AddWebhook registers a new webhook for an event and returns a status message. Requires super-admin auth. Logic migrated from internal/graphql/add_webhook.go.
(ctx context.Context, meta RequestMetadata, params *model.AddWebhookRequest)
| 28 | // AddWebhook registers a new webhook for an event and returns a status message. |
| 29 | // Requires super-admin auth. Logic migrated from internal/graphql/add_webhook.go. |
| 30 | func (p *provider) AddWebhook(ctx context.Context, meta RequestMetadata, params *model.AddWebhookRequest) (*model.Response, *ResponseSideEffects, error) { |
| 31 | log := p.Log.With().Str("func", "AddWebhook").Logger() |
| 32 | if err := p.requireSuperAdmin(ctx, meta); err != nil { |
| 33 | return nil, nil, err |
| 34 | } |
| 35 | |
| 36 | if !validators.IsValidWebhookEventName(params.EventName) { |
| 37 | log.Debug().Str("EventName", params.EventName).Msg("Invalid Event Name") |
| 38 | return nil, nil, fmt.Errorf("invalid event name %s", params.EventName) |
| 39 | } |
| 40 | if strings.TrimSpace(params.Endpoint) == "" { |
| 41 | log.Debug().Msg("endpoint is missing") |
| 42 | return nil, nil, fmt.Errorf("empty endpoint not allowed") |
| 43 | } |
| 44 | // SSRF protection: validate endpoint URL and resolved IPs (skip in test env). |
| 45 | if p.Env != constants.TestEnv { |
| 46 | if err := validators.ValidateEndpointURL(params.Endpoint); err != nil { |
| 47 | log.Debug().Err(err).Str("endpoint", params.Endpoint).Msg("endpoint URL rejected by SSRF filter") |
| 48 | return nil, nil, fmt.Errorf("invalid endpoint: %s", err.Error()) |
| 49 | } |
| 50 | } |
| 51 | |
| 52 | headerBytes, err := json.Marshal(params.Headers) |
| 53 | if err != nil { |
| 54 | return nil, nil, err |
| 55 | } |
| 56 | |
| 57 | if params.EventDescription == nil { |
| 58 | params.EventDescription = refs.NewStringRef(strings.Join(strings.Split(params.EventName, "."), " ")) |
| 59 | } |
| 60 | |
| 61 | webhook, err := p.StorageProvider.AddWebhook(ctx, &schemas.Webhook{ |
| 62 | EventDescription: refs.StringValue(params.EventDescription), |
| 63 | EventName: params.EventName, |
| 64 | EndPoint: params.Endpoint, |
| 65 | Enabled: params.Enabled, |
| 66 | Headers: string(headerBytes), |
| 67 | }) |
| 68 | if err != nil { |
| 69 | log.Debug().Err(err).Msg("Failed to add webhook in db") |
| 70 | return nil, nil, err |
| 71 | } |
| 72 | |
| 73 | p.AuditProvider.LogEvent(audit.Event{ |
| 74 | Action: constants.AuditAdminWebhookCreatedEvent, |
| 75 | Protocol: meta.Protocol, ActorType: constants.AuditActorTypeAdmin, |
| 76 | ResourceType: constants.AuditResourceTypeWebhook, |
| 77 | ResourceID: webhook.ID, |
| 78 | IPAddress: meta.IPAddress, |
| 79 | UserAgent: meta.UserAgent, |
| 80 | }) |
| 81 | |
| 82 | return &model.Response{ |
| 83 | Message: `Webhook added successfully`, |
| 84 | }, nil, nil |
| 85 | } |
| 86 | |
| 87 | // UpdateWebhook updates an existing webhook's event, endpoint, headers, or |
nothing calls this directly
no test coverage detected