feat: webhooks (#604)

- Option to register a webhook endpoints via "/admin/webhook" API - Each webhook is signed by a secret autogenerated when the webhook is created Signed-off-by: Kush Sharma <[email protected]>
raystack · May 4, 2024 · 86da957 · 86da957
1 parent c000137
commit 86da957
Show file tree

Hide file tree

Showing 38 changed files with 5,758 additions and 738 deletions.
diff --git a/Makefile b/Makefile
@@ -2,9 +2,9 @@ GOVERSION := $(shell go version | cut -d ' ' -f 3 | cut -d '.' -f 2)
 NAME=github.com/raystack/frontier
 TAG := $(shell git rev-list --tags --max-count=1)
 VERSION := $(shell git describe --tags ${TAG})
-.PHONY: build check fmt lint test test-race vet test-cover-html help install proto ui
+.PHONY: build check fmt lint test test-race vet test-cover-html help install proto ui compose-up-dev
 .DEFAULT_GOAL := build
-PROTON_COMMIT := "acaad106cbc6ee1517eab2eecf8337b5c2d690ec"
+PROTON_COMMIT := "608c3ccfe2f66db16bb82877037bc1edff795c63"
 
 ui:
 	@echo " > generating ui build"

diff --git a/cmd/serve.go b/cmd/serve.go
@@ -11,6 +11,8 @@ import (
 	"syscall"
 	"time"
 
+	"github.com/raystack/frontier/core/webhook"
+
 	"github.com/raystack/frontier/core/event"
 
 	"github.com/stripe/stripe-go/v75"
@@ -449,7 +451,12 @@ func buildAPIDependencies(
 	eventChannel := make(chan audit.Log, 0)
 	logPublisher := event.NewChanPublisher(eventChannel)
 	logListener := event.NewChanListener(eventChannel, eventProcessor)
-	auditService := audit.NewService("frontier", auditRepository, audit.WithLogPublisher(logPublisher))
+
+	webhookService := webhook.NewService(postgres.NewWebhookEndpointRepository(dbc, []byte(cfg.App.Webhook.EncryptionKey)))
+	auditService := audit.NewService("frontier",
+		auditRepository, webhookService,
+		audit.WithLogPublisher(logPublisher),
+	)
 
 	dependencies := api.Deps{
 		OrgService:          organizationService,
@@ -482,6 +489,7 @@ func buildAPIDependencies(
 		UsageService:        usageService,
 		InvoiceService:      invoiceService,
 		LogListener:         logListener,
+		WebhookService:      webhookService,
 	}
 	return dependencies, nil
 }

diff --git a/core/audit/context.go b/core/audit/context.go
@@ -11,7 +11,7 @@ import (
 func GetService(ctx context.Context) *Service {
 	u, ok := ctx.Value(consts.AuditServiceContextKey).(*Service)
 	if !ok {
-		return NewService("default", NewNoopRepository())
+		return NewService("default", NewNoopRepository(), NewNoopWebhookService())
 	}
 	return u
 }

diff --git a/core/audit/noop_repository.go b/core/audit/noop_repository.go
@@ -2,6 +2,8 @@ package audit
 
 import (
 	"context"
+
+	"github.com/raystack/frontier/core/webhook"
 )
 
 type NoopRepository struct{}
@@ -21,3 +23,13 @@ func (r NoopRepository) List(ctx context.Context, filter Filter) ([]Log, error)
 func (r NoopRepository) GetByID(ctx context.Context, s string) (Log, error) {
 	return Log{}, nil
 }
+
+type NoopWebhookService struct{}
+
+func NewNoopWebhookService() *NoopWebhookService {
+	return &NoopWebhookService{}
+}
+
+func (s NoopWebhookService) Publish(ctx context.Context, e webhook.Event) error {
+	return nil
+}
diff --git a/core/audit/service.go b/core/audit/service.go
@@ -2,6 +2,9 @@ package audit
 
 import (
 	"context"
+
+	"github.com/google/uuid"
+	"github.com/raystack/frontier/core/webhook"
 )
 
 type Repository interface {
@@ -14,6 +17,10 @@ type Publisher interface {
 	Publish(context.Context, Log)
 }
 
