RubyGems - webhookdb - Versions diffs - 0.1.0 - Mend

webhookdb 0.1.0

Files changed (364) hide show

checksums.yaml +7 -0
data/data/messages/layouts/blank.email.liquid +10 -0
data/data/messages/layouts/minimal.email.liquid +28 -0
data/data/messages/layouts/standard.email.liquid +28 -0
data/data/messages/partials/button.liquid +15 -0
data/data/messages/partials/environment_banner.liquid +9 -0
data/data/messages/partials/footer.liquid +22 -0
data/data/messages/partials/greeting.liquid +3 -0
data/data/messages/partials/logo_header.liquid +18 -0
data/data/messages/partials/signoff.liquid +1 -0
data/data/messages/styles/v1.liquid +346 -0
data/data/messages/templates/errors/icalendar_fetch.email.liquid +29 -0
data/data/messages/templates/invite.email.liquid +15 -0
data/data/messages/templates/new_customer.email.liquid +24 -0
data/data/messages/templates/org_database_migration_finished.email.liquid +7 -0
data/data/messages/templates/org_database_migration_started.email.liquid +9 -0
data/data/messages/templates/specs/_field_partial.liquid +1 -0
data/data/messages/templates/specs/basic.email.liquid +2 -0
data/data/messages/templates/specs/basic.fake.liquid +1 -0
data/data/messages/templates/specs/with_field.email.liquid +2 -0
data/data/messages/templates/specs/with_field.fake.liquid +1 -0
data/data/messages/templates/specs/with_include.email.liquid +2 -0
data/data/messages/templates/specs/with_partial.email.liquid +1 -0
data/data/messages/templates/verification.email.liquid +14 -0
data/data/messages/templates/verification.sms.liquid +1 -0
data/data/messages/web/install-customer-login.liquid +48 -0
data/data/messages/web/install-error.liquid +17 -0
data/data/messages/web/install-success.liquid +35 -0
data/data/messages/web/install.liquid +20 -0
data/data/messages/web/partials/footer.liquid +4 -0
data/data/messages/web/partials/form_error.liquid +1 -0
data/data/messages/web/partials/header.liquid +3 -0
data/data/messages/web/styles.liquid +134 -0
data/data/windows_tz.txt +461 -0
data/db/migrations/001_testing_pixies.rb +13 -0
data/db/migrations/002_initial.rb +132 -0
data/db/migrations/003_ux_overhaul.rb +20 -0
data/db/migrations/004_incremental_backfill.rb +9 -0
data/db/migrations/005_log_webhooks.rb +24 -0
data/db/migrations/006_generalize_roles.rb +29 -0
data/db/migrations/007_org_dns.rb +12 -0
data/db/migrations/008_webhook_subscriptions.rb +19 -0
data/db/migrations/009_nonunique_stripe_subscription_customer.rb +16 -0
data/db/migrations/010_drop_integration_soft_delete.rb +14 -0
data/db/migrations/011_webhook_subscriptions_created_at.rb +10 -0
data/db/migrations/012_webhook_subscriptions_created_by.rb +9 -0
data/db/migrations/013_default_org_membership.rb +30 -0
data/db/migrations/014_webhook_subscription_deliveries.rb +26 -0
data/db/migrations/015_dependent_integrations.rb +9 -0
data/db/migrations/016_encrypted_columns.rb +9 -0
data/db/migrations/017_skip_verification.rb +9 -0
data/db/migrations/018_sync_targets.rb +25 -0
data/db/migrations/019_org_schema.rb +9 -0
data/db/migrations/020_org_database_migrations.rb +25 -0
data/db/migrations/021_no_default_org_schema.rb +14 -0
data/db/migrations/022_database_document.rb +15 -0
data/db/migrations/023_sync_target_schema.rb +9 -0
data/db/migrations/024_org_semaphore_jobs.rb +9 -0
data/db/migrations/025_integration_backfill_cursor.rb +9 -0
data/db/migrations/026_undo_integration_backfill_cursor.rb +9 -0
data/db/migrations/027_sync_target_http_sync.rb +12 -0
data/db/migrations/028_logged_webhook_path.rb +24 -0
data/db/migrations/029_encrypt_columns.rb +97 -0
data/db/migrations/030_org_sync_target_timeout.rb +9 -0
data/db/migrations/031_org_max_query_rows.rb +9 -0
data/db/migrations/032_remove_db_defaults.rb +12 -0
data/db/migrations/033_backfill_jobs.rb +26 -0
data/db/migrations/034_backfill_job_criteria.rb +9 -0
data/db/migrations/035_synchronous_backfill.rb +9 -0
data/db/migrations/036_oauth.rb +26 -0
data/db/migrations/037_oauth_used.rb +9 -0
data/lib/amigo/durable_job.rb +416 -0
data/lib/pry/clipboard.rb +111 -0
data/lib/sequel/advisory_lock.rb +65 -0
data/lib/webhookdb/admin.rb +4 -0
data/lib/webhookdb/admin_api/auth.rb +36 -0
data/lib/webhookdb/admin_api/customers.rb +63 -0
data/lib/webhookdb/admin_api/database_documents.rb +20 -0
data/lib/webhookdb/admin_api/entities.rb +66 -0
data/lib/webhookdb/admin_api/message_deliveries.rb +61 -0
data/lib/webhookdb/admin_api/roles.rb +15 -0
data/lib/webhookdb/admin_api.rb +34 -0
