webhookdb 1.3.1 → 1.5.0

data/lib/webhookdb/messages/error_signalwire_send_sms.rb

@@ -19,6 +19,8 @@ class Webhookdb::Messages::ErrorSignalwireSendSms < Webhookdb::Message::Template
     )
   end
 
+  attr_accessor :service_integration
+
   def initialize(service_integration, request_url:, request_method:, response_status:, response_body:)
     @service_integration = service_integration
     @request_url = request_url

data/lib/webhookdb/messages/specs.rb

@@ -27,6 +27,22 @@ module Webhookdb::Messages::Testers
     end
   end
 
+  class WithFields < Base
+    # noinspection RubyInstanceVariableNamingConvention
+    def initialize(a: nil, b: nil, c: nil, d: nil, e: nil)
+      @a = a
+      @b = b
+      @c = c
+      @d = d
+      @e = e
+      super()
+    end
+
+    def liquid_drops
+      return super.merge(a: @a, b: @b, c: @c, d: @d, e: @e)
+    end
+  end
+
   class Nonextant < Base
   end
 

data/lib/webhookdb/organization/alerting.rb

@@ -3,6 +3,14 @@
 require "appydays/configurable"
 require "appydays/loggable"
 
+require "webhookdb/jobs/organization_error_handler_dispatch"
+
+# Alert an organization when errors happen during webhook handling.
+# These errors are explicitly managed in the handler code,
+# and are usually things like outdated credentials.
+# The alerts contain information about the error, and actions to take to fix the problem.
+# If an organization has no +Webhookdb::Postgres::ErrorHandler+ registered,
+# send an email to org admins instead.
 class Webhookdb::Organization::Alerting
   include Appydays::Configurable
 
@@ -13,6 +21,14 @@ class Webhookdb::Organization::Alerting
     # Each customer can only receive this many alerts for a given template per day.
     # Avoids spamming a customer when many rows of a replicator have problems.
     setting :max_alerts_per_customer_per_day, 15
+    # Timeout when POSTing to a customer-defined URL on errors.
+    # Should be relatively short.
+    setting :error_handler_timeout, 7
+    # How many times should we call an error handler before giving up?
+    # Error handlers are often lossy so it's not a big deal to give up.
+    setting :error_handler_retries, 5
+    # Wait this long before retrying an error handler.
+    setting :error_handler_retry_interval, 60
   end
 
   attr_reader :org
@@ -21,20 +37,54 @@ class Webhookdb::Organization::Alerting
     @org = org
   end
 
