diff --git a/node/slack-command-bot/.gitignore b/node/slack-command-bot/.gitignore new file mode 100644 index 00000000..6a7d6d8e --- /dev/null +++ b/node/slack-command-bot/.gitignore @@ -0,0 +1,130 @@ +# Logs +logs +*.log +npm-debug.log* +yarn-debug.log* +yarn-error.log* +lerna-debug.log* +.pnpm-debug.log* + +# Diagnostic reports (https://nodejs.org/api/report.html) +report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json + +# Runtime data +pids +*.pid +*.seed +*.pid.lock + +# Directory for instrumented libs generated by jscoverage/JSCover +lib-cov + +# Coverage directory used by tools like istanbul +coverage +*.lcov + +# nyc test coverage +.nyc_output + +# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files) +.grunt + +# Bower dependency directory (https://bower.io/) +bower_components + +# node-waf configuration +.lock-wscript + +# Compiled binary addons (https://nodejs.org/api/addons.html) +build/Release + +# Dependency directories +node_modules/ +jspm_packages/ + +# Snowpack dependency directory (https://snowpack.dev/) +web_modules/ + +# TypeScript cache +*.tsbuildinfo + +# Optional npm cache directory +.npm + +# Optional eslint cache +.eslintcache + +# Optional stylelint cache +.stylelintcache + +# Microbundle cache +.rpt2_cache/ +.rts2_cache_cjs/ +.rts2_cache_es/ +.rts2_cache_umd/ + +# Optional REPL history +.node_repl_history + +# Output of 'npm pack' +*.tgz + +# Yarn Integrity file +.yarn-integrity + +# dotenv environment variable files +.env +.env.development.local +.env.test.local +.env.production.local +.env.local + +# parcel-bundler cache (https://parceljs.org/) +.cache +.parcel-cache + +# Next.js build output +.next +out + +# Nuxt.js build / generate output +.nuxt +dist + +# Gatsby files +.cache/ +# Comment in the public line in if your project uses Gatsby and not Next.js +# https://nextjs.org/blog/next-9-1#public-directory-support +# public + +# vuepress build output +.vuepress/dist + +# vuepress v2.x temp and cache directory +.temp +.cache + +# Docusaurus cache and generated files +.docusaurus + +# Serverless directories +.serverless/ + +# FuseBox cache +.fusebox/ + +# DynamoDB Local files +.dynamodb/ + +# TernJS port file +.tern-port + +# Stores VSCode versions used for testing VSCode extensions +.vscode-test + +# yarn v2 +.yarn/cache +.yarn/unplugged +.yarn/build-state.yml +.yarn/install-state.gz +.pnp.* \ No newline at end of file diff --git a/node/slack-command-bot/.prettierrc.json b/node/slack-command-bot/.prettierrc.json new file mode 100644 index 00000000..0a725205 --- /dev/null +++ b/node/slack-command-bot/.prettierrc.json @@ -0,0 +1,6 @@ +{ + "trailingComma": "es5", + "tabWidth": 2, + "semi": true, + "singleQuote": true +} diff --git a/node/slack-command-bot/README.md b/node/slack-command-bot/README.md new file mode 100644 index 00000000..37ca8f5f --- /dev/null +++ b/node/slack-command-bot/README.md @@ -0,0 +1,56 @@ +# 🤖 Node.js Slack Command Bot Function + +Simple command bot using Slack API + +## 🧰 Usage + +### POST / + +A endpoint for you slack command that returns a hello world! message as response. + +#### Parameters + +| Name | Description | Location | Type | Sample Value | +| ------------------------- | -------------------------------- | -------- | ------ | ----------------------------------------------------------------------------------------- | +| x-slack-signature | Signature of the request payload | Header | string | `v0=a...3` | +| x-slack-request-timestamp | Timestamp of the request payload | Header | string | `1531420618` | +| JSON Body | Request payload | Body | Object | See [Slack docs](https://api.slack.com/interactivity/slash-commands#app_command_handling) | + +**Response** + +Sample `200` Response: + +```text +Hello, World! +``` + +Sample `400` Response: + +```json +{ + "ok": false, + "error": "Missing required fields: x-slack-signature" +} +``` + +## ⚙️ Configuration + +| Setting | Value | +| ----------------- | ------------- | +| Runtime | Node (18.0) | +| Entrypoint | `src/main.js` | +| Build Commands | `npm install` | +| Permissions | `any` | +| Timeout (Seconds) | 15 | + +## 🔒 Environment