data/lib/webhookdb/aggregate_result.rb +63 -0
data/lib/webhookdb/api/auth.rb +122 -0
data/lib/webhookdb/api/connstr_auth.rb +36 -0
data/lib/webhookdb/api/db.rb +188 -0
data/lib/webhookdb/api/demo.rb +14 -0
data/lib/webhookdb/api/entities.rb +198 -0
data/lib/webhookdb/api/helpers.rb +253 -0
data/lib/webhookdb/api/install.rb +296 -0
data/lib/webhookdb/api/me.rb +53 -0
data/lib/webhookdb/api/organizations.rb +254 -0
data/lib/webhookdb/api/replay.rb +64 -0
data/lib/webhookdb/api/service_integrations.rb +402 -0
data/lib/webhookdb/api/services.rb +27 -0
data/lib/webhookdb/api/stripe.rb +22 -0
data/lib/webhookdb/api/subscriptions.rb +67 -0
data/lib/webhookdb/api/sync_targets.rb +232 -0
data/lib/webhookdb/api/system.rb +37 -0
data/lib/webhookdb/api/webhook_subscriptions.rb +96 -0
data/lib/webhookdb/api.rb +92 -0
data/lib/webhookdb/apps.rb +93 -0
data/lib/webhookdb/async/audit_logger.rb +38 -0
data/lib/webhookdb/async/autoscaler.rb +84 -0
data/lib/webhookdb/async/job.rb +18 -0
data/lib/webhookdb/async/job_logger.rb +45 -0
data/lib/webhookdb/async/scheduled_job.rb +18 -0
data/lib/webhookdb/async.rb +142 -0
data/lib/webhookdb/aws.rb +98 -0
data/lib/webhookdb/backfill_job.rb +107 -0
data/lib/webhookdb/backfiller.rb +107 -0
data/lib/webhookdb/cloudflare.rb +39 -0
data/lib/webhookdb/connection_cache.rb +177 -0
data/lib/webhookdb/console.rb +71 -0
data/lib/webhookdb/convertkit.rb +14 -0
data/lib/webhookdb/crypto.rb +66 -0
data/lib/webhookdb/customer/reset_code.rb +94 -0
data/lib/webhookdb/customer.rb +347 -0
data/lib/webhookdb/database_document.rb +72 -0
data/lib/webhookdb/db_adapter/column_types.rb +37 -0
data/lib/webhookdb/db_adapter/default_sql.rb +187 -0
data/lib/webhookdb/db_adapter/pg.rb +96 -0
data/lib/webhookdb/db_adapter/snowflake.rb +137 -0
data/lib/webhookdb/db_adapter.rb +208 -0
data/lib/webhookdb/dbutil.rb +92 -0
data/lib/webhookdb/demo_mode.rb +100 -0
data/lib/webhookdb/developer_alert.rb +51 -0
data/lib/webhookdb/email_octopus.rb +21 -0
data/lib/webhookdb/enumerable.rb +18 -0
data/lib/webhookdb/fixtures/backfill_jobs.rb +72 -0
data/lib/webhookdb/fixtures/customers.rb +65 -0
data/lib/webhookdb/fixtures/database_documents.rb +27 -0
data/lib/webhookdb/fixtures/faker.rb +41 -0
data/lib/webhookdb/fixtures/logged_webhooks.rb +56 -0
data/lib/webhookdb/fixtures/message_deliveries.rb +59 -0
data/lib/webhookdb/fixtures/oauth_sessions.rb +24 -0
data/lib/webhookdb/fixtures/organization_database_migrations.rb +37 -0
data/lib/webhookdb/fixtures/organization_memberships.rb +54 -0
data/lib/webhookdb/fixtures/organizations.rb +32 -0
data/lib/webhookdb/fixtures/reset_codes.rb +23 -0
data/lib/webhookdb/fixtures/service_integrations.rb +42 -0
data/lib/webhookdb/fixtures/subscriptions.rb +33 -0
data/lib/webhookdb/fixtures/sync_targets.rb +32 -0
data/lib/webhookdb/fixtures/webhook_subscriptions.rb +35 -0
data/lib/webhookdb/fixtures.rb +15 -0
data/lib/webhookdb/formatting.rb +56 -0
data/lib/webhookdb/front.rb +49 -0
data/lib/webhookdb/github.rb +22 -0
data/lib/webhookdb/google_calendar.rb +29 -0
data/lib/webhookdb/heroku.rb +21 -0
data/lib/webhookdb/http.rb +114 -0
data/lib/webhookdb/icalendar.rb +17 -0
data/lib/webhookdb/id.rb +17 -0
data/lib/webhookdb/idempotency.rb +90 -0
data/lib/webhookdb/increase.rb +42 -0
data/lib/webhookdb/intercom.rb +23 -0
data/lib/webhookdb/jobs/amigo_test_jobs.rb +118 -0
data/lib/webhookdb/jobs/backfill.rb +32 -0
data/lib/webhookdb/jobs/create_mirror_table.rb +18 -0
data/lib/webhookdb/jobs/create_stripe_customer.rb +17 -0
data/lib/webhookdb/jobs/customer_created_notify_internal.rb +22 -0
data/lib/webhookdb/jobs/demo_mode_sync_data.rb +19 -0
data/lib/webhookdb/jobs/deprecated_jobs.rb +19 -0
data/lib/webhookdb/jobs/developer_alert_handle.rb +14 -0
data/lib/webhookdb/jobs/durable_job_recheck_poller.rb +17 -0
data/lib/webhookdb/jobs/emailer.rb +15 -0
data/lib/webhookdb/jobs/icalendar_enqueue_syncs.rb +25 -0
data/lib/webhookdb/jobs/icalendar_sync.rb +23 -0
data/lib/webhookdb/jobs/logged_webhook_replay.rb +17 -0
data/lib/webhookdb/jobs/logged_webhook_resilient_replay.rb +15 -0
data/lib/webhookdb/jobs/message_dispatched.rb +16 -0
data/lib/webhookdb/jobs/organization_database_migration_notify_finished.rb +21 -0
data/lib/webhookdb/jobs/organization_database_migration_notify_started.rb +21 -0
data/lib/webhookdb/jobs/organization_database_migration_run.rb +24 -0
data/lib/webhookdb/jobs/prepare_database_connections.rb +22 -0
