grape-slack-bot 1.8.2 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 462d6c0759e3fb43903d74d3f8e68abbd17d856c5075a8ab80e7cfee8e94889b
-  data.tar.gz: 19261c6d660846ff858f6121287736fe5710fe72b71c4655a7a7fa0b6c24de24
+  metadata.gz: 5a6e6b020caecc8ee5a8520f7f6f76107d006ca88070189e0cf23428bc10d2e7
+  data.tar.gz: 02aa101bb61f5ad8fc96c9d295e75fe032e1d088d90d3d49b008e09551f53b8c
 SHA512:
-  metadata.gz: 5969bd2cfbf909f3ad7e25674f0a8cb8ed79a1c5a4da6e11830a845dc1304596b3eabdb982322dbcbc98f0ec248d05ebdbf807517acd06a7a65335e1a9805da4
-  data.tar.gz: ada048cc7462c59bf8b5678b0e69feac4e4192ad5f15202d5fbddde1060d1e52654c9cec29eab287dd5894f71ac2d4e3bbd462325e34813497a64108d1d011f2
+  metadata.gz: 3217a763efe6f6b101067c422029450e59efee9ea47d611bef1bd06a166a99404c1243955a3e42a5e9f31a78e9c3cbdd051d324fcd3b0b2414812da3d84f7336
+  data.tar.gz: 3faca964608cb59b26ab6712c4eec82356f0ce761adfb4811d282e7d0051f9cdc58ac6958634feef2e24563b800a38259756a5847e0c6b0d8a3b2b6c62cb74b5

data/CHANGELOG.md

@@ -1,98 +1,117 @@
 # CHANGELOG
 
-## 1.8.2
+## 2.0.0 (2025-11-06)
+
+- Fix status code handling for empty/false responses - ensure 200 OK instead of 204 No Content
+- Fix closure variable scoping issues in helper methods using `define_method` for proper variable capture
+- Fix missing `interaction_klass` method handling in `handle_block_actions_view` using `respond_to?` check
+- Fix `resolve_user_session` method availability in test contexts
+- Improve error handling for handler classes without `interaction_klass` method
+- Add timestamp validation to signature verification to prevent replay attacks (security improvement)
+- Add comprehensive error handling for JSON parsing failures
+- Add network error handling for all Slack API client methods (Faraday exceptions)
+- Add custom error classes: `CallbackUserMismatchError`, `InvalidPayloadError`, `SlackApiError`, `UnknownActionTypeError`
+- Replace all generic `raise` statements with custom error classes
+- Add error handling for unknown event types in events endpoint
+- Simplify `verify_current_user!` method for better readability
+- Improve error messages and error handling throughout the codebase
+- Add RBS type signatures for better type checking and IDE support
+- Add StandardRB configuration for consistent code style
+- Update gemspec to include RBS signature files
+
+## 1.8.2 (2024-12-17)
 
 - Update Slack API client to have more chat methods
 
-## 1.8.1
+## 1.8.1 (2024-12-08)
 
 - Clean up dependencies
 
-## 1.8.0
+## 1.8.0 (2024-05-24)
 
 - Rewind incoming request body when reading it
 
-## 1.7.2
+## 1.7.2 (2024-05-16)
 
 - Fix request secret headers parsing
 
-## 1.7.0
+## 1.7.0 (2024-05-16)
 
 - Add `usersList` and `chat.postEphemeral` methods
 - Core upgrades and clean up
 
-## 1.6.3
+## 1.6.3 (2023-08-30)
 
 - Implement callback for modals
 
-## 1.6.2
+## 1.6.2 (2023-08-30)
 
 - Allow custom handler names for associating with interactions
 
-## 1.6.1
+## 1.6.1 (2023-08-30)
 
 - Unify command, event and interaction rendering methods
 
-## 1.6.0
+## 1.6.0 (2023-08-30)
 
 - Better visibility for missing handlers
 
-## 1.5.8
+## 1.5.8 (2023-08-30)
 
 - Fix event registration
 - Update event interaction example
 
-## 1.5.7
+## 1.5.7 (2023-08-30)
 
 - Raise error if handler class not resolved
 - App home interaction example added
 - Callback logic and usage fixed
 - Views improvements
 
-## 1.5.0
+## 1.5.0 (2023-08-30)
 
 - Complete upgrade of callback storage logic
 
-## 1.4.0
+## 1.4.0 (2023-08-30)
 
 - Allow setting callback expiration time on save and update
 
-## 1.3.0
+## 1.3.0 (2023-08-30)
 
