From cd9941bd100110e1c82877d76c3277c3c85e3bf2 Mon Sep 17 00:00:00 2001 From: Max Wofford Date: Sat, 1 Mar 2025 12:37:26 -0600 Subject: [PATCH] Fix routing on sailors log controller --- .../{sailors_log => }/slack_controller.rb | 33 ++++++++++--------- config/routes.rb | 8 ++--- 2 files changed, 19 insertions(+), 22 deletions(-) rename app/controllers/{sailors_log => }/slack_controller.rb (51%) diff --git a/app/controllers/sailors_log/slack_controller.rb b/app/controllers/slack_controller.rb similarity index 51% rename from app/controllers/sailors_log/slack_controller.rb rename to app/controllers/slack_controller.rb index 85d1552..3807c69 100644 --- a/app/controllers/sailors_log/slack_controller.rb +++ b/app/controllers/slack_controller.rb @@ -1,4 +1,4 @@ -class SailorsLog::SlackController < ApplicationController +class SlackController < ApplicationController skip_before_action :verify_authenticity_token before_action :verify_slack_request @@ -17,23 +17,27 @@ class SailorsLog::SlackController < ApplicationController elements: [ { type: "mrkdwn", - text: "#{params[:command]} #{params[:text]}" + text: "#{params_hash[:command]} #{params_hash[:text]}" } ] } ] } - case params[:command].gsub("/", "").downcase + case params_hash[:command].gsub("/", "").downcase when "sailorslog" - SlackCommand::SailorsLogJob.perform_later(params) + SlackCommand::SailorsLogJob.perform_later(params_hash) when "timedump" - SlackCommand::TimedumpJob.perform_later(params) + SlackCommand::TimedumpJob.perform_now(params_hash) end end private + def params_hash + params.permit(:command, :text, :response_url, :user_id, :team_id, :team_domain, :channel_id, :channel_name, :user_name, :trigger_word).to_h + end + def verify_slack_request timestamp = request.headers["X-Slack-Request-Timestamp"] signature = request.headers["X-Slack-Signature"] @@ -41,24 +45,21 @@ class SailorsLog::SlackController < ApplicationController # Skip verification in development return true if Rails.env.development? + # if coming from /sailorslog, use sailors_log_signing_secret + # if coming from /timedump, use slack_signing_secret + signing_secret = params_hash[:command].include?("sailorslog") ? ENV["SAILORS_LOG_SLACK_SIGNING_SECRET"] : ENV["SLACK_SIGNING_SECRET"] + sig_basestring = "v0:#{timestamp}:#{request.raw_post}" # Try both signing secrets - sailors_log_signature = "v0=" + OpenSSL::HMAC.hexdigest( + signature = "v0=" + OpenSSL::HMAC.hexdigest( "SHA256", - ENV["SAILORS_LOG_SLACK_SIGNING_SECRET"], + signing_secret, sig_basestring ) - harbor_signature = "v0=" + OpenSSL::HMAC.hexdigest( - "SHA256", - ENV["SLACK_SIGNING_SECRET"], - sig_basestring - ) - - # Check if the request matches either signature - unless ActiveSupport::SecurityUtils.secure_compare(sailors_log_signature, signature) || - ActiveSupport::SecurityUtils.secure_compare(harbor_signature, signature) + # Check if the request matches signature + unless ActiveSupport::SecurityUtils.secure_compare(signature, signature) head :unauthorized nil end diff --git a/config/routes.rb b/config/routes.rb index 797b73c..162c853 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -48,11 +48,7 @@ Rails.application.routes.draw do get "my/settings", to: "users#edit", as: :my_settings patch "my/settings", to: "users#update" - namespace :sailors_log do - post "/slack/commands", to: "slack#create" - end - namespace :timedump do - post "/slack/commands", to: "slack#create" - end + post "/sailors_log/slack/commands", to: "slack#create" + post "/timedump/slack/commands", to: "slack#create" end