fix slack-kube auth

1. reorder slack auth methods 2. refactor + fix kube slack lookup
2026-06-11 23:03:05 +03:00
parent 973c6ac390
commit c5d4f603e2
3 changed files with 33 additions and 27 deletions
--- a/app/slack.py
+++ b/app/slack.py
@@ -64,7 +64,7 @@ async def slack_log_fwd(app, loop):
            print(e)


-def authz_special(authzGroup, userGroups, user) -> Tuple[bool, str]:
+def authz_withgroup(authzGroup, userGroups, user) -> Tuple[bool, str]:
    if authzGroup not in userGroups:
        return False, f"You are not in {authzGroup}. k-space.ee/membership"

@@ -74,28 +74,27 @@ def authz_special(authzGroup, userGroups, user) -> Tuple[bool, str]:
 # -> approved, username
 # -> not approved, error message
 def slack_authz(user_id: str, channel_id: str, door: str) -> Tuple[bool, str]:
-    if door in ["alldoors", "backdoor", "frontdoor", "grounddoor"]:
-        if channel_id == SLACK_CHANNEL_ID:
-            return True, "Anonymous #members user 🖕"
-
-        groups, user = kube.by_slackid(user_id)
-        if "k-space:floor" not in groups:
-            return (
-                False,
-                "No user with slack_id %s. Try in #members or doorboy.k-space.ee.",
-            )
-
-        return True, user
+    # this mapping also duplicated to doorboy-proxy.py
+    authGroup = ""
+    match door:
+        case "alldoors" | "backdoor" | "frontdoor" | "grounddoor":
+            authGroup = "k-space:floor"
+        case "workshopdoor":
+            authGroup = "k-space:workshop"
+        case _:
+            return False, "Invalid door (git.k-space.ee/k-space/doorboy-proxy)"

    groups, user = kube.by_slackid(user_id)
-    if user == "":
-        return False, "No user with slack_id %s. Try doorboy.k-space.ee."
+    if user is None:
+        if authGroup == "k-space:floor":
+            if channel_id == SLACK_CHANNEL_ID:
+                return True, "🖕 #members user {user_id}"

-    if door == "workshopdoor":
-        return authz_special("k-space:workshop", groups, user)
-
-    return False, "Invalid door (git.k-space.ee/k-space/doorboy-proxy)"
+            return False, f"No user with slack_id {user_id}. Try in #members or doorboy.k-space.ee.",
+        else:
+            return False, f"No user with slack_id {user_id}. Try doorboy.k-space.ee."

+    return authz_withgroup(authGroup, groups, user)

@slack_app.route("/slack-open", methods=["POST"])
 async def slack_open(request):
@@ -112,7 +111,7 @@ async def slack_open(request):
        door,
    )
    if not ok:
-        return userOrErrorMsg, 403
+        return text(userOrErrorMsg)

    doors = [door]
    if door == "alldoors":