2025-12-03 19:29:37 +00:00
|
|
|
package handlers
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
|
|
|
|
"net/http"
|
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
"github.com/gin-gonic/gin"
|
|
|
|
|
"github.com/google/uuid"
|
|
|
|
|
"go.uber.org/zap"
|
|
|
|
|
|
2025-12-24 10:54:22 +00:00
|
|
|
apperrors "veza-backend-api/internal/errors"
|
2025-12-03 19:29:37 +00:00
|
|
|
"veza-backend-api/internal/services"
|
|
|
|
|
"veza-backend-api/internal/workers"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// WebhookHandler gère les handlers de webhooks
|
|
|
|
|
type WebhookHandler struct {
|
|
|
|
|
webhookService *services.WebhookService
|
|
|
|
|
webhookWorker *workers.WebhookWorker
|
|
|
|
|
logger *zap.Logger
|
P0: stabilisation backend/chat/stream + nouvelle base migrations v1
Backend Go:
- Remplacement complet des anciennes migrations par la base V1 alignée sur ORIGIN.
- Durcissement global du parsing JSON (BindAndValidateJSON + RespondWithAppError).
- Sécurisation de config.go, CORS, statuts de santé et monitoring.
- Implémentation des transactions P0 (RBAC, duplication de playlists, social toggles).
- Ajout d’un job worker structuré (emails, analytics, thumbnails) + tests associés.
- Nouvelle doc backend : AUDIT_CONFIG, BACKEND_CONFIG, AUTH_PASSWORD_RESET, JOB_WORKER_*.
Chat server (Rust):
- Refonte du pipeline JWT + sécurité, audit et rate limiting avancé.
- Implémentation complète du cycle de message (read receipts, delivered, edit/delete, typing).
- Nettoyage des panics, gestion d’erreurs robuste, logs structurés.
- Migrations chat alignées sur le schéma UUID et nouvelles features.
Stream server (Rust):
- Refonte du moteur de streaming (encoding pipeline + HLS) et des modules core.
- Transactions P0 pour les jobs et segments, garanties d’atomicité.
- Documentation détaillée de la pipeline (AUDIT_STREAM_*, DESIGN_STREAM_PIPELINE, TRANSACTIONS_P0_IMPLEMENTATION).
Documentation & audits:
- TRIAGE.md et AUDIT_STABILITY.md à jour avec l’état réel des 3 services.
- Cartographie complète des migrations et des transactions (DB_MIGRATIONS_*, DB_TRANSACTION_PLAN, AUDIT_DB_TRANSACTIONS, TRANSACTION_TESTS_PHASE3).
- Scripts de reset et de cleanup pour la lab DB et la V1.
Ce commit fige l’ensemble du travail de stabilisation P0 (UUID, backend, chat et stream) avant les phases suivantes (Coherence Guardian, WS hardening, etc.).
2025-12-06 10:14:38 +00:00
|
|
|
commonHandler *CommonHandler
|
2025-12-03 19:29:37 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// NewWebhookHandler crée un nouveau handler de webhooks
|
|
|
|
|
func NewWebhookHandler(
|
|
|
|
|
webhookService *services.WebhookService,
|
|
|
|
|
webhookWorker *workers.WebhookWorker,
|
|
|
|
|
logger *zap.Logger,
|
|
|
|
|
) *WebhookHandler {
|
|
|
|
|
return &WebhookHandler{
|
|
|
|
|
webhookService: webhookService,
|
|
|
|
|
webhookWorker: webhookWorker,
|
|
|
|
|
logger: logger,
|
P0: stabilisation backend/chat/stream + nouvelle base migrations v1
Backend Go:
- Remplacement complet des anciennes migrations par la base V1 alignée sur ORIGIN.
- Durcissement global du parsing JSON (BindAndValidateJSON + RespondWithAppError).
- Sécurisation de config.go, CORS, statuts de santé et monitoring.
- Implémentation des transactions P0 (RBAC, duplication de playlists, social toggles).
- Ajout d’un job worker structuré (emails, analytics, thumbnails) + tests associés.
