_PASSWORD_DIGEST)
+    end
+  end
+
+  ### Attempt to authenticate the user with the specified +unencrypted+ password. Returns
+  ### +true+ if the password matched.
+  def authenticate(unencrypted)
+    return false unless unencrypted
+    return false if self.soft_deleted?
+    return self.encrypted_password == unencrypted
+  end
+
+  protected def new_password_matches?(unencrypted)
+    existing_pw = BCrypt::Password.new(self.password_digest)
+    new_pw = self.digest_password(unencrypted)
+    return existing_pw == new_pw
+  end
+
+  ### Raise if +unencrypted+ password does not meet complexity requirements.
+  protected def check_password_complexity(unencrypted)
+    raise Webhookdb::Customer::InvalidPassword, "password must be at least %d characters." % [MIN_PASSWORD_LENGTH] if
+      unencrypted.length < MIN_PASSWORD_LENGTH
+  end
+
+  #
+  # :section: Phone
+  #
+
+  def us_phone
+    return Phony.format(self.phone, format: :national)
+  end
+
+  def us_phone=(s)
+    self.phone = Webhookdb::PhoneNumber::US.normalize(s)
+  end
+
+  def unverified?
+    return !self.email_verified? && !self.phone_verified?
+  end
+
+  #
+  # :section: Sequel Hooks
+  #
+
+  def before_create
+    self[:opaque_id] ||= Webhookdb::Id.new_opaque_id("cus")
+  end
+
+  ### Soft-delete hook -- prep the user for deletion.
+  def before_soft_delete
+    self.email = "#{Time.now.to_f}+#{self[:email]}"
+    self.password = "aA1!#{SecureRandom.hex(8)}"
+    super
+  end
+
+  ### Soft-delete hook -- expire unused, unexpired reset codes and
+  ### trigger an event on removal.
+
+  #
+  # :section: Sequel Validation
+  #
+
+  def validate
+    super
+    self.validates_presence(:email)
+    self.validates_format(/[[:graph:]]+@[[:graph:]]+\.[a-zA-Z]{2,}/, :email)
+    self.validates_unique(:email)
+    self.validates_operator(:==, self.email&.downcase&.strip, :email)
+  end
+end
+
+# Table: customers
+# -----------------------------------------------------------------------------------------------------------------------------------------------------
+# Columns:
+#  id              | integer                  | PRIMARY KEY GENERATED BY DEFAULT AS IDENTITY
+#  created_at      | timestamp with time zone | NOT NULL DEFAULT now()
+#  updated_at      | timestamp with time zone |
+#  soft_deleted_at | timestamp with time zone |
+#  password_digest | text                     | NOT NULL
+#  email           | citext                   | NOT NULL
+#  name            | text                     | NOT NULL DEFAULT ''::text
+#  note            | text                     | NOT NULL DEFAULT ''::text
+#  opaque_id       | text                     | NOT NULL
+# Indexes:
+#  customers_pkey          | PRIMARY KEY btree (id)
+#  customers_email_key     | UNIQUE btree (email)
+#  customers_opaque_id_key | UNIQUE btree (opaque_id)
+# Check constraints:
+#  lowercase_nospace_email | (email::text = btrim(lower(email::text)))
+# Referenced By:
+#  backfill_jobs                    | backfill_jobs_created_by_id_fkey                    | (created_by_id) REFERENCES customers(id) ON DELETE SET NULL
+#  customer_reset_codes             | customer_reset_codes_customer_id_fkey               | (customer_id) REFERENCES customers(id) ON DELETE CASCADE
+#  message_deliveries               | message_deliveries_recipient_id_fkey                | (recipient_id) REFERENCES customers(id) ON DELETE SET NULL
+#  organization_database_migrations | organization_database_migrations_started_by_id_fkey | (started_by_id) REFERENCES customers(id) ON DELETE SET NULL
+#  organization_memberships         | organization_memberships_customer_id_fkey           | (customer_id) REFERENCES customers(id)
+#  roles_customers                  | roles_customers_customer_id_fkey                    | (customer_id) REFERENCES customers(id)
+#  sync_targets                     | sync_targets_created_by_id_fkey                     | (created_by_id) REFERENCES customers(id) ON DELETE SET NULL
+#  webhook_subscriptions            | webhook_subscriptions_created_by_id_fkey            | (created_by_id) REFERENCES customers(id)
+# -----------------------------------------------------------------------------------------------------------------------------------------------------

