feat: add notification channels with provider integrations and retry

Implement a channels system for notifying teams via external providers (Discord, Slack, Teams, Google Chat, Telegram, Matrix, webhook) when lifecycle events occur (capsule/template/host state changes). - Channel CRUD API under /v1/channels (JWT-only auth) - Test endpoint to verify config before saving (POST /v1/channels/test) - Secret rotation endpoint (PUT /v1/channels/{id}/config) - AES-256-GCM encryption for provider secrets (WRENN_ENCRYPTION_KEY) - Redis stream event publishing from audit logger - Background dispatcher with consumer group and retry (10s, 30s) - Webhook delivery with HMAC-SHA256 signing (X-WRENN-SIGNATURE) - shoutrrr integration for chat providers - Secrets never exposed in API responses
2026-04-09 17:06:06 +06:00
parent 5148b5dd64
commit 84dd15d22b
24 changed files with 1871 additions and 7 deletions
--- a/internal/channels/deliver.go
+++ b/internal/channels/deliver.go
@ -0,0 +1,36 @@
+package channels
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+
+	"github.com/containrrr/shoutrrr"
+
+	"git.omukk.dev/wrenn/sandbox/internal/events"
+)
+
+// Deliver sends a notification to a single provider with the given config.
+// For webhooks it uses HMAC-signed HTTP POST; for all others it uses shoutrrr.
+func Deliver(ctx context.Context, provider string, config map[string]string, e events.Event) error {
+	payload, err := json.Marshal(e)
+	if err != nil {
+		return fmt.Errorf("marshal event: %w", err)
+	}
+
+	if provider == "webhook" {
+		wh := NewWebhookDelivery()
+		return wh.Deliver(ctx, config["url"], config["secret"], payload)
+	}
+
+	shoutrrrURL, err := ShoutrrrURL(provider, config)
+	if err != nil {
+		return fmt.Errorf("build shoutrrr URL: %w", err)
+	}
+
+	msg := FormatMessage(e)
+	if err := shoutrrr.Send(shoutrrrURL, msg); err != nil {
+		return fmt.Errorf("shoutrrr send: %w", err)
+	}
+	return nil
+}