feat: support inbound plugin jsonschema validator

Author: cchenggit

plugins/jsonschema_validator/jsonschema/jsonschema.go

@@ -0,0 +1,40 @@
+package jsonschema
+
+import (
+	"github.com/getkin/kin-openapi/openapi3"
+	lru "github.com/hashicorp/golang-lru/v2"
+	"github.com/webhookx-io/webhookx/pkg/openapi"
+	"github.com/webhookx-io/webhookx/utils"
+)
+
+type JSONSchema struct {
+	schemaDef string
+	hex       string
+}
+
+func New(schemaDef []byte) *JSONSchema {
+	return &JSONSchema{
+		schemaDef: string(schemaDef),
+		hex:       utils.Hash256(string(schemaDef)),
+	}
+}
+
+var cache, _ = lru.New[string, *openapi3.Schema](128)
+
+func (s *JSONSchema) Validate(ctx *ValidatorContext) error {
+	schema, ok := cache.Get(s.hex)
+	if !ok {
+		schema = &openapi3.Schema{}
+		err := schema.UnmarshalJSON([]byte(s.schemaDef))
+		if err != nil {
+			return err
+		}
+		cache.Add(s.hex, schema)
+	}
+
+	err := openapi.Validate(schema, ctx.HTTPRequest.Data)
+	if err != nil {
+		return err
+	}
+	return nil
+}

plugins/jsonschema_validator/jsonschema/jsonschema_test.go

@@ -0,0 +1,66 @@
+package jsonschema
+
+import (
+	"encoding/json"
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	"testing"
+)
+
+func TestJSONSchema(t *testing.T) {
+	RegisterFailHandler(Fail)
+	RunSpecs(t, "Schema Validator Suite")
+}
+
+var _ = Describe("Schema Validator Plugin", func() {
+
+	Context("JSONSchema Validator", func() {
+		It("should validate valid JSON data against the schema", func() {
+			schemaDef := `{
+				"type": "object",
+				"properties": {
+					"name": { "type": "string" },
+					"age": { "type": "integer", "minimum": 0 }
+				},
+				"required": ["name", "age"]
+			}`
+
+			validator := New([]byte(schemaDef))
+
+			validData := map[string]interface{}{"name": "John Doe", "age": 30}
+			ctx := &ValidatorContext{
+				HTTPRequest: &HTTPRequest{
+					Data: validData,
+				},
+			}
+
+			err := validator.Validate(ctx)
+			Expect(err).To(BeNil())
+		})
+
+		It("should return an error for invalid JSON data against the schema", func() {
+			schemaDef := `{
+				"type": "object",
+				"properties": {
+					"name": { "type": "string" },
+					"age": { "type": "integer", "minimum": 0 }
+				},
+				"required": ["name", "age"]
+			}`
+
+			validator := New([]byte(schemaDef))
+
+			invalidData := map[string]interface{}{"name": "John Doe", "age": -5}
+			ctx := &ValidatorContext{
+				HTTPRequest: &HTTPRequest{
+					Data: invalidData,
+				},
+			}
+
+			err := validator.Validate(ctx)
+			Expect(err).ToNot(BeNil())
+			b, _ := json.Marshal(err)
+			Expect(string(b)).To(Equal(`{"message":"request validation","fields":{"age":"number must be at least 0"}}`))
+		})
+	})
+})

plugins/jsonschema_validator/jsonschema/validator.go

@@ -0,0 +1,18 @@
+package jsonschema
+
+import (
+	"net/http"
+)
+
+type Validator interface {
+	Validate(ctx *ValidatorContext) error
+}
+
+type ValidatorContext struct {
+	HTTPRequest *HTTPRequest
+}
+
+type HTTPRequest struct {
+	R    *http.Request
+	Data map[string]any
+}

