mirror/outline
1
0
Fork 0
mirror of https://github.com/outline/outline.git synced 2025-12-20 18:19:43 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
1df7a428681a369e89c52daae7287c85bd8ef959
outline/plugins/slack/server/api/hooks.ts
Tom Moor 1df7a42868 Update language on /outline help text 
Update Slack hooks to use zod validation

closes #5768
2023-09-04 10:40:46 -04:00

411 lines
11 KiB
TypeScript
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
import { t } from "i18next";
import Router from "koa-router";
import escapeRegExp from "lodash/escapeRegExp";
import { Op } from "sequelize";
import { z } from "zod";
import { IntegrationService } from "@shared/types";
import env from "@server/env";
import {
AuthenticationError,
InvalidRequestError,
ValidationError,
} from "@server/errors";
import Logger from "@server/logging/Logger";
import validate from "@server/middlewares/validate";
import {
UserAuthentication,
AuthenticationProvider,
Document,
User,
Team,
SearchQuery,
Integration,
IntegrationAuthentication,
} from "@server/models";
import SearchHelper from "@server/models/helpers/SearchHelper";
import { APIContext } from "@server/types";
import { safeEqual } from "@server/utils/crypto";
import { opts } from "@server/utils/i18n";
import presentMessageAttachment from "../presenters/messageAttachment";
import * as Slack from "../slack";
import * as T from "./schema";
const router = new Router();
function verifySlackToken(token: string) {
if (!env.SLACK_VERIFICATION_TOKEN) {
throw AuthenticationError(
"SLACK_VERIFICATION_TOKEN is not present in environment"
);
}
if (!safeEqual(env.SLACK_VERIFICATION_TOKEN, token)) {
throw AuthenticationError("Invalid token");
}
}
// triggered by a user posting a getoutline.com link in Slack
router.post(
"hooks.unfurl",
validate(T.HooksUnfurlSchema),
async (ctx: APIContext<T.HooksUnfurlReq>) => {
// See URL verification handshake documentation on this page:
// https://api.slack.com/apis/connections/events-api
if ("challenge" in ctx.input.body) {
ctx.body = {
challenge: ctx.input.body.challenge,
};
return;
}
const { token, event } = ctx.input.body;
verifySlackToken(token);
const user = await User.findOne({
include: [
{
where: {
providerId: event.user,
},
model: UserAuthentication,
as: "authentications",
required: true,
separate: true,
},
],
});
if (!user) {
return;
}
const auth = await IntegrationAuthentication.findOne({
where: {
service: IntegrationService.Slack,
teamId: user.teamId,
},
});
if (!auth) {
return;
}
// get content for unfurled links
const unfurls = {};
for (const link of event.links) {
const id = link.url.slice(link.url.lastIndexOf("/") + 1);
const doc = await Document.findByPk(id);
if (!doc || doc.teamId !== user.teamId) {
continue;
}
unfurls[link.url] = {
title: doc.title,
text: doc.getSummary(),
color: doc.collection?.color,
};
}
await Slack.post("chat.unfurl", {
token: auth.token,
channel: event.channel,
ts: event.message_ts,
unfurls,
});
ctx.body = {
success: true,
};
}
);
// triggered by interactions with actions, dialogs, message buttons in Slack
router.post(
"hooks.interactive",
validate(T.HooksInteractiveSchema),
async (ctx: APIContext<T.HooksInteractiveReq>) => {
const { payload } = ctx.input.body;
let callback_id, token;
try {
// https://api.slack.com/interactivity/handling#payloads
const data = JSON.parse(payload);
const parsed = z
.object({
type: z.string(),
callback_id: z.string(),
token: z.string(),
})
.parse(data);
callback_id = parsed.callback_id;
token = parsed.token;
} catch (err) {
Logger.error("Failed to parse Slack interactive payload", err, {
payload,
});
throw ValidationError("Invalid payload");
}
verifySlackToken(token);
// we find the document based on the users teamId to ensure access
const document = await Document.scope("withCollection").findByPk(
callback_id
);
if (!document) {
throw InvalidRequestError("Invalid callback_id");
}
const team = await Team.findByPk(document.teamId, { rejectOnEmpty: true });
// respond with a public message that will be posted in the original channel
ctx.body = {
response_type: "in_channel",
replace_original: false,
attachments: [
presentMessageAttachment(
document,
team,
document.collection,
document.getSummary()
),
],
};
}
);
// triggered by the /outline command in Slack
router.post(
"hooks.slack",
validate(T.HooksSlackCommandSchema),
async (ctx: APIContext<T.HooksSlackCommandReq>) => {
const { token, team_id, user_id, text } = ctx.input.body;
verifySlackToken(token);
