ec1f89217a
Full Mattermost server source with integrated Community Enterprise features. Includes vendor directory for offline/air-gapped builds. Structure: - enterprise-impl/: Enterprise feature implementations - enterprise-community/: Init files that register implementations - enterprise/: Bridge imports (community_imports.go) - vendor/: All dependencies for offline builds Build (online): go build ./cmd/mattermost Build (offline/air-gapped): go build -mod=vendor ./cmd/mattermost 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
597 lines
21 KiB
Go
597 lines
21 KiB
Go
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
|
|
// See LICENSE.txt for license information.
|
|
|
|
// Integration Action Flow
|
|
//
|
|
// 1. An integration creates an interactive message button or menu.
|
|
// 2. A user clicks on a button or selects an option from the menu.
|
|
// 3. The client sends a request to server to complete the post action, calling DoPostActionWithCookie below.
|
|
// 4. DoPostActionWithCookie will send an HTTP POST request to the integration containing contextual data, including
|
|
// an encoded and signed trigger ID. Slash commands also include trigger IDs in their payloads.
|
|
// 5. The integration performs any actions it needs to and optionally makes a request back to the MM server
|
|
// using the trigger ID to open an interactive dialog.
|
|
// 6. If that optional request is made, OpenInteractiveDialog sends a WebSocket event to all connected clients
|
|
// for the relevant user, telling them to display the dialog.
|
|
// 7. The user fills in the dialog and submits it, where SubmitInteractiveDialog will submit it back to the
|
|
// integration for handling.
|
|
|
|
package app
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"encoding/json"
|
|
"errors"
|
|
"fmt"
|
|
"io"
|
|
"net/http"
|
|
"net/url"
|
|
"path"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/gorilla/mux"
|
|
|
|
"github.com/mattermost/mattermost/server/public/model"
|
|
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
|
"github.com/mattermost/mattermost/server/public/shared/request"
|
|
"github.com/mattermost/mattermost/server/v8/channels/store"
|
|
"github.com/mattermost/mattermost/server/v8/channels/utils"
|
|
)
|
|
|
|
func (a *App) DoPostActionWithCookie(rctx request.CTX, postID, actionId, userID, selectedOption string, cookie *model.PostActionCookie) (string, *model.AppError) {
|
|
// PostAction may result in the original post being updated. For the
|
|
// updated post, we need to unconditionally preserve the original
|
|
// IsPinned and HasReaction attributes, and preserve its entire
|
|
// original Props set unless the plugin returns a replacement value.
|
|
// originalXxx variables are used to preserve these values.
|
|
var originalProps map[string]any
|
|
originalIsPinned := false
|
|
originalHasReactions := false
|
|
|
|
// If the updated post does contain a replacement Props set, we still
|
|
// need to preserve some original values, as listed in
|
|
// model.PostActionRetainPropKeys. remove and retain track these.
|
|
remove := []string{}
|
|
retain := map[string]any{}
|
|
|
|
datasource := ""
|
|
upstreamURL := ""
|
|
rootPostId := ""
|
|
upstreamRequest := &model.PostActionIntegrationRequest{
|
|
UserId: userID,
|
|
PostId: postID,
|
|
}
|
|
|
|
// See if the post exists in the DB, if so ignore the cookie.
