collavre_slack 0.2.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: a0a684e5d2b0b7f2ebcd19950a0782e515d24ad1f935360f1b3c10dc59b77636
+  data.tar.gz: bf77b0f047f322017289c622509460e1128f013a6c871b004b199e7675612826
+SHA512:
+  metadata.gz: 4b3eb5ff2a65bfda47e5d478a8fefd0f843bf52f783e061f9227afa593f3c2cab2c9de123234ef71d5af4a7339b2c5dd34cbb6ad13643ac76ae6f6fc41809958
+  data.tar.gz: d5d9db76818d0d5e271efae68349c7d6f87cd91a8b765597e36ed4a8f3f2dff119f5eb9e7998b1ef45cead4372c2bf878d462e78597cc65bd4e62607df6dddf1

data/README.md

@@ -0,0 +1,80 @@
+# Collavre Slack Engine
+
+Slack integration plugin engine for Collavre. Provides OAuth installation, channel linking, and bi-directional chat sync.
+
+## Documentation
+
+- [Setup Guide](docs/SETUP.md) - Step-by-step instructions for creating and configuring a Slack App
+- [Architecture](docs/ARCHITECTURE.md) - Technical documentation about the integration
+
+## Installation
+
+### 1. Add to Gemfile
+
+```ruby
+# Gemfile
+gem "collavre_slack", path: "engines/collavre_slack"
+```
+
+### 2. Add JavaScript Import (Required)
+
+The JavaScript must be explicitly imported in your host application:
+
+```javascript
+// app/javascript/application.js
+import "collavre_slack"
+```
+
+This is required because the host app controls which integrations are loaded. Without this import, the Slack integration modal and badge functionality will not work.
+
+### 3. Add Stylesheet (Required)
+
+Include the Slack integration stylesheet in your layout:
+
+```erb
+<%# app/views/layouts/application.html.erb %>
+<%= stylesheet_link_tag "collavre_slack/slack_integration" %>
+```
+
+### 4. Configure Environment Variables
+
+| Variable | Required | Description |
+|----------|----------|-------------|
+| `SLACK_CLIENT_ID` | Yes | OAuth Client ID |
+| `SLACK_CLIENT_SECRET` | Yes | OAuth Client Secret |
+| `SLACK_SIGNING_SECRET` | Yes | Webhook signature verification |
+| `SLACK_REDIRECT_URI` | Yes | OAuth callback URL |
+| `SLACK_SCOPES` | No | OAuth scopes (has sensible defaults) |
+
+### 5. Run Migrations
+
+```bash
+rails db:migrate
+```
+
+## Automatic Configuration
+
+The following are automatically configured by the engine:
+
+- **Routes**: Mounted at `/slack` (no manual `mount` needed in `routes.rb`)
+- **Asset Paths**: Stylesheets are automatically added to Propshaft asset paths
+- **Migrations**: Database migrations are automatically included
+- **i18n**: Locale files (en, ko) are automatically loaded
+- **Integration Registry**: Automatically registers with `Collavre::IntegrationRegistry`
+
+## Slack App Setup
+
+1. Create a Slack App at [api.slack.com/apps](https://api.slack.com/apps)
+2. Configure OAuth scopes and redirect URL
+3. Set up Event Subscriptions
+
+See [docs/SETUP.md](docs/SETUP.md) for detailed instructions.
+
+## Features
+
+- OAuth 2.0 installation flow
+- Channel linking to Creatives
+- Bi-directional message sync (Slack ↔ Collavre)
+- User mention mapping
+- Rate limit handling with automatic retry
+- Request signature verification for security

data/Rakefile

@@ -0,0 +1,3 @@
+require_relative "lib/collavre_slack"
+
+CollavreSlack::Engine.load_tasks

