Merge pull request #46076 from nextcloud/enh/webhooks-user-id-filter

feat(webhooks): Add support for a userid filter

Author: come-nc

apps/webhook_listeners/lib/AppInfo/Application.php

@@ -16,6 +16,7 @@
 use OCP\AppFramework\Bootstrap\IBootstrap;
 use OCP\AppFramework\Bootstrap\IRegistrationContext;
 use OCP\EventDispatcher\IEventDispatcher;
+use OCP\IUserSession;
 use Psr\Container\ContainerInterface;
 use Psr\Log\LoggerInterface;
 
@@ -40,9 +41,10 @@ private function registerRuleListeners(
 	): void {
 		/** @var WebhookListenerMapper */
 		$mapper = $container->get(WebhookListenerMapper::class);
+		$userSession = $container->get(IUserSession::class);
 
 		/* Listen to all events with at least one webhook configured */
-		$configuredEvents = $mapper->getAllConfiguredEvents();
+		$configuredEvents = $mapper->getAllConfiguredEvents($userSession->getUser()?->getUID());
 		foreach ($configuredEvents as $eventName) {
 			$logger->debug("Listening to {$eventName}");
 			$dispatcher->addServiceListener(

apps/webhook_listeners/lib/Controller/WebhooksController.php

@@ -107,6 +107,7 @@ public function show(int $id): DataResponse {
 	 * @param string $uri Webhook URI endpoint
 	 * @param string $event Event class name to listen to
 	 * @param ?array<string,mixed> $eventFilter Mongo filter to apply to the serialized data to decide if firing
+	 * @param ?string $userIdFilter User id to filter on. The webhook will only be called by requests from this user. Empty or null means no filtering.
 	 * @param ?array<string,string> $headers Array of headers to send
 	 * @param "none"|"headers"|null $authMethod Authentication method to use
 	 * @param ?array<string,mixed> $authData Array of data for authentication
@@ -126,6 +127,7 @@ public function create(
 		string $uri,
 		string $event,
 		?array $eventFilter,
+		?string $userIdFilter,
 		?array $headers,
 		?string $authMethod,
 		#[\SensitiveParameter]
@@ -150,6 +152,7 @@ public function create(
 				$uri,
 				$event,
 				$eventFilter,
+				$userIdFilter,
 				$headers,
 				$authMethod,
 				$authData,
@@ -173,6 +176,7 @@ public function create(
 	 * @param string $uri Webhook URI endpoint
 	 * @param string $event Event class name to listen to
 	 * @param ?array<string,mixed> $eventFilter Mongo filter to apply to the serialized data to decide if firing
+	 * @param ?string $userIdFilter User id to filter on. The webhook will only be called by requests from this user. Empty or null means no filtering.
 	 * @param ?array<string,string> $headers Array of headers to send
 	 * @param "none"|"headers"|null $authMethod Authentication method to use
 	 * @param ?array<string,mixed> $authData Array of data for authentication
@@ -193,6 +197,7 @@ public function update(
 		string $uri,
 		string $event,
 		?array $eventFilter,
+		?string $userIdFilter,
 		?array $headers,
 		?string $authMethod,
 		#[\SensitiveParameter]
@@ -218,6 +223,7 @@ public function update(
 				$uri,
 				$event,
 				$eventFilter,
+				$userIdFilter,
 				$headers,
 				$authMethod,
 				$authData,

apps/webhook_listeners/lib/Db/WebhookListener.php

@@ -59,6 +59,13 @@ class WebhookListener extends Entity implements \JsonSerializable {
 	 */
 	protected $eventFilter;
 
+	/**
+	 * @var ?string
+	 * If not empty, id of the user that needs to be connected for the webhook to trigger
+	 * @psalm-suppress PropertyNotSetInConstructor
+	 */
+	protected $userIdFilter;
+
 	/**
 	 * @var ?array
 	 */
@@ -90,6 +97,7 @@ public function __construct(
 		$this->addType('uri', 'string');
 		$this->addType('event', 'string');
 		$this->addType('eventFilter', 'json');
+		$this->addType('userIdFilter', 'string');
 		$this->addType('headers', 'json');
 		$this->addType('authMethod', 'string');
 		$this->addType('authData', 'string');

apps/webhook_listeners/lib/Db/WebhookListenerMapper.php

@@ -25,7 +25,7 @@
 class WebhookListenerMapper extends QBMapper {
 	public const TABLE_NAME = 'webhook_listeners';
 
-	private const EVENTS_CACHE_KEY = 'eventsUsedInWebhooks';
+	private const EVENTS_CACHE_KEY_PREFIX = 'eventsUsedInWebhooks';
 
 	private ?ICache $cache = null;
 
