Add webhook integration support

Signed-off-by: Rafi <refaei.shikho@hotmail.com>

Author: refoo0

cmd/devguard/api/api.go

@@ -36,6 +36,7 @@ import (
 	"github.com/l3montree-dev/devguard/internal/core/integrations/githubint"
 	"github.com/l3montree-dev/devguard/internal/core/integrations/gitlabint"
 	"github.com/l3montree-dev/devguard/internal/core/integrations/jiraint"
+	"github.com/l3montree-dev/devguard/internal/core/integrations/webhook"
 	"github.com/l3montree-dev/devguard/internal/core/intoto"
 	"github.com/l3montree-dev/devguard/internal/core/org"
 	"github.com/l3montree-dev/devguard/internal/core/pat"
@@ -367,6 +368,8 @@ func BuildRouter(db core.DB) *echo.Echo {
 		panic(err)
 	}
 
+	webhookIntegration := webhook.NewWebhookIntegration(db)
+
 	jiraIntegration := jiraint.NewJiraIntegration(db)
 
 	githubIntegration := githubint.NewGithubIntegration(db)
@@ -378,7 +381,7 @@ func BuildRouter(db core.DB) *echo.Echo {
 	)
 
 	gitlabIntegration := gitlabint.NewGitlabIntegration(db, gitlabOauth2Integrations, casbinRBACProvider, gitlabClientFactory)
-	thirdPartyIntegration := integrations.NewThirdPartyIntegrations(gitlabIntegration, githubIntegration, jiraIntegration)
+	thirdPartyIntegration := integrations.NewThirdPartyIntegrations(gitlabIntegration, githubIntegration, jiraIntegration, webhookIntegration)
 
 	// init all repositories using the provided database
 	patRepository := repositories.NewPATRepository(db)
@@ -541,6 +544,12 @@ func BuildRouter(db core.DB) *echo.Echo {
 	organizationRouter.POST("/integrations/jira/test-and-save/", integrationController.TestAndSaveJiraIntegration, neededScope([]string{"manage"}))
 	organizationRouter.DELETE("/integrations/jira/:jira_integration_id/", integrationController.DeleteJiraAccessToken, neededScope([]string{"manage"}))
 
+	organizationRouter.POST("/integrations/webhook/test-and-save/", integrationController.TestAndSaveWebhookIntegration, neededScope([]string{"manage"}))
+
+	organizationRouter.PUT("/integrations/webhook/test-and-save/", integrationController.UpdateWebhookIntegration, neededScope([]string{"manage"}))
+
+	organizationRouter.DELETE("/integrations/webhook/:id/", integrationController.DeleteWebhookIntegration, neededScope([]string{"manage"}))
+
 	organizationRouter.POST("/integrations/gitlab/test-and-save/", integrationController.TestAndSaveGitlabIntegration, neededScope([]string{"manage"}))
 	organizationRouter.DELETE("/integrations/gitlab/:gitlab_integration_id/", integrationController.DeleteGitLabAccessToken, neededScope([]string{"manage"}))
 	organizationRouter.GET("/integrations/repositories/", integrationController.ListRepositories)

internal/common/integrations_obj.go

@@ -14,3 +14,13 @@ type JiraIntegrationDTO struct {
 	ObfuscatedToken string `json:"obfuscatedToken"`
 	UserEmail       string `json:"userEmail"`
 }
+
+type WebhookIntegrationDTO struct {
+	ID          string `json:"id"`
+	Name        string `json:"name"`
+	Description string `json:"description"`
+	URL         string `json:"url"`
+	Secret      string `json:"secret"`
+	SbomEnabled bool   `json:"sbomEnabled"`
+	VulnEnabled bool   `json:"vulnEnabled"`
+}

internal/core/common_interfaces.go

@@ -325,6 +325,14 @@ type JiraIntegrationRepository interface {
 	GetClientByIntegrationID(integrationID uuid.UUID) (models.JiraIntegration, error)
 }
 
