grape-slack-bot 1.8.2 → 2.0.0

data/lib/slack_bot/api_client.rb

@@ -16,90 +16,176 @@ module SlackBot
       data["error"]
     end
 
+    def rate_limited?
+      response.status == 429 || (data["ok"] == false && data["error"] == "rate_limited")
+    end
+
+    def retry_after
+      response.headers["Retry-After"]&.to_i || 60
+    end
+
+    def slack_error?
+      !ok? && error.present?
+    end
+
+    def authentication_error?
+      slack_error? && %w[invalid_auth account_inactive].include?(error)
+    end
+
     def data
       JSON.parse(response.body)
+    rescue JSON::ParserError => e
+      SlackBot::Logger.error("Failed to parse Slack API response: #{e.message}")
+      {"ok" => false, "error" => "invalid_json_response"}
     end
   end
 
   class ApiClient
+    # Slack API base URL
+    SLACK_API_BASE_URL = "https://slack.com/api/"
+    # Request timeout in seconds
+    REQUEST_TIMEOUT = 30
+    # Connection timeout in seconds
+    CONNECTION_TIMEOUT = 10
+
     attr_reader :client
     def initialize(authorization_token: ENV["SLACK_BOT_API_TOKEN"])
       authorization_token_available = !authorization_token.nil? && authorization_token.is_a?(String) && !authorization_token.empty?
-      raise "Slack bot API token is not set" if !authorization_token_available
+      unless authorization_token_available
+        raise SlackBot::Errors::SlackApiError.new("Slack bot API token is not set")
+      end
+
+      # Validate token format
+      # Bot tokens: xoxb-, User tokens: xoxp-, App tokens: xoxa-
+      # For this gem, we primarily expect bot tokens (xoxb-)
+      # Allow test tokens (starting with "test_") for testing purposes
+      unless authorization_token.start_with?("test_") || authorization_token.match?(/\Axox[bpa]-/)
+        raise SlackBot::Errors::SlackApiError.new("Invalid Slack API token format")
+      end
 
       @client =
         Faraday.new do |conn|
           conn.request :url_encoded
           conn.adapter Faraday.default_adapter
-          conn.url_prefix = "https://slack.com/api/"
+          conn.url_prefix = SLACK_API_BASE_URL
           conn.headers["Content-Type"] = "application/json; charset=utf-8"
           conn.headers["Authorization"] = "Bearer #{authorization_token}"
+          conn.options.timeout = REQUEST_TIMEOUT
+          conn.options.open_timeout = CONNECTION_TIMEOUT
         end
     end
 
     def views_open(trigger_id:, view:)
-      ApiResponse.new { client.post("views.open", {trigger_id: trigger_id, view: view}.to_json) }
+      ApiResponse.new do
+        client.post("views.open", {trigger_id: trigger_id, view: view}.to_json)
+      rescue Faraday::Error => e
+        raise SlackBot::Errors::SlackApiError.new("Network error: #{e.message}")
+      end
     end
 
     def views_update(view_id:, view:)
-      ApiResponse.new { client.post("views.update", {view_id: view_id, view: view}.to_json) }
+      ApiResponse.new do
+        client.post("views.update", {view_id: view_id, view: view}.to_json)
+      rescue Faraday::Error => e
+        raise SlackBot::Errors::SlackApiError.new("Network error: #{e.message}")
+      end
     end
 
     def chat_post_message(channel:, text:, blocks:)
-      ApiResponse.new { client.post("chat.postMessage", {channel: channel, text: text, blocks: blocks}.to_json) }
+      ApiResponse.new do
+        client.post("chat.postMessage", {channel: channel, text: text, blocks: blocks}.to_json)
+      rescue Faraday::Error => e
+        raise SlackBot::Errors::SlackApiError.new("Network error: #{e.message}")
+      end
     end
 