|
|
// Start all queries here for parallel execution
|
|
pchan := make(chan store.StoreResult[*model.Post], 1)
|
|
go func() {
|
|
post, err := a.Srv().Store().Post().GetSingle(rctx, postID, false)
|
|
pchan <- store.StoreResult[*model.Post]{Data: post, NErr: err}
|
|
close(pchan)
|
|
}()
|
|
|
|
cchan := make(chan store.StoreResult[*model.Channel], 1)
|
|
go func() {
|
|
channel, err := a.Srv().Store().Channel().GetForPost(postID)
|
|
cchan <- store.StoreResult[*model.Channel]{Data: channel, NErr: err}
|
|
close(cchan)
|
|
}()
|
|
|
|
userChan := make(chan store.StoreResult[*model.User], 1)
|
|
go func() {
|
|
user, err := a.Srv().Store().User().Get(context.Background(), upstreamRequest.UserId)
|
|
userChan <- store.StoreResult[*model.User]{Data: user, NErr: err}
|
|
close(userChan)
|
|
}()
|
|
|
|
result := <-pchan
|
|
if result.NErr != nil {
|
|
if cookie == nil {
|
|
var nfErr *store.ErrNotFound
|
|
switch {
|
|
case errors.As(result.NErr, &nfErr):
|
|
return "", model.NewAppError("DoPostActionWithCookie", "app.post.get.app_error", nil, "", http.StatusNotFound).Wrap(result.NErr)
|
|
default:
|
|
return "", model.NewAppError("DoPostActionWithCookie", "app.post.get.app_error", nil, "", http.StatusInternalServerError).Wrap(result.NErr)
|
|
}
|
|
}
|
|
if cookie.Integration == nil {
|
|
return "", model.NewAppError("DoPostActionWithCookie", "api.post.do_action.action_integration.app_error", nil, "no Integration in action cookie", http.StatusBadRequest)
|
|
}
|
|
|
|
if postID != cookie.PostId {
|
|
return "", model.NewAppError("DoPostActionWithCookie", "api.post.do_action.action_integration.app_error", nil, "postId doesn't match", http.StatusBadRequest)
|
|
}
|
|
|
|
channel, err := a.Srv().Store().Channel().Get(cookie.ChannelId, true)
|
|
if err != nil {
|
|
errCtx := map[string]any{"channel_id": cookie.ChannelId}
|
|
var nfErr *store.ErrNotFound
|
|
switch {
|
|
case errors.As(err, &nfErr):
|
|
return "", model.NewAppError("DoPostActionWithCookie", "app.channel.get.existing.app_error", errCtx, "", http.StatusNotFound).Wrap(err)
|
|
default:
|
|
return "", model.NewAppError("DoPostActionWithCookie", "app.channel.get.find.app_error", errCtx, "", http.StatusInternalServerError).Wrap(err)
|
|
}
|
|
}
|
|
|
|
upstreamRequest.ChannelId = cookie.ChannelId
|
|
upstreamRequest.ChannelName = channel.Name
|
|
upstreamRequest.TeamId = channel.TeamId
|
|
upstreamRequest.Type = cookie.Type
|
|
upstreamRequest.Context = cookie.Integration.Context
|
|
datasource = cookie.DataSource
|
|
|
|
retain = cookie.RetainProps
|
|
remove = cookie.RemoveProps
|
|
rootPostId = cookie.RootPostId
|
|
upstreamURL = cookie.Integration.URL
|
|
} else {
|
|
post := result.Data
|
|
chResult := <-cchan
|
|
if chResult.NErr != nil {
|
|
return "", model.NewAppError("DoPostActionWithCookie", "app.channel.get_for_post.app_error", nil, "", http.StatusInternalServerError).Wrap(result.NErr)
|
|
}
|
|
channel := chResult.Data
|
|
|
|
action := post.GetAction(actionId)
|
|
if action == nil || action.Integration == nil {
|
|
return "", model.NewAppError("DoPostActionWithCookie", "api.post.do_action.action_id.app_error", nil, fmt.Sprintf("action=%v", action), http.StatusNotFound)
|
|
}
|
|
|
|
upstreamRequest.ChannelId = post.ChannelId
|
|
upstreamRequest.ChannelName = channel.Name
|
|
upstreamRequest.TeamId = channel.TeamId
|
|
upstreamRequest.Type = action.Type
|
|
upstreamRequest.Context = action.Integration.Context
|
|
datasource = action.DataSource
|
|
|
|
// Save the original values that may need to be preserved (including selected
|
|
// Props, i.e. override_username, override_icon_url)
|
|
for _, key := range model.PostActionRetainPropKeys {
|
|
value, ok := post.GetProps()[key]
|
|
if ok {
|
|
retain[key] = value
|
|
} else {
|
|
remove = append(remove, key)
|
|
}
|
|
}
|
|
originalProps = post.GetProps()
|
|
originalIsPinned = post.IsPinned
|
|
originalHasReactions = post.HasReactions
|
|
|
|
if post.RootId == "" {
|
|
rootPostId = post.Id
|
|
} else {
|
|
rootPostId = post.RootId
|
|
}
|
|
|
|
upstreamURL = action.Integration.URL
|
|
}
|
|
|
|
teamChan := make(chan store.StoreResult[*model.Team], 1)
|
|
|
|
go func() {
|
|
defer close(teamChan)
|
|
|
|
// Direct and group channels won't have teams.