+type WebhookIntegrationRepository interface {
+	Save(tx DB, model *models.WebhookIntegration) error
+	Read(id uuid.UUID) (models.WebhookIntegration, error)
+	FindByOrganizationID(orgID uuid.UUID) ([]models.WebhookIntegration, error)
+	Delete(tx DB, id uuid.UUID) error
+	GetClientByIntegrationID(integrationID uuid.UUID) (models.WebhookIntegration, error)
+}
+
 type GitlabIntegrationRepository interface {
 	Save(tx DB, model *models.GitLabIntegration) error
 	Read(id uuid.UUID) (models.GitLabIntegration, error)

internal/core/context_utils.go

@@ -139,7 +139,10 @@ func HasOrganization(c Context) bool {
 	_, ok := c.Get("organization").(models.Org)
 	return ok
 }
-
+func HasProject(c Context) bool {
+	_, ok := c.Get("project").(models.Project)
+	return ok
+}
 func GetRBAC(ctx Context) AccessControl {
 	return ctx.Get("rbac").(AccessControl)
 }

internal/core/integrations/integration_controller.go

@@ -22,6 +22,7 @@ import (
 	"github.com/l3montree-dev/devguard/internal/core/integrations/githubint"
 	"github.com/l3montree-dev/devguard/internal/core/integrations/gitlabint"
 	"github.com/l3montree-dev/devguard/internal/core/integrations/jiraint"
+	"github.com/l3montree-dev/devguard/internal/core/integrations/webhook"
 )
 
 type integrationController struct {
@@ -94,6 +95,50 @@ func (c *integrationController) TestAndSaveGitlabIntegration(ctx core.Context) e
 	return nil
 }
 
+func (c *integrationController) DeleteWebhookIntegration(ctx core.Context) error {
+	thirdPartyIntegration := core.GetThirdPartyIntegration(ctx)
+	wh := thirdPartyIntegration.GetIntegration(core.WebhookIntegrationID)
+	if wh == nil {
+		return ctx.JSON(404, "Webhook integration not enabled")
+	}
+
+	if err := wh.(*webhook.WebhookIntegration).Delete(ctx); err != nil {
+		slog.Error("could not delete webhook integration", "err", err)
+		return err
+	}
+
+	return nil
+}
+
+func (c *integrationController) UpdateWebhookIntegration(ctx core.Context) error {
+	thirdPartyIntegration := core.GetThirdPartyIntegration(ctx)
+	wh := thirdPartyIntegration.GetIntegration(core.WebhookIntegrationID)
+	if wh == nil {
+		return ctx.JSON(404, "Webhook integration not enabled")
+	}
+
+	if err := wh.(*webhook.WebhookIntegration).Update(ctx); err != nil {
+		slog.Error("could not update webhook integration", "err", err)
+		return err
+	}
+
+	return nil
+}
+
+func (c *integrationController) TestAndSaveWebhookIntegration(ctx core.Context) error {
+	thirdPartyIntegration := core.GetThirdPartyIntegration(ctx)
+	wh := thirdPartyIntegration.GetIntegration(core.WebhookIntegrationID)
+	if wh == nil {
+		return ctx.JSON(404, "Webhook integration not enabled")
+	}
+
+	if err := wh.(*webhook.WebhookIntegration).TestAndSave(ctx); err != nil {
+		slog.Error("could not test GitLab integration", "err", err)
+		return err
+	}
+
+	return nil
+}
 func (c *integrationController) TestAndSaveJiraIntegration(ctx core.Context) error {
 	thirdPartyIntegration := core.GetThirdPartyIntegration(ctx)
 	gl := thirdPartyIntegration.GetIntegration(core.JiraIntegrationID)