data/lib/webhookdb/database_document.rb

@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+
+require "webhookdb/postgres/model"
+
+# Simple model for jamming stuff into the database.
+# Since WebhookDB isn't a resource-heavy application,
+# and it's meant to be self-hosted,
+# we may as well do this over pulling in an S3 or GCS dependeency.
+class Webhookdb::DatabaseDocument < Webhookdb::Postgres::Model(:database_documents)
+  include Appydays::Configurable
+  configurable(:database_document) do
+    setting :skip_authentication, false
+    setting :skip_authentication_allowlist, [], convert: ->(s) { s.split }
+  end
+
+  plugin :column_encryption do |enc|
+    enc.column :encryption_secret
+  end
+
+  def initialize(*)
+    super
+    self.encryption_secret ||= SecureRandom.hex(32)
+  end
+
+  def sign_url(path, expire_at:, params: {})
+    uri = URI(path)
+    q = params.merge(expire_at: expire_at.to_i)
+    uri.query = HTTParty::Request::NON_RAILS_QUERY_STRING_NORMALIZER.call(q)
+    url = uri.to_s
+    sig = self.digest_url(url)
+    return url + "&sig=#{sig}"
+  end
+
+  def check_url(url, now: Time.now)
+    sig_idx = url.rindex("&sig=")
+    return false if sig_idx.nil?
+    without_sig = url[...sig_idx]
+    got_sig = url[(sig_idx + 5)..]
+    real_sig = self.digest_url(without_sig)
+    return false unless ActiveSupport::SecurityUtils.secure_compare(got_sig, real_sig)
+    expires = CGI.parse(URI(url).query || "?")["expire_at"]
+    return false unless expires
+    t = Time.at(expires.first.to_i)
+    return false if t <= now
+    return true
+  end
+
+  protected def digest_url(url)
+    hmac = OpenSSL::HMAC.digest("sha256", self.encryption_secret, url)
+    b = Base64.urlsafe_encode64(hmac, padding: false)
+    return b
+  end
+
+  def presigned_view_url(expire_at:, **kw)
+    url = "#{Webhookdb.api_url}/admin/v1/database_documents/#{self.id}/view"
+    return self.sign_url(url, expire_at:, **kw)
+  end
+end
+
+# Table: database_documents
+# --------------------------------------------------------------------------------------------
+# Columns:
+#  id                | integer                  | PRIMARY KEY GENERATED BY DEFAULT AS IDENTITY
+#  created_at        | timestamp with time zone | NOT NULL DEFAULT now()
+#  key               | text                     | NOT NULL
+#  content           | bytea                    | NOT NULL
+#  content_type      | text                     | NOT NULL
+#  encryption_secret | text                     | NOT NULL
+# Indexes:
+#  database_documents_pkey    | PRIMARY KEY btree (id)
+#  database_documents_key_key | UNIQUE btree (key)
+# --------------------------------------------------------------------------------------------

data/lib/webhookdb/db_adapter/column_types.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module Webhookdb::DBAdapter::ColumnTypes
+  BIGINT = :bigint
+  BIGINT_ARRAY = :bigintarray
+  BOOLEAN = :bool
+  DATE = :date
+  DECIMAL = :decimal
+  DOUBLE = :double
+  FLOAT = :float
+  INTEGER = :int
+  INTEGER_ARRAY = :intarray
+  TEXT_ARRAY = :textarray
+  OBJECT = :object
+  TEXT = :text
+  TIMESTAMP = :timestamp
+  UUID = :uuid
+
+  COLUMN_TYPES = Set.new(
+    [
+      BIGINT,
+      BIGINT_ARRAY,
+      BOOLEAN,
+      DATE,
+      DECIMAL,
+      DOUBLE,
+      FLOAT,
+      INTEGER,
+      INTEGER_ARRAY,
+      OBJECT,
+      TEXT,
+      TEXT_ARRAY,
+      TIMESTAMP,
+      UUID,
+    ],
+  )
+end

