✨ Improve webhook URI validation

2025-03-13 00:01:51 -05:00 · 2022-12-14 16:21:23 +01:00 · 2022-12-14 16:21:23 +01:00 · 710878a667
commit 710878a667
parent 350e4a1d1b
9 changed files with 34 additions and 14 deletions
--- a/backend/src/app/http/client.clj
+++ b/backend/src/app/http/client.clj
@ -11,7 +11,8 @@
   [app.worker :as wrk]
   [clojure.spec.alpha :as s]
   [integrant.core :as ig]
-   [java-http-clj.core :as http])
+   [java-http-clj.core :as http]
   [promesa.core :as p])
  (:import
   java.net.http.HttpClient))
@ -34,7 +35,10 @@
   (us/assert! ::client client)
   (if sync?
     (http/send req {:client client :as response-type})
-     (http/send-async req {:client client :as response-type}))))
+     (try
       (http/send-async req {:client client :as response-type})
       (catch Throwable cause
         (p/rejected cause))))))
 (defn req!
  "A convencience toplevel function for gradual migration to a new API
--- a/backend/src/app/loggers/webhooks.clj
+++ b/backend/src/app/loggers/webhooks.clj
@ -169,6 +169,9 @@
    (instance? java.net.ConnectException cause)
    "connection-error"
    (instance? java.lang.IllegalArgumentException cause)
    "invalid-uri"
    (instance? java.net.http.HttpConnectTimeoutException cause)
    "timeout"
    ))
--- a/backend/src/app/rpc/commands/webhooks.clj
+++ b/backend/src/app/rpc/commands/webhooks.clj
@ -74,7 +74,8 @@
    (when (>= total max-hooks-for-team)
      (ex/raise :type :restriction
                :code :webhooks-quote-reached
-                :hint (str/ffmt "can't create more than % webhooks per team" max-hooks-for-team)))))
+                :hint (str/ffmt "can't create more than % webhooks per team"
                                max-hooks-for-team)))))
 (defn- insert-webhook!
  [{:keys [::db/pool]} {:keys [team-id uri mtype is-active] :as params}]
@ -99,8 +100,8 @@
  {::doc/added "1.17"}
  [{:keys [::db/pool ::wrk/executor] :as cfg} {:keys [profile-id team-id] :as params}]
  (check-edition-permissions! pool profile-id team-id)
-  (->> (validate-quotes! cfg params)
+  (validate-quotes! cfg params)
-       (p/fmap executor (fn [_] (validate-webhook! cfg nil params)))
+  (->> (validate-webhook! cfg nil params)
       (p/fmap executor (fn [_] (insert-webhook! cfg params)))))
 (s/def ::update-webhook
--- a/common/src/app/common/spec.cljc
+++ b/common/src/app/common/spec.cljc
@ -135,7 +135,7 @@
 (letfn [(conformer [s]
          (cond
            (u/uri? s) s
-            (string? s) (u/uri s)
+            (string? s) (u/uri (str/trim s))
            :else ::s/invalid))
        (unformer [v]
          (dm/str v))]
--- a/frontend/resources/styles/main/partials/dashboard-team.scss
+++ b/frontend/resources/styles/main/partials/dashboard-team.scss
@ -199,10 +199,12 @@
      }
    }
-    &.uri,
+    &.uri {
      flex-grow: 1;
    }
    &.active {
-      width: 48%;
+      min-width: 100px;
      min-width: 300px;
    }
    &.last-delivery {
--- a/frontend/src/app/main/data/dashboard.cljs
+++ b/frontend/src/app/main/data/dashboard.cljs
@ -620,7 +620,9 @@
    ptk/WatchEvent
    (watch [_ state _]
      (let [team-id (:current-team-id state)
-            params  (assoc params :team-id team-id)
+            params  (-> params
                        (assoc :team-id team-id)
                        (update :uri str))
            {:keys [on-success on-error]
             :or {on-success identity
                  on-error rx/throw}} (meta params)]
--- a/frontend/src/app/main/ui/dashboard/team.cljs
+++ b/frontend/src/app/main/ui/dashboard/team.cljs
@ -620,7 +620,7 @@
 ;; WEBHOOKS SECTION
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-(s/def ::uri ::us/not-empty-string)
+(s/def ::uri ::us/uri)
 (s/def ::mtype ::us/not-empty-string)
 (s/def ::webhook-form
  (s/keys :req-un [::uri ::mtype]))
@ -657,6 +657,8 @@
             (let [message (cond
                             (= hint "unknown")
                             (tr "errors.webhooks.unexpected")
                             (= hint "invalid-uri")
                             (tr "errors.webhooks.invalid-uri")
                             (= hint "ssl-validation-error")
                             (tr "errors.webhooks.ssl-validation")
                             (= hint "timeout")
--- a/frontend/translations/en.po
+++ b/frontend/translations/en.po
@ -696,6 +696,9 @@ msgstr "Webhook updated successfully."
 msgid "dashboard.webhooks.create.success"
 msgstr "Webhook created successfully."
 msgid "webhooks.last-delivery.success"
 msgstr "Last delivery was successfull."
 msgid "errors.webhooks.unexpected"
 msgstr "Unexpected error on validating"
@ -705,15 +708,15 @@ msgstr "Timeout"
 msgid "errors.webhooks.connection"
 msgstr "Connection error, url not reacheable"
 msgid "webhooks.last-delivery.success"
 msgstr "Last delivery was successfull."
 msgid "errors.webhooks.last-delivery"
 msgstr "Last delivery was not successfull."
 msgid "errors.webhooks.ssl-validation"
 msgstr "Error on SSL validation."
 msgid "errors.webhooks.invalid-uri"
 msgstr "URL does not passes validation."
 msgid "errors.webhooks.unexpected-status"
 msgstr "Unexpected status %s"
--- a/frontend/translations/es.po
+++ b/frontend/translations/es.po
@ -761,6 +761,9 @@ msgstr "Error en la validación SSL."
 msgid "errors.webhooks.unexpected-status"
 msgstr "Estado inesperado %s"
 msgid "errors.webhooks.invalid-uri"
 msgstr "La URL no pasa la validacion."
 #: src/app/main/ui/alert.cljs
 msgid "ds.alert-ok"
 msgstr "Ok"