Merge pull request #3775 from weseek/fix/5840-6061-fix-test-about-verifyGrowiToSlackRequest

Fix/5840 6061 fix test about verify growi to slack request

packages/slackbot-proxy/src/controllers/growi-to-slack.ts

@@ -34,6 +34,19 @@ export class GrowiToSlackCtrl {
   @Inject()
   orderRepository: OrderRepository;
 
+  async requestToGrowi(growiUrl:string, proxyAccessToken:string):Promise<void> {
+    const url = new URL('/_api/v3/slack-integration/proxied/commands', growiUrl);
+    await axios.post(url.toString(), {
+      type: 'url_verification',
+      challenge: 'this_is_my_challenge_token',
+    },
+    {
+      headers: {
+        'x-growi-ptog-tokens': proxyAccessToken,
+      },
+    });
+  }
+
   @Get('/connection-status')
   @UseBefore(verifyGrowiToSlackRequest)
   async getConnectionStatuses(@Req() req: GrowiReq, @Res() res: Res): Promise<void|string|Res|WebAPICallResult> {
@@ -84,6 +97,14 @@ export class GrowiToSlackCtrl {
         return res.status(400).send({ message: 'installation is invalid' });
       }
 
+      try {
+        await this.requestToGrowi(relation.growiUri, relation.tokenPtoG);
+      }
+      catch (err) {
+        logger.error(err);
+        return res.status(400).send({ message: `failed to request to GROWI. err: ${err.message}` });
+      }
+
       await relationTestToSlack(token);
       return res.send({ relation });
     }
@@ -101,15 +122,11 @@ export class GrowiToSlackCtrl {
 
     // Access the GROWI URL saved in the Order record and check if the GtoP token is valid.
     try {
-      const url = new URL('/_api/v3/slack-integration/proxied/commands', order.growiUrl);
-      await axios.post(url.toString(), {
-        type: 'url_verification',
-        tokenPtoG: order.growiAccessToken,
-        challenge: 'this_is_my_challenge_token',
-      });
+      await this.requestToGrowi(order.growiUrl, order.proxyAccessToken);
     }
     catch (err) {
       logger.error(err);
+      return res.status(400).send({ message: `failed to request to GROWI. err: ${err.message}` });
     }
 
     logger.debug('order found', order);

packages/slackbot-proxy/src/controllers/slack.ts

@@ -170,7 +170,10 @@ export class SlackCtrl {
       const url = new URL('/_api/v3/slack-integration/proxied/interactions', relation.growiUri);
       return axios.post(url.toString(), {
         ...body,
-        tokenPtoG: relation.tokenPtoG,
+      }, {
+        headers: {
+          'x-growi-ptog-tokens': relation.tokenPtoG,
+        },
       });
     });
 

packages/slackbot-proxy/src/entities/order.ts

@@ -21,14 +21,14 @@ export class Order {
   @Column({ nullable: true, default: false })
   isCompleted?: boolean;
 
-  @Column({ nullable: true })
-  growiUrl?: string;
+  @Column()
+  growiUrl: string;
 
-  @Column({ nullable: true })
-  growiAccessToken?: string;
+  @Column()
+  growiAccessToken: string;
 
-  @Column({ nullable: true })
-  proxyAccessToken?: string;
+  @Column()
+  proxyAccessToken: string;
 
   isExpired():boolean {
     const now = Date.now();

src/server/routes/apiv3/slack-integration-settings.js

@@ -9,7 +9,7 @@ const { getConnectionStatuses, relationTestToSlack } = require('@growi/slack');
 
 const ErrorV3 = require('../../models/vo/error-apiv3');
 
-const logger = loggerFactory('growi:routes:apiv3:notification-setting');
+const logger = loggerFactory('growi:routes:apiv3:slack-integration-settings');
 
 const router = express.Router();
 

src/server/routes/apiv3/slack-integration.js

@@ -1,4 +1,5 @@
 const express = require('express');
+const mongoose = require('mongoose');
 
 const loggerFactory = require('@alias/logger');
 
@@ -6,6 +7,7 @@ const { verifySlackRequest } = require('@growi/slack');
 
 const logger = loggerFactory('growi:routes:apiv3:slack-integration');
 const router = express.Router();
+const SlackAppIntegration = mongoose.model('SlackAppIntegration');
 
 module.exports = (crowi) => {
   this.app = crowi.express;
@@ -13,18 +15,22 @@ module.exports = (crowi) => {
   const { configManager } = crowi;
 
   // Check if the access token is correct
-  function verifyAccessTokenFromProxy(req, res, next) {
-    const { body } = req;
-    const { tokenPtoG } = body;
+  async function verifyAccessTokenFromProxy(req, res, next) {
+    const tokenPtoG = req.headers['x-growi-ptog-tokens'];
+
+    if (tokenPtoG == null) {
+      const message = 'The value of header \'x-growi-ptog-tokens\' must not be empty.';
+      logger.warn(message, { body: req.body });
+      return res.status(400).send({ message });
+    }
 
-    const correctToken = configManager.getConfig('crowi', 'slackbot:access-token');
+    const slackAppIntegration = await SlackAppIntegration.estimatedDocumentCount({ tokenPtoG });
 
     logger.debug('verifyAccessTokenFromProxy', {
       tokenPtoG,
-      correctToken,
     });
 
-    if (tokenPtoG == null || tokenPtoG !== correctToken) {
+    if (slackAppIntegration === 0) {
       return res.status(403).send({
         message: 'The access token that identifies the request source is slackbot-proxy is invalid. Did you setup with `/growi register`?',
       });