@@ -77,6 +77,7 @@ public function addWebhookListener(
 		string $uri,
 		string $event,
 		?array $eventFilter,
+		?string $userIdFilter,
 		?array $headers,
 		AuthMethod $authMethod,
 		#[\SensitiveParameter]
@@ -95,12 +96,13 @@ public function addWebhookListener(
 				'uri' => $uri,
 				'event' => $event,
 				'eventFilter' => $eventFilter ?? [],
+				'userIdFilter' => $userIdFilter ?? '',
 				'headers' => $headers,
 				'authMethod' => $authMethod->value,
 			]
 		);
 		$webhookListener->setAuthDataClear($authData);
-		$this->cache?->remove(self::EVENTS_CACHE_KEY);
+		$this->cache?->remove($this->buildCacheKey($userIdFilter));
 		return $this->insert($webhookListener);
 	}
 
@@ -115,6 +117,7 @@ public function updateWebhookListener(
 		string $uri,
 		string $event,
 		?array $eventFilter,
+		?string $userIdFilter,
 		?array $headers,
 		AuthMethod $authMethod,
 		#[\SensitiveParameter]
@@ -134,12 +137,13 @@ public function updateWebhookListener(
 				'uri' => $uri,
 				'event' => $event,
 				'eventFilter' => $eventFilter ?? [],
+				'userIdFilter' => $userIdFilter ?? '',
 				'headers' => $headers,
 				'authMethod' => $authMethod->value,
 			]
 		);
 		$webhookListener->setAuthDataClear($authData);
-		$this->cache?->remove(self::EVENTS_CACHE_KEY);
+		$this->cache?->remove($this->buildCacheKey($userIdFilter));
 		return $this->update($webhookListener);
 	}
 
@@ -159,11 +163,16 @@ public function deleteById(int $id): bool {
 	 * @throws Exception
 	 * @return list<string>
 	 */
-	private function getAllConfiguredEventsFromDatabase(): array {
+	private function getAllConfiguredEventsFromDatabase(string $userId): array {
 		$qb = $this->db->getQueryBuilder();
 
 		$qb->selectDistinct('event')
-			->from($this->getTableName());
+			->from($this->getTableName())
+			->where($qb->expr()->emptyString('user_id_filter'));
+
+		if ($userId !== '') {
+			$qb->orWhere($qb->expr()->eq('user_id_filter', $qb->createNamedParameter($userId)));
+		}
 
 		$result = $qb->executeQuery();
 
@@ -181,27 +190,40 @@ private function getAllConfiguredEventsFromDatabase(): array {
 	 * @throws Exception
 	 * @return list<string>
 	 */
-	public function getAllConfiguredEvents(): array {
-		$events = $this->cache?->get(self::EVENTS_CACHE_KEY);
+	public function getAllConfiguredEvents(?string $userId = null): array {
+		$cacheKey = $this->buildCacheKey($userId);
+		$events = $this->cache?->get($cacheKey);
 		if ($events !== null) {
 			return json_decode($events);
 		}
-		$events = $this->getAllConfiguredEventsFromDatabase();
+		$events = $this->getAllConfiguredEventsFromDatabase($userId ?? '');
 		// cache for 5 minutes
-		$this->cache?->set(self::EVENTS_CACHE_KEY, json_encode($events), 300);
+		$this->cache?->set($cacheKey, json_encode($events), 300);
 		return $events;
 	}
 
 	/**
 	 * @throws Exception
 	 */
-	public function getByEvent(string $event): array {
+	public function getByEvent(string $event, ?string $userId = null): array {
 		$qb = $this->db->getQueryBuilder();
 
 		$qb->select('*')
 			->from($this->getTableName())
 			->where($qb->expr()->eq('event', $qb->createNamedParameter($event, IQueryBuilder::PARAM_STR)));
 
+
+		if ($userId === '' || $userId === null) {
+			$qb->andWhere($qb->expr()->emptyString('user_id_filter'));
+		} else {
+			$qb->andWhere(
+				$qb->expr()->orX(
+					$qb->expr()->emptyString('user_id_filter'),
+					$qb->expr()->eq('user_id_filter', $qb->createNamedParameter($userId)),
+				)
+			);
+		}
+
 		return $this->findEntities($qb);
 	}
 
@@ -217,4 +239,8 @@ public function getByUri(string $uri): array {
 
 		return $this->findEntities($qb);
 	}
+
+	private function buildCacheKey(?string $userIdFilter): string {
+		return self::EVENTS_CACHE_KEY_PREFIX.'_'.($userIdFilter ?? '');
+	}
 }

apps/webhook_listeners/lib/Listener/WebhooksEventListener.php

@@ -34,8 +34,8 @@ public function __construct(
 	}
 
 	public function handle(Event $event): void {
-		$webhookListeners = $this->mapper->getByEvent($event::class);
 		$user = $this->userSession->getUser();
+		$webhookListeners = $this->mapper->getByEvent($event::class, $user?->getUID());
 
 		foreach ($webhookListeners as $webhookListener) {
 			// TODO add group membership to be able to filter on it