     def chat_update(channel:, ts:, text:, blocks:)
-      ApiResponse.new { client.post("chat.update", {channel: channel, ts: ts, text: text, blocks: blocks}.to_json) }
+      ApiResponse.new do
+        client.post("chat.update", {channel: channel, ts: ts, text: text, blocks: blocks}.to_json)
+      rescue Faraday::Error => e
+        raise SlackBot::Errors::SlackApiError.new("Network error: #{e.message}")
+      end
     end
 
     def chat_delete(channel:, ts:)
-      ApiResponse.new { client.post("chat.delete", {channel: channel, ts: ts}.to_json) }
+      ApiResponse.new do
+        client.post("chat.delete", {channel: channel, ts: ts}.to_json)
+      rescue Faraday::Error => e
+        raise SlackBot::Errors::SlackApiError.new("Network error: #{e.message}")
+      end
     end
 
     def chat_unfurl(channel:, ts:, unfurls:, source: nil, unfurl_id: nil, user_auth_blocks: nil, user_auth_message: nil, user_auth_required: nil, user_auth_url: nil)
-      ApiResponse.new { client.post("chat.unfurl", {
-        channel: channel,
-        ts: ts,
-        unfurls: unfurls,
-        source: source,
-        unfurl_id: unfurl_id,
-        user_auth_blocks: user_auth_blocks,
-        user_auth_message: user_auth_message,
-        user_auth_required: user_auth_required,
-        user_auth_url: user_auth_url
-      }.to_json) }
+      ApiResponse.new do
+        client.post("chat.unfurl", {
+          channel: channel,
+          ts: ts,
+          unfurls: unfurls,
+          source: source,
+          unfurl_id: unfurl_id,
+          user_auth_blocks: user_auth_blocks,
+          user_auth_message: user_auth_message,
+          user_auth_required: user_auth_required,
+          user_auth_url: user_auth_url
+        }.to_json)
+      rescue Faraday::Error => e
+        raise SlackBot::Errors::SlackApiError.new("Network error: #{e.message}")
+      end
     end
 
     def chat_schedule_message(channel:, text:, post_at:, blocks: nil)
-      ApiResponse.new { client.post("chat.scheduleMessage", {channel: channel, text: text, post_at: post_at, blocks: blocks}.to_json) }
+      ApiResponse.new do
+        client.post("chat.scheduleMessage", {channel: channel, text: text, post_at: post_at, blocks: blocks}.to_json)
+      rescue Faraday::Error => e
+        raise SlackBot::Errors::SlackApiError.new("Network error: #{e.message}")
+      end
     end
 
     def scheduled_messages_list(channel: nil, cursor: nil, latest: nil, limit: nil, oldest: nil, team_id: nil)
-      ApiResponse.new { client.post("scheduled_messages.list", {
-        channel: channel,
-        cursor: cursor,
-        latest: latest,
-        limit: limit,
-        oldest: oldest,
-        team_id: team_id
-      }.to_json) }
+      ApiResponse.new do
+        client.post("scheduled_messages.list", {
+          channel: channel,
+          cursor: cursor,
+          latest: latest,
+          limit: limit,
+          oldest: oldest,
+          team_id: team_id
+        }.to_json)
+      rescue Faraday::Error => e
+        raise SlackBot::Errors::SlackApiError.new("Network error: #{e.message}")
+      end
     end
 
     def chat_delete_scheduled_message(channel:, scheduled_message_id:)
-      ApiResponse.new { client.post("chat.deleteScheduledMessage", {channel: channel, scheduled_message_id: scheduled_message_id}.to_json) }
+      ApiResponse.new do
+        client.post("chat.deleteScheduledMessage", {channel: channel, scheduled_message_id: scheduled_message_id}.to_json)
+      rescue Faraday::Error => e
+        raise SlackBot::Errors::SlackApiError.new("Network error: #{e.message}")
+      end
     end
 
