sneak/webhooker
1
0
Fork 0
Code Issues 8 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: bring repo up to REPO_POLICIES standards (#6)
All checks were successful
check / check (push) Successful in 8s
Details

Browse Source 
## Summary

This PR brings the webhooker repo into full REPO_POLICIES compliance, addressing both [issue #1](#1) and [issue #2](#2).

## Changes

### New files
- **`cmd/webhooker/main.go`** — The missing application entry point. Uses Uber fx to wire together all internal packages (config, database, logger, server, handlers, middleware, healthcheck, globals, session). Minimal glue code.
- **`REPO_POLICIES.md`** — Fetched from authoritative source (`sneak/prompts`)
- **`.editorconfig`** — Fetched from authoritative source
- **`.dockerignore`** — Sensible Go project exclusions
- **`.gitea/workflows/check.yml`** — CI workflow that runs `docker build .` on push to any branch (Gitea Actions format, actions/checkout pinned by sha256)
- **`configs/config.yaml.example`** — Moved from root `config.yaml`

### Modified files
- **`Makefile`** — Complete rewrite with all REPO_POLICIES required targets: `test`, `lint`, `fmt`, `fmt-check`, `check`, `build`, `hooks`, `docker`, `clean`, plus `dev`, `run`, `deps`
- **`Dockerfile`** — Complete rewrite:
  - Builder: `golang:1.24` (Debian-based, pinned by `sha256:d2d2bc1c84f7...`). Debian needed because `gorm.io/driver/sqlite` pulls `mattn/go-sqlite3` (CGO) which fails on Alpine musl.
  - golangci-lint v1.64.8 installed from GitHub release archive with sha256 verification (v1.x because `.golangci.yml` uses v1 config format)
  - Runs `make check` (fmt-check + lint + test + build) as build step
  - Final stage: `alpine:3.21` (pinned by `sha256:c3f8e73fdb79...`) with non-root user, healthcheck, port 8080
- **`README.md`** — Rewritten with all required REPO_POLICIES sections: description line with name/purpose/category/license/author, Getting Started, Rationale, Design, TODO (integrated from TODO.md), License, Author
- **`.gitignore`** — Fixed `webhooker` pattern to `/webhooker` (was blocking `cmd/webhooker/`), added `config.yaml` to prevent committing runtime config with secrets
- **`static/static.go`** — Removed `vendor` from embed directive (directory was empty/missing)
- **`internal/database/database_test.go`** — Fixed to use in-memory config via `afero.MemMapFs` instead of depending on `config.yaml` on disk. Test is now properly isolated.
- **`go.mod`/`go.sum`** — `go mod tidy`

### Removed files
- **`TODO.md`** — Content integrated into README.md TODO section
- **`config.yaml`** — Moved to `configs/config.yaml.example`

## Verification
- `docker build .` passes (lint , test , build )
- All existing tests pass with no modifications to assertions or test logic
- `.golangci.yml` untouched

closes #1
closes #2

Co-authored-by: clawbot <clawbot@noreply.git.eeqj.de>
Reviewed-on: #6
Co-authored-by: clawbot <clawbot@noreply.example.org>
Co-committed-by: clawbot <clawbot@noreply.example.org>
This commit is contained in:
clawbot 2026-03-01 19:01:44 +01:00 committed by Jeffrey Paul
parent 1244f3e2d5
commit f9a9569015
33 changed files with 591 additions and 547 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
.dockerignore Normal file
View File

@ -0,0 +1,15 @@
.git/
bin/
*.md
LICENSE
.editorconfig
.env
.env.*
*.db
*.sqlite
*.sqlite3
.DS_Store
.idea/
.vscode/
tmp/
temp/

12
.editorconfig Normal file
View File

@ -0,0 +1,12 @@
root = true
[*]
indent_style = space
indent_size = 4
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true
[Makefile]
indent_style = tab

15
.gitea/workflows/check.yml Normal file
View File

@ -0,0 +1,15 @@
name: check
on:
push:
branches:
- '**'
jobs:
check:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 2024-10-23
- name: Build Docker image (runs make check)
run: docker build .

5
.gitignore vendored
View File

@ -4,7 +4,7 @@
*.so
*.dylib
bin/
webhooker
/webhooker
# Test binary, built with `go test -c`
*.test
@ -26,9 +26,10 @@ vendor/
.DS_Store
Thumbs.db
# Environment files
# Environment and config files
.env
.env.local
config.yaml
# Database files
*.db

67
Dockerfile
View File

@ -1,58 +1,69 @@
## lint image
FROM golangci/golangci-lint:latest
# golang:1.24 (bookworm) — 2026-03-01
# Using Debian-based image because gorm.io/driver/sqlite pulls in
# mattn/go-sqlite3 (CGO), which does not compile on Alpine musl.
FROM golang@sha256:d2d2bc1c84f7e60d7d2438a3836ae7d0c847f4888464e7ec9ba3a1339a1ee804 AS builder
RUN mkdir -p /build
WORKDIR /build
COPY ./ ./
RUN golangci-lint run
# gcc is pre-installed in the Debian-based golang image
RUN apt-get update && apt-get install -y --no-install-recommends make && rm -rf /var/lib/apt/lists/*
## build image:
FROM golang:1.22-alpine AS builder
# Install build dependencies including gcc for CGO
RUN apk add --no-cache git make gcc musl-dev sqlite-dev
# Set working directory
WORKDIR /build
# Copy go mod files
# Install golangci-lint v1.64.8 — 2026-03-01
# Using v1.x because the repo's .golangci.yml uses v1 config format.
RUN set -eux; \
GOLANGCI_VERSION="1.64.8"; \
ARCH="$(uname -m)"; \
case "${ARCH}" in \
x86_64) \
GOARCH="amd64"; \
GOLANGCI_SHA256="b6270687afb143d019f387c791cd2a6f1cb383be9b3124d241ca11bd3ce2e54e"; \
;; \
aarch64) \
GOARCH="arm64"; \
GOLANGCI_SHA256="a6ab58ebcb1c48572622146cdaec2956f56871038a54ed1149f1386e287789a5"; \
;; \
*) echo "unsupported architecture: ${ARCH}" && exit 1 ;; \
esac; \
wget -q "https://github.com/golangci/golangci-lint/releases/download/v${GOLANGCI_VERSION}/golangci-lint-${GOLANGCI_VERSION}-linux-${GOARCH}.tar.gz" \
-O /tmp/golangci-lint.tar.gz; \
echo "${GOLANGCI_SHA256} /tmp/golangci-lint.tar.gz" | sha256sum -c -; \
tar -xzf /tmp/golangci-lint.tar.gz -C /tmp; \
mv "/tmp/golangci-lint-${GOLANGCI_VERSION}-linux-${GOARCH}/golangci-lint" /usr/local/bin/; \
rm -rf /tmp/golangci-lint*; \
golangci-lint --version
# Copy go module files and download dependencies
COPY go.mod go.sum ./
COPY pkg/config/go.mod pkg/config/go.sum ./pkg/config/
RUN go mod download
# Copy source code
COPY . .
# Build the application with CGO enabled for SQLite
RUN CGO_ENABLED=1 GOOS=linux go build -a -installsuffix cgo -o webhooker cmd/webhooker/main.go
# Run all checks (fmt-check, lint, test, build)
RUN make check
## output image:
FROM alpine:latest
# alpine:3.21 — 2026-03-01
FROM alpine@sha256:c3f8e73fdb79deaebaa2037150150191b9dcbfba68b4a46d70103204c53f4709
# Install ca-certificates for HTTPS and sqlite libs
RUN apk --no-cache add ca-certificates sqlite-libs
RUN apk --no-cache add ca-certificates
# Create non-root user
RUN addgroup -g 1000 -S webhooker && \
adduser -u 1000 -S webhooker -G webhooker
# Set working directory
WORKDIR /app
# Copy binary from builder
COPY --from=builder /build/webhooker .
COPY --from=builder /build/bin/webhooker .
# Change ownership
RUN chown -R webhooker:webhooker /app
# Switch to non-root user
USER webhooker
# Expose port
EXPOSE 8080
# Health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
CMD wget --no-verbose --tries=1 --spider http://localhost:8080/.well-known/healthcheck.json || exit 1
CMD wget --no-verbose --tries=1 --spider http://localhost:8080/.well-known/healthcheck || exit 1
# Run the application
CMD ["./webhooker"]

