npm - @oneuptime/common - Versions diffs - 10.2.1 → 10.2.3 - Mend

@oneuptime/common 10.2.1 → 10.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (77) hide show

package/Server/Services/UserWebhookService.ts ADDED Viewed

@@ -0,0 +1,208 @@
+import CreateBy from "../Types/Database/CreateBy";
+import DeleteBy from "../Types/Database/DeleteBy";
+import { OnCreate, OnDelete } from "../Types/Database/Hooks";
+import DatabaseService from "./DatabaseService";
+import UserNotificationRuleService from "./UserNotificationRuleService";
+import LIMIT_MAX from "../../Types/Database/LimitMax";
+import BadDataException from "../../Types/Exception/BadDataException";
+import Model from "../../Models/DatabaseModels/UserWebhook";
+import URL from "../../Types/API/URL";
+import logger from "../Utils/Logger";
+import CaptureSpan from "../Utils/Telemetry/CaptureSpan";
+export class Service extends DatabaseService<Model> {
+  public constructor() {
+    super(Model);
+  }
+  @CaptureSpan()
+  protected override async onBeforeCreate(
+    createBy: CreateBy<Model>,
+  ): Promise<OnCreate<Model>> {
+    if (!createBy.data.webhookUrl) {
+      throw new BadDataException("Webhook URL is required");
+    }
+    if (!createBy.data.name) {
+      throw new BadDataException("Webhook name is required");
+    }
+    this.validateWebhookUrl(createBy.data.webhookUrl);
+    return {
+      createBy,
+      carryForward: null,
+    };
+  }
+  @CaptureSpan()
+  protected override async onCreateSuccess(
+    _onCreate: OnCreate<Model>,
+    createdItem: Model,
+  ): Promise<Model> {
+    /* Webhooks skip verification, so default on-call rules are seeded at create time. */
+    if (createdItem.projectId && createdItem.userId && createdItem.id) {
+      try {
+        await UserNotificationRuleService.addDefaultNotificationRulesForVerifiedMethod(
+          {
+            projectId: createdItem.projectId,
+            userId: createdItem.userId,
+            notificationMethod: {
+              userWebhookId: createdItem.id,
+            },
+          },
+        );
+      } catch (err) {
+        logger.error(err);
+      }
+    }
+    return createdItem;
+  }
+  @CaptureSpan()
+  protected override async onBeforeDelete(
+    deleteBy: DeleteBy<Model>,
+  ): Promise<OnDelete<Model>> {
+    const itemsToDelete: Array<Model> = await this.findBy({
+      query: deleteBy.query,
+      select: {
+        _id: true,
+        projectId: true,
+      },
+      skip: 0,
+      limit: LIMIT_MAX,
+      props: {
+        isRoot: true,
+      },
+    });
+    for (const item of itemsToDelete) {
+      await UserNotificationRuleService.deleteBy({
+        query: {
+          userWebhookId: item.id!,
+          projectId: item.projectId!,
+        },
+        limit: LIMIT_MAX,
+        skip: 0,
+        props: {
+          isRoot: true,
+        },
+      });
+    }
