moved Slack authentication to env vars from config file

suculent · Nov 5, 2023 · 16c457b · 16c457b
1 parent 72703d1
commit 16c457b
Show file tree

Hide file tree

Showing 6 changed files with 19 additions and 7 deletions.
diff --git a/.env.dist b/.env.dist
@@ -59,6 +59,9 @@ WORKER_SECRET=twilight_zone
 
 # Slack Bot Notifications
 # SLACK_BOT_TOKEN=
+# SLACK_CLIENT_ID=
+# SLACK_CLIENT_SECRET=
+# SLACK_WEBHOOK=
 
 # Mailgun API Key
 # MAILGUN_API_KEY=
diff --git a/Dockerfile b/Dockerfile
@@ -52,7 +52,10 @@ ENV GITHUB_ACCESS_TOKEN={GITHUB_ACCESS_TOKEN}
 
 ARG SLACK_BOT_TOKEN
 ENV SLACK_BOT_TOKEN=${SLACK_BOT_TOKEN}
-
+ARG SLACK_CLIENT_ID
+ENV SLACK_CLIENT_ID=${SLACK_CLIENT_ID}
+ARG SLACK_CLIENT_SECRET
+ENV SLACK_CLIENT_SECRET=${SLACK_CLIENT_SECRET}
 ARG SLACK_WEBHOOK
 ENV SLACK_WEBHOOK=${SLACK_WEBHOOK}
 

diff --git a/Dockerfile.test b/Dockerfile.test
@@ -52,7 +52,10 @@ ENV GITHUB_ACCESS_TOKEN={GITHUB_ACCESS_TOKEN}
 
 ARG SLACK_BOT_TOKEN
 ENV SLACK_BOT_TOKEN=${SLACK_BOT_TOKEN}
-
+ARG SLACK_CLIENT_ID
+ENV SLACK_CLIENT_ID=${SLACK_CLIENT_ID}
+ARG SLACK_CLIENT_SECRET
+ENV SLACK_CLIENT_SECRET=${SLACK_CLIENT_SECRET}
 ARG SLACK_WEBHOOK
 ENV SLACK_WEBHOOK=${SLACK_WEBHOOK}
 

diff --git a/docker-compose.test.yml b/docker-compose.test.yml
@@ -135,10 +135,12 @@ services:
       - 'ROLLBAR_ACCESS_TOKEN=${ROLLBAR_ACCESS_TOKEN}'
       - 'ROLLBAR_ENVIRONMENT=${ROLLBAR_ENVIRONMENT}'
       - 'SLACK_BOT_TOKEN=${SLACK_BOT_TOKEN}'
+      - 'SLACK_CLIENT_ID=${SLACK_CLIENT_ID}'
+      - 'SLACK_CLIENT_SECRET=${SLACK_CLIENT_SECRET}'
       - 'SLACK_WEBHOOK=${SLACK_WEBHOOK}'
       - 'THINX_HOSTNAME=${THINX_HOSTNAME}'
       - 'THINX_OWNER_EMAIL=${THINX_OWNER_EMAIL}'
-      - 'WORKER_SECRET=${WORKER_SECRET}'   
+      - 'WORKER_SECRET=${WORKER_SECRET}'
       - 'GITHUB_ACCESS_TOKEN=${GITHUB_ACCESS_TOKEN}'
       - 'MAILGUN_API_KEY=${MAILGUN_API_KEY}'
     ports:

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -158,6 +158,8 @@ services:
       - 'ROLLBAR_ACCESS_TOKEN=${ROLLBAR_ACCESS_TOKEN}'
       - 'ROLLBAR_ENVIRONMENT=${ROLLBAR_ENVIRONMENT}'
       - 'SLACK_BOT_TOKEN=${SLACK_BOT_TOKEN}'
+      - 'SLACK_CLIENT_ID=${SLACK_CLIENT_ID}'
+      - 'SLACK_CLIENT_SECRET=${SLACK_CLIENT_SECRET}'
       - 'SLACK_WEBHOOK=${SLACK_WEBHOOK}'
       - 'THINX_HOSTNAME=${THINX_HOSTNAME}'
       - 'THINX_OWNER_EMAIL=${THINX_OWNER_EMAIL}'

diff --git a/lib/router.slack.js b/lib/router.slack.js
@@ -11,9 +11,8 @@ module.exports = function (app) {
      * Slack OAuth Integration
      */
 
-    // TODO: Convert SLACK_CLIENT_ID to env-var and configure externally so it does not reside in cleartext config flatfil
     app.get("/api/slack/direct_install", (req, res) => {
-        const slack_client_id = app_config.slack.client_id || null;
+        const slack_client_id = process.env.SLACK_CLIENT_ID || null;
         res.redirect(
             "https://slack.com/oauth/authorize?client_id=" + slack_client_id + "&scope=bot&state=Online&redirect_uri=" + app_config.api_url + "/api/slack/redirect"
         );
@@ -25,8 +24,8 @@ module.exports = function (app) {
         console.log("🔨 [debug] [slack] Redirect Code: " + req.query.code);
         console.log("🔨 [debug] [slack] Redirect State: " + req.query.state);
 
-        const slack_client_secret = app_config.slack.client_secret || null;
-        const slack_client_id = app_config.slack.client_id || null;
+        const slack_client_secret = process.env.SLACK_CLIENT_SECRET || null;
+        const slack_client_id = process.env.SLACK_CLIENT_ID || null;
 
         var options = {
             protocol: 'https:',