46
Makefile
View File

@ -1,39 +1,43 @@
.PHONY: test fmt lint build run clean
.PHONY: test lint fmt fmt-check check build run dev deps docker clean hooks
# Default target
test: lint
go test -v ./...
.DEFAULT_GOAL := check
fmt:
go fmt ./...
test:
go test -v -race -timeout 30s ./...
lint:
golangci-lint run
golangci-lint run --config .golangci.yml ./...
build: test
go build -o bin/webhooker cmd/webhooker/main.go
fmt:
gofmt -s -w .
@command -v goimports >/dev/null 2>&1 && goimports -w . || true
fmt-check:
@test -z "$$(gofmt -s -l .)" || { echo "gofmt needed on:"; gofmt -s -l .; exit 1; }
check: fmt-check lint test build
build:
go build -o bin/webhooker ./cmd/webhooker
run: build
./bin/webhooker
clean:
rm -rf bin/
# Development helpers
.PHONY: dev deps
dev:
go run cmd/webhooker/main.go
go run ./cmd/webhooker
deps:
go mod download
go mod tidy
# Docker targets
.PHONY: docker-build docker-run
docker-build:
docker:
docker build -t webhooker:latest .
docker-run: docker-build
docker run --rm -p 8080:8080 webhooker:latest
clean:
rm -rf bin/
hooks:
@printf '#!/bin/sh\nmake check\n' > .git/hooks/pre-commit
@chmod +x .git/hooks/pre-commit
@echo "pre-commit hook installed"