-  # Dispatch the message template to administrators of the org.
+  # Dispatch an alert using the given message template.
+  # See +Webhookdb::Organization::Alerting+ for details about how alerts are dispatched.
   # @param message_template [Webhookdb::Message::Template]
-  def dispatch_alert(message_template)
+  # @param separate_connection [true,false] Only relevant if the organization has no error handlers
+  #   and email alerting (+dispatch_alert_default+) is used. If true, send the alert on a separate connection.
+  #   See +Webhookdb::Idempotency+. Defaults to true since this is an alert method and we
+  #   don't want it to error accidentally, if the code is called from an unexpected situation.
+  def dispatch_alert(message_template, separate_connection: true)
+    self.validate_template(message_template)
+    if self.org.error_handlers.empty?
+      self.dispatch_alert_default(message_template, separate_connection:)
+      return
+    end
+    self.org.error_handlers.each do |eh|
+      payload = eh.payload_for_template(message_template)
+      # It's possible that the template includes caller-provided values including improperly-encoded strings.
+      # Sidekiq's strict job args will do a dump/parse to check for valid args,
+      # which will potentially fail if valid utf-8 bytes are in a string that's encoded as ascii.
+      # Really hard to explain, so see the specs, but there's nothing we can do about invalid content
+      # other than not error.
+      payload = JSON.parse(JSON.dump(payload))
+      Webhookdb::Jobs::OrganizationErrorHandlerDispatch.perform_async(eh.id, payload.as_json)
+    end
+  end
+
+  private def validate_template(message_template)
     unless message_template.respond_to?(:signature)
-      raise Webhookdb::InvalidPrecondition,
-            "message template #{message_template.template_name} must define a #signature method, " \
+      msg = "message template #{message_template.template_name} must define a #signature method, " \
             "which is a unique identity for this error type, used for grouping and idempotency"
+      raise Webhookdb::InvalidPrecondition, msg
+
+    end
+    unless message_template.respond_to?(:service_integration)
+      msg = "message template #{message_template.template_name} must return " \
+            "its ServiceIntegration from #service_integration"
+      raise Webhookdb::InvalidPrecondition, msg
     end
+    return true
+  end
+
+  def dispatch_alert_default(message_template, separate_connection:)
     signature = message_template.signature
     max_alerts_per_customer_per_day = Webhookdb::Organization::Alerting.max_alerts_per_customer_per_day
     yesterday = Time.now - 24.hours
     self.org.admin_customers.each do |c|
-      idemkey = "orgalert-#{signature}-#{c.id}"
-      Webhookdb::Idempotency.every(Webhookdb::Organization::Alerting.interval).under_key(idemkey) do
+      idem = Webhookdb::Idempotency.every(Webhookdb::Organization::Alerting.interval)
+      idem = idem.using_seperate_connection if separate_connection
+      idem.under_key("orgalert-#{signature}-#{c.id}") do
         sent_last_day = Webhookdb::Message::Delivery.
           where(template: message_template.full_template_name, recipient: c).
           where { created_at > yesterday }.

data/lib/webhookdb/organization/database_migration.rb

@@ -4,7 +4,7 @@ class Webhookdb::Organization::DatabaseMigration < Webhookdb::Postgres::Model(:o
   include Webhookdb::Dbutil
 
   class MigrationInProgress < Webhookdb::DatabaseLocked; end
-  class MigrationAlreadyFinished < StandardError; end
+  class MigrationAlreadyFinished < Webhookdb::WebhookdbError; end
 
   plugin :timestamps
   plugin :text_searchable, terms: [:organization, :started_by]
@@ -112,7 +112,7 @@ class Webhookdb::Organization::DatabaseMigration < Webhookdb::Postgres::Model(:o
     tscol = svc.timestamp_column.name
     dstdb[svc.qualified_table_sequel_identifier].
       insert_conflict(
-        target: svc.remote_key_column.name,
+        target: svc._upsert_conflict_target,
         update_where: svc._update_where_expr,
       ).multi_insert(chunk)
     self.update(last_migrated_timestamp: chunk.last[tscol])

data/lib/webhookdb/organization/db_builder.rb

@@ -22,7 +22,7 @@ class Webhookdb::Organization::DbBuilder
   include Webhookdb::Dbutil
   extend Webhookdb::MethodUtilities
 
-  class IsolatedOperationError < StandardError; end
+  class IsolatedOperationError < Webhookdb::ProgrammingError; end
 
   DATABASE = "database"
   SCHEMA = "schema"
@@ -282,7 +282,7 @@ class Webhookdb::Organization::DbBuilder
   # (and we probably don't want the admin role trying to delete itself).
   def remove_related_database
     return if @org.admin_connection_url_raw.blank?
-    superuser_str = self._find_superuser_url_str
+    superuser_str = self.find_superuser_url_str
     # Cannot use conn cache since we may be removing ourselves
     borrow_conn(superuser_str) do |conn|
       case self.class.isolation_mode
@@ -309,7 +309,8 @@ class Webhookdb::Organization::DbBuilder
     end
   end
 
