discourse/app/models/web_hook.rb

# frozen_string_literal: true

class WebHook < ActiveRecord::Base
  has_and_belongs_to_many :web_hook_event_types
  has_and_belongs_to_many :groups
  has_and_belongs_to_many :categories
  has_and_belongs_to_many :tags

  has_many :web_hook_events, dependent: :destroy
  has_many :web_hook_events_daily_aggregates, dependent: :destroy

  default_scope { order("id ASC") }

  validates :payload_url, presence: true, format: URI.regexp(%w[http https])
  validates :secret, length: { minimum: 12 }, allow_blank: true
  validates_presence_of :content_type
  validates_presence_of :last_delivery_status
  validates_presence_of :web_hook_event_types, unless: :wildcard_web_hook?
  validate :ensure_payload_url_allowed, if: :payload_url_changed?

  before_save :strip_url

  def tag_names=(tag_names_arg)
    DiscourseTagging.add_or_create_tags_by_name(self, tag_names_arg, unlimited: true)
  end

  def self.content_types
    @content_types ||= Enum.new("application/json" => 1, "application/x-www-form-urlencoded" => 2)
  end

  def self.last_delivery_statuses
    @last_delivery_statuses ||= Enum.new(inactive: 1, failed: 2, successful: 3, disabled: 4)
  end

  def self.default_event_types
    WebHookEventType.where(
      id: [
        WebHookEventType::TYPES[:post_created],
        WebHookEventType::TYPES[:post_edited],
        WebHookEventType::TYPES[:post_destroyed],
        WebHookEventType::TYPES[:post_recovered],
      ],
    )
  end

  def strip_url
    self.payload_url = (payload_url || "").strip.presence
  end

  EVENT_NAME_TO_EVENT_TYPE_MAP = {
    /\Atopic_\w+_status_updated\z/ => "topic_edited",
    "reviewable_score_updated" => "reviewable_updated",
    "reviewable_transitioned_to" => "reviewable_updated",
  }

  def self.translate_event_name_to_type(event_name)
    EVENT_NAME_TO_EVENT_TYPE_MAP.each do |key, value|
      if key.is_a?(Regexp)
        return value if event_name.to_s =~ key
      else
        return value if event_name.to_s == key
      end
    end
    event_name.to_s
  end

  def self.active_web_hooks(event)
    event_type = translate_event_name_to_type(event)

    WebHook
      .where(active: true)
      .joins(:web_hook_event_types)
      .where("web_hooks.wildcard_web_hook = ? OR web_hook_event_types.name = ?", true, event_type)
      .distinct
  end

  def self.enqueue_hooks(type, event, opts = {})
    active_web_hooks(event).each do |web_hook|
      Jobs.enqueue(
        :emit_web_hook_event,
        opts.merge(web_hook_id: web_hook.id, event_name: event.to_s, event_type: type.to_s),
      )
    end
  end

  def self.enqueue_object_hooks(type, object, event, serializer = nil, opts = {})
    if active_web_hooks(event).exists?
      payload = WebHook.generate_payload(type, object, serializer)

      WebHook.enqueue_hooks(type, event, opts.merge(id: object.id, payload: payload))
    end
  end

  def self.enqueue_topic_hooks(event, topic, payload = nil)
    if active_web_hooks(event).exists? && topic.present?
      payload ||=
        begin
          topic_view = TopicView.new(topic.id, Discourse.system_user, skip_staff_action: true)
          WebHook.generate_payload(:topic, topic_view, WebHookTopicViewSerializer)
        end

      WebHook.enqueue_hooks(
        :topic,
        event,
        id: topic.id,
        category_id: topic.category_id,
        tag_ids: topic.tags.pluck(:id),
        payload: payload,
      )
    end
  end

  def self.enqueue_post_hooks(event, post, payload = nil)
    if active_web_hooks(event).exists? && post.present?
      payload ||= WebHook.generate_payload(:post, post)

