webhookdb 1.2.2 → 1.3.0

data/lib/webhookdb/api/install.rb

@@ -12,12 +12,16 @@ class Webhookdb::API::Install < Webhookdb::API::V1
     helpers do
       def lookup_session!
         session = Webhookdb::Oauth::Session.usable.where(oauth_state: params[:state]).first
-        forbidden! unless session
+        error!("Forbidden", 302, {"Location" => "/v1/install/#{oauth_provider.key}/forbidden"}) if session.nil?
         return session
       end
 
       def handle_login(email:, session:, action_url:)
-        new_customer, me = Webhookdb::Customer.find_or_create_for_email(email)
+        begin
+          new_customer, me = Webhookdb::Customer.find_or_create_for_email(email)
+        rescue Sequel::ValidationFailed => e
+          raise FormError.new(e.message.capitalize, 400)
+        end
         me.reset_codes_dataset.usable.each(&:expire!)
         me.add_reset_code(transport: "email")
         session.update(customer: me)
@@ -25,6 +29,7 @@ class Webhookdb::API::Install < Webhookdb::API::V1
           "messages/web/install-customer-login.liquid",
           serialize_view_params: true,
           vars: {
+            app_name: oauth_provider.app_name,
             view: "otp",
             action_url:,
             oauth_state: session.oauth_state,
@@ -50,47 +55,32 @@ class Webhookdb::API::Install < Webhookdb::API::V1
       end
     end
 
+    params do
+      requires :state, type: String
+    end
+    get :fake_oauth_authorization do
+      redirect "/v1/install/fake/callback?code=fakecode&state=#{params[:state]}"
+    end
+
     route_param :oauth_provider, type: String, values: Webhookdb::Oauth.registry.keys do
       helpers do
         def oauth_provider
-          return @oauth_provider ||= Webhookdb::Oauth.provider(params[:oauth_provider])
-        end
-
-        def finish_org_setup(organization:, tokens:, scope:)
-          organization.prepare_database_connections?
-          oauth_provider.build_marketplace_integrations(organization:, tokens:, scope:)
-          rendered = render_liquid(
-            "messages/web/install-success.liquid",
-            serialize_view_params: true,
-            vars: {
-              app_name: oauth_provider.app_name,
-              database_url: organization.readonly_connection_url,
-              supports_webhooks: oauth_provider.supports_webhooks?,
-            },
-          )
-          status 200
-          body rendered
+          @oauth_provider ||= Webhookdb::Oauth.provider(params[:oauth_provider])
+        rescue KeyError
+          forbidden!
         end
 
         def exchange_authorization_code(code)
           return oauth_provider.exchange_authorization_code(code:)
         rescue Webhookdb::Http::Error => e
           logger.warn "oauth_exchange_error", exception: e
+          url = "#{Webhookdb.api_url}/v1/install/#{oauth_provider.key}"
           raise FormError.new(
-            "Something went wrong getting your access token from #{oauth_provider.app_name}. Please start over",
+            "Something went wrong getting your access token from #{oauth_provider.app_name}. " \
+            "Please start over by going to <a href=\"#{url}\">#{url}</a>.",
             400,
           )
         end
-
-        def find_admin_membership(customer)
-          _created, membership = Webhookdb::Customer.find_or_create_default_organization(customer)
-          membership = customer.verified_memberships.find(&:admin?) unless membership.admin?
-          return membership if membership
-          raise FormError.new(
-            "You must be an administrator of your WebhookDB organization to set up this app.",
-            403,
-          )
-        end
       end
 
