feat: add custom auth plugin and related tests

Author: GrantBirki

spec/acceptance/acceptance_tests.rb

@@ -148,5 +148,37 @@
         expect(body["status"]).to eq("success")
       end
     end
+
+    describe "custom auth plugin" do
+
+      it "successfully validates using a custom auth plugin" do
+        payload = {}.to_json
+        headers = { "Authorization" => "Bearer octoawesome-shared-secret" }
+        response = http.post("/webhooks/with_custom_auth_plugin", payload, headers)
+
+        expect(response).to be_a(Net::HTTPSuccess)
+        body = JSON.parse(response.body)
+        expect(body["status"]).to eq("test_success")
+        expect(body["handler"]).to eq("TestHandler")
+      end
+
+      it "rejects requests with invalid credentials using custom auth plugin" do
+        payload = {}.to_json
+        headers = { "Authorization" => "Bearer wrong-secret" }
+        response = http.post("/webhooks/with_custom_auth_plugin", payload, headers)
+
+        expect(response).to be_a(Net::HTTPUnauthorized)
+        expect(response.body).to include("authentication failed")
+      end
+
+      it "rejects requests with missing credentials using custom auth plugin" do
+        payload = {}.to_json
+        headers = {}
+        response = http.post("/webhooks/with_custom_auth_plugin", payload, headers)
+
+        expect(response).to be_a(Net::HTTPUnauthorized)
+        expect(response.body).to include("authentication failed")
+      end
+    end
   end
 end

spec/acceptance/config/endpoints/with_custom_auth.yml

@@ -0,0 +1,7 @@
+path: /with_custom_auth_plugin
+handler: TestHandler
+
+auth:
+  type: example_auth_plugin
+  secret_env_key: SHARED_SECRET # the name of the environment variable containing the shared secret
+  header: Authorization

spec/acceptance/plugins/auth/example_auth_plugin.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+# this is just a super simple example of an auth plugin
+# it is not secure and should not be used in production
+# it is only for demonstration purposes
+
+module Hooks
+  module Plugins
+    module Auth
+      class ExampleAuthPlugin < Base
+        def self.valid?(payload:, headers:, config:)
+          # Get the secret from environment variable as configured with secret_env_key
+          secret = fetch_secret(config, secret_env_key_name: :secret_env_key)
+
+          # Get the authorization header (case-insensitive)
+          auth_header = nil
+          headers.each do |key, value|
+            if key.downcase == "authorization"
+              auth_header = value
+              break
+            end
+          end
+
+          # Check if the header matches our expected format
+          return false unless auth_header
+
+          # Extract the token from "Bearer <token>" format
+          return false unless auth_header.start_with?("Bearer ")
+
+          token = auth_header[7..-1] # Remove "Bearer " prefix
+
+          # Simple token comparison (in practice, this might be more complex)
+          Rack::Utils.secure_compare(token, secret)
+        rescue StandardError => e
+          log.error("ExampleAuthPlugin failed: #{e.message}")
+          false
+        end
+      end
+    end
+  end
+end

spec/acceptance/plugins/handlers/test_handler.rb

@@ -4,6 +4,7 @@ class TestHandler < Hooks::Plugins::Handlers::Base
   def call(payload:, headers:, config:)
     {
       status: "test_success",
+      handler: "TestHandler",
       payload_received: payload,
       config_opts: config[:opts],
       timestamp: Time.now.iso8601