CSEC_PUBLIC/catalyst
1
0
Fork 0
mirror of https://github.com/SecurityBrewery/catalyst.git synced 2026-01-03 04:45:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: add reactions (#1074)

Browse Source
This commit is contained in:
Jonas Plum
2024-07-20 06:39:02 +02:00
committed by GitHub
parent 82ad50d228
commit e2c8f1d223
78 changed files with 3270 additions and 257 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
reaction/trigger/hook/hook.go Normal file
View File

@@ -0,0 +1,103 @@
package hook
import (
"encoding/json"
"fmt"
"slices"
"github.com/labstack/echo/v5"
"github.com/pocketbase/dbx"
"github.com/pocketbase/pocketbase/apis"
"github.com/pocketbase/pocketbase/core"
"github.com/pocketbase/pocketbase/daos"
"github.com/pocketbase/pocketbase/models"
"github.com/SecurityBrewery/catalyst/migrations"
"github.com/SecurityBrewery/catalyst/reaction/action"
"github.com/SecurityBrewery/catalyst/webhook"
)
type Hook struct {
Collections []string `json:"collections"`
Events []string `json:"events"`
}
func BindHooks(app core.App) {
app.OnRecordAfterCreateRequest().Add(func(e *core.RecordCreateEvent) error {
if err := hook(app.Dao(), "create", e.Collection.Name, e.Record, e.HttpContext); err != nil {
app.Logger().Error("failed to find hook reaction", "error", err.Error())
}
return nil
})
app.OnRecordAfterUpdateRequest().Add(func(e *core.RecordUpdateEvent) error {
if err := hook(app.Dao(), "update", e.Collection.Name, e.Record, e.HttpContext); err != nil {
app.Logger().Error("failed to find hook reaction", "error", err.Error())
}
return nil
})
app.OnRecordAfterDeleteRequest().Add(func(e *core.RecordDeleteEvent) error {
if err := hook(app.Dao(), "delete", e.Collection.Name, e.Record, e.HttpContext); err != nil {
app.Logger().Error("failed to find hook reaction", "error", err.Error())
}
return nil
})
}
func hook(dao *daos.Dao, event, collection string, record *models.Record, ctx echo.Context) error {
auth, _ := ctx.Get(apis.ContextAuthRecordKey).(*models.Record)
admin, _ := ctx.Get(apis.ContextAdminKey).(*models.Admin)
hook, found, err := findByHookTrigger(dao, collection, event)
if err != nil {
return fmt.Errorf("failed to find hook reaction: %w", err)
}
if !found {
return nil
}
payload, err := json.Marshal(&webhook.Payload{
Action: event,
Collection: collection,
Record: record,
Auth: auth,
Admin: admin,
})
if err != nil {
return fmt.Errorf("failed to marshal payload: %w", err)
}
_, err = action.Run(ctx.Request().Context(), hook.GetString("action"), hook.GetString("actiondata"), string(payload))
if err != nil {
return fmt.Errorf("failed to run hook reaction: %w", err)
}
return nil
}
func findByHookTrigger(dao *daos.Dao, collection, event string) (*models.Record, bool, error) {
records, err := dao.FindRecordsByExpr(migrations.ReactionCollectionName, dbx.HashExp{"trigger": "hook"})
if err != nil {
return nil, false, err
}
if len(records) == 0 {
return nil, false, nil
}
for _, record := range records {
var hook Hook
if err := json.Unmarshal([]byte(record.GetString("triggerdata")), &hook); err != nil {
return nil, false, err
}
if slices.Contains(hook.Collections, collection) && slices.Contains(hook.Events, event) {
return record, true, nil
}
}
return nil, false, nil
}

23
reaction/trigger/webhook/request.go Normal file
View File

@@ -0,0 +1,23 @@
package webhook
import (
"encoding/json"
"net/http"
"net/url"
)
type Request struct {
Method string `json:"method"`
Path string `json:"path"`
Headers http.Header `json:"headers"`
Query url.Values `json:"query"`
Body string `json:"body"`
IsBase64Encoded bool `json:"isBase64Encoded"`
}
// isJSON checks if the data is JSON.
func isJSON(data []byte) bool {
var msg json.RawMessage
return json.Unmarshal(data, &msg) == nil
}

37
reaction/trigger/webhook/request_test.go Normal file
View File

@@ -0,0 +1,37 @@
package webhook
import "testing"
func Test_isJSON(t *testing.T) {
type args struct {
data []byte
}
tests := []struct {
name string
args args
want bool
}{
{
name: "valid JSON",
args: args{
data: []byte(`{"key": "value"}`),
},
want: true,
},
{
name: "invalid JSON",
args: args{
data: []byte(`{"key": "value"`),
},
want: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := isJSON(tt.args.data); got != tt.want {
t.Errorf("isJSON() = %v, want %v", got, tt.want)
}
})
}
}

