webhookdb 1.3.1 → 1.4.0

data/admin-dist/index.html

@@ -115,7 +115,7 @@
         </style>
         <link rel="preconnect" href="https://fonts.gstatic.com" />
         <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@300;500;600;700&display=swap" rel="stylesheet">
-      <script type="module" crossorigin src="/admin/assets/index-6aebf805.js"></script>
+      <script type="module" crossorigin src="/admin/assets/index-9306dd28.js"></script>
     </head>
 
     <body>

data/data/messages/templates/errors/generic_backfill.email.liquid

@@ -0,0 +1,30 @@
+{% expose subject %}WebhookDB: {{ friendly_name }} Error{% endexpose %}
+
+{% partial 'greeting' %}
+
+<p>
+    WebhookDB encountered an error trying to sync {{ friendly_name }} data using your configured credentials. We have the following information about the failure:
+</p>
+<ul>
+    <li>Service Integration Name: {{ service_name }}, ID: <code>{{ opaque_id }}</code></li>
+    <li>Request: <code>{{ request_method }} {{ request_url }}</code></li>
+    <li>Response Status: <code>{{ response_status }}</code></li>
+    <li>Body: <code>{{  response_body }}</code></li>
+</ul>
+<p>
+    Usually this indicates an API key has been revoked or some other misconfiguration, rather than being an error in WebhookDB itself.
+</p>
+<p>To fix this integration, head over to <a href="{{ app_url }}">{{ app_url }}</a>, log in, and run:</p>
+<pre>
+    webhookdb integrations reset {{ opaque_id }}
+</pre>
+<p>
+    If you no longer wish to use this integration, it can be deleted using:
+</p>
+<pre>
+    webhookdb integrations delete {{ opaque_id }}
+</pre>
+<p>We'll continue to send daily emails when this happens, so please do fix this up when you get a chance.</p>
+<p>Please file an issue at {{ oss_repo }} or email <a href="mailto:{{ support_email }}">{{ support_email }}</a> if you need any help.</p>
+
+{% partial 'signoff' %}

data/data/messages/templates/errors/icalendar_fetch.email.liquid

@@ -1,4 +1,4 @@
-{% expose subject %}WebhookDB: ICalendar Error{% endexpose %}
+ {% expose subject %}WebhookDB: ICalendar Error{% endexpose %}
 
 {% partial 'greeting' %}
 
@@ -6,8 +6,9 @@
     WebhookDB encountered an error syncing an ICalendar feed. We have the following information about the failure:
 </p>
 <ul>
+    <li>Organization: {{ org_name }} (key: <code>{{ org_key }}</code>)</li>
     <li>Service Integration Name: {{ service_name }}, ID: <code>{{ opaque_id }}</code></li>
-    <li>Calendar ID (you send this to us when adding the calendar): <code>{{ external_calendar_id }}</code></li>
+    <li>Calendar ID (you sent this when adding the calendar): <code>{{ external_calendar_id }}</code></li>
     <li>Request: <code>{{ request_method }} {{ request_url }}</code></li>
     <li>Response Status: <code>{{ response_status }}</code></li>
     <li>Body: <code>{{  response_body }}</code></li>
@@ -22,7 +23,12 @@
 <p>
     If this calendar is no longer shared, it should be removed.
     Use a DELETE request, as per <a href="{{ docs_url }}/guides/icalendar/#delete">{{ docs_url }}/guides/icalendar/#delete</a>.
+    For example, here is the cURL to run to delete this from the shell:
 </p>
+<pre>
+    $ export WHDB_WEBHOOK_SECRET=`webhookdb integration info --org={{ org_key }} --field=webhook_secret {{ opaque_id }}`
+    $ curl -X POST -d '{"type":"DELETE","external_id":"{{ external_calendar_id }}"}' -H "Content-Type: application/json" -H "Whdb-Webhook-Secret: ${WHDB_WEBHOOK_SECRET}" "{{ webhook_endpoint }}"
+</pre>
 <p>We'll continue to send daily emails when this happens, so please do fix this up when you get a chance.</p>
 <p>Please file an issue at {{ oss_repo }} if you need any help.</p>
 

data/data/messages/templates/specs/with_fields.email.liquid

@@ -0,0 +1,6 @@
+{% expose subject %}subject with multiple fields{% endexpose %}
+a: {{ a }}
+b: {{ b }}
+c: {{ c }}
+d: {{ d }}
+e: {{ e }}