data/lib/webhookdb/jobs/process_webhook.rb +47 -0
data/lib/webhookdb/jobs/renew_watch_channel.rb +24 -0
data/lib/webhookdb/jobs/replication_migration.rb +24 -0
data/lib/webhookdb/jobs/reset_code_create_dispatch.rb +23 -0
data/lib/webhookdb/jobs/scheduled_backfills.rb +77 -0
data/lib/webhookdb/jobs/send_invite.rb +15 -0
data/lib/webhookdb/jobs/send_test_webhook.rb +25 -0
data/lib/webhookdb/jobs/send_webhook.rb +20 -0
data/lib/webhookdb/jobs/sync_target_enqueue_scheduled.rb +16 -0
data/lib/webhookdb/jobs/sync_target_run_sync.rb +38 -0
data/lib/webhookdb/jobs/trim_logged_webhooks.rb +15 -0
data/lib/webhookdb/jobs/webhook_resource_notify_integrations.rb +30 -0
data/lib/webhookdb/jobs/webhook_subscription_delivery_attempt.rb +29 -0
data/lib/webhookdb/jobs.rb +4 -0
data/lib/webhookdb/json.rb +113 -0
data/lib/webhookdb/liquid/expose.rb +27 -0
data/lib/webhookdb/liquid/filters.rb +16 -0
data/lib/webhookdb/liquid/liquification.rb +26 -0
data/lib/webhookdb/liquid/partial.rb +12 -0
data/lib/webhookdb/logged_webhook/resilient.rb +95 -0
data/lib/webhookdb/logged_webhook.rb +194 -0
data/lib/webhookdb/message/body.rb +25 -0
data/lib/webhookdb/message/delivery.rb +127 -0
data/lib/webhookdb/message/email_transport.rb +133 -0
data/lib/webhookdb/message/fake_transport.rb +54 -0
data/lib/webhookdb/message/liquid_drops.rb +29 -0
data/lib/webhookdb/message/template.rb +89 -0
data/lib/webhookdb/message/transport.rb +43 -0
data/lib/webhookdb/message.rb +150 -0
data/lib/webhookdb/messages/error_icalendar_fetch.rb +42 -0
data/lib/webhookdb/messages/invite.rb +23 -0
data/lib/webhookdb/messages/new_customer.rb +14 -0
data/lib/webhookdb/messages/org_database_migration_finished.rb +23 -0
data/lib/webhookdb/messages/org_database_migration_started.rb +24 -0
data/lib/webhookdb/messages/specs.rb +57 -0
data/lib/webhookdb/messages/verification.rb +23 -0
data/lib/webhookdb/method_utilities.rb +82 -0
data/lib/webhookdb/microsoft_calendar.rb +36 -0
data/lib/webhookdb/nextpax.rb +14 -0
data/lib/webhookdb/oauth/front.rb +58 -0
data/lib/webhookdb/oauth/intercom.rb +58 -0
data/lib/webhookdb/oauth/session.rb +24 -0
data/lib/webhookdb/oauth.rb +80 -0
data/lib/webhookdb/organization/alerting.rb +35 -0
data/lib/webhookdb/organization/database_migration.rb +151 -0
data/lib/webhookdb/organization/db_builder.rb +429 -0
data/lib/webhookdb/organization.rb +506 -0
data/lib/webhookdb/organization_membership.rb +58 -0
data/lib/webhookdb/phone_number.rb +38 -0
data/lib/webhookdb/plaid.rb +23 -0
data/lib/webhookdb/platform.rb +27 -0
data/lib/webhookdb/plivo.rb +52 -0
data/lib/webhookdb/postgres/maintenance.rb +166 -0
data/lib/webhookdb/postgres/model.rb +82 -0
data/lib/webhookdb/postgres/model_utilities.rb +382 -0
data/lib/webhookdb/postgres/testing_pixie.rb +16 -0
data/lib/webhookdb/postgres/validations.rb +46 -0
data/lib/webhookdb/postgres.rb +176 -0
data/lib/webhookdb/postmark.rb +20 -0
data/lib/webhookdb/redis.rb +35 -0
data/lib/webhookdb/replicator/atom_single_feed_v1.rb +116 -0
data/lib/webhookdb/replicator/aws_pricing_v1.rb +488 -0
data/lib/webhookdb/replicator/base.rb +1185 -0
data/lib/webhookdb/replicator/column.rb +482 -0
data/lib/webhookdb/replicator/convertkit_broadcast_v1.rb +69 -0
data/lib/webhookdb/replicator/convertkit_subscriber_v1.rb +200 -0
data/lib/webhookdb/replicator/convertkit_tag_v1.rb +66 -0
data/lib/webhookdb/replicator/convertkit_v1_mixin.rb +65 -0
data/lib/webhookdb/replicator/docgen.rb +167 -0
data/lib/webhookdb/replicator/email_octopus_campaign_v1.rb +84 -0
data/lib/webhookdb/replicator/email_octopus_contact_v1.rb +159 -0
data/lib/webhookdb/replicator/email_octopus_event_v1.rb +244 -0
data/lib/webhookdb/replicator/email_octopus_list_v1.rb +101 -0
data/lib/webhookdb/replicator/fake.rb +453 -0
data/lib/webhookdb/replicator/front_conversation_v1.rb +45 -0
data/lib/webhookdb/replicator/front_marketplace_root_v1.rb +55 -0
data/lib/webhookdb/replicator/front_message_v1.rb +45 -0
data/lib/webhookdb/replicator/front_v1_mixin.rb +22 -0
data/lib/webhookdb/replicator/github_issue_comment_v1.rb +58 -0
data/lib/webhookdb/replicator/github_issue_v1.rb +83 -0
data/lib/webhookdb/replicator/github_pull_v1.rb +84 -0
data/lib/webhookdb/replicator/github_release_v1.rb +47 -0
data/lib/webhookdb/replicator/github_repo_v1_mixin.rb +250 -0
data/lib/webhookdb/replicator/github_repository_event_v1.rb +45 -0
data/lib/webhookdb/replicator/icalendar_calendar_v1.rb +465 -0
data/lib/webhookdb/replicator/icalendar_event_v1.rb +334 -0
