yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add ability to link Slack <-> Outline accounts (#6682)

Browse Source
This commit is contained in:
Tom Moor
2024-03-18 19:21:38 -06:00
committed by GitHub
parent e294fafd4f
commit cbdacc7cfd
23 changed files with 647 additions and 421 deletions
Download Patch File Download Diff File Expand all files Collapse all files

347
plugins/slack/server/api/hooks.ts
View File

@@ -1,9 +1,8 @@
import { t } from "i18next";
import Router from "koa-router";
import escapeRegExp from "lodash/escapeRegExp";
import { Op } from "sequelize";
import { z } from "zod";
import { IntegrationService } from "@shared/types";
import { IntegrationService, IntegrationType } from "@shared/types";
import {
AuthenticationError,
InvalidRequestError,
@@ -13,37 +12,26 @@ import Logger from "@server/logging/Logger";
import validate from "@server/middlewares/validate";
import {
UserAuthentication,
AuthenticationProvider,
Document,
User,
Team,
SearchQuery,
Integration,
IntegrationAuthentication,
AuthenticationProvider,
} from "@server/models";
import SearchHelper from "@server/models/helpers/SearchHelper";
import { APIContext } from "@server/types";
import { safeEqual } from "@server/utils/crypto";
import { opts } from "@server/utils/i18n";
import env from "../env";
import presentMessageAttachment from "../presenters/messageAttachment";
import { presentMessageAttachment } from "../presenters/messageAttachment";
import { presentUserNotLinkedBlocks } from "../presenters/userNotLinkedBlocks";
import * as Slack from "../slack";
import * as T from "./schema";
const router = new Router();
function verifySlackToken(token: string) {
if (!env.SLACK_VERIFICATION_TOKEN) {
throw AuthenticationError(
"SLACK_VERIFICATION_TOKEN is not present in environment"
);
}
if (!safeEqual(env.SLACK_VERIFICATION_TOKEN, token)) {
throw AuthenticationError("Invalid token");
}
}
// triggered by a user posting a getoutline.com link in Slack
router.post(
"hooks.unfurl",
@@ -58,21 +46,10 @@ router.post(
return;
}
const { token, event } = ctx.input.body;
const { token, team_id, event } = ctx.input.body;
verifySlackToken(token);
const user = await User.findOne({
include: [
{
where: {
providerId: event.user,
},
model: UserAuthentication,
as: "authentications",
required: true,
},
],
});
const user = await findUserForRequest(team_id, event.user);
if (!user) {
Logger.debug("plugins", "No user found for Slack user ID", {
providerId: event.user,
@@ -192,67 +169,7 @@ router.post(
const { token, team_id, user_id, text } = ctx.input.body;
verifySlackToken(token);
let user, team;
// attempt to find the corresponding team for this request based on the team_id
team = await Team.findOne({
include: [
{
where: {
name: "slack",
providerId: team_id,
enabled: true,
},
as: "authenticationProviders",
model: AuthenticationProvider,
required: true,
},
],
});
if (team) {
const authentication = await UserAuthentication.findOne({
where: {
providerId: user_id,
},
include: [
{
where: {
teamId: team.id,
},
model: User,
as: "user",
required: true,
},
],
});
if (authentication) {
user = authentication.user;
}
} else {
// If we couldn't find a team it's still possible that the request is from
// a team that authenticated with a different service, but connected Slack
// via integration
const integration = await Integration.findOne({
where: {
service: IntegrationService.Slack,
settings: {
serviceTeamId: team_id,
},
},
include: [
{
model: Team,
as: "team",
},
],
});
if (integration) {
team = integration.team;
}
}
const user = await findUserForRequest(team_id, user_id);
// Handle "help" command or no input
if (text.trim() === "help" || !text.trim()) {
@@ -268,7 +185,7 @@ router.post(
"To search your workspace use {{ command }}. \nType {{ command2 }} help to display this help text.",
{
command: `/outline keyword`,
command2: `/outline help`,
command2: `/outline`,
...opts(user),
}
),
@@ -278,90 +195,34 @@ router.post(
return;
}
// This should be super rare, how does someone end up being able to make a valid
// request from Slack that connects to no teams in Outline.
if (!team) {
ctx.body = {
response_type: "ephemeral",
text: t(
`Sorry, we couldnt find an integration for your team. Head to your {{ appName }} settings to set one up.`,
{
...opts(user),
appName: env.APP_NAME,
}
),
};
return;
}
// Try to find the user by matching the email address if it is confirmed on
// Slack's side. It's always trusted on our side as it is only updatable
// through the authentication provider.
if (!user) {
const auth = await IntegrationAuthentication.findOne({
where: {
scopes: { [Op.contains]: ["identity.email"] },
service: IntegrationService.Slack,
teamId: team.id,
},
});
if (auth) {
try {
const response = await Slack.request("users.info", {
token: auth.token,
