2026-01-19 00:09:36 +08:00
|
|
|
|
"""
|
|
|
|
|
|
Webhook API
|
|
|
|
|
|
用于接收外部系统的Webhook请求并触发工作流执行
|
|
|
|
|
|
"""
|
|
|
|
|
|
from fastapi import APIRouter, Depends, HTTPException, status, Request, Header
|
|
|
|
|
|
from sqlalchemy.orm import Session
|
|
|
|
|
|
from pydantic import BaseModel
|
|
|
|
|
|
from typing import Optional, Dict, Any
|
|
|
|
|
|
import logging
|
|
|
|
|
|
from app.core.database import get_db
|
2026-05-10 19:50:20 +08:00
|
|
|
|
from app.core.config import settings
|
2026-01-19 00:09:36 +08:00
|
|
|
|
from app.models.workflow import Workflow
|
|
|
|
|
|
from app.models.execution import Execution
|
|
|
|
|
|
from app.tasks.workflow_tasks import execute_workflow_task
|
|
|
|
|
|
import uuid
|
|
|
|
|
|
|
|
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
|
|
|
|
|
|
router = APIRouter(prefix="/api/v1/webhooks", tags=["webhooks"])
|
|
|
|
|
|
|
2026-05-10 19:50:20 +08:00
|
|
|
|
# 敏感 HTTP 头黑名单(禁止捕获存储)
|
|
|
|
|
|
_EXCLUDED_HEADERS = {
|
|
|
|
|
|
'host', 'content-length', 'connection', 'user-agent',
|
|
|
|
|
|
'authorization', 'cookie', 'set-cookie', 'x-forwarded-for',
|
|
|
|
|
|
'x-real-ip', 'x-auth-token', 'x-api-key',
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
# Webhook 专用安全头白名单(仅捕获这些头)
|
|
|
|
|
|
_ALLOWED_WEBHOOK_HEADERS_PREFIXES = ('x-', 'webhook-', 'gitlab-', 'github-')
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def _verify_webhook_token(x_webhook_token: Optional[str]) -> None:
|
|
|
|
|
|
"""验证 Webhook Token。若配置了 WEBHOOK_AUTH_TOKEN 则必须匹配。"""
|
|
|
|
|
|
expected = settings.WEBHOOK_AUTH_TOKEN
|
|
|
|
|
|
if expected and (not x_webhook_token or x_webhook_token != expected):
|
|
|
|
|
|
raise HTTPException(status_code=401, detail="Webhook token 认证失败")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def _filter_webhook_headers(raw_headers: Dict[str, str]) -> Dict[str, str]:
|
|
|
|
|
|
"""过滤 webhook 请求头:只保留安全相关的业务头。"""
|
|
|
|
|
|
filtered = {}
|
|
|
|
|
|
for key, value in raw_headers.items():
|
|
|
|
|
|
lower = key.lower()
|
|
|
|
|
|
if lower in _EXCLUDED_HEADERS:
|
|
|
|
|
|
continue
|
|
|
|
|
|
if any(lower.startswith(p) for p in _ALLOWED_WEBHOOK_HEADERS_PREFIXES):
|
|
|
|
|
|
filtered[key] = value
|
|
|
|
|
|
return filtered
|
|
|
|
|
|
|
2026-01-19 00:09:36 +08:00
|
|
|
|
|
|
|
|
|
|
class WebhookTriggerRequest(BaseModel):
|
|
|
|
|
|
"""Webhook触发请求模型"""
|
|
|
|
|
|
workflow_id: Optional[str] = None
|
|
|
|
|
|
workflow_name: Optional[str] = None
|
|
|
|
|
|
input_data: Dict[str, Any] = {}
|
|
|
|
|
|
headers: Optional[Dict[str, Any]] = None
