Enforce source-time provenance across ingest
This commit is contained in:
Codex
55
client.go
55
client.go
@@ -158,17 +158,8 @@ func (c *Client) GetTenantStream(ctx context.Context, streamID string) (*TenantS
|
||||
}
|
||||
|
||||
func (c *Client) LogEvent(ctx context.Context, streamID string, input EventInput, options ...RequestOptions) (*EventReceipt, error) {
|
||||
if input.EventType == "" {
|
||||
input.EventType = "inference"
|
||||
}
|
||||
if input.SourceKind == "" {
|
||||
input.SourceKind = "sdk"
|
||||
}
|
||||
if input.Payload == nil {
|
||||
input.Payload = M{}
|
||||
}
|
||||
if input.Metadata == nil {
|
||||
input.Metadata = M{}
|
||||
if err := normalizeEventInput(&input); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
var out EventReceipt
|
||||
err := c.requestJSON(ctx, http.MethodPost, "/v2/streams/"+url.PathEscape(streamID)+"/events", nil, input, idempotency(options), &out)
|
||||
@@ -180,17 +171,8 @@ func (c *Client) LogEvents(ctx context.Context, streamID string, events []EventI
|
||||
return nil, errors.New("max 1000 events per batch")
|
||||
}
|
||||
for i := range events {
|
||||
if events[i].EventType == "" {
|
||||
events[i].EventType = "inference"
|
||||
}
|
||||
if events[i].SourceKind == "" {
|
||||
events[i].SourceKind = "sdk"
|
||||
}
|
||||
if events[i].Payload == nil {
|
||||
events[i].Payload = M{}
|
||||
}
|
||||
if events[i].Metadata == nil {
|
||||
events[i].Metadata = M{}
|
||||
if err := normalizeEventInput(&events[i]); err != nil {
|
||||
return nil, fmt.Errorf("event %d: %w", i, err)
|
||||
}
|
||||
}
|
||||
body := M{"events": events}
|
||||
@@ -331,6 +313,9 @@ func (c *Client) RevokeRepositoryWebhookConnector(ctx context.Context, connector
|
||||
}
|
||||
|
||||
func (c *Client) IngestSignedWebhookEvent(ctx context.Context, connectorID string, event EventInput, secret string) (*EventReceipt, error) {
|
||||
if err := normalizeEventInput(&event); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
raw, err := json.Marshal(event)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -341,6 +326,32 @@ func (c *Client) IngestSignedWebhookEvent(ctx context.Context, connectorID strin
|
||||
return &out, err
|
||||
}
|
||||
|
||||
func normalizeEventInput(input *EventInput) error {
|
||||
if input.SourceRef == "" {
|
||||
return errors.New("source ref must not be blank")
|
||||
}
|
||||
if input.EventType == "" {
|
||||
input.EventType = "inference"
|
||||
}
|
||||
if input.SourceKind == "" {
|
||||
input.SourceKind = "sdk"
|
||||
}
|
||||
if input.OccurredAt == "" {
|
||||
input.OccurredAt = time.Now().UTC().Format(time.RFC3339Nano)
|
||||
} else if _, err := time.Parse(time.RFC3339, input.OccurredAt); err != nil {
|
||||
if _, nanoErr := time.Parse(time.RFC3339Nano, input.OccurredAt); nanoErr != nil {
|
||||
return errors.New("occurredAt must include a valid RFC3339 timezone offset")
|
||||
}
|
||||
}
|
||||
if input.Payload == nil {
|
||||
input.Payload = M{}
|
||||
}
|
||||
if input.Metadata == nil {
|
||||
input.Metadata = M{}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (c *Client) IngestRepositoryWebhookEvent(ctx context.Context, connectorID string, rawBody []byte, headers map[string]string) (*EventReceipt, error) {
|
||||
var out EventReceipt
|
||||
err := c.requestRaw(ctx, http.MethodPost, "/v2/connectors/repository-webhooks/"+url.PathEscape(connectorID)+"/events", nil, rawBody, headers, "", &out)
|
||||
|
||||
Reference in New Issue
Block a user