data/db/migrations/045_system_log.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+Sequel.migration do
+  change do
+    create_table(:system_log_events) do
+      primary_key :id, type: :bigserial
+      timestamptz :at, null: false, default: Sequel.function(:now), index: true
+      text :title, null: false, default: ""
+      text :body, null: false, default: ""
+      text :link, null: false, default: ""
+      foreign_key :actor_id, :customers
+      column :text_search, :tsvector
+    end
+  end
+end

data/db/migrations/046_indices.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+Sequel.migration do
+  change do
+    alter_table(:service_integrations) do
+      add_index :depends_on_id
+      add_index :service_name
+    end
+
+    alter_table(:message_deliveries) do
+      add_index :soft_deleted_at
+    end
+  end
+end

data/lib/webhookdb/admin.rb

@@ -1,4 +1,10 @@
 # frozen_string_literal: true
 
 module Webhookdb::Admin
+  module Linked
+    protected def _admin_datatype = self.class.dataset.first_source_table
+    protected def _admin_id = self.pk
+    protected def _admin_display = "show"
+    def admin_link = "#{Webhookdb.admin_url}/admin#/#{_admin_datatype}/#{_admin_id}/#{_admin_display}"
+  end
 end

data/lib/webhookdb/admin_api/data_provider.rb

@@ -29,6 +29,7 @@ class Webhookdb::AdminAPI::DataProvider < Webhookdb::AdminAPI::V1
     service_integrations: [Webhookdb::ServiceIntegration, ServiceIntegration],
     subscriptions: [Webhookdb::Subscription, Subscription],
     sync_targets: [Webhookdb::SyncTarget, SyncTarget],
+    system_log_events: [Webhookdb::SystemLogEvent, SystemLogEvent],
     webhook_subscriptions: [Webhookdb::WebhookSubscription, WebhookSubscription],
     webhook_subscription_deliveries: [Webhookdb::WebhookSubscription::Delivery, WebhookSubscriptionDelivery],
   }.freeze

data/lib/webhookdb/admin_api/entities.rb

@@ -163,6 +163,14 @@ module Webhookdb::AdminAPI::Entities
     expose :page_size
   end
 
+  class SystemLogEvent < Base
+    expose :at
+    expose :title
+    expose :body
+    expose :link
+    expose :actor_id
+  end
+
   class WebhookSubscription < Base
     expose :organization, with: Related
     expose :service_integration, with: Related

data/lib/webhookdb/aggregate_result.rb

@@ -18,7 +18,7 @@ require "webhookdb" unless defined?(Webhookdb)
 #   end
 #   return ag.finish
 #
-class Webhookdb::AggregateResult < StandardError
+class Webhookdb::AggregateResult < Webhookdb::WebhookdbError
   attr_reader :successes, :failures, :errors
 
   def initialize(existing=nil)

data/lib/webhookdb/api/helpers.rb

@@ -171,6 +171,23 @@ module Webhookdb::API::Helpers
       sint = yield
       return if sint == :pass
       raise "error instead of return nil if there is no service integration" if sint.nil?
+      # If this is a valid GET request (ie, the replicator doesn't do useful auth),
+      # and it's from a bot, we want to block it, otherwise we'd process invalid webhooks.
+      #
+      # This is almost never a problem, because almost all services perform some validation,
+      # and the auth info isn't in a GET URL; but in some cases, that won't be the case,
+      # and we protect against it here.
+      #
+      # An example would be a bot getting a link preview.
+      if request.get? && !request.GET["skipbotcheck"] && Browser.new(request.user_agent).bot?
+        # IMPORTANT: Run the Browser code last since it has to run a bunch of regexes to detect a bot.
+        env["api.format"] = :binary
+        header "Content-Type", "text/plain"
+        body("This route is for receiving webhooks and HTTP calls, not for bots. " \
+             "Call this endpoint with the query param 'skipbotcheck=true' to bypass this check.")
+        status 403
+        return
+      end
       opaque_id = sint.opaque_id
       organization_id = sint.organization_id
       svc = Webhookdb::Replicator.create(sint).dispatch_request_to(request)

data/lib/webhookdb/api/organizations.rb

@@ -206,6 +206,12 @@ class Webhookdb::API::Organizations < Webhookdb::API::V1
             {title: "Customer", value: "(#{c.id}) #{c.email}", short: false},
           ],
         ).emit
+        Webhookdb::SystemLogEvent.create(
+          title: "Organization Closure Requested",
+          body: "#{org.name} (#{org.key})",
+          link: org.admin_link,
+          actor: c,
+        )
         step = Webhookdb::Replicator::StateMachineStep.new.completed
         step.output = "Thanks! We've received the request to close your #{org.name} organization. " \
                       "We'll be in touch within 2 business days confirming removal."