+    return {
+      deleteBy,
+      carryForward: null,
+    };
+  }
+  private validateWebhookUrl(rawUrl: string): void {
+    let parsed: URL;
+    try {
+      parsed = URL.fromString(rawUrl);
+    } catch {
+      throw new BadDataException("Webhook URL is not a valid URL");
+    }
+    const protocolValue: string = parsed.protocol.toString().toLowerCase();
+    if (protocolValue !== "http://" && protocolValue !== "https://") {
+      throw new BadDataException(
+        "Webhook URL must use http or https protocol.",
+      );
+    }
+    const hostname: string = parsed.hostname.hostname.toLowerCase();
+    if (!hostname) {
+      throw new BadDataException("Webhook URL must include a host.");
+    }
+    if (isBlockedHostnameLiteral(hostname)) {
+      throw new BadDataException(
+        "Webhook URL points to a private, loopback, or link-local address and is not allowed.",
+      );
+    }
+  }
+}
+function isBlockedHostnameLiteral(hostname: string): boolean {
+  if (
+    hostname === "localhost" ||
+    hostname.endsWith(".localhost") ||
+    hostname === "metadata.google.internal"
+  ) {
+    return true;
+  }
+  // IPv4 literal check
+  const ipv4Match: RegExpMatchArray | null = hostname.match(
+    /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/,
+  );
+  if (ipv4Match) {
+    const octets: Array<number> = [
+      Number(ipv4Match[1]),
+      Number(ipv4Match[2]),
+      Number(ipv4Match[3]),
+      Number(ipv4Match[4]),
+    ];
+    if (
+      octets.some((o: number) => {
+        return o < 0 || o > 255;
+      })
+    ) {
+      return true;
+    }
+    // 0.0.0.0/8
+    if (octets[0] === 0) {
+      return true;
+    }
+    // 127.0.0.0/8 loopback
+    if (octets[0] === 127) {
+      return true;
+    }
+    // 10.0.0.0/8
+    if (octets[0] === 10) {
+      return true;
+    }
+    // 172.16.0.0/12
+    if (octets[0] === 172 && (octets[1]! & 0xf0) === 16) {
+      return true;
+    }
+    // 192.168.0.0/16
+    if (octets[0] === 192 && octets[1] === 168) {
+      return true;
+    }
+    // 169.254.0.0/16 link-local (incl. cloud metadata)
+    if (octets[0] === 169 && octets[1] === 254) {
+      return true;
+    }
+    // 100.64.0.0/10 carrier-grade NAT
+    if (octets[0] === 100 && (octets[1]! & 0xc0) === 64) {
+      return true;
+    }
+    return false;
+  }
+  // IPv6 literal — block loopback, link-local, unique-local
+  if (hostname.includes(":")) {
+    const stripped: string = hostname.replace(/^\[|\]$/g, "");
+    if (stripped === "::1" || stripped === "::") {
+      return true;
+    }
+    if (stripped.startsWith("fe80:") || stripped.startsWith("fe80::")) {
+      return true;
+    }
+    if (IPV6_UNIQUE_LOCAL_REGEX.test(stripped)) {
+      return true;
+    }
+  }
+  return false;
+}
+const IPV6_UNIQUE_LOCAL_REGEX: RegExp = /^f[cd][0-9a-f]{2}:/;
+export default new Service();

