From 76fa840b52ea79f05e5e681abca92b279de78182 Mon Sep 17 00:00:00 2001
From: Joram Wilander <jwawilander@gmail.com>
Date: Tue, 28 Feb 2017 04:31:53 -0500
Subject: Move webhook logic from api layer to app layer (#5527)

* Move webhook logic from api layer to app layer

* Consolidate error messages

* Fix permission check and unit test
---
 app/webhook.go | 303 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 298 insertions(+), 5 deletions(-)

(limited to 'app/webhook.go')

diff --git a/app/webhook.go b/app/webhook.go
index c9485c807..6f1cec4a8 100644
--- a/app/webhook.go
+++ b/app/webhook.go
@@ -10,10 +10,12 @@ import (
 	"net/http"
 	"regexp"
 	"strings"
+	"unicode/utf8"
 
 	l4g "github.com/alecthomas/log4go"
 	"github.com/mattermost/platform/einterfaces"
 	"github.com/mattermost/platform/model"
+	"github.com/mattermost/platform/store"
 	"github.com/mattermost/platform/utils"
 )
 
@@ -193,12 +195,12 @@ func CreateWebhookPost(userId, teamId, channelId, text, overrideUsername, overri
 	return post, nil
 }
 
-func CreateIncomingWebhookForChannel(userId string, channel *model.Channel, hook *model.IncomingWebhook) (*model.IncomingWebhook, *model.AppError) {
+func CreateIncomingWebhookForChannel(creatorId string, channel *model.Channel, hook *model.IncomingWebhook) (*model.IncomingWebhook, *model.AppError) {
 	if !utils.Cfg.ServiceSettings.EnableIncomingWebhooks {
-		return nil, model.NewAppError("CreateIncomingWebhookForChannel", "api.webhook.create_incoming.disabled.app_error", nil, "", http.StatusNotImplemented)
+		return nil, model.NewAppError("CreateIncomingWebhookForChannel", "api.incoming_webhook.disabled.app_error", nil, "", http.StatusNotImplemented)
 	}
 
-	hook.UserId = userId
+	hook.UserId = creatorId
 	hook.TeamId = channel.TeamId
 
 	if result := <-Srv.Store.Webhook().SaveIncoming(hook); result.Err != nil {
@@ -208,9 +210,53 @@ func CreateIncomingWebhookForChannel(userId string, channel *model.Channel, hook
 	}
 }
 
+func UpdateIncomingWebhook(oldHook, updatedHook *model.IncomingWebhook) (*model.IncomingWebhook, *model.AppError) {
+	if !utils.Cfg.ServiceSettings.EnableIncomingWebhooks {
+		return nil, model.NewAppError("UpdateIncomingWebhook", "api.incoming_webhook.disabled.app_error", nil, "", http.StatusNotImplemented)
+	}
+
+	updatedHook.UserId = oldHook.UserId
+	updatedHook.CreateAt = oldHook.CreateAt
+	updatedHook.UpdateAt = model.GetMillis()
+	updatedHook.TeamId = oldHook.TeamId
+	updatedHook.DeleteAt = oldHook.DeleteAt
+
+	if result := <-Srv.Store.Webhook().UpdateIncoming(updatedHook); result.Err != nil {
+		return nil, result.Err
+	} else {
+		return result.Data.(*model.IncomingWebhook), nil
+	}
+}
+
+func DeleteIncomingWebhook(hookId string) *model.AppError {
+	if !utils.Cfg.ServiceSettings.EnableIncomingWebhooks {
+		return model.NewAppError("DeleteIncomingWebhook", "api.incoming_webhook.disabled.app_error", nil, "", http.StatusNotImplemented)
+	}
+
+	if result := <-Srv.Store.Webhook().DeleteIncoming(hookId, model.GetMillis()); result.Err != nil {
+		return result.Err
+	}
+
+	InvalidateCacheForWebhook(hookId)
+
+	return nil
+}
+
+func GetIncomingWebhook(hookId string) (*model.IncomingWebhook, *model.AppError) {
+	if !utils.Cfg.ServiceSettings.EnableIncomingWebhooks {
+		return nil, model.NewAppError("GetIncomingWebhook", "api.incoming_webhook.disabled.app_error", nil, "", http.StatusNotImplemented)
+	}
+
+	if result := <-Srv.Store.Webhook().GetIncoming(hookId, true); result.Err != nil {
+		return nil, result.Err
+	} else {
+		return result.Data.(*model.IncomingWebhook), nil
+	}
+}
+
 func GetIncomingWebhooksForTeamPage(teamId string, page, perPage int) ([]*model.IncomingWebhook, *model.AppError) {
 	if !utils.Cfg.ServiceSettings.EnableIncomingWebhooks {
-		return nil, model.NewAppError("GetIncomingWebhooksForTeamPage", "api.webhook.get_incoming.disabled.app_error", nil, "", http.StatusNotImplemented)
+		return nil, model.NewAppError("GetIncomingWebhooksForTeamPage", "api.incoming_webhook.disabled.app_error", nil, "", http.StatusNotImplemented)
 	}
 
 	if result := <-Srv.Store.Webhook().GetIncomingByTeam(teamId, page*perPage, perPage); result.Err != nil {
@@ -222,7 +268,7 @@ func GetIncomingWebhooksForTeamPage(teamId string, page, perPage int) ([]*model.
 