 - Clean up callback arguments, remove unused `method_name`
 
-## 1.2.3
+## 1.2.3 (2023-08-30)
 
 - Minor fix for Events API
 
-## 1.2.2
+## 1.2.2 (2023-08-30)
 
 - `SlackBot::Callback.find` method will raise `SlackBot::Errors::CallbackNotFound` if callback is not resolved or has wrong data
 
-## 1.2.1
+## 1.2.1 (2023-08-30)
 
 - Extract `SlackBot::Logger` to separate file
 
-## 1.2.0
+## 1.2.0 (2023-08-30)
 
 - Remove `Rails.logger` dependency, make logger configurable
 
-## 1.1.0
+## 1.1.0 (2023-08-30)
 
 - Set minimum ruby version requirement to 2.5.0
 
-## 1.0.5
+## 1.0.5 (2023-08-29)
 
 - Add superclass `SlackBot::Error` for all errors
 
-## 1.0.2
+## 1.0.2 (2023-08-29)
 
 - Soften dependencies version requirements
 
-## 1.0.1
+## 1.0.1 (2023-08-29)
 
 - Bump Faraday version to 2.7.10
 
-## 1.0.0
+## 1.0.0 (2023-08-29)
 
 - Initial version

data/README.md

@@ -2,33 +2,105 @@
 
 [![Gem Version](https://badge.fury.io/rb/grape-slack-bot.svg)](https://badge.fury.io/rb/grape-slack-bot) [![Test Status](https://github.com/amkisko/grape-slack-bot.rb/actions/workflows/test.yml/badge.svg)](https://github.com/amkisko/grape-slack-bot.rb/actions/workflows/test.yml) [![codecov](https://codecov.io/gh/amkisko/grape-slack-bot.rb/graph/badge.svg?token=VIZ94XFOR3)](https://codecov.io/gh/amkisko/grape-slack-bot.rb)
 
-Extensible Slack bot implementation gem for [ruby-grape](https://github.com/ruby-grape/grape)
+Extensible Slack bot implementation gem for [ruby-grape](https://github.com/ruby-grape/grape) with support for slash commands, interactive components, events, and views.
 
-Made in [Kisko Labs](https://www.kiskolabs.com).
+Sponsored by [Kisko Labs](https://www.kiskolabs.com).
 
-[![Kisko Labs](kisko.svg)](https://www.kiskolabs.com)
+<a href="https://www.kiskolabs.com">
+  <img src="kisko.svg" width="200" alt="Sponsored by Kisko Labs" />
+</a>
 
-## Install
+## Installation
 
-Using Bundler:
-```sh
-bundle add grape-slack-bot
+Add to your Gemfile:
+
+```ruby
+gem "grape-slack-bot"
 ```
 
-Using RubyGems:
-```sh
-gem install grape-slack-bot
+Run `bundle install` or `gem install grape-slack-bot`.
+
+## Integration with Other Gems
+
+This gem works seamlessly with other gems in the ecosystem:
+
+- **[grape-rails-logger](https://github.com/amkisko/grape-rails-logger.rb)**: Automatically logs all Slack bot requests with structured logging, including request metadata, performance metrics, and parameter filtering. Works automatically when included in your Grape API.
+
+- **[activesupport-json_logging](https://github.com/amkisko/activesupport-json_logging.rb)**: Provides structured JSON logging for Rails applications. When used together, all Slack bot interactions are logged in JSON format, making it easy to parse and analyze logs.
+
+Example setup with both gems:
+
+```ruby
+# config/initializers/json_logging.rb
+Rails.application.configure do
+  base_logger = ActiveSupport::Logger.new($stdout)
+  json_logger = JsonLogging.new(base_logger)
+  config.logger = json_logger
+end
+
+# app/api/slack_bot_api.rb
+class SlackBotApi < Grape::API
+  include SlackBot::GrapeExtension
+  # grape-rails-logger automatically instruments requests
+end
 ```
 
