♻️ rewrite webhook settings in vue; api improvements

fixes #2888
fixes #2889

Author: MrKrisKrisu

app/Http/Controllers/API/v1/WebhookController.php

@@ -18,8 +18,8 @@ class WebhookController extends Controller
      *     path="/webhooks",
      *     operationId="getWebhooks",
      *     tags={"Webhooks"},
-     *     summary="Get webhooks for current user and current application",
-     *     description="Returns all webhooks which are created for the current user and which the current authorized applicaton has access to.",
+     *     summary="Get webhooks for current user.",
+     *     description="Returns all webhooks which are created for the current user.",
      *     @OA\Response(
      *         response=200,
      *         description="successful operation",
@@ -37,12 +37,8 @@ class WebhookController extends Controller
      *     }
      * )
      */
-    public function getWebhooks(Request $request): AnonymousResourceCollection {
-        $clientId = $request->user()->token()->client->id;
-        $webhooks = Webhook::where('oauth_client_id', '=', $clientId)
-                           ->where('user_id', '=', $request->user()->id)
-                           ->get();
-        return WebhookResource::collection($webhooks);
+    public function index(): AnonymousResourceCollection {
+        return WebhookResource::collection(Webhook::where('user_id', auth()->id())->get());
     }
 
     /**
@@ -51,7 +47,7 @@ public function getWebhooks(Request $request): AnonymousResourceCollection {
      *      operationId="getSingleWebhook",
      *      tags={"Webhooks"},
      *      summary="Get single webhook",
-     *      description="Returns a single webhook Object, if user and application is authorized to see it",
+     *      description="Returns a single webhook Object, if user is authorized to see it",
      *      @OA\Parameter (
      *          name="id",
      *          in="path",
@@ -74,19 +70,11 @@ public function getWebhooks(Request $request): AnonymousResourceCollection {
      *           {"passport": {}}, {"token": {}}
      *       }
      *     )
-     *
-     * Show single webhook
-     *
-     * @param int $webhookId
-     *
-     * @return WebhookResource|JsonResponse
      */
-    public function getWebhook(Request $request, int $webhookId): WebhookResource|JsonResponse {
-        $clientId = $request->user()->token()->client->id;
-        $webhook  = Webhook::where('oauth_client_id', '=', $clientId)
-                           ->where('user_id', '=', $request->user()->id)
-                           ->where('id', '=', $webhookId)
-                           ->first();
+    public function show(int $webhookId): WebhookResource|JsonResponse {
+        $webhook = Webhook::where('user_id', auth()->id())
+                          ->where('id', '=', $webhookId)
+                          ->first();
         if ($webhook == null) {
             return $this->sendError('No webhook found for this id.');
         }
@@ -98,7 +86,7 @@ public function getWebhook(Request $request, int $webhookId): WebhookResource|Js
      *      path="/webhooks/{id}",
      *      operationId="deleteWebhook",
      *      tags={"Webhooks"},
-     *      summary="Delete a webhook if the user and application are authorized to do",
+     *      summary="Delete a webhook if the user is authorized to do",
      *      description="",
      *      @OA\Parameter (
      *          name="id",
@@ -107,30 +95,21 @@ public function getWebhook(Request $request, int $webhookId): WebhookResource|Js
      *          example=1337,
      *          @OA\Schema(type="integer")
      *      ),
-     *      @OA\Response(
-     *          response=200,
-     *          description="successful operation",
-     *          @OA\JsonContent(
-     *                      ref="#/components/schemas/SuccessResponse"
-     *          )
-     *       ),
-     *       @OA\Response(response=400, description="Bad request"),
-     *       @OA\Response(response=404, description="No webhook found for this id"),
-     *       @OA\Response(response=403, description="User or application not authorized to delete this webhook"),
-     *       security={
-     *           {"passport": {}}, {"token": {}}
-     *       }
+     *      @OA\Response(response=204, description="Webhook deleted."),
+     *      @OA\Response(response=400, description="Bad request"),
+     *      @OA\Response(response=404, description="No webhook found for this id"),
+     *      @OA\Response(response=403, description="User or application not authorized to delete this webhook"),
+     *      security={
+     *          {"passport": {}}, {"token": {}}
+     *      }
      *     )
-     *
-     * @param int $webhookId
-     *
-     * @return JsonResponse
      */
-    public function deleteWebhook(Request $request, int $webhookId): JsonResponse {
+    public function destroy(int $webhookId): JsonResponse {
         try {
             $webhook = Webhook::findOrFail($webhookId);
-            WebhookBackend::deleteWebhook($webhook, $request->user()->token()->client);
-            return $this->sendResponse();
+            $this->authorize('delete', $webhook);
+            $webhook->delete();
+            return response()->json(null, 204);
         } catch (AuthorizationException) {
             return $this->sendError('You are not allowed to delete this webhook', 403);
         } catch (ModelNotFoundException) {