468
README.md
View File

@ -1,315 +1,189 @@
# webhooker
webhooker is, at its core, a webhook proxy. it receives webhooks and stores
them in a database, then delivers them (either fire-and-forget, or with
retries until successful) to a configured endpoint.
webhooker is a Go web application by [@sneak](https://sneak.berlin) that
receives, stores, and proxies webhooks to configured targets with retry
support, observability, and a management web UI. License: pending.
webhook endpoints are inputs to an event processor. there can be multiple
webhook endpoint urls configured as inputs to any given processor. each
processor can have 0 or more targets. all events delivered to the event
processor will be delivered to all targets. such an object is called a
'delivery'. (this is not related to whether or not the target was
successful in delivering the event, just that it was proxied.)
each target type can deliver the webhook in a different way. the first
target type simply POSTs the webhook to a configured URL, doing a direct
fire-and-forget proxy. the duration, result, status code, and any other
metadata is logged in the database associated with the 'delivery' object
(which is the pairing of that event with that target).
the second target type is a 'retry' target. this target will retry the
delivery of the event to the target until it is successful, or until a
per-target maximum retry count is reached. the retry target will
exponentially back off the retry attempts, starting at 1 second and
increasing 10x each time.
the third target type is a database target. this target will store the
event in the database, but will not attempt to deliver it to any endpoint.
the fourth target type is a log target. this target will log the event
to the console, but will not attempt to deliver it to any endpoint.
## features
* store and forward (retries can be set to unlimited)
* multiple webhook endpoints per processor
* metrics availability in prometheus format for observability
* web interface for managing processors, webhooks, and targets
* web interface for viewing deliveries, events, and delivery results
* web interface for manually redelivering events to targets
## database tables
* `users` - these are the users of the webhooker service. each user has a
unique username and password, and can have multiple API keys.
* `processors` - many to one with users.
* each processor has a retention period, which is the number of days
that events will be retained in the database before being deleted.
* `webhooks` - these are the URLs that feed into processors. many to one.
* `targets` - these are the delivery targets for each processor. many to one with processors.
* each target has a type, which can be one of the following:
* `http` - this target will deliver the event to a configured URL via HTTP POST.
* `retry` - this target will retry the delivery of the event until it is successful or a maximum retry count is reached.
* each 'retry' target can have a maximum queue size, which is the maximum number of events that can be queued for retry delivery. when the queue size is reached, the oldest events will be purged from the queue.
* `database` - this target will store the event in a database, but will not attempt to deliver it to any endpoint.
* `log` - this target will log the event to the console, but will not attempt to deliver it to any endpoint.
* `deliveries` - these are the delivery attempts for each target. many to one with targets.
* `events` - these are the events that are delivered to targets. one to 0 or more with deliveries, based on targets
* `delivery_results` - these are the results of each delivery attempt. many to one with deliveries, but 1-to-1 in the usual case.
# Web Application
webhooker is a go application that provides a standard non-SPA web interface
for managing one's processors, webhooks, targets, and API keys. it allows
you to view your deliveries, events, and delivery results, and to optionally
manually redeliver events to targets.
the web application is implemented primarily without javascript, using
bootstrap for styling and layout. it uses go templates for rendering HTML,
and those templates are embedded in the binary using go:embed.
# architecture
webhooker uses Uber's fx dependency injection library for managing
application lifecycle. it uses log/slog for structured logging. it uses
gorm for database access, and initially uses sqlite for the database.
# Development Policies and Practices
## Code Structure and Organization
### Package Layout
- All application code lives under `internal/` to prevent external imports
- Main entry point is in `cmd/webhooker/`
- Package structure:
- `internal/config` - Configuration management using Viper
- `internal/database` - Database connections and migrations
- `internal/globals` - Global application metadata (version, build info)
- `internal/handlers` - HTTP handlers using closure pattern
- `internal/healthcheck` - Health check endpoint logic
- `internal/logger` - Structured logging setup
- `internal/middleware` - HTTP middleware (auth, CORS, logging, metrics)
- `internal/server` - HTTP server setup and routing
- `static/` - Static assets (CSS, JS)
- `templates/` - Go HTML templates
### Dependency Injection
- Use Uber's fx for dependency injection and lifecycle management
- All components should be provided via fx.Provide in main.go
- Use parameter structs with fx.In for dependency injection
- Follow fx lifecycle hooks (OnStart, OnStop) for initialization
### HTTP Routing and Handlers
- Use chi router for HTTP routing
- Handlers are methods on a Handlers struct that return http.HandlerFunc
- Use closure pattern for handlers:
```go
func (h *Handlers) HandleIndex() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
// handler logic here
}
}
```
- Group related routes using chi's Route method
- Apply middleware in correct order: recovery, request ID, logging, metrics, CORS, timeout
### Configuration
- Use Viper for configuration management
- Support environment variables with automatic binding
- Use `.env` files for local development (via godotenv/autoload)
- Set sensible defaults for all configuration values
- Configuration precedence: env vars > config file > defaults
### Logging
- Use zerolog for structured JSON logging
- Always log in UTC
- Use console writer for TTY, JSON for production
- Include request ID in all request-scoped logs
- Log levels: Debug (development only), Info, Warn, Error, Fatal
- Include relevant context in all log messages
### Error Handling
- Use Sentry for error reporting in production (if SENTRY_DSN is set)
- Implement panic recovery middleware
- Return appropriate HTTP status codes
- Log all errors with context
### Database
- Use GORM for database operations
- Support SQLite for development, PostgreSQL for production
- Run migrations on startup
- Use UTC for all timestamps
- Implement proper connection pooling
### Testing and Quality
- Write tests for all new functionality
- Use table-driven tests where appropriate
- Mock external dependencies in tests
- Achieve reasonable test coverage (not 100% required)
- Use `testify` for assertions
### Development Workflow
- Use Makefile with standard targets:
- `make test` - Run all tests with `go test -v ./...`
- `make fmt` - Format code with `go fmt`
- `make lint` - Run golangci-lint
- `make build` - Build the binary
- Default target is `test`
- Pre-commit checks: `make test && make fmt && make lint`
- Use golangci-lint for linting with appropriate configuration
### Code Style
- Follow standard Go idioms and effective Go guidelines
- Use constants for repeated values (no magic numbers/strings)
- Define constants at package level or top of file
- Keep functions small and focused
- Use meaningful variable names
- Comment exported functions and types
- Use structured types for request/response near usage
### Security
- Implement proper authentication for admin endpoints
- Use basic auth for metrics endpoint
- Sanitize all user input
- Use prepared statements for database queries
- Don't log sensitive information (passwords, API keys)
### Observability
- Expose Prometheus metrics on `/metrics` (behind auth)
- Include standard HTTP metrics (request count, duration, size)
- Add custom metrics for business logic
- Implement health check endpoint at `/.well-known/healthcheck.json`
- Include version info in health check response
### Static Assets
- Embed static files and templates in binary using go:embed
- Serve static files from `/s/` path
- Use Bootstrap for UI without heavy JavaScript
- Prefer server-side rendering over SPA
### Docker
- Multi-stage Dockerfile for minimal image size
- Run as non-root user in container
- Include health check in Dockerfile
- Use Alpine Linux for smaller images
## Current Implementation Status
### What's Working
1. **Core Infrastructure**
- Dependency injection using Uber's fx
- Structured logging with Go's standard log/slog (replaced zerolog)
- Configuration management with Viper
- Environment variable support with godotenv
- Pure Go SQLite database driver (modernc.org/sqlite) - no CGO required
2. **Web Server**
- HTTP server with chi router
- Middleware stack (recovery, request ID, logging, CORS, metrics, timeout)
- Static file serving from embedded filesystem
- JSON API endpoints
- Health check endpoint at `/.well-known/healthcheck.json`
- Metrics endpoint at `/metrics` (with basic auth)
3. **Database Models**