+type WebhookService interface {
+	Publish(ctx context.Context, e webhook.Event) error
+}
+
 type Option func(*Service)
 
 func WithMetadataExtractor(fn func(context.Context) (map[string]string, bool)) Option {
@@ -35,20 +42,22 @@ func WithLogPublisher(p Publisher) Option {
 }
 
 type Service struct {
-	source     string
-	repository Repository
-	publisher  Publisher
+	source         string
+	repository     Repository
+	publisher      Publisher
+	webhookService WebhookService
 
 	actorExtractor    func(context.Context) (Actor, bool)
 	metadataExtractor func(context.Context) (map[string]string, bool)
 }
 
-func NewService(source string, repository Repository, opts ...Option) *Service {
+func NewService(source string, repository Repository, webhookService WebhookService, opts ...Option) *Service {
 	svc := &Service{
 		source:            source,
 		repository:        repository,
 		actorExtractor:    defaultActorExtractor,
 		metadataExtractor: defaultMetadataExtractor,
+		webhookService:    webhookService,
 	}
 	for _, o := range opts {
 		o(svc)
@@ -57,13 +66,25 @@ func NewService(source string, repository Repository, opts ...Option) *Service {
 }
 
 func (s *Service) Create(ctx context.Context, l *Log) error {
+	if l.ID == "" {
+		l.ID = uuid.NewString()
+	}
 	err := s.repository.Create(ctx, l)
 	if err != nil {
 		return err
 	}
+
 	if s.publisher != nil {
 		s.publisher.Publish(ctx, *l)
 	}
+	if err := s.webhookService.Publish(ctx, webhook.Event{
+		ID:        l.ID,
+		Action:    l.Action,
+		Data:      TransformToEventData(l),
+		CreatedAt: l.CreatedAt,
+	}); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -74,3 +95,37 @@ func (s *Service) List(ctx context.Context, flt Filter) ([]Log, error) {
 func (s *Service) GetByID(ctx context.Context, id string) (Log, error) {
 	return s.repository.GetByID(ctx, id)
 }
+
+func TransformToEventData(l *Log) map[string]interface{} {
+	anyMap := make(map[string]any)
+	for k, v := range l.Metadata {
+		anyMap[k] = v
+	}
+	result := map[string]any{
+		"target": map[string]any{},
+		"actor":  map[string]any{},
+	}
+	if l.Target.Name != "" {
+		result["target"].(map[string]any)["name"] = l.Target.Name
+	}
+	if l.Target.ID != "" {
+		result["target"].(map[string]any)["id"] = l.Target.ID
+	}
+	if l.Target.Type != "" {
+		result["target"].(map[string]any)["type"] = l.Target.Type
+	}
+	if l.Actor.Name != "" {
+		result["actor"].(map[string]any)["name"] = l.Actor.Name
+	}
+	if l.Actor.ID != "" {
+		result["actor"].(map[string]any)["id"] = l.Actor.ID
+	}
+	if l.Actor.Type != "" {
+		result["actor"].(map[string]any)["type"] = l.Actor.Type
+	}
+	if l.Source != "" {
+		result["source"] = l.Source
+	}
+	result["metadata"] = anyMap
+	return result
+}
diff --git a/core/audit/service_test.go b/core/audit/service_test.go
@@ -0,0 +1,119 @@
+package audit
+
+import (
+	"testing"
+	"time"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/mitchellh/mapstructure"
+	"github.com/stretchr/testify/assert"
+	"google.golang.org/protobuf/types/known/structpb"
+)
+
+func TestStructPB(t *testing.T) {
+	input := make(map[string]interface{})
+	input["key"] = "value"
+	input["data"] = map[string]interface{}{
+		"key2": "value2",
+	}
+
+	result, err := structpb.NewStruct(input)
+	assert.NoError(t, err)
+	assert.NotNil(t, result)
+
+	// map of string fails
+	input["data2"] = map[string]string{
+		"key3": "value3",
+	}
+	_, err = structpb.NewStruct(input)
+	assert.Error(t, err)
+	delete(input, "data2")
+
+	now := time.Now()
+	logDecoded := map[string]interface{}{}
+	err = mapstructure.Decode(&Log{
+		Source: "source",
+		Target: Target{
+			ID:   "target-id",
+			Type: "target-type",
+		},
+		Actor: Actor{
+			ID:   "actor-id",
+			Type: "actor-type",
+			Name: "actor-name",
+		},
+		Metadata:  map[string]string{},
+		Action:    "action",
+		ID:        "id",
+		CreatedAt: now,
+	}, &logDecoded)
+	assert.NoError(t, err)
+	assert.NotNil(t, logDecoded)
+}
+
+func TestTransformToEventData(t *testing.T) {
+	now := time.Now()
+	type args struct {
+		l *Log
+	}
+	tests := []struct {
+		name string
+		args args
+		want map[string]interface{}
+	}{
+		{
+			name: "should decode everything except metadata",
+			args: args{
+				l: &Log{
+					Source: "source",
+					Target: Target{
+						ID:   "target-id",
+						Type: "target-type",
+					},
+					Actor: Actor{
+						ID:   "actor-id",
+						Type: "actor-type",
+						Name: "actor-name",
+					},
+					Metadata:  map[string]string{},
+					Action:    "action",
+					ID:        "id",
+					CreatedAt: now,
+				},
+			},
+			want: map[string]interface{}{
+				"source":   "source",
+				"target":   map[string]any{"id": "target-id", "type": "target-type"},
+				"actor":    map[string]any{"id": "actor-id", "type": "actor-type", "name": "actor-name"},
+				"metadata": map[string]any{},
+			},
+		},
+		{
+			name: "should decode metadata correctly",
+			args: args{
+				l: &Log{
+					Source: "source",
+					Metadata: map[string]string{
+						"key": "value",
+					},
+				},
+			},
+			want: map[string]interface{}{
+				"source": "source",
+				"actor":  map[string]any{},
+				"target": map[string]any{},
+				"metadata": map[string]any{
+					"key": "value",
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := TransformToEventData(tt.args.l)
+			if diff := cmp.Diff(tt.want, got); diff != "" {
+				t.Errorf("TransformToEventData() mismatch (-want +got):\n%s", diff)
+			}
+		})
+	}
+}
diff --git a/core/serviceuser/service.go b/core/serviceuser/service.go
@@ -289,9 +289,6 @@ func (s Service) CreateToken(ctx context.Context, credential Credential) (Token,
 		return Token{}, err
 	}
 