data/lib/webhookdb/api/service_integrations.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require "browser"
 require "grape"
 require "oj"
 

data/lib/webhookdb/connection_cache.rb

@@ -45,13 +45,16 @@ class Webhookdb::ConnectionCache
   extend Webhookdb::MethodUtilities
   include Webhookdb::Dbutil
 
-  class ReentranceError < StandardError; end
+  class ReentranceError < Webhookdb::ProgrammingError; end
 
   configurable(:connection_cache) do
     # If this many seconds has elapsed since the last connecton was borrowed,
     # prune connections with no pending borrows.
     setting :prune_interval, 120
 
+    # If a connection hasn't been used in this long, validate it before reusing it.
+    setting :idle_timeout, 20.minutes
+
     # Seconds for the :fast timeout option.
     setting :timeout_fast, 30
     # Seconds for the :slow timeout option.
@@ -83,6 +86,25 @@ class Webhookdb::ConnectionCache
     @last_pruned_at = Time.now
   end
 
+  Available = Struct.new(:connection, :at) do
+    delegate :disconnect, to: :connection
+
+    # Return +connection+ if it has not been idle long enough,
+    # or if it has been idle, then validate it (SELECT 1), and return +connection+
+    # if it's valid, or +nil+ if the database disconnected it.
+    def validated_connection
+      needs_validation_at = self.at + Webhookdb::ConnectionCache.idle_timeout
+      return self.connection if needs_validation_at > Time.now
+      begin
+        self.connection << "SELECT 1"
+        return self.connection
+      rescue Sequel::DatabaseDisconnectError
+        self.connection.disconnect
+        return nil
+      end
+    end
+  end
+
   # Connect to the database at the given URL.
   # borrow is not re-entrant, so if the current thread already owns a connection
   # to the given url, raise a ReentrantError.
@@ -111,7 +133,11 @@ class Webhookdb::ConnectionCache
         raise ReentranceError,
               "ConnectionCache#borrow is not re-entrant for the same database since the connection has stateful config"
       end
-      conn = db_loans[:available].pop || take_conn(url, single_threaded: true, extensions: [:pg_json, :pg_streaming])
+      if (available = db_loans[:available].pop)
+        # If the connection doesn't validate, it won't be in :available at this point, so don't worry about it.
+        conn = available.validated_connection
+      end
+      conn ||= take_conn(url, single_threaded: true, extensions: [:pg_json, :pg_streaming])
       db_loans[:loaned][t] = conn
     end
     conn << "SET statement_timeout TO #{timeout * 1000}" if timeout.present?
@@ -126,7 +152,7 @@ class Webhookdb::ConnectionCache
       conn << "SET statement_timeout TO 0" if timeout.present?
       @mutex.synchronize do
         @dbs_for_urls[url][:loaned].delete(t)
-        @dbs_for_urls[url][:available] << conn
+        @dbs_for_urls[url][:available] << Available.new(conn, Time.now)
       end
     end
     self.prune(url) if now > self.next_prune_at

data/lib/webhookdb/console.rb

@@ -5,7 +5,7 @@ require "webhookdb"
 module Webhookdb::Console
   extend Webhookdb::MethodUtilities
 
-  class Error < StandardError; end
+  class Error < Webhookdb::WebhookdbError; end
 
   class UnsafeOperation < Error; end
 

data/lib/webhookdb/customer/reset_code.rb

@@ -6,7 +6,7 @@ require "webhookdb/postgres"
 require "webhookdb/customer"
 
 class Webhookdb::Customer::ResetCode < Webhookdb::Postgres::Model(:customer_reset_codes)
-  class Unusable < StandardError; end
+  class Unusable < Webhookdb::WebhookdbError; end
 
