webhookdb 0.1.0

data/lib/webhookdb/service/middleware.rb

@@ -0,0 +1,124 @@
+# frozen_string_literal: true
+
+require "rack/cors"
+require "rack/protection"
+require "rack/ssl-enforcer"
+require "sentry-ruby"
+require "appydays/loggable/request_logger"
+
+require "webhookdb/service" unless defined?(Webhookdb::Service)
+
+module Webhookdb::Service::Middleware
+  def self.add_middlewares(builder)
+    self.add_cors_middleware(builder)
+    self.add_common_middleware(builder)
+    self.add_dev_middleware(builder) if Webhookdb::Service.devmode
+    self.add_ssl_middleware(builder) if Webhookdb::Service.enforce_ssl
+    self.add_session_middleware(builder)
+    self.add_security_middleware(builder)
+    Webhookdb::Service::Auth.add_warden_middleware(builder)
+    builder.use(RequestLogger)
+  end
+
+  def self.add_cors_middleware(builder)
+    builder.use(Rack::Cors) do
+      allow do
+        origins(*Webhookdb::Service.cors_origins)
+        resource "*",
+                 headers: :any,
+                 methods: :any,
+                 credentials: true,
+                 expose: ["ETag", Webhookdb::Service::AUTH_TOKEN_HEADER]
+      end
+    end
+  end
+
+  def self.add_common_middleware(builder)
+    builder.use(Rack::ContentLength)
+    builder.use(Rack::Chunked)
+    builder.use(Sentry::Rack::CaptureExceptions)
+  end
+
+  def self.add_dev_middleware(builder)
+    builder.use(Rack::ShowExceptions)
+    builder.use(Rack::Lint)
+  end
+
+  def self.add_ssl_middleware(builder)
+    builder.use(Rack::SslEnforcer, redirect_html: false)
+  end
+
+  ### Add middleware for maintaining sessions to +builder+.
+  def self.add_session_middleware(builder)
+    builder.use CopyCookieToExplicitHeader
+    builder.use Rack::Session::Cookie, Webhookdb::Service.cookie_config
+    builder.use SessionLength
+    builder.use(SessionReader)
+  end
+
+  ### Add security middleware to +builder+.
+  def self.add_security_middleware(_builder)
+    # session_hijacking causes issues in integration tests...?
+    # builder.use Rack::Protection, except: :session_hijacking
+  end
+
+  # We always want a session to be written, even if noop requests,
+  # so always force a write if the session isn't loaded.
+  class SessionReader
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      env["rack.session"]["_"] = "_" unless env["rack.session"].loaded?
+      @app.call(env)
+    end
+  end
+
+  # In browser environments, they can't access the Cookie header for API requests,
+  # and it doesn't always get the automatic binding behavior we want
+  # (for example fetches made from WASM).
+  # So copy it into something we can access.
+  # This must be before the Rack session middleware.
+  class CopyCookieToExplicitHeader
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      env["HTTP_COOKIE"] = env[Webhookdb::Service::AUTH_TOKEN_HTTP] if env[Webhookdb::Service::AUTH_TOKEN_HTTP]
+      status, headers, body = @app.call(env)
+      headers[Webhookdb::Service::AUTH_TOKEN_HEADER] = headers["Set-Cookie"] if headers["Set-Cookie"]
+      return status, headers, body
+    end
+  end
+
+  # In some environments, like the browser, we may want a shorter session.
+  # Use a dedicated header to provide a short session.
+  class SessionLength
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      env["rack.session.options"][:expire_after] = 2.hours.to_i if
+        env[Webhookdb::Service::SHORT_SESSION_HTTP].present?
+      return @app.call(env)
+    end
+  end
+
+  class RequestLogger < Appydays::Loggable::RequestLogger
+    def request_tags(env)
+      tags = super
+      begin
+        tags[:customer_id] = env["warden"].user(:customer)&.id || 0
+      rescue Sequel::DatabaseError
+        # If we cant hit the database, ignore this for now.
+        # We run this code on all code paths, including those that don't need the customer,
+        # and we want those to run even if the DB is down (like health checks, for example).
+        nil
+      end
+      return tags
+    end
+  end
+end