     def chat_get_permalink(channel:, message_ts:)
-      ApiResponse.new { client.post("chat.getPermalink", {channel: channel, message_ts: message_ts}.to_json) }
+      ApiResponse.new do
+        client.post("chat.getPermalink", {channel: channel, message_ts: message_ts}.to_json)
+      rescue Faraday::Error => e
+        raise SlackBot::Errors::SlackApiError.new("Network error: #{e.message}")
+      end
     end
 
     def users_info(user_id:)
-      ApiResponse.new { client.post("users.info", {user: user_id}.to_json) }
+      ApiResponse.new do
+        client.post("users.info", {user: user_id}.to_json)
+      rescue Faraday::Error => e
+        raise SlackBot::Errors::SlackApiError.new("Network error: #{e.message}")
+      end
     end
 
     def views_publish(user_id:, view:)
-      ApiResponse.new { client.post("views.publish", {user_id: user_id, view: view}.to_json) }
+      ApiResponse.new do
+        client.post("views.publish", {user_id: user_id, view: view}.to_json)
+      rescue Faraday::Error => e
+        raise SlackBot::Errors::SlackApiError.new("Network error: #{e.message}")
+      end
     end
 
     def users_list(cursor: nil, limit: 200, include_locale: nil, team_id: nil)
@@ -108,7 +194,11 @@ module SlackBot
       args[:limit] = limit if limit
       args[:include_locale] = include_locale if include_locale
       args[:team_id] = team_id if team_id
-      ApiResponse.new { client.post("users.list", args.to_json) }
+      ApiResponse.new do
+        client.post("users.list", args.to_json)
+      rescue Faraday::Error => e
+        raise SlackBot::Errors::SlackApiError.new("Network error: #{e.message}")
+      end
     end
 
     def chat_post_ephemeral(channel:, user:, text:, as_user: nil, attachments: nil, blocks: nil, icon_emoji: nil, icon_url: nil, link_names: nil, parse: nil, thread_ts: nil, username: nil)
@@ -125,7 +215,11 @@ module SlackBot
       args[:parse] = parse if parse
       args[:thread_ts] = thread_ts if thread_ts
       args[:username] = username if username
-      ApiResponse.new { client.post("chat.postEphemeral", args.to_json) }
+      ApiResponse.new do
+        client.post("chat.postEphemeral", args.to_json)
+      rescue Faraday::Error => e
+        raise SlackBot::Errors::SlackApiError.new("Network error: #{e.message}")
+      end
     end
   end
 end

data/lib/slack_bot/args.rb

@@ -44,6 +44,8 @@ module SlackBot
       self.args = @parser.new(raw_args).call&.with_indifferent_access || {}
     end
 
+    attr_reader :raw_args
+
     def to_s
       @builder.new(args).call
     end

data/lib/slack_bot/callback.rb

@@ -37,7 +37,8 @@ module SlackBot
       create(id: id, class_name: class_name, user: user, channel_id: channel_id, payload: payload, config: config, expires_in: expires_in, user_scope: user_scope)
     end
 
-    attr_reader :id, :data, :args, :config, :expires_in, :user_scope
+    attr_reader :data, :args, :config, :expires_in, :user_scope
+    attr_accessor :id
     def initialize(id: nil, class_name: nil, user: nil, channel_id: nil, payload: nil, config: nil, expires_in: nil, user_scope: nil, view_id: nil)
       @id = id
       @data = {
@@ -50,7 +51,7 @@ module SlackBot
       @args = SlackBot::Args.new
       @config = config || SlackBot::Config.current_instance
       @expires_in = expires_in || CALLBACK_RECORD_EXPIRES_IN
-      @user_scope = user_scope.nil? ? true : user_scope
+      @user_scope = user_scope.nil? || user_scope
     end
 
     def reload
@@ -102,18 +103,34 @@ module SlackBot
       @data[:user_id] = user&.id
     end
 
+    def class_name
+      data[:class_name]
+    end
+
     def class_name=(class_name)
       @data[:class_name] = class_name
     end
 
+    def channel_id
+      data[:channel_id]
+    end
+
     def channel_id=(channel_id)
       @data[:channel_id] = channel_id
     end
 
