slack refactor
This commit is contained in:
76
app/slack.py
76
app/slack.py
@@ -17,6 +17,14 @@ SLACK_DOORLOG_CALLBACK = os.environ["SLACK_DOORLOG_CALLBACK"]
|
|||||||
SLACK_VERIFICATION_TOKEN = os.environ["SLACK_VERIFICATION_TOKEN"]
|
SLACK_VERIFICATION_TOKEN = os.environ["SLACK_VERIFICATION_TOKEN"]
|
||||||
SLACK_CHANNEL_ID = os.environ["SLACK_CHANNEL_ID"] # TODO:
|
SLACK_CHANNEL_ID = os.environ["SLACK_CHANNEL_ID"] # TODO:
|
||||||
|
|
||||||
|
def fauthGroup(door: str) -> str:
|
||||||
|
match door:
|
||||||
|
case "alldoors" | "backdoor" | "frontdoor" | "grounddoor":
|
||||||
|
return "k-space:floor"
|
||||||
|
case "workshopdoor":
|
||||||
|
return "k-space:workshop"
|
||||||
|
case _:
|
||||||
|
return None
|
||||||
|
|
||||||
def slack_post(msg):
|
def slack_post(msg):
|
||||||
if SLACK_DOORLOG_CALLBACK == "DEV":
|
if SLACK_DOORLOG_CALLBACK == "DEV":
|
||||||
@@ -63,56 +71,46 @@ async def slack_log_fwd(app, loop):
|
|||||||
except PyMongoError as e:
|
except PyMongoError as e:
|
||||||
print(e)
|
print(e)
|
||||||
|
|
||||||
|
# -> approved, user, err
|
||||||
def authz_withgroup(authzGroup, userGroups, user) -> Tuple[bool, str]:
|
def slack_authz(authGroup: str, slackId: str, slackName: str, channel_id: str) -> Tuple[bool, str, str]:
|
||||||
if authzGroup not in userGroups:
|
groups, user = kube.by_slackid(slackId)
|
||||||
return False, f"You are not in {authzGroup}. k-space.ee/membership"
|
|
||||||
|
|
||||||
return True, user
|
|
||||||
|
|
||||||
|
|
||||||
# -> approved, username
|
|
||||||
# -> not approved, error message
|
|
||||||
def slack_authz(user_id: str, channel_id: str, door: str) -> Tuple[bool, str]:
|
|
||||||
# this mapping also duplicated to doorboy-proxy.py
|
|
||||||
authGroup = ""
|
|
||||||
match door:
|
|
||||||
case "alldoors" | "backdoor" | "frontdoor" | "grounddoor":
|
|
||||||
authGroup = "k-space:floor"
|
|
||||||
case "workshopdoor":
|
|
||||||
authGroup = "k-space:workshop"
|
|
||||||
case _:
|
|
||||||
print(f"WARN: unknown slack door {door}")
|
|
||||||
return False, "Invalid door (git.k-space.ee/k-space/doorboy-proxy)"
|
|
||||||
|
|
||||||
groups, user = kube.by_slackid(user_id)
|
|
||||||
if user is None:
|
if user is None:
|
||||||
|
user = f"{slackId} (slack u/n: {slackName})" # slackName can be changed by user
|
||||||
|
|
||||||
if authGroup == "k-space:floor":
|
if authGroup == "k-space:floor":
|
||||||
if channel_id == SLACK_CHANNEL_ID:
|
if channel_id == SLACK_CHANNEL_ID:
|
||||||
return True, "🖕 {user_id}"
|
print(f"WARN: slack #members open with unlinked ID: {user}")
|
||||||
|
return True, user, f"This will stop working! Your Slack ID {slackId} is not linked with auth.k-space.ee, please notify info@k-space.ee."
|
||||||
|
|
||||||
return False, f"No user with slack_id {user_id}. Try in #members or doorboy.k-space.ee.",
|
return False, user, f"No user with slack_id {slackId}. Try in #members or doorboy.k-space.ee. Help at info@k-space.ee.",
|
||||||
else:
|
else:
|
||||||
return False, f"No user with slack_id {user_id}. Try doorboy.k-space.ee."
|
return False, user, f"No user with slack_id {slackId}. Try doorboy.k-space.ee. Help at info@k-space.ee."
|
||||||
|
|
||||||
return authz_withgroup(authGroup, groups, user)
|
if authGroup not in groups:
|
||||||
|
return False, user, f"You are not in {authGroup}. k-space.ee/membership"
|
||||||
|
|
||||||
|
return True, user, ""
|
||||||
|
|
||||||
@slack_app.route("/slack-open", methods=["POST"])
|
@slack_app.route("/slack-open", methods=["POST"])
|
||||||
async def slack_open(request):
|
async def slack_open(request):
|
||||||
if request.form.get("token") != SLACK_VERIFICATION_TOKEN:
|
if request.form.get("token") != SLACK_VERIFICATION_TOKEN:
|
||||||
|
print("WARN: /slack-open route accessed with invalid token")
|
||||||
return "Invalid token (are you Slack?)", 401
|
return "Invalid token (are you Slack?)", 401
|
||||||
|
|
||||||
command = request.form.get("command")
|
command = request.form.get("command")
|
||||||
door = command.removeprefix("/open-").replace("-", "")
|
door = command.removeprefix("/open-").replace("-", "")
|
||||||
|
|
||||||
# user may be empty if authzed to SLACK_CHANNEL_ID
|
authGroup = fauthGroup(door)
|
||||||
ok, userOrErrorMsg = slack_authz(
|
if authGroup is None:
|
||||||
|
print(f"WARN: unknown slack door {door}")
|
||||||
|
return "Invalid door! (git.k-space.ee/k-space/doorboy-proxy)"
|
||||||
|
|
||||||
|
ok, user, err = slack_authz(
|
||||||
|
authGroup,
|
||||||
request.form.get("user_id"),
|
request.form.get("user_id"),
|
||||||
|
request.form.get("user_name"),
|
||||||
request.form.get("channel_id"),
|
request.form.get("channel_id"),
|
||||||
door,
|
|
||||||
)
|
)
|
||||||
if not ok:
|
|
||||||
return text(userOrErrorMsg)
|
|
||||||
|
|
||||||
doors = [door]
|
doors = [door]
|
||||||
if door == "alldoors":
|
if door == "alldoors":
|
||||||
@@ -125,15 +123,15 @@ async def slack_open(request):
|
|||||||
"method": "slack",
|
"method": "slack",
|
||||||
"timestamp": datetime.now(timezone.utc),
|
"timestamp": datetime.now(timezone.utc),
|
||||||
"door": d,
|
"door": d,
|
||||||
"approved": True,
|
"approved": ok,
|
||||||
"user": userOrErrorMsg,
|
"user": user,
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
if userOrErrorMsg.startswith("🖕"):
|
if not ok:
|
||||||
slackId = userOrErrorMsg.removeprefix("🖕 ")
|
return text(err)
|
||||||
slackIdReadable = request.form.get("user_name") # this can be changed by user
|
|
||||||
print(f"WARN: slack #members open with unlinked ID {slackId}, slack u/n: {slackIdReadable}")
|
if err:
|
||||||
return text(f"Opening {door}… This will stop working! Your Slack ID {slackId} is not linked with auth.k-space.ee, please notify info@k-space.ee.")
|
return text(f"Opening {door}… {err}")
|
||||||
|
|
||||||
return text(f"Opening {door}…")
|
return text(f"Opening {door}…")
|
||||||
|
|||||||
Reference in New Issue
Block a user