plugins/jsonschema_validator/plugin.go

@@ -0,0 +1,174 @@
+package jsonschema_validator
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"github.com/getkin/kin-openapi/openapi3"
+	lru "github.com/hashicorp/golang-lru/v2"
+	"github.com/webhookx-io/webhookx/pkg/errs"
+	"github.com/webhookx-io/webhookx/pkg/plugin"
+	"github.com/webhookx-io/webhookx/plugins/jsonschema_validator/jsonschema"
+	"github.com/webhookx-io/webhookx/utils"
+	"io"
+	"net/http"
+	"os"
+	"time"
+)
+
+type Config struct {
+	Schemas map[string]*SchemaResource `json:"schemas" validate:"dive,required"`
+}
+
+type EventTypeSchema struct {
+	EventType  string `json:"event_type" validate:"required,max=100"`
+	JSONSchema string `json:"jsonschema" validate:"required,jsonschema,max=1048576"`
+}
+
+type SchemaResource struct {
+	JSONString string `json:"json" validate:"omitempty,json,max=1048576"`
+	File       string `json:"file" validate:"omitempty,file"`
+	URL        string `json:"url" validate:"omitempty,url"`
+}
+
+var cache, _ = lru.New[string, []byte](128)
+
+func (s *SchemaResource) Resource() ([]byte, string, error) {
+	// priority: json > file > url
+	if s.JSONString != "" {
+		return []byte(s.JSONString), "json", nil
+	}
+	if s.File != "" {
+		bytes, ok := cache.Get(s.File)
+		if ok {
+			return bytes, "file", nil
+		}
+		bytes, err := os.ReadFile(s.File)
+		if err != nil {
+			return nil, "file", fmt.Errorf("failed to read schema: %w", err)
+		}
+		cache.Add(s.File, bytes)
+		return bytes, "file", nil
+	}
+	if s.URL != "" {
+		bytes, ok := cache.Get(s.URL)
+		if ok {
+			return bytes, "url", nil
+		}
+		client := &http.Client{
+			Timeout: time.Second * 2,
+		}
+		resp, err := client.Get(s.URL)
+		if err != nil {
+			return nil, "url", fmt.Errorf("failed to fetch schema: %w", err)
+		}
+		defer func() { _ = resp.Body.Close() }()
+		body, err := io.ReadAll(resp.Body)
+		if err != nil {
+			return nil, "url", fmt.Errorf("failed to read schema from response: %w", err)
+		}
+		cache.Add(s.URL, body)
+		return body, "url", nil
+	}
+	return nil, "json", errors.New("no schema defined")
+}
+
+type SchemaValidatorPlugin struct {
+	plugin.BasePlugin[Config]
+}
+
+func New(config []byte) (plugin.Plugin, error) {
+	p := &SchemaValidatorPlugin{}
+	p.Name = "jsonschema-validator"
+
+	if config != nil {
+		if err := p.UnmarshalConfig(config); err != nil {
+			return nil, err
+		}
+	}
+	return p, nil
+}
+
+func (p *SchemaValidatorPlugin) ValidateConfig() error {
+	err := utils.Validate(p.Config)
+	if err != nil {
+		return err
+	}
+
+	e := errs.NewValidateError(errors.New("request validation"))
+	for event, schema := range p.Config.Schemas {
+		field := fmt.Sprintf("schemas[%s]", event)
+		if schema == nil {
+			e.Fields[field] = fmt.Errorf("schema is empty")
+			return e
+		}
+		schemaBytes, invalidField, err := schema.Resource()
+		if err != nil {
+			e.Fields[field] = map[string]string{
+				invalidField: err.Error(),
+			}
+			return e
+		}
+		openapiSchema := &openapi3.Schema{}
+		err = openapiSchema.UnmarshalJSON(schemaBytes)
+		if err != nil {
+			e.Fields[field] = map[string]string{
+				invalidField: "the content must be a valid json string",
+			}
+			return e
+		}
+		err = openapiSchema.Validate(context.Background(), openapi3.EnableSchemaFormatValidation())
+		if err != nil {
+			e.Fields[field] = map[string]string{
+				invalidField: fmt.Sprintf("invalid jsonschema: %v", err),
+			}
+			return e
+		}
+	}
+	return nil
+}
+
+func (p *SchemaValidatorPlugin) ExecuteInbound(inbound *plugin.Inbound) (res plugin.InboundResult, err error) {
+	// parse body to get event type
+	var event map[string]any
+	body := inbound.RawBody
+	if err = json.Unmarshal(body, &event); err != nil {
+		return
+	}
+
+	eventType, ok := event["event_type"].(string)
+	if !ok || eventType == "" {
+		res.Payload = body
+		return
+	}
+
+	data := event["data"]
+	if data == nil {
+		res.Payload = body
+		return
+	}
+
+	schemaResource, ok := p.Config.Schemas[eventType]
+	if !ok || schemaResource == nil {
+		res.Payload = body
+		return
+	}
+
+	bytes, _, err := schemaResource.Resource()
+	if err != nil {
+		return
+	}
+	validator := jsonschema.New(bytes)
+	err = validator.Validate(&jsonschema.ValidatorContext{
+		HTTPRequest: &jsonschema.HTTPRequest{
+			R:    inbound.Request,
+			Data: data.(map[string]any),
+		},
+	})
+	if err != nil {
+		return
+	}
+	res.Payload = body
+	return
+}