+    def payload
+      data[:payload]
+    end
+
     def payload=(payload)
       @data[:payload] = payload
     end
 
+    def view_id
+      data[:view_id]
+    end
+
     def view_id=(view_id)
       @data[:view_id] = view_id
     end
@@ -138,6 +155,10 @@ module SlackBot
       super
     end
 
+    def respond_to_missing?(method_name, include_private = false)
+      data.key?(method_name.to_sym) || (data[:payload].is_a?(Hash) && data[:payload].key?(method_name.to_s)) || super
+    end
+
     def read_view_callback_id
       return if view_id.blank?
 
@@ -159,13 +180,17 @@ module SlackBot
     end
 
     def storage_key
-      raise "User is required for scoped callback" if user.blank?
+      if user.blank?
+        raise SlackBot::Errors::SlackApiError.new("User is required for scoped callback")
+      end
 
       "#{CALLBACK_KEY_PREFIX}:u#{user.id}:#{id}"
     end
 
     def view_storage_key
-      raise "User is required for scoped callback" if user.blank?
+      if user.blank?
+        raise SlackBot::Errors::SlackApiError.new("User is required for scoped callback")
+      end
 
       "#{CALLBACK_KEY_PREFIX}:u#{user.id}:#{view_id}"
     end

data/lib/slack_bot/callback_storage.rb

@@ -1,15 +1,15 @@
 module SlackBot
   class CallbackStorage
     def read(*_args, **_kwargs)
-      raise "Not implemented"
+      raise SlackBot::Errors::NotImplementedError.new("CallbackStorage#read must be implemented by subclass")
     end
 
     def write(*_args, **_kwargs)
-      raise "Not implemented"
+      raise SlackBot::Errors::NotImplementedError.new("CallbackStorage#write must be implemented by subclass")
     end
 
     def delete(*_args, **_kwargs)
-      raise "Not implemented"
+      raise SlackBot::Errors::NotImplementedError.new("CallbackStorage#delete must be implemented by subclass")
     end
   end
 end

data/lib/slack_bot/config.rb

@@ -80,11 +80,15 @@ module SlackBot
 
     def handler_class(class_name, klass)
       @handler_classes ||= {}
+      return if class_name.nil?
+
       @handler_classes[class_name.to_sym] = klass
     end
 
     def find_handler_class(class_name)
       @handler_classes ||= {}
+      return if class_name.nil?
+
       @handler_classes.fetch(class_name.to_sym)
     rescue KeyError
       raise SlackBot::Errors::HandlerClassNotFound.new(class_name, handler_classes: @handler_classes)

data/lib/slack_bot/errors.rb

@@ -62,5 +62,25 @@ module SlackBot
 
     class PublishViewError < SlackResponseError
     end
+
+    class CallbackUserMismatchError < SlackBot::Error
+    end
+
+    class InvalidPayloadError < SlackBot::Error
+    end
+
+    class SlackApiError < SlackBot::Error
+    end
+
+    class UnknownActionTypeError < SlackBot::Error
+      attr_reader :action_type
+      def initialize(action_type)
+        @action_type = action_type
+        super("Unknown action type: #{action_type}")
+      end
+    end
+
+    class NotImplementedError < SlackBot::Error
+    end
   end
 end

data/lib/slack_bot/grape_extension.rb

@@ -1,8 +1,14 @@
 require "active_support"
 require "active_support/core_ext/object"
+require "active_support/security_utils"
 
 module SlackBot
   module GrapeHelpers
+    # Slack recommends rejecting requests older than 5 minutes
+    TIMESTAMP_TOLERANCE_SECONDS = 300
+    # Minimum length for Slack signing secret (Slack's requirement)
+    MIN_SIGNING_SECRET_LENGTH = 32
+
     def fetch_team_id
       params.dig("team_id") || params.dig("team", "id")
     end
@@ -19,9 +25,26 @@ module SlackBot
         raise SlackBot::Errors::SignatureAuthenticationError.new("Missing signature headers")
       end
 