      WebHook.enqueue_hooks(
        :post,
        event,
        id: post.id,
        category_id: post.topic&.category_id,
        tag_ids: post.topic&.tags&.pluck(:id),
        payload: payload,
      )
    end
  end

  def self.generate_payload(type, object, serializer = nil)
    serializer ||= TagSerializer if type == :tag
    serializer ||= "WebHook#{type.capitalize}Serializer".constantize

    serializer.new(object, scope: self.guardian, root: false).to_json
  end

  private

  def self.guardian
    Guardian.new(Discourse.system_user)
  end

  # This check is to improve UX
  # IPs are re-checked at request time
  def ensure_payload_url_allowed
    return if payload_url.blank?
    uri = URI(payload_url.strip)

    allowed =
      begin
        FinalDestination::SSRFDetector.lookup_and_filter_ips(uri.hostname).present?
      rescue FinalDestination::SSRFDetector::DisallowedIpError
        false
      end

    self.errors.add(:base, I18n.t("webhooks.payload_url.blocked_or_internal")) if !allowed
  end
end

# == Schema Information
#
# Table name: web_hooks
#
#  id                   :integer          not null, primary key
#  payload_url          :string           not null
#  content_type         :integer          default(1), not null
#  last_delivery_status :integer          default(1), not null
#  status               :integer          default(1), not null
#  secret               :string           default("")
#  wildcard_web_hook    :boolean          default(FALSE), not null
#  verify_certificate   :boolean          default(TRUE), not null
#  active               :boolean          default(FALSE), not null
#  created_at           :datetime         not null
#  updated_at           :datetime         not null
#
DEV: enable frozen string literal on all files This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging 2019-05-02 18:17:27 -04:00			`# frozen_string_literal: true`

FEATURE: Webhooks. 2016-06-15 13:49:57 -04:00			`class WebHook < ActiveRecord::Base`
			`has_and_belongs_to_many :web_hook_event_types`
			`has_and_belongs_to_many :groups`
			`has_and_belongs_to_many :categories`
FEATURE: Filter topic and post web hook events by tags (#6726) * FEATURE: Filter topic and post web hook events by tags * Add a spec test with unmatched tags 2018-12-05 04:14:06 -05:00			`has_and_belongs_to_many :tags`
FEATURE: Webhooks. 2016-06-15 13:49:57 -04:00
			`has_many :web_hook_events, dependent: :destroy`
FEATURE: Add WebHookEventsDailyAggregate (#27542) * FEATURE: Add WebHookEventsDailyAggregate Add WebHookEventsDailyAggregate model to store daily aggregates of web hook events. Add AggregateWebHooksEvents job to aggregate web hook events daily. Add spec for WebHookEventsDailyAggregate model. * DEV: Update annotations for web_hook_events_daily_aggregate.rb * DEV: Update app/jobs/scheduled/aggregate_web_hooks_events.rb Co-authored-by: Martin Brennan <martin@discourse.org> * DEV: Address review feedback Solves: - https://github.com/discourse/discourse/pull/27542#discussion_r1646961101 - https://github.com/discourse/discourse/pull/27542#discussion_r1646958890 - https://github.com/discourse/discourse/pull/27542#discussion_r1646976808 - https://github.com/discourse/discourse/pull/27542#discussion_r1646979846 - https://github.com/discourse/discourse/pull/27542#discussion_r1646981036 * A11Y: Add translation to retain_web_hook_events_aggregate_days key * FEATURE: Purge old web hook events daily aggregate Solves: https://github.com/discourse/discourse/pull/27542#discussion_r1646961101 * DEV: Update tests for web_hook_events_daily_aggregate Update WebHookEventsDailyAggregate to not use save! at the end Solves: https://github.com/discourse/discourse/pull/27542#discussion_r1646984601 * PERF: Change job query to use WebHook table instead of WebHookEvent table * DEV: Update tests to use `fab!` * DEV: Address code review feedback. Add idempotency to job Add has_many to WebHook * DEV: add test case for job and change job query * DEV: Change AggregateWebHooksEvents job test name --------- Co-authored-by: Martin Brennan <martin@discourse.org> 2024-06-25 12:56:47 -04:00			`has_many :web_hook_events_daily_aggregates, dependent: :destroy`
FEATURE: Webhooks. 2016-06-15 13:49:57 -04:00
			`default_scope { order("id ASC") }`