|
|
if upstreamRequest.TeamId == "" {
|
|
return
|
|
}
|
|
|
|
team, err := a.Srv().Store().Team().Get(upstreamRequest.TeamId)
|
|
teamChan <- store.StoreResult[*model.Team]{Data: team, NErr: err}
|
|
}()
|
|
|
|
ur := <-userChan
|
|
if ur.NErr != nil {
|
|
var nfErr *store.ErrNotFound
|
|
switch {
|
|
case errors.As(ur.NErr, &nfErr):
|
|
return "", model.NewAppError("DoPostActionWithCookie", MissingAccountError, nil, "", http.StatusNotFound).Wrap(ur.NErr)
|
|
default:
|
|
return "", model.NewAppError("DoPostActionWithCookie", "app.user.get.app_error", nil, "", http.StatusInternalServerError).Wrap(ur.NErr)
|
|
}
|
|
}
|
|
user := ur.Data
|
|
upstreamRequest.UserName = user.Username
|
|
|
|
tr, ok := <-teamChan
|
|
if ok {
|
|
if tr.NErr != nil {
|
|
var nfErr *store.ErrNotFound
|
|
switch {
|
|
case errors.As(tr.NErr, &nfErr):
|
|
return "", model.NewAppError("DoPostActionWithCookie", "app.team.get.find.app_error", nil, "", http.StatusNotFound).Wrap(tr.NErr)
|
|
default:
|
|
return "", model.NewAppError("DoPostActionWithCookie", "app.team.get.finding.app_error", nil, "", http.StatusInternalServerError).Wrap(tr.NErr)
|
|
}
|
|
}
|
|
|
|
team := tr.Data
|
|
upstreamRequest.TeamName = team.Name
|
|
}
|
|
|
|
if upstreamRequest.Type == model.PostActionTypeSelect {
|
|
if selectedOption != "" {
|
|
if upstreamRequest.Context == nil {
|
|
upstreamRequest.Context = map[string]any{}
|
|
}
|
|
upstreamRequest.DataSource = datasource
|
|
upstreamRequest.Context["selected_option"] = selectedOption
|
|
}
|
|
}
|
|
|
|
clientTriggerId, _, appErr := upstreamRequest.GenerateTriggerId(a.AsymmetricSigningKey())
|
|
if appErr != nil {
|
|
return "", appErr
|
|
}
|
|
|
|
requestJSON, err := json.Marshal(upstreamRequest)
|
|
if err != nil {
|
|
return "", model.NewAppError("DoPostActionWithCookie", "api.marshal_error", nil, "", http.StatusInternalServerError).Wrap(err)
|
|
}
|
|
|
|
// Log request, regardless of whether destination is internal or external
|
|
rctx.Logger().Info("DoPostActionWithCookie POST request, through DoActionRequest",
|
|
mlog.String("url", upstreamURL),
|
|
mlog.String("user_id", upstreamRequest.UserId),
|
|
mlog.String("post_id", upstreamRequest.PostId),
|
|
mlog.String("channel_id", upstreamRequest.ChannelId),
|
|
mlog.String("team_id", upstreamRequest.TeamId),
|
|
)
|
|
|
|
ctx, cancel := context.WithTimeout(context.Background(), time.Duration(*a.Config().ServiceSettings.OutgoingIntegrationRequestsTimeout)*time.Second)
|
|
defer cancel()
|
|
resp, appErr := a.DoActionRequest(rctx.WithContext(ctx), upstreamURL, requestJSON)
|
|
if appErr != nil {
|
|
return "", appErr
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
var response model.PostActionIntegrationResponse
|
|