       get do
@@ -120,24 +110,18 @@ class Webhookdb::API::Install < Webhookdb::API::V1
       get :callback do
         session = lookup_session!
         code = params[:code]
-        if oauth_provider.requires_webhookdb_auth?
-          session.update(authorization_code: code)
-          redirect "/v1/install/#{oauth_provider.key}/login?state=#{session.oauth_state}"
-        else
-          scope = {}
-          # Order of operations here is:
-          # - Exchange token. We need the token to create the customer so it comes first.
-          # - Create the customer, find the membership, and create replicators.
-          # - If this last step fails, the code becomes invalid, which is annoying,
-          #   but should be rare and not a big deal to start over.
-          tokens = exchange_authorization_code(code)
-          session.db.transaction do
-            _created, customer = oauth_provider.find_or_create_customer(tokens:, scope:)
-            membership = find_admin_membership(customer)
-            finish_org_setup(organization: membership.organization, tokens:, scope:)
-            session.update(customer:, used_at: Time.now, authorization_code: code)
-          end
-        end
+        # Exchange the token now, in case it's invalid we don't want to find out at the end.
+        tokens = exchange_authorization_code(code)
+        session.update(token_json: tokens.as_json)
+        # Send the user to auth. We could (and did) use a "/me" endpoint here
+        # to get an email, but that pushes the trust someone is who they say they are
+        # to the oauth provider. We don't feel comfortable doing that in all cases,
+        # so we ask them to auth with WebhookDB.
+        #
+        # On top of that, many setups don't have a way to know who did the connection,
+        # nor can we be sure what org to install the replicators into,
+        # so may as well put everyone on the same path.
+        redirect "/v1/install/#{oauth_provider.key}/login?state=#{session.oauth_state}"
       end
 
       params do
@@ -149,6 +133,7 @@ class Webhookdb::API::Install < Webhookdb::API::V1
           "messages/web/install-customer-login.liquid",
           serialize_view_params: true,
           vars: {
+            app_name: oauth_provider.app_name,
             view: "email",
             action_url: "/v1/install/#{oauth_provider.key}/login",
             oauth_state: session.oauth_state,
@@ -167,23 +152,117 @@ class Webhookdb::API::Install < Webhookdb::API::V1
         session = lookup_session!
         email = params[:email]
         raise FormError.new("Email is required", 400) unless email.present?
-        otp_token = params[:otp_token]
-        if otp_token
+        if (otp_token = params[:otp_token]).nil?
+          # This is the first submit, asking for email. Prompt them for an OTP.
+          handle_login(email:, session:, action_url: "/v1/install/#{oauth_provider.key}/login")
+        else
+          # This is the 'second' submit, asking for OTP.
+          # Verify it, ensure the customer has a default org, and then send them to the 'org chooser'.
           # Order of operations here is:
           # - Verify the OTP
           # - Make sure we can find a valid admin membership
           # - Only then do we exchange the token.
           # - Setup replicators.
-          customer = find_and_verify_user(email:, otp_token:)
-          membership = find_admin_membership(customer)
-          tokens = exchange_authorization_code(session.authorization_code)
           session.db.transaction do
-            finish_org_setup(organization: membership.organization, tokens:, scope: {})
-            session.update(used_at: Time.now)
+            customer = find_and_verify_user(email:, otp_token:)
+            Webhookdb::Customer.find_or_create_default_organization(customer)
+            session.update(customer:)