app/Http/Controllers/Backend/WebhookController.php

@@ -56,25 +56,6 @@ public static function createWebhook(
         return $webhook;
     }
 
-    /**
-     * Deletes a webhook
-     *
-     * @throws AuthorizationException
-     */
-    public static function deleteWebhook(
-        Webhook          $webhook,
-        OAuthClient|null $client
-    ): bool {
-        Gate::authorize("delete", $webhook);
-        // Checking if the client is allowed to delete here,
-        // because I found no way of doing that in the policy.
-        if ($client != null && $client->id != $webhook->client->id) {
-            throw new AuthorizationException();
-        }
-        $webhook->delete();
-        return true;
-    }
-
     public static function sendStatusWebhook(Status $status, WebhookEventEnum $event): void {
         self::dispatchWebhook($status->user, $event, [
             'status' => new StatusResource($status)

app/Http/Controllers/Frontend/SettingsController.php

@@ -169,12 +169,6 @@ public function renderToken(): Renderable {
         ]);
     }
 
-    public function renderWebhooks(): Renderable {
-        return view('settings.webhooks', [
-            'webhooks' => WebhookController::index(user: auth()->user()),
-        ]);
-    }
-
     /**
      * Approve a follow request
      *

app/Http/Controllers/Frontend/WebhookController.php

@@ -0,0 +1,23 @@
+<?php
+
+namespace App\Http\Resources;
+
+use App\Enum\WebhookEvent;
+use Illuminate\Http\Request;
+use Illuminate\Http\Resources\Json\JsonResource;
+
+class WebhookEventResource extends JsonResource
+{
+    /**
+     * Transform the resource into an array.
+     *
+     * @param Request $request
+     *
+     * @return array
+     */
+    public function toArray($request): array {
+        return [
+            'type' => $this->event->value,
+        ];
+    }
+}

app/Http/Resources/WebhookEventResource.php

@@ -18,13 +18,12 @@ class WebhookResource extends JsonResource
     public function toArray($request): array {
         return [
             'id'        => $this->id,
-            'clientId'  => $this->oauth_client_id,
-            'userId'    => $this->user_id,
+            'clientId'  => $this->oauth_client_id, // TODO: should be removed
+            'client'    => new ClientResource($this->client),
+            'userId'    => $this->user_id, // TODO: should be removed and replaced with user object
             'url'       => $this->url,
             'createdAt' => $this->created_at->toIso8601String(),
-            'events'    => array_map(function($event) {
-                return WebhookEvent::from($event)->name();
-            }, $this->events),
+            'events'    => WebhookEventResource::collection($this->events),
         ];
     }
 }

app/Http/Resources/WebhookResource.php

@@ -826,5 +826,6 @@
     "trip-info.user": "User",
     "trip-info.origin": "Abfahrtsort",
     "trip-info.destination": "Zielort",
-    "requested-timestamp": "Abfragezeitpunkt"
+    "requested-timestamp": "Abfragezeitpunkt",
+    "successfully-deleted": "Erfolgreich gelöscht"
 }