data/lib/webhookdb/replicator/increase_account_number_v1.rb +77 -0
data/lib/webhookdb/replicator/increase_account_transfer_v1.rb +61 -0
data/lib/webhookdb/replicator/increase_account_v1.rb +63 -0
data/lib/webhookdb/replicator/increase_ach_transfer_v1.rb +78 -0
data/lib/webhookdb/replicator/increase_check_transfer_v1.rb +64 -0
data/lib/webhookdb/replicator/increase_limit_v1.rb +78 -0
data/lib/webhookdb/replicator/increase_transaction_v1.rb +74 -0
data/lib/webhookdb/replicator/increase_v1_mixin.rb +121 -0
data/lib/webhookdb/replicator/increase_wire_transfer_v1.rb +61 -0
data/lib/webhookdb/replicator/intercom_contact_v1.rb +36 -0
data/lib/webhookdb/replicator/intercom_conversation_v1.rb +38 -0
data/lib/webhookdb/replicator/intercom_marketplace_root_v1.rb +69 -0
data/lib/webhookdb/replicator/intercom_v1_mixin.rb +105 -0
data/lib/webhookdb/replicator/oauth_refresh_access_token_mixin.rb +65 -0
data/lib/webhookdb/replicator/plivo_sms_inbound_v1.rb +102 -0
data/lib/webhookdb/replicator/postmark_inbound_message_v1.rb +94 -0
data/lib/webhookdb/replicator/postmark_outbound_message_event_v1.rb +107 -0
data/lib/webhookdb/replicator/schema_modification.rb +42 -0
data/lib/webhookdb/replicator/shopify_customer_v1.rb +58 -0
data/lib/webhookdb/replicator/shopify_order_v1.rb +64 -0
data/lib/webhookdb/replicator/shopify_v1_mixin.rb +161 -0
data/lib/webhookdb/replicator/signalwire_message_v1.rb +169 -0
data/lib/webhookdb/replicator/sponsy_customer_v1.rb +54 -0
data/lib/webhookdb/replicator/sponsy_placement_v1.rb +34 -0
data/lib/webhookdb/replicator/sponsy_publication_v1.rb +125 -0
data/lib/webhookdb/replicator/sponsy_slot_v1.rb +41 -0
data/lib/webhookdb/replicator/sponsy_status_v1.rb +35 -0
data/lib/webhookdb/replicator/sponsy_v1_mixin.rb +165 -0
data/lib/webhookdb/replicator/state_machine_step.rb +69 -0
data/lib/webhookdb/replicator/stripe_charge_v1.rb +77 -0
data/lib/webhookdb/replicator/stripe_coupon_v1.rb +62 -0
data/lib/webhookdb/replicator/stripe_customer_v1.rb +60 -0
data/lib/webhookdb/replicator/stripe_dispute_v1.rb +77 -0
data/lib/webhookdb/replicator/stripe_invoice_item_v1.rb +82 -0
data/lib/webhookdb/replicator/stripe_invoice_v1.rb +116 -0
data/lib/webhookdb/replicator/stripe_payout_v1.rb +67 -0
data/lib/webhookdb/replicator/stripe_price_v1.rb +60 -0
data/lib/webhookdb/replicator/stripe_product_v1.rb +60 -0
data/lib/webhookdb/replicator/stripe_refund_v1.rb +101 -0
data/lib/webhookdb/replicator/stripe_subscription_item_v1.rb +56 -0
data/lib/webhookdb/replicator/stripe_subscription_v1.rb +75 -0
data/lib/webhookdb/replicator/stripe_v1_mixin.rb +116 -0
data/lib/webhookdb/replicator/transistor_episode_stats_v1.rb +141 -0
data/lib/webhookdb/replicator/transistor_episode_v1.rb +169 -0
data/lib/webhookdb/replicator/transistor_show_v1.rb +68 -0
data/lib/webhookdb/replicator/transistor_v1_mixin.rb +65 -0
data/lib/webhookdb/replicator/twilio_sms_v1.rb +156 -0
data/lib/webhookdb/replicator/webhook_request.rb +5 -0
data/lib/webhookdb/replicator/webhookdb_customer_v1.rb +74 -0
data/lib/webhookdb/replicator.rb +224 -0
data/lib/webhookdb/role.rb +42 -0
data/lib/webhookdb/sentry.rb +35 -0
data/lib/webhookdb/service/auth.rb +138 -0
data/lib/webhookdb/service/collection.rb +91 -0
data/lib/webhookdb/service/entities.rb +97 -0
data/lib/webhookdb/service/helpers.rb +270 -0
data/lib/webhookdb/service/middleware.rb +124 -0
data/lib/webhookdb/service/types.rb +30 -0
data/lib/webhookdb/service/validators.rb +32 -0
data/lib/webhookdb/service/view_api.rb +63 -0
data/lib/webhookdb/service.rb +219 -0
data/lib/webhookdb/service_integration.rb +332 -0
data/lib/webhookdb/shopify.rb +35 -0
data/lib/webhookdb/signalwire.rb +13 -0
data/lib/webhookdb/slack.rb +68 -0
data/lib/webhookdb/snowflake.rb +90 -0
data/lib/webhookdb/spec_helpers/async.rb +122 -0
data/lib/webhookdb/spec_helpers/citest.rb +88 -0
data/lib/webhookdb/spec_helpers/integration.rb +121 -0
data/lib/webhookdb/spec_helpers/message.rb +41 -0
data/lib/webhookdb/spec_helpers/postgres.rb +220 -0
data/lib/webhookdb/spec_helpers/service.rb +432 -0
data/lib/webhookdb/spec_helpers/shared_examples_for_columns.rb +56 -0
data/lib/webhookdb/spec_helpers/shared_examples_for_replicators.rb +915 -0
data/lib/webhookdb/spec_helpers/whdb.rb +139 -0
data/lib/webhookdb/spec_helpers.rb +63 -0
data/lib/webhookdb/sponsy.rb +14 -0
data/lib/webhookdb/stripe.rb +37 -0
data/lib/webhookdb/subscription.rb +203 -0
data/lib/webhookdb/sync_target.rb +491 -0