           end
+          redirect "/v1/install/#{oauth_provider.key}/org?state=#{session.oauth_state}"
+        end
+      end
+
+      params do
+        requires :state, type: String
+      end
+      get :org do
+        session = lookup_session!
+        organizations = session.customer.verified_memberships.select(&:admin?).map do |m|
+          {name: m.organization.name, key: m.organization.key, checked: m.default? ? "true" : ""}
+        end
+        rendered = render_liquid(
+          "messages/web/install-org-chooser.liquid",
+          serialize_view_params: true,
+          vars: {
+            app_name: oauth_provider.app_name,
+            action_url: "/v1/install/#{oauth_provider.key}/org",
+            oauth_state: session.oauth_state,
+            organizations:,
+          },
+        )
+        status 200
+        body rendered
+      end
+
+      params do
+        requires :state, type: String, desc: "the user session info string that we provided to Front"
+        optional :existing_org_key, type: String
+        optional :new_org_name, type: String
+      end
+      post :org do
+        session = lookup_session!
+        if (key = params[:existing_org_key]).present?
+          membership = session.customer.verified_memberships_dataset.
+            admin.
+            where(organization: Webhookdb::Organization.where(key:)).
+            first
+          raise FormError.new("You are not an administrator of that org or it does not exist.", 400) if
+            membership.nil?
+        elsif (name = params[:new_org_name])
+          org = Webhookdb::Organization.create_if_unique(name:)
+          raise FormError.new("Sorry, an organization with that name already exists.", 400) if
+            org.nil?
+          membership = session.customer.add_membership(
+            organization: org,
+            membership_role: Webhookdb::Role.admin_role,
+            verified: true,
+          )
         else
-          handle_login(email:, session:, action_url: "/v1/install/#{oauth_provider.key}/login")
+          raise FormError.new("Existing organization key or a new organization name are required", 400)
         end
+
+        tokens = Webhookdb::Oauth::Tokens.new(**session.token_json)
+        session.db.transaction do
+          session.customer.replace_default_membership(membership)
+          membership.organization.prepare_database_connections?
+          oauth_provider.build_marketplace_integrations(organization: membership.organization, tokens:)
+          session.update(organization: membership.organization, token_json: nil)
+          redirect "/v1/install/#{oauth_provider.key}/success?state=#{params[:state]}"
+        end
+      end
+
+      params do
+        requires :state, type: String
+      end
+      get :success do
+        session = lookup_session!
+        # Mark the session used on GET, since we use the state to look up the session.
+        # It does mean that refreshing the page will error, though.
+        session.update(used_at: Time.now)
+        rendered = render_liquid(
+          "messages/web/install-success.liquid",
+          serialize_view_params: true,
+          vars: {
+            app_name: oauth_provider.app_name,
+            database_url: session.organization.readonly_connection_url,
+            supports_webhooks: oauth_provider.supports_webhooks?,
+          },
+        )
+        status 200
+        body rendered
+      end
+
+      get :forbidden do
+        rendered = render_liquid(
+          "messages/web/install-forbidden.liquid",
+          vars: {
+            app_name: oauth_provider.app_name,
+            terminal_url: "#{Webhookdb.api_url}/terminal",
+            install_url: "#{Webhookdb.api_url}/v1/install/#{oauth_provider.key}",
+          },
+        )
+        status 403
+        body rendered
       end
     end
 
