anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
97aa57faed2dac2cefca43ba63ba10caccd8a43e
DECNET/decnet/web/router/webhooks/api_test_webhook.py
anti b70845a85d feat(webhooks): subscription CRUD + HMAC-signed delivery client 
Introduces the webhook egress foundation — a new WebhookSubscription
table, admin-gated CRUD under /api/v1/webhooks, and the shared
delivery client that both the test-ping route and the upcoming worker
will use. No worker yet; this commit is API + model + client only.

Simple-mode enum (AttackerDetail / DeckyStatus / SystemStatus) expands
to bus-topic patterns at the router layer; storage is always the raw
pattern list. Advanced mode lets admins supply raw NATS-style patterns
directly. Filter-at-subscribe: the worker (next commit) will subscribe
to the union of patterns across enabled subscriptions.

Delivery client handles HMAC-SHA256 signing (X-DECNET-Signature),
retry on 429/5xx/network errors with jittered backoff, no-retry on
4xx. Secrets never leave the server on GET/LIST — only the create
response carries the secret for copy-out.

CRUD routes publish WEBHOOK_SUBSCRIPTIONS_CHANGED on the bus after
every mutation so the (future) worker can hot-reload.

Opens DEBT-037 for the deferred items (circuit breaker, dead-letter,
batch delivery, payload templates, secret-at-rest).
2026-04-24 15:30:05 -04:00

61 lines
1.8 KiB
Python
Raw Blame History

"""POST /webhooks/{uuid}/test — fire a synthetic ping to verify plumbing.
This hits the same delivery path the worker uses, so a 200 here proves
the destination URL, HMAC secret, and network egress all work without
waiting for a real bus event.
"""
from __future__ import annotations
from datetime import datetime, timezone
from uuid import uuid4
from fastapi import APIRouter, Depends, HTTPException
from decnet.logging import get_logger
from decnet.telemetry import traced as _traced
from decnet.web.db.models import WebhookTestResponse
from decnet.web.dependencies import repo, require_admin
from decnet.webhook.client import deliver, SyntheticEvent
log = get_logger("api.webhooks.test")
router = APIRouter()
@router.post(
"/{uuid}/test",
tags=["Webhooks"],
response_model=WebhookTestResponse,
responses={
404: {"description": "Webhook not found"},
},
)
@_traced("api.webhook.test")
async def api_test_webhook(
uuid: str,
admin: dict = Depends(require_admin),
) -> WebhookTestResponse:
sub = await repo.get_webhook_subscription(uuid)
if not sub:
raise HTTPException(status_code=404, detail="Webhook not found")
event = SyntheticEvent(
topic="test.ping",
type="test",
ts=datetime.now(timezone.utc).isoformat(),
id=str(uuid4()),
payload={
"message": "Synthetic test event from DECNET",
"triggered_by": admin.get("username", "unknown"),
},
)
# Single attempt — no retries on manual tests. The operator wants a
# fast signal about the current state of the receiver, not a
# retry-and-wait behavior.
result = await deliver(sub, event, retry_schedule=[])
return WebhookTestResponse(
delivered=result.ok,
status_code=result.status_code,
error=result.error,
)
Reference in New Issue View Git Blame Copy Permalink