internal/core/integrations/webhook/webhook_integration.go

@@ -0,0 +1,214 @@
+// Copyright 2025 l3montree GmbH.
+// SPDX-License-Identifier: 	AGPL-3.0-or-later
+
+package webhook
+
+import (
+	"context"
+	"log/slog"
+
+	"github.com/google/uuid"
+	"github.com/l3montree-dev/devguard/internal/common"
+	"github.com/l3montree-dev/devguard/internal/core"
+	"github.com/l3montree-dev/devguard/internal/database/models"
+	"github.com/l3montree-dev/devguard/internal/database/repositories"
+)
+
+type WebhookIntegration struct {
+	webhookRepository core.WebhookIntegrationRepository
+}
+
+var _ core.ThirdPartyIntegration = &WebhookIntegration{}
+
+func NewWebhookIntegration(db core.DB) *WebhookIntegration {
+	webhookRepository := repositories.NewWebhookRepository(db)
+	return &WebhookIntegration{
+		webhookRepository: webhookRepository,
+	}
+}
+
+func (w *WebhookIntegration) Delete(ctx core.Context) error {
+	id := ctx.Param("id")
+	if id == "" {
+		return ctx.JSON(400, "id is required")
+	}
+
+	uuidID, err := uuid.Parse(id)
+	if err != nil {
+		return ctx.JSON(400, "invalid id format")
+	}
+
+	if err := w.webhookRepository.Delete(nil, uuidID); err != nil {
+		slog.Error("failed to delete webhook integration", "err", err)
+		return ctx.JSON(500, "failed to delete webhook integration")
+	}
+	return ctx.JSON(200, "Webhook integration deleted successfully")
+}
+
+func (w *WebhookIntegration) Update(ctx core.Context) error {
+	var data struct {
+		ID          string `json:"id"`
+		Name        string `json:"name"`
+		Description string `json:"description"`
+		URL         string `json:"url"`
+		Secret      string `json:"secret"`
+		SbomEnabled bool   `json:"sbomEnabled"`
+		VulnEnabled bool   `json:"vulnEnabled"`
+	}
+
+	if err := ctx.Bind(&data); err != nil {
+		return ctx.JSON(400, "invalid request data")
+	}
+	if data.URL == "" {
+		return ctx.JSON(400, "url is required")
+	}
+
+	uuidID, err := uuid.Parse(data.ID)
+	if err != nil {
+		return ctx.JSON(400, "invalid id format")
+	}
+	webhookIntegration := &models.WebhookIntegration{
+
+		Model: models.Model{
+			ID: uuidID,
+		},
+		Name:        &data.Name,
+		Description: &data.Description,
+		URL:         data.URL,
+		Secret:      &data.Secret,
+		SbomEnabled: data.SbomEnabled,
+		VulnEnabled: data.VulnEnabled,
+		OrgID:       core.GetOrg(ctx).GetID(),
+	}
+
+	if err := w.webhookRepository.Save(nil, webhookIntegration); err != nil {
+		slog.Error("failed to update webhook integration", "err", err)
+		return ctx.JSON(500, "failed to update webhook integration")
+	}
+	return ctx.JSON(200, common.WebhookIntegrationDTO{
+		ID:          webhookIntegration.ID.String(),
+		Name:        *webhookIntegration.Name,
+		Description: *webhookIntegration.Description,
+		URL:         webhookIntegration.URL,
+		Secret:      *webhookIntegration.Secret,
+		SbomEnabled: webhookIntegration.SbomEnabled,
+		VulnEnabled: webhookIntegration.VulnEnabled,
+	})
+}
+func (w *WebhookIntegration) TestAndSave(ctx core.Context) error {
+	var data struct {
+		Name        string `json:"name"`
+		Description string `json:"description"`
+		URL         string `json:"url"`
+		Secret      string `json:"secret"`
+		SbomEnabled bool   `json:"sbomEnabled"`
+		VulnEnabled bool   `json:"vulnEnabled"`
+	}
+
+	if err := ctx.Bind(&data); err != nil {
+		return ctx.JSON(400, "invalid request data")
+	}
+	if data.URL == "" {
+		return ctx.JSON(400, "url is required")
+	}
+
+	/* 	projectID := uuid.Nil
+	   	if ok := core.HasProject(ctx); ok {
+	   		project := core.GetProject(ctx)
+	   		projectID = project.ID
+	   	} */
+
+	webhookIntegration := &models.WebhookIntegration{
+		Name:        &data.Name,
+		Description: &data.Description,
+		URL:         data.URL,
+		Secret:      &data.Secret,
+		SbomEnabled: data.SbomEnabled,
+		VulnEnabled: data.VulnEnabled,
+		OrgID:       core.GetOrg(ctx).GetID(),
+		/* 	ProjectID:   &projectID, */
+	}
+
+	if err := w.webhookRepository.Save(nil, webhookIntegration); err != nil {
+		slog.Error("failed to save webhook integration", "err", err)
+		return ctx.JSON(500, "failed to save webhook integration")
+	}
+	return ctx.JSON(200, common.WebhookIntegrationDTO{
+		ID:          webhookIntegration.ID.String(),
+		Name:        *webhookIntegration.Name,
+		Description: *webhookIntegration.Description,
+		URL:         webhookIntegration.URL,
+		Secret:      *webhookIntegration.Secret,
+		SbomEnabled: webhookIntegration.SbomEnabled,
+		VulnEnabled: webhookIntegration.VulnEnabled,
+	})
+}
+
+func (w *WebhookIntegration) HandleEvent(event any) error {
+	return nil
+}
+
+func (w *WebhookIntegration) WantsToHandleWebhook(ctx core.Context) bool {
+	// Logic to determine if this integration wants to handle the webhook
+	return true
+}
+
+func (w *WebhookIntegration) HandleWebhook(ctx core.Context) error {
+	// Logic to handle the webhook
+	return nil
+}
+
+func (w *WebhookIntegration) ListOrgs(ctx core.Context) ([]models.Org, error) {
+	// Logic to list organizations
+	return nil, nil
+}
+
+func (w *WebhookIntegration) ListGroups(ctx core.Context, userID string, providerID string) ([]models.Project, error) {
+	// Logic to list groups
+	return nil, nil
+}
+
+func (w *WebhookIntegration) ListProjects(ctx core.Context, userID string, providerID string, groupID string) ([]models.Asset, error) {
+	// Logic to list projects
+	return nil, nil
+}
+
+func (w *WebhookIntegration) ListRepositories(ctx core.Context) ([]core.Repository, error) {
+	// Logic to list repositories
+	return nil, nil
+}
+
+func (w *WebhookIntegration) HasAccessToExternalEntityProvider(ctx core.Context, externalEntityProviderID string) (bool, error) {
+	// Logic to check access to external entity provider
+	return false, nil
+}
+
+func (w *WebhookIntegration) GetRoleInGroup(ctx context.Context, userID string, providerID string, groupID string) (string, error) {
+	// Logic to get role in group
+	return "", nil
+}
+
+func (w *WebhookIntegration) GetRoleInProject(ctx context.Context, userID string, providerID string, projectID string) (string, error) {
+	// Logic to get role in project
+	return "", nil
+}
+
+func (w *WebhookIntegration) CreateIssue(ctx context.Context, asset models.Asset, assetVersionName string, vuln models.Vuln, projectSlug string, orgSlug string, justification string, userID string) error {
+	// Logic to create an issue
+	return nil
+}
+
+func (w *WebhookIntegration) UpdateIssue(ctx context.Context, asset models.Asset, vuln models.Vuln) error {
+	// Logic to update an issue
+	return nil
+}
+
+func (w *WebhookIntegration) GetUsers(org models.Org) []core.User {
+	// Logic to get users in an organization
+	return nil
+}
+
+func (w *WebhookIntegration) GetID() core.IntegrationID {
+	// Return the integration ID for this webhook integration
+	return core.WebhookIntegrationID
+}