@@ -194,12 +273,7 @@ class Webhookdb::API::Install < Webhookdb::API::V1
           whresp = Webhookdb::Front.initial_verification_request_response(request, Webhookdb::Front.app_secret)
           s_status, s_headers, s_body = whresp.to_rack
           s_headers.each { |k, v| header k, v }
-          if s_headers["Content-Type"] == "application/json"
-            body Oj.load(s_body)
-          else
-            env["api.format"] = :binary
-            body s_body
-          end
+          body Oj.load(s_body)
           status s_status
           break
         end
@@ -258,15 +332,52 @@ class Webhookdb::API::Install < Webhookdb::API::V1
       end
     end
 
+    resource :increase do
+      params do
+        requires :id, type: String
+        requires :created_at, type: Time
+        requires :category, type: String
+        requires :associated_object_type, type: String
+        requires :associated_object_id, type: String
+        requires :type, type: String
+      end
+      post :webhook do
+        group_id = env["HTTP_INCREASE_GROUP_ID"]
+        handle_webhook_request("increase-group-#{group_id || '?'}") do
+          if group_id.nil?
+            # No group ID is one of our own events.
+            # Run the job to handle it as a platform event (usually this is the oauth disconnect)
+            Amigo.publish("increase.#{params[:category]}", declared(params).as_json)
+            status 202
+            present({message: "ok"})
+            next :pass
+          end
+          root_sint = Webhookdb::ServiceIntegration[service_name: "increase_app_v1", api_url: group_id]
+          if root_sint.nil?
+            logger.error "increase_unregistered_group", increase_group_id: group_id
+            status 202
+            present({message: "unregistered group"})
+            next :pass
+          end
+          next root_sint
+        end
+      end
+    end
+
     resource :intercom do
+      helpers do
+        def find_root(app_id)
+          return Webhookdb::ServiceIntegration[service_name: "intercom_marketplace_root_v1", api_url: app_id]
+        end
+      end
       post :webhook do
         # Because the `_webhook_response` function is always the same here, I'm wondering if it's even
         # advisable to do the integration lookup before performing a webhook verification when we don't
         # need that info. Something to consider upon refactor
-
-        handle_webhook_request("intercom_marketplace_appid-#{params[:app_id] || '?'}") do
-          app_id = params[:app_id]
-          root_sint = Webhookdb::ServiceIntegration[service_name: "intercom_marketplace_root_v1", api_url: app_id]
+        app_id = params[:app_id]
+        root_sint = find_root(app_id)
+        opaque_id = root_sint&.opaque_id || "intercom_marketplace_appid-#{app_id}"
+        handle_webhook_request(opaque_id) do
           if root_sint.nil?
             logger.warn "intercom_webhook_unregistered_app", intercom_app_id: app_id
             status 200
@@ -275,6 +386,8 @@ class Webhookdb::API::Install < Webhookdb::API::V1
           end
           # Notification topics are formatted like "{model}.{thing that happened}" (e.g. "contact.created")
           # to get the model type of the notification, for our purposes we can just grab that first chunk
+          # This should probably move to the marketplace replicator itself,
+          # rather than being done in the endpoint (see /v1/install/increase/webhook).
           type = params[:topic].split(".")[0]
           handling_type = "intercom_#{type}_v1"
           unless (handling_sint = root_sint.recursive_dependents.find { |d| d.service_name == handling_type })
@@ -291,27 +404,39 @@ class Webhookdb::API::Install < Webhookdb::API::V1
         requires :app_id
       end
       post :uninstall do
-        # TODO: Verify the headers are valid
-        # We want to delete all the integrations associated with the app_id.
-        root_sint = Webhookdb::ServiceIntegration[service_name: "intercom_marketplace_root_v1",
-                                                  api_url: params["app_id"]]
-        root_sint.destroy_self_and_all_dependents
-        status 200
-        present({o: "k"})
+        app_id = params[:app_id]
+        root_sint = find_root(app_id)
+        # Intercom uses X-Body-Signature rather than X-Hub-Signature here,
+        # unlike the normal /webhook request.
+        # I've asked Intercom if they can support X-Hub-Signature here as well.
+        # If they cannot, we need to add support for the alternative signature validation.
+        opaque_id = root_sint&.opaque_id || "intercom_marketplace_appid-#{app_id}"
+        handle_webhook_request(opaque_id) do
+          root_sint&.destroy_self_and_all_dependents
+          status 200
+          present({o: "k"})
+          next :pass
+        end
       end
 
       params do
+        # This endpoint recieves a value called "workspace_id" but it is
+        # identical to the "app_id" value we get from the `/me` endpoint.
+        # It just has a different name here for some reason.
         requires :workspace_id
       end
       post :health do
-        # TODO: Verify the headers are valid
-        # For now we are just returning "OK" per the specification:
         # https://developers.intercom.com/docs/build-an-integration/learn-more/installation-health-check
-        # An interesting point is that this endpoint recieves a value called "workspace_id" but it is
-        # identical to the "app_id" value we get from the `/me` endpoint. It just has a different name here, for
-        # some reason.
+        result = {}
+        if find_root(params[:workspace_id]).nil?
+          result[:state] = "UNHEALTHY"
+          result[:cta_type] = "REINSTALL_CTA"
+          result[:message] = "You need to reinstall this app to sync your data to WebhookDB."
+        else
+          result[:state] = "OK"
+        end
         status 200
-        present({state: "OK"})
+        present result
       end
     end
   end

data/lib/webhookdb/api/organizations.rb

@@ -54,7 +54,7 @@ class Webhookdb::API::Organizations < Webhookdb::API::V1
         get do
           _customer = current_customer
           org = lookup_org!
-          fake_entities = org.available_replicator_names.sort.map { |name| {name:} }
+          fake_entities = org.available_replicators.map(&:name).sort.map { |name| {name:} }
           message = "Run `webhookdb integrations create [service name]` to start replicating data to your database."
           present_collection fake_entities, with: Webhookdb::API::ServiceEntity, message:
         end
@@ -62,11 +62,11 @@ class Webhookdb::API::Organizations < Webhookdb::API::V1
 