- Nouvelle doc backend : AUDIT_CONFIG, BACKEND_CONFIG, AUTH_PASSWORD_RESET, JOB_WORKER_*.
Chat server (Rust):
- Refonte du pipeline JWT + sécurité, audit et rate limiting avancé.
- Implémentation complète du cycle de message (read receipts, delivered, edit/delete, typing).
- Nettoyage des panics, gestion d’erreurs robuste, logs structurés.
- Migrations chat alignées sur le schéma UUID et nouvelles features.
Stream server (Rust):
- Refonte du moteur de streaming (encoding pipeline + HLS) et des modules core.
- Transactions P0 pour les jobs et segments, garanties d’atomicité.
- Documentation détaillée de la pipeline (AUDIT_STREAM_*, DESIGN_STREAM_PIPELINE, TRANSACTIONS_P0_IMPLEMENTATION).
Documentation & audits:
- TRIAGE.md et AUDIT_STABILITY.md à jour avec l’état réel des 3 services.
- Cartographie complète des migrations et des transactions (DB_MIGRATIONS_*, DB_TRANSACTION_PLAN, AUDIT_DB_TRANSACTIONS, TRANSACTION_TESTS_PHASE3).
- Scripts de reset et de cleanup pour la lab DB et la V1.
Ce commit fige l’ensemble du travail de stabilisation P0 (UUID, backend, chat et stream) avant les phases suivantes (Coherence Guardian, WS hardening, etc.).
2025-12-06 10:14:38 +00:00
|
|
|
commonHandler: NewCommonHandler(logger),
|
2025-12-03 19:29:37 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// RegisterWebhook gère l'enregistrement d'un webhook
|
|
|
|
|
func (h *WebhookHandler) RegisterWebhook() gin.HandlerFunc {
|
|
|
|
|
return func(c *gin.Context) {
|
|
|
|
|
// Récupérer l'ID utilisateur
|
|
|
|
|
userIDInterface, exists := c.Get("user_id")
|
|
|
|
|
if !exists {
|
|
|
|
|
c.JSON(http.StatusUnauthorized, gin.H{"error": "User not authenticated"})
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
userID, ok := userIDInterface.(uuid.UUID)
|
|
|
|
|
if !ok {
|
|
|
|
|
c.JSON(http.StatusInternalServerError, gin.H{"error": "Invalid user ID type"})
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var req struct {
|
|
|
|
|
URL string `json:"url" binding:"required,url"`
|
|
|
|
|
Events []string `json:"events" binding:"required,min=1"`
|
|
|
|
|
}
|
|
|
|
|
|
P0: stabilisation backend/chat/stream + nouvelle base migrations v1
Backend Go:
- Remplacement complet des anciennes migrations par la base V1 alignée sur ORIGIN.
- Durcissement global du parsing JSON (BindAndValidateJSON + RespondWithAppError).
- Sécurisation de config.go, CORS, statuts de santé et monitoring.
- Implémentation des transactions P0 (RBAC, duplication de playlists, social toggles).
- Ajout d’un job worker structuré (emails, analytics, thumbnails) + tests associés.
- Nouvelle doc backend : AUDIT_CONFIG, BACKEND_CONFIG, AUTH_PASSWORD_RESET, JOB_WORKER_*.
Chat server (Rust):
- Refonte du pipeline JWT + sécurité, audit et rate limiting avancé.
- Implémentation complète du cycle de message (read receipts, delivered, edit/delete, typing).
- Nettoyage des panics, gestion d’erreurs robuste, logs structurés.
- Migrations chat alignées sur le schéma UUID et nouvelles features.
Stream server (Rust):
- Refonte du moteur de streaming (encoding pipeline + HLS) et des modules core.
- Transactions P0 pour les jobs et segments, garanties d’atomicité.
- Documentation détaillée de la pipeline (AUDIT_STREAM_*, DESIGN_STREAM_PIPELINE, TRANSACTIONS_P0_IMPLEMENTATION).
Documentation & audits:
- TRIAGE.md et AUDIT_STABILITY.md à jour avec l’état réel des 3 services.
