/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ package slack_user_center import ( "bytes" "context" "crypto/hmac" "crypto/sha256" "encoding/hex" "encoding/json" "fmt" "io" "io/ioutil" "net/http" "regexp" "strconv" "strings" "time" "github.com/apache/answer/plugin" "github.com/gin-gonic/gin" "github.com/segmentfault/pacman/log" ) func (uc *UserCenter) parseText(text string) (string, string, []string, error) { re := regexp.MustCompile(`\[(.*?)\]`) matches := re.FindAllStringSubmatch(text, -1) if len(matches) != 3 { return "", "", nil, fmt.Errorf("text field does not conform to the required format") } part1 := matches[0][1] part2 := matches[1][1] rawTags := strings.Split(matches[2][1], ",") var tags []string for _, tag := range rawTags { if tag != "" { tags = append(tags, tag) } } // if part1 or part2 or tags in empty return error if part1 == "" || part2 == "" || len(tags) == 0 { return "", "", nil, fmt.Errorf("text field does not be empty") } return part1, part2, tags, nil } func getSlackUserEmail(userID, token string) (string, error) { url := fmt.Sprintf("https://slack.com/api/users.info?user=%s", userID) req, err := http.NewRequest("GET", url, nil) if err != nil { return "", err } req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", token)) client := &http.Client{} resp, err := client.Do(req) if err != nil { return "", err } defer resp.Body.Close() body, err := ioutil.ReadAll(resp.Body) if err != nil { return "", err } var userResponse SlackUserResponse if err := json.Unmarshal(body, &userResponse); err != nil { return "", err } if !userResponse.Ok { return "", fmt.Errorf("failed to get user info from Slack") } return userResponse.User.Profile.Email, nil } func (uc *UserCenter) verifySlackRequest(ctx *gin.Context) error { body, err := io.ReadAll(ctx.Request.Body) if err != nil { return fmt.Errorf("could not read request body: %v", err) } timestamp := ctx.GetHeader("X-Slack-Request-Timestamp") slackSignature := ctx.GetHeader("X-Slack-Signature") // check the timestamp validity in 5 minutes ts, err := strconv.ParseInt(timestamp, 10, 64) if err != nil { return fmt.Errorf("invalid timestamp: %v", err) } if time.Now().Unix()-ts > 60*5 { return fmt.Errorf("timestamp is too old") } // Reset the request body for further processing ctx.Request.Body = io.NopCloser(bytes.NewBuffer(body)) sigBaseString := fmt.Sprintf("v0:%s:%s", timestamp, string(body)) h := hmac.New(sha256.New, []byte(uc.Config.SigningSecret)) h.Write([]byte(sigBaseString)) computedSignature := "v0=" + hex.EncodeToString(h.Sum(nil)) if !hmac.Equal([]byte(computedSignature), []byte(slackSignature)) { return fmt.Errorf("invalid signature") } return nil } func (uc *UserCenter) GetQuestion(ctx *gin.Context) (questionInfo plugin.QuestionImporterInfo, err error) { questionInfo = plugin.QuestionImporterInfo{} err = uc.verifySlackRequest(ctx) if err != nil { return questionInfo, err } text := ctx.PostForm("text") part1, part2, tags, err := uc.parseText(text) if err != nil { return questionInfo, err } questionInfo.Title = part1 questionInfo.Content = part2 questionInfo.Tags = tags userID := ctx.PostForm("user_id") token := uc.SlackClient.AccessToken email, err := getSlackUserEmail(userID, token) if err != nil { return questionInfo, err } questionInfo.UserEmail = email return questionInfo, nil } func (uc *UserCenter) SlashCommand(ctx *gin.Context) { body, _ := io.ReadAll(ctx.Request.Body) ctx.Request.Body = io.NopCloser(bytes.NewBuffer(body)) cmd := ctx.PostForm("command") if cmd != "/ask" { log.Errorf("error: Invalid command") ctx.JSON(http.StatusBadRequest, gin.H{"text": "Invalid command"}) return } ctx.Request.Body = io.NopCloser(bytes.NewBuffer(body)) err := uc.verifySlackRequest(ctx) if err != nil { ctx.JSON(http.StatusBadRequest, gin.H{"text": "Slack request verification faild"}) log.Errorf("error: %v", err) return } ctx.Request.Body = io.NopCloser(bytes.NewBuffer(body)) questionInfo, err := uc.GetQuestion(ctx) if err != nil { log.Errorf("error: %v", err) ctx.JSON(200, gin.H{"text": err.Error()}) return } if uc.importerFunc == nil { log.Errorf("error: importerFunc is not initialized") return } err = uc.importerFunc.AddQuestion(ctx, questionInfo) if err != nil { log.Errorf("error: %v", err) ctx.JSON(http.StatusBadRequest, gin.H{"text": "Failed to add question"}) return } ctx.JSON(http.StatusOK, gin.H{"text": "Question has been added successfully"}) } func (uc *UserCenter) RegisterImporterFunc(ctx context.Context, importerFunc plugin.ImporterFunc) { uc.importerFunc = importerFunc }