@oneuptime/common 10.2.2 → 10.2.3

package/Server/Services/UserNotificationRuleService.ts

@@ -10,6 +10,7 @@ import MailService from "./MailService";
 import ShortLinkService from "./ShortLinkService";
 import SmsService from "./SmsService";
 import TelegramService from "./TelegramService";
+import WebhookService from "./WebhookService";
 import WhatsAppService from "./WhatsAppService";
 import UserEmailService from "./UserEmailService";
 import UserOnCallLogService from "./UserOnCallLogService";
@@ -28,6 +29,7 @@ import Email from "../../Types/Email";
 import EmailMessage from "../../Types/Email/EmailMessage";
 import EmailTemplateType from "../../Types/Email/EmailTemplateType";
 import BadDataException from "../../Types/Exception/BadDataException";
+import { JSONObject } from "../../Types/JSON";
 import NotificationRuleType from "../../Types/NotificationRule/NotificationRuleType";
 import ObjectID from "../../Types/ObjectID";
 import PushDeviceType from "../../Types/PushNotification/PushDeviceType";
@@ -78,6 +80,7 @@ export interface NotificationMethodDescriptor {
   userWhatsAppId?: ObjectID;
   userTelegramId?: ObjectID;
   userPushId?: ObjectID;
+  userWebhookId?: ObjectID;
 }
 
 export class Service extends DatabaseService<Model> {
@@ -173,6 +176,11 @@ export class Service extends DatabaseService<Model> {
           telegramUserHandle: true,
           isVerified: true,
         },
+        userWebhook: {
+          webhookUrl: true,
+          name: true,
+          secret: true,
+        },
         userEmail: {
           email: true,
           isVerified: true,
@@ -1082,6 +1090,202 @@ export class Service extends DatabaseService<Model> {
       });
     }
 