lang/de.json

@@ -826,5 +826,6 @@
     "trip-info.user": "User",
     "trip-info.origin": "Origin",
     "trip-info.destination": "Destination",
-    "requested-timestamp": "Requested timestamp"
+    "requested-timestamp": "Requested timestamp",
+    "successfully-deleted": "Successfully deleted"
 }

lang/en.json

@@ -19,6 +19,7 @@ import TripCreationForm from "../vue/components/TripCreation/TripCreationForm.vu
 import {createPinia} from 'pinia'
 import piniaPluginPersistedsState from 'pinia-plugin-persistedstate'
 import FriendCheckinSettings from "../vue/components/Settings/FriendCheckinSettings.vue";
+import WebhookSettings from "../vue/components/Settings/Webhooks.vue";
 
 window.notyf = new Notyf({
     duration: 5000,
@@ -59,6 +60,8 @@ document.addEventListener("DOMContentLoaded", function () {
         fallbackLang = "de";
     }
 
+    // TODO: As we add more vue components here, we should consider embedding them in a better way
+
     const i18nOptions = {
         fallbackLang: fallbackLang,
         fallbackMissingTranslations: true,
@@ -117,7 +120,14 @@ document.addEventListener("DOMContentLoaded", function () {
         app7.use(i18nVue, i18nOptions);
         app7.use(pinia);
         app7.mount("#settings-friend-checkin");
+    }
 
+    if (document.getElementById("settings-webhooks")) {
+        const app8 = createApp({});
+        app8.component("Webhooks", WebhookSettings);
+        app8.use(i18nVue, i18nOptions);
+        app8.use(pinia);
+        app8.mount("#settings-webhooks");
     }
 });
 

resources/js/app.js

@@ -1,59 +1,8 @@
-@php
-    use Carbon\Carbon;
-    use App\Enum\WebhookEvent;
-@endphp
 @extends('layouts.settings')
 @section('title', __('settings.title-webhooks'))
 
 @section('content')
-    <div class="row justify-content-center">
-        <div class="col-md-8 col-lg-7">
-            <div class="card mb-3">
-                <div class="card-header">{{ __('settings.title-webhooks') }}</div>
-                <div class="card-body table-responsive px-0">
-                    <p class="mx-4">
-                        {{ __('settings.webhook-description') }}
-                    </p>
-                    @if(count($webhooks) == 0)
-                        <p class="text-danger mx-4">{{__('settings.no-webhooks')}}</p>
-                    @else
-                        <table class="table">
-                            <thead>
-                                <tr>
-                                    <th>{{ __('settings.client-name') }}</th>
-                                    <th>{{ __('settings.created') }}</th>
-                                    <th>{{ __('settings.webhook-event-notifications-description') }}</th>
-                                    <th></th>
-                                </tr>
-                            </thead>
-                            <tbody>
-                                @foreach($webhooks as $webhook)
-                                    <tr>
-                                        <td>{{ $webhook->client->name }}</td>
-                                        <td>{{ Carbon::parse($webhook->created_at)->isoFormat(__('datetime-format')) }}</td>
-                                        <td>
-                                            <ul>
-                                                @foreach($webhook->events()->get() as $event)
-                                                    <li>{{ __('settings.webhook_event.' . $event->event->value) }}</li>
-                                                @endforeach
-                                            </ul>
-                                        </td>
-                                        <td>
-                                            <form method="post" action="{{ route('delwebhook') }}">
-                                                @csrf
-                                                <input type="hidden" name="webhookId" value="{{$webhook->id}}"/>
-                                                <button class="btn btn-block btn-danger mx-0">
-                                                    <i class="fas fa-trash"></i>
-                                                </button>
-                                            </form>
-                                        </td>
-                                    </tr>
-                                @endforeach
-                            </tbody>
-                        </table>
-                    @endif
-                </div>
-            </div>
-        </div>
+    <div id="settings-webhooks">
+        <Webhooks></Webhooks>
     </div>
 @endsection