let user, team;
// attempt to find the corresponding team for this request based on the team_id
team = await Team.findOne({
include: [
{
where: {
name: "slack",
providerId: team_id,
enabled: true,
},
as: "authenticationProviders",
model: AuthenticationProvider,
required: true,
},
],
});
if (team) {
const authentication = await UserAuthentication.findOne({
where: {
providerId: user_id,
},
include: [
{
where: {
teamId: team.id,
},
model: User,
as: "user",
required: true,
},
],
});
if (authentication) {
user = authentication.user;
}
} else {
// If we couldn't find a team it's still possible that the request is from
// a team that authenticated with a different service, but connected Slack
// via integration
const integration = await Integration.findOne({
where: {
service: IntegrationService.Slack,
settings: {
serviceTeamId: team_id,
},
},
include: [
{
model: Team,
as: "team",
},
],
});
if (integration) {
team = integration.team;
}
}
// Handle "help" command or no input
if (text.trim() === "help" || !text.trim()) {
ctx.body = {
response_type: "ephemeral",
text: t("How to use {{ command }}", {
command: "/outline",
...opts(user),
}),
attachments: [
{
text: t(
"To search your knowledgebase use {{ command }}. \nType {{ command2 }} help to display this help text.",
{
command: `/outline keyword`,
command2: `/outline help`,
...opts(user),
}
),
},
],
};
return;
}
// This should be super rare, how does someone end up being able to make a valid
// request from Slack that connects to no teams in Outline.
if (!team) {
ctx.body = {
response_type: "ephemeral",
text: t(
`Sorry, we couldnt find an integration for your team. Head to your {{ appName }} settings to set one up.`,
{
...opts(user),
appName: env.APP_NAME,
}
),
};
return;
}
// Try to find the user by matching the email address if it is confirmed on
// Slack's side. It's always trusted on our side as it is only updatable
// through the authentication provider.
if (!user) {
const auth = await IntegrationAuthentication.findOne({
where: {
scopes: { [Op.contains]: ["identity.email"] },
service: IntegrationService.Slack,
teamId: team.id,
},
});
if (auth) {
try {
const response = await Slack.request("users.info", {
token: auth.token,
user: user_id,
});
if (response.user.is_email_confirmed && response.user.profile.email) {
user = await User.findOne({
where: {
email: response.user.profile.email,
teamId: team.id,
},
});
}
} catch (err) {
// Old connections do not have the correct permissions to access user info
// so errors here are expected.
Logger.info(
"utils",
"Failed requesting users.info from Slack, the Slack integration should be reconnected.",
{
teamId: auth.teamId,
}
);
}
}
}
const options = {
limit: 5,
};
// If we were able to map the request to a user then we can use their permissions
// to load more documents based on the collections they have access to. Otherwise
// just a generic search against team-visible documents is allowed.
const { results, totalCount } = user
? await SearchHelper.searchForUser(user, text, options)
: await SearchHelper.searchForTeam(team, text, options);
void SearchQuery.create({
userId: user ? user.id : null,
teamId: team.id,
source: "slack",
query: text,
results: totalCount,
}).catch((err) => {
Logger.error("Failed to create search query", err);
});
const haventSignedIn = t(
`It looks like you havent signed in to {{ appName }} yet, so results may be limited`,
{
...opts(user),
appName: env.APP_NAME,
}
);
// Map search results to the format expected by the Slack API
if (results.length) {
const attachments = [];
for (const result of results) {
const queryIsInTitle = !!result.document.title
.toLowerCase()
.match(escapeRegExp(text.toLowerCase()));
attachments.push(
presentMessageAttachment(
result.document,
team,
result.document.collection,
queryIsInTitle ? undefined : result.context,
env.SLACK_MESSAGE_ACTIONS
? [
{
name: "post",
text: t("Post to Channel", opts(user)),
type: "button",
value: result.document.id,
},
]
: undefined
)
);
}
ctx.body = {
text: user
? t(`This is what we found for "{{ term }}"`, {
...opts(user),
term: text,
})
: t(`This is what we found for "{{ term }}"`, {
...opts(user),
term: text,
}) + ` (${haventSignedIn})…`,
attachments,
};
} else {
ctx.body = {
text: user
? t(`No results for "{{ term }}"`, {
...opts(user),
term: text,
})
: t(`No results for "{{ term }}"`, { ...opts(user), term: text }) +
` (${haventSignedIn})…`,
};
}
}
);
export default router;
Reference in New Issue View Git Blame Copy Permalink