       desc "Generates an invitation code for a user, adds pending membership in the organization."
       params do
-        optional :email, type: String, coerce_with: NormalizedEmail,
+        optional :email, type: NormalizedEmail,
                          prompt: "Enter the email to send the invitation to:"
         optional :role_name,
-                 type: String,
-                 values: Webhookdb::OrganizationMembership::VALID_ROLE_NAMES,
+                 type: TrimmedString,
+                 values: TrimmedString.map(Webhookdb::OrganizationMembership::VALID_ROLE_NAMES),
                  default: "member"
       end
       post :invite do
@@ -102,7 +102,7 @@ class Webhookdb::API::Organizations < Webhookdb::API::V1
 
       desc "Allows organization admin to remove customer from an organization"
       params do
-        optional :email, type: String, coerce_with: NormalizedEmail,
+        optional :email, type: NormalizedEmail,
                          prompt: "Enter the email of the member you are removing permissions from:"
         optional :guard_confirm
       end
@@ -118,7 +118,7 @@ class Webhookdb::API::Organizations < Webhookdb::API::V1
           to_delete.delete
           roll_back_if_no_admins!(org)
           status 200
-          present({}, with: Webhookdb::AdminAPI::BaseEntity,
+          present({}, with: Webhookdb::API::BaseEntity,
                       message: "#{email} is no longer a part of #{org.name}.",)
         end
       end
@@ -149,9 +149,11 @@ class Webhookdb::API::Organizations < Webhookdb::API::V1
       params do
         optional :emails, type: [String], coerce_with: CommaSepArray,
                           prompt: "Enter the emails to modify the roles of as a comma-separated list:"
-        optional :role_name, type: String, values: Webhookdb::OrganizationMembership::VALID_ROLE_NAMES,
-                             prompt: "Enter the name of the role to assign " \
-                                     "(#{Webhookdb::OrganizationMembership::VALID_ROLE_NAMES.join(', ')}): "
+        optional :role_name,
+                 type: TrimmedString,
+                 values: TrimmedString.map(Webhookdb::OrganizationMembership::VALID_ROLE_NAMES),
+                 prompt: "Enter the name of the role to assign " \
+                         "(#{Webhookdb::OrganizationMembership::VALID_ROLE_NAMES.join(', ')}): "
         optional :guard_confirm
       end
       post :change_roles do
@@ -173,7 +175,7 @@ class Webhookdb::API::Organizations < Webhookdb::API::V1
 
       desc "Allow organization admin to change the name of the organization"
       params do
-        optional :name, type: String, prompt: "Enter the new organization name:"
+        optional :name, type: TrimmedString, prompt: "Enter the new organization name:"
       end
       post :rename do
         customer = current_customer
@@ -214,7 +216,7 @@ class Webhookdb::API::Organizations < Webhookdb::API::V1
 
     desc "Creates a new organization and adds current customer as a member."
     params do
-      optional :name, type: String, prompt: "Enter the name of the organization:"
+      optional :name, type: TrimmedString, prompt: "Enter the name of the organization:"
     end
     post :create do
       customer = current_customer
@@ -234,7 +236,7 @@ class Webhookdb::API::Organizations < Webhookdb::API::V1
 
     desc "Allows user to verify membership in an organization with an invitation code."
     params do
-      optional :invitation_code, type: String, prompt: "Enter the invitation code:"
+      optional :invitation_code, type: TrimmedString, prompt: "Enter the invitation code:"
     end
     post :join do
       customer = current_customer

data/lib/webhookdb/api/saved_queries.rb

@@ -4,6 +4,8 @@ require "webhookdb/api"
 require "webhookdb/saved_query"
 
 class Webhookdb::API::SavedQueries < Webhookdb::API::V1
+  include Webhookdb::Service::Types
+
   resource :organizations do
     route_param :org_identifier do
       resource :saved_queries do
@@ -99,8 +101,10 @@ class Webhookdb::API::SavedQueries < Webhookdb::API::V1
 