+    // send webhook.
+    if (notificationRuleItem.userWebhook?.webhookUrl) {
+      const webhookUrl: string = notificationRuleItem.userWebhook.webhookUrl;
+      const webhookSecret: string | undefined =
+        notificationRuleItem.userWebhook.secret;
+      const userWebhookId: ObjectID = notificationRuleItem.userWebhook.id!;
+
+      const dispatchWebhook: (params: {
+        eventType: string;
+        payload: JSONObject;
+        entityId?: ObjectID;
+        entityKind: "alert" | "incident" | "alertEpisode" | "incidentEpisode";
+      }) => Promise<void> = async (params: {
+        eventType: string;
+        payload: JSONObject;
+        entityId?: ObjectID;
+        entityKind: "alert" | "incident" | "alertEpisode" | "incidentEpisode";
+      }): Promise<void> => {
+        logTimelineItem.status = UserNotificationStatus.Sending;
+        logTimelineItem.statusMessage = `Sending webhook to ${webhookUrl}.`;
+        logTimelineItem.userWebhookId = userWebhookId;
+
+        const updatedLog: UserOnCallLogTimeline =
+          await UserOnCallLogTimelineService.create({
+            data: logTimelineItem,
+            props: {
+              isRoot: true,
+            },
+          });
+
+        const callbacksByKind: {
+          alert?: { alertId?: ObjectID };
+          incident?: { incidentId?: ObjectID };
+        } = {};
+        if (params.entityKind === "alert" && params.entityId) {
+          callbacksByKind.alert = { alertId: params.entityId };
+        } else if (params.entityKind === "incident" && params.entityId) {
+          callbacksByKind.incident = { incidentId: params.entityId };
+        }
+
+        WebhookService.sendWebhook(
+          {
+            url: webhookUrl,
+            eventType: params.eventType,
+            payload: params.payload,
+            secret: webhookSecret,
+          },
+          {
+            projectId: options.projectId,
+            userOnCallLogTimelineId: updatedLog.id!,
+            userId: notificationRuleItem.userId!,
+            onCallPolicyId: options.onCallPolicyId,
+            onCallPolicyEscalationRuleId: options.onCallPolicyEscalationRuleId,
+            teamId: options.userBelongsToTeamId,
+            onCallDutyPolicyExecutionLogTimelineId:
+              options.onCallDutyPolicyExecutionLogTimelineId,
+            onCallScheduleId: options.onCallScheduleId,
+            ...callbacksByKind.alert,
+            ...callbacksByKind.incident,
+          },
+        ).catch(async (err: Error) => {
+          await UserOnCallLogTimelineService.updateOneById({
+            id: updatedLog.id!,
+            data: {
+              status: UserNotificationStatus.Error,
+              statusMessage: err.message || "Error sending webhook.",
+            },
+            props: {
+              isRoot: true,
+            },
+          });
+        });
+      };
+
+      if (
+        options.userNotificationEventType ===
+          UserNotificationEventType.AlertCreated &&
+        alert
+      ) {
+        await dispatchWebhook({
+          eventType: "on-call.alert.created",
+          entityKind: "alert",
+          entityId: alert.id!,
+          payload: {
+            eventType: "on-call.alert.created",
+            timestamp: new Date().toISOString(),
+            projectId: alert.projectId?.toString() || "",
+            userId: notificationRuleItem.userId!.toString(),
+            alert: {
+              id: alert.id?.toString() || "",
+              title: alert.title || "",
+              description: alert.description || "",
+              alertNumber: alert.alertNumber || null,
+              alertNumberWithPrefix: alert.alertNumberWithPrefix || null,
+              severity: alert.alertSeverity?.name || null,
+              state: alert.currentAlertState?.name || null,
+            },
+            onCallPolicyId: options.onCallPolicyId?.toString() || null,
+            onCallPolicyEscalationRuleId:
+              options.onCallPolicyEscalationRuleId?.toString() || null,
+          },
+        });
+      }
+
+      if (
+        options.userNotificationEventType ===
+          UserNotificationEventType.IncidentCreated &&
+        incident
+      ) {
+        await dispatchWebhook({
+          eventType: "on-call.incident.created",
+          entityKind: "incident",
