feat(scheduling): tenant webhooks for booking lifecycle
This commit is contained in:
Ronni Baslund
@@ -0,0 +1,79 @@
|
||||
import {
|
||||
Body,
|
||||
Controller,
|
||||
Delete,
|
||||
ForbiddenException,
|
||||
Get,
|
||||
HttpCode,
|
||||
Param,
|
||||
Patch,
|
||||
Post,
|
||||
UseGuards,
|
||||
} from '@nestjs/common'
|
||||
import { Types } from 'mongoose'
|
||||
import { ActorService } from '../../auth/actor.service.js'
|
||||
import { CurrentUser } from '../../auth/current-user.decorator.js'
|
||||
import { JwtAuthGuard } from '../../auth/jwt-auth.guard.js'
|
||||
import type { AuthentikJwtPayload } from '../../auth/jwt-payload.interface.js'
|
||||
import { TenantsService } from '../../tenants/tenants.service.js'
|
||||
import { CreateWebhookDto, UpdateWebhookDto } from './dto/webhook-dtos.js'
|
||||
import { WebhooksService } from './webhooks.service.js'
|
||||
|
||||
// Tenant webhook administration. Same base path + gating as the rest of the
|
||||
// scheduling admin surface (platformAdmin OR a member of the tenant). The
|
||||
// signing secret is returned in full on create/get/rotate so the tenant can
|
||||
// configure their receiver's HMAC verification.
|
||||
@Controller('api/v1/tenants/:slug/scheduling/webhooks')
|
||||
@UseGuards(JwtAuthGuard)
|
||||
export class WebhooksController {
|
||||
constructor(
|
||||
private readonly actor: ActorService,
|
||||
private readonly tenants: TenantsService,
|
||||
private readonly webhooks: WebhooksService,
|
||||
) {}
|
||||
|
||||
private async gate(slug: string, jwt: AuthentikJwtPayload): Promise<Types.ObjectId> {
|
||||
const actor = await this.actor.resolve(jwt)
|
||||
const tenant = await this.tenants.findOneBySlug(slug)
|
||||
if (!actor.platformAdmin && !actor.tenantIds.some((id) => id.equals(tenant._id))) {
|
||||
throw new ForbiddenException(`No access to tenant "${slug}"`)
|
||||
}
|
||||
return tenant._id
|
||||
}
|
||||
|
||||
@Get()
|
||||
async list(@Param('slug') slug: string, @CurrentUser() jwt: AuthentikJwtPayload) {
|
||||
return this.webhooks.list(await this.gate(slug, jwt))
|
||||
}
|
||||
|
||||
@Post()
|
||||
async create(@Param('slug') slug: string, @Body() dto: CreateWebhookDto, @CurrentUser() jwt: AuthentikJwtPayload) {
|
||||
return this.webhooks.create(await this.gate(slug, jwt), dto)
|
||||
}
|
||||
|
||||
@Patch(':id')
|
||||
async update(
|
||||
@Param('slug') slug: string,
|
||||
@Param('id') id: string,
|
||||
@Body() dto: UpdateWebhookDto,
|
||||
@CurrentUser() jwt: AuthentikJwtPayload,
|
||||
) {
|
||||
return this.webhooks.update(await this.gate(slug, jwt), id, dto)
|
||||
}
|
||||
|
||||
@Post(':id/rotate-secret')
|
||||
async rotateSecret(@Param('slug') slug: string, @Param('id') id: string, @CurrentUser() jwt: AuthentikJwtPayload) {
|
||||
return this.webhooks.rotateSecret(await this.gate(slug, jwt), id)
|
||||
}
|
||||
|
||||
@Get(':id/deliveries')
|
||||
async deliveries(@Param('slug') slug: string, @Param('id') id: string, @CurrentUser() jwt: AuthentikJwtPayload) {
|
||||
return this.webhooks.listDeliveries(await this.gate(slug, jwt), id)
|
||||
}
|
||||
|
||||
@Delete(':id')
|
||||
@HttpCode(204)
|
||||
async remove(@Param('slug') slug: string, @Param('id') id: string, @CurrentUser() jwt: AuthentikJwtPayload) {
|
||||
await this.webhooks.remove(await this.gate(slug, jwt), id)
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user