feat: google form invite webhook

.github/workflows/audit.yml

@@ -32,13 +32,13 @@ jobs:
       - name: Poetry audit
         id: poetry-audit
         run: |-
-          pip install poetry-audit-plugin
-          poetry audit > audit.txt
+          pip install "safety==3.7.0" poetry-audit-plugin
+          poetry audit > audit.txt 2>&1 || true
           cat audit.txt
         continue-on-error: true
       - name: Comment with audit result
         uses: marocchino/sticky-pull-request-comment@v2
-        if: github.event_name == 'pull_request'
+        if: github.event_name == 'pull_request' && hashFiles('audit.txt') != ''
         with:
           recreate: true
           path: audit.txt

scripts/invite-google-apps-scripts.js

@@ -0,0 +1,84 @@
+const BACKEND_URL = 'VIRTUAL_LAB_API_URL';
+
+function onWebinarFormSubmit(e) {
+  try {
+    if (!e || !e.response) {
+      console.error('No form response in event');
+      return;
+    }
+    const props = PropertiesService.getScriptProperties();
+    const secret        = props.getProperty('x_webhook_signature');
+    const virtualLabId  = props.getProperty('x_virtual_lab_id');
+    const projectId     = props.getProperty('x_project_id');
+    const userId     = props.getProperty('x_user_id');
+
+    if(!secret){
+      console.error('Missing Script Properties: WEBHOOK_SECRET');
+      return;
+    }
+    if(!virtualLabId){
+      console.error('Missing Script Properties: VIRTUAL_LAB_ID');
+      return;
+    }
+    if(!projectId){
+      console.error('Missing Script Properties: PROJECT_ID');
+      return;
+    }
+    if(!userId){
+      console.error('Missing Script Properties: USER_ID');
+      return;
+    }
+
+    const itemResponses = e.response.getItemResponses();
+    const answers = {};
+    itemResponses.forEach(ir => {
+      answers[ir.getItem().getTitle()] = ir.getResponse();
+    });
+
+    const fullName = (answers['Name']  || '').toString().trim();
+    const email    = (answers['Email'] || '').toString().trim();
+
+    if (!email) {
+      console.error('No email in submission');
+      return;
+    }
+
+
+    const payload = {
+      name: fullName,
+      email: email,
+      source: 'webinar_form',
+      submittedAt: new Date().toISOString(),
+      responseId: e.response ? e.response.getId() : Utilities.getUuid(),
+    };
+
+    const body = JSON.stringify(payload);
+
+    // HMAC-SHA256 over the raw body — IDs are inside, so they're signed too.
+    const signature = Utilities.computeHmacSha256Signature(body, secret)
+      .map(b => ('0' + (b & 0xff).toString(16)).slice(-2))
+      .join('');
+
+    const response = UrlFetchApp.fetch(`${BACKEND_URL}/invites/webhook`, {
+      method: 'post',
+      contentType: 'application/json',
+      headers: {
+        'x-webhook-signature': signature,
+        'x-virtual-lab-id': virtualLabId,
+        'x-project-id': projectId,
+        'x-user-id': userId,
+      },
+      payload: body,
+      muteHttpExceptions: true,
+    });
+
+    const code = response.getResponseCode();
+    if (code < 200 || code >= 300) {
+      console.error('Backend error', code, response.getContentText());
+    } else {
+      console.log('Invite sent for', email);
+    }
+  } catch (err) {
+    console.error('Submission handler failed:', err);
+  }
+}

virtual_labs/domain/invite.py

@@ -27,3 +27,8 @@ class InviteOut(BaseModel):
     virtual_lab_id: UUID4
     origin: InviteOrigin
     accepted: Literal["accepted", "already_accepted"] | None
+
+
+class WebhookPayload(BaseModel):
+    name: str
+    email: EmailStr

virtual_labs/infrastructure/settings.py

@@ -75,6 +75,7 @@ class Settings(BaseSettings):
     VALIDATE_CERTS: bool = False
 
     INVITE_JWT_SECRET: str = "TEST_JWT_SECRET"
+    INVITE_WEBHOOK_SECRET: str = ""
     INVITE_EXPIRES_IN_DAYS: int = 7
     INVITE_LINK_BASE: str = "http://localhost:3000"
 

virtual_labs/routes/invites.py

@@ -1,12 +1,17 @@
-from typing import Tuple
+from typing import Annotated, Tuple
 
-from fastapi import APIRouter, Depends, Query
-from fastapi.responses import Response
+from fastapi import APIRouter, Depends, Header, Query, Request
+from fastapi.responses import JSONResponse, Response
+from pydantic import UUID4
 from sqlalchemy.ext.asyncio import AsyncSession
 
 from virtual_labs.core.exceptions.api_error import VliError
 from virtual_labs.core.types import VliAppResponse
-from virtual_labs.domain.invite import InvitationResponse, InviteOut
+from virtual_labs.domain.invite import (
+    InvitationResponse,
+    InviteOut,
+    WebhookPayload,
+)
 from virtual_labs.infrastructure.db.config import default_session_factory
 from virtual_labs.infrastructure.kc.auth import verify_jwt
 from virtual_labs.infrastructure.kc.models import AuthUser
@@ -52,3 +57,33 @@ async def handle_invite(
         invite_token=token,
         auth=auth,
     )
+
+
+@router.post(
+    "/webhook",
+    operation_id="invites_webhook_handler",
+    summary="Handle incoming webhook to invite a user to a project",
+    description="This is tied to the google form invite setup",
+)
+async def webhook_handler(
+    request: Request,
+    payload: WebhookPayload,
+    x_webhook_signature: Annotated[str, Header()],
+    x_virtual_lab_id: Annotated[UUID4, Header()],
+    x_project_id: Annotated[UUID4, Header()],
+    x_user_id: Annotated[UUID4, Header()],
+    session: AsyncSession = Depends(default_session_factory),
+) -> JSONResponse:
+    body = await request.body()
+
+    result = await invite_cases.handle_invite_webhook(
+        session,
+        signature=x_webhook_signature,
+        body=body,
+        virtual_lab_id=str(x_virtual_lab_id),
+        project_id=str(x_project_id),
+        inviter_id=str(x_user_id),
+        invitee_email=payload.email,
+        invitee_name=payload.name,
+    )
+    return JSONResponse(status_code=200, content=result)