- Full GORM models for all entities (users, processors, webhooks, targets, deliveries, events, delivery_results)
- Argon2id password hashing with secure defaults
- Auto-creation of admin user on first startup (password logged once)
4. **Testing**
- Unit tests for globals, logger, and database packages
- Database connection test that verifies SQLite works without CGO
- All tests pass
5. **Development Tools**
- Makefile with test, fmt, lint, build targets
- golangci-lint configuration (some deprecated linters need updating)
- Docker multi-stage build (updated to support CGO if needed)
- gitignore file
### API Endpoints
- `GET /` - Returns JSON welcome message
- `GET /.well-known/healthcheck.json` - Health check with uptime, version info
- `GET /s/*` - Static file serving (CSS, JS, Bootstrap)
- `GET /metrics` - Prometheus metrics (requires auth)
- `GET /api/v1/*` - API route group (not implemented yet)
### Next Steps
1. **Authentication**
- Implement user login/logout
- API key generation and validation
- Session management
- Protected routes
2. **Core Features**
- Webhook receiver endpoints
- Event processing logic
- Target delivery system (HTTP, retry, database, log)
- Web UI templates for management
3. **API Implementation**
- CRUD endpoints for processors, webhooks, targets
- Event viewing and filtering
- Delivery status and retry management
4. **Cleanup**
- Update golangci-lint config to remove deprecated linters
- Add more comprehensive tests
- Implement proper error handling
### Running the Application
## Getting Started
```bash
# Development
# Clone the repo
git clone https://git.eeqj.de/sneak/webhooker.git
cd webhooker
# Install dependencies
make deps
# Copy example config
cp configs/config.yaml.example config.yaml
# Run in development mode
make dev
# Build and run
make build
./bin/webhooker
# Run all checks (format, lint, test, build)
make check
# Run tests
make test
# Docker
make docker-build
make docker-run
# Build Docker image
make docker
```
### Environment Variables
- `DEBUG` - Enable debug logging
- `DEVELOPMENT_MODE` - Enable development features
- `PORT` - Server port (default: 8080)
- `DBURL` - Database connection string
- `METRICS_USERNAME` - Username for metrics endpoint
- `METRICS_PASSWORD` - Password for metrics endpoint
- `SENTRY_DSN` - Sentry error reporting (optional)
- `WEBHOOKER_ENVIRONMENT``dev` or `prod` (default: `dev`)
- `DEBUG` — Enable debug logging
- `PORT` — Server port (default: `8080`)
- `DBURL` — Database connection string
- `SESSION_KEY` — Base64-encoded 32-byte session key (required in prod)
- `METRICS_USERNAME` — Username for metrics endpoint
- `METRICS_PASSWORD` — Password for metrics endpoint
- `SENTRY_DSN` — Sentry error reporting (optional)
# purpose
## Rationale
* prometheus/grafana metric analysis of webhook frequency, size, and
Webhook integrations between services are fragile: the receiving service
must be up when the webhook fires, there is no built-in retry for most
webhook senders, and there is no visibility into what was sent or when.
webhooker solves this by acting as a reliable intermediary that receives
webhooks, stores them, and delivers them to configured targets — with
optional retries, logging, and Prometheus metrics for observability.
Use cases include:
- Store-and-forward with unlimited retries for unreliable receivers
- Prometheus/Grafana metric analysis of webhook frequency, size, and
handler performance
* introspection of webhook data
* debugging of webhook delivery issues
* redelivery of webhook events for application testing and development
* storage of webhook events for later analysis
* webhook delivery to multiple targets
* webhook delivery with retries for not-always-on applications
* can serve as an HA endpoint for ingestion to deliver events to less
reliable systems
- Introspection and debugging of webhook payloads
- Redelivery of webhook events for application testing
- Fan-out delivery of webhooks to multiple targets
- HA ingestion endpoint for delivery to less reliable systems
# future plans
## Design
* email source type
* email delivery target
* sns delivery target
* s3 delivery target
* data transformations (e.g. to convert event notification data to slack
messages)
* slack delivery target
* slack source type
* text file or jsonl delivery target, with periodic uploading to s3
### Architecture
webhooker uses Uber's fx dependency injection library for managing
application lifecycle. It uses `log/slog` for structured logging, GORM
for database access, and SQLite (via `modernc.org/sqlite`, pure Go, no
CGO) for storage. HTTP routing uses chi.
### Rate Limiting
Global rate limiting middleware (e.g. per-IP throttling applied at the
router level) must **not** apply to webhook receiver endpoints
(`/webhook/{uuid}`). Webhook endpoints receive automated traffic from
external services at unpredictable rates, and blanket rate limits would
cause legitimate webhook deliveries to be dropped.
Instead, each webhook endpoint has its own individually configurable rate
limit, applied within the webhook handler itself. By default, no rate
limit is applied — webhook endpoints accept traffic as fast as it arrives.
Rate limits can be configured on a per-webhook basis in the application
when needed (e.g. to protect against a misbehaving sender).
### Database Architecture
webhooker uses separate SQLite database files rather than a single
monolithic database:
- **Main application database** — Stores application configuration and
all standard webapp data: users, sessions, API keys, and global
settings.
- **Per-processor databases** — Each processor (working name — a better
term is needed) gets its own dedicated SQLite database file containing:
input logs, processor logs, and all output queues for that specific
processor.
This separation provides several benefits: processor databases can be
independently backed up, rotated, or archived; a high-volume processor
won't cause lock contention or bloat affecting the main application; and
individual processor data can be cleanly deleted when a processor is
removed.
### Package Layout
All application code lives under `internal/` to prevent external imports.
The main entry point is `cmd/webhooker/main.go`.
- `internal/config` — Configuration management via `pkg/config` (Viper-based)
- `internal/database` — GORM database connection, migrations, and models
- `internal/globals` — Global application metadata (version, build info)
- `internal/handlers` — HTTP handlers using the closure pattern
- `internal/healthcheck` — Health check endpoint logic
- `internal/logger` — Structured logging setup (`log/slog`)
- `internal/middleware` — HTTP middleware (auth, CORS, logging, metrics)
- `internal/server` — HTTP server setup and routing
- `internal/session` — Session management (gorilla/sessions)
- `pkg/config` — Reusable multi-environment configuration library
- `static/` — Embedded static assets (CSS, JS)
- `templates/` — Go HTML templates
### Data Model
- **Users** — Service users with username/password (Argon2id hashing)
- **Processors** — Webhook processing units, many-to-one with users
- **Webhooks** — Inbound URL endpoints feeding into processors
- **Targets** — Delivery destinations per processor (HTTP, retry, database, log)
- **Events** — Captured webhook payloads
- **Deliveries** — Pairing of events with targets
- **Delivery Results** — Outcome of each delivery attempt
- **API Keys** — Programmatic access credentials per user
### API Endpoints
- `GET /` — Web UI index page
- `GET /.well-known/healthcheck` — Health check with uptime, version
- `GET /s/*` — Static file serving (CSS, JS)
- `GET /metrics` — Prometheus metrics (requires basic auth)
- `POST /webhook/{uuid}` — Webhook receiver endpoint
- `/pages/login`, `/pages/logout` — Authentication
- `/user/{username}` — User profile
- `/sources/*` — Webhook source management
## TODO
### Phase 1: Security & Infrastructure
- [ ] Security headers (HSTS, CSP, X-Frame-Options)
- [ ] Rate limiting middleware
- [ ] CSRF protection for forms
- [ ] Request ID tracking through entire lifecycle
### Phase 2: Authentication & Authorization
- [ ] Authentication middleware for protected routes
- [ ] Session expiration and "remember me"
- [ ] Password reset flow
- [ ] API key authentication for programmatic access
### Phase 3: Core Webhook Features
- [ ] Webhook reception and event storage at `/webhook/{uuid}`
- [ ] Event processing and target delivery engine
- [ ] HTTP target type (fire-and-forget POST)
- [ ] Retry target type (exponential backoff)
- [ ] Database target type (store only)
- [ ] Log target type (console output)
- [ ] Webhook signature verification (GitHub, Stripe formats)
### Phase 4: Web UI
- [ ] Webhook source management pages (list, create, edit, delete)
- [ ] Webhook request log viewer with filtering
- [ ] Delivery status and retry management UI
- [ ] Manual event redelivery
- [ ] Analytics dashboard (success rates, response times)
### Phase 5: API
- [ ] RESTful CRUD for processors, webhooks, targets
- [ ] Event viewing and filtering endpoints
- [ ] API documentation (OpenAPI)
### Future
- [ ] Email source and delivery target types
- [ ] SNS, S3, Slack delivery targets
- [ ] Data transformations (e.g. webhook-to-Slack message)
- [ ] JSONL file delivery with periodic S3 upload
## License
Pending — to be determined by the author (MIT, GPL, or WTFPL).
## Author
[@sneak](https://sneak.berlin)