Variables + +### SLACK_SIGNING_SECRET + +Signing secret of you slack app. + +| Question | Answer | +| ------------- | ---------------------------------------------------------------------------------- | +| Required | Yes | +| Sample Value | `b33...156` | +| Documentation | [Slack Docs](https://api.slack.com/interactivity/slash-commands#creating_commands) | diff --git a/node/slack-command-bot/package-lock.json b/node/slack-command-bot/package-lock.json new file mode 100644 index 00000000..a4a88114 --- /dev/null +++ b/node/slack-command-bot/package-lock.json @@ -0,0 +1,39 @@ +{ + "name": "slack-command-bot", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "slack-command-bot", + "version": "1.0.0", + "dependencies": { + "crypto": "^1.0.1" + }, + "devDependencies": { + "prettier": "^3.0.0" + } + }, + "node_modules/crypto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/crypto/-/crypto-1.0.1.tgz", + "integrity": "sha512-VxBKmeNcqQdiUQUW2Tzq0t377b54N2bMtXO/qiLa+6eRRmmC4qT3D4OnTGoT/U6O9aklQ/jTwbOtRMTTY8G0Ig==", + "deprecated": "This package is no longer supported. It's now a built-in Node module. If you've depended on crypto, you should switch to the one that's built-in." + }, + "node_modules/prettier": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.0.0.tgz", + "integrity": "sha512-zBf5eHpwHOGPC47h0zrPyNn+eAEIdEzfywMoYn2XPi0P44Zp0tSq64rq0xAREh4auw2cJZHo9QUob+NqCQky4g==", + "dev": true, + "bin": { + "prettier": "bin/prettier.cjs" + }, + "engines": { + "node": ">=14" + }, + "funding": { + "url": "https://github.com/prettier/prettier?sponsor=1" + } + } + } +} diff --git a/node/slack-command-bot/package.json b/node/slack-command-bot/package.json new file mode 100644 index 00000000..30104d20 --- /dev/null +++ b/node/slack-command-bot/package.json @@ -0,0 +1,16 @@ +{ + "name": "slack-command-bot", + "version": "1.0.0", + "description": "", + "main": "src/main.js", + "type": "module", + "scripts": { + "format": "prettier --write ." + }, + "dependencies": { + "crypto": "^1.0.1" + }, + "devDependencies": { + "prettier": "^3.0.0" + } +} diff --git a/node/slack-command-bot/src/main.js b/node/slack-command-bot/src/main.js new file mode 100644 index 00000000..13c0c18a --- /dev/null +++ b/node/slack-command-bot/src/main.js @@ -0,0 +1,19 @@ +import { throwIfMissing, throwIfRequestNotValid } from './utils.js'; + +export default async ({ req, res, log, error }) => { + throwIfMissing(process.env, ['SLACK_SIGNING_SECRET']); + + try { + throwIfMissing(req.headers, [ + 'x-slack-request-timestamp', + 'x-slack-signature', + ]); + throwIfRequestNotValid(req); + } catch (err) { + error(err.message); + return res.send({ ok: false, error: err.message }, 400); + } + + log('Valid Request'); + return res.send('Hello World!'); +}; diff --git a/node/slack-command-bot/src/utils.js b/node/slack-command-bot/src/utils.js new file mode 100644 index 00000000..80fd0bbc --- /dev/null +++ b/node/slack-command-bot/src/utils.js @@ -0,0 +1,42 @@ +import crypto from 'crypto'; + +/** + * Throws an error if any of the keys are missing from the object + * @param {*} obj + * @param {string[]} keys + * @throws {Error} + */ +export function throwIfMissing(obj, keys) { + const missing = []; + for (let key of keys) { + if (!(key in obj) || !obj[key]) { + missing.push(key); + } + } + if (missing.length > 0) { + throw new Error(`Missing required fields: ${missing.join(', ')}`); + } +} + +/** + * Throws an error if incoming request is not valid + * @param {*} req + * @throws {Error} + */ +export function throwIfRequestNotValid(req) { + const timestamp = req.headers['x-slack-request-timestamp']; + const signature = req.headers['x-slack-signature']; + + if (Math.abs(Date.now() / 1000 - timestamp) > 60 * 5) { + throw new Error('Invalid request: replay attack'); + } + + const signatureBaseString = `v0:${timestamp}:${req.bodyRaw}`; + const hmac = crypto.createHmac('sha256', process.env['SLACK_SIGNING_SECRET']); + hmac.update(signatureBaseString); + + const expectedSignature = `v0=${hmac.digest('hex')}`; + if (expectedSignature !== signature) { + throw new Error('Invalid request: incorrect signature'); + } +}