feat(*): add plugins

Author: vm-001

admin/api/sources.go

@@ -40,6 +40,12 @@ func (api *API) CreateSource(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	if source.Type == "http" {
+		if source.Config.HTTP.Path == "" {
+			source.Config.HTTP.Path = "/" + utils.UUIDShort()
+		}
+	}
+
 	source.WorkspaceId = ucontext.GetWorkspaceID(r.Context())
 	err := api.db.SourcesWS.Insert(r.Context(), &source)
 	api.assert(err)

db/entities/source.go

@@ -19,16 +19,33 @@ func (m CustomResponse) Value() (driver.Value, error) {
 	return json.Marshal(m)
 }
 
+type SourceConfig struct {
+	HTTP HttpSourceConfig `json:"http"`
+}
+
+func (m *SourceConfig) Scan(src interface{}) error {
+	return json.Unmarshal(src.([]byte), m)
+}
+
+func (m SourceConfig) Value() (driver.Value, error) {
+	return json.Marshal(m)
+}
+
+type HttpSourceConfig struct {
+	Path     string          `json:"path"`
+	Methods  Strings         `json:"methods"`
+	Response *CustomResponse `json:"response"`
+}
+
 type Source struct {
-	ID        string          `json:"id" db:"id"`
-	Name      *string         `json:"name" db:"name"`
-	Enabled   bool            `json:"enabled" db:"enabled"`
-	Path      string          `json:"path" db:"path"`
-	Methods   Strings         `json:"methods" db:"methods"`
-	Async     bool            `json:"async" db:"async"`
-	Response  *CustomResponse `json:"response" db:"response"`
-	Metadata  Metadata        `json:"metadata" db:"metadata"`
-	RateLimit *RateLimit      `json:"rate_limit" yaml:"rate_limit" db:"rate_limit"`
+	ID        string       `json:"id" db:"id"`
+	Name      *string      `json:"name" db:"name"`
+	Enabled   bool         `json:"enabled" db:"enabled"`
+	Type      string       `json:"type" db:"type"`
+	Config    SourceConfig `json:"config" db:"config"`
+	Async     bool         `json:"async" db:"async"`
+	Metadata  Metadata     `json:"metadata" db:"metadata"`
+	RateLimit *RateLimit   `json:"rate_limit" yaml:"rate_limit" db:"rate_limit"`
 
 	BaseModel `yaml:"-"`
 }

db/migrations/1762423418_source_config.down.sql

@@ -0,0 +1,11 @@
+ALTER TABLE IF EXISTS ONLY "sources" ADD COLUMN IF NOT EXISTS "path" TEXT;
+ALTER TABLE IF EXISTS ONLY "sources" ADD COLUMN IF NOT EXISTS "methods" TEXT[];
+ALTER TABLE IF EXISTS ONLY "sources" ADD COLUMN IF NOT EXISTS "response" JSONB;
+
+UPDATE sources SET
+  "path" = (config->'http'->>'path'),
+  "methods" = ARRAY(SELECT jsonb_array_elements_text(config->'http'->'methods')),
+  "response" = (config->'http'->'response');
+
+ALTER TABLE IF EXISTS ONLY "sources" DROP COLUMN IF EXISTS "type";
+ALTER TABLE IF EXISTS ONLY "sources" DROP COLUMN IF EXISTS "config";

db/migrations/1762423418_source_config.up.sql

@@ -0,0 +1,8 @@
+ALTER TABLE IF EXISTS ONLY "sources" ADD COLUMN IF NOT EXISTS "type" varchar(20);
+ALTER TABLE IF EXISTS ONLY "sources" ADD COLUMN IF NOT EXISTS "config" JSONB NOT NULL DEFAULT '{}'::jsonb;
+
+UPDATE sources SET "type" = 'http', "config" = jsonb_build_object('http', jsonb_build_object('methods', methods, 'path', path, 'response', response));
+
+ALTER TABLE IF EXISTS ONLY "sources" DROP COLUMN IF EXISTS "path";
+ALTER TABLE IF EXISTS ONLY "sources" DROP COLUMN IF EXISTS "methods";
+ALTER TABLE IF EXISTS ONLY "sources" DROP COLUMN IF EXISTS "response";