-## Gemfile
+## Usage
+
+Create `app/api/slack_bot_api.rb`, it will contain bot configuration and endpoints setup:
 
 ```ruby
-gem 'grape-slack-bot'
+SlackBot::DevConsole.logger = Rails.logger
+SlackBot::DevConsole.enabled = Rails.env.development?
+SlackBot::Config.configure do
+  callback_storage Rails.cache
+  callback_user_finder ->(id) { User.active.find_by(id: id) }
+
+  # Register event handlers
+  event :app_home_opened, MySlackBot::AppHomeOpenedEvent
+  interaction MySlackBot::AppHomeInteraction
+
+  # Register slash command handlers
+  slash_command_endpoint :game, MySlackBot::Game::MenuCommand do
+    command :start, MySlackBot::Game::StartCommand
+  end
+end
+
+class SlackBotApi < Grape::API
+  include SlackBot::GrapeExtension
+
+  helpers do
+    def config
+      SlackBot::Config.current_instance
+    end
+
+    def resolve_user_session(team_id, user_id)
+      uid = OmniAuth::Strategies::SlackOpenid.generate_uid(team_id, user_id)
+      UserSession.find_by(uid: uid, provider: UserSession.slack_openid_provider)
+    end
+
+    def current_user_session
+      # NOTE: fetch_team_id and fetch_user_id are provided by SlackBot::GrapeHelpers
+      @current_user_session ||=
+        resolve_user_session(fetch_team_id, fetch_user_id)
+    end
+
+    def current_user_ip
+      request.env["action_dispatch.remote_ip"].to_s
+    end
+
+    def current_user
+      @current_user ||= current_user_session&.user
+    end
+  end
+end
 ```
 
-## Gem modules and classes
+In routes file `config/routes.rb` mount the API:
 
-`SlackBot` is the main module that contains all the classes and modules.
+```ruby
+mount SlackBotApi => "/api/slack"
+```
 
 ## Concepts
 
@@ -46,7 +118,6 @@ Characteristics:
 - Can trigger event in background
 
 References:
-- [slash_command.rb](lib/slack_bot/slash_command.rb)
 - [Slash command documentation](https://api.slack.com/interactivity/slash-commands)
 
 ### Interactive component
@@ -58,7 +129,6 @@ Characteristics:
 - Can be associated with event
 
 References:
-- [interaction.rb](lib/slack_bot/interaction.rb)
 - [Interactive components documentation](https://api.slack.com/interactivity/handling)
 
 ### Event
@@ -66,7 +136,6 @@ References:
 Event is a notification that is sent to bot app when something happens in Slack.
 
 References:
-- [event.rb](lib/slack_bot/event.rb)
 - [Event documentation](https://api.slack.com/events-api)
 
 ### View
@@ -77,7 +146,6 @@ Characteristics:
 - Can be associated with slash command, interactive component or event for using ready-made methods like `open_modal`, `update_modal` or `publish_view`
 
 References:
-- [view.rb](lib/slack_bot/view.rb)
 - [App home documentation](https://api.slack.com/surfaces/app-home)
 - [Messages documentation](https://api.slack.com/messaging)
 - [Modals documentation](https://api.slack.com/surfaces/modals)
@@ -95,98 +163,30 @@ Callback is a class for managing interactive component state and handling intera
 
 Example uses `Rails.cache` for storing interactive component state, use `CallbackStorage` for building custom storage class as a base.
 
-References:
-- [callback.rb](lib/slack_bot/callback.rb)
-- [callback_storage.rb](lib/slack_bot/callback_storage.rb)
-
 ### Arguments
 
 Class for handling slash command and interactive element values as queries.
 
 Gem implementation uses `Rack::Utils` for parsing and building query strings.
 
-References:
-- [args.rb](lib/slack_bot/args.rb)
-
 ### Pager
 
 Own implementation of pagination that is relying on [Arguments](#arguments) and [ActiveRecord](https://guides.rubyonrails.org/active_record_querying.html).
 