respBytes, err := io.ReadAll(resp.Body)
|
|
if err != nil {
|
|
return "", model.NewAppError("DoPostActionWithCookie", "api.post.do_action.action_integration.app_error", nil, "", http.StatusBadRequest).Wrap(err)
|
|
}
|
|
|
|
if len(respBytes) > 0 {
|
|
if err = json.Unmarshal(respBytes, &response); err != nil {
|
|
return "", model.NewAppError("DoPostActionWithCookie", "api.post.do_action.action_integration.app_error", nil, "", http.StatusBadRequest).Wrap(err)
|
|
}
|
|
}
|
|
|
|
if response.Update != nil {
|
|
response.Update.Id = postID
|
|
|
|
// Restore the post attributes and Props that need to be preserved
|
|
if response.Update.GetProps() == nil {
|
|
response.Update.SetProps(originalProps)
|
|
} else {
|
|
for key, value := range retain {
|
|
response.Update.AddProp(key, value)
|
|
}
|
|
for _, key := range remove {
|
|
response.Update.DelProp(key)
|
|
}
|
|
}
|
|
response.Update.IsPinned = originalIsPinned
|
|
response.Update.HasReactions = originalHasReactions
|
|
|
|
if _, appErr = a.UpdatePost(rctx, response.Update, &model.UpdatePostOptions{SafeUpdate: false}); appErr != nil {
|
|
return "", appErr
|
|
}
|
|
}
|
|
|
|
if response.EphemeralText != "" {
|
|
ephemeralPost := &model.Post{
|
|
Message: response.EphemeralText,
|
|
ChannelId: upstreamRequest.ChannelId,
|
|
RootId: rootPostId,
|
|
UserId: userID,
|
|
}
|
|
|
|
if !response.SkipSlackParsing {
|
|
ephemeralPost.Message = model.ParseSlackLinksToMarkdown(response.EphemeralText)
|
|
}
|
|
|
|
for key, value := range retain {
|
|
ephemeralPost.AddProp(key, value)
|
|
}
|
|
a.SendEphemeralPost(rctx, userID, ephemeralPost)
|
|
}
|
|
|
|
return clientTriggerId, nil
|
|
}
|
|
|
|
// DoActionRequest performs an HTTP POST request to an integration's action endpoint.
|
|
// Caller must consume and close returned http.Response as necessary.
|
|
// For internal requests, requests are routed directly to a plugin ServerHTTP hook
|
|
func (a *App) DoActionRequest(rctx request.CTX, rawURL string, body []byte) (*http.Response, *model.AppError) {
|
|
inURL, err := url.Parse(rawURL)
|
|
if err != nil {
|
|
return nil, model.NewAppError("DoActionRequest", "api.post.do_action.action_integration.app_error", nil, "", http.StatusBadRequest).Wrap(err)
|
|
}
|
|
|
|
rawURLPath := path.Clean(rawURL)
|
|
if strings.HasPrefix(rawURLPath, "/plugins/") || strings.HasPrefix(rawURLPath, "plugins/") {
|
|
return a.DoLocalRequest(rctx, rawURLPath, body)
|
|
}
|
|
|
|
req, err := http.NewRequestWithContext(rctx.Context(), "POST", rawURL, bytes.NewReader(body))
|
|
if err != nil {
|
|
if errors.Is(err, context.DeadlineExceeded) {
|
|
rctx.Logger().Info("Outgoing Integration Action request timed out. Consider increasing ServiceSettings.OutgoingIntegrationRequestsTimeout.")