   TOKEN_LENGTH = 6
 

data/lib/webhookdb/customer.rb

@@ -10,9 +10,10 @@ require "webhookdb/demo_mode"
 class Webhookdb::Customer < Webhookdb::Postgres::Model(:customers)
   extend Webhookdb::MethodUtilities
   include Appydays::Configurable
+  include Webhookdb::Admin::Linked
 
-  class InvalidPassword < StandardError; end
-  class SignupDisabled < StandardError; end
+  class InvalidPassword < Webhookdb::WebhookdbError; end
+  class SignupDisabled < Webhookdb::WebhookdbError; end
 
   configurable(:customer) do
     setting :signup_email_allowlist, ["*"], convert: ->(s) { s.split }

data/lib/webhookdb/db_adapter.rb

@@ -3,7 +3,7 @@
 class Webhookdb::DBAdapter
   require "webhookdb/db_adapter/column_types"
 
-  class UnsupportedAdapter < StandardError; end
+  class UnsupportedAdapter < Webhookdb::ProgrammingError; end
 
   VALID_IDENTIFIER = /^[a-zA-Z][a-zA-Z\d_ ]*$/
   INVALID_IDENTIFIER_PROMPT =

data/lib/webhookdb/dbutil.rb

@@ -35,6 +35,7 @@ module Webhookdb::Dbutil
               4
             end)
     setting :pool_timeout, 10
+    setting :pool_class, :timed_queue
     # Set to 'disable' to work around segfault.
     # See https://github.com/ged/ruby-pg/issues/538
     setting :gssencmode, ""
@@ -70,6 +71,7 @@ module Webhookdb::Dbutil
     res[:log_warn_duration] ||= Webhookdb::Dbutil.slow_query_seconds
     res[:max_connections] ||= Webhookdb::Dbutil.max_connections
     res[:pool_timeout] ||= Webhookdb::Dbutil.pool_timeout
+    res[:pool_class] ||= Webhookdb::Dbutil.pool_class
     res[:driver_options] = {}
     (res[:driver_options][:gssencmode] = Webhookdb::Dbutil.gssencmode) if Webhookdb::Dbutil.gssencmode.present?
     return res

data/lib/webhookdb/errors.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module Webhookdb::Errors
+  class << self
+    # Call the given block for the given exception, each cause (see +Exception#cause+),
+    # and each wrapped errors (see +Amigo::Retry::Error#wrapped+).
+    # If the block returns +true+ for any exception, stop walking.
+    def each_cause(ex, &)
+      raise LocalJumpError unless block_given?
+      return true if yield(ex) == true
+      caused_got = ex.cause && each_cause(ex.cause, &)
+      return true if caused_got == true
+      wrapped_got = ex.respond_to?(:wrapped) && ex.wrapped && each_cause(ex.wrapped, &)
+      return true if wrapped_got == true
+      return nil
+    end
+
+    # Run the given block for each cause (see +each_cause),
+    # returning the first exception the block returns +true+ for.
+    def find_cause(ex, &)
+      raise LocalJumpError unless block_given?
+      got = nil
+      each_cause(ex) do |cause|
+        if yield(cause) == true
+          got = cause
+          true
+        else
+          false
+        end
+      end
+      return got
+    end
+  end
+end

data/lib/webhookdb/http.rb

@@ -11,7 +11,7 @@ module Webhookdb::Http
   end
 
   # Error raised when some API has rate limited us.
-  class BaseError < StandardError; end
+  class BaseError < Webhookdb::WebhookdbError; end
 
   class Error < BaseError
     attr_reader :response, :body, :uri, :status, :http_method

data/lib/webhookdb/jobs/deprecated_jobs.rb

@@ -14,6 +14,7 @@ Amigo::DeprecatedJobs.install(
   "Jobs::ConvertKitBroadcastBackfill",
   "Jobs::ConvertKitSubscriberBackfill",
   "Jobs::ConvertKitTagBackfill",
+  "Jobs::CustomerCreatedNotifyInternal",
   "Jobs::RssBackfillPoller",
   "Jobs::TwilioScheduledBackfill",
 )