data/lib/webhookdb/service/types.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+require "grape"
+
+module Webhookdb::Service::Types
+  def self.included(ctx)
+    ctx.const_set(:NormalizedEmail, NormalizedEmail)
+    ctx.const_set(:NormalizedPhone, NormalizedPhone)
+    ctx.const_set(:CommaSepArray, CommaSepArray)
+  end
+
+  class NormalizedEmail
+    def self.parse(value)
+      return value.downcase.strip
+    end
+  end
+
+  class NormalizedPhone
+    def self.parse(value)
+      return Webhookdb::PhoneNumber::US.normalize(value)
+    end
+  end
+
+  class CommaSepArray
+    def self.parse(value)
+      return value if value.respond_to?(:to_ary)
+      return value.split(",").map(&:strip)
+    end
+  end
+end

data/lib/webhookdb/service/validators.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require "grape"
+require "grape/validations/validators/base"
+
+module Webhookdb::Service::Validators
+  class UsPhone < ::Grape::Validations::Validators::Base
+    def validate_param!(attr_name, params)
+      val = params[attr_name]
+      return if val.blank? && @allow_blank
+      return if Webhookdb::PhoneNumber::US.valid?(val)
+      raise Grape::Exceptions::Validation.new(
+        params: [@scope.full_name(attr_name)],
+        message: "must be a 10-digit US phone",
+      )
+    end
+  end
+
+  class DbIdentifier < ::Grape::Validations::Validators::Base
+    def validate_param!(attr_name, params)
+      val = params[attr_name]
+      return if val.blank? && @allow_blank
+      re = Webhookdb::DBAdapter::VALID_IDENTIFIER
+      return if re.match?(val)
+      raise Grape::Exceptions::Validation.new(
+        params: [@scope.full_name(attr_name)],
+        message: "is not a valid database identifier for WebhookDB. " +
+          Webhookdb::DBAdapter::INVALID_IDENTIFIER_MESSAGE,
+      )
+    end
+  end
+end

data/lib/webhookdb/service/view_api.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+# Mixin for Grape API endpoints that use HTML rendering.
+# This isn't tested well enough.
+module Webhookdb::Service::ViewApi
+  class FormError < StandardError
+    attr_reader :status
+
+    def initialize(msg, status=400)
+      @status = status
+      super(msg)
+    end
+  end
+
+  def self.included(mod)
+    mod.helpers do
+      define_method(:render_liquid) do |
+        data_rel_path,
+        vars: {},
+        content_type: "text/html",
+        # If true, store view params in a cookie so we can re-render this page easily, usually to show errors.
+        serialize_view_params: false
+      |
+        tmpl_file = File.open(Webhookdb::DATA_DIR + data_rel_path)
+        liquid_tmpl = Liquid::Template.parse(tmpl_file.read)
+        rendered = liquid_tmpl.render!(vars.stringify_keys, registers: {})
+        _endpoint.content_type content_type
+        if serialize_view_params
+          _endpoint.cookies[:whdbviewparams] = {path: data_rel_path, vars:, content_type:}.to_json
+        end
+        env["api.format"] = :binary
+        rendered
+      end
+
+      define_method(:_endpoint) do
+        env["api.endpoint"]
+      end
+    end
+
+    mod.rescue_from FormError do |e|
+      if (params = _endpoint.cookies[:whdbviewparams]).blank?
+        merror!(e.status, e.message)
+      else
+        begin
+          h = JSON.parse(params)
+        rescue StandardException
+          # If there are any problems, use fallback error handling.
+          merror!(e.status, e.message)
+        else
+          vars = h["vars"].symbolize_keys
+          vars[:error_message] = e.message
+          new_html = render_liquid(
+            h.fetch("path"),
+            vars:,
+            content_type: h.fetch("content_type"),
+            serialize_view_params: true,
+          )
+          Rack::Response.new(new_html, e.status, {"Content-Type" => "text/html"})
+        end
+      end
+    end
+  end
+end