- Cartographie complète des migrations et des transactions (DB_MIGRATIONS_*, DB_TRANSACTION_PLAN, AUDIT_DB_TRANSACTIONS, TRANSACTION_TESTS_PHASE3).
- Scripts de reset et de cleanup pour la lab DB et la V1.
Ce commit fige l’ensemble du travail de stabilisation P0 (UUID, backend, chat et stream) avant les phases suivantes (Coherence Guardian, WS hardening, etc.).
2025-12-06 10:14:38 +00:00
|
|
|
if appErr := h.commonHandler.BindAndValidateJSON(c, &req); appErr != nil {
|
|
|
|
|
RespondWithAppError(c, appErr)
|
2025-12-03 19:29:37 +00:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
webhook, err := h.webhookService.RegisterWebhook(c.Request.Context(), userID, req.URL, req.Events)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to register webhook"})
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2025-12-06 16:21:59 +00:00
|
|
|
RespondSuccess(c, http.StatusCreated, webhook)
|
2025-12-03 19:29:37 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// ListWebhooks liste les webhooks d'un utilisateur
|
|
|
|
|
func (h *WebhookHandler) ListWebhooks() gin.HandlerFunc {
|
|
|
|
|
return func(c *gin.Context) {
|
|
|
|
|
userIDInterface, exists := c.Get("user_id")
|
|
|
|
|
if !exists {
|
|
|
|
|
c.JSON(http.StatusUnauthorized, gin.H{"error": "User not authenticated"})
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
userID, ok := userIDInterface.(uuid.UUID)
|
|
|
|
|
if !ok {
|
|
|
|
|
c.JSON(http.StatusInternalServerError, gin.H{"error": "Invalid user ID type"})
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
webhooks, err := h.webhookService.ListWebhooks(c.Request.Context(), userID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to list webhooks"})
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2025-12-06 16:21:59 +00:00
|
|
|
RespondSuccess(c, http.StatusOK, webhooks)
|
2025-12-03 19:29:37 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// DeleteWebhook supprime un webhook
|
|
|
|
|
func (h *WebhookHandler) DeleteWebhook() gin.HandlerFunc {
|
|
|
|
|
return func(c *gin.Context) {
|
|
|
|
|
userIDInterface, exists := c.Get("user_id")
|
|
|
|
|
if !exists {
|
|
|
|
|
c.JSON(http.StatusUnauthorized, gin.H{"error": "User not authenticated"})
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
userID, ok := userIDInterface.(uuid.UUID)
|
|
|
|
|
if !ok {
|
|
|
|
|
c.JSON(http.StatusInternalServerError, gin.H{"error": "Invalid user ID type"})
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
webhookIDStr := c.Param("id")
|
|
|
|
|
webhookID, err := uuid.Parse(webhookIDStr)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid webhook ID"})
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = h.webhookService.DeleteWebhook(c.Request.Context(), webhookID, userID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.JSON(http.StatusNotFound, gin.H{"error": "Webhook not found"})
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2025-12-06 16:21:59 +00:00
|
|
|
RespondSuccess(c, http.StatusOK, gin.H{"message": "Webhook deleted successfully"})
|
2025-12-03 19:29:37 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// GetWebhookStats retourne les statistiques des webhooks
|
2025-12-24 10:54:22 +00:00
|
|
|
// GET /api/v1/webhooks/stats
|
|
|
|
|
// BE-API-033: Implement webhook stats endpoint validation
|
2025-12-03 19:29:37 +00:00
|
|
|
func (h *WebhookHandler) GetWebhookStats() gin.HandlerFunc {
|
|
|
|
|
return func(c *gin.Context) {
|
2025-12-24 10:54:22 +00:00
|
|
|
// Récupérer l'ID utilisateur depuis le contexte (pour cohérence avec les autres endpoints protégés)
|
|
|
|
|
userID, ok := GetUserIDUUID(c)
|
|
|
|
|
if !ok {
|
|
|
|
|
return // Erreur déjà envoyée par GetUserIDUUID
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Récupérer les statistiques du worker