|
|
}
|
|
return nil, model.NewAppError("DoActionRequest", "api.post.do_action.action_integration.app_error", nil, "", http.StatusBadRequest).Wrap(err)
|
|
}
|
|
req.Header.Set("Content-Type", "application/json")
|
|
req.Header.Set("Accept", "application/json")
|
|
|
|
// Allow access to plugin routes for action buttons
|
|
var httpClient *http.Client
|
|
subpath, _ := utils.GetSubpathFromConfig(a.Config())
|
|
siteURL, _ := url.Parse(*a.Config().ServiceSettings.SiteURL)
|
|
if inURL.Hostname() == siteURL.Hostname() && strings.HasPrefix(inURL.Path, path.Join(subpath, "plugins")) {
|
|
req.Header.Set(model.HeaderAuth, "Bearer "+rctx.Session().Token)
|
|
httpClient = a.HTTPService().MakeClient(true)
|
|
} else {
|
|
httpClient = a.HTTPService().MakeClient(false)
|
|
}
|
|
|
|
resp, httpErr := httpClient.Do(req)
|
|
if httpErr != nil {
|
|
return nil, model.NewAppError("DoActionRequest", "api.post.do_action.action_integration.app_error", nil, "", http.StatusBadRequest).Wrap(httpErr)
|
|
}
|
|
|
|
if resp.StatusCode != http.StatusOK {
|
|
return resp, model.NewAppError("DoActionRequest", "api.post.do_action.action_integration.app_error", nil, fmt.Sprintf("status=%v", resp.StatusCode), http.StatusBadRequest)
|
|
}
|
|
|
|
return resp, nil
|
|
}
|
|
|
|
type LocalResponseWriter struct {
|
|
data []byte
|
|
headers http.Header
|
|
status int
|
|
}
|
|
|
|
func (w *LocalResponseWriter) Header() http.Header {
|
|
if w.headers == nil {
|
|
w.headers = make(http.Header)
|
|
}
|
|
return w.headers
|
|
}
|
|
|
|
func (w *LocalResponseWriter) Write(bytes []byte) (int, error) {
|
|
w.data = make([]byte, len(bytes))
|
|
copy(w.data, bytes)
|
|
return len(w.data), nil
|
|
}
|
|
|
|
func (w *LocalResponseWriter) WriteHeader(statusCode int) {
|
|
w.status = statusCode
|
|
}
|
|
|
|
func (a *App) doPluginRequest(rctx request.CTX, method, rawURL string, values url.Values, body []byte) (*http.Response, *model.AppError) {
|
|
return a.ch.doPluginRequest(rctx, method, rawURL, values, body)
|
|
}
|
|
|
|
func (ch *Channels) doPluginRequest(rctx request.CTX, method, rawURL string, values url.Values, body []byte) (*http.Response, *model.AppError) {
|
|
rawURL = strings.TrimPrefix(rawURL, "/")
|
|
inURL, err := url.Parse(rawURL)
|
|
if err != nil {
|
|
return nil, model.NewAppError("doPluginRequest", "api.post.do_action.action_integration.app_error", nil, "", http.StatusBadRequest).Wrap(err)
|
|
}
|
|
result := strings.Split(inURL.Path, "/")
|
|
if len(result) < 2 {
|
|
return nil, model.NewAppError("doPluginRequest", "api.post.do_action.action_integration.app_error", nil, "err=Unable to find pluginId", http.StatusBadRequest)
|
|
}
|
|
if result[0] != "plugins" {
|
|
return nil, model.NewAppError("doPluginRequest", "api.post.do_action.action_integration.app_error", nil, "err=plugins not in path", http.StatusBadRequest)
|
|
}
|
|
pluginID := result[1]
|
|
|
|
path := strings.TrimPrefix(inURL.Path, "plugins/"+pluginID)
