X-Git-Url: https://git.cworth.org/git?a=blobdiff_plain;f=turbot_lambda%2Fturbot_lambda.py;h=e19e96d801ab0b0ea7d7f502e2c66fa341883b1b;hb=b9fc94a0e63e3eea4e06b869d7c771357714178c;hp=b86d9184921c9a61fb67a4b1b89a97d4f308dd0e;hpb=ceeec94475d9d49f1b5d3091bc6e7889f1162bbf;p=turbot diff --git a/turbot_lambda/turbot_lambda.py b/turbot_lambda/turbot_lambda.py index b86d918..e19e96d 100644 --- a/turbot_lambda/turbot_lambda.py +++ b/turbot_lambda/turbot_lambda.py @@ -1,20 +1,56 @@ from urllib.parse import parse_qs -from turbot.rot import rot from slack import WebClient +import base64 import boto3 import requests -import hashlib -import hmac +import json +import pickle +from types import SimpleNamespace +from google.auth.transport.requests import Request +from googleapiclient.discovery import build + +import turbot.interaction +import turbot.events ssm = boto3.client('ssm') -response = ssm.get_parameter(Name='SLACK_SIGNING_SECRET', WithDecryption=True) -slack_signing_secret = bytes(response['Parameter']['Value'], 'utf-8') +# Note: Late import here to have the environment variable above available +from turbot.slack import slack_is_valid_request # noqa response = ssm.get_parameter(Name='SLACK_BOT_TOKEN', WithDecryption=True) slack_bot_token = response['Parameter']['Value'] slack_client = WebClient(slack_bot_token) +response = ssm.get_parameter(Name='GSHEETS_PICKLE_BASE64', WithDecryption=True) +gsheets_pickle_base64 = response['Parameter']['Value'] +gsheets_pickle = base64.b64decode(gsheets_pickle_base64) +gsheets_creds = pickle.loads(gsheets_pickle) +if gsheets_creds: + if gsheets_creds.valid: + print("Loaded valid GSheets credentials from SSM") + else: + gsheets_creds.refresh(Request()) + gsheets_pickle = pickle.dumps(gsheets_creds) + gsheets_pickle_base64_bytes = base64.b64encode(gsheets_pickle) + gsheets_pickle_base64 = gsheets_pickle_base64_bytes.decode('us-ascii') + print("Storing refreshed GSheets credentials into SSM") + ssm.put_parameter(Name='GSHEETS_PICKLE_BASE64', + Type='SecureString', + Value=gsheets_pickle_base64, + Overwrite=True) +service = build('sheets', + 'v4', + credentials=gsheets_creds, + cache_discovery=False) +sheets = service.spreadsheets() + +db = boto3.resource('dynamodb') + +turb = SimpleNamespace() +turb.slack_client = slack_client +turb.db = db +turb.sheets = sheets + def error(message): """Generate an error response for a Slack request @@ -29,24 +65,6 @@ def error(message): 'body': '' } -def slack_is_valid_request(slack_signature, timestamp, body): - """Returns True if the timestamp and body correspond to signature. - - This implements the Slack signature verification using the slack - signing secret (obtained via an SSM parameter in code above).""" - - content = "v0:{}:{}".format(timestamp,body).encode('utf-8') - - signature = 'v0=' + hmac.new(slack_signing_secret, - content, - hashlib.sha256).hexdigest() - - if hmac.compare_digest(signature, slack_signature): - return True - else: - print("Bad signature: {} != {}".format(signature, slack_signature)) - return False - def turbot_lambda(event, context): """Top-level entry point for our lambda function. @@ -54,57 +72,146 @@ def turbot_lambda(event, context): Slack, (by means of the SLACK_SIGNING_SECRET SSM parameter), and refuses to do anything if not. - Then this parses the request and arguments and farms out to - supporting functions to implement all supported slash commands. - + Then this defers to either turbot_event_handler or + turbot_slash_command to do any real work. """ - signature = event['headers']['X-Slack-Signature'] - timestamp = event['headers']['X-Slack-Request-Timestamp'] + headers = requests.structures.CaseInsensitiveDict(event['headers']) + + signature = headers['X-Slack-Signature'] + timestamp = headers['X-Slack-Request-Timestamp'] if not slack_is_valid_request(signature, timestamp, event['body']): return error("Invalid Slack signature") + # It's a bit cheesy, but we'll just use the content-type header to + # determine if we're being called from a Slack event or from a + # slash command or other interactivity. (The more typical way to + # do this would be to have different URLs for each Slack entry + # point, but it's simpler to have our Slack app implemented as a + # single AWS Lambda, (which can only have a single entry point). + content_type = headers['content-type'] + + if (content_type == "application/json"): + return turbot_event_handler(turb, event, context) + if (content_type == "application/x-www-form-urlencoded"): + return turbot_interactive_or_slash_command(turb, event, context) + return error("Unknown content-type: {}".format(content_type)) + +def turbot_event_handler(turb, event, context): + """Handler for all subscribed Slack events""" + + body = json.loads(event['body']) + + type = body['type'] + + if type == 'url_verification': + return url_verification_handler(turb, body) + if type == 'event_callback': + return event_callback_handler(turb, body) + return error("Unknown event type: {}".format(type)) + +def url_verification_handler(turb, body): + + # First, we have to properly respond to url_verification + # challenges or else Slack won't let us configure our URL as an + # event handler. + challenge = body['challenge'] + + return { + 'statusCode': 200, + 'body': challenge + } + +def event_callback_handler(turb, body): + event = body['event'] + type = event['type'] + + if type in turbot.events.events: + return turbot.events.events[type](turb, event) + return error("Unknown event type: {}".format(type)) + +def turbot_interactive_or_slash_command(turb, event, context): + """Handler for Slack interactive things (buttons, shortcuts, etc.) + as well as slash commands. + + This function simply makes a quiuck determination of what we're looking + at and then defers to either turbot_interactive or turbot_slash_command.""" + + # Both interactives and slash commands have a urlencoded body body = parse_qs(event['body']) - command = body['command'][0] - args = body['text'][0] - if (command == "/rotlambda" or command == "/rot"): - return rot_slash_command(body, args) + # The difference is that an interactive thingy has a 'payload' + # while a slash command has a 'command' + if 'payload' in body: + return turbot_interactive(turb, json.loads(body['payload'][0])) + if 'command' in body: + return turbot_slash_command(turb, body) + return error("Unrecognized event (neither interactive nor slash command)") - return error("Command {} not implemented".format(command)) +def turbot_interactive(turb, payload): + """Handler for Slack interactive requests + + These are the things that come from a user interacting with a button + a shortcut or some other interactive element that our app has made + available to the user.""" + + type = payload['type'] + + if type == 'block_actions': + return turbot_block_action(turb, payload) + if type == 'view_submission': + return turbot.interaction.view_submission(turb, payload) + if type == 'shortcut': + return turbot_shortcut(turb, payload) + return error("Unrecognized interactive type: {}".format(type)) + +def turbot_block_action(turb, payload): + """Handler for Slack interactive block actions + + Specifically, those that have a payload type of 'block_actions'""" + + actions = payload['actions'] -def rot_slash_command(body, args): - """Implementation of the /rot command + if len(actions) != 1: + return error("No support for multiple actions ({}) in a single request" + .format(len(actions))) - The args string should be as follows: + action = actions[0] - [count|*] String to be rotated + atype = action['type'] + avalue = action['value'] - That is, the first word of the string is an optional number (or - the character '*'). If this is a number it indicates an amount to - rotate each character in the string. If the count is '*' or is not - present, then the string will be rotated through all possible 25 - values. + if ( + atype in turbot.interaction.actions + and avalue in turbot.interaction.actions[atype] + ): + return turbot.interaction.actions[atype][avalue](turb, payload) + return error("Unknown action of type/value: {}/{}".format(atype, avalue)) - The result of the rotation is returned (with Slack formatting) in - the body of the response so that Slack will provide it as a reply - to the user who submitted the slash command.""" +def turbot_shortcut(turb, payload): + """Handler for Slack shortcuts - channel_name = body['channel_name'][0] - response_url = body['response_url'][0] - channel_id = body['channel_id'][0] + These are invoked as either global or message shortcuts by a user.""" - result = rot(args) + print("In turbot_shortcut, payload is: {}".format(str(payload))) - if (channel_name == "directmessage"): - requests.post(response_url, - json = {"text": result}, - headers = {"Content-type": "application/json"}) + return error("Shortcut interactions not yet implemented") + +def turbot_slash_command(turb, body): + """Implementation for Slack slash commands. + + This parses the request and arguments and farms out to + supporting functions to implement all supported slash commands. + """ + + command = body['command'][0] + if 'text' in body: + args = body['text'][0] else: - slack_client.chat_postMessage(channel=channel_id, text=result) + args = '' - return { - 'statusCode': 200, - 'body': "" - } + if command in turbot.interaction.commands: + return turbot.interaction.commands[command](turb, body, args) + + return error("Command {} not implemented".format(command))