mastodon-glitch/app/models/webhook.rb

# frozen_string_literal: true

# == Schema Information
#
# Table name: webhooks
#
#  id         :bigint(8)        not null, primary key
#  url        :string           not null
#  events     :string           default([]), not null, is an Array
#  secret     :string           default(""), not null
#  enabled    :boolean          default(TRUE), not null
#  created_at :datetime         not null
#  updated_at :datetime         not null
#  template   :text
#

class Webhook < ApplicationRecord
  EVENTS = %w(
    account.approved
    account.created
    account.updated
    report.created
    status.created
    status.updated
  ).freeze

  attr_writer :current_account

  scope :enabled, -> { where(enabled: true) }

  validates :url, presence: true, url: true
  validates :secret, presence: true, length: { minimum: 12 }
  validates :events, presence: true

  validate :validate_events
  validate :validate_permissions
  validate :validate_template

  before_validation :strip_events
  before_validation :generate_secret

  def rotate_secret!
    update!(secret: SecureRandom.hex(20))
  end

  def enable!
    update!(enabled: true)
  end

  def disable!
    update!(enabled: false)
  end

  def required_permissions
    events.map { |event| Webhook.permission_for_event(event) }
  end

  def self.permission_for_event(event)
    case event
    when 'account.approved', 'account.created', 'account.updated'
      :manage_users
    when 'report.created'
      :manage_reports
    when 'status.created', 'status.updated'
      :view_devops
    end
  end

  private

  def validate_events
    errors.add(:events, :invalid) if events.any? { |e| EVENTS.exclude?(e) }
  end

  def validate_permissions
    errors.add(:events, :invalid_permissions) if defined?(@current_account) && required_permissions.any? { |permission| !@current_account.user_role.can?(permission) }
  end

  def validate_template
    return if template.blank?

    begin
      parser = Webhooks::PayloadRenderer::TemplateParser.new
      parser.parse(template)
    rescue Parslet::ParseFailed
      errors.add(:template, :invalid)
    end
  end

  def strip_events
    self.events = events.filter_map { |str| str.strip.presence } if events.present?
  end

  def generate_secret
    self.secret = SecureRandom.hex(20) if secret.blank?
  end
end
Add administrative webhooks (#18510) * Add administrative webhooks * Fix error when webhook is deleted before delivery worker runs 2022-06-09 19:57:36 +00:00			`# frozen_string_literal: true`

			`# == Schema Information`
			`#`
			`# Table name: webhooks`
			`#`
			`# id :bigint(8) not null, primary key`
			`# url :string not null`
			`# events :string default([]), not null, is an Array`
			`# secret :string default(""), not null`
			`# enabled :boolean default(TRUE), not null`
			`# created_at :datetime not null`
			`# updated_at :datetime not null`
Add webhook templating (#23289) Co-authored-by: Claire <claire.github-309c@sitedethib.com> 2023-06-06 08:42:47 +00:00			`# template :text`
Add administrative webhooks (#18510) * Add administrative webhooks * Fix error when webhook is deleted before delivery worker runs 2022-06-09 19:57:36 +00:00			`#`

			`class Webhook < ApplicationRecord`
			`EVENTS = %w(`
Add webhook `account.approved` (#22938) * Webhook `account.approved` when preparing new user * Update Webhook.EVENTS 2023-01-05 12:29:49 +00:00			`account.approved`
Add administrative webhooks (#18510) * Add administrative webhooks * Fix error when webhook is deleted before delivery worker runs 2022-06-09 19:57:36 +00:00			`account.created`
Webhooks for local status.create, status.update, account.update (#24133) 2023-03-19 06:47:54 +00:00			`account.updated`
Add administrative webhooks (#18510) * Add administrative webhooks * Fix error when webhook is deleted before delivery worker runs 2022-06-09 19:57:36 +00:00			`report.created`
Webhooks for local status.create, status.update, account.update (#24133) 2023-03-19 06:47:54 +00:00			`status.created`
			`status.updated`
Add administrative webhooks (#18510) * Add administrative webhooks * Fix error when webhook is deleted before delivery worker runs 2022-06-09 19:57:36 +00:00			`).freeze`

