Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add authorization header in webhooks stored in secrets table #941

Merged
merged 16 commits into from
Jul 4, 2024
Merged

Add authorization header in webhooks stored in secrets table #941

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
2667d9f
Add authorization header in webhooks stored in secrets table
CamilleLegeron Apr 18, 2024
dff4159
add translation + authorization in classes
CamilleLegeron Apr 18, 2024
ead3d97
add column in webhook page test
CamilleLegeron Apr 18, 2024
35fa854
linter: cut line
CamilleLegeron Apr 18, 2024
b69da04
Merge branch 'main' into webhooks-with-headers
CamilleLegeron Apr 30, 2024
62b0ae3
Update app/server/lib/Triggers.ts
CamilleLegeron Apr 30, 2024
2e7ec0d
accept authorization to be undefined
CamilleLegeron Apr 30, 2024
80f88cd
test DocApi add authorization field
CamilleLegeron May 2, 2024
af1cb95
add authorization test + fix update url and authorization secret fiel…
CamilleLegeron May 16, 2024
1c2d78e
Update app/gen-server/lib/HomeDBManager.ts
CamilleLegeron May 28, 2024
72f93ca
Test: add Header Auth persistance test
CamilleLegeron Jul 1, 2024
b793709
update webhooksecret : add exception and use an object in props of th…
CamilleLegeron Jul 1, 2024
71a5065
Merge branch 'main' into webhooks-with-headers
CamilleLegeron Jul 1, 2024
7baa089
Merge branch 'main' into webhooks-with-headers
CamilleLegeron Jul 2, 2024
c3ec72d
fix test webhooks header authorization
CamilleLegeron Jul 2, 2024
751081f
update Webhook page to use new virtual ids creation
CamilleLegeron Jul 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 8 additions & 3 deletions app/gen-server/lib/HomeDBManager.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1953,15 +1953,20 @@ export class HomeDBManager extends EventEmitter {
// Update the webhook url in the webhook's corresponding secret (note: the webhook identifier is
// its secret identifier).
public async updateWebhookUrlAndAuth(
id: string, docId: string, url: string, auth: string | undefined, outerManager?: EntityManager) {
id: string, docId: string, url: string | undefined, auth: string | undefined, outerManager?: EntityManager) {
return await this._runInTransaction(outerManager, async manager => {
const value = await this.getSecret(id, docId, manager);
if (!value) {
throw new ApiError('Webhook with given id not found', 404);
}
const webhookSecret = JSON.parse(value);
webhookSecret.url = url;
webhookSecret.authorization = auth;
// update url and authorization only if not undefined to fit to patch calls
CamilleLegeron marked this conversation as resolved.
Show resolved Hide resolved
if (url !== undefined) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2 things:

  • I'd convert arguments to an object, as there are too many strings there
  • I'd throw an exception when both those things are not defined.

If you take a look at the line 1939 updateSecret method, it will throw an exception if the update won't do anything, but with completely misleading error message - that the secret wasn't found, when in fact it was found but just not updated.

Btw: can you update that error message as well, to something like:
secret with given id not found or nothing was updated.

webhookSecret.url = url;
}
if (auth !== undefined) {
webhookSecret.authorization = auth;
}
await this.updateSecret(id, docId, JSON.stringify(webhookSecret), manager);
});
}
Expand Down
2 changes: 1 addition & 1 deletion app/server/lib/DocApi.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -936,7 +936,7 @@ export class DocWorkerApi {

// update url and authorization header in homedb
if (url || authorization) {
await this._dbManager.updateWebhookUrlAndAuth(webhookId, docId, url, authorization || undefined);
await this._dbManager.updateWebhookUrlAndAuth(webhookId, docId, url, authorization);
activeDoc.triggers.webhookDeleted(webhookId); // clear cache
}

Expand Down
2 changes: 2 additions & 0 deletions test/server/lib/DocApi.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4961,6 +4961,8 @@ function testDocApi() {

await check({isReadyColumn: null}, 200);
await check({isReadyColumn: "bar"}, 404, `Column not found "bar"`);

await check({authorization: 'Bearer fake-token'}, 200);
});

});
Expand Down
Loading