			`validates :payload_url, presence: true, format: URI.regexp(%w[http https])`
			`validates :secret, length: { minimum: 12 }, allow_blank: true`
			`validates_presence_of :content_type`
			`validates_presence_of :last_delivery_status`
			`validates_presence_of :web_hook_event_types, unless: :wildcard_web_hook?`
SECURITY: Expand and improve SSRF Protections (#18815) See https://github.com/discourse/discourse/security/advisories/GHSA-rcc5-28r3-23rr Co-authored-by: OsamaSayegh <asooomaasoooma90@gmail.com> Co-authored-by: Daniel Waterworth <me@danielwaterworth.com> 2022-11-01 12:33:17 -04:00			`validate :ensure_payload_url_allowed, if: :payload_url_changed?`
FEATURE: Webhooks. 2016-06-15 13:49:57 -04:00
FIX: strip webhook payload_url 2017-12-11 03:15:50 -05:00			`before_save :strip_url`

FEATURE: Filter topic and post web hook events by tags (#6726) * FEATURE: Filter topic and post web hook events by tags * Add a spec test with unmatched tags 2018-12-05 04:14:06 -05:00			`def tag_names=(tag_names_arg)`
			`DiscourseTagging.add_or_create_tags_by_name(self, tag_names_arg, unlimited: true)`
			`end`

FEATURE: Webhooks. 2016-06-15 13:49:57 -04:00			`def self.content_types`
			`@content_types \|\|= Enum.new("application/json" => 1, "application/x-www-form-urlencoded" => 2)`
			`end`

			`def self.last_delivery_statuses`
			`@last_delivery_statuses \|\|= Enum.new(inactive: 1, failed: 2, successful: 3, disabled: 4)`
			`end`

			`def self.default_event_types`
FEATURE: granular webhooks (#23070) Before this change, webhooks could be only configured for specific groups like for example, all topic events. We would like to have more granular control like for example topic_created or topic_destroyed. Test are failing because plugins changed has to be merged as well: discourse/discourse-assign#498 discourse/discourse-solved#248 discourse/discourse-topic-voting#159 2023-10-08 23:35:31 -04:00			`WebHookEventType.where(`
			`id: [`
			`WebHookEventType::TYPES[:post_created],`
			`WebHookEventType::TYPES[:post_edited],`
			`WebHookEventType::TYPES[:post_destroyed],`
			`WebHookEventType::TYPES[:post_recovered],`
			`],`
			`)`
FEATURE: Webhooks. 2016-06-15 13:49:57 -04:00			`end`

FIX: Payload for webhooks should be current as of the time the event was triggered. https://meta.discourse.org/t/group-category-tag-user-deleted-webhooks-not-firing/87752 2018-05-21 04:23:09 -04:00			`def strip_url`
			`self.payload_url = (payload_url \|\| "").strip.presence`
			`end`

FEATURE: granular webhooks (#23070) Before this change, webhooks could be only configured for specific groups like for example, all topic events. We would like to have more granular control like for example topic_created or topic_destroyed. Test are failing because plugins changed has to be merged as well: discourse/discourse-assign#498 discourse/discourse-solved#248 discourse/discourse-topic-voting#159 2023-10-08 23:35:31 -04:00			`EVENT_NAME_TO_EVENT_TYPE_MAP = {`
			`/\Atopic_\w+_status_updated\z/ => "topic_edited",`
			`"reviewable_score_updated" => "reviewable_updated",`
			`"reviewable_transitioned_to" => "reviewable_updated",`
			`}`