openapi.yml

@@ -877,33 +877,20 @@ components:
         enabled:
           type: boolean
           default: true
-        path:
+        type:
           type: string
-        methods:
-          type: array
-          items:
-            type: string
-            enum: [ GET, POST, PUT, DELETE, PATCH ]
-          minItems: 1
+          enum: [ http ]
+        config:
+          type: object
+          properties:
+            http:
+              $ref: "#/components/schemas/HTTPSourceConfig"
+          required:
+            - http
         async:
           type: boolean
           description: "Whether to ingest events asynchronously through the queue"
           default: false
-        response:
-          type: object
-          nullable: true
-          properties:
-            code:
-              type: integer
-              minimum: 200
-              maximum: 599
-            content_type:
-              type: string
-            body:
-              type: string
-          required:
-            - code
-            - content_type
         metadata:
           $ref: "#/components/schemas/Metadata"
         rate_limit:
@@ -914,9 +901,6 @@ components:
         updated_at:
           type: integer
           readOnly: true
-      required:
-        - path
-        - methods
 
     Plugin:
       type: object
@@ -988,3 +972,31 @@ components:
       required:
         - quota
         - period
+
+    HTTPSourceConfig:
+      type: object
+      properties:
+        path:
+          type: string
+        methods:
+          type: array
+          items:
+            type: string
+            enum: [ GET, POST, PUT, DELETE, PATCH ]
+          minItems: 1
+          default: [ "POST" ]
+        response:
+          type: object
+          nullable: true
+          properties:
+            code:
+              type: integer
+              minimum: 200
+              maximum: 599
+            content_type:
+              type: string
+            body:
+              type: string
+          required:
+            - code
+            - content_type

plugins/basic-auth/plugin.go

@@ -0,0 +1,43 @@
+package basic_auth
+
+import (
+	"github.com/webhookx-io/webhookx/pkg/http/response"
+	"github.com/webhookx-io/webhookx/pkg/plugin"
+	"github.com/webhookx-io/webhookx/utils"
+)
+
+type Config struct {
+	Username string `json:"username" validate:"required"`
+	Password string `json:"password" validate:"required"`
+}
+
+type BasicAuthPlugin struct {
+	plugin.BasePlugin[Config]
+}
+
+func New(config []byte) (plugin.Plugin, error) {
+	p := &BasicAuthPlugin{}
+	p.Name = "basic-auth"
+
+	if config != nil {
+		if err := p.UnmarshalConfig(config); err != nil {
+			return nil, err
+		}
+	}
+
+	return p, nil
+}
+
+func (p *BasicAuthPlugin) ValidateConfig() error {
+	return utils.Validate(p.Config)
+}
+
+func (p *BasicAuthPlugin) ExecuteInbound(inbound *plugin.Inbound) (result plugin.InboundResult, err error) {
+	username, password, _ := inbound.Request.BasicAuth()
+	if username != p.Config.Username || password != p.Config.Password {
+		response.JSON(inbound.Response, 401, `{"message":"Unauthorized"}`)
+		result.Terminated = true
+	}
+
+	return
+}

plugins/hmac-auth/plugin.go

@@ -0,0 +1,95 @@
+package hmac_auth
+
+import (
+	"crypto/hmac"
+	"crypto/md5"
+	"crypto/sha1"
+	"crypto/sha256"
+	"crypto/sha512"
+	"encoding/base64"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"github.com/webhookx-io/webhookx/pkg/http/response"
+	"github.com/webhookx-io/webhookx/pkg/plugin"
+	"github.com/webhookx-io/webhookx/utils"
+	"hash"
+)
+
+var (
+	ErrInvalidHashMethod     = errors.New("invalid hash method")
+	ErrInvalidEncodingMethod = errors.New("invalid encoding method")
+)
+
+var hashMethods = map[string]func() hash.Hash{
+	"md5":    md5.New,
+	"sha1":   sha1.New,
+	"sha256": sha256.New,
+	"sha512": sha512.New,
+}
+
+func Hmac(algorithm string, key string, data string) []byte {
+	fn, ok := hashMethods[algorithm]
+	if !ok {
+		panic(fmt.Errorf("%w: %s", ErrInvalidHashMethod, algorithm))
+	}
+	h := hmac.New(fn, []byte(key))
+	h.Write([]byte(data))
+	return h.Sum(nil)
+}
+
+func encode(encoding string, data []byte) string {
+	switch encoding {
+	case "hex":
+		return hex.EncodeToString(data)
+	case "base64":
+		return base64.StdEncoding.EncodeToString(data)
+	case "base64url":
+		return base64.RawURLEncoding.EncodeToString(data)
+	default:
+		panic(fmt.Errorf("%w: %s", ErrInvalidEncodingMethod, encoding))
+	}
+}
+
+type Config struct {
+	HashMethod      string `json:"hash_method" validate:"required,oneof=md5 sha1 sha256 sha512"`
+	HashEncoding    string `json:"hash_encoding" validate:"required,oneof=hex base64 base64url"`
+	SignatureHeader string `json:"signature_header" validate:"required"`
+	Key             string `json:"key" validate:"required"`
+}
+
+type HmacAuthPlugin struct {
+	plugin.BasePlugin[Config]
+}
+
+func New(config []byte) (plugin.Plugin, error) {
+	p := &HmacAuthPlugin{}
+	p.Name = "hmac-auth"
+
+	if config != nil {
+		if err := p.UnmarshalConfig(config); err != nil {
+			return nil, err
+		}
+	}
+
+	return p, nil
+}
+
+func (p *HmacAuthPlugin) ValidateConfig() error {
+	return utils.Validate(p.Config)
+}
+
+func (p *HmacAuthPlugin) ExecuteInbound(inbound *plugin.Inbound) (result plugin.InboundResult, err error) {
+	signature := inbound.Request.Header.Get(p.Config.SignatureHeader)
+	if signature == "" {
+		response.JSON(inbound.Response, 401, `{"message":"Unauthorized"}`)
+		result.Terminated = true
+	}
+
+	bytes := Hmac("todo", p.Config.Key, string(inbound.RawBody))
+	signature2 := encode("hex", bytes)
+	if signature != signature2 {
+		response.JSON(inbound.Response, 401, `{"message":"Unauthorized"}`)
+	}
+	return
+}