package/Server/Services/WebhookLogService.ts ADDED Viewed

@@ -0,0 +1,15 @@
+import { IsBillingEnabled } from "../EnvironmentConfig";
+import DatabaseService from "./DatabaseService";
+import Model from "../../Models/DatabaseModels/WebhookLog";
+export class Service extends DatabaseService<Model> {
+  public constructor() {
+    super(Model);
+    if (IsBillingEnabled) {
+      this.hardDeleteItemsOlderThanInDays("createdAt", 3);
+    }
+  }
+}
+export default new Service();

package/Server/Services/WebhookService.ts ADDED Viewed

@@ -0,0 +1,126 @@
+import { AppApiHostname } from "../EnvironmentConfig";
+import ClusterKeyAuthorization from "../Middleware/ClusterKeyAuthorization";
+import BaseService from "./BaseService";
+import EmptyResponseData from "../../Types/API/EmptyResponse";
+import HTTPResponse from "../../Types/API/HTTPResponse";
+import HTTPErrorResponse from "../../Types/API/HTTPErrorResponse";
+import Protocol from "../../Types/API/Protocol";
+import Route from "../../Types/API/Route";
+import URL from "../../Types/API/URL";
+import { JSONObject } from "../../Types/JSON";
+import ObjectID from "../../Types/ObjectID";
+import WebhookMessage from "../../Types/Webhook/WebhookMessage";
+import API from "../../Utils/API";
+import CaptureSpan from "../Utils/Telemetry/CaptureSpan";
+export class WebhookService extends BaseService {
+  public constructor() {
+    super();
+  }
+  @CaptureSpan()
+  public async sendWebhook(
+    message: WebhookMessage,
+    options: {
+      projectId?: ObjectID | undefined;
+      userOnCallLogTimelineId?: ObjectID | undefined;
+      incidentId?: ObjectID | undefined;
+      alertId?: ObjectID | undefined;
+      monitorId?: ObjectID | undefined;
+      scheduledMaintenanceId?: ObjectID | undefined;
+      statusPageId?: ObjectID | undefined;
+      statusPageAnnouncementId?: ObjectID | undefined;
+      userId?: ObjectID | undefined;
+      onCallPolicyId?: ObjectID | undefined;
+      onCallPolicyEscalationRuleId?: ObjectID | undefined;
+      onCallDutyPolicyExecutionLogTimelineId?: ObjectID | undefined;
+      onCallScheduleId?: ObjectID | undefined;
+      teamId?: ObjectID | undefined;
+    } = {},
+  ): Promise<HTTPResponse<EmptyResponseData> | HTTPErrorResponse> {
+    const body: JSONObject = {
+      url: message.url,
+      eventType: message.eventType,
+      payload: message.payload,
+    };
+    if (message.secret) {
+      body["secret"] = message.secret;
+    }
+    if (options.projectId) {
+      body["projectId"] = options.projectId.toString();
+    }
+    if (options.userOnCallLogTimelineId) {
+      body["userOnCallLogTimelineId"] =
+        options.userOnCallLogTimelineId.toString();
+    }
+    if (options.incidentId) {
+      body["incidentId"] = options.incidentId.toString();
+    }
+    if (options.alertId) {
+      body["alertId"] = options.alertId.toString();
+    }
+    if (options.monitorId) {
+      body["monitorId"] = options.monitorId.toString();
+    }
+    if (options.scheduledMaintenanceId) {
+      body["scheduledMaintenanceId"] =
+        options.scheduledMaintenanceId.toString();
+    }
+    if (options.statusPageId) {
+      body["statusPageId"] = options.statusPageId.toString();
+    }
+    if (options.statusPageAnnouncementId) {
+      body["statusPageAnnouncementId"] =
+        options.statusPageAnnouncementId.toString();
+    }
+    if (options.userId) {
+      body["userId"] = options.userId.toString();
+    }
+    if (options.onCallPolicyId) {
+      body["onCallPolicyId"] = options.onCallPolicyId.toString();
+    }
+    if (options.onCallPolicyEscalationRuleId) {
+      body["onCallPolicyEscalationRuleId"] =
+        options.onCallPolicyEscalationRuleId.toString();
+    }
+    if (options.onCallDutyPolicyExecutionLogTimelineId) {
+      body["onCallDutyPolicyExecutionLogTimelineId"] =
+        options.onCallDutyPolicyExecutionLogTimelineId.toString();
+    }
+    if (options.onCallScheduleId) {
+      body["onCallScheduleId"] = options.onCallScheduleId.toString();
+    }
+    if (options.teamId) {
+      body["teamId"] = options.teamId.toString();
+    }
+    return await API.post<EmptyResponseData>({
+      url: new URL(
+        Protocol.HTTP,
+        AppApiHostname,
+        new Route("/api/notification/webhook/send"),
+      ),
+      data: body,
+      headers: {
+        ...ClusterKeyAuthorization.getClusterKeyHeaders(),
+      },
+    });
+  }
+}
+export default new WebhookService();

