implement verifyAccessToken

src/server/routes/apiv3/slack-bot.js

@@ -8,19 +8,7 @@ module.exports = (crowi) => {
   const { boltService } = crowi;
   const requestHandler = boltService.receiver.requestHandler.bind(boltService.receiver);
 
-  function accessTokenParserForSlackBot(req, res, next) {
-    const slackBotAccessToken = req.body.slack_bot_access_token || null;
-    if (slackBotAccessToken == null) {
-      throw new Error('slack_bot_access_token is required');
-    }
-
-    if (slackBotAccessToken !== crowi.configManager.getConfig('crowi', 'slackbot:access-token')) {
-      throw new Error('slack_bot_access_token is wrong');
-    }
-    next();
-  }
-
-  router.post('/', accessTokenParserForSlackBot, async(req, res) => {
+  router.post('/', async(req, res) => {
     // for verification request URL on Event Subscriptions
     if (req.body.type === 'url_verification') {
       res.send(req.body);

src/server/service/bolt.js

@@ -74,11 +74,26 @@ class BoltService {
     }
   }
 
+  verifyAccessToken(body, command) {
+    const slackBotAccessToken = body.slack_bot_access_token || null;
+    if (slackBotAccessToken == null || slackBotAccessToken !== this.crowi.configManager.getConfig('crowi', 'slackbot:access-token')) {
+      logger.error('slack_bot_access_token is inValid.');
+      this.client.chat.postEphemeral({
+        channel: command.channel_id,
+        user: command.user_id,
+        blocks: [this.generateMarkdownSectionBlock('*Access token is inValid*')],
+      });
+      throw new Error('slack_bot_access_token is inValid');
+    }
+  }
+
   init() {
     this.bolt.command('/growi', async({
       command, client, body, ack,
     }) => {
       await ack();
+      this.verifyAccessToken(body, command);
+
       const args = command.text.split(' ');
       const firstArg = args[0];