plugins/plugins.go

@@ -3,12 +3,14 @@ package plugins
 import (
 	"github.com/webhookx-io/webhookx/pkg/plugin"
 	"github.com/webhookx-io/webhookx/plugins/function"
+	"github.com/webhookx-io/webhookx/plugins/jsonschema_validator"
 	"github.com/webhookx-io/webhookx/plugins/wasm"
 	"github.com/webhookx-io/webhookx/plugins/webhookx_signature"
 )
 
 func LoadPlugins() {
 	plugin.RegisterPlugin(plugin.TypeInbound, "function", function.New)
+	plugin.RegisterPlugin(plugin.TypeInbound, "jsonschema-validator", jsonschema_validator.New)
 	plugin.RegisterPlugin(plugin.TypeOutbound, "wasm", wasm.New)
 	plugin.RegisterPlugin(plugin.TypeOutbound, "webhookx-signature", webhookx_signature.New)
 }

proxy/gateway.go

@@ -14,6 +14,7 @@ import (
 	"github.com/webhookx-io/webhookx/dispatcher"
 	"github.com/webhookx-io/webhookx/eventbus"
 	"github.com/webhookx-io/webhookx/mcache"
+	"github.com/webhookx-io/webhookx/pkg/errs"
 	"github.com/webhookx-io/webhookx/pkg/http/response"
 	"github.com/webhookx-io/webhookx/pkg/loglimiter"
 	"github.com/webhookx-io/webhookx/pkg/metrics"
@@ -256,10 +257,19 @@ func (gw *Gateway) handle(w http.ResponseWriter, r *http.Request) bool {
 			RawBody:  body,
 		})
 		if err != nil {
+			if validateErr, ok := err.(*errs.ValidateError); ok {
+				response.JSON(w, 400, types.ErrorResponse{
+					Message: "Request Validation",
+					Error:   validateErr,
+				})
+				return false
+			}
+
 			gw.log.Errorf("failed to execute plugin: %v", err)
 			response.JSON(w, 500, types.ErrorResponse{Message: "internal error"})
 			return false
 		}
+
 		if result.Terminated {
 			return false
 		}

test/cmd/admin_test.go

@@ -95,10 +95,13 @@ var _ = Describe("admin", Ordered, func() {
 
 				plugins, err = db.Plugins.ListSourcePlugin(context.TODO(), source.ID)
 				assert.NoError(GinkgoT(), err)
-				assert.Equal(GinkgoT(), 1, len(plugins))
+				assert.Equal(GinkgoT(), 2, len(plugins))
 				assert.Equal(GinkgoT(), "function", plugins[0].Name)
 				assert.Equal(GinkgoT(), true, plugins[0].Enabled)
 				assert.Equal(GinkgoT(), `{"function": "function handle() {}"}`, string(plugins[0].Config))
+				assert.Equal(GinkgoT(), `jsonschema-validator`, plugins[1].Name)
+				assert.Equal(GinkgoT(), true, plugins[1].Enabled)
+				assert.Equal(GinkgoT(), `{"schemas": {"charge.succeeded": {"url": "", "file": "", "json": "{\n  \"type\": \"object\",\n  \"properties\": {\n      \"id\": { \"type\": \"string\" },\n      \"amount\": { \"type\": \"integer\", \"minimum\": 1 },\n      \"currency\": { \"type\": \"string\", \"minLength\": 3, \"maxLength\": 6 }\n  },\n  \"required\": [\"id\", \"amount\", \"currency\"]\n}\n"}}}`, string(plugins[1].Config))
 			})
 
 			It("entities not defined in the declarative configuration should be deleted", func() {