package/Types/OnCallDutyPolicy/UserOverrideUtil.ts ADDED Viewed

@@ -0,0 +1,155 @@
+import CalendarEvent from "../Calendar/CalendarEvent";
+import OneUptimeDate from "../Date";
+export interface UserOverrideRecord {
+  overrideUserId: string;
+  routeAlertsToUserId: string;
+  startsAt: Date;
+  endsAt: Date;
+  // null/undefined means global override (applies to all on-call duty policies)
+  onCallDutyPolicyId?: string | null | undefined;
+}
+export interface OverrideEventMeta {
+  isOverride: true;
+  originalUserId: string;
+  overrideUserId: string;
+  overrideStartsAt: Date;
+  overrideEndsAt: Date;
+}
+/*
+ * CalendarEvent extends JSONObject so it accepts string-indexed metadata.
+ * We attach the override info under a known key so downstream consumers can
+ * detect and render the substitution distinctly.
+ */
+export const OVERRIDE_META_KEY: string = "_override";
+export default class UserOverrideUtil {
+  /**
+   * Returns true when this override should be applied on top of the schedule
+   * events. Global overrides always apply; policy-scoped overrides apply to
+   * any schedule, since a schedule's calendar shows coverage information for
+   * every user who could potentially be paged through it.
+   */
+  public static isOverrideApplicable(_override: UserOverrideRecord): boolean {
+    return true;
+  }
+  public static applyOverridesToEvents(data: {
+    events: Array<CalendarEvent>;
+    overrides: Array<UserOverrideRecord>;
+  }): Array<CalendarEvent> {
+    const applicable: Array<UserOverrideRecord> = data.overrides.filter(
+      UserOverrideUtil.isOverrideApplicable,
+    );
+    if (applicable.length === 0) {
+      return data.events;
+    }
+    let working: Array<CalendarEvent> = data.events;
+    for (const override of applicable) {
+      const next: Array<CalendarEvent> = [];
+      for (const event of working) {
+        next.push(...UserOverrideUtil.splitEventByOverride(event, override));
+      }
+      working = next;
+    }
+    return UserOverrideUtil.reassignEventIds(working);
+  }
+  private static splitEventByOverride(
+    event: CalendarEvent,
+    override: UserOverrideRecord,
+  ): Array<CalendarEvent> {
+    if (event.title !== override.overrideUserId) {
+      return [event];
+    }
+    // Override window doesn't overlap event window at all.
+    if (
+      OneUptimeDate.isAfter(override.startsAt, event.end) ||
+      OneUptimeDate.isSame(override.startsAt, event.end) ||
+      OneUptimeDate.isBefore(override.endsAt, event.start) ||
+      OneUptimeDate.isSame(override.endsAt, event.start)
+    ) {
+      return [event];
+    }
+    const overrideStart: Date = OneUptimeDate.isAfter(
+      override.startsAt,
+      event.start,
+    )
+      ? override.startsAt
+      : event.start;
+    const overrideEnd: Date = OneUptimeDate.isBefore(override.endsAt, event.end)
+      ? override.endsAt
+      : event.end;
+    const segments: Array<CalendarEvent> = [];
+    // Segment before the override window — original user remains on call.
+    if (OneUptimeDate.isBefore(event.start, overrideStart)) {
+      segments.push({
+        ...event,
+        end: overrideStart,
+      });
+    }
+    // Override window — substitute user takes over.
+    const meta: OverrideEventMeta = {
+      isOverride: true,
+      originalUserId: override.overrideUserId,
+      overrideUserId: override.routeAlertsToUserId,
+      overrideStartsAt: override.startsAt,
+      overrideEndsAt: override.endsAt,
+    };
+    segments.push({
+      ...event,
+      start: overrideStart,
+      end: overrideEnd,
+      title: override.routeAlertsToUserId,
+      [OVERRIDE_META_KEY]: meta as unknown as never,
+    });
+    // Segment after the override window — original user resumes.
+    if (OneUptimeDate.isAfter(event.end, overrideEnd)) {
+      segments.push({
+        ...event,
+        start: overrideEnd,
+      });
+    }
+    return segments;
+  }
+  private static reassignEventIds(
+    events: Array<CalendarEvent>,
+  ): Array<CalendarEvent> {
+    let id: number = 1;
+    return events.map((event: CalendarEvent) => {
+      return { ...event, id: id++ };
+    });
+  }
+  public static getOverrideMeta(
+    event: CalendarEvent,
+  ): OverrideEventMeta | null {
+    const meta: unknown = (event as unknown as Record<string, unknown>)[
+      OVERRIDE_META_KEY
+    ];
+    if (
+      meta &&
+      typeof meta === "object" &&
+      (meta as { isOverride?: boolean }).isOverride === true
+    ) {
+      return meta as OverrideEventMeta;
+    }
+    return null;
+  }
+}