+          entityId: incident.id!,
+          payload: {
+            eventType: "on-call.incident.created",
+            timestamp: new Date().toISOString(),
+            projectId: incident.projectId?.toString() || "",
+            userId: notificationRuleItem.userId!.toString(),
+            incident: {
+              id: incident.id?.toString() || "",
+              title: incident.title || "",
+              description: incident.description || "",
+              incidentNumber: incident.incidentNumber || null,
+              incidentNumberWithPrefix:
+                incident.incidentNumberWithPrefix || null,
+              severity: incident.incidentSeverity?.name || null,
+              state: incident.currentIncidentState?.name || null,
+            },
+            onCallPolicyId: options.onCallPolicyId?.toString() || null,
+            onCallPolicyEscalationRuleId:
+              options.onCallPolicyEscalationRuleId?.toString() || null,
+          },
+        });
+      }
+
+      if (
+        options.userNotificationEventType ===
+          UserNotificationEventType.AlertEpisodeCreated &&
+        alertEpisode
+      ) {
+        await dispatchWebhook({
+          eventType: "on-call.alertEpisode.created",
+          entityKind: "alertEpisode",
+          payload: {
+            eventType: "on-call.alertEpisode.created",
+            timestamp: new Date().toISOString(),
+            projectId: alertEpisode.projectId?.toString() || "",
+            userId: notificationRuleItem.userId!.toString(),
+            alertEpisode: {
+              id: alertEpisode.id?.toString() || "",
+              title: alertEpisode.title || "",
+              description: alertEpisode.description || "",
+              episodeNumber: alertEpisode.episodeNumber || null,
+              episodeNumberWithPrefix:
+                alertEpisode.episodeNumberWithPrefix || null,
+              severity: alertEpisode.alertSeverity?.name || null,
+              state: alertEpisode.currentAlertState?.name || null,
+            },
+            onCallPolicyId: options.onCallPolicyId?.toString() || null,
+            onCallPolicyEscalationRuleId:
+              options.onCallPolicyEscalationRuleId?.toString() || null,
+          },
+        });
+      }
+
+      if (
+        options.userNotificationEventType ===
+          UserNotificationEventType.IncidentEpisodeCreated &&
+        incidentEpisode
+      ) {
+        await dispatchWebhook({
+          eventType: "on-call.incidentEpisode.created",
+          entityKind: "incidentEpisode",
+          payload: {
+            eventType: "on-call.incidentEpisode.created",
+            timestamp: new Date().toISOString(),
+            projectId: incidentEpisode.projectId?.toString() || "",
+            userId: notificationRuleItem.userId!.toString(),
+            incidentEpisode: {
+              id: incidentEpisode.id?.toString() || "",
+              title: incidentEpisode.title || "",
+              description: incidentEpisode.description || "",
+              episodeNumber: incidentEpisode.episodeNumber || null,
+              episodeNumberWithPrefix:
+                incidentEpisode.episodeNumberWithPrefix || null,
+              severity: incidentEpisode.incidentSeverity?.name || null,
+              state: incidentEpisode.currentIncidentState?.name || null,
+            },
+            onCallPolicyId: options.onCallPolicyId?.toString() || null,
+            onCallPolicyEscalationRuleId:
+              options.onCallPolicyEscalationRuleId?.toString() || null,
+          },
+        });
+      }
+    }
+
     // send call.
     if (
       notificationRuleItem.userCall?.phone &&
@@ -2631,12 +2835,14 @@ export class Service extends DatabaseService<Model> {
       !createBy.data.userWhatsAppId &&
       !createBy.data.userTelegram &&
       !createBy.data.userTelegramId &&
+      !createBy.data.userWebhook &&
+      !createBy.data.userWebhookId &&
       !createBy.data.userEmailId &&
       !createBy.data.userPushId &&
       !createBy.data.userPush
     ) {
       throw new BadDataException(
-        "Call, SMS, WhatsApp, Telegram, Email, or Push notification is required",
+        "Call, SMS, WhatsApp, Telegram, Webhook, Email, or Push notification is required",
       );
     }
 