           desc "Updates the field on a custom query."
           params do
-            optional :field, type: String, prompt: "What field would you like to update (one of: " \
-                                                   "#{Webhookdb::SavedQuery::CLI_EDITABLE_FIELDS.join(', ')}): "
+            optional :field,
+                     type: TrimmedString,
+                     prompt: "What field would you like to update (one of: " \
+                             "#{Webhookdb::SavedQuery::CLI_EDITABLE_FIELDS.join(', ')}): "
             optional :value, type: String, prompt: "What is the new value? "
           end
           post :update do
@@ -147,7 +151,9 @@ class Webhookdb::API::SavedQueries < Webhookdb::API::V1
           end
 
           params do
-            optional :field, type: String, values: Webhookdb::SavedQuery::INFO_FIELDS.keys + [""]
+            optional :field,
+                     type: TrimmedString,
+                     values: TrimmedString.map(Webhookdb::SavedQuery::INFO_FIELDS.keys + [""])
           end
           post :info do
             cq = lookup!

data/lib/webhookdb/api/saved_views.rb

@@ -0,0 +1,99 @@
+# frozen_string_literal: true
+
+require "webhookdb/api"
+
+class Webhookdb::API::SavedViews < Webhookdb::API::V1
+  include Webhookdb::Service::Types
+
+  resource :organizations do
+    route_param :org_identifier do
+      resource :saved_views do
+        helpers do
+          def lookup_view!
+            org = lookup_org!
+            cq = org.saved_views_dataset[name: params[:name].strip]
+            merror!(403, "There is no view with that name.") if cq.nil?
+            return cq
+          end
+
+          def guard_editable!(customer, org)
+            return if has_admin?(org, customer:)
+            permission_error!("You must be an org admin to modify views.")
+          end
+        end
+
+        desc "Returns a list of all saved views associated with the org."
+        get do
+          views = lookup_org!.saved_views
+          message = ""
+          if views.empty?
+            message = "This organization doesn't have any saved views yet.\n" \
+                      "Use `webhookdb saved-view create` to set one up."
+          end
+          present_collection views, with: SavedViewEntity, message:
+        end
+
+        desc "Creates or replaces the view with the given name."
+        params do
+          optional :name,
+                   type: TrimmedString,
+                   prompt: "Enter the view name (alphanumeric, spaces, underscores):"
+          optional :sql, type: String, prompt: "Enter the SQL you would like to run:"
+        end
+        post :create_or_replace do
+          cust = current_customer
+          org = lookup_org!
+          check_feature_access!(org, Webhookdb::SavedView.feature_role)
+          guard_editable!(cust, org)
+          begin
+            sv = Webhookdb::SavedView.create_or_replace(
+              organization: org,
+              sql: params[:sql],
+              name: params[:name].strip,
+              created_by: cust,
+            )
+          rescue Webhookdb::SavedView::InvalidQuery => e
+            Webhookdb::API::Helpers.prompt_for_required_param!(
+              request,
+              :sql,
+              "Enter a new query:",
+              output: "That query was invalid. #{e.message}\n" \
+                      "You can iterate on your query by connecting to your database from any SQL editor.\n" \
+                      "Use `webhookdb db connection` to get your query string.",
+            )
+          rescue Webhookdb::DBAdapter::InvalidIdentifier => e
+            Webhookdb::API::Helpers.prompt_for_required_param!(
+              request,
+              :name,
+              "Enter a new name:",
+              output: e.message,
+            )
+          end
+          message = "You have created or replaced the view with the name '#{sv.name}'. " \
+                    "You can now use it in any query with your database connection string. " \
+                    "Run `webhookdb db connection` to retrieve your connection string if you need it."
+          status 200
+          present sv, with: SavedViewEntity, message:
+        end
+
+        post :delete do
+          customer = current_customer
+          cq = lookup_view!
+          guard_editable!(customer, cq.organization)
+          cq.destroy
+          status 200
+          present cq, with: SavedViewEntity,
+                      message: "You have successfully deleted the saved view '#{cq.name}'."
+        end
+      end
+    end
+  end
+
+  class SavedViewEntity < Webhookdb::API::BaseEntity
+    expose :name
+
+    def self.display_headers
+      return [[:name, "Name"]]
+    end
+  end
+end