internal/core/org/org_dto.go

@@ -177,6 +177,8 @@ type OrgDTO struct {
 
 	JiraIntegrations []common.JiraIntegrationDTO `json:"jiraIntegrations" gorm:"foreignKey:OrgID;"`
 
+	Webhooks []common.WebhookIntegrationDTO `json:"webhooks" gorm:"foreignKey:OrgID;"`
+
 	IsPublic bool `json:"isPublic" gorm:"default:false;"`
 
 	ConfigFiles map[string]any `json:"configFiles"`
@@ -204,6 +206,18 @@ func obfuscateJiraIntegrations(integration models.JiraIntegration) common.JiraIn
 	}
 }
 
+func obfuscateWebhookIntegrations(integration models.WebhookIntegration) common.WebhookIntegrationDTO {
+	return common.WebhookIntegrationDTO{
+		ID:          integration.ID.String(),
+		Name:        *integration.Name,
+		Description: *integration.Description,
+		URL:         integration.URL,
+		Secret:      *integration.Secret,
+		SbomEnabled: integration.SbomEnabled,
+		VulnEnabled: integration.VulnEnabled,
+	}
+}
+
 func fromModel(org models.Org) OrgDTO {
 	return OrgDTO{
 		Model:                  org.Model,
@@ -224,6 +238,7 @@ func fromModel(org models.Org) OrgDTO {
 		GithubAppInstallations:   org.GithubAppInstallations,
 		GitLabIntegrations:       utils.Map(org.GitLabIntegrations, obfuscateGitLabIntegrations),
 		JiraIntegrations:         utils.Map(org.JiraIntegrations, obfuscateJiraIntegrations),
+		Webhooks:                 utils.Map(org.Webhooks, obfuscateWebhookIntegrations),
 		ConfigFiles:              org.ConfigFiles,
 		Language:                 org.Language,
 		ExternalEntityProviderID: org.ExternalEntityProviderID,