plugins/key-auth/plugin.go

@@ -0,0 +1,65 @@
+package key_auth
+
+import (
+	"github.com/webhookx-io/webhookx/pkg/http/response"
+	"github.com/webhookx-io/webhookx/pkg/plugin"
+	"github.com/webhookx-io/webhookx/utils"
+)
+
+// apikey-verifier ?
+
+type Config struct {
+	ParamName    string   `json:"param_name" validate:"required"`
+	ParamSources []string `json:"param_sources" validate:"required"`
+	Key          string   `json:"key" validate:"required"`
+}
+
+type KeyAuthPlugin struct {
+	plugin.BasePlugin[Config]
+}
+
+func New(config []byte) (plugin.Plugin, error) {
+	p := &KeyAuthPlugin{}
+	p.Name = "key-auth"
+
+	if config != nil {
+		if err := p.UnmarshalConfig(config); err != nil {
+			return nil, err
+		}
+	}
+
+	return p, nil
+}
+
+func (p *KeyAuthPlugin) ValidateConfig() error {
+	return utils.Validate(p.Config)
+}
+
+func (p *KeyAuthPlugin) ExecuteInbound(inbound *plugin.Inbound) (result plugin.InboundResult, err error) {
+
+	name := p.Config.ParamName
+	key := p.Config.Key
+	sources := p.Config.ParamSources
+
+	found := false
+	for _, source := range sources {
+		var value string
+		switch source {
+		case "query":
+			value = inbound.Request.URL.Query().Get(name)
+		case "header":
+			value = inbound.Request.Header.Get(name)
+		}
+		if value == key {
+			found = true
+			break
+		}
+	}
+
+	if !found {
+		response.JSON(inbound.Response, 401, `{"message":"Unauthorized"}`)
+		result.Terminated = true
+	}
+
+	return
+}

plugins/plugins.go

@@ -2,7 +2,10 @@ package plugins
 
 import (
 	"github.com/webhookx-io/webhookx/pkg/plugin"
+	basic_auth "github.com/webhookx-io/webhookx/plugins/basic-auth"
 	"github.com/webhookx-io/webhookx/plugins/function"
+	hmac_auth "github.com/webhookx-io/webhookx/plugins/hmac-auth"
+	key_auth "github.com/webhookx-io/webhookx/plugins/key-auth"
 	"github.com/webhookx-io/webhookx/plugins/wasm"
 	"github.com/webhookx-io/webhookx/plugins/webhookx_signature"
 )
@@ -11,4 +14,8 @@ func LoadPlugins() {
 	plugin.RegisterPlugin(plugin.TypeInbound, "function", function.New)
 	plugin.RegisterPlugin(plugin.TypeOutbound, "wasm", wasm.New)
 	plugin.RegisterPlugin(plugin.TypeOutbound, "webhookx-signature", webhookx_signature.New)
+	plugin.RegisterPlugin(plugin.TypeInbound, "key-auth", key_auth.New)
+	plugin.RegisterPlugin(plugin.TypeInbound, "basic-auth", basic_auth.New)
+	plugin.RegisterPlugin(plugin.TypeInbound, "hmac-auth", hmac_auth.New)
+
 }