 func GetIncomingWebhooksPage(page, perPage int) ([]*model.IncomingWebhook, *model.AppError) {
 	if !utils.Cfg.ServiceSettings.EnableIncomingWebhooks {
-		return nil, model.NewAppError("GetIncomingWebhooksPage", "api.webhook.get_incoming.disabled.app_error", nil, "", http.StatusNotImplemented)
+		return nil, model.NewAppError("GetIncomingWebhooksPage", "api.incoming_webhook.disabled.app_error", nil, "", http.StatusNotImplemented)
 	}
 
 	if result := <-Srv.Store.Webhook().GetIncomingList(page*perPage, perPage); result.Err != nil {
@@ -231,3 +277,250 @@ func GetIncomingWebhooksPage(page, perPage int) ([]*model.IncomingWebhook, *mode
 		return result.Data.([]*model.IncomingWebhook), nil
 	}
 }
+
+func CreateOutgoingWebhook(hook *model.OutgoingWebhook) (*model.OutgoingWebhook, *model.AppError) {
+	if !utils.Cfg.ServiceSettings.EnableOutgoingWebhooks {
+		return nil, model.NewAppError("CreateOutgoingWebhook", "api.outgoing_webhook.disabled.app_error", nil, "", http.StatusNotImplemented)
+	}
+
+	if len(hook.ChannelId) != 0 {
+		cchan := Srv.Store.Channel().Get(hook.ChannelId, true)
+
+		var channel *model.Channel
+		if result := <-cchan; result.Err != nil {
+			return nil, result.Err
+		} else {
+			channel = result.Data.(*model.Channel)
+		}
+
+		if channel.Type != model.CHANNEL_OPEN {
+			return nil, model.NewAppError("CreateOutgoingWebhook", "api.outgoing_webhook.disabled.app_error", nil, "", http.StatusForbidden)
+		}
+
+		if channel.Type != model.CHANNEL_OPEN || channel.TeamId != hook.TeamId {
+			return nil, model.NewAppError("CreateOutgoingWebhook", "api.webhook.create_outgoing.permissions.app_error", nil, "", http.StatusForbidden)
+		}
+	} else if len(hook.TriggerWords) == 0 {
+		return nil, model.NewAppError("CreateOutgoingWebhook", "api.webhook.create_outgoing.triggers.app_error", nil, "", http.StatusBadRequest)
+	}
+
+	if result := <-Srv.Store.Webhook().GetOutgoingByTeam(hook.TeamId); result.Err != nil {
+		return nil, result.Err
+	} else {
+		allHooks := result.Data.([]*model.OutgoingWebhook)
+
+		for _, existingOutHook := range allHooks {
+			urlIntersect := utils.StringArrayIntersection(existingOutHook.CallbackURLs, hook.CallbackURLs)
+			triggerIntersect := utils.StringArrayIntersection(existingOutHook.TriggerWords, hook.TriggerWords)
+
+			if existingOutHook.ChannelId == hook.ChannelId && len(urlIntersect) != 0 && len(triggerIntersect) != 0 {
+				return nil, model.NewLocAppError("CreateOutgoingWebhook", "api.webhook.create_outgoing.intersect.app_error", nil, "")
+			}
+		}
+	}
+
+	if result := <-Srv.Store.Webhook().SaveOutgoing(hook); result.Err != nil {
+		return nil, result.Err
+	} else {
+		return result.Data.(*model.OutgoingWebhook), nil
+	}
+}
+
+func UpdateOutgoingWebhook(oldHook, updatedHook *model.OutgoingWebhook) (*model.OutgoingWebhook, *model.AppError) {
+	if !utils.Cfg.ServiceSettings.EnableOutgoingWebhooks {
+		return nil, model.NewAppError("UpdateOutgoingWebhook", "api.outgoing_webhook.disabled.app_error", nil, "", http.StatusNotImplemented)
+	}
+
+	if len(updatedHook.ChannelId) > 0 {
+		channel, err := GetChannel(updatedHook.ChannelId)
+		if err != nil {
+			return nil, err
+		}
+
+		if channel.Type != model.CHANNEL_OPEN {
+			return nil, model.NewAppError("UpdateOutgoingWebhook", "api.webhook.create_outgoing.not_open.app_error", nil, "", http.StatusForbidden)
+		}
+
+		if channel.TeamId != oldHook.TeamId {
+			return nil, model.NewAppError("UpdateOutgoingWebhook", "api.webhook.create_outgoing.permissions.app_error", nil, "", http.StatusForbidden)
+		}
+	} else if len(updatedHook.TriggerWords) == 0 {