@@ -2701,6 +2907,9 @@ export class Service extends DatabaseService<Model> {
     if (descriptor.userTelegramId) {
       rule.userTelegramId = descriptor.userTelegramId;
     }
+    if (descriptor.userWebhookId) {
+      rule.userWebhookId = descriptor.userWebhookId;
+    }
     if (descriptor.userPushId) {
       rule.userPushId = descriptor.userPushId;
     }
@@ -2725,6 +2934,9 @@ export class Service extends DatabaseService<Model> {
     if (descriptor.userTelegramId) {
       query["userTelegramId"] = descriptor.userTelegramId;
     }
+    if (descriptor.userWebhookId) {
+      query["userWebhookId"] = descriptor.userWebhookId;
+    }
     if (descriptor.userPushId) {
       query["userPushId"] = descriptor.userPushId;
     }

package/Server/Services/UserNotificationSettingService.ts

@@ -12,7 +12,9 @@ import UserEmailService from "./UserEmailService";
 import UserSmsService from "./UserSmsService";
 import PushNotificationService from "./PushNotificationService";
 import UserTelegramService from "./UserTelegramService";
+import UserWebhookService from "./UserWebhookService";
 import UserWhatsAppService from "./UserWhatsAppService";
+import WebhookService from "./WebhookService";
 import WhatsAppService from "./WhatsAppService";
 import { CallRequestMessage } from "../../Types/Call/CallRequest";
 import { LIMIT_PER_PROJECT } from "../../Types/Database/LimitMax";
@@ -29,11 +31,13 @@ import TelegramMessage, {
 import WhatsAppMessage, {
   WhatsAppMessagePayload,
 } from "../../Types/WhatsApp/WhatsAppMessage";
+import { JSONObject } from "../../Types/JSON";
 import UserCall from "../../Models/DatabaseModels/UserCall";
 import UserEmail from "../../Models/DatabaseModels/UserEmail";
 import UserNotificationSetting from "../../Models/DatabaseModels/UserNotificationSetting";
 import UserSMS from "../../Models/DatabaseModels/UserSMS";
 import UserTelegram from "../../Models/DatabaseModels/UserTelegram";
+import UserWebhook from "../../Models/DatabaseModels/UserWebhook";
 import UserWhatsApp from "../../Models/DatabaseModels/UserWhatsApp";
 import CaptureSpan from "../Utils/Telemetry/CaptureSpan";
 import { appendRecipientToWhatsAppMessage } from "../Utils/WhatsAppTemplateUtil";
@@ -89,6 +93,7 @@ export class Service extends DatabaseService<UserNotificationSetting> {
           alertByTelegram: true,
           alertByCall: true,
           alertByPush: true,
+          alertByWebhook: true,
         },
         props: {
           isRoot: true,
@@ -425,6 +430,96 @@ export class Service extends DatabaseService<UserNotificationSetting> {
           logger.error(err);
         });
       }
+
+      if (notificationSettings.alertByWebhook) {
+        const userWebhooks: Array<UserWebhook> =
+          await UserWebhookService.findBy({
+            query: {
+              userId: data.userId,
+              projectId: data.projectId,
+            },
+            select: {
+              webhookUrl: true,
+              secret: true,
+              name: true,
+            },
+            limit: LIMIT_PER_PROJECT,
+            skip: 0,
+            props: {
+              isRoot: true,
+            },
+          });
+
+        const webhookPayload: JSONObject = {
+          eventType: data.eventType,
+          timestamp: new Date().toISOString(),
+          projectId: data.projectId.toString(),
+          userId: data.userId.toString(),
+          subject: data.emailEnvelope?.subject || "",
+          message: data.smsMessage?.message || "",
+        };
+
+        if (data.incidentId) {
+          webhookPayload["incidentId"] = data.incidentId.toString();
+        }
+        if (data.alertId) {
+          webhookPayload["alertId"] = data.alertId.toString();
+        }
+        if (data.monitorId) {
+          webhookPayload["monitorId"] = data.monitorId.toString();
+        }
+        if (data.scheduledMaintenanceId) {
+          webhookPayload["scheduledMaintenanceId"] =
+            data.scheduledMaintenanceId.toString();
+        }
+        if (data.statusPageId) {
+          webhookPayload["statusPageId"] = data.statusPageId.toString();
+        }
+        if (data.statusPageAnnouncementId) {
+          webhookPayload["statusPageAnnouncementId"] =
+            data.statusPageAnnouncementId.toString();
+        }
+        if (data.onCallPolicyId) {
+          webhookPayload["onCallPolicyId"] = data.onCallPolicyId.toString();
+        }
+        if (data.onCallPolicyEscalationRuleId) {
+          webhookPayload["onCallPolicyEscalationRuleId"] =
+            data.onCallPolicyEscalationRuleId.toString();
+        }
+
+        for (const userWebhook of userWebhooks) {
+          if (!userWebhook.webhookUrl) {
+            continue;
+          }
+
+          WebhookService.sendWebhook(
+            {
+              url: userWebhook.webhookUrl,
+              eventType: data.eventType,
+              payload: webhookPayload,
+              secret: userWebhook.secret,
+            },
+            {
+              projectId: data.projectId,
+              incidentId: data.incidentId,
+              alertId: data.alertId,
+              monitorId: data.monitorId,
+              scheduledMaintenanceId: data.scheduledMaintenanceId,
+              statusPageId: data.statusPageId,
+              statusPageAnnouncementId: data.statusPageAnnouncementId,
+              userId: data.userId,
+              teamId: data.teamId,
+              onCallPolicyId: data.onCallPolicyId,
+              onCallPolicyEscalationRuleId: data.onCallPolicyEscalationRuleId,
+              onCallDutyPolicyExecutionLogTimelineId:
+                data.onCallDutyPolicyExecutionLogTimelineId,
+              onCallScheduleId: data.onCallScheduleId,
+            },
+          ).catch((err: Error) => {
+            logger.error(err);
+          });
+        }
+      }
     }
   }
 

