[turbot] / turbot_lambda / turbot_lambda.py

from urllib.parse import parse_qs
from turbot.rot import rot
from slack import WebClient
import boto3
import requests
import hashlib
import hmac

ssm = boto3.client('ssm')

response = ssm.get_parameter(Name='SLACK_SIGNING_SECRET', WithDecryption=True)
slack_signing_secret = bytes(response['Parameter']['Value'], 'utf-8')

response = ssm.get_parameter(Name='SLACK_BOT_TOKEN', WithDecryption=True)
slack_bot_token = response['Parameter']['Value']
slack_client = WebClient(slack_bot_token)

def error(message):
    """Generate an error response for a Slack request

    This will print the error message (so that it appears in CloudWatch
    logs) and will then return a dictionary suitable for returning
    as an error response."""

    print("Error: {}.".format(message))

    return {
        'statusCode': 400,
        'body': ''
    }

def slack_is_valid_request(slack_signature, timestamp, body):
    """Returns True if the timestamp and body correspond to signature.

    This implements the Slack signature verification using the slack
    signing secret (obtained via an SSM parameter in code above)."""

    content = "v0:{}:{}".format(timestamp,body).encode('utf-8')

    signature = 'v0=' + hmac.new(slack_signing_secret,
                                 content,
                                 hashlib.sha256).hexdigest()

    if hmac.compare_digest(signature, slack_signature):
        return True
    else:
        print("Bad signature: {} != {}".format(signature, slack_signature))
        return False

def turbot_lambda(event, context):
    """Top-level entry point for our lambda function.

    This function first verifies that the request actually came from
    Slack, (by means of the SLACK_SIGNING_SECRET SSM parameter), and
    refuses to do anything if not.

    Then this parses the request and arguments and farms out to
    supporting functions to implement all supported slash commands.

    """

    signature = event['headers']['X-Slack-Signature']
    timestamp = event['headers']['X-Slack-Request-Timestamp']

    if not slack_is_valid_request(signature, timestamp, event['body']):
        return error("Invalid Slack signature")

    body = parse_qs(event['body'])
    command = body['command'][0]
    args = body['text'][0]

    if (command == "/rotlambda" or command == "/rot"):
        return rot_slash_command(body, args)

    return error("Command {} not implemented".format(command))

def rot_slash_command(body, args):
    """Implementation of the /rot command

    The args string should be as follows:

        [count|*] String to be rotated

    That is, the first word of the string is an optional number (or
    the character '*'). If this is a number it indicates an amount to
    rotate each character in the string. If the count is '*' or is not
    present, then the string will be rotated through all possible 25
    values.

    The result of the rotation is returned (with Slack formatting) in
    the body of the response so that Slack will provide it as a reply
    to the user who submitted the slash command."""

    channel_name = body['channel_name'][0]
    response_url = body['response_url'][0]
    channel_id = body['channel_id'][0]

    result = rot(args)

    if (channel_name == "directmessage"):
        requests.post(response_url,
                      json = {"text": result},
                      headers = {"Content-type": "application/json"})
    else:
        slack_client.chat_postMessage(channel=channel_id, text=result)

    return {
        'statusCode': 200,
        'body': ""
    }