Add delete request endpoint that creates a channel event for FBA channels

norkans7 · norkans7 · commit 10d4c8741a0e · 2025-02-14T17:20:56.000+02:00
diff --git a/channel_event.go b/channel_event.go
@@ -21,6 +21,7 @@ const (
 	EventTypeWelcomeMessage  ChannelEventType = "welcome_message"
 	EventTypeOptIn           ChannelEventType = "optin"
 	EventTypeOptOut          ChannelEventType = "optout"
+	EventDeletionRequest     ChannelEventType = "delete_request"
 )
 
 //-----------------------------------------------------------------------------
diff --git a/handlers/meta/facebook_test.go b/handlers/meta/facebook_test.go
@@ -322,6 +322,38 @@ func TestFacebookDescribeURN(t *testing.T) {
 	AssertChannelLogRedaction(t, clog, []string{"a123", "wac_admin_system_user_token"})
 }
 
+func TestDeleteRequest(t *testing.T) {
+	RunIncomingTestCases(t, facebookTestChannels, newHandler("FBA", "Facebook"), []IncomingTestCase{
+		{
+			Label:       "Receive Delete request FBA",
+			URL:         "/c/fba/delete",
+			Data:        `{"algorithm":"HMAC-SHA256","expires":1291840400,"issued_at":1291836800,"user_id":"218471"}`,
+			PrepRequest: addValidSignature,
+
+			ExpectedRespStatus:    200,
+			ExpectedBodyContains:  "Deletion Request Received",
+			NoQueueErrorCheck:     true,
+			NoInvalidChannelCheck: true,
+			NoLogsExpected:        true,
+			ExpectedEvents: []ExpectedEvent{
+				{Type: courier.EventDeletionRequest, URN: "facebook:218471", Extra: map[string]string{"userID": "218471"}},
+			},
+		},
+		{
+			Label:       "Receive Delete request FBA",
+			URL:         "/c/fba/delete",
+			Data:        `{"algorithm":"HMAC-SHA256","expires":1291840400,"issued_at":1291836800,"user_id":"abc1234"}`,
+			PrepRequest: addValidSignature,
+
+			ExpectedRespStatus:    200,
+			ExpectedBodyContains:  "invalid facebook id",
+			NoQueueErrorCheck:     true,
+			NoInvalidChannelCheck: true,
+			NoLogsExpected:        true,
+		},
+	})
+}
+
 func TestFacebookVerify(t *testing.T) {
 	RunIncomingTestCases(t, facebookTestChannels, newHandler("FBA", "Facebook"), []IncomingTestCase{
 		{
diff --git a/handlers/meta/handlers.go b/handlers/meta/handlers.go
@@ -17,6 +17,7 @@ import (
 	"time"
 
 	"github.com/buger/jsonparser"
+	"github.com/getsentry/sentry-go"
 	"github.com/nyaruka/courier"
 	"github.com/nyaruka/courier/handlers"
 	"github.com/nyaruka/courier/handlers/meta/messenger"
@@ -86,6 +87,7 @@ func (h *handler) Initialize(s courier.Server) error {
 	h.SetServer(s)
 	s.AddHandlerRoute(h, http.MethodGet, "receive", courier.ChannelLogTypeWebhookVerify, h.receiveVerify)
 	s.AddHandlerRoute(h, http.MethodPost, "receive", courier.ChannelLogTypeMultiReceive, handlers.JSONPayload(h, h.receiveEvents))
+	s.AddHandlerRoute(h, http.MethodPost, "delete", courier.ChannelLogTypeEventReceive, handlers.JSONPayload(h, h.deleteEvents))
 	return nil
 }
 
@@ -131,7 +133,7 @@ func (h *handler) WriteRequestError(ctx context.Context, w http.ResponseWriter,
 
 // GetChannel returns the channel
 func (h *handler) GetChannel(ctx context.Context, r *http.Request) (courier.Channel, error) {
-	if r.Method == http.MethodGet {
+	if r.Method == http.MethodGet || r.URL.Path == "/c/fba/delete" {
 		return nil, nil
 	}
 
@@ -215,6 +217,52 @@ func (h *handler) resolveMediaURL(mediaID string, token string, clog *courier.Ch
 	return mediaURL, err
 }
 
+type DeletionRequestData struct {
+	Algorithm string `json:"algorithm"`
+	Expires   int64  `json:"expires"`
+	IssuedAt  int64  `json:"issued_at"`
+	UserID    string `json:"user_id"`
+}
+
+type DeleteConfirmationData struct {
+	URL              string `json:"url"`
+	ConfirmationCode string `json:"confirmation_code"`
+}
+
+// deleteEvents is our HTTP handler function for deleting data requests
+func (h *handler) deleteEvents(ctx context.Context, channel courier.Channel, w http.ResponseWriter, r *http.Request, payload *DeletionRequestData, clog *courier.ChannelLog) ([]courier.Event, error) {
+	err := h.validateSignature(r)
+	if err != nil {
+		return nil, handlers.WriteAndLogRequestError(ctx, h, channel, w, r, err)
+	}
+
+	urn, err := urns.New(urns.Facebook, payload.UserID)
+	if err != nil {
+		return nil, handlers.WriteAndLogRequestError(ctx, h, channel, w, r, errors.New("invalid facebook id"))
+	}
+	date := parseTimestamp(payload.IssuedAt)
+
+	events := make([]courier.Event, 0, 2)
+	data := make([]any, 0, 2)
+
+	payloadJson, _ := json.Marshal(payload)
+	sentry.CaptureMessage(fmt.Sprintf("Data Deletion Request: %s", payloadJson))
+
+	event := h.Backend().NewChannelEvent(channel, courier.EventDeletionRequest, urn, clog).WithOccurredOn(date).WithExtra(map[string]string{"userID": payload.UserID})
+
+	err = h.Backend().WriteChannelEvent(ctx, event, clog)
+	if err != nil {
+		return nil, err
+	}
+
+	confirmationURL := fmt.Sprintf("https://%s/channels/events/read/%s/", h.Server().Config().Domain, event.UUID())
+
+	events = append(events, event)
+	data = append(data, DeleteConfirmationData{URL: confirmationURL, ConfirmationCode: string(event.UUID())})
+
+	return events, courier.WriteDataResponse(w, http.StatusOK, "Deletion Request Received", data)
+}
+
 // receiveEvents is our HTTP handler function for incoming messages and status updates
 func (h *handler) receiveEvents(ctx context.Context, channel courier.Channel, w http.ResponseWriter, r *http.Request, payload *Notifications, clog *courier.ChannelLog) ([]courier.Event, error) {
 	err := h.validateSignature(r)

Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,7 @@ const (`
`21`	`21`	`EventTypeWelcomeMessage ChannelEventType = "welcome_message"`
`22`	`22`	`EventTypeOptIn ChannelEventType = "optin"`
`23`	`23`	`EventTypeOptOut ChannelEventType = "optout"`
	`24`	`+ EventDeletionRequest ChannelEventType = "delete_request"`
`24`	`25`	`)`
`25`	`26`
`26`	`27`	`//-----------------------------------------------------------------------------`