data/app/assets/stylesheets/collavre_slack/slack_integration.css

@@ -0,0 +1,15 @@
+/* Slack channel selection */
+.slack-channel-item {
+  padding: 0.5em 1em;
+  cursor: pointer;
+  border-bottom: 1px solid var(--color-border);
+}
+
+.slack-channel-item:hover {
+  background: var(--color-drag-over);
+}
+
+.slack-channel-item.active {
+  background: var(--color-drag-over);
+  border-left: 3px solid var(--color-secondary-active);
+}

data/app/controllers/collavre_slack/application_controller.rb

@@ -0,0 +1,12 @@
+module CollavreSlack
+  class ApplicationController < ::ApplicationController
+    protect_from_forgery with: :exception
+
+    private
+
+    def slack_engine
+      CollavreSlack::Engine.routes.url_helpers
+    end
+    helper_method :slack_engine
+  end
+end

data/app/controllers/collavre_slack/creatives/slack_integrations_controller.rb

@@ -0,0 +1,101 @@
+module CollavreSlack
+  module Creatives
+    class SlackIntegrationsController < ApplicationController
+      before_action :set_creative
+
+      def index
+        # Always use origin creative for Slack links (chat messages are on origin)
+        target_creative = @creative.effective_origin
+        @links = SlackChannelLink.where(creative: target_creative)
+        respond_to do |format|
+          format.json do
+            slack_account = Current.user ? SlackAccount.find_by(user: Current.user) : nil
+            channels = slack_account ? fetch_channels(slack_account) : []
+
+            render json: {
+              connected: slack_account.present?,
+              channels: channels,
+              links: @links.map { |link|
+                {
+                  id: link.id,
+                  channel_id: link.channel_id,
+                  channel_name: link.channel_name,
+                  last_synced_at: link.last_synced_at
+                }
+              }
+            }
+          end
+          format.html
+        end
+      end
+
+      def create
+        unless @creative.has_permission?(Current.user, :feedback)
+          render json: { success: false, error: I18n.t("collavre_slack.errors.forbidden") }, status: :forbidden
+          return
+        end
+
+        # Find the user's Slack account
+        slack_account = if params[:slack_account_id].present?
+          SlackAccount.find(params[:slack_account_id])
+        else
+          SlackAccount.find_by(user: Current.user)
+        end
+
+        unless slack_account
+          render json: { success: false, error: I18n.t("collavre_slack.errors.no_slack_account") }, status: :unprocessable_entity
+          return
+        end
+
+        # Always link to origin creative (chat messages are on origin)
+        target_creative = @creative.effective_origin
+
+        service = SlackIntegrationService.new(user: Current.user, slack_account: slack_account)
+        link = service.link_channel(creative: target_creative, channel_id: params[:channel_id], channel_name: params[:channel_name])
+
+        if link.persisted?
+          render json: { success: true, link: { id: link.id, channel_id: link.channel_id, channel_name: link.channel_name } }, status: :created
+        else
+          render json: { success: false, error: link.errors.full_messages.join(", ") }, status: :unprocessable_entity
+        end
+      end
+
+      def destroy
+        link = SlackChannelLink.find(params[:id])
+        # Check against origin creative
+        target_creative = @creative.effective_origin
+        unless link.creative_id == target_creative.id
+          render json: { success: false, error: I18n.t("collavre_slack.errors.not_found") }, status: :not_found
+          return
+        end
+
+        unless @creative.has_permission?(Current.user, :feedback)
+          render json: { success: false, error: I18n.t("collavre_slack.errors.forbidden") }, status: :forbidden
+          return
+        end
+
+        SlackIntegrationService.new(user: Current.user, slack_account: link.slack_account).unlink_channel(link)
+        render json: { success: true }
+      end
+
+      private
+
+      def set_creative
+        @creative = Collavre::Creative.find(params[:creative_id])
+      end
+
+      def fetch_channels(slack_account)
+        client = SlackClient.new(access_token: slack_account.access_token)
+        response = client.list_channels
+        return [] unless response[:ok]
+
+        (response[:channels] || []).map do |channel|
+          { id: channel[:id], name: channel[:name] }
+        end
+      rescue StandardError => e
+        Rails.logger.error("Failed to fetch Slack channels: #{e.message}")
+        []
+      end
+    end
+  end
+end