data/lib/webhookdb/service.rb

@@ -0,0 +1,219 @@
+# frozen_string_literal: true
+
+require "appydays/configurable"
+require "grape"
+require "appydays/loggable"
+require "pg"
+require "sentry-ruby"
+require "sequel"
+require "sequel/adapters/postgres"
+require "warden"
+
+require "webhookdb"
+require "webhookdb/platform"
+
+# Service is the base class for all endpoint/resource classes.
+class Webhookdb::Service < Grape::API
+  extend Webhookdb::MethodUtilities
+  include Appydays::Configurable
+  include Appydays::Loggable
+
+  require "webhookdb/service/auth"
+  require "webhookdb/service/middleware"
+  require "webhookdb/service/types"
+  require "webhookdb/service/validators"
+
+  # Name of the session in the server response cookie.
+  # Note that it is always 'rack.session' in code though.
+  SESSION_COOKIE = "webhookdb.session"
+  AUTH_TOKEN_HEADER = "Whdb-Auth-Token"
+  AUTH_TOKEN_HTTP = "HTTP_WHDB_AUTH_TOKEN"
+  SHORT_SESSION_HEADER = "Whdb-Short-Session"
+  SHORT_SESSION_HTTP = "HTTP_WHDB_SHORT_SESSION"
+  DEFAULT_CORS_ORIGINS = [/localhost:\d+/, /192\.168\.\d{1,3}\.\d{1,3}:\d{3,5}/].freeze
+
+  configurable(:service) do
+    setting :max_session_age, 90.days.to_i
+
+    # Note that changing the secret would invalidate all existing sessions!
+    setting :session_secret, "Tritiphamhockbiltongpigporkchoptbonebeefsala" \
+                             "michickenmeatballKielbasajowldrumstickbeefri" \
+                             "bsfiletmignonbiltongPorkbellyballtipbacontai" \
+                             "lgroundroundshankDrumstickcornedbeefbiltongp" \
+                             "ancettaTbone"
+
+    # Must be nil/unset on localhost, otherwise set to something.
+    setting :cookie_domain, ""
+
+    setting :devmode, false
+
+    setting :enforce_ssl, true
+
+    setting :cors_origins, [],
+            convert: lambda { |origin_str|
+              origin_str.split.map { |s| %r{/.+/}.match?(s) ? Regexp.new(s[1..-2]) : s }
+            }
+
+    setting :endpoint_caching, false
+
+    after_configured do
+      self.cors_origins += DEFAULT_CORS_ORIGINS
+    end
+  end
+
+  # Return the config for the Rack::Session::Cookie middleware.
+  def self.cookie_config
+    return {
+      key: Webhookdb::Service::SESSION_COOKIE,
+      domain: Webhookdb::Service.cookie_domain,
+      path: "/",
+      expire_after: Webhookdb::Service.max_session_age,
+      secret: Webhookdb::Service.session_secret,
+      coder: Rack::Session::Cookie::Base64::ZipJSON.new,
+    }
+  end
+
+  def self.decode_cookie(s)
+    cfg = self.cookie_config
+    s = s.delete_prefix(cfg[:key] + "=")
+    return cfg[:coder].decode(Rack::Utils.unescape(s))
+  end
+
+  ### Build the Rack app according to the configured environment.
+  def self.build_app
+    inner_app = self
+    builder = Rack::Builder.new do
+      Webhookdb::Service::Middleware.add_middlewares(self)
+      run inner_app
+    end
+    return builder.to_app
+  end
+
+  def self.error_body(status, message, code: nil, more: {})
+    error = more.merge(
+      message:,
+      status:,
+    )
+    error[:code] = code unless code.nil?
+    return {error:}
+  end
+
+  Grape::Middleware::Auth::Strategies.add(:admin, Webhookdb::Service::Auth::Admin)
+  Grape::Middleware::Auth::Strategies.add(:skip, Webhookdb::Service::Auth::Skip)
+
+  # Add some context to Sentry on each request.
+  before do
+    customer = current_customer?
+    admin = admin_customer?
+    Sentry.configure_scope do |scope|
+      sentry_tags = {
