Module: SlackBot::GrapeHelpers

Defined in:

lib/slack_bot/grape_extension.rb

Constant Summary

TIMESTAMP_TOLERANCE_SECONDS =

Slack recommends rejecting requests older than 5 minutes

300

MIN_SIGNING_SECRET_LENGTH =

Minimum length for Slack signing secret (Slack’s requirement)

32

Instance Method Summary

• #events_callback(params) ⇒ Object
• #fetch_team_id ⇒ Object
• #fetch_user_id ⇒ Object
• #handle_block_actions_view(view:, user:, params:) ⇒ Object
• #url_verification(params) ⇒ Object
• #validate_callback_user!(callback, user) ⇒ Object
• #verify_current_user! ⇒ Object
• #verify_direct_message_channel! ⇒ Object
• #verify_slack_signature! ⇒ Object
• #verify_slack_team! ⇒ Object

Instance Method Details

#events_callback(params) ⇒ Object

# File 'lib/slack_bot/grape_extension.rb', line 55

def events_callback(params)
  verify_slack_team!

  SlackBot::DevConsole.log_input "SlackApi::Events#events_callback: #{params.inspect}"
  handler = config.find_event_handler(params[:event][:type].to_sym)
  return false if handler.blank?

  event = handler.new(params: params, current_user: current_user)
  event.call
end

#fetch_team_id ⇒ Object

# File 'lib/slack_bot/grape_extension.rb', line 12

def fetch_team_id
  params.dig("team_id") || params.dig("team", "id")
end

#fetch_user_id ⇒ Object

# File 'lib/slack_bot/grape_extension.rb', line 16

def fetch_user_id
  params.dig("user_id") || params.dig("user", "id") || params.dig("event", "user")
end

#handle_block_actions_view(view:, user:, params:) ⇒ Object

# File 'lib/slack_bot/grape_extension.rb', line 77

def handle_block_actions_view(view:, user:, params:)
  callback = find_callback!(view: view, user: user)
  log_callback_check(callback, user)
  validate_callback_user!(callback, user)

  interaction_klass = callback_interaction_klass(callback)
  return false if interaction_klass.blank?

  interaction_klass.new(current_user: user, params: params, callback: callback, config: config).call
end

#url_verification(params) ⇒ Object

# File 'lib/slack_bot/grape_extension.rb', line 66

def url_verification(params)
  SlackBot::DevConsole.log_input "SlackApi::Events#url_verification: #{params.inspect}"
  {challenge: params[:challenge]}
end

#validate_callback_user!(callback, user) ⇒ Object

# File 'lib/slack_bot/grape_extension.rb', line 71

def validate_callback_user!(callback, user)
  if callback.user_id != user.id
    raise SlackBot::Errors::CallbackUserMismatchError.new("Callback user is not equal to action user")
  end
end

#verify_current_user! ⇒ Object

Raises:

• (SlackBot::Errors::UserAuthenticationError)

# File 'lib/slack_bot/grape_extension.rb', line 49

def verify_current_user!
  return true if current_user

  raise SlackBot::Errors::UserAuthenticationError.new("User is not authorized")
end

#verify_direct_message_channel! ⇒ Object

# File 'lib/slack_bot/grape_extension.rb', line 39

def verify_direct_message_channel!
  if params[:channel_name] == "directmessage"
    true
  else
    raise SlackBot::Errors::ChannelAuthenticationError.new(
      "This command is only available in direct messages"
    )
  end
end

#verify_slack_signature! ⇒ Object

# File 'lib/slack_bot/grape_extension.rb', line 20

def verify_slack_signature!
  slack_signing_secret = ENV["SLACK_SIGNING_SECRET"]
  timestamp = slack_request_header("x-slack-request-timestamp", "X-Slack-Request-Timestamp")
  slack_signature = slack_request_header("x-slack-signature", "X-Slack-Signature")

  validate_signature_headers!(slack_signing_secret, timestamp, slack_signature)
  validate_request_timestamp!(timestamp)
  verify_signature_match!(slack_signing_secret, timestamp, slack_signature)
end

#verify_slack_team! ⇒ Object

# File 'lib/slack_bot/grape_extension.rb', line 30

def verify_slack_team!
  slack_team_id = ENV.fetch("SLACK_TEAM_ID")
  if slack_team_id == fetch_team_id
    true
  else
    raise SlackBot::Errors::TeamAuthenticationError.new("Team is not authorized")
  end
end