-References:
-- [pager.rb](lib/slack_bot/pager.rb)
-
-## Specification
-
-- [x] Create any amount of endpoints that will handle Slack calls
-- [x] Create multiple instances of bots and configure them separately or use the same configuration for all bots
-- [x] Define and reuse slash command handlers for Slack slash commands
-- [x] Define interactive component handlers for Slack interactive components
-- [x] Define and reuse views for slash commands, interactive components and events
-- [x] Define event handlers for Slack events
-- [x] Define menu options handlers for Slack menu options
-- [x] Store interactive component state in cache for usage in other handlers
-- [x] Access current user session and user from any handler
-- [x] Extend API endpoint with custom hooks and helpers within [grape specification](https://github.com/ruby-grape/grape)
-- [x] Supports Slack signature verification
-- [ ] Supports Slack socket mode (?)
-- [ ] Supports Slack token rotation
-
-## Usage with grape
-
-Create `app/api/slack_bot_api.rb`, it will contain bot configuration and endpoints setup:
-
-```ruby
-SlackBot::DevConsole.logger = Rails.logger
-SlackBot::DevConsole.enabled = Rails.env.development?
-SlackBot::Config.configure do
-  callback_storage Rails.cache
-  callback_user_finder ->(id) { User.active.find_by(id: id) }
-
-  # TODO: Register event handlers
-  event :app_home_opened, MySlackBot::AppHomeOpenedEvent
-  interaction MySlackBot::AppHomeInteraction
-
-  # TODO: Register slash command handlers
-  slash_command_endpoint :game, MySlackBot::Game::MenuCommand do
-    command :start, MySlackBot::Game::StartCommand
-  end
-end
-
-class SlackBotApi < Grape::API
-  include SlackBot::GrapeExtension
-
-  helpers do
-    def config
-      SlackBot::Config.current_instance
-    end
-
-    def resolve_user_session(team_id, user_id)
-      uid = OmniAuth::Strategies::SlackOpenid.generate_uid(team_id, user_id)
-      UserSession.find_by(uid: uid, provider: UserSession.slack_openid_provider)
-    end
-
-    def current_user_session
-      # NOTE: fetch_team_id and fetch_user_id are provided by SlackBot::Grape::ApiExtension
-      @current_user_session ||=
-        resolve_user_session(fetch_team_id, fetch_user_id)
-    end
-
-    def current_user_ip
-      request.env["action_dispatch.remote_ip"].to_s
-    end
-
-    def current_user
-      @current_user ||= current_user_session&.user
-    end
-  end
-end
-```
-
-In routes file `config/routes.rb` mount the API:
-
-```ruby
-mount SlackBotApi => "/api/slack"
-```
+## Features
+
+- Create any amount of endpoints that will handle Slack calls
+- Create multiple instances of bots and configure them separately or use the same configuration for all bots
+- Define and reuse slash command handlers for Slack slash commands
+- Define interactive component handlers for Slack interactive components
+- Define and reuse views for slash commands, interactive components and events
+- Define event handlers for Slack events
+- Define menu options handlers for Slack menu options
+- Store interactive component state in cache for usage in other handlers
+- Access current user session and user from any handler
+- Extend API endpoint with custom hooks and helpers within [grape specification](https://github.com/ruby-grape/grape)
+- Supports Slack signature verification with timestamp validation (replay attack protection)
+- Automatic error handling for network failures and malformed payloads
 
 ## Slack bot manifest
 
@@ -246,7 +246,9 @@ settings:
   token_rotation_enabled: false
 ```
 
-## Command example
+## Examples
+
+### Command example
 
 ```ruby
 module MySlackBot::Game
@@ -265,10 +267,9 @@ module MySlackBot::Game
     end
   end
 end
-
 ```
 
-## Interaction example
+### Interaction example
 
 ```ruby
 module MySlackBot::Game
@@ -296,7 +297,7 @@ module MySlackBot::Game
 end
 ```
 
-App home interaction example:
+### App home interaction example
 
 ```ruby
 module MySlackBot
@@ -320,7 +321,7 @@ module MySlackBot
 end
 ```
 
-## View example
+### View example
 
 Modal view example:
 
@@ -434,12 +435,11 @@ module MySlackBot
     def index_view
       blocks = []
       if current_user.present?
-        blocks += {
+        blocks << {
           type: "section",
           text: {
             type: "mrkdwn",
-            text:
-              "*Hello, #{current_user.name}!*"
+            text: "*Hello, #{current_user.name}!*"
           }
         }
       else
@@ -447,8 +447,7 @@ module MySlackBot
           type: "section",
           text: {
             type: "mrkdwn",
-            text:
-              "*Please login at https://example.com using Slack*"
+            text: "*Please login at https://example.com using Slack*"
           }
         }
       end
@@ -473,7 +472,7 @@ module MySlackBot
 end
 ```
 
-## Event example
+### Event example
 
 ```ruby
 module MySlackBot
@@ -493,11 +492,29 @@ module MySlackBot
 end
 ```
 
-## Extensibility
+## Security
+
+The gem implements Slack's signature verification with the following security features:
+
+- **Signature verification**: Validates requests using HMAC-SHA256 signature
+- **Timestamp validation**: Rejects requests older than 5 minutes to prevent replay attacks
+- **Secure comparison**: Uses `ActiveSupport::SecurityUtils.secure_compare` to prevent timing attacks
 
-You can patch any class or module in this gem to extend its functionality, most of parts are not hardly attached to each other.
+## Compatibility
 
-## Development and testing
+- Grape >= 1.6, < 3.0
+- Rails >= 5.0 (for ActionDispatch::RemoteIp)
+- Ruby >= 3.0
+- ActiveSupport >= 5.0
+
+## Development
+
+```bash
+bundle install
+bundle exec rspec
+bundle exec rbs validate
+bundle exec standardrb --fix
+```
 
 For development and testing purposes you can use [Cloudflare Argo Tunnel](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps) to expose your local development environment to the internet.
 