package/Server/Services/UserWebhookService.ts

@@ -0,0 +1,208 @@
+import CreateBy from "../Types/Database/CreateBy";
+import DeleteBy from "../Types/Database/DeleteBy";
+import { OnCreate, OnDelete } from "../Types/Database/Hooks";
+import DatabaseService from "./DatabaseService";
+import UserNotificationRuleService from "./UserNotificationRuleService";
+import LIMIT_MAX from "../../Types/Database/LimitMax";
+import BadDataException from "../../Types/Exception/BadDataException";
+import Model from "../../Models/DatabaseModels/UserWebhook";
+import URL from "../../Types/API/URL";
+import logger from "../Utils/Logger";
+import CaptureSpan from "../Utils/Telemetry/CaptureSpan";
+
+export class Service extends DatabaseService<Model> {
+  public constructor() {
+    super(Model);
+  }
+
+  @CaptureSpan()
+  protected override async onBeforeCreate(
+    createBy: CreateBy<Model>,
+  ): Promise<OnCreate<Model>> {
+    if (!createBy.data.webhookUrl) {
+      throw new BadDataException("Webhook URL is required");
+    }
+
+    if (!createBy.data.name) {
+      throw new BadDataException("Webhook name is required");
+    }
+
+    this.validateWebhookUrl(createBy.data.webhookUrl);
+
+    return {
+      createBy,
+      carryForward: null,
+    };
+  }
+
+  @CaptureSpan()
+  protected override async onCreateSuccess(
+    _onCreate: OnCreate<Model>,
+    createdItem: Model,
+  ): Promise<Model> {
+    /* Webhooks skip verification, so default on-call rules are seeded at create time. */
+    if (createdItem.projectId && createdItem.userId && createdItem.id) {
+      try {
+        await UserNotificationRuleService.addDefaultNotificationRulesForVerifiedMethod(
+          {
+            projectId: createdItem.projectId,
+            userId: createdItem.userId,
+            notificationMethod: {
+              userWebhookId: createdItem.id,
+            },
+          },
+        );
+      } catch (err) {
+        logger.error(err);
+      }
+    }
+
+    return createdItem;
+  }
+
+  @CaptureSpan()
+  protected override async onBeforeDelete(
+    deleteBy: DeleteBy<Model>,
+  ): Promise<OnDelete<Model>> {
+    const itemsToDelete: Array<Model> = await this.findBy({
+      query: deleteBy.query,
+      select: {
+        _id: true,
+        projectId: true,
+      },
+      skip: 0,
+      limit: LIMIT_MAX,
+      props: {
+        isRoot: true,
+      },
+    });
+
+    for (const item of itemsToDelete) {
+      await UserNotificationRuleService.deleteBy({
+        query: {
+          userWebhookId: item.id!,
+          projectId: item.projectId!,
+        },
+        limit: LIMIT_MAX,
+        skip: 0,
+        props: {
+          isRoot: true,
+        },
+      });
+    }
+
+    return {
+      deleteBy,
+      carryForward: null,
+    };
+  }
+
+  private validateWebhookUrl(rawUrl: string): void {
+    let parsed: URL;
+    try {
+      parsed = URL.fromString(rawUrl);
+    } catch {
+      throw new BadDataException("Webhook URL is not a valid URL");
+    }
+
+    const protocolValue: string = parsed.protocol.toString().toLowerCase();
+    if (protocolValue !== "http://" && protocolValue !== "https://") {
+      throw new BadDataException(
+        "Webhook URL must use http or https protocol.",
+      );
+    }
+
+    const hostname: string = parsed.hostname.hostname.toLowerCase();
+
+    if (!hostname) {
+      throw new BadDataException("Webhook URL must include a host.");
+    }
+
+    if (isBlockedHostnameLiteral(hostname)) {
+      throw new BadDataException(
+        "Webhook URL points to a private, loopback, or link-local address and is not allowed.",
+      );
+    }
+  }
+}
+
+function isBlockedHostnameLiteral(hostname: string): boolean {
+  if (
+    hostname === "localhost" ||
+    hostname.endsWith(".localhost") ||
+    hostname === "metadata.google.internal"
+  ) {
+    return true;
+  }
+
+  // IPv4 literal check
+  const ipv4Match: RegExpMatchArray | null = hostname.match(
+    /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/,
+  );
+  if (ipv4Match) {
+    const octets: Array<number> = [
+      Number(ipv4Match[1]),
+      Number(ipv4Match[2]),
+      Number(ipv4Match[3]),
+      Number(ipv4Match[4]),
+    ];
+
+    if (
+      octets.some((o: number) => {
+        return o < 0 || o > 255;
+      })
+    ) {
+      return true;
+    }
+
+    // 0.0.0.0/8
+    if (octets[0] === 0) {
+      return true;
+    }
+    // 127.0.0.0/8 loopback
+    if (octets[0] === 127) {
+      return true;
+    }
+    // 10.0.0.0/8
+    if (octets[0] === 10) {
+      return true;
+    }
+    // 172.16.0.0/12
+    if (octets[0] === 172 && (octets[1]! & 0xf0) === 16) {
+      return true;
+    }
+    // 192.168.0.0/16
+    if (octets[0] === 192 && octets[1] === 168) {
+      return true;
+    }
+    // 169.254.0.0/16 link-local (incl. cloud metadata)
+    if (octets[0] === 169 && octets[1] === 254) {
+      return true;
+    }
+    // 100.64.0.0/10 carrier-grade NAT
+    if (octets[0] === 100 && (octets[1]! & 0xc0) === 64) {
+      return true;
+    }
+    return false;
+  }
+
+  // IPv6 literal — block loopback, link-local, unique-local
+  if (hostname.includes(":")) {
+    const stripped: string = hostname.replace(/^\[|\]$/g, "");
+    if (stripped === "::1" || stripped === "::") {
+      return true;
+    }
+    if (stripped.startsWith("fe80:") || stripped.startsWith("fe80::")) {
+      return true;
+    }
+    if (IPV6_UNIQUE_LOCAL_REGEX.test(stripped)) {
+      return true;
+    }
+  }
+
+  return false;
+}
+
+const IPV6_UNIQUE_LOCAL_REGEX: RegExp = /^f[cd][0-9a-f]{2}:/;
+
+export default new Service();

package/Server/Services/WebhookLogService.ts

@@ -0,0 +1,15 @@
+import { IsBillingEnabled } from "../EnvironmentConfig";
+import DatabaseService from "./DatabaseService";
+import Model from "../../Models/DatabaseModels/WebhookLog";
+
+export class Service extends DatabaseService<Model> {
+  public constructor() {
+    super(Model);
+
+    if (IsBillingEnabled) {
+      this.hardDeleteItemsOlderThanInDays("createdAt", 3);
+    }
+  }
+}
+
+export default new Service();