			`def self.translate_event_name_to_type(event_name)`
			`EVENT_NAME_TO_EVENT_TYPE_MAP.each do \|key, value\|`
			`if key.is_a?(Regexp)`
			`return value if event_name.to_s =~ key`
			`else`
			`return value if event_name.to_s == key`
			`end`
			`end`
			`event_name.to_s`
			`end`

			`def self.active_web_hooks(event)`
			`event_type = translate_event_name_to_type(event)`

FEATURE: Webhooks. 2016-06-15 13:49:57 -04:00			`WebHook`
			`.where(active: true)`
			`.joins(:web_hook_event_types)`
FEATURE: granular webhooks (#23070) Before this change, webhooks could be only configured for specific groups like for example, all topic events. We would like to have more granular control like for example topic_created or topic_destroyed. Test are failing because plugins changed has to be merged as well: discourse/discourse-assign#498 discourse/discourse-solved#248 discourse/discourse-topic-voting#159 2023-10-08 23:35:31 -04:00			`.where("web_hooks.wildcard_web_hook = ? OR web_hook_event_types.name = ?", true, event_type)`
PERF: Select distinct active web hooks at the db level. 2018-05-24 02:56:40 -04:00			`.distinct`
FEATURE: Webhooks. 2016-06-15 13:49:57 -04:00			`end`

FIX: Generate webhook payloads before destroy events (#6325) 2018-10-05 04:53:59 -04:00			`def self.enqueue_hooks(type, event, opts = {})`
FEATURE: granular webhooks (#23070) Before this change, webhooks could be only configured for specific groups like for example, all topic events. We would like to have more granular control like for example topic_created or topic_destroyed. Test are failing because plugins changed has to be merged as well: discourse/discourse-assign#498 discourse/discourse-solved#248 discourse/discourse-topic-voting#159 2023-10-08 23:35:31 -04:00			`active_web_hooks(event).each do \|web_hook\|`
FIX: Payload for webhooks should be current as of the time the event was triggered. https://meta.discourse.org/t/group-category-tag-user-deleted-webhooks-not-firing/87752 2018-05-21 04:23:09 -04:00			`Jobs.enqueue(`
			`:emit_web_hook_event,`
FIX: Generate webhook payloads before destroy events (#6325) 2018-10-05 04:53:59 -04:00			`opts.merge(web_hook_id: web_hook.id, event_name: event.to_s, event_type: type.to_s),`
FIX: Payload for webhooks should be current as of the time the event was triggered. https://meta.discourse.org/t/group-category-tag-user-deleted-webhooks-not-firing/87752 2018-05-21 04:23:09 -04:00			`)`
FEATURE: Webhooks. 2016-06-15 13:49:57 -04:00			`end`
			`end`

FEATURE: add support for like webhooks (#12917) * FEATURE: add support for like webhooks Add support for like webhooks. Webhook events only send on user membership in the defined webhook group filters. This also fixes group webhook events, as before this was never used, and the logic was not correct. 2021-04-30 20:08:38 -04:00			`def self.enqueue_object_hooks(type, object, event, serializer = nil, opts = {})`
FEATURE: granular webhooks (#23070) Before this change, webhooks could be only configured for specific groups like for example, all topic events. We would like to have more granular control like for example topic_created or topic_destroyed. Test are failing because plugins changed has to be merged as well: discourse/discourse-assign#498 discourse/discourse-solved#248 discourse/discourse-topic-voting#159 2023-10-08 23:35:31 -04:00			`if active_web_hooks(event).exists?`
FIX: Generate webhook payloads before destroy events (#6325) 2018-10-05 04:53:59 -04:00			`payload = WebHook.generate_payload(type, object, serializer)`

FEATURE: add support for like webhooks (#12917) * FEATURE: add support for like webhooks Add support for like webhooks. Webhook events only send on user membership in the defined webhook group filters. This also fixes group webhook events, as before this was never used, and the logic was not correct. 2021-04-30 20:08:38 -04:00			`WebHook.enqueue_hooks(type, event, opts.merge(id: object.id, payload: payload))`
FIX: Payload for webhooks should be current as of the time the event was triggered. https://meta.discourse.org/t/group-category-tag-user-deleted-webhooks-not-firing/87752 2018-05-21 04:23:09 -04:00			`end`
FEATURE: Webhooks. 2016-06-15 13:49:57 -04:00			`end`