data/lib/webhookdb/tasks/admin.rb +49 -0
data/lib/webhookdb/tasks/annotate.rb +36 -0
data/lib/webhookdb/tasks/db.rb +82 -0
data/lib/webhookdb/tasks/docs.rb +42 -0
data/lib/webhookdb/tasks/fixture.rb +35 -0
data/lib/webhookdb/tasks/message.rb +50 -0
data/lib/webhookdb/tasks/regress.rb +87 -0
data/lib/webhookdb/tasks/release.rb +27 -0
data/lib/webhookdb/tasks/sidekiq.rb +23 -0
data/lib/webhookdb/tasks/specs.rb +64 -0
data/lib/webhookdb/theranest.rb +15 -0
data/lib/webhookdb/transistor.rb +13 -0
data/lib/webhookdb/twilio.rb +13 -0
data/lib/webhookdb/typed_struct.rb +44 -0
data/lib/webhookdb/version.rb +5 -0
data/lib/webhookdb/webhook_response.rb +50 -0
data/lib/webhookdb/webhook_subscription/delivery.rb +82 -0
data/lib/webhookdb/webhook_subscription.rb +226 -0
data/lib/webhookdb/windows_tz.rb +32 -0
data/lib/webhookdb/xml.rb +92 -0
data/lib/webhookdb.rb +224 -0
data/lib/webterm/apps.rb +45 -0
metadata +1129 -0

data/lib/webhookdb/organization/db_builder.rb ADDED Viewed

@@ -0,0 +1,429 @@
+# frozen_string_literal: true
+require "appydays/configurable"
+require "appydays/loggable"
+require "webhookdb/organization"
+require "webhookdb/cloudflare"
+# When an org is created, it gets its own database containing the service integration tables
+# exclusively for that org. This ensures orgs can be easily isolated from each other.
+#
+# Each org has two connections:
+# - admin, which can modify tables. Used to create service integration tables.
+#   We generally want to avoid using this connection.
+#   Should never be exposed.
+# - readonly, used for reading only the service integration tables
+#   (and not additional PG info tables).
+#   Can safely be exposed to members of the org.
+class Webhookdb::Organization::DbBuilder
+  include Appydays::Configurable
+  include Appydays::Loggable
+  include Webhookdb::Dbutil
+  extend Webhookdb::MethodUtilities
+  class IsolatedOperationError < StandardError; end
+  DATABASE = "database"
+  SCHEMA = "schema"
+  USER = "user"
+  NONE = "none"
+  VALID_ISOLATION_MODES = [
+    "#{DATABASE}+#{USER}",
+    "#{DATABASE}+#{SCHEMA}+#{USER}",
+    SCHEMA,
+    "#{SCHEMA}+#{USER}",
+    NONE,
+  ].freeze
+  singleton_attr_accessor :available_server_urls
+  configurable(:db_builder) do
+    # Server urls are absolute urls that define servers which can be chosen for organization DBs.
+    # Space-separate multiple servers.
+    setting :server_urls, [], convert: ->(s) { s.split.map(&:strip) }
+    # Server env vars are the names of environment variables whose value are
+    # each a server which can be chosen for organization DBs.
+    # Allows you to use dynamically configured servers.
+    # Space-separate multiple env vars.
+    setting :server_env_vars, ["DATABASE_URL"], convert: ->(s) { s.split.map(&:strip) }
+    # Determines whether we allow orgs to handle their own migrations.
+    # Used for self-hosted databases.
+    setting :allow_public_migrations, false
+    # Create a CNAME record when building the database connection.
+    setting :create_cname_for_connection_urls, false
+    # The Cloudflare zone ID that DNS records will be created in.
+    # NOTE: It is required that the Cloudflare API token has access to this zone.
+    setting :cloudflare_dns_zone_id, "testdnszoneid"
+    # See README for more details.
+    setting :isolation_mode, "database+user"
+    # How many connections can each readonly user make?
+    setting :readonly_connection_limit, 50
+    # How long can the readonly user query before a timeout?
+    # Keep this low to avoid query pressure the database,
+    # especially when dealing with many tenants.
+    setting :readonly_connection_timeout, "15s"
+    after_configured do
+      unless VALID_ISOLATION_MODES.include?(self.isolation_mode)
+        msg = "Invalid DB_BUILDER_ISOLATION_MODE '#{self.isolation_mode}', " \
+              "valid modes are: #{VALID_ISOLATION_MODES.join(', ')}"
+        raise KeyError, msg
+      end
+      self.available_server_urls = self.server_urls.dup
+      self.available_server_urls.concat(self.server_env_vars.map { |e| ENV.fetch(e, nil) })
+    end
+  end
+  def self.isolate?(type)
+    return self.isolation_mode.include?(type)
+  end
+  attr_reader :admin_url, :readonly_url
+  def initialize(org)
+    @org = org
+  end
+  def default_replication_schema
+    raise Webhookdb::InvalidPrecondition, "Org must have a key to calculate the replication schema" if @org.key.blank?