Add finer permission requirements for managing webhooks (#25463) 2023-06-22 12:52:25 +00:00			`attr_writer :current_account`

Add administrative webhooks (#18510) * Add administrative webhooks * Fix error when webhook is deleted before delivery worker runs 2022-06-09 19:57:36 +00:00			`scope :enabled, -> { where(enabled: true) }`

			`validates :url, presence: true, url: true`
			`validates :secret, presence: true, length: { minimum: 12 }`
			`validates :events, presence: true`

			`validate :validate_events`
Add finer permission requirements for managing webhooks (#25463) 2023-06-22 12:52:25 +00:00			`validate :validate_permissions`
Add webhook templating (#23289) Co-authored-by: Claire <claire.github-309c@sitedethib.com> 2023-06-06 08:42:47 +00:00			`validate :validate_template`
Add administrative webhooks (#18510) * Add administrative webhooks * Fix error when webhook is deleted before delivery worker runs 2022-06-09 19:57:36 +00:00
			`before_validation :strip_events`
			`before_validation :generate_secret`

			`def rotate_secret!`
			`update!(secret: SecureRandom.hex(20))`
			`end`

			`def enable!`
			`update!(enabled: true)`
			`end`

			`def disable!`
			`update!(enabled: false)`
			`end`

Add finer permission requirements for managing webhooks (#25463) 2023-06-22 12:52:25 +00:00			`def required_permissions`
			`events.map { \|event\| Webhook.permission_for_event(event) }`
			`end`

			`def self.permission_for_event(event)`
			`case event`
			`when 'account.approved', 'account.created', 'account.updated'`
			`:manage_users`
			`when 'report.created'`
			`:manage_reports`
			`when 'status.created', 'status.updated'`
			`:view_devops`
			`end`
			`end`

Add administrative webhooks (#18510) * Add administrative webhooks * Fix error when webhook is deleted before delivery worker runs 2022-06-09 19:57:36 +00:00			`private`

			`def validate_events`
Add webhook templating (#23289) Co-authored-by: Claire <claire.github-309c@sitedethib.com> 2023-06-06 08:42:47 +00:00			`errors.add(:events, :invalid) if events.any? { \|e\| EVENTS.exclude?(e) }`
			`end`

Add finer permission requirements for managing webhooks (#25463) 2023-06-22 12:52:25 +00:00			`def validate_permissions`
			`errors.add(:events, :invalid_permissions) if defined?(@current_account) && required_permissions.any? { \|permission\| !@current_account.user_role.can?(permission) }`
			`end`

Add webhook templating (#23289) Co-authored-by: Claire <claire.github-309c@sitedethib.com> 2023-06-06 08:42:47 +00:00			`def validate_template`
			`return if template.blank?`

			`begin`
			`parser = Webhooks::PayloadRenderer::TemplateParser.new`
			`parser.parse(template)`
			`rescue Parslet::ParseFailed`
			`errors.add(:template, :invalid)`
			`end`
Add administrative webhooks (#18510) * Add administrative webhooks * Fix error when webhook is deleted before delivery worker runs 2022-06-09 19:57:36 +00:00			`end`

			`def strip_events`
Fix Performance/MapCompact cop (#24797) Co-authored-by: Claire <claire.github-309c@sitedethib.com> 2023-05-23 08:49:12 +00:00			`self.events = events.filter_map { \|str\| str.strip.presence } if events.present?`
Add administrative webhooks (#18510) * Add administrative webhooks * Fix error when webhook is deleted before delivery worker runs 2022-06-09 19:57:36 +00:00			`end`

			`def generate_secret`
			`self.secret = SecureRandom.hex(20) if secret.blank?`
			`end`
			`end`