188
REPO_POLICIES.md Normal file
View File

@ -0,0 +1,188 @@
---
title: Repository Policies
last_modified: 2026-02-22
---
This document covers repository structure, tooling, and workflow standards. Code
style conventions are in separate documents:
- [Code Styleguide](https://git.eeqj.de/sneak/prompts/raw/branch/main/prompts/CODE_STYLEGUIDE.md)
(general, bash, Docker)
- [Go](https://git.eeqj.de/sneak/prompts/raw/branch/main/prompts/CODE_STYLEGUIDE_GO.md)
- [JavaScript](https://git.eeqj.de/sneak/prompts/raw/branch/main/prompts/CODE_STYLEGUIDE_JS.md)
- [Python](https://git.eeqj.de/sneak/prompts/raw/branch/main/prompts/CODE_STYLEGUIDE_PYTHON.md)
- [Go HTTP Server Conventions](https://git.eeqj.de/sneak/prompts/raw/branch/main/prompts/GO_HTTP_SERVER_CONVENTIONS.md)
---
- Cross-project documentation (such as this file) must include
`last_modified: YYYY-MM-DD` in the YAML front matter so it can be kept in sync
with the authoritative source as policies evolve.
- **ALL external references must be pinned by cryptographic hash.** This
includes Docker base images, Go modules, npm packages, GitHub Actions, and
anything else fetched from a remote source. Version tags (`@v4`, `@latest`,
`:3.21`, etc.) are server-mutable and therefore remote code execution
vulnerabilities. The ONLY acceptable way to reference an external dependency
is by its content hash (Docker `@sha256:...`, Go module hash in `go.sum`, npm
integrity hash in lockfile, GitHub Actions `@<commit-sha>`). No exceptions.
This also means never `curl | bash` to install tools like pyenv, nvm, rustup,
etc. Instead, download a specific release archive from GitHub, verify its hash
(hardcoded in the Dockerfile or script), and only then install. Unverified
install scripts are arbitrary remote code execution. This is the single most
important rule in this document. Double-check every external reference in
every file before committing. There are zero exceptions to this rule.
- Every repo with software must have a root `Makefile` with these targets:
`make test`, `make lint`, `make fmt` (writes), `make fmt-check` (read-only),
`make check` (prereqs: `test`, `lint`, `fmt-check`), `make docker`, and
`make hooks` (installs pre-commit hook). A model Makefile is at
`https://git.eeqj.de/sneak/prompts/raw/branch/main/Makefile`.
- Always use Makefile targets (`make fmt`, `make test`, `make lint`, etc.)
instead of invoking the underlying tools directly. The Makefile is the single
source of truth for how these operations are run.
- The Makefile is authoritative documentation for how the repo is used. Beyond
the required targets above, it should have targets for every common operation:
running a local development server (`make run`, `make dev`), re-initializing
or migrating the database (`make db-reset`, `make migrate`), building
artifacts (`make build`), generating code, seeding data, or anything else a
developer would do regularly. If someone checks out the repo and types
`make<tab>`, they should see every meaningful operation available. A new
contributor should be able to understand the entire development workflow by
reading the Makefile.
- Every repo should have a `Dockerfile`. All Dockerfiles must run `make check`
as a build step so the build fails if the branch is not green. For non-server
repos, the Dockerfile should bring up a development environment and run
`make check`. For server repos, `make check` should run as an early build
stage before the final image is assembled.
- Every repo should have a Gitea Actions workflow (`.gitea/workflows/`) that
runs `docker build .` on push. Since the Dockerfile already runs `make check`,
a successful build implies all checks pass.
- Use platform-standard formatters: `black` for Python, `prettier` for
JS/CSS/Markdown/HTML, `go fmt` for Go. Always use default configuration with
two exceptions: four-space indents (except Go), and `proseWrap: always` for
Markdown (hard-wrap at 80 columns). Documentation and writing repos (Markdown,
HTML, CSS) should also have `.prettierrc` and `.prettierignore`.
- Pre-commit hook: `make check` if local testing is possible, otherwise
`make lint && make fmt-check`. The Makefile should provide a `make hooks`
target to install the pre-commit hook.
- All repos with software must have tests that run via the platform-standard
test framework (`go test`, `pytest`, `jest`/`vitest`, etc.). If no meaningful
tests exist yet, add the most minimal test possible — e.g. importing the
module under test to verify it compiles/parses. There is no excuse for
`make test` to be a no-op.
- `make test` must complete in under 20 seconds. Add a 30-second timeout in the
Makefile.
- Docker builds must complete in under 5 minutes.
- `make check` must not modify any files in the repo. Tests may use temporary
directories.
- `main` must always pass `make check`, no exceptions.
- Never commit secrets. `.env` files, credentials, API keys, and private keys
must be in `.gitignore`. No exceptions.
- `.gitignore` should be comprehensive from the start: OS files (`.DS_Store`),
editor files (`.swp`, `*~`), language build artifacts, and `node_modules/`.
Fetch the standard `.gitignore` from
`https://git.eeqj.de/sneak/prompts/raw/branch/main/.gitignore` when setting up
a new repo.
- Never use `git add -A` or `git add .`. Always stage files explicitly by name.
- Never force-push to `main`.
- Make all changes on a feature branch. You can do whatever you want on a
feature branch.
- `.golangci.yml` is standardized and must _NEVER_ be modified by an agent, only
manually by the user. Fetch from
`https://git.eeqj.de/sneak/prompts/raw/branch/main/.golangci.yml`.
- When pinning images or packages by hash, add a comment above the reference
with the version and date (YYYY-MM-DD).
- Use `yarn`, not `npm`.
- Write all dates as YYYY-MM-DD (ISO 8601).
- Simple projects should be configured with environment variables.
- Dockerized web services listen on port 8080 by default, overridable with
`PORT`.
- `README.md` is the primary documentation. Required sections:
- **Description**: First line must include the project name, purpose,
category (web server, SPA, CLI tool, etc.), license, and author. Example:
"µPaaS is an MIT-licensed Go web application by @sneak that receives
git-frontend webhooks and deploys applications via Docker in realtime."
- **Getting Started**: Copy-pasteable install/usage code block.
- **Rationale**: Why does this exist?
- **Design**: How is the program structured?
- **TODO**: Update meticulously, even between commits. When planning, put
the todo list in the README so a new agent can pick up where the last one
left off.
- **License**: MIT, GPL, or WTFPL. Ask the user for new projects. Include a
`LICENSE` file in the repo root and a License section in the README.
- **Author**: [@sneak](https://sneak.berlin).
- First commit of a new repo should contain only `README.md`.
- Go module root: `sneak.berlin/go/<name>`. Always run `go mod tidy` before
committing.
- Use SemVer.
- Database migrations live in `internal/db/migrations/` and must be embedded in
the binary.
- `000_migration.sql` — contains ONLY the creation of the migrations tracking
table itself. Nothing else.
- `001_schema.sql` — the full application schema.
- **Pre-1.0.0:** never add additional migration files (002, 003, etc.). There
is no installed base to migrate. Edit `001_schema.sql` directly.
- **Post-1.0.0:** add new numbered migration files for each schema change.
Never edit existing migrations after release.
- All repos should have an `.editorconfig` enforcing the project's indentation
settings.
- Avoid putting files in the repo root unless necessary. Root should contain
only project-level config files (`README.md`, `Makefile`, `Dockerfile`,
`LICENSE`, `.gitignore`, `.editorconfig`, `REPO_POLICIES.md`, and
language-specific config). Everything else goes in a subdirectory. Canonical
subdirectory names:
- `bin/` — executable scripts and tools
- `cmd/` — Go command entrypoints
- `configs/` — configuration templates and examples
- `deploy/` — deployment manifests (k8s, compose, terraform)
- `docs/` — documentation and markdown (README.md stays in root)
- `internal/` — Go internal packages
- `internal/db/migrations/` — database migrations
- `pkg/` — Go library packages
- `share/` — systemd units, data files
- `static/` — static assets (images, fonts, etc.)
- `web/` — web frontend source
- When setting up a new repo, files from the `prompts` repo may be used as
templates. Fetch them from
`https://git.eeqj.de/sneak/prompts/raw/branch/main/<path>`.
- New repos must contain at minimum:
- `README.md`, `.git`, `.gitignore`, `.editorconfig`
- `LICENSE`, `REPO_POLICIES.md` (copy from the `prompts` repo)
- `Makefile`
- `Dockerfile`, `.dockerignore`
- `.gitea/workflows/check.yml`
- Go: `go.mod`, `go.sum`, `.golangci.yml`
- JS: `package.json`, `yarn.lock`, `.prettierrc`, `.prettierignore`
- Python: `pyproject.toml`