data/app/controllers/collavre_slack/slack_auth_controller.rb

@@ -0,0 +1,105 @@
+module CollavreSlack
+  class SlackAuthController < ApplicationController
+    allow_unauthenticated_access only: :callback
+
+    def start
+      unless Current.user
+        render json: { error: I18n.t("collavre_slack.errors.authentication_required") }, status: :unauthorized
+        return
+      end
+
+      # Sign the state with user_id to recover it securely in callback (popup windows don't share session)
+      state_data = { nonce: SecureRandom.hex(16), user_id: Current.user.id, exp: 10.minutes.from_now.to_i }
+      state = message_verifier.generate(state_data)
+      session[:slack_oauth_state] = state
+
+      redirect_to slack_client.oauth_authorize_url(state: state), allow_other_host: true
+    end
+
+    def callback
+      unless params[:code].present?
+        render json: { error: I18n.t("collavre_slack.errors.missing_oauth_code") }, status: :unprocessable_entity
+        return
+      end
+
+      # Verify and decode user_id from signed state (required - popup windows don't share session)
+      unless params[:state].present?
+        render json: { error: I18n.t("collavre_slack.errors.missing_oauth_state") }, status: :unprocessable_entity
+        return
+      end
+
+      begin
+        state_data = message_verifier.verify(params[:state]).with_indifferent_access
+        Rails.logger.info("[SlackAuth] State data: #{state_data.inspect}")
+        # Check expiration
+        if state_data[:exp] && Time.at(state_data[:exp]) < Time.current
+          render json: { error: I18n.t("collavre_slack.errors.invalid_oauth_state") }, status: :unprocessable_entity
+          return
+        end
+        user = ::User.find(state_data[:user_id])
+        Rails.logger.info("[SlackAuth] Verified user_id=#{user.id} from signed state")
+      rescue ActiveSupport::MessageVerifier::InvalidSignature => e
+        Rails.logger.warn("[SlackAuth] Invalid state signature: #{e.message}")
+        render json: { error: I18n.t("collavre_slack.errors.invalid_oauth_state") }, status: :unprocessable_entity
+        return
+      rescue ActiveRecord::RecordNotFound
+        Rails.logger.warn("[SlackAuth] User not found from state")
+        render json: { error: I18n.t("collavre_slack.errors.user_not_found") }, status: :unprocessable_entity
+        return
+      end
+
+      oauth_response = slack_client.oauth_access(code: params[:code], redirect_uri: slack_client.redirect_uri)
+      if oauth_response[:ok] != true
+        render json: { error: oauth_response[:error] || I18n.t("collavre_slack.errors.oauth_failed") }, status: :unprocessable_entity
+        return
+      end
+
+      Rails.logger.info("[SlackAuth] OAuth response: team=#{oauth_response.dig(:team, :id)}, user=#{user&.id}")
+
+      account = SlackAccount.find_or_initialize_by(team_id: oauth_response.dig(:team, :id))
+      account.user ||= user
+      account.team_name = oauth_response.dig(:team, :name)
+      account.access_token = oauth_response[:access_token]
+      account.authed_user_id = oauth_response.dig(:authed_user, :id)
+      account.scopes = oauth_response[:scope]
+
+      if account.save
+        # Render HTML that closes the popup and notifies the parent window
+        render html: close_popup_html.html_safe, layout: false
+      else
+        Rails.logger.error("[SlackAuth] Failed to save account: #{account.errors.full_messages.join(', ')}")
+        render json: { error: I18n.t("collavre_slack.errors.save_failed", errors: account.errors.full_messages.join(", ")) }, status: :unprocessable_entity
+      end
+    end
+
+    private
+
+    def slack_client
+      @slack_client ||= SlackClient.new
+    end
+
+    def message_verifier
+      @message_verifier ||= Rails.application.message_verifier("slack_oauth")
+    end
+
+    def close_popup_html
+      title = I18n.t("collavre_slack.views.auth.success_title")
+      message = I18n.t("collavre_slack.views.auth.success_message")
+      <<~HTML
+        <!DOCTYPE html>
+        <html>
+        <head><title>#{title}</title></head>
+        <body>
+          <p>#{message}</p>
+          <script>
+            if (window.opener) {
+              window.opener.postMessage({ type: 'slack-auth-success' }, '*');
+            }
+            window.close();
+          </script>
+        </body>
+        </html>
+      HTML
+    end
+  end
+end