|
|
|
|
|
if h.webhookWorker == nil {
|
|
|
|
|
h.logger.Error("WebhookWorker not available")
|
|
|
|
|
RespondWithAppError(c, apperrors.Wrap(apperrors.ErrCodeInternal, "Webhook stats service not available", nil))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2025-12-03 19:29:37 +00:00
|
|
|
stats := h.webhookWorker.GetStats()
|
|
|
|
|
|
2025-12-24 10:54:22 +00:00
|
|
|
// BE-API-033: Standardize response format
|
2025-12-06 16:21:59 +00:00
|
|
|
RespondSuccess(c, http.StatusOK, gin.H{
|
2025-12-24 10:54:22 +00:00
|
|
|
"user_id": userID,
|
|
|
|
|
"stats": stats,
|
2025-12-03 19:29:37 +00:00
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// TestWebhook teste un webhook
|
|
|
|
|
func (h *WebhookHandler) TestWebhook() gin.HandlerFunc {
|
|
|
|
|
return func(c *gin.Context) {
|
|
|
|
|
userIDInterface, exists := c.Get("user_id")
|
|
|
|
|
if !exists {
|
|
|
|
|
c.JSON(http.StatusUnauthorized, gin.H{"error": "User not authenticated"})
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
userID, ok := userIDInterface.(uuid.UUID)
|
|
|
|
|
if !ok {
|
|
|
|
|
c.JSON(http.StatusInternalServerError, gin.H{"error": "Invalid user ID type"})
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
webhookIDStr := c.Param("id")
|
|
|
|
|
webhookID, err := uuid.Parse(webhookIDStr)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid webhook ID"})
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
webhook, err := h.webhookService.GetWebhook(c.Request.Context(), webhookID, userID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.JSON(http.StatusNotFound, gin.H{"error": "Webhook not found"})
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
job := workers.WebhookJob{
|
|
|
|
|
Webhook: webhook,
|
|
|
|
|
Event: "ping",
|
|
|
|
|
Data: map[string]interface{}{
|
|
|
|
|
"message": "This is a test webhook from Veza",
|
|
|
|
|
"timestamp": time.Now(),
|
|
|
|
|
"test_id": uuid.New().String(),
|
|
|
|
|
},
|
|
|
|
|
Retries: 0,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
h.webhookWorker.Enqueue(job)
|
|
|
|
|
|
|
|
|
|
h.logger.Info("Test webhook queued", zap.String("webhook_id", webhookID.String()))
|
|
|
|
|
|
2025-12-06 16:21:59 +00:00
|
|
|
RespondSuccess(c, http.StatusOK, gin.H{"message": fmt.Sprintf("Webhook test queued for %s", webhookID)})
|
2025-12-03 19:29:37 +00:00
|
|
|
}
|
|
|
|
|
}
|
2025-12-24 17:03:52 +00:00
|
|
|
|
|
|
|
|
// RegenerateAPIKey régénère la clé API d'un webhook (BE-SEC-012)
|
|
|
|
|
func (h *WebhookHandler) RegenerateAPIKey() gin.HandlerFunc {
|
|
|
|
|
return func(c *gin.Context) {
|
|
|
|
|
userIDInterface, exists := c.Get("user_id")
|
|
|
|
|
if !exists {
|
|
|
|
|
c.JSON(http.StatusUnauthorized, gin.H{"error": "User not authenticated"})
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
userID, ok := userIDInterface.(uuid.UUID)
|
|
|
|
|
if !ok {
|
|
|
|
|
c.JSON(http.StatusInternalServerError, gin.H{"error": "Invalid user ID type"})
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
webhookIDStr := c.Param("id")
|
|
|
|
|
webhookID, err := uuid.Parse(webhookIDStr)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid webhook ID"})
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
newAPIKey, err := h.webhookService.RegenerateAPIKey(c.Request.Context(), webhookID, userID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
if err.Error() == "webhook not found" {
|
|
|
|
|
c.JSON(http.StatusNotFound, gin.H{"error": "Webhook not found"})
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to regenerate API key"})
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
RespondSuccess(c, http.StatusOK, gin.H{
|
|
|
|
|
"api_key": newAPIKey,
|
|
|
|
|
"message": "API key regenerated successfully",
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|