|
|
|
|
base, err := url.Parse(path)
|
|
if err != nil {
|
|
return nil, model.NewAppError("doPluginRequest", "api.post.do_action.action_integration.app_error", nil, "", http.StatusBadRequest).Wrap(err)
|
|
}
|
|
|
|
// merge the rawQuery params (if any) with the function's provided values
|
|
rawValues := inURL.Query()
|
|
if len(rawValues) != 0 {
|
|
if values == nil {
|
|
values = make(url.Values)
|
|
}
|
|
for k, vs := range rawValues {
|
|
for _, v := range vs {
|
|
values.Add(k, v)
|
|
}
|
|
}
|
|
}
|
|
if values != nil {
|
|
base.RawQuery = values.Encode()
|
|
}
|
|
|
|
w := &LocalResponseWriter{}
|
|
r, err := http.NewRequest(method, base.String(), bytes.NewReader(body))
|
|
if err != nil {
|
|
return nil, model.NewAppError("doPluginRequest", "api.post.do_action.action_integration.app_error", nil, "", http.StatusBadRequest).Wrap(err)
|
|
}
|
|
r.Header.Set("Mattermost-User-Id", rctx.Session().UserId)
|
|
r.Header.Set(model.HeaderAuth, "Bearer "+rctx.Session().Token)
|
|
params := make(map[string]string)
|
|
params["plugin_id"] = pluginID
|
|
r = mux.SetURLVars(r, params)
|
|
|
|
ch.ServePluginRequest(w, r)
|
|
|
|
resp := &http.Response{
|
|
StatusCode: w.status,
|
|
Proto: "HTTP/1.1",
|
|
ProtoMajor: 1,
|
|
ProtoMinor: 1,
|
|
Header: w.headers,
|
|
Body: io.NopCloser(bytes.NewReader(w.data)),
|
|
}
|
|
if resp.StatusCode == 0 {
|
|
resp.StatusCode = http.StatusOK
|
|
}
|
|
|
|
return resp, nil
|
|
}
|
|
|
|
type MailToLinkContent struct {
|
|
MetricId string `json:"metric_id"`
|
|
MailRecipient string `json:"mail_recipient"`
|
|
MailCC string `json:"mail_cc"`
|
|
MailSubject string `json:"mail_subject"`
|
|
MailBody string `json:"mail_body"`
|
|
}
|
|
|
|
func (mlc *MailToLinkContent) ToJSON() string {
|
|
b, _ := json.Marshal(mlc)
|
|
return string(b)
|
|
}
|
|
|
|
func (a *App) DoLocalRequest(rctx request.CTX, rawURL string, body []byte) (*http.Response, *model.AppError) {
|
|
return a.doPluginRequest(rctx, "POST", rawURL, nil, body)
|
|
}
|
|
|
|
func (a *App) OpenInteractiveDialog(rctx request.CTX, request model.OpenDialogRequest) *model.AppError {
|
|
timeout := time.Duration(*a.Config().ServiceSettings.OutgoingIntegrationRequestsTimeout) * time.Second
|
|
clientTriggerId, userID, appErr := request.DecodeAndVerifyTriggerId(a.AsymmetricSigningKey(), timeout)
|
|
if appErr != nil {
|
|
return appErr
|
|
}
|
|
|
|
if dialogErr := request.IsValid(); dialogErr != nil {
|
|
rctx.Logger().Warn("Interactive dialog is invalid", mlog.Err(dialogErr))
|
|
}
|
|
|
|
request.TriggerId = clientTriggerId
|
|
|
|
jsonRequest, err := json.Marshal(request)
|
|
if err != nil {
|
|
a.ch.srv.Log().Warn("Error encoding request", mlog.Err(err))
|
|
}
|
|
|
|
message := model.NewWebSocketEvent(model.WebsocketEventOpenDialog, "", "", userID, nil, "")
|
|
message.Add("dialog", string(jsonRequest))
|
|
a.Publish(message)
|
|
|
|
return nil
|
|
}
|
|
|
|
func (a *