|
|
|
|
|
|
query_params: Optional[Dict[str, Any]] = None
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@router.post("/trigger/{workflow_id}")
|
|
|
|
|
|
async def trigger_workflow_by_webhook(
|
|
|
|
|
|
workflow_id: str,
|
|
|
|
|
|
request: Request,
|
|
|
|
|
|
x_webhook_token: Optional[str] = Header(None, alias="X-Webhook-Token"),
|
|
|
|
|
|
db: Session = Depends(get_db)
|
|
|
|
|
|
):
|
|
|
|
|
|
"""
|
|
|
|
|
|
通过Webhook触发工作流执行
|
|
|
|
|
|
|
|
|
|
|
|
支持通过工作流ID触发工作流,可以传递自定义的输入数据。
|
|
|
|
|
|
可选:通过 X-Webhook-Token 头进行认证(如果工作流配置了webhook_token)。
|
|
|
|
|
|
|
|
|
|
|
|
Args:
|
|
|
|
|
|
workflow_id: 工作流ID
|
|
|
|
|
|
request: FastAPI请求对象(用于获取请求体、查询参数、请求头)
|
|
|
|
|
|
x_webhook_token: Webhook Token(可选,用于认证)
|
|
|
|
|
|
db: 数据库会话
|
|
|
|
|
|
"""
|
|
|
|
|
|
try:
|
2026-05-10 19:50:20 +08:00
|
|
|
|
# 验证 Webhook Token
|
|
|
|
|
|
_verify_webhook_token(x_webhook_token)
|
|
|
|
|
|
|
2026-01-19 00:09:36 +08:00
|
|
|
|
# 查找工作流
|
|
|
|
|
|
workflow = db.query(Workflow).filter(Workflow.id == workflow_id).first()
|
2026-05-10 19:50:20 +08:00
|
|
|
|
|
2026-01-19 00:09:36 +08:00
|
|
|
|
if not workflow:
|
|
|
|
|
|
raise HTTPException(status_code=404, detail="工作流不存在")
|
2026-05-10 19:50:20 +08:00
|
|
|
|
|
2026-01-19 00:09:36 +08:00
|
|
|
|
# 检查工作流状态
|
|
|
|
|
|
if workflow.status not in ['published', 'running']:
|
|
|
|
|
|
raise HTTPException(
|
2026-05-10 19:50:20 +08:00
|
|
|
|
status_code=400,
|
2026-01-19 00:09:36 +08:00
|
|
|
|
detail=f"工作流状态为 {workflow.status},无法通过Webhook触发"
|
|
|
|
|
|
)
|
2026-05-10 19:50:20 +08:00
|
|
|
|
|
2026-01-19 00:09:36 +08:00
|
|
|
|
# 获取请求数据
|
|
|
|
|
|
try:
|
|
|
|
|
|
body_data = await request.json() if request.headers.get("content-type", "").startswith("application/json") else {}
|
2026-05-10 19:50:20 +08:00
|
|
|
|
except Exception:
|
2026-01-19 00:09:36 +08:00
|
|
|
|
body_data = {}
|
2026-05-10 19:50:20 +08:00
|
|
|
|
|
2026-01-19 00:09:36 +08:00
|
|
|
|
# 获取查询参数
|
|
|
|
|
|
query_params = dict(request.query_params)
|
2026-05-10 19:50:20 +08:00
|
|
|
|
|
|
|
|
|
|
# 获取请求头(仅保留安全的业务头)
|
|
|
|
|
|
headers = _filter_webhook_headers(dict(request.headers))
|
|
|
|
|
|
|
2026-01-19 00:09:36 +08:00
|
|
|
|
# 构建输入数据:合并查询参数、请求体和请求头
|
|
|
|
|
|
input_data = {
|
|
|
|
|
|
**query_params,
|
|
|
|
|
|
**body_data,
|
|
|
|
|
|
'_webhook': {
|
|
|
|
|
|
'headers': headers,
|
|
|
|
|
|
'query_params': query_params,
|
|
|
|
|
|
'body': body_data,
|
|
|
|
|
|
'method': request.method,
|
|
|
|
|
|
'path': str(request.url.path)
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2026-05-10 19:50:20 +08:00