-	// encode cred val to hex bytes
-	credVal := hex.EncodeToString(secretBytes)
-
 	// Hash the random bytes using SHA3-256
 	hash := sha3.Sum256(secretBytes)
 	credential.SecretHash = hex.EncodeToString(hash[:])
@@ -302,6 +299,8 @@ func (s Service) CreateToken(ctx context.Context, credential Credential) (Token,
 		return Token{}, err
 	}
 
+	// encode cred val to hex bytes
+	credVal := hex.EncodeToString(secretBytes)
 	return Token{
 		ID:        createdCred.ID,
 		Title:     createdCred.Title,

diff --git a/core/webhook/config.go b/core/webhook/config.go
@@ -0,0 +1,5 @@
+package webhook
+
+type Config struct {
+	EncryptionKey string `yaml:"encryption_key" mapstructure:"encryption_key" default:"hash-secret-should-be-32-chars--"`
+}
diff --git a/core/webhook/errors.go b/core/webhook/errors.go
@@ -0,0 +1,11 @@
+package webhook
+
+import "errors"
+
+var (
+	ErrNotFound      = errors.New("webhook doesn't exist")
+	ErrInvalidDetail = errors.New("invalid webhook details")
+	ErrConflict      = errors.New("webhook already exist")
+	ErrInvalidUUID   = errors.New("invalid syntax of uuid")
+	ErrDisabled      = errors.New("webhook is disabled")
+)