146
reaction/trigger/webhook/webhook.go Normal file
View File

@@ -0,0 +1,146 @@
package webhook
import (
"encoding/base64"
"encoding/json"
"fmt"
"net/http"
"strings"
"github.com/labstack/echo/v5"
"github.com/pocketbase/dbx"
"github.com/pocketbase/pocketbase/apis"
"github.com/pocketbase/pocketbase/core"
"github.com/pocketbase/pocketbase/daos"
"github.com/pocketbase/pocketbase/models"
"github.com/SecurityBrewery/catalyst/migrations"
"github.com/SecurityBrewery/catalyst/reaction/action"
"github.com/SecurityBrewery/catalyst/reaction/action/webhook"
)
type Webhook struct {
Token string `json:"token"`
Path string `json:"path"`
}
const prefix = "/reaction/"
func BindHooks(app core.App) {
app.OnBeforeServe().Add(func(e *core.ServeEvent) error {
e.Router.Any(prefix+"*", handle(e.App.Dao()))
return nil
})
}
func handle(dao *daos.Dao) func(c echo.Context) error {
return func(c echo.Context) error {
record, payload, apiErr := parseRequest(dao, c.Request())
if apiErr != nil {
return apiErr
}
output, err := action.Run(c.Request().Context(), record.GetString("action"), record.GetString("actiondata"), string(payload))
if err != nil {
return apis.NewApiError(http.StatusInternalServerError, err.Error(), nil)
}
return writeOutput(c, output)
}
}
func parseRequest(dao *daos.Dao, r *http.Request) (*models.Record, []byte, *apis.ApiError) {
if !strings.HasPrefix(r.URL.Path, prefix) {
return nil, nil, apis.NewApiError(http.StatusNotFound, "wrong prefix", nil)
}
reactionName := strings.TrimPrefix(r.URL.Path, prefix)
record, trigger, found, err := findByWebhookTrigger(dao, reactionName)
if err != nil {
return nil, nil, apis.NewNotFoundError(err.Error(), nil)
}
if !found {
return nil, nil, apis.NewNotFoundError("reaction not found", nil)
}
if trigger.Token != "" {
auth := r.Header.Get("Authorization")
if !strings.HasPrefix(auth, "Bearer ") {
return nil, nil, apis.NewUnauthorizedError("missing token", nil)
}
if trigger.Token != strings.TrimPrefix(auth, "Bearer ") {
return nil, nil, apis.NewUnauthorizedError("invalid token", nil)
}
}
body, isBase64Encoded := webhook.EncodeBody(r.Body)
payload, err := json.Marshal(&Request{
Method: r.Method,
Path: r.URL.EscapedPath(),
Headers: r.Header,
Query: r.URL.Query(),
Body: body,
IsBase64Encoded: isBase64Encoded,
})
if err != nil {
return nil, nil, apis.NewApiError(http.StatusInternalServerError, err.Error(), nil)
}
return record, payload, nil
}
func findByWebhookTrigger(dao *daos.Dao, path string) (*models.Record, *Webhook, bool, error) {
records, err := dao.FindRecordsByExpr(migrations.ReactionCollectionName, dbx.HashExp{"trigger": "webhook"})
if err != nil {
return nil, nil, false, err
}
if len(records) == 0 {
return nil, nil, false, nil
}
for _, record := range records {
var webhook Webhook
if err := json.Unmarshal([]byte(record.GetString("triggerdata")), &webhook); err != nil {
return nil, nil, false, err
}
if webhook.Path == path {
return record, &webhook, true, nil
}
}
return nil, nil, false, nil
}
func writeOutput(c echo.Context, output []byte) error {
var catalystResponse webhook.Response
if err := json.Unmarshal(output, &catalystResponse); err == nil && catalystResponse.StatusCode != 0 {
for key, values := range catalystResponse.Headers {
for _, value := range values {
c.Response().Header().Add(key, value)
}
}
if catalystResponse.IsBase64Encoded {
output, err = base64.StdEncoding.DecodeString(catalystResponse.Body)
if err != nil {
return fmt.Errorf("error decoding base64 body: %w", err)
}
} else {
output = []byte(catalystResponse.Body)
}
}
if isJSON(output) {
return c.JSON(http.StatusOK, json.RawMessage(output))
}
return c.String(http.StatusOK, string(output))
}