Notifier: Plain JSON webhook

[lemonsaurus]

We currently allow blackbox to send out various bespoke webhooks, like Discord and Slack, but let's also make a dead simple plain JSON webhook so that people can implement notifications on arbitrary, generic platforms, or in their own applications.

Use the simplest JSON structure possible.

[shtlrs]

I have no knowledge whatsoever with Blackbox, but I'd be interested to tackle this.

[lemonsaurus]

Hi @shtlrs! I'm happy to let you take a crack at it if you'd like.

If you get stuck, poke me on Discord in https://discord.gg/hc5pDWNNzx in the #blackbox channel and I'll try to help.

[shtlrs]

Alright sir, i'd happily take this then!

[shtlrs]

@lemonsaurus Very sorry, I had completely forgotten about this, it got filtered out because i've set the org to pydis.

So I was running through the code to see how it all works and I was wondering how we'd want to handle auth for this.

The subscriber should be lambda API but the problem is that we don't know how auth is implemented for this api, it could be thourgh HTTP headers, in the request's body under a specific key, in the query parameters or maybe it doesn't even have auth for all that we know.

This got me thinking into how we'd want to implement this in the most simple way, so how about this

notifiers:
  json:
    my-api:
      url: https://mydomain.com/api/v1/database-updates/
      auth:
        type: headers
        key: key
        value: value
        method: 'POST'

The type can either be header, body or query-params (The naming can be discussed obviously)
Then depending on that type, we'll know where we can put the credentials.

For example

from requests import Request, Session
    class Json(BlackboxNotifier):
        ....
        def notify(self) -> None:
            """Send a webhook to Slack with a blackbox report."""
            request = Request(
                method=self.config["method"],
                url=self.config["url"],
            )
            auth = self.config.get("auth", {"type": "none", "key": "none", "value": "none"})
            auth_key = auth["key"]
            auth_value = auth["value"]
            auth_type = auth["type"]
            payload = self.method_to_construct_request_payload()
            request.json = payload

            if auth_type == "headers":
                request.headers = {auth_key: auth_value}
            if auth_type == "body":
                payload[auth_key] = auth_value
            if auth_type == "query-params":
                request.params[auth_key] = auth_value

            with Session() as session:
                session.send(request=request.prepare())

As I'm writing this, it also occured to me that we cannot even guarantee that the endpoint would solely take POST requests, so maybe that should be held into account as well ?

I know that auth for webhooks usually doesn't take place like this and that the end sending the event/request would include some sort of signature in the headers that needs to be validated by combining the request's body and some secret then hashing them etc etc, but I also don't believe that we can achieve that here.