✨ Improve webhook URI validation

2025-01-09 00:10:11 -05:00 · 2022-12-14 16:21:23 +01:00 · 2022-12-14 16:21:23 +01:00 · 6ea0279c9e
commit 6ea0279c9e
parent 6a7a25121e
9 changed files with 34 additions and 14 deletions
--- a/backend/src/app/http/client.clj
+++ b/backend/src/app/http/client.clj
@ -11,7 +11,8 @@
   [app.worker :as wrk]
   [clojure.spec.alpha :as s]
   [integrant.core :as ig]
-   [java-http-clj.core :as http])
+   [java-http-clj.core :as http]
+   [promesa.core :as p])
  (:import
   java.net.http.HttpClient))

@ -34,7 +35,10 @@
   (us/assert! ::client client)
   (if sync?
     (http/send req {:client client :as response-type})
-     (http/send-async req {:client client :as response-type}))))
+     (try
+       (http/send-async req {:client client :as response-type})
+       (catch Throwable cause
+         (p/rejected cause))))))

 (defn req!
  "A convencience toplevel function for gradual migration to a new API
--- a/backend/src/app/loggers/webhooks.clj
+++ b/backend/src/app/loggers/webhooks.clj
@ -169,6 +169,9 @@
    (instance? java.net.ConnectException cause)
    "connection-error"

+    (instance? java.lang.IllegalArgumentException cause)
+    "invalid-uri"
+
    (instance? java.net.http.HttpConnectTimeoutException cause)
    "timeout"
    ))
--- a/backend/src/app/rpc/commands/webhooks.clj
+++ b/backend/src/app/rpc/commands/webhooks.clj
@ -74,7 +74,8 @@
    (when (>= total max-hooks-for-team)
      (ex/raise :type :restriction
                :code :webhooks-quote-reached
-                :hint (str/ffmt "can't create more than % webhooks per team" max-hooks-for-team)))))
+                :hint (str/ffmt "can't create more than % webhooks per team"
+                                max-hooks-for-team)))))

 (defn- insert-webhook!
  [{:keys [::db/pool]} {:keys [team-id uri mtype is-active] :as params}]
@ -99,8 +100,8 @@
  {::doc/added "1.17"}
  [{:keys [::db/pool ::wrk/executor] :as cfg} {:keys [profile-id team-id] :as params}]
  (check-edition-permissions! pool profile-id team-id)
-  (->> (validate-quotes! cfg params)
-       (p/fmap executor (fn [_] (validate-webhook! cfg nil params)))
+  (validate-quotes! cfg params)
+  (->> (validate-webhook! cfg nil params)
       (p/fmap executor (fn [_] (insert-webhook! cfg params)))))

 (s/def ::update-webhook
--- a/common/src/app/common/spec.cljc
+++ b/common/src/app/common/spec.cljc
@ -135,7 +135,7 @@
 (letfn [(conformer [s]
          (cond
            (u/uri? s) s
-            (string? s) (u/uri s)
+            (string? s) (u/uri (str/trim s))
            :else ::s/invalid))
        (unformer [v]
          (dm/str v))]
--- a/frontend/resources/styles/main/partials/dashboard-team.scss
+++ b/frontend/resources/styles/main/partials/dashboard-team.scss
@ -199,10 +199,12 @@
      }
    }

-    &.uri,
+    &.uri {
+      flex-grow: 1;
+    }
+
    &.active {
-      width: 48%;
-      min-width: 300px;
+      min-width: 100px;
    }

    &.last-delivery {
--- a/frontend/src/app/main/data/dashboard.cljs
+++ b/frontend/src/app/main/data/dashboard.cljs
@ -620,7 +620,9 @@
    ptk/WatchEvent
    (watch [_ state _]
      (let [team-id (:current-team-id state)
-            params  (assoc params :team-id team-id)
+            params  (-> params
+                        (assoc :team-id team-id)
+                        (update :uri str))
            {:keys [on-success on-error]
             :or {on-success identity
                  on-error rx/throw}} (meta params)]
--- a/frontend/src/app/main/ui/dashboard/team.cljs
+++ b/frontend/src/app/main/ui/dashboard/team.cljs
@ -620,7 +620,7 @@
 ;; WEBHOOKS SECTION
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

-(s/def ::uri ::us/not-empty-string)
+(s/def ::uri ::us/uri)
 (s/def ::mtype ::us/not-empty-string)
 (s/def ::webhook-form
  (s/keys :req-un [::uri ::mtype]))
@ -657,6 +657,8 @@
             (let [message (cond
                             (= hint "unknown")
                             (tr "errors.webhooks.unexpected")
+                             (= hint "invalid-uri")
+                             (tr "errors.webhooks.invalid-uri")
                             (= hint "ssl-validation-error")
                             (tr "errors.webhooks.ssl-validation")
                             (= hint "timeout")
--- a/frontend/translations/en.po
+++ b/frontend/translations/en.po
@ -696,6 +696,9 @@ msgstr "Webhook updated successfully."
 msgid "dashboard.webhooks.create.success"
 msgstr "Webhook created successfully."

+msgid "webhooks.last-delivery.success"
+msgstr "Last delivery was successfull."
+
 msgid "errors.webhooks.unexpected"
 msgstr "Unexpected error on validating"

@ -705,15 +708,15 @@ msgstr "Timeout"
 msgid "errors.webhooks.connection"
 msgstr "Connection error, url not reacheable"

-msgid "webhooks.last-delivery.success"
-msgstr "Last delivery was successfull."
-
 msgid "errors.webhooks.last-delivery"
 msgstr "Last delivery was not successfull."

 msgid "errors.webhooks.ssl-validation"
 msgstr "Error on SSL validation."

+msgid "errors.webhooks.invalid-uri"
+msgstr "URL does not passes validation."
+
 msgid "errors.webhooks.unexpected-status"
 msgstr "Unexpected status %s"

--- a/frontend/translations/es.po
+++ b/frontend/translations/es.po
@ -761,6 +761,9 @@ msgstr "Error en la validación SSL."
 msgid "errors.webhooks.unexpected-status"
 msgstr "Estado inesperado %s"

+msgid "errors.webhooks.invalid-uri"
+msgstr "La URL no pasa la validacion."
+
 #: src/app/main/ui/alert.cljs
 msgid "ds.alert-ok"
 msgstr "Ok"