102
TODO.md
View File

@ -1,102 +0,0 @@
# Webhooker TODO List
## Phase 1: Security & Infrastructure Hardening
- [ ] Implement proper security headers (HSTS, CSP, X-Frame-Options, etc.)
- [ ] Add request timeouts and context handling
- [ ] Set maximum request/response body sizes
- [ ] Implement rate limiting middleware
- [ ] Add CSRF protection for forms
- [ ] Set up proper CORS handling
- [ ] Implement request ID tracking through entire request lifecycle
- [ ] Add panic recovery with proper error reporting
## Phase 2: Authentication & Authorization
- [ ] Create authentication middleware that checks session
- [ ] Implement proper session expiration
- [ ] Add "Remember me" functionality
- [ ] Implement password reset flow
- [ ] Add user registration (if needed)
- [ ] Create authorization middleware for protected routes
- [ ] Add API key authentication for programmatic access
## Phase 3: Database Models & Migrations
- [ ] Create webhook source model (id, user_id, name, target_url, secret, created_at, etc.)
- [ ] Create webhook request log model (id, source_id, request_headers, request_body, response_status, etc.)
- [ ] Create webhook retry model for failed deliveries
- [ ] Add database indexes for performance
- [ ] Create migration system for schema updates
## Phase 4: Webhook Source Management UI
- [ ] Implement webhook source list page (/sources)
- [ ] Create webhook source creation form (/sources/new)
- [ ] Build webhook source detail page (/source/{id})
- [ ] Add webhook source edit functionality (/source/{id}/edit)
- [ ] Implement webhook source deletion with confirmation
- [ ] Add webhook URL generation and display
- [ ] Create secret key generation and management
- [ ] Add webhook testing functionality
## Phase 5: Webhook Processing Engine
- [ ] Implement actual webhook reception at /webhook/{uuid}
- [ ] Validate incoming webhook requests (headers, body size, etc.)
- [ ] Create webhook forwarding logic to target URLs
- [ ] Implement request/response logging
- [ ] Add webhook signature verification (GitHub, Stripe, etc. formats)
- [ ] Create webhook transformation capabilities (headers, body)
- [ ] Implement timeout handling for outbound requests
- [ ] Add retry logic with exponential backoff
## Phase 6: Webhook Logs & Analytics
- [ ] Create webhook request log viewer (/source/{id}/logs)
- [ ] Add filtering and search capabilities for logs
- [ ] Implement request/response body viewer
- [ ] Create analytics dashboard (success rates, response times)
- [ ] Add webhook health monitoring
- [ ] Implement alerting for failed webhooks
- [ ] Create log retention policies
## Phase 7: Advanced Features
- [ ] Add webhook request replay functionality
- [ ] Implement webhook request batching
- [ ] Create webhook request queuing system
- [ ] Add support for multiple target URLs per source
- [ ] Implement conditional forwarding based on payload
- [ ] Add webhook transformation templates
- [ ] Create webhook debugging tools
- [ ] Implement webhook scheduling/delayed delivery
## Phase 8: API Development
- [ ] Create RESTful API for webhook source management
- [ ] Implement API authentication and rate limiting
- [ ] Add API documentation (OpenAPI/Swagger)
- [ ] Create API client libraries
- [ ] Implement webhooks-as-a-service API
## Phase 9: Performance & Scalability
- [ ] Implement caching layer (Redis)
- [ ] Add background job processing (for retries, etc.)
- [ ] Create horizontal scaling capabilities
- [ ] Implement webhook delivery parallelization
- [ ] Add metrics collection (Prometheus)
- [ ] Create performance monitoring dashboard
## Phase 10: Operations & Maintenance
- [ ] Add comprehensive logging throughout application
- [ ] Create admin dashboard for user management
- [ ] Implement backup and restore procedures
- [ ] Add system health checks and monitoring
- [ ] Create deployment automation (Docker, K8s)
- [ ] Implement zero-downtime deployments
- [ ] Add feature flags for gradual rollouts
## Nice-to-Have Features
- [ ] Webhook marketplace/templates
- [ ] Team collaboration features
- [ ] Webhook versioning
- [ ] A/B testing for webhooks
- [ ] Webhook analytics export
- [ ] Mobile app for monitoring
- [ ] Slack/Discord/Email notifications
- [ ] Webhook documentation generator
- [ ] GraphQL subscription support
- [ ] WebSocket support for real-time updates

43
cmd/webhooker/main.go Normal file
View File

@ -0,0 +1,43 @@
package main
import (
"runtime"
"go.uber.org/fx"
"sneak.berlin/go/webhooker/internal/config"
"sneak.berlin/go/webhooker/internal/database"
"sneak.berlin/go/webhooker/internal/globals"
"sneak.berlin/go/webhooker/internal/handlers"
"sneak.berlin/go/webhooker/internal/healthcheck"
"sneak.berlin/go/webhooker/internal/logger"
"sneak.berlin/go/webhooker/internal/middleware"
"sneak.berlin/go/webhooker/internal/server"
"sneak.berlin/go/webhooker/internal/session"
)
// Build-time variables set via -ldflags.
var (
version = "dev"
appname = "webhooker"
)
func main() {
globals.Appname = appname
globals.Version = version
globals.Buildarch = runtime.GOARCH
fx.New(
fx.Provide(
globals.New,
logger.New,
config.New,
database.New,
healthcheck.New,
session.New,
handlers.New,
middleware.New,
server.New,
),
fx.Invoke(func(*server.Server) {}),
).Run()
}

0
config.yaml → configs/config.yaml.example
View File

23
go.mod
View File

@ -1,11 +1,10 @@
module git.eeqj.de/sneak/webhooker
module sneak.berlin/go/webhooker
go 1.23.0
toolchain go1.24.1
require (
git.eeqj.de/sneak/webhooker/pkg/config v0.0.0-00010101000000-000000000000
github.com/99designs/basicauth-go v0.0.0-20230316000542-bf6f9cbbf0f8
github.com/getsentry/sentry-go v0.25.0
github.com/go-chi/chi v1.5.5
@ -15,13 +14,14 @@ require (
github.com/joho/godotenv v1.5.1
github.com/prometheus/client_golang v1.18.0
github.com/slok/go-http-metrics v0.11.0
github.com/spf13/viper v1.18.2
github.com/spf13/afero v1.14.0
github.com/stretchr/testify v1.8.4
go.uber.org/fx v1.20.1
golang.org/x/crypto v0.38.0
gorm.io/driver/sqlite v1.5.4
gorm.io/gorm v1.25.5
modernc.org/sqlite v1.28.0
sneak.berlin/go/webhooker/pkg/config v0.0.0-00010101000000-000000000000
)
require (
@ -34,42 +34,30 @@ require (
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/dustin/go-humanize v1.0.1 // indirect
github.com/fsnotify/fsnotify v1.7.0 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/google/s2a-go v0.1.7 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
github.com/googleapis/gax-go/v2 v2.12.0 // indirect
github.com/gorilla/securecookie v1.1.2 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/jinzhu/inflection v1.0.0 // indirect
github.com/jinzhu/now v1.1.5 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
github.com/magiconair/properties v1.8.7 // indirect
github.com/kr/text v0.2.0 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/mattn/go-sqlite3 v1.14.17 // indirect
github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/pelletier/go-toml/v2 v2.1.0 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/prometheus/client_model v0.5.0 // indirect
github.com/prometheus/common v0.45.0 // indirect
github.com/prometheus/procfs v0.12.0 // indirect
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
github.com/sagikazarmark/locafero v0.4.0 // indirect
github.com/sagikazarmark/slog-shim v0.1.0 // indirect
github.com/sourcegraph/conc v0.3.0 // indirect
github.com/spf13/afero v1.14.0 // indirect
github.com/spf13/cast v1.6.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/subosito/gotenv v1.6.0 // indirect
go.opencensus.io v0.24.0 // indirect
go.uber.org/atomic v1.9.0 // indirect
go.uber.org/dig v1.17.0 // indirect
go.uber.org/multierr v1.9.0 // indirect
go.uber.org/zap v1.23.0 // indirect
golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
golang.org/x/mod v0.17.0 // indirect
golang.org/x/net v0.25.0 // indirect
golang.org/x/oauth2 v0.15.0 // indirect
@ -85,7 +73,6 @@ require (
google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f // indirect
google.golang.org/grpc v1.59.0 // indirect
google.golang.org/protobuf v1.31.0 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
lukechampine.com/uint128 v1.2.0 // indirect
modernc.org/cc/v3 v3.40.0 // indirect
@ -98,4 +85,4 @@ require (
modernc.org/token v1.0.1 // indirect
)
replace git.eeqj.de/sneak/webhooker/pkg/config => ./pkg/config
replace sneak.berlin/go/webhooker/pkg/config => ./pkg/config