-  protected def _find_superuser_url_str
+  # Find the superuser connection URL for the organization's database.
+  def find_superuser_url_str
     admin_url = URI.parse(@org.admin_connection_url_raw)
     superuser_str = self.class.available_server_urls.find do |sstr|
       surl = URI.parse(sstr)
@@ -325,7 +326,7 @@ class Webhookdb::Organization::DbBuilder
   def roll_connection_credentials
     raise IsolatedOperationError, "cannot roll credentials without a user isolation mode" unless
       self.class.isolate?(USER)
-    superuser_uri = URI(self._find_superuser_url_str)
+    superuser_uri = URI(self.find_superuser_url_str)
     orig_readonly_user = URI(@org.readonly_connection_url_raw).user
     ro_user = self.randident("ro")
     ro_pwd = self.randident

data/lib/webhookdb/organization/error_handler.rb

@@ -0,0 +1,141 @@
+# frozen_string_literal: true
+
+require "premailer"
+
+class Webhookdb::Organization::ErrorHandler < Webhookdb::Postgres::Model(:organization_error_handlers)
+  include Webhookdb::Dbutil
+
+  DOCS_URL = "https://docs.webhookdb.com/docs/integrating/error-handlers.html"
+
+  plugin :timestamps
+
+  many_to_one :organization, class: "Webhookdb::Organization"
+  many_to_one :created_by, class: "Webhookdb::Customer"
+
+  # @param tmpl [Webhookdb::Message::Template]
+  def payload_for_template(tmpl)
+    params = {
+      error_type: tmpl.class.name.split("::").last.underscore,
+      details: tmpl.liquid_drops.to_h,
+      signature: tmpl.signature,
+      organization_key: self.organization.key,
+      service_integration_id: tmpl.service_integration.opaque_id,
+      service_integration_name: tmpl.service_integration.service_name,
+      service_integration_table: tmpl.service_integration.table_name,
+    }
+    recipient = Webhookdb::Message::Transport.for(:email).recipient(Webhookdb.support_email)
+    message = Webhookdb::Message.render(tmpl, :email, recipient)
+    message = message.to_s.strip
+    message = Premailer.new(
+      message,
+      with_html_string: true,
+      warn_level: Premailer::Warnings::SAFE,
+    )
+    message = message.to_plain_text
+    params[:message] = message
+    return params
+  end
+
+  def dispatch(payload)
+    if self.sentry?
+      self._handle_sentry(payload)
+      return
+    end
+
+    Webhookdb::Http.post(
+      self.url,
+      payload,
+      timeout: Webhookdb::Organization::Alerting.error_handler_timeout,
+      logger: self.logger,
+    )
+  end
+
+  def sentry?
+    u = URI(self.url)
+    return u.scheme == "sentry" || u.host&.end_with?("sentry.io")
+  end
+
+  MAX_SENTRY_TAG_CHARS = 200
+
+  # See https://develop.sentry.dev/sdk/data-model/envelopes/ for directly posting to Sentry.
+  # We do NOT want to use the SDK here, since we do not want to leak anything,
+  # and anyway, the runtime information is not important.
+  def _handle_sentry(payload)
+    payload = payload.deep_symbolize_keys
+    now = Time.now.utc
+    # We can assume the url is the Sentry DSN
+    u = URI(self.url)
+    key = u.user
+    project_id = u.path.delete("/")
+    # Give some valid value for this, though it's not accurate.
+    client = "sentry-ruby/5.22.1"
+    ts = now.to_i
+    # Auth headers are done by capturing an actual request. The docs aren't clear about their format.
+    # It's possible using the DSN auth would also work but let's use this.
+    headers = {
+      "Content-Type" => "application/x-sentry-envelope",
+      "X-Sentry-Auth" => "Sentry sentry_version=7, sentry_key=#{key}, sentry_client=#{client}, sentry_timestamp=#{ts}",
+    }
+    event_id = Uuidx.v4
+    # The first line will be used as the title.
+    message = "WebhookDB Error in #{payload.fetch(:service_integration_name)}\n\n#{payload.fetch(:message)}"
+    # Let the caller set the level through query params
+    level = URI.decode_www_form(u.query || "").to_h.fetch("level", "warning")
+
+    # Split structured data into 'extra' (cannot be searched on, just shows in the UI)
+    # and 'tags' (can be searched/faceted on, shows in the right bar).
+    ignore_tags = Webhookdb::Message::Template.new.liquid_drops.keys.to_set
+    tags, extra = payload.fetch(:details).partition do |k, v|
+      # Non-strings are always tags
+      next true unless v.is_a?(String)
+      # Never tag on basic stuff that doesn't change ever
+      next false if ignore_tags.include?(k)
+      # Unstructured strings may include spaces or braces, and are not tags
+      next false if v.include?(" ") || v.include?("{")
+      # If it's a small string, treat it as a tag.
+      v.size < MAX_SENTRY_TAG_CHARS
+    end
+
+    # Envelope structure is a multiline JSON file, I guess jsonl format
+    envelopes = [
+      {event_id:, sent_at: now.iso8601},
+      {type: "event", content_type: "application/json"},
+      {
+        event_id:,
+        timestamp: now.iso8601,
+        platform: "ruby",
+        level:,
+        transaction: payload.fetch(:service_integration_table),
+        release: "webhookdb@#{Webhookdb::RELEASE}",
+        environment: Webhookdb::RACK_ENV,
+        tags: tags.to_h,
+        extra: extra.to_h,
+        # We should use the same grouping for these messages as we would for emails
+        fingerprint: [payload.fetch(:signature)],
+        message: message,
+      },
+    ]
+    body = envelopes.map(&:to_json).join("\n")
+    store_url = URI(self.url)
+    store_url.scheme = "https" if store_url.scheme == "sentry"
+    store_url.user = nil
+    store_url.password = nil
+    store_url.path = "/api/#{project_id}/envelope/"
+    store_url.query = ""
+    Webhookdb::Http.post(
+      store_url.to_s,
+      body,
+      headers:,
+      timeout: Webhookdb::Organization::Alerting.error_handler_timeout,
+      logger: self.logger,
+    )
+  end
+
+  #
+  # :Sequel Hooks:
+  #
+
+  def before_create
+    self[:opaque_id] ||= Webhookdb::Id.new_opaque_id("oeh")
+  end
+end