+    return "public" unless self.class.isolate?(SCHEMA)
+    return "whdb_#{@org.key}"
+  end
+  def prepare_database_connections
+    # Grab a random server url. This will give us a 'superuser'-like url
+    # that can create roles and whatever else.
+    superuser_str = self._choose_superuser_url
+    case self.class.isolation_mode
+      when "database+user"
+        self._prepare_database_connections_database_user(superuser_str)
+      when "database+schema+user"
+        self._prepare_database_connections_database_schema_user(superuser_str)
+      when "schema"
+        self._prepare_database_connections_schema(superuser_str)
+      when "schema+user"
+        self._prepare_database_connections_schema_user(superuser_str)
+      when "none"
+        self._prepare_database_connections_none(superuser_str)
+      else
+        raise "Did not expect mode #{self.class.isolation_mode}"
+    end
+    return self
+  end
+  def _prepare_database_connections_database_user(superuser_url_str)
+    superuser_url = URI.parse(superuser_url_str)
+    # Use this superuser connection to create the admin role,
+    # which will be responsible for the database.
+    # While connected as the superuser, we can go ahead and create both roles.
+    admin_user = self.randident("ad")
+    admin_pwd = self.randident
+    ro_user = self.randident("ro")
+    ro_pwd = self.randident
+    dbname = self.randident("db")
+    # Do not log this
+    borrow_conn(superuser_url_str, loggers: []) do |conn|
+      conn << <<~SQL
+        CREATE ROLE #{admin_user} PASSWORD '#{admin_pwd}' NOSUPERUSER CREATEDB CREATEROLE INHERIT LOGIN;
+        CREATE ROLE #{ro_user} PASSWORD '#{ro_pwd}' NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT LOGIN;
+        ALTER USER #{ro_user} WITH CONNECTION LIMIT #{self.class.readonly_connection_limit};
+        ALTER ROLE #{ro_user} SET statement_timeout = '#{self.class.readonly_connection_timeout}';
+        GRANT #{admin_user} TO CURRENT_USER;
+      SQL
+      # Cannot be in the same statement as above since that's one transaction.
+      conn << "CREATE DATABASE #{dbname} OWNER #{admin_user};"
+      conn << "REVOKE ALL PRIVILEGES ON DATABASE #{dbname} FROM public;"
+    end
+    # Now that we've created the admin role and have a database,
+    # we must disconnect and connect to the new database.
+    # This MUST be done as superuser; for some reason,
+    # the public schema (which we need to revoke on) belongs to the superuser,
+    # NOT the DB owner: https://pgsql-general.postgresql.narkive.com/X9VKOPIW
+    superuser_in_db_str = self._create_conn_url(superuser_url.user, superuser_url.password, superuser_url, dbname)
+    schema = self._org_schema
+    borrow_conn(superuser_in_db_str) do |conn|
+      conn << <<~SQL
+        -- Revoke all rights from readonly user, and public role, which all users have.
+        REVOKE ALL ON DATABASE #{dbname} FROM PUBLIC, #{ro_user};
+        REVOKE ALL ON SCHEMA public FROM PUBLIC, #{ro_user};
+        REVOKE ALL ON ALL TABLES IN SCHEMA public FROM PUBLIC, #{ro_user};
+        -- Create the schema if needed. In most cases this is 'public' so it isn't.
+        CREATE SCHEMA IF NOT EXISTS #{schema};
+        -- Allow the readonly user to select stuff
+        GRANT CONNECT ON DATABASE #{dbname} TO #{ro_user};
+        GRANT USAGE ON SCHEMA #{schema} TO #{ro_user};
+        GRANT SELECT ON ALL TABLES IN SCHEMA #{schema} TO #{ro_user};
+        -- Now that we have modified public/replication schema as superuser,
+        -- we can grant ownership to the admin user, so they can do modification in the future.
+        ALTER SCHEMA public OWNER TO #{admin_user};
+        ALTER SCHEMA #{schema} OWNER TO #{admin_user};
+      SQL
+    end
+    @admin_url = self._create_conn_url(admin_user, admin_pwd, superuser_url, dbname)
+    # We MUST modify the default privs AFTER changing ownership.
+    # Changing ownership seems to reset default piv grants (and it cannot be done after transferring ownership)
+    borrow_conn(@admin_url) do |conn|
+      conn << "ALTER DEFAULT PRIVILEGES IN SCHEMA #{schema} GRANT SELECT ON TABLES TO #{ro_user};"
+    end
+    @readonly_url = self._create_conn_url(ro_user, ro_pwd, superuser_url, dbname)
+  end
+  def _prepare_database_connections_database_schema_user(superuser_url_str)
+    self._prepare_database_connections_database_user(superuser_url_str)
+    # Revoke everything on public schema, so our readonly user cannot access it.