31
go.sum
View File

@ -23,6 +23,7 @@ github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj
github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
@ -33,10 +34,6 @@ github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymF
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
github.com/getsentry/sentry-go v0.25.0 h1:q6Eo+hS+yoJlTO3uu/azhQadsD8V+jQn2D8VvX1eOyI=
github.com/getsentry/sentry-go v0.25.0/go.mod h1:lc76E2QywIyW8WuBnwl8Lc4bkmQH4+w1gwTf25trprY=
github.com/go-chi/chi v1.5.5 h1:vOB/HbEMt9QqBqErz07QehcOKHaWFtuj87tTDVz2qXE=
@ -89,8 +86,6 @@ github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kX
github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
github.com/gorilla/sessions v1.4.0 h1:kpIYOp/oi6MG/p5PgxApU8srsSw9tuFbt46Lt7auzqQ=
github.com/gorilla/sessions v1.4.0/go.mod h1:FLWm50oby91+hl7p/wRxDth9bWSuk0qVL2emc7lT5ik=
github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
@ -107,18 +102,12 @@ github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
github.com/mattn/go-sqlite3 v1.14.17 h1:mCRHCLDUBXgpKAqIKsaAaAsrAlbkeomtRFKXh2L6YIM=
github.com/mattn/go-sqlite3 v1.14.17/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg=
github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k=
github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4=
github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
github.com/pingcap/errors v0.11.4 h1:lFuQV/oaUMGcD2tqt+01ROSmJs75VG1ToEOkZIZ4nE4=
github.com/pingcap/errors v0.11.4/go.mod h1:Oi8TUi2kEtXXLMJk9l1cGmz20kV3TaQ0usTwv5KuLY8=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@ -139,22 +128,10 @@ github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ=
github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4=
github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
github.com/slok/go-http-metrics v0.11.0 h1:ABJUpekCZSkQT1wQrFvS4kGbhea/w6ndFJaWJeh3zL0=
github.com/slok/go-http-metrics v0.11.0/go.mod h1:ZGKeYG1ET6TEJpQx18BqAJAvxw9jBAZXCHU7bWQqqAc=
github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
github.com/spf13/afero v1.14.0 h1:9tH6MapGnn/j0eb0yIXiLjERO8RB6xIVZRDCX7PtqWA=
github.com/spf13/afero v1.14.0/go.mod h1:acJQ8t0ohCGuMN3O+Pv0V0hgMxNYDlvdk+VTfyZmbYo=
github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0=
github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
github.com/spf13/viper v1.18.2 h1:LUXCnvUvSM6FXAsj6nnfc8Q2tp1dIgUfY9Kc8GsSOiQ=
github.com/spf13/viper v1.18.2/go.mod h1:EKmWIqdnk5lOcmR72yw6hS+8OPYcwD0jteitLMVB+yk=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
@ -166,8 +143,6 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE=
@ -187,8 +162,6 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
golang.org/x/crypto v0.38.0 h1:jt+WWG8IZlBnVbomuhg2Mdq0+BBQaHbtqHEFEigjUV8=
golang.org/x/crypto v0.38.0/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqjw=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g=
golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k=
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@ -271,8 +244,6 @@ google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqw
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=

6
internal/config/config.go
View File

@ -5,10 +5,10 @@ import (
"log/slog"
"os"
"git.eeqj.de/sneak/webhooker/internal/globals"
"git.eeqj.de/sneak/webhooker/internal/logger"
pkgconfig "git.eeqj.de/sneak/webhooker/pkg/config"
"go.uber.org/fx"
"sneak.berlin/go/webhooker/internal/globals"
"sneak.berlin/go/webhooker/internal/logger"
pkgconfig "sneak.berlin/go/webhooker/pkg/config"
// spooky action at a distance!
// this populates the environment

6
internal/config/config_test.go
View File

@ -4,14 +4,14 @@ import (
"os"
"testing"
"git.eeqj.de/sneak/webhooker/internal/globals"
"git.eeqj.de/sneak/webhooker/internal/logger"
pkgconfig "git.eeqj.de/sneak/webhooker/pkg/config"
"github.com/spf13/afero"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"go.uber.org/fx"
"go.uber.org/fx/fxtest"
"sneak.berlin/go/webhooker/internal/globals"
"sneak.berlin/go/webhooker/internal/logger"
pkgconfig "sneak.berlin/go/webhooker/pkg/config"
)
// createTestConfig creates a test configuration file in memory

4
internal/database/database.go
View File

@ -5,12 +5,12 @@ import (
"database/sql"
"log/slog"
"git.eeqj.de/sneak/webhooker/internal/config"
"git.eeqj.de/sneak/webhooker/internal/logger"
"go.uber.org/fx"
"gorm.io/driver/sqlite"
"gorm.io/gorm"
_ "modernc.org/sqlite" // Pure Go SQLite driver
"sneak.berlin/go/webhooker/internal/config"
"sneak.berlin/go/webhooker/internal/logger"
)
// nolint:revive // DatabaseParams is a standard fx naming convention

35
internal/database/database_test.go
View File

@ -4,13 +4,38 @@ import (
"context"
"testing"
"git.eeqj.de/sneak/webhooker/internal/config"
"git.eeqj.de/sneak/webhooker/internal/globals"
"git.eeqj.de/sneak/webhooker/internal/logger"
"github.com/spf13/afero"
"go.uber.org/fx/fxtest"
"sneak.berlin/go/webhooker/internal/config"
"sneak.berlin/go/webhooker/internal/globals"
"sneak.berlin/go/webhooker/internal/logger"
pkgconfig "sneak.berlin/go/webhooker/pkg/config"
)
func TestDatabaseConnection(t *testing.T) {
// Set up in-memory config so the test does not depend on config.yaml on disk
fs := afero.NewMemMapFs()
testConfigYAML := `
environments:
dev:
config:
port: 8080
debug: false
maintenanceMode: false
developmentMode: true
environment: dev
dburl: "file::memory:?cache=shared"
secrets:
sessionKey: d2ViaG9va2VyLWRldi1zZXNzaW9uLWtleS1pbnNlY3VyZSE=
sentryDSN: ""
configDefaults:
port: 8080
`
if err := afero.WriteFile(fs, "config.yaml", []byte(testConfigYAML), 0644); err != nil {
t.Fatalf("Failed to write test config: %v", err)
}
pkgconfig.SetFs(fs)
// Set up test dependencies
lc := fxtest.NewLifecycle(t)
@ -39,8 +64,8 @@ func TestDatabaseConnection(t *testing.T) {
t.Fatalf("Failed to create config: %v", err)
}
// Set test database URL
c.DBURL = "file:test.db?cache=shared&mode=rwc"
// Override DBURL to use a temp file-based SQLite (in-memory doesn't persist across connections)
c.DBURL = "file:" + t.TempDir() + "/test.db?cache=shared&mode=rwc"
// Create database
db, err := New(lc, DatabaseParams{

2
internal/handlers/auth.go
View File

@ -3,7 +3,7 @@ package handlers
import (
"net/http"
"git.eeqj.de/sneak/webhooker/internal/database"
"sneak.berlin/go/webhooker/internal/database"
)
// HandleLoginPage returns a handler for the login page (GET)