data/lib/webhookdb/organization.rb

@@ -7,7 +7,9 @@ require "webhookdb/stripe"
 require "webhookdb/jobs/replication_migration"
 
 class Webhookdb::Organization < Webhookdb::Postgres::Model(:organizations)
-  class SchemaMigrationError < StandardError; end
+  include Webhookdb::Admin::Linked
+
+  class SchemaMigrationError < Webhookdb::ProgrammingError; end
 
   plugin :timestamps
   plugin :soft_deletes
@@ -35,6 +37,7 @@ class Webhookdb::Organization < Webhookdb::Postgres::Model(:organizations)
               adder: ->(om) { om.update(organization_id: id, verified: false) },
               order: :id
   one_to_many :service_integrations, class: "Webhookdb::ServiceIntegration", order: :id
+  one_to_many :error_handlers, class: "Webhookdb::Organization::ErrorHandler", order: :id
   one_to_many :saved_queries, class: "Webhookdb::SavedQuery", order: :id
   one_to_many :saved_views, class: "Webhookdb::SavedView", order: :id
   one_to_many :webhook_subscriptions, class: "Webhookdb::WebhookSubscription", order: :id
@@ -156,7 +159,7 @@ class Webhookdb::Organization < Webhookdb::Postgres::Model(:organizations)
     result = self.execute_readonly_query(sql)
     return result, nil
   rescue Sequel::DatabaseError => e
-    self.logger.error("db_query_database_error", error: e)
+    self.logger.error("db_query_database_error", e)
     # We want to handle InsufficientPrivileges and UndefinedTable explicitly
     # since we can hint the user at what to do.
     # Otherwise, we should just return the Postgres exception.
@@ -229,9 +232,10 @@ class Webhookdb::Organization < Webhookdb::Postgres::Model(:organizations)
     return "#{self.name} (#{self.key})"
   end
 