+    borrow_conn(@admin_url) do |conn|
+      conn << "REVOKE ALL ON SCHEMA public FROM public"
+    end
+  end
+  def _prepare_database_connections_schema(superuser_url_str)
+    borrow_conn(superuser_url_str) do |conn|
+      conn << "CREATE SCHEMA IF NOT EXISTS #{self._org_schema};"
+    end
+    @admin_url = superuser_url_str
+    @readonly_url = superuser_url_str
+  end
+  def _prepare_database_connections_schema_user(superuser_url_str)
+    ro_user = self.randident("ro")
+    ro_pwd = self.randident
+    schema = self._org_schema
+    borrow_conn(superuser_url_str) do |conn|
+      conn << <<~SQL
+        -- Create readonly role and make sure it cannot access public stuff
+        CREATE ROLE #{ro_user} PASSWORD '#{ro_pwd}' NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT LOGIN;
+        ALTER USER #{ro_user} WITH CONNECTION LIMIT #{self.class.readonly_connection_limit};
+        ALTER ROLE #{ro_user} SET statement_timeout = '#{self.class.readonly_connection_timeout}';
+        REVOKE ALL ON SCHEMA public FROM #{ro_user};
+        REVOKE CREATE ON SCHEMA public FROM #{ro_user};
+        REVOKE ALL ON ALL TABLES IN SCHEMA public FROM #{ro_user};
+        -- Create the schema and ensure readonly user can access it
+        -- Also remove public role access so other readonly users cannot access it.
+        CREATE SCHEMA IF NOT EXISTS #{schema};
+        REVOKE ALL ON SCHEMA #{schema} FROM PUBLIC, #{ro_user};
+        REVOKE ALL ON ALL TABLES IN SCHEMA #{schema} FROM PUBLIC, #{ro_user};
+        GRANT USAGE ON SCHEMA #{schema} TO #{ro_user};
+        GRANT SELECT ON ALL TABLES IN SCHEMA #{schema} TO #{ro_user};
+        ALTER DEFAULT PRIVILEGES IN SCHEMA #{schema} GRANT SELECT ON TABLES TO #{ro_user};
+      SQL
+    end
+    @admin_url = superuser_url_str
+    @readonly_url = self._replace_url_auth(superuser_url_str, ro_user, ro_pwd)
+  end
+  def _prepare_database_connections_none(superuser_url_str)
+    @admin_url = superuser_url_str
+    @readonly_url = superuser_url_str
+  end
+  # Return the superuser url for the org to use when creating its DB connections.
+  # Right now this is just choosing a random server url,
+  # but could be more complex, like choosing the server with the lowest utilization.
+  protected def _choose_superuser_url
+    superuser_str = self.class.available_server_urls.sample
+    return superuser_str
+  end
+  protected def _org_schema
+    return Webhookdb::DBAdapter::PG.new.escape_identifier(@org.replication_schema)
+  end
+  # prefix with <id>a to avoid ever conflicting database names
+  def randident(prefix="")
+    return "a#{prefix}#{@org.id}a#{SecureRandom.hex(8)}"
+  end
+  def _create_conn_url(username, password, uri, dbname)
+    return "postgres://#{username}:#{password}@#{uri.host}:#{uri.port}/#{dbname}"
+  end
+  def _replace_url_auth(url, user, pass)
+    uri = URI(url)
+    uri.user = user
+    uri.password = pass
+    return uri.to_s
+  end
+  # Create the CNAME record specific to this org,
+  # so that the DB it is hosted on is reachable via a nice URL,
+  # rather than connecting directly to the host.
+  #
+  # If create_cnames is false,
+  # this method no-ops, so we don't spam cloudflare during integration tests,
+  # or need to httpmock everything during unit tests.
+  #
+  # Otherwise, create the CNAME like "myorg.db node.rds.amazonaws.com",
+  # and set org.public_host to "myorg.db.webhookdb.dev". The "webhookdb.dev" value
+  # comes from the Cloudflare DNS response, and corresponds to the zone
+  # that `cloudflare_dns_zone_id` identifies.
+  def create_public_host_cname(conn_url)
+    return nil unless self.class.create_cname_for_connection_urls
+    db_host = URI.parse(conn_url).host
+    cname = Webhookdb::Cloudflare.create_zone_dns_record(
+      type: "CNAME",
+      zone_id: self.class.cloudflare_dns_zone_id,
+      name: "#{@org.key}.db",
+      content: db_host,
+    )
+    @org.public_host = cname["result"]["name"]
+    @org.cloudflare_dns_record_json = cname
+    return self
+  end
+  # To remove related databases and users, we must
+  # 1) find the server hosting the database, which will itself contain the admin creds
+  #    suitable for having created it in the first place.
+  # 2) delete the database, using info extracted from the admin connection (run from the server conn)
+  # 3) delete each user (run from the server conn)
+  # We need these workarounds because we cannot drop the admin database while we're connected to it
+  # (and we probably don't want the admin role trying to delete itself).
+  def remove_related_database
+    return if @org.admin_connection_url_raw.blank?
+    superuser_str = self._find_superuser_url_str
+    # Cannot use conn cache since we may be removing ourselves
+    borrow_conn(superuser_str) do |conn|
+      case self.class.isolation_mode
+        when "database+user", "database+schema+user"
+          Webhookdb::ConnectionCache.disconnect(@org.admin_connection_url_raw)
+          Webhookdb::ConnectionCache.disconnect(@org.readonly_connection_url_raw)
+          conn << "DROP DATABASE #{@org.dbname};"
+          conn << "DROP USER #{@org.readonly_user};" unless @org.single_db_user?
+          conn << "DROP USER #{@org.admin_user};"
+        when "schema+user"
+          Webhookdb::ConnectionCache.disconnect(@org.readonly_connection_url_raw)
+          conn << <<~SQL
+            DROP SCHEMA IF EXISTS #{self._org_schema} CASCADE;
+            DROP OWNED BY #{@org.readonly_user};
+            DROP USER #{@org.readonly_user};
+          SQL
+        when "schema"
+          conn << "DROP SCHEMA IF EXISTS #{self._org_schema} CASCADE"
+        when "none"
+          nil
+        else
+          raise "not supported yet"
+      end
+    end
+  end
+  protected def _find_superuser_url_str
+    admin_url = URI.parse(@org.admin_connection_url_raw)
+    superuser_str = self.class.available_server_urls.find do |sstr|
+      surl = URI.parse(sstr)
+      surl.host == admin_url.host && surl.port == admin_url.port
+    end
+    if superuser_str.blank?