data/lib/webhookdb/jobs/model_event_system_log_tracker.rb

@@ -0,0 +1,105 @@
+# frozen_string_literal: true
+
+require "webhookdb/async/job"
+require "webhookdb/messages/invite"
+
+class Webhookdb::Jobs::ModelEventSystemLogTracker
+  extend Webhookdb::Async::Job
+
+  on "webhookdb.*"
+
+  def _perform(event)
+    case event.name
+        when "webhookdb.customer.created"
+          self.alert_customer_created(event)
+        when "webhookdb.organization.created"
+          self.alert_org_created(event)
+        when "webhookdb.serviceintegration.created"
+          self.alert_sint_created(event)
+        when "webhookdb.serviceintegration.destroyed"
+          self.alert_sint_destroyed(event)
+      end
+  end
+
+  def create_event(title, body, link)
+    Webhookdb::SystemLogEvent.create(
+      at: Time.now,
+      title:,
+      body:,
+      link:,
+    )
+  end
+
+  def alert_customer_created(event)
+    customer = self.lookup_model(Webhookdb::Customer, event)
+    Webhookdb::DeveloperAlert.new(
+      subsystem: "Customer Created",
+      emoji: ":hook:",
+      fallback: "New customer created: #{customer.inspect}",
+      fields: [
+        {title: "Id", value: customer.id, short: true},
+        {title: "Email", value: customer.email, short: true},
+        {title: "Link", value: customer.admin_link},
+      ],
+    ).emit
+    create_event("Customer Created", customer.email, customer.admin_link)
+  end
+
+  def alert_org_created(event)
+    org = self.lookup_model(Webhookdb::Organization, event)
+    Webhookdb::DeveloperAlert.new(
+      subsystem: "Organization Created",
+      emoji: ":office:",
+      fallback: "Organization created: #{org.inspect}",
+      fields: [
+        {title: "Id", value: org.id, short: true},
+        {title: "Email", value: org.name, short: true},
+        {title: "Link", value: org.admin_link},
+      ],
+    ).emit
+    create_event("Organization Created", "#{org.name} (#{org.key})", org.admin_link)
+  end
+
+  def alert_sint_created(event)
+    sint = self.lookup_model(Webhookdb::ServiceIntegration, event)
+    Webhookdb::DeveloperAlert.new(
+      subsystem: "Integration Created",
+      emoji: ":fax:",
+      fallback: "Service Integration #{sint.service_name} (#{sint.opaque_id}) created",
+      fields: [
+        {title: "Id", value: sint.opaque_id, short: true},
+        {title: "Service", value: sint.service_name, short: true},
+        {title: "Table", value: sint.table_name, short: true},
+        {title: "Org Name", value: sint.organization.name, short: true},
+        {title: "Link", value: sint.admin_link},
+      ],
+    ).emit
+    create_event(
+      "Integration Created",
+      "#{sint.service_name} (#{sint.opaque_id}) created in #{sint.organization.name}",
+      sint.admin_link,
+    )
+  end
+
+  def alert_sint_destroyed(event)
+    pl = event.payload[1].symbolize_keys
+    org = Webhookdb::Organization[pl[:organization_id]]
+    Webhookdb::DeveloperAlert.new(
+      subsystem: "Integration Deleted",
+      emoji: ":funeral_urn:",
+      fallback: "Service Integration #{pl[:service_name]} (#{pl[:opaque_id]}) deleted",
+      fields: [
+        {title: "Id", value: pl[:opaque_id], short: true},
+        {title: "Service", value: pl[:service_name], short: true},
+        {title: "Table", value: pl[:table_name], short: true},
+        {title: "Org Name", value: org.name, short: true},
+        {title: "Link", value: org.admin_link},
+      ],
+    ).emit
+    create_event(
+      "Integration Deleted",
+      "#{pl[:service_name]} (#{pl[:opaque_id]}) deleted from #{org.name}",
+      org.admin_link,
+    )
+  end
+end

data/lib/webhookdb/jobs/monitor_metrics.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require "webhookdb/async/scheduled_job"
+require "webhookdb/jobs"
+
+# Log out some metrics every minute.
+class Webhookdb::Jobs::MonitorMetrics
+  extend Webhookdb::Async::ScheduledJob
+
+  cron "* * * * *" # Every 1 minute
+  splay 0
+
+  def _perform
+    opts = {}
+    max_size = 0
+    max_latency = 0
+    Sidekiq::Queue.all.each do |q|
+      size = q.size
+      latency = q.latency
+      max_size = [max_size, size].max
+      max_latency = [max_latency, latency].max
+      opts["#{q.name}_size"] = size
+      opts["#{q.name}_latency"] = latency
+    end
+    opts[:max_size] = max_size
+    opts[:max_latency] = max_latency
+    self.logger.info("metrics_monitor_queue", **opts)
+  end
+end

data/lib/webhookdb/jobs/renew_watch_channel.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require "amigo/queue_backoff_job"
 require "webhookdb/async/job"
 require "webhookdb/jobs"
 