-      request.body.rewind
-      request_body = request.body.read
-      request.body.rewind
+      # Validate signing secret format (allow test secrets for testing)
+      unless slack_signing_secret.start_with?("test_") || slack_signing_secret.length >= MIN_SIGNING_SECRET_LENGTH
+        raise SlackBot::Errors::SignatureAuthenticationError.new("Invalid signing secret format")
+      end
+
+      # Validate timestamp to prevent replay attacks (Slack recommends 5 minutes)
+      request_timestamp = timestamp.to_i
+      current_timestamp = Time.now.to_i
+      if (current_timestamp - request_timestamp).abs > TIMESTAMP_TOLERANCE_SECONDS
+        raise SlackBot::Errors::SignatureAuthenticationError.new("Request timestamp too old")
+      end
+
+      request_body = if request.body
+        request.body.rewind if request.body.respond_to?(:rewind)
+        body_content = request.body.read
+        request.body.rewind if request.body.respond_to?(:rewind)
+        body_content
+      else
+        ""
+      end
 
       sig_basestring = "v0:#{timestamp}:#{request_body}"
       my_signature =
@@ -61,11 +84,9 @@ module SlackBot
     end
 
     def verify_current_user!
-      if current_user
-        true
-      else
-        raise SlackBot::Errors::UserAuthenticationError.new("User is not authorized")
-      end
+      return true if current_user
+
+      raise SlackBot::Errors::UserAuthenticationError.new("User is not authorized")
     end
 
     def events_callback(params)
@@ -73,7 +94,7 @@ module SlackBot
 
       SlackBot::DevConsole.log_input "SlackApi::Events#events_callback: #{params.inspect}"
       handler = config.find_event_handler(params[:event][:type].to_sym)
-      return if handler.blank?
+      return false if handler.blank?
 
       event = handler.new(params: params, current_user: current_user)
       event.call
@@ -84,6 +105,12 @@ module SlackBot
       {challenge: params[:challenge]}
     end
 
+    def validate_callback_user!(callback, user)
+      if callback.user_id != user.id
+        raise SlackBot::Errors::CallbackUserMismatchError.new("Callback user is not equal to action user")
+      end
+    end
+
     def handle_block_actions_view(view:, user:, params:)
       callback_id = view&.dig("callback_id")
 
@@ -92,12 +119,11 @@ module SlackBot
 
       SlackBot::DevConsole.log_check "SlackApi::Interactions##{__method__}: #{callback.id} #{callback.payload} #{callback.user_id} #{user&.id}"
 
-      if callback.user_id != user.id
-        raise "Callback user is not equal to action user"
-      end
+      validate_callback_user!(callback, user)
 
-      interaction_klass = callback.handler_class&.interaction_klass
-      return if interaction_klass.blank?
+      handler_class_obj = callback.handler_class
+      interaction_klass = handler_class_obj&.interaction_klass if handler_class_obj&.respond_to?(:interaction_klass)
+      return false if interaction_klass.blank?
 
       interaction_klass.new(current_user: user, params: params, callback: callback, config: config).call
     end
@@ -107,9 +133,16 @@ module SlackBot
     def self.included(base)
       base.format :json
       base.content_type :json, "application/json"
-      base.use ActionDispatch::RemoteIp
+      base.use ActionDispatch::RemoteIp if defined?(ActionDispatch::RemoteIp)
       base.helpers SlackBot::GrapeHelpers
 
+      # Handle custom errors
+      # Slack API requires 200 OK responses to avoid retries
+      # Errors should be returned as 200 OK with error information in the response body
+      base.rescue_from SlackBot::Error do |e|
+        error!({error: e.message}, 200)
+      end
+
       base.before do
         verify_slack_signature!
       end
@@ -135,7 +168,11 @@ module SlackBot
           verify_current_user! if action.only_user?
 