apps/webhook_listeners/lib/Migration/Version1000Date20240527153425.php

@@ -47,12 +47,17 @@ public function changeSchema(IOutput $output, Closure $schemaClosure, array $opt
 				'notnull' => true,
 				'length' => 4000,
 			]);
-			$table->addColumn('event', Types::TEXT, [
+			$table->addColumn('event', Types::STRING, [
 				'notnull' => true,
+				'length' => 4000,
 			]);
 			$table->addColumn('event_filter', Types::TEXT, [
 				'notnull' => false,
 			]);
+			$table->addColumn('user_id_filter', Types::STRING, [
+				'notnull' => false,
+				'length' => 64,
+			]);
 			$table->addColumn('headers', Types::TEXT, [
 				'notnull' => false,
 			]);

apps/webhook_listeners/lib/ResponseDefinitions.php

@@ -17,6 +17,7 @@
  *     uri: string,
  *     event?: string,
  *     eventFilter?: array<string,mixed>,
+ *     userIdFilter?: string,
  *     headers?: array<string,string>,
  *     authMethod: string,
  *     authData?: array<string,mixed>,

apps/webhook_listeners/openapi.json

@@ -75,6 +75,9 @@
                             "type": "object"
                         }
                     },
+                    "userIdFilter": {
+                        "type": "string"
+                    },
                     "headers": {
                         "type": "object",
                         "additionalProperties": {
@@ -223,6 +226,11 @@
                                             "type": "object"
                                         }
                                     },
+                                    "userIdFilter": {
+                                        "type": "string",
+                                        "nullable": true,
+                                        "description": "User id to filter on. The webhook will only be called by requests from this user. Empty or null means no filtering."
+                                    },
                                     "headers": {
                                         "type": "object",
                                         "nullable": true,
@@ -501,6 +509,11 @@
                                             "type": "object"
                                         }
                                     },
+                                    "userIdFilter": {
+                                        "type": "string",
+                                        "nullable": true,
+                                        "description": "User id to filter on. The webhook will only be called by requests from this user. Empty or null means no filtering."
+                                    },
                                     "headers": {
                                         "type": "object",
                                         "nullable": true,

apps/webhook_listeners/tests/Db/WebhookListenerMapperTest.php

@@ -58,6 +58,7 @@ public function testInsertListenerWithNotSupportedEvent() {
 			UserCreatedEvent::class,
 			null,
 			null,
+			null,
 			AuthMethod::None,
 			null,
 		);
@@ -72,6 +73,7 @@ public function testInsertListenerAndGetIt() {
 			NodeWrittenEvent::class,
 			null,
 			null,
+			null,
 			AuthMethod::None,
 			null,
 		);
@@ -92,6 +94,7 @@ public function testInsertListenerAndGetItByUri() {
 			NodeWrittenEvent::class,
 			null,
 			null,
+			null,
 			AuthMethod::None,
 			null,
 		);
@@ -111,6 +114,7 @@ public function testInsertListenerAndGetItWithAuthData() {
 			NodeWrittenEvent::class,
 			null,
 			null,
+			null,
 			AuthMethod::Header,
 			['secretHeader' => 'header'],
 		);
@@ -120,4 +124,50 @@ public function testInsertListenerAndGetItWithAuthData() {
 		$listener1->resetUpdatedFields();
 		$this->assertEquals($listener1, $listener2);
 	}
+
+	public function testInsertListenerAndGetItByEventAndUser() {
+		$listener1 = $this->mapper->addWebhookListener(
+			null,
+			'bob',
+			'POST',
+			'https://webhook.example.com/endpoint',
+			NodeWrittenEvent::class,
+			null,
+			'alice',
+			null,
+			AuthMethod::None,
+			null,
+		);
+		$listener1->resetUpdatedFields();
+
+		$this->assertEquals([NodeWrittenEvent::class], $this->mapper->getAllConfiguredEvents('alice'));
+		$this->assertEquals([], $this->mapper->getAllConfiguredEvents(''));
+		$this->assertEquals([], $this->mapper->getAllConfiguredEvents('otherUser'));
+
+		$this->assertEquals([$listener1], $this->mapper->getByEvent(NodeWrittenEvent::class, 'alice'));
+		$this->assertEquals([], $this->mapper->getByEvent(NodeWrittenEvent::class, ''));
+		$this->assertEquals([], $this->mapper->getByEvent(NodeWrittenEvent::class, 'otherUser'));
+
+		/* Add a second listener with no user filter */
+		$listener2 = $this->mapper->addWebhookListener(
+			null,
+			'bob',
+			'POST',
+			'https://webhook.example.com/endpoint',
+			NodeWrittenEvent::class,
+			null,
+			'',
+			null,
+			AuthMethod::None,
+			null,
+		);
+		$listener2->resetUpdatedFields();
+
+		$this->assertEquals([NodeWrittenEvent::class], $this->mapper->getAllConfiguredEvents('alice'));
+		$this->assertEquals([NodeWrittenEvent::class], $this->mapper->getAllConfiguredEvents(''));
+
+		$this->assertEquals([$listener1, $listener2], $this->mapper->getByEvent(NodeWrittenEvent::class, 'alice'));
+		$this->assertEquals([$listener2], $this->mapper->getByEvent(NodeWrittenEvent::class, 'otherUser'));
+		$this->assertEquals([$listener2], $this->mapper->getByEvent(NodeWrittenEvent::class));
+	}
 }