FIX: post & topic destroyed hooks not triggering with tag filter 2019-03-06 12:22:54 -05:00			`def self.enqueue_topic_hooks(event, topic, payload = nil)`
FEATURE: granular webhooks (#23070) Before this change, webhooks could be only configured for specific groups like for example, all topic events. We would like to have more granular control like for example topic_created or topic_destroyed. Test are failing because plugins changed has to be merged as well: discourse/discourse-assign#498 discourse/discourse-solved#248 discourse/discourse-topic-voting#159 2023-10-08 23:35:31 -04:00			`if active_web_hooks(event).exists? && topic.present?`
FIX: post & topic destroyed hooks not triggering with tag filter 2019-03-06 12:22:54 -05:00			`payload \|\|=`
			`begin`
FIX: Do not log 'personal message view' when sending webhook (#21375) Similar to the issue resolved by 3b55de90e5 2023-05-04 05:15:31 -04:00			`topic_view = TopicView.new(topic.id, Discourse.system_user, skip_staff_action: true)`
FIX: post & topic destroyed hooks not triggering with tag filter 2019-03-06 12:22:54 -05:00			`WebHook.generate_payload(:topic, topic_view, WebHookTopicViewSerializer)`
			`end`
DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 07:20:10 -05:00
FIX: Generate webhook payloads before destroy events (#6325) 2018-10-05 04:53:59 -04:00			`WebHook.enqueue_hooks(`
			`:topic,`
			`event,`
			`id: topic.id,`
DEV: remove unnecessary safe nav operators (#6730) 2018-12-05 09:37:18 -05:00			`category_id: topic.category_id,`
			`tag_ids: topic.tags.pluck(:id),`
FIX: Generate webhook payloads before destroy events (#6325) 2018-10-05 04:53:59 -04:00			`payload: payload,`
FIX: Don't enqueue web hooks inside a deferred queue. * The deferred queue is meant for short lived jobs and does not guarantee execution. We need to ensure that web hooks are always run. 2018-05-24 03:01:46 -04:00			`)`
FIX: Payload for webhooks should be current as of the time the event was triggered. https://meta.discourse.org/t/group-category-tag-user-deleted-webhooks-not-firing/87752 2018-05-21 04:23:09 -04:00			`end`
FIX: missing post and topic edited webhooks 2016-11-04 16:16:30 -04:00			`end`
FIX: strip webhook payload_url 2017-12-11 03:15:50 -05:00
FIX: post & topic destroyed hooks not triggering with tag filter 2019-03-06 12:22:54 -05:00			`def self.enqueue_post_hooks(event, post, payload = nil)`
FEATURE: granular webhooks (#23070) Before this change, webhooks could be only configured for specific groups like for example, all topic events. We would like to have more granular control like for example topic_created or topic_destroyed. Test are failing because plugins changed has to be merged as well: discourse/discourse-assign#498 discourse/discourse-solved#248 discourse/discourse-topic-voting#159 2023-10-08 23:35:31 -04:00			`if active_web_hooks(event).exists? && post.present?`
FIX: post & topic destroyed hooks not triggering with tag filter 2019-03-06 12:22:54 -05:00			`payload \|\|= WebHook.generate_payload(:post, post)`
FIX: Generate webhook payloads before destroy events (#6325) 2018-10-05 04:53:59 -04:00
			`WebHook.enqueue_hooks(`
			`:post,`
			`event,`
			`id: post.id,`
DEV: remove unnecessary safe nav operators (#6730) 2018-12-05 09:37:18 -05:00			`category_id: post.topic&.category_id,`
			`tag_ids: post.topic&.tags&.pluck(:id),`
FIX: Generate webhook payloads before destroy events (#6325) 2018-10-05 04:53:59 -04:00			`payload: payload,`
FIX: Don't enqueue web hooks inside a deferred queue. * The deferred queue is meant for short lived jobs and does not guarantee execution. We need to ensure that web hooks are always run. 2018-05-24 03:01:46 -04:00			`)`
FIX: Payload for webhooks should be current as of the time the event was triggered. https://meta.discourse.org/t/group-category-tag-user-deleted-webhooks-not-firing/87752 2018-05-21 04:23:09 -04:00			`end`
FIX: strip webhook payload_url 2017-12-11 03:15:50 -05:00			`end`
FIX: Payload for webhooks should be current as of the time the event was triggered. https://meta.discourse.org/t/group-category-tag-user-deleted-webhooks-not-firing/87752 2018-05-21 04:23:09 -04:00
FIX: Generate webhook payloads before destroy events (#6325) 2018-10-05 04:53:59 -04:00			`def self.generate_payload(type, object, serializer = nil)`
			`serializer \|\|= TagSerializer if type == :tag`
			`serializer \|\|= "WebHook#{type.capitalize}Serializer".constantize`