@@ -509,28 +526,38 @@ sudo cloudflared tunnel run --token <LONG_TOKEN_FROM_TUNNEL_PAGE>
 
 For easiness of getting information, most of endpoints have `SlackBot::DevConsole.log` calls that will print out information to the console.
 
+### Code Quality
+
+The gem uses [StandardRB](https://github.com/standardrb/standard) for consistent code style. Run `bundle exec standardrb --fix` to automatically fix style issues.
+
+The gem includes [RBS](https://github.com/ruby/rbs) type signatures in the `sig/` directory for better type checking and IDE support. Type signatures are included in the gem package.
+
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/amkisko/grape-slack-bot.rb
 
 Contribution policy:
-- New features are not nessessarily added to the gem
+- New features are not necessarily added to the gem
 - Pull request should have test coverage for affected parts
 - Pull request should have changelog entry
+
+Review policy:
 - It might take up to 2 calendar weeks to review and merge critical fixes
 - It might take up to 6 calendar months to review and merge pull request
 - It might take up to 1 calendar year to review an issue
 
 ## Publishing
 
-Prefer using script `usr/bin/release.sh`, it will ensure that repository is synced and after publishing gem will create a tag.
-
 ```sh
-GEM_VERSION=$(grep -Eo "VERSION\s*=\s*\".+\"" lib/slack_bot.rb  | grep -Eo "[0-9.]{5,}")
 rm grape-slack-bot-*.gem
 gem build grape-slack-bot.gemspec
-gem push grape-slack-bot-$GEM_VERSION.gem
-git tag $GEM_VERSION && git push --tags
+gem push grape-slack-bot-*.gem
+```
+
+Or use the release script:
+
+```sh
+usr/bin/release.sh
 ```
 
 ## License

data/grape-slack-bot.gemspec

@@ -11,7 +11,7 @@ Gem::Specification.new do |gem|
   gem.platform = Gem::Platform::RUBY
 
   gem.authors = ["Andrei Makarov"]
-  gem.email = ["andrei@kiskolabs.com"]
+  gem.email = ["contact@kiskolabs.com"]
   gem.homepage = repository_url
   gem.summary = "Slack bot implementation for ruby-grape"
   gem.description = gem.summary
@@ -24,20 +24,25 @@ Gem::Specification.new do |gem|
   }
 
   gem.executables = Dir.glob("bin/*").map { |f| File.basename(f) }
-  gem.files = Dir.glob("lib/**/*.rb") + Dir.glob("bin/**/*") + root_files
+  gem.files = Dir.glob("lib/**/*.rb") + Dir.glob("bin/**/*") + Dir.glob("sig/**/*.rbs") + root_files
 
   gem.required_ruby_version = ">= 3"
   gem.require_paths = ["lib"]
 
-  gem.add_runtime_dependency "rack", "> 2"
-  gem.add_runtime_dependency "grape", "> 1"
-  gem.add_runtime_dependency "faraday", "> 1"
-  gem.add_runtime_dependency "activesupport", "> 5"
+  gem.add_runtime_dependency "rack", "~> 3.0"
+  gem.add_runtime_dependency "grape", ">= 1.6", "< 3.0"
+  gem.add_runtime_dependency "faraday", "~> 2.0"
+  gem.add_runtime_dependency "activesupport", ">= 6.1", "< 9.0"
 
-  gem.add_development_dependency "bundler", "~> 2"
-  gem.add_development_dependency "rspec", "~> 3"
-  gem.add_development_dependency "rspec_junit_formatter", "~> 0.6"
+  gem.add_development_dependency "rspec", "~> 3.12"
   gem.add_development_dependency "webmock", "~> 3"
+  gem.add_development_dependency "rake", "~> 13.0"
   gem.add_development_dependency "simplecov", "~> 0.21"
-  gem.add_development_dependency "simplecov-cobertura", "~> 2"
+  gem.add_development_dependency "rspec_junit_formatter", "~> 0.6"
+  gem.add_development_dependency "simplecov-cobertura", "~> 3"
+  gem.add_development_dependency "standard", "~> 1.0"
+  gem.add_development_dependency "appraisal", "~> 2.4"
+  gem.add_development_dependency "memory_profiler", "~> 1.0"
+  gem.add_development_dependency "rbs", "~> 3.0"
+  gem.add_development_dependency "rack-test", "~> 2.0"
 end