+      msg = "Could not find a matching server url for #{admin_url} in #{self.class.available_server_urls}"
+      raise msg
+    end
+    return superuser_str
+  end
+  def roll_connection_credentials
+    raise IsolatedOperationError, "cannot roll credentials without a user isolation mode" unless
+      self.class.isolate?(USER)
+    superuser_uri = URI(self._find_superuser_url_str)
+    orig_readonly_user = URI(@org.readonly_connection_url_raw).user
+    ro_user = self.randident("ro")
+    ro_pwd = self.randident
+    @readonly_url = self._create_conn_url(ro_user, ro_pwd, superuser_uri, @org.dbname)
+    lines = [
+      "ALTER ROLE #{orig_readonly_user} RENAME TO #{ro_user};",
+      "ALTER ROLE #{ro_user} WITH PASSWORD '#{ro_pwd}';",
+    ]
+    if self.class.isolate?(DATABASE)
+      # Roll admin credentials for a separate database.
+      # For schema isolation, we assume admin is the superuser so cannot roll creds.
+      orig_admin_user = URI(@org.admin_connection_url_raw).user
+      admin_user = self.randident("ad")
+      admin_pwd = self.randident
+      lines.push(
+        "ALTER ROLE #{orig_admin_user} RENAME TO #{admin_user};",
+        "ALTER ROLE #{admin_user} WITH PASSWORD '#{admin_pwd}';",
+      )
+      @admin_url = self._create_conn_url(admin_user, admin_pwd, superuser_uri, @org.dbname)
+    else
+      @admin_url = @org.admin_connection_url_raw
+    end
+    # New conn so we don't log it
+    borrow_conn(superuser_uri.to_s, loggers: []) do |conn|
+      conn << lines.join("\n")
+    end
+  end
+  def generate_fdw_payload(
+    remote_server_name:,
+    fetch_size:,
+    local_schema:,
+    view_schema:
+  )
+    raise ArgumentError, "no arg can be blank" if
+      [remote_server_name, fetch_size, local_schema, view_schema].any?(&:blank?)
+    conn = URI(@org.readonly_connection_url)
+    fdw_sql = <<~FDW_SERVER
+      CREATE EXTENSION IF NOT EXISTS postgres_fdw;
+      DROP SERVER IF EXISTS #{remote_server_name} CASCADE;
+      CREATE SERVER #{remote_server_name}
+        FOREIGN DATA WRAPPER postgres_fdw
+        OPTIONS (host '#{conn.host}', port '#{conn.port}', dbname '#{conn.path[1..]}', fetch_size '#{fetch_size}');
+      CREATE USER MAPPING FOR CURRENT_USER
+        SERVER #{remote_server_name}
+        OPTIONS (user '#{conn.user}', password '#{conn.password}');
+      CREATE SCHEMA IF NOT EXISTS #{local_schema};
+      IMPORT FOREIGN SCHEMA #{self._org_schema}
+        FROM SERVER #{remote_server_name}
+        INTO #{local_schema};
+      CREATE SCHEMA IF NOT EXISTS #{view_schema};
+    FDW_SERVER
+    views_for_integrations = @org.service_integrations.to_h do |sint|
+      cmd = "CREATE MATERIALIZED VIEW IF NOT EXISTS #{view_schema}.#{sint.service_name} " \
+            "AS SELECT * FROM #{local_schema}.#{sint.table_name};"
+      [sint.opaque_id, cmd]
+    end
+    views_sql = views_for_integrations.values.sort.join("\n")
+    result = {
+      fdw_sql:,
+      views_sql:,
+      compound_sql: "#{fdw_sql}\n\n#{views_sql}",
+      views: views_for_integrations,
+    }
+    return result
+  end
+  def migration_replication_schema_sql(old_schema, new_schema)
+    can_migrate_to_public = self.class.isolate?(DATABASE)
+    if new_schema == "public" && !can_migrate_to_public
+      raise IsolatedOperationError,
+            "cannot migrate to public schema when using '#{self.class.isolation_mode}' isolation"
+    end
+    ad = Webhookdb::DBAdapter::PG.new
+    qold_schema = ad.escape_identifier(old_schema)
+    qnew_schema = ad.escape_identifier(new_schema)
+    lines = []
+    # lines << "ALTER SCHEMA #{qold_schema} RENAME TO #{qnew_schema};"
+    # lines << "CREATE SCHEMA IF NOT EXISTS public;"
+    lines << "CREATE SCHEMA IF NOT EXISTS #{qnew_schema};"
+    @org.service_integrations.each do |sint|
+      lines << ("ALTER TABLE IF EXISTS %s.%s SET SCHEMA %s;" %
+        [qold_schema, ad.escape_identifier(sint.table_name), qnew_schema])
+    end
+    if self.class.isolate?(USER)
+      ro_user = @org.readonly_user
+      lines << "GRANT USAGE ON SCHEMA #{qnew_schema} TO #{ro_user};"
+      lines << "GRANT SELECT ON ALL TABLES IN SCHEMA #{qnew_schema} TO #{ro_user};"
+      lines << "REVOKE ALL ON SCHEMA #{qold_schema} FROM #{ro_user};" unless @org.single_db_user?
+      lines << "REVOKE ALL ON ALL TABLES IN SCHEMA #{qold_schema} FROM #{ro_user};" unless @org.single_db_user?
+      lines << "ALTER DEFAULT PRIVILEGES IN SCHEMA #{qnew_schema} GRANT SELECT ON TABLES TO #{ro_user};"
+    end
+    # lines << "DROP SCHEMA #{qold_schema} CASCADE;"
+    return lines.join("\n")
+  end
+end