           result = action.call
-          return body false if !result
+          if !result
+            body false
+            status 200
+            return
+          end
 
           result
         end
@@ -143,7 +180,11 @@ module SlackBot
 
       base.resource :interactions do
         post do
-          payload = JSON.parse(params[:payload])
+          begin
+            payload = JSON.parse(params[:payload])
+          rescue JSON::ParserError => e
+            raise SlackBot::Errors::InvalidPayloadError.new("Invalid JSON payload: #{e.message}")
+          end
 
           action_user_session =
             resolve_user_session(
@@ -161,10 +202,14 @@ module SlackBot
               params: params
             )
           else
-            raise "Unknown action type: #{action_type}"
+            raise SlackBot::Errors::UnknownActionTypeError.new(action_type)
           end
 
-          return body false if result.blank?
+          if result.blank? || result == false
+            body false
+            status 200
+            return
+          end
 
           result
         end
@@ -178,9 +223,15 @@ module SlackBot
               url_verification(params)
             when "event_callback"
               events_callback(params)
+            else
+              raise SlackBot::Errors::UnknownActionTypeError.new(params[:type])
             end
 
-          return body false if result.blank?
+          if result.blank? || result == false
+            body false
+            status 200
+            return
+          end
 
           result
         end
@@ -195,7 +246,11 @@ module SlackBot
           raise SlackBot::Errors::MenuOptionsNotImplemented.new if menu_options_klass.blank?
 
           menu_options = menu_options_klass.new(current_user: current_user, params: params, config: config).call
-          return body false if menu_options.blank?
+          if menu_options.blank?
+            body false
+            status 200
+            return
+          end
 
           menu_options
         end

data/lib/slack_bot/interaction.rb

@@ -149,7 +149,11 @@ module SlackBot
     end
 
     def payload
-      @payload ||= JSON.parse(params[:payload])
+      @payload ||= begin
+        JSON.parse(params[:payload])
+      rescue JSON::ParserError => e
+        raise SlackBot::Errors::InvalidPayloadError.new("Invalid JSON payload: #{e.message}")
+      end
     end
   end
 end

data/lib/slack_bot/logger.rb

@@ -4,5 +4,20 @@ module SlackBot
       puts args.inspect if args.any?
       puts kwargs.inspect if kwargs.any?
     end
+
+    def error(*args, **kwargs)
+      puts args.inspect if args.any?
+      puts kwargs.inspect if kwargs.any?
+    end
+
+    def warn(*args, **kwargs)
+      puts args.inspect if args.any?
+      puts kwargs.inspect if kwargs.any?
+    end
+
+    def debug(*args, **kwargs)
+      puts args.inspect if args.any?
+      puts kwargs.inspect if kwargs.any?
+    end
   end
 end

data/lib/slack_bot/menu_options.rb

@@ -6,5 +6,9 @@ module SlackBot
       @params = params
       @config = config || SlackBot::Config.current_instance
     end
+
+    def call
+      nil
+    end
   end
 end

data/lib/slack_bot/view.rb

@@ -22,14 +22,18 @@ module SlackBot
       super
     end
 
+    def respond_to_missing?(method_name, include_private = false)
+      (@context.is_a?(Hash) && @context.key?(method_name.to_sym)) || super
+    end
+
     def text_modal
       {
         title: {
           type: "plain_text",
-          text: context[:title]
+          text: context&.dig(:title) || ""
         },
         blocks: [
-          {type: "section", text: {type: "mrkdwn", text: context[:text]}}
+          {type: "section", text: {type: "mrkdwn", text: context&.dig(:text) || ""}}
         ]
       }
     end

data/lib/slack_bot.rb

@@ -1,3 +1,6 @@
+require "json"
+require "openssl"
+
 require "slack_bot/logger"
 require "slack_bot/dev_console"
 
@@ -22,5 +25,5 @@ require "slack_bot/pager"
 require "slack_bot/grape_extension"
 
 module SlackBot
-  VERSION = "1.8.2".freeze
+  VERSION = "2.0.0".freeze
 end