+		return nil, model.NewLocAppError("UpdateOutgoingWebhook", "api.webhook.create_outgoing.triggers.app_error", nil, "")
+	}
+
+	var result store.StoreResult
+	if result = <-Srv.Store.Webhook().GetOutgoingByTeam(oldHook.TeamId); result.Err != nil {
+		return nil, result.Err
+	}
+
+	allHooks := result.Data.([]*model.OutgoingWebhook)
+
+	for _, existingOutHook := range allHooks {
+		urlIntersect := utils.StringArrayIntersection(existingOutHook.CallbackURLs, updatedHook.CallbackURLs)
+		triggerIntersect := utils.StringArrayIntersection(existingOutHook.TriggerWords, updatedHook.TriggerWords)
+
+		if existingOutHook.ChannelId == updatedHook.ChannelId && len(urlIntersect) != 0 && len(triggerIntersect) != 0 && existingOutHook.Id != updatedHook.Id {
+			return nil, model.NewAppError("UpdateOutgoingWebhook", "api.webhook.update_outgoing.intersect.app_error", nil, "", http.StatusBadRequest)
+		}
+	}
+
+	updatedHook.CreatorId = oldHook.CreatorId
+	updatedHook.CreateAt = oldHook.CreateAt
+	updatedHook.DeleteAt = oldHook.DeleteAt
+	updatedHook.TeamId = oldHook.TeamId
+	updatedHook.UpdateAt = model.GetMillis()
+
+	if result = <-Srv.Store.Webhook().UpdateOutgoing(updatedHook); result.Err != nil {
+		return nil, result.Err
+	} else {
+		return result.Data.(*model.OutgoingWebhook), nil
+	}
+}
+
+func GetOutgoingWebhook(hookId string) (*model.OutgoingWebhook, *model.AppError) {
+	if !utils.Cfg.ServiceSettings.EnableOutgoingWebhooks {
+		return nil, model.NewAppError("GetOutgoingWebhook", "api.outgoing_webhook.disabled.app_error", nil, "", http.StatusNotImplemented)
+	}
+
+	if result := <-Srv.Store.Webhook().GetOutgoing(hookId); result.Err != nil {
+		return nil, result.Err
+	} else {
+		return result.Data.(*model.OutgoingWebhook), nil
+	}
+}
+
+func GetOutgoingWebhooksForTeamPage(teamId string, page, perPage int) ([]*model.OutgoingWebhook, *model.AppError) {
+	if !utils.Cfg.ServiceSettings.EnableOutgoingWebhooks {
+		return nil, model.NewAppError("GetOutgoingWebhooksForTeamPage", "api.outgoing_webhook.disabled.app_error", nil, "", http.StatusNotImplemented)
+	}
+
+	if result := <-Srv.Store.Webhook().GetOutgoingByTeam(teamId); result.Err != nil {
+		return nil, result.Err
+	} else {
+		return result.Data.([]*model.OutgoingWebhook), nil
+	}
+}
+
+func DeleteOutgoingWebhook(hookId string) *model.AppError {
+	if !utils.Cfg.ServiceSettings.EnableOutgoingWebhooks {
+		return model.NewAppError("DeleteOutgoingWebhook", "api.outgoing_webhook.disabled.app_error", nil, "", http.StatusNotImplemented)
+	}
+
+	if result := <-Srv.Store.Webhook().DeleteOutgoing(hookId, model.GetMillis()); result.Err != nil {
+		return result.Err
+	}
+
+	return nil
+}
+
+func RegenOutgoingWebhookToken(hook *model.OutgoingWebhook) (*model.OutgoingWebhook, *model.AppError) {
+	if !utils.Cfg.ServiceSettings.EnableOutgoingWebhooks {
+		return nil, model.NewAppError("RegenOutgoingWebhookToken", "api.outgoing_webhook.disabled.app_error", nil, "", http.StatusNotImplemented)
+	}
+
+	hook.Token = model.NewId()
+
+	if result := <-Srv.Store.Webhook().UpdateOutgoing(hook); result.Err != nil {
+		return nil, result.Err
+	} else {
+		return result.Data.(*model.OutgoingWebhook), nil
+	}
+}
+
+func HandleIncomingWebhook(hookId string, req *model.IncomingWebhookRequest) *model.AppError {
+	if !utils.Cfg.ServiceSettings.EnableIncomingWebhooks {
+		return model.NewAppError("HandleIncomingWebhook", "web.incoming_webhook.disabled.app_error", nil, "", http.StatusNotImplemented)
+	}
+
+	hchan := Srv.Store.Webhook().GetIncoming(hookId, true)
+
+	if req == nil {
+		return model.NewAppError("HandleIncomingWebhook", "web.incoming_webhook.parse.app_error", nil, "", http.StatusBadRequest)