-  def prepare_database_connections?
-    return self.prepare_database_connections(safe: true)
-  end
+  # @return [Webhookdb::Organization::DbBuilder]
+  def db_builder = Webhookdb::Organization::DbBuilder.new(self)
+
+  def prepare_database_connections? = self.prepare_database_connections(safe: true)
 
   # Build the org-specific users, database, and set our connection URLs to it.
   # @param safe [*] If true, noop if connection urls are set.
@@ -242,7 +246,7 @@ class Webhookdb::Organization < Webhookdb::Postgres::Model(:organizations)
         return if safe
         raise Webhookdb::InvalidPrecondition, "connections already set"
       end
-      builder = Webhookdb::Organization::DbBuilder.new(self)
+      builder = self.db_builder
       builder.prepare_database_connections
       self.admin_connection_url_raw = builder.admin_url
       self.readonly_connection_url_raw = builder.readonly_url
@@ -264,7 +268,7 @@ class Webhookdb::Organization < Webhookdb::Postgres::Model(:organizations)
       end
       # Use the raw URL, even though we know at this point
       # public_host is empty so raw and public host urls are the same.
-      Webhookdb::Organization::DbBuilder.new(self).create_public_host_cname(self.readonly_connection_url_raw)
+      self.db_builder.create_public_host_cname(self.readonly_connection_url_raw)
       self.save_changes
     end
   end
@@ -274,7 +278,7 @@ class Webhookdb::Organization < Webhookdb::Postgres::Model(:organizations)
   def remove_related_database
     self.db.transaction do
       self.lock!
-      Webhookdb::Organization::DbBuilder.new(self).remove_related_database
+      self.db_builder.remove_related_database
       self.admin_connection_url_raw = ""
       self.readonly_connection_url_raw = ""
       self.save_changes
@@ -375,7 +379,7 @@ class Webhookdb::Organization < Webhookdb::Postgres::Model(:organizations)
   def roll_database_credentials
     self.db.transaction do
       self.lock!
-      builder = Webhookdb::Organization::DbBuilder.new(self)
+      builder = self.db_builder
       builder.roll_connection_credentials
       self.admin_connection_url_raw = builder.admin_url
       self.readonly_connection_url_raw = builder.readonly_url
@@ -387,7 +391,7 @@ class Webhookdb::Organization < Webhookdb::Postgres::Model(:organizations)
     Webhookdb::DBAdapter.validate_identifier!(schema, type: "schema")
     Webhookdb::Organization::DatabaseMigration.guard_ongoing!(self)
     raise SchemaMigrationError, "destination and target schema are the same" if schema == self.replication_schema
-    builder = Webhookdb::Organization::DbBuilder.new(self)
+    builder = self.db_builder
     sql = builder.migration_replication_schema_sql(self.replication_schema, schema)
     self.admin_connection(transaction: true) do |db|
       db << sql
@@ -454,6 +458,17 @@ class Webhookdb::Organization < Webhookdb::Postgres::Model(:organizations)
     return self.add_all_membership(opts)
   end
 
+  def close(confirm:)
+    raise Webhookdb::InvalidPrecondition, "confirm must be true to close the org" unless confirm
+    unless self.service_integrations_dataset.empty?
+      msg = "Organization[#{self.key} cannot close with active service integrations"
+      raise Webhookdb::InvalidPrecondition, msg
+    end
+    memberships = self.all_memberships_dataset.all.each(&:destroy)
+    self.destroy
+    return [self, memberships]
+  end
+
   # SUBSCRIPTION PERMISSIONS
 
   def active_subscription?
@@ -499,6 +514,57 @@ class Webhookdb::Organization < Webhookdb::Postgres::Model(:organizations)
 