user: user_id,
});
if (response.user.is_email_confirmed && response.user.profile.email) {
user = await User.findOne({
where: {
email: response.user.profile.email,
teamId: team.id,
},
});
}
} catch (err) {
// Old connections do not have the correct permissions to access user info
// so errors here are expected.
Logger.info(
"utils",
"Failed requesting users.info from Slack, the Slack integration should be reconnected.",
{
teamId: auth.teamId,
}
);
}
}
}
const options = {
limit: 5,
};
// If we were able to map the request to a user then we can use their permissions
// to load more documents based on the collections they have access to. Otherwise
// just a generic search against team-visible documents is allowed.
const { results, totalCount } = user
? await SearchHelper.searchForUser(user, text, options)
: await SearchHelper.searchForTeam(team, text, options);
if (!user) {
const team = await findTeamForRequest(team_id);
ctx.body = {
response_type: "ephemeral",
blocks: presentUserNotLinkedBlocks(team),
};
return;
}
const { results, totalCount } = await SearchHelper.searchForUser(
user,
text,
options
);
await SearchQuery.create({
userId: user ? user.id : null,
teamId: team.id,
teamId: user.teamId,
source: "slack",
query: text,
results: totalCount,
});
const haventSignedIn = t(
`It looks like you havent signed in to {{ appName }} yet, so results may be limited`,
{
...opts(user),
appName: env.APP_NAME,
}
);
// Map search results to the format expected by the Slack API
if (results.length) {
const attachments = [];
@@ -373,7 +234,7 @@ router.post(
attachments.push(
presentMessageAttachment(
result.document,
team,
user.team,
result.document.collection,
queryIsInTitle ? undefined : result.context,
env.SLACK_MESSAGE_ACTIONS
@@ -391,29 +252,155 @@ router.post(
}
ctx.body = {
text: user
? t(`This is what we found for "{{ term }}"`, {
...opts(user),
term: text,
})
: t(`This is what we found for "{{ term }}"`, {
...opts(user),
term: text,
}) + ` (${haventSignedIn})…`,
text: t(`This is what we found for "{{ term }}"`, {
...opts(user),
term: text,
}),
attachments,
};
} else {
ctx.body = {
text: user
? t(`No results for "{{ term }}"`, {
...opts(user),
term: text,
})
: t(`No results for "{{ term }}"`, { ...opts(user), term: text }) +
` (${haventSignedIn})…`,
text: t(`No results for "{{ term }}"`, {
...opts(user),
term: text,
}),
};
}
}
);
function verifySlackToken(token: string) {
if (!env.SLACK_VERIFICATION_TOKEN) {
throw AuthenticationError(
"SLACK_VERIFICATION_TOKEN is not present in environment"
);
}
if (!safeEqual(env.SLACK_VERIFICATION_TOKEN, token)) {
throw AuthenticationError("Invalid token");
}
}
/**
* Find a matching team for the given Slack team ID
*
* @param serviceTeamId The Slack team ID
* @returns A promise resolving to a matching team, if found
*/
async function findTeamForRequest(
serviceTeamId: string
): Promise<Team | undefined> {
const authenticationProvider = await AuthenticationProvider.findOne({
where: {
name: "slack",
providerId: serviceTeamId,
},
include: [
{
required: true,
model: Team,
as: "team",
},
],
});
if (authenticationProvider) {
return authenticationProvider.team;
}
const integration = await Integration.findOne({
where: {
service: IntegrationService.Slack,
type: IntegrationType.LinkedAccount,
settings: {
slack: {
serviceTeamId,
},
},
},
include: [
{
model: Team,
as: "team",
required: true,
},
],
});
if (integration) {
return integration.team;
}
return;
}
/**
* Find a matching user for the given Slack team and user ID
*
* @param serviceTeamId The Slack team ID
* @param serviceUserId The Slack user ID
* @returns A promise resolving to a matching user, if found
*/
async function findUserForRequest(
serviceTeamId: string,
serviceUserId: string
): Promise<User | undefined> {
// Prefer explicit linked account
const integration = await Integration.findOne({
where: {
service: IntegrationService.Slack,
type: IntegrationType.LinkedAccount,
settings: {
slack: {
serviceTeamId,
serviceUserId,
},
},
},
include: [
{
model: User,
as: "user",
required: true,
},
{
model: Team,
as: "team",
required: true,
},
],
order: [["createdAt", "DESC"]],
});
if (integration) {
integration.user.team = integration.team;
return integration.user;
}
// Fallback to authentication provider if the user has Slack sign-in
const user = await User.findOne({
include: [
{
where: {
providerId: serviceUserId,
},
order: [["createdAt", "DESC"]],
model: UserAuthentication,
as: "authentications",
required: true,
},
{
model: Team,
as: "team",
},
],
});
if (user) {
return user;
}
return;
}
export default router;

1
plugins/slack/server/api/schema.ts
View File

@@ -8,6 +8,7 @@ export const HooksUnfurlSchema = z.object({
.or(
z.object({
token: z.string(),
team_id: z.string(),
event: z.object({
channel: z.string(),
message_ts: z.string(),