+	}
+
+	text := req.Text
+	if len(text) == 0 && req.Attachments == nil {
+		return model.NewAppError("HandleIncomingWebhook", "web.incoming_webhook.text.app_error", nil, "", http.StatusBadRequest)
+	}
+
+	textSize := utf8.RuneCountInString(text)
+	if textSize > model.POST_MESSAGE_MAX_RUNES {
+		return model.NewAppError("HandleIncomingWebhook", "web.incoming_webhook.text.length.app_error", map[string]interface{}{"Max": model.POST_MESSAGE_MAX_RUNES, "Actual": textSize}, "", http.StatusBadRequest)
+	}
+
+	channelName := req.ChannelName
+	webhookType := req.Type
+
+	// attachments is in here for slack compatibility
+	if req.Attachments != nil {
+		if len(req.Props) == 0 {
+			req.Props = make(model.StringInterface)
+		}
+		req.Props["attachments"] = req.Attachments
+
+		attachmentSize := utf8.RuneCountInString(model.StringInterfaceToJson(req.Props))
+		// Minus 100 to leave room for setting post type in the Props
+		if attachmentSize > model.POST_PROPS_MAX_RUNES-100 {
+			return model.NewAppError("HandleIncomingWebhook", "web.incoming_webhook.attachment.app_error", map[string]interface{}{"Max": model.POST_PROPS_MAX_RUNES - 100, "Actual": attachmentSize}, "", http.StatusBadRequest)
+		}
+
+		webhookType = model.POST_SLACK_ATTACHMENT
+	}
+
+	var hook *model.IncomingWebhook
+	if result := <-hchan; result.Err != nil {
+		return model.NewAppError("HandleIncomingWebhook", "web.incoming_webhook.invalid.app_error", nil, "err="+result.Err.Message, http.StatusBadRequest)
+	} else {
+		hook = result.Data.(*model.IncomingWebhook)
+	}
+
+	var channel *model.Channel
+	var cchan store.StoreChannel
+	var directUserId string
+
+	if len(channelName) != 0 {
+		if channelName[0] == '@' {
+			if result := <-Srv.Store.User().GetByUsername(channelName[1:]); result.Err != nil {
+				return model.NewAppError("HandleIncomingWebhook", "web.incoming_webhook.user.app_error", nil, "err="+result.Err.Message, http.StatusBadRequest)
+			} else {
+				directUserId = result.Data.(*model.User).Id
+				channelName = model.GetDMNameFromIds(directUserId, hook.UserId)
+			}
+		} else if channelName[0] == '#' {
+			channelName = channelName[1:]
+		}
+
+		cchan = Srv.Store.Channel().GetByName(hook.TeamId, channelName, true)
+	} else {
+		cchan = Srv.Store.Channel().Get(hook.ChannelId, true)
+	}
+
+	overrideUsername := req.Username
+	overrideIconUrl := req.IconURL
+
+	result := <-cchan
+	if result.Err != nil && result.Err.Id == store.MISSING_CHANNEL_ERROR && directUserId != "" {
+		newChanResult := <-Srv.Store.Channel().CreateDirectChannel(directUserId, hook.UserId)
+		if newChanResult.Err != nil {
+			return model.NewAppError("HandleIncomingWebhook", "web.incoming_webhook.channel.app_error", nil, "err="+newChanResult.Err.Message, http.StatusBadRequest)
+		} else {
+			channel = newChanResult.Data.(*model.Channel)
+			InvalidateCacheForUser(directUserId)
+			InvalidateCacheForUser(hook.UserId)
+		}
+	} else if result.Err != nil {
+		return model.NewAppError("HandleIncomingWebhook", "web.incoming_webhook.channel.app_error", nil, "err="+result.Err.Message, result.Err.StatusCode)
+	} else {
+		channel = result.Data.(*model.Channel)
+	}
+
+	if channel.Type != model.CHANNEL_OPEN && !HasPermissionToChannel(hook.UserId, channel.Id, model.PERMISSION_READ_CHANNEL) {
+		return model.NewAppError("HandleIncomingWebhook", "web.incoming_webhook.permissions.app_error", nil, "", http.StatusForbidden)
+	}
+
+	if _, err := CreateWebhookPost(hook.UserId, hook.TeamId, channel.Id, text, overrideUsername, overrideIconUrl, req.Props, webhookType); err != nil {
+		return err
+	}
+
+	return nil
+}
-- 
cgit v1.2.3-1-g7c22