From 71dacb926e2be12d5d1a4b24e77842d20b2e2a0f Mon Sep 17 00:00:00 2001 From: rasmus Date: Fri, 12 Jun 2026 00:12:59 +0300 Subject: [PATCH] slack refactor --- app/slack.py | 76 +++++++++++++++++++++++++--------------------------- 1 file changed, 37 insertions(+), 39 deletions(-) diff --git a/app/slack.py b/app/slack.py index 8c28e8e..81dde90 100644 --- a/app/slack.py +++ b/app/slack.py @@ -17,6 +17,14 @@ SLACK_DOORLOG_CALLBACK = os.environ["SLACK_DOORLOG_CALLBACK"] SLACK_VERIFICATION_TOKEN = os.environ["SLACK_VERIFICATION_TOKEN"] SLACK_CHANNEL_ID = os.environ["SLACK_CHANNEL_ID"] # TODO: +def fauthGroup(door: str) -> str: + match door: + case "alldoors" | "backdoor" | "frontdoor" | "grounddoor": + return "k-space:floor" + case "workshopdoor": + return "k-space:workshop" + case _: + return None def slack_post(msg): if SLACK_DOORLOG_CALLBACK == "DEV": @@ -63,56 +71,46 @@ async def slack_log_fwd(app, loop): except PyMongoError as e: print(e) - -def authz_withgroup(authzGroup, userGroups, user) -> Tuple[bool, str]: - if authzGroup not in userGroups: - return False, f"You are not in {authzGroup}. k-space.ee/membership" - - return True, user - - -# -> approved, username -# -> not approved, error message -def slack_authz(user_id: str, channel_id: str, door: str) -> Tuple[bool, str]: - # this mapping also duplicated to doorboy-proxy.py - authGroup = "" - match door: - case "alldoors" | "backdoor" | "frontdoor" | "grounddoor": - authGroup = "k-space:floor" - case "workshopdoor": - authGroup = "k-space:workshop" - case _: - print(f"WARN: unknown slack door {door}") - return False, "Invalid door (git.k-space.ee/k-space/doorboy-proxy)" - - groups, user = kube.by_slackid(user_id) +# -> approved, user, err +def slack_authz(authGroup: str, slackId: str, slackName: str, channel_id: str) -> Tuple[bool, str, str]: + groups, user = kube.by_slackid(slackId) if user is None: + user = f"{slackId} (slack u/n: {slackName})" # slackName can be changed by user + if authGroup == "k-space:floor": if channel_id == SLACK_CHANNEL_ID: - return True, "🖕 {user_id}" + print(f"WARN: slack #members open with unlinked ID: {user}") + return True, user, f"This will stop working! Your Slack ID {slackId} is not linked with auth.k-space.ee, please notify info@k-space.ee." - return False, f"No user with slack_id {user_id}. Try in #members or doorboy.k-space.ee.", + return False, user, f"No user with slack_id {slackId}. Try in #members or doorboy.k-space.ee. Help at info@k-space.ee.", else: - return False, f"No user with slack_id {user_id}. Try doorboy.k-space.ee." + return False, user, f"No user with slack_id {slackId}. Try doorboy.k-space.ee. Help at info@k-space.ee." - return authz_withgroup(authGroup, groups, user) + if authGroup not in groups: + return False, user, f"You are not in {authGroup}. k-space.ee/membership" + + return True, user, "" @slack_app.route("/slack-open", methods=["POST"]) async def slack_open(request): if request.form.get("token") != SLACK_VERIFICATION_TOKEN: + print("WARN: /slack-open route accessed with invalid token") return "Invalid token (are you Slack?)", 401 command = request.form.get("command") door = command.removeprefix("/open-").replace("-", "") - # user may be empty if authzed to SLACK_CHANNEL_ID - ok, userOrErrorMsg = slack_authz( + authGroup = fauthGroup(door) + if authGroup is None: + print(f"WARN: unknown slack door {door}") + return "Invalid door! (git.k-space.ee/k-space/doorboy-proxy)" + + ok, user, err = slack_authz( + authGroup, request.form.get("user_id"), + request.form.get("user_name"), request.form.get("channel_id"), - door, ) - if not ok: - return text(userOrErrorMsg) doors = [door] if door == "alldoors": @@ -125,15 +123,15 @@ async def slack_open(request): "method": "slack", "timestamp": datetime.now(timezone.utc), "door": d, - "approved": True, - "user": userOrErrorMsg, + "approved": ok, + "user": user, } ) - if userOrErrorMsg.startswith("🖕"): - slackId = userOrErrorMsg.removeprefix("🖕 ") - slackIdReadable = request.form.get("user_name") # this can be changed by user - print(f"WARN: slack #members open with unlinked ID {slackId}, slack u/n: {slackIdReadable}") - return text(f"Opening {door}… This will stop working! Your Slack ID {slackId} is not linked with auth.k-space.ee, please notify info@k-space.ee.") + if not ok: + return text(err) + + if err: + return text(f"Opening {door}… {err}") return text(f"Opening {door}…")