|
|
|
|
|
2026-01-19 00:09:36 +08:00
|
|
|
|
# 创建执行记录
|
|
|
|
|
|
execution = Execution(
|
|
|
|
|
|
workflow_id=workflow_id,
|
|
|
|
|
|
input_data=input_data,
|
|
|
|
|
|
status="pending"
|
|
|
|
|
|
)
|
|
|
|
|
|
db.add(execution)
|
|
|
|
|
|
db.commit()
|
|
|
|
|
|
db.refresh(execution)
|
2026-05-10 19:50:20 +08:00
|
|
|
|
|
2026-01-19 00:09:36 +08:00
|
|
|
|
# 异步执行工作流
|
|
|
|
|
|
workflow_data = {
|
|
|
|
|
|
'nodes': workflow.nodes,
|
|
|
|
|
|
'edges': workflow.edges
|
|
|
|
|
|
}
|
|
|
|
|
|
task = execute_workflow_task.delay(
|
|
|
|
|
|
str(execution.id),
|
|
|
|
|
|
workflow_id,
|
|
|
|
|
|
workflow_data,
|
|
|
|
|
|
input_data
|
|
|
|
|
|
)
|
2026-05-10 19:50:20 +08:00
|
|
|
|
|
2026-01-19 00:09:36 +08:00
|
|
|
|
# 更新执行记录的task_id
|
|
|
|
|
|
execution.task_id = task.id
|
|
|
|
|
|
db.commit()
|
|
|
|
|
|
db.refresh(execution)
|
2026-05-10 19:50:20 +08:00
|
|
|
|
|
2026-01-19 00:09:36 +08:00
|
|
|
|
return {
|
|
|
|
|
|
"status": "success",
|
|
|
|
|
|
"message": "工作流已触发执行",
|
|
|
|
|
|
"execution_id": str(execution.id),
|
|
|
|
|
|
"task_id": task.id
|
|
|
|
|
|
}
|
2026-05-10 19:50:20 +08:00
|
|
|
|
|
2026-01-19 00:09:36 +08:00
|
|
|
|
except HTTPException:
|
|
|
|
|
|
raise
|
|
|
|
|
|
except Exception as e:
|
2026-05-10 19:50:20 +08:00
|
|
|
|
logger.error("Webhook触发工作流失败: %s", e, exc_info=True)
|
|
|
|
|
|
raise HTTPException(status_code=500, detail="触发工作流失败")
|
2026-01-19 00:09:36 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@router.post("/trigger/by-name/{workflow_name}")
|
|
|
|
|
|
async def trigger_workflow_by_name(
|
|
|
|
|
|
workflow_name: str,
|
|
|
|
|
|
request: Request,
|
|
|
|
|
|
x_webhook_token: Optional[str] = Header(None, alias="X-Webhook-Token"),
|
|
|
|
|
|
db: Session = Depends(get_db)
|
|
|
|
|
|
):
|
|
|
|
|
|
"""
|
|
|
|
|
|
通过工作流名称触发工作流执行
|
|
|
|
|
|
|
|
|
|
|
|
支持通过工作流名称触发工作流,适用于通过名称标识工作流的场景。
|
|
|
|
|
|
|
|
|
|
|
|
Args:
|
|
|
|
|
|
workflow_name: 工作流名称
|
|
|
|
|
|
request: FastAPI请求对象
|
|
|
|
|
|
x_webhook_token: Webhook Token(可选)
|
|
|
|
|
|
db: 数据库会话
|
|
|
|
|
|
"""
|
|
|
|
|
|
try:
|
2026-05-10 19:50:20 +08:00
|
|
|
|
# 验证 Webhook Token
|
|
|
|
|
|
_verify_webhook_token(x_webhook_token)
|
|
|
|
|
|
|
2026-01-19 00:09:36 +08:00
|
|
|
|
# 查找工作流(按名称,且状态为published或running)
|
|
|
|
|
|
workflow = db.query(Workflow).filter(
|
|
|
|
|
|
Workflow.name == workflow_name,
|
|
|
|
|
|
Workflow.status.in_(['published', 'running'])
|
|
|
|
|
|
).first()
|
2026-05-10 19:50:20 +08:00
|
|
|
|
|
2026-01-19 00:09:36 +08:00
|
|
|
|
if not workflow:
|
|
|
|
|
|