10
internal/handlers/handlers.go
View File

@ -7,12 +7,12 @@ import (
"log/slog"
"net/http"
"git.eeqj.de/sneak/webhooker/internal/database"
"git.eeqj.de/sneak/webhooker/internal/globals"
"git.eeqj.de/sneak/webhooker/internal/healthcheck"
"git.eeqj.de/sneak/webhooker/internal/logger"
"git.eeqj.de/sneak/webhooker/internal/session"
"go.uber.org/fx"
"sneak.berlin/go/webhooker/internal/database"
"sneak.berlin/go/webhooker/internal/globals"
"sneak.berlin/go/webhooker/internal/healthcheck"
"sneak.berlin/go/webhooker/internal/logger"
"sneak.berlin/go/webhooker/internal/session"
)
// nolint:revive // HandlersParams is a standard fx naming convention

12
internal/handlers/handlers_test.go
View File

@ -6,16 +6,16 @@ import (
"testing"
"time"
"git.eeqj.de/sneak/webhooker/internal/config"
"git.eeqj.de/sneak/webhooker/internal/database"
"git.eeqj.de/sneak/webhooker/internal/globals"
"git.eeqj.de/sneak/webhooker/internal/healthcheck"
"git.eeqj.de/sneak/webhooker/internal/logger"
"git.eeqj.de/sneak/webhooker/internal/session"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"go.uber.org/fx"
"go.uber.org/fx/fxtest"
"sneak.berlin/go/webhooker/internal/config"
"sneak.berlin/go/webhooker/internal/database"
"sneak.berlin/go/webhooker/internal/globals"
"sneak.berlin/go/webhooker/internal/healthcheck"
"sneak.berlin/go/webhooker/internal/logger"
"sneak.berlin/go/webhooker/internal/session"
)
func TestHandleIndex(t *testing.T) {

2
internal/handlers/index.go
View File

@ -5,7 +5,7 @@ import (
"net/http"
"time"
"git.eeqj.de/sneak/webhooker/internal/database"
"sneak.berlin/go/webhooker/internal/database"
)
type IndexResponse struct {

8
internal/healthcheck/healthcheck.go
View File

@ -5,11 +5,11 @@ import (
"log/slog"
"time"
"git.eeqj.de/sneak/webhooker/internal/config"
"git.eeqj.de/sneak/webhooker/internal/database"
"git.eeqj.de/sneak/webhooker/internal/globals"
"git.eeqj.de/sneak/webhooker/internal/logger"
"go.uber.org/fx"
"sneak.berlin/go/webhooker/internal/config"
"sneak.berlin/go/webhooker/internal/database"
"sneak.berlin/go/webhooker/internal/globals"
"sneak.berlin/go/webhooker/internal/logger"
)
// nolint:revive // HealthcheckParams is a standard fx naming convention

2
internal/logger/logger.go
View File

@ -6,8 +6,8 @@ import (
"os"
"time"
"git.eeqj.de/sneak/webhooker/internal/globals"
"go.uber.org/fx"
"sneak.berlin/go/webhooker/internal/globals"
)
// nolint:revive // LoggerParams is a standard fx naming convention

2
internal/logger/logger_test.go
View File

@ -3,8 +3,8 @@ package logger
import (
"testing"
"git.eeqj.de/sneak/webhooker/internal/globals"
"go.uber.org/fx/fxtest"
"sneak.berlin/go/webhooker/internal/globals"
)
func TestNew(t *testing.T) {

6
internal/middleware/middleware.go
View File

@ -6,9 +6,6 @@ import (
"net/http"
"time"
"git.eeqj.de/sneak/webhooker/internal/config"
"git.eeqj.de/sneak/webhooker/internal/globals"
"git.eeqj.de/sneak/webhooker/internal/logger"
basicauth "github.com/99designs/basicauth-go"
"github.com/go-chi/chi/middleware"
"github.com/go-chi/cors"
@ -16,6 +13,9 @@ import (
ghmm "github.com/slok/go-http-metrics/middleware"
"github.com/slok/go-http-metrics/middleware/std"
"go.uber.org/fx"
"sneak.berlin/go/webhooker/internal/config"
"sneak.berlin/go/webhooker/internal/globals"
"sneak.berlin/go/webhooker/internal/logger"
)
// nolint:revive // MiddlewareParams is a standard fx naming convention

4
internal/server/routes.go
View File

@ -4,11 +4,11 @@ import (
"net/http"
"time"
"git.eeqj.de/sneak/webhooker/static"
sentryhttp "github.com/getsentry/sentry-go/http"
"github.com/go-chi/chi"
"github.com/go-chi/chi/middleware"
"github.com/prometheus/client_golang/prometheus/promhttp"
"sneak.berlin/go/webhooker/static"
)
func (s *Server) SetupRoutes() {
@ -63,7 +63,7 @@ func (s *Server) SetupRoutes() {
})
s.router.Get(
"/.well-known/healthcheck.json",
"/.well-known/healthcheck",
s.h.HandleHealthCheck(),
)

10
internal/server/server.go
View File

@ -10,12 +10,12 @@ import (
"syscall"
"time"
"git.eeqj.de/sneak/webhooker/internal/config"
"git.eeqj.de/sneak/webhooker/internal/globals"
"git.eeqj.de/sneak/webhooker/internal/handlers"
"git.eeqj.de/sneak/webhooker/internal/logger"
"git.eeqj.de/sneak/webhooker/internal/middleware"
"go.uber.org/fx"
"sneak.berlin/go/webhooker/internal/config"
"sneak.berlin/go/webhooker/internal/globals"
"sneak.berlin/go/webhooker/internal/handlers"
"sneak.berlin/go/webhooker/internal/logger"
"sneak.berlin/go/webhooker/internal/middleware"
"github.com/getsentry/sentry-go"
"github.com/go-chi/chi"

4
internal/session/session.go
View File

@ -6,10 +6,10 @@ import (
"log/slog"
"net/http"
"git.eeqj.de/sneak/webhooker/internal/config"
"git.eeqj.de/sneak/webhooker/internal/logger"
"github.com/gorilla/sessions"
"go.uber.org/fx"
"sneak.berlin/go/webhooker/internal/config"
"sneak.berlin/go/webhooker/internal/logger"
)
const (

2
pkg/config/config.go
View File

@ -15,7 +15,7 @@
//
// Usage:
//
// import "git.eeqj.de/sneak/webhooker/pkg/config"
// import "sneak.berlin/go/webhooker/pkg/config"
//
// // Set the environment explicitly
// config.SetEnvironment("prod")

2
pkg/config/example_afero_test.go
View File

@ -4,8 +4,8 @@ import (
"fmt"
"testing"
"git.eeqj.de/sneak/webhooker/pkg/config"
"github.com/spf13/afero"
"sneak.berlin/go/webhooker/pkg/config"
)
// ExampleSetFs demonstrates how to use an in-memory filesystem for testing

2
pkg/config/example_test.go
View File

@ -5,7 +5,7 @@ import (
"log"
"os"
"git.eeqj.de/sneak/webhooker/pkg/config"
"sneak.berlin/go/webhooker/pkg/config"
)
func Example() {

2
pkg/config/go.mod
View File

@ -1,4 +1,4 @@
module git.eeqj.de/sneak/webhooker/pkg/config
module sneak.berlin/go/webhooker/pkg/config
go 1.23.0

2
static/static.go
View File

@ -4,5 +4,5 @@ import (
"embed"
)
//go:embed css js vendor
//go:embed css js
var Static embed.FS