+        agent: Webhookdb::Platform.user_agent(env),
+        host: env["HTTP_HOST"],
+        method: env["REQUEST_METHOD"],
+        path: env["PATH_INFO"],
+        query: env["QUERY_STRING"],
+        referrer: env["HTTP_REFERER"],
+      }
+      if (platform_ua = Webhookdb::Platform.platform_user_agent(env))
+        sentry_tags[:platform_user_agent] = platform_ua
+      end
+      sentry_user = {ip_address: request.ip}
+      if customer
+        sentry_user.merge!(
+          id: customer.id,
+          email: customer.email,
+          name: customer.name,
+          ip_address: request.ip,
+        )
+        sentry_tags["customer.email"] = customer.email
+      end
+      if admin
+        sentry_user.merge!(
+          admin_id: admin.id,
+          admin_email: admin.email,
+          admin_name: admin.name,
+        )
+        sentry_tags["admin.email"] = admin.email
+      end
+      scope.set_user(sentry_user)
+      sentry_tags.delete_if { |_, v| v.blank? }
+      scope.set_tags(sentry_tags)
+    end
+
+    Webhookdb.set_request_user_and_admin(customer, admin)
+  end
+
+  rescue_from Grape::Exceptions::ValidationErrors do |e|
+    # We can flesh this out with more details later:
+    # https://github.com/ruby-grape/grape#validation-errors
+    # https://stripe.com/docs/api/curl#errors
+    field_errors = e.each_with_object({}) do |(params, message), memo|
+      params.each do |p|
+        (memo[p] ||= []) << message
+      end
+    end
+    invalid_fields!(field_errors, message: e.message.upcase_first)
+  end
+
+  rescue_from Webhookdb::Customer::InvalidPassword do |e|
+    invalid_fields!({"password" => [e.message]}, message: e.message.upcase_first)
+  end
+
+  rescue_from Grape::Exceptions::MethodNotAllowed do |e|
+    error!(e.message, 405)
+  end
+
+  rescue_from Webhookdb::LockFailed do |_e|
+    merror!(
+      409,
+      "Attempting to lock the resource failed. You should fetch a new version of the resource and try again.",
+      code: "lock_failed",
+    )
+  end
+
+  rescue_from Webhookdb::InvalidInput do |e|
+    merror!(400, e.message, code: "invalid_input")
+  end
+
+  rescue_from Webhookdb::Organization::DatabaseMigration::MigrationInProgress do |e|
+    merror!(409, e.message, code: "migration_in_progress")
+  end
+
+  rescue_from Webhookdb::DatabaseLocked do |e|
+    merror!(409, e.message, code: "database_locked")
+  end
+
+  rescue_from Sequel::ValidationFailed do |e|
+    invalid_fields!(e.errors, message: e.message.upcase_first)
+  end
+
+  rescue_from :all do |e|
+    status = e.respond_to?(:status) ? e.status : 500
+    error_id = SecureRandom.uuid
+    error_signature = Digest::MD5.hexdigest("#{e.class}: #{e.message}")
+
+    Webhookdb::Service.logger.error "[%s] Uncaught %p in service: %s" %
+      [error_id, e.class, e.message]
+    Webhookdb::Service.logger.debug { e.backtrace.join("\n") }
+    if ENV["PRINT_API_ERROR"]
+      puts e
+      puts e.backtrace
+    end
+
+    more = {error_id:, error_signature:}
+
+    if Webhookdb::Service.devmode
+      msg = e.message
+      more[:backtrace] = e.backtrace.join("\n")
+    else
+      Sentry.capture_exception(e, tags: more) if Webhookdb::Sentry.enabled?
+      msg = "An internal error occurred of type #{error_signature}. Error ID: #{error_id}"
+    end
+    Webhookdb::Service.logger.error("api_exception", {error_id:, error_signature:}, e)
+    merror!(status, msg, code: "api_error", more:)
+  end
+
+  finally do
+    Webhookdb.set_request_user_and_admin(nil, nil)
+  end
+end