@@ -9,8 +10,10 @@ require "webhookdb/jobs"
 # Calls #renew_watch_channel(row_pk:, expiring_before:).
 class Webhookdb::Jobs::RenewWatchChannel
   extend Webhookdb::Async::Job
+  include Amigo::QueueBackoffJob
 
   on "webhookdb.serviceintegration.renewwatchchannel"
+  sidekiq_options queue: "netout"
 
   def _perform(event)
     sint = self.lookup_model(Webhookdb::ServiceIntegration, event)

data/lib/webhookdb/message/transport.rb

@@ -5,7 +5,7 @@ require "webhookdb/message"
 class Webhookdb::Message::Transport
   extend Webhookdb::MethodUtilities
 
-  class Error < StandardError; end
+  class Error < Webhookdb::WebhookdbError; end
   class UndeliverableRecipient < Error; end
 
   singleton_attr_reader :transports

data/lib/webhookdb/message.rb

@@ -73,6 +73,7 @@ module Webhookdb::Message
       "environment" => Webhookdb::Message::EnvironmentDrop.new,
       "app_url" => Webhookdb.app_url,
     )
+    drops = self.unify_drops_encoding(drops)
 
     content_tmpl = Liquid::Template.parse(template_file.read)
     # The 'expose' drop smashes data into the register.
@@ -101,13 +102,63 @@ module Webhookdb::Message
     return Rendering.new(content, lctx.registers)
   end
 
+  # Handle encoding in liquid drop string values that would likely crash message rendering.
+  #
+  # If there is a mixed character encoding of string values in a liquid drop,
+  # such as when handling user-supplied values, force all strings into UTF-8.
+  #
+  # This is needed because the way Ruby does encoding coercion when parsing input
+  # which does not declare an encoding, such as a file or especially an HTTP response.
+  # Ruby will:
+  # - Use ASCII if the values fit into 7 bits
+  # - Use ASCII-8BIT if the values fit into 8 bits (128 to 255)
+  # - Otherwise, use UTF-8.
+  #
+  # The actual rules are more complex, but this is common enough.
+  #
+  # While ASCII encoding can be used as UTF-8, ASCII-8BIT cannot.
+  # So adding `(ascii-8bit string) + (utf-8 string)` will error with an
+  # `Encoding::CompatibilityError`.
+  #
+  # Instead, if we see a series of liquid drop string values
+  # with different encodings, force them all to be UTF-8.
+  # This can result in some unexpected behavior,
+  # but it should be fine, since you'd only see it with unexpected input
+  # (all valid inputs should be UTF-8).
+  #
+  # @param [Hash] drops
+  # @return [Hash]
+  def self.unify_drops_encoding(drops)
+    return drops if drops.empty?
+    seen_enc = nil
+    force_enc = false
+    drops.each_value do |v|
+      next unless v.respond_to?(:encoding)
+      seen_enc ||= v.encoding
+      next if seen_enc == v.encoding
+      force_enc = true
+      break
+    end
+    return drops unless force_enc
+    utf8 = Encoding.find("UTF-8")
+    result = drops.each_with_object({}) do |(k, v), memo|
+      if v.respond_to?(:encoding) && v.encoding != utf8
+        v2 = v.encode(utf8, invalid: :replace, undef: :replace, replace: "?")
+        memo[k] = v2
+      else
+        memo[k] = v
+      end
+    end
+    return result
+  end
+
   def self.send_unsent
     Webhookdb::Message::Delivery.unsent.each(&:send!)
   end
 
-  class InvalidTransportError < StandardError; end
+  class InvalidTransportError < Webhookdb::ProgrammingError; end
 
-  class MissingTemplateError < StandardError; end
+  class MissingTemplateError < Webhookdb::ProgrammingError; end
 
   # Presents a homogeneous interface for a given 'to' value (email vs. customer, for example).
   # .to will always be a plain object, and .customer will be a +Webhookdb::Customer+ if present.