Add webhooks

[paxswill]

Add webhooks for various events, like on request submission, when actions are performed, etc. The goal for this is to make life easier for external clients and to make extending built-in functionality easier. A couple of use cases:

• Test has a Jabber bot that alerts us when a new request is filed. It'd be nice if instead of polling the API, it got a notification from the app via a webhook when a request was done.
• Nothing happens at the moment when a user leaves a comment, which can be problematic as almost everything else has notifications about comments. Adding a webhook means we can have a notification in Jabber when the submitter leaves a comment, and possibly a way to send a message to the submitter when someone else leaves a comment.
• It might be possible to replace the custom killmail subclassing currently used to customize request handling by using a webhook on request submission. If a request doesn't meet the requirements, the request can be rejected or incomplete automatically.

[paxswill]

Related to the last use case, I have a silly dream where an external program gets activated from a web hook, evaluates a fit against one specified using Pyfa's fitting engine to determine what kind of payout is correct, then sets that on the request.

[paxswill]

Events that it should be possible to register webhooks on:

• Request Submission
• Division change
• Action created (marking requests as approved, incomplete, etc as well as comments)
• Role change (probably restricted to individual role changes, so people don't get spammed when a large group is added to submitters).
• Note Addition
• Base Payout Change
• Modifier Change (either added or voided)
• User Login (maybe, see discussion below)
• Division Creation (site-wide only)

Hooks should be able to be specified at either a division level (configurable by division admins) or on an site level (configurable by site admins). I'm going to pattern the API after GitHub's Webhooks, with the caveat that authenticated requests will be added later.

For user login events, this will (if implemented at all) only be able to be configured on a site-wide basis by the site admins. Even then, I'm not sure if I'll be able to make it performant enough to be viable.

[paxswill]

Authenticated HTTP requests (from the app) to a registered webhook should also be able to respond to some events. Some examples:

• Request Submission, Division Change, Action Created, Payout Change, Modifier Change
  • Set Payout
  • Add Action/Set Status (with an option to suppress further webhooks maybe?)
  • Add Modifier (again, option to suppress further hooks)
• Division Creation
  • Add Roles

I'm thinking of having these be authenticated with the same secret key (see the GitHub docs) used to authenticate the requests from the app. The other option is to maybe use asymmetric keys to handle that (with maybe auto-generated app-side keys?). Again, will need to think about this to get it right.

[BlueNexus]

Once webhooks are added, I should be able to develop something to automatically calculate the base payout of a request.

[paxswill]

OK, so I hashed out a start to what I think the API will look like for this.