package/Types/Permission.ts CHANGED Viewed

@@ -275,6 +275,7 @@ enum Permission {
   ReadEmailLog = "ReadEmailLog",
   ReadCallLog = "ReadCallLog",
   ReadPushLog = "ReadPushLog",
+  ReadWebhookLog = "ReadWebhookLog",
   ReadWorkspaceNotificationLog = "ReadWorkspaceNotificationLog",
   ReadLlmLog = "ReadLlmLog",
@@ -527,6 +528,11 @@ enum Permission {
   EditProjectSSO = "EditProjectSSO",
   ReadProjectSSO = "ReadProjectSSO",
+  CreateProjectOIDC = "CreateProjectOIDC",
+  DeleteProjectOIDC = "DeleteProjectOIDC",
+  EditProjectOIDC = "EditProjectOIDC",
+  ReadProjectOIDC = "ReadProjectOIDC",
   CreateStatusPageSSO = "CreateStatusPageSSO",
   DeleteStatusPageSSO = "DeleteStatusPageSSO",
   EditStatusPageSSO = "EditStatusPageSSO",
@@ -2949,6 +2955,43 @@ export class PermissionHelper {
         group: PermissionGroup.Settings,
       },
+      {
+        permission: Permission.CreateProjectOIDC,
+        title: "Create Project OIDC",
+        description: "This permission can create Project OIDC in this project.",
+        isAssignableToTenant: true,
+        isAccessControlPermission: false,
+        isRolePermission: false,
+        group: PermissionGroup.Settings,
+      },
+      {
+        permission: Permission.DeleteProjectOIDC,
+        title: "Delete Project OIDC",
+        description: "This permission can delete Project OIDC in this project.",
+        isAssignableToTenant: true,
+        isAccessControlPermission: false,
+        isRolePermission: false,
+        group: PermissionGroup.Settings,
+      },
+      {
+        permission: Permission.EditProjectOIDC,
+        title: "Edit Project OIDC",
+        description: "This permission can edit Project OIDC in this project.",
+        isAssignableToTenant: true,
+        isAccessControlPermission: false,
+        isRolePermission: false,
+        group: PermissionGroup.Settings,
+      },
+      {
+        permission: Permission.ReadProjectOIDC,
+        title: "Read Project OIDC",
+        description: "This permission can read Project OIDC in this project.",
+        isAssignableToTenant: true,
+        isAccessControlPermission: false,
+        isRolePermission: false,
+        group: PermissionGroup.Settings,
+      },
       {
         permission: Permission.CreateStatusPageSSO,
         title: "Create Status Page SSO",
@@ -4718,6 +4761,17 @@ export class PermissionHelper {
         group: PermissionGroup.NotificationLog,
       },
+      {
+        permission: Permission.ReadWebhookLog,
+        title: "Read Webhook Log",
+        description:
+          "This permission can read outbound Webhook request Logs of this project.",
+        isAssignableToTenant: true,
+        isAccessControlPermission: false,
+        isRolePermission: false,
+        group: PermissionGroup.NotificationLog,
+      },
       {
         permission: Permission.ReadWorkspaceNotificationLog,
         title: "Read Workspace Notification Log",

package/Types/Webhook/WebhookMessage.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import { JSONObject } from "../JSON";
+export default interface WebhookMessage {
+  url: string;
+  eventType: string;
+  payload: JSONObject;
+  secret?: string | undefined;
+}

package/Types/WebhookStatus.ts ADDED Viewed

@@ -0,0 +1,6 @@
+enum WebhookStatus {
+  Success = "Success",
+  Error = "Error",
+}
+export default WebhookStatus;