   # @!attribute service_integrations
   #   @return [Array<Webhookdb::ServiceIntegration>]
+
+  # @!attribute created_at
+  #   @return [Time,nil]
+
+  # @!attribute updated_at
+  #   @return [Time,nil]
+
+  # @!attribute soft_deleted_at
+  #   @return [Time,nil]
+
+  # @!attribute name
+  #   @return [String]
+
+  # @!attribute key
+  #   @return [String]
+
+  # @!attribute billing_email
+  #   @return [String]
+
+  # @!attribute stripe_customer_id
+  #   @return [String]
+
+  # @!attribute readonly_connection_url_raw
+  #   @return [String]
+
+  # @!attribute admin_connection_url_raw
+  #   @return [String]
+
+  # @!attribute public_host
+  #   @return [String]
+
+  # @!attribute cloudflare_dns_record_json
+  #   @return [Hash]
+
+  # @!attribute replication_schema
+  #   @return [String]
+
+  # @!attribute job_semaphore_size
+  #   @return [Integer]
+
+  # @!attribute minimum_sync_seconds
+  #   @return [Integer]
+
+  # @!attribute sync_target_timeout
+  #   @return [Integer]
+
+  # @!attribute max_query_rows
+  #   @return [Integer]
+
+  # @!attribute priority_backfill
+  #   @return [true,false]
 end
 
 require "webhookdb/organization/alerting"

data/lib/webhookdb/postgres/model.rb

@@ -7,6 +7,7 @@ require "sequel"
 require "tsort"
 
 require "webhookdb"
+require "webhookdb/admin"
 require "webhookdb/postgres"
 require "webhookdb/postgres/validations"
 require "webhookdb/postgres/model_utilities"

data/lib/webhookdb/postgres/model_utilities.rb

@@ -208,7 +208,9 @@ module Webhookdb::Postgres::ModelUtilities
       rescue NoMethodError
         encrypted = Set.new
       end
+      text_search_col = self.class.respond_to?(:text_search_column) && self.class.text_search_column
       values = values.map do |(k, v)|
+        next "#{k}: {#{v.size}}" if k == text_search_col
         k = k.to_s
         v = if v.is_a?(Time)
               self.inspect_time(v)

data/lib/webhookdb/postgres.rb

@@ -13,7 +13,7 @@ module Webhookdb::Postgres
   extend Webhookdb::MethodUtilities
   include Appydays::Loggable
 
-  class InTransaction < StandardError; end
+  class InTransaction < Webhookdb::ProgrammingError; end
 
   singleton_attr_accessor :unsafe_skip_transaction_check
   @unsafe_skip_transaction_check = false
@@ -59,6 +59,7 @@ module Webhookdb::Postgres
     "webhookdb/oauth/session",
     "webhookdb/organization",
     "webhookdb/organization/database_migration",
+    "webhookdb/organization/error_handler",
     "webhookdb/organization_membership",
     "webhookdb/role",
     "webhookdb/saved_query",
@@ -66,6 +67,7 @@ module Webhookdb::Postgres
     "webhookdb/service_integration",
     "webhookdb/subscription",
     "webhookdb/sync_target",
+    "webhookdb/system_log_event",
     "webhookdb/webhook_subscription",
     "webhookdb/webhook_subscription/delivery",
   ].freeze
@@ -81,7 +83,6 @@ module Webhookdb::Postgres
   ### Register the given +superclass+ as a base class for a set of models, for operations
   ### which should happen on all the current database connections.
   def self.register_model_superclass(superclass)
-    self.logger.debug "Registered model superclass: %p" % [superclass]
     self.model_superclasses << superclass
   end
 
@@ -92,8 +93,6 @@ module Webhookdb::Postgres
 
   ### Add a +path+ to require once the database connection is set.
   def self.register_model(path)
-    self.logger.debug "Registered model for requiring: %s" % [path]
-
     # If the connection's set, require the path immediately.
     if self.model_superclasses.any?(&:db)
       Appydays::Loggable[self].silence(:fatal) do