Add EventBridge webhook endpoint for OSS events with configurable CDN refresh#8
Conversation
Co-authored-by: daflyinbed <21363956+daflyinbed@users.noreply.github.com>
src/routes/aliyun_handlers.rs
Outdated
| pub async fn handle_oss_events( | ||
| State(state): State<AppState>, | ||
| headers: HeaderMap, | ||
| Json(payload): Json<OssEventPayload>, |
There was a problem hiding this comment.
@copilot 这里直接接受serde_json::Value 在handler里面打印收到的整个json 然后再parse成OssEventPayload
There was a problem hiding this comment.
Updated in commit cf1b76a. The handler now accepts serde_json::Value, logs the entire received JSON with tracing::info!(), then parses it into OssEventPayload.
Co-authored-by: daflyinbed <21363956+daflyinbed@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR adds a webhook endpoint for Aliyun EventBridge to receive OSS (Object Storage Service) events and automatically trigger CDN cache refresh for the affected objects. The implementation uses custom JWT authentication via the x-eventbridge-signature-token header and maps OSS bucket names to CDN domains.
Changes:
- Added POST
/api/aliyun/eventsendpoint to handle OSS EventBridge events - Restructured router to separate public routes from JWT-protected routes
- Modified JWT validation to skip standard claim validation for EventBridge tokens
- Created sample event data in demo.jsonl for testing
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 7 comments.
| File | Description |
|---|---|
| src/routes/mod.rs | Splits router into public and protected routes, adds EventBridge endpoint to public routes with custom auth |
| src/routes/aliyun_handlers.rs | Implements OSS event handler with data structures, bucket-to-domain mapping, and CDN refresh integration |
| src/auth.rs | Modifies JWT validation to skip required spec claims validation |
| demo.jsonl | Provides sample OSS event payloads for testing various event types |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| #[utoipa::path( | ||
| post, | ||
| tag = "aliyun", | ||
| path = "/aliyun/events", | ||
| request_body = OssEventPayload, | ||
| responses( | ||
| (status = OK, description = "Successfully processed OSS event and triggered CDN refresh", body = OssEventResponse), | ||
| (status = UNAUTHORIZED, description = "Missing or invalid x-eventbridge-signature-token"), | ||
| (status = BAD_REQUEST, description = "Invalid request or unsupported bucket"), | ||
| (status = INTERNAL_SERVER_ERROR, description = "Internal server error") | ||
| ) | ||
| )] |
There was a problem hiding this comment.
The OpenAPI documentation for this endpoint doesn't specify a security scheme for the x-eventbridge-signature-token header. This makes the API documentation incomplete and potentially confusing for API consumers. Consider adding a custom security scheme in the SecurityAddon modifier and applying it to this endpoint using the security attribute in the utoipa::path macro, similar to how bearer_auth is used for other endpoints.
There was a problem hiding this comment.
Applied in commit 61c5e20. Added eventbridge_token security scheme to OpenAPI documentation and applied it to the /aliyun/events endpoint.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…add URL encoding, update OpenAPI security Co-authored-by: daflyinbed <21363956+daflyinbed@users.noreply.github.com>
|
@copilot 配置的aliyun字段下面添加一个map字段 key是oss的bucket的名字 value是一个字符串作为url的模板,handler里面拿到bucket_name之后查map找到到对应的url模板 用object_key替换里面的变量。 |
Co-authored-by: daflyinbed <21363956+daflyinbed@users.noreply.github.com>
Implemented in commit c2f789e. Added |
…le CDN refresh (#8) * Initial plan * Add OSS EventBridge event handler with bucket-to-domain mapping Co-authored-by: daflyinbed <21363956+daflyinbed@users.noreply.github.com> * auth * Accept serde_json::Value and log raw OSS event payload for debugging Co-authored-by: daflyinbed <21363956+daflyinbed@users.noreply.github.com> * Update src/routes/mod.rs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Address code review feedback: fix Claims sub field, improve logging, add URL encoding, update OpenAPI security Co-authored-by: daflyinbed <21363956+daflyinbed@users.noreply.github.com> * Replace hardcoded bucket mapping with configurable bucket_url_map Co-authored-by: daflyinbed <21363956+daflyinbed@users.noreply.github.com> * update * update --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: daflyinbed <21363956+daflyinbed@users.noreply.github.com> Co-authored-by: 夕舞八弦 <1677759063@qq.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Key Features
Configurable Bucket Mapping: The bucket-to-URL mapping is now fully configurable through the
bucket_url_mapfield in the Aliyun configuration section. Administrators can add or modify bucket mappings without code changes by editing the configuration file.URL Template Support: URL templates support the
{object_key}placeholder which is dynamically replaced with the actual percent-encoded object key. Example configuration:Security: Custom JWT authentication via
x-eventbridge-signature-tokenheader with proper OpenAPI documentation.Debugging: Raw event payload logging at debug level for troubleshooting without exposing sensitive data in production logs.
Original prompt
This section details on the original issue you should resolve
<issue_title>通过阿里云 event_bridge 对 OSS 上传/删除事件触发对应域名 CDN 刷新</issue_title>
<issue_description>## 需求描述
在
aliyun分支中,实现一个接口POST /api/aliyun/events,用于接收来自阿里云 event_bridge 的 OSS 上传与删除事件,并根据对象存储桶触发对应 CDN 域名刷新。事件参数
参数示例详见
demo.jsonl,事件包括但不限于:demo.jsonl