data/app/controllers/collavre_slack/slack_events_controller.rb

@@ -0,0 +1,63 @@
+module CollavreSlack
+  class SlackEventsController < ApplicationController
+    allow_unauthenticated_access only: :create
+    skip_forgery_protection only: :create
+
+    def create
+      body = request.raw_post
+      payload = JSON.parse(body, symbolize_names: true)
+
+      # Handle URL verification challenge first (needed for initial Slack app setup)
+      # Slack sends a signed request, but we allow this through to complete setup
+      if payload[:type] == "url_verification"
+        render json: { challenge: payload[:challenge] }
+        return
+      end
+
+      # For all other events, validate the signature
+      unless valid_signature?(body)
+        Rails.logger.warn("[SlackEvents] Invalid signature for event type: #{payload[:type]}")
+        render json: { error: I18n.t("collavre_slack.errors.invalid_signature") }, status: :unauthorized
+        return
+      end
+
+      handler = SlackEventHandler.new(payload: payload)
+      normalized = handler.call
+
+      if normalized
+        case normalized[:type]
+        when :message
+          SlackInboundMessageJob.perform_later(normalized)
+        when :reaction_added, :reaction_removed
+          SlackInboundReactionJob.perform_later(normalized)
+        when :message_updated
+          SlackInboundMessageUpdateJob.perform_later(normalized)
+        when :message_deleted
+          SlackInboundMessageDeleteJob.perform_later(normalized)
+        end
+      end
+
+      head :ok
+    end
+
+    private
+
+    def valid_signature?(body)
+      return false if signing_secret.blank?
+
+      timestamp = request.headers["X-Slack-Request-Timestamp"].to_s
+      signature = request.headers["X-Slack-Signature"].to_s
+      return false if timestamp.blank? || signature.blank?
+
+      return false if (Time.now.to_i - timestamp.to_i).abs > 300
+
+      base = "v0:#{timestamp}:#{body}"
+      expected = "v0=" + OpenSSL::HMAC.hexdigest("SHA256", signing_secret, base)
+      ActiveSupport::SecurityUtils.secure_compare(expected, signature)
+    end
+
+    def signing_secret
+      CollavreSlack.config.signing_secret
+    end
+  end
+end

data/app/controllers/collavre_slack/slack_messages_controller.rb

@@ -0,0 +1,24 @@
+module CollavreSlack
+  class SlackMessagesController < ApplicationController
+    before_action :set_creative
+
+    def create
+      unless @creative.has_permission?(Current.user, :feedback)
+        render json: { error: I18n.t("collavre_slack.errors.forbidden") }, status: :forbidden
+        return
+      end
+
+      channel_link = SlackChannelLink.find_by!(creative: @creative)
+      dispatcher = SlackMessageDispatcher.new(channel_link: channel_link)
+      log = dispatcher.enqueue(message: params[:message], sender: Current.user)
+
+      render json: { status: "queued", message_log_id: log.id }, status: :accepted
+    end
+
+    private
+
+    def set_creative
+      @creative = Collavre::Creative.find(params[:creative_id])
+    end
+  end
+end