data/lib/webhookdb/db_adapter/default_sql.rb

@@ -0,0 +1,187 @@
+# frozen_string_literal: true
+
+module Webhookdb::DBAdapter::DefaultSql
+  def create_schema_sql(schema, if_not_exists: false)
+    s = +"CREATE SCHEMA "
+    s << "IF NOT EXISTS " if if_not_exists
+    s << self.escape_identifier(schema.name)
+    return s
+  end
+
+  def create_table_sql(table, columns, if_not_exists: false)
+    createtable = +"CREATE TABLE "
+    createtable << "IF NOT EXISTS " if if_not_exists
+    createtable << self.qualify_table(table)
+    lines = ["#{createtable} ("]
+    columns[0...-1]&.each { |c| lines << "  #{self.column_create_sql(c)}," }
+    lines << "  #{self.column_create_sql(columns.last)}"
+    lines << ")"
+    return lines.join("\n")
+  end
+
+  def identifier_quote_char
+    raise NotImplementedError
+  end
+
+  # We write our own escaper because we want to only escape what's needed;
+  # otherwise we want to avoid quoting identifiers.
+  def escape_identifier(s)
+    s = s.to_s
+    raise ArgumentError, "#{s} is an invalid identifier and should have been validated previously" unless
+      Webhookdb::DBAdapter::VALID_IDENTIFIER.match?(s)
+
+    quo = self.identifier_quote_char
+    return "#{quo}#{s}#{quo}" if RESERVED_KEYWORDS.include?(s.upcase) ||
+      s.include?(" ") ||
+      s.include?("-") ||
+      s.start_with?(/\d/)
+    return s
+  end
+
+  # @param [Webhookdb::DBAdapter::Table] table
+  def qualify_table(table)
+    s = +""
+    if table.schema
+      s << self.escape_identifier(table.schema.name)
+      s << "."
+    end
+    s << self.escape_identifier(table.name)
+    return s
+  end
+
+  # Return the SQL string for column assignment.
+  # Like for src and dest of :src and :tgt,
+  # and columns with names :spam and :foo,
+  # return "tgt.spam = src.spam, tgt.foo = src.foo"
+  # Column names will be escaped; the source and destination values
+  # should already be valid identifiers (usually aliases for a table or query).
+  #
+  # If a block is given, call it with (column, left hand side string, right hand side string).
+  # It should return the new lhs/rhs strings.
+  #
+  # @param [String, nil] source Prefix (like table alias) for right hand side columns.
+  # @param [String, nil] destination nil Prefix (like table alias) for left hand side columns.
+  # @param [Array<Webhookdb::DBAdapter::Column>] columns
+  def assign_columns_sql(source, destination, columns, &block)
+    stmts = columns.map do |c|
+      cname = self.escape_identifier(c.name)
+      lhs = destination ? "#{destination}.#{cname}" : cname
+      rhs = source ? "#{source}.#{cname}" : cname
+      lhs, rhs = block[c, lhs, rhs] if block
+      "#{lhs} = #{rhs}"
+    end
+    return stmts.join(", ")
+  end
+
+  # These are all PG reserved keywords, as per https://www.postgresql.org/docs/current/sql-keywords-appendix.html
+  PG_RESERVED_KEYWORDS = Set.new(
+    [
+      "ALL",
+      "ANALYSE",
+      "ANALYZE",
+      "AND",
+      "ANY",
+      "ARRAY",
+      "AS",
+      "ASC",
+      "ASYMMETRIC",
+      "AUTHORIZATION",
+      "BINARY",
+      "BOTH",
+      "CASE",
+      "CAST",
+      "CHECK",
+      "COLLATE",
+      "COLLATION",
+      "COLUMN",
+      "CONCURRENTLY",
+      "CONSTRAINT",
+      "CREATE",
+      "CROSS",
+      "CURRENT_CATALOG",
+      "CURRENT_DATE",
+      "CURRENT_ROLE",
+      "CURRENT_SCHEMA",
+      "CURRENT_TIME",
+      "CURRENT_TIMESTAMP",
+      "CURRENT_USER",
+      "DECODE",
+      "DEFAULT",
+      "DEFERRABLE",
+      "DESC",
+      "DISTINCT",
+      "DISTRIBUTED",
+      "DO",
+      "ELSE",
+      "END",
+      "EXCEPT",
+      "FALSE",
+      "FETCH",
+      "FOR",
+      "FOREIGN",
+      "FREEZE",
+      "FROM",
+      "FULL",
+      "GRANT",
+      "GROUP",
+      "HAVING",
+      "ILIKE",
+      "IN",
+      "INITIALLY",
+      "INNER",
+      "INTERSECT",
+      "INTO",
+      "IS",
+      "ISNULL",
+      "JOIN",
+      "LATERAL",
+      "LEADING",
+      "LEFT",
+      "LIKE",
+      "LIMIT",
+      "LOCALTIME",
+      "LOCALTIMESTAMP",
+      "LOG",
+      "NATURAL",
+      "NOT",
+      "NOTNULL",
+      "NULL",
+      "OFFSET",
+      "ON",
+      "ONLY",
+      "OR",
+      "ORDER",
+      "OUTER",
+      "OVERLAPS",
+      "PLACING",
+      "PRIMARY",
+      "REFERENCES",
+      "RETURNING",
+      "RIGHT",
+      "SCATTER",
+      "SELECT",
+      "SESSION_USER",
+      "SIMILAR",
+      "SOME",
+      "SYMMETRIC",
+      "TABLE",
+      "THEN",
+      "TO",
+      "TRAILING",
+      "TRUE",
+      "UNION",
+      "UNIQUE",
+      "USER",
+      "USING",
+      "VARIADIC",
+      "VERBOSE",
+      "WHEN",
+      "WHERE",
+      "WINDOW",
+      "WITH",
+    ],
+  )
+
+  # Reserved keywords must be quoted to be used as identifiers.
+  RESERVED_KEYWORDS = PG_RESERVED_KEYWORDS
+end