raise HTTPException(status_code=404, detail=f"未找到名称为 '{workflow_name}' 的已发布工作流")
|
2026-05-10 19:50:20 +08:00
|
|
|
|
|
2026-01-19 00:09:36 +08:00
|
|
|
|
# 获取请求数据
|
|
|
|
|
|
try:
|
|
|
|
|
|
body_data = await request.json() if request.headers.get("content-type", "").startswith("application/json") else {}
|
2026-05-10 19:50:20 +08:00
|
|
|
|
except Exception:
|
2026-01-19 00:09:36 +08:00
|
|
|
|
body_data = {}
|
2026-05-10 19:50:20 +08:00
|
|
|
|
|
2026-01-19 00:09:36 +08:00
|
|
|
|
# 获取查询参数
|
|
|
|
|
|
query_params = dict(request.query_params)
|
2026-05-10 19:50:20 +08:00
|
|
|
|
|
|
|
|
|
|
# 获取请求头(仅保留安全的业务头)
|
|
|
|
|
|
headers = _filter_webhook_headers(dict(request.headers))
|
|
|
|
|
|
|
2026-01-19 00:09:36 +08:00
|
|
|
|
# 构建输入数据
|
|
|
|
|
|
input_data = {
|
|
|
|
|
|
**query_params,
|
|
|
|
|
|
**body_data,
|
|
|
|
|
|
'_webhook': {
|
|
|
|
|
|
'headers': headers,
|
|
|
|
|
|
'query_params': query_params,
|
|
|
|
|
|
'body': body_data,
|
|
|
|
|
|
'method': request.method,
|
|
|
|
|
|
'path': str(request.url.path)
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2026-05-10 19:50:20 +08:00
|
|
|
|
|
2026-01-19 00:09:36 +08:00
|
|
|
|
# 创建执行记录
|
|
|
|
|
|
execution = Execution(
|
|
|
|
|
|
workflow_id=workflow.id,
|
|
|
|
|
|
input_data=input_data,
|
|
|
|
|
|
status="pending"
|
|
|
|
|
|
)
|
|
|
|
|
|
db.add(execution)
|
|
|
|
|
|
db.commit()
|
|
|
|
|
|
db.refresh(execution)
|
2026-05-10 19:50:20 +08:00
|
|
|
|
|
2026-01-19 00:09:36 +08:00
|
|
|
|
# 异步执行工作流
|
|
|
|
|
|
workflow_data = {
|
|
|
|
|
|
'nodes': workflow.nodes,
|
|
|
|
|
|
'edges': workflow.edges
|
|
|
|
|
|
}
|
|
|
|
|
|
task = execute_workflow_task.delay(
|
|
|
|
|
|
str(execution.id),
|
|
|
|
|
|
workflow.id,
|
|
|
|
|
|
workflow_data,
|
|
|
|
|
|
input_data
|
|
|
|
|
|
)
|
2026-05-10 19:50:20 +08:00
|
|
|
|
|
2026-01-19 00:09:36 +08:00
|
|
|
|
# 更新执行记录的task_id
|
|
|
|
|
|
execution.task_id = task.id
|
|
|
|
|
|
db.commit()
|
|
|
|
|
|
db.refresh(execution)
|
2026-05-10 19:50:20 +08:00
|
|
|
|
|
2026-01-19 00:09:36 +08:00
|
|
|
|
return {
|
|
|
|
|
|
"status": "success",
|
|
|
|
|
|
"message": "工作流已触发执行",
|
|
|
|
|
|
"execution_id": str(execution.id),
|
|
|
|
|
|
"task_id": task.id,
|
|
|
|
|
|
"workflow_id": workflow.id
|
|
|
|
|
|
}
|
2026-05-10 19:50:20 +08:00
|
|
|
|
|
2026-01-19 00:09:36 +08:00
|
|
|
|
except HTTPException:
|
|
|
|
|
|
raise
|
|
|
|
|
|
except Exception as e:
|
2026-05-10 19:50:20 +08:00
|
|
|
|
logger.error("Webhook触发工作流失败: %s", e, exc_info=True)
|
|
|
|
|
|
raise HTTPException(status_code=500, detail="触发工作流失败")
|