			`serializer.new(object, scope: self.guardian, root: false).to_json`
			`end`

FIX: Payload for webhooks should be current as of the time the event was triggered. https://meta.discourse.org/t/group-category-tag-user-deleted-webhooks-not-firing/87752 2018-05-21 04:23:09 -04:00			`private`

			`def self.guardian`
FIX: Ensure UserField changes are reflected instantly in webhooks (#12291) The Guardian object memoizes a list of allowed user fields. Normally this is fine because Guardian objects only persist for a single request. However, the WebHook class was memoizing a guardian at the class level. This meant that an app restart was required for changes to be reflected. Plus, the Guardian was being shared across all sites in a multisite instance. Initializing a guardian is cheap, so we can manage without memoization here. 2021-03-04 16:41:57 -05:00			`Guardian.new(Discourse.system_user)`
FIX: Payload for webhooks should be current as of the time the event was triggered. https://meta.discourse.org/t/group-category-tag-user-deleted-webhooks-not-firing/87752 2018-05-21 04:23:09 -04:00			`end`
SECURITY: Expand and improve SSRF Protections (#18815) See https://github.com/discourse/discourse/security/advisories/GHSA-rcc5-28r3-23rr Co-authored-by: OsamaSayegh <asooomaasoooma90@gmail.com> Co-authored-by: Daniel Waterworth <me@danielwaterworth.com> 2022-11-01 12:33:17 -04:00
			`# This check is to improve UX`
			`# IPs are re-checked at request time`
			`def ensure_payload_url_allowed`
			`return if payload_url.blank?`
			`uri = URI(payload_url.strip)`

			`allowed =`
			`begin`
			`FinalDestination::SSRFDetector.lookup_and_filter_ips(uri.hostname).present?`
			`rescue FinalDestination::SSRFDetector::DisallowedIpError`
			`false`
			`end`

			`self.errors.add(:base, I18n.t("webhooks.payload_url.blocked_or_internal")) if !allowed`
			`end`
FEATURE: Webhooks. 2016-06-15 13:49:57 -04:00			`end`

			`# == Schema Information`
			`#`
			`# Table name: web_hooks`
			`#`
			`# id :integer not null, primary key`
			`# payload_url :string not null`
			`# content_type :integer default(1), not null`
			`# last_delivery_status :integer default(1), not null`
annotate models 2016-10-31 05:32:11 -04:00			`# status :integer default(1), not null`
FEATURE: Webhooks. 2016-06-15 13:49:57 -04:00			`# secret :string default("")`
			`# wildcard_web_hook :boolean default(FALSE), not null`
			`# verify_certificate :boolean default(TRUE), not null`
			`# active :boolean default(FALSE), not null`
FIX: Previous annotations were broken 2019-01-11 14:29:56 -05:00			`# created_at :datetime not null`
			`# updated_at :datetime not null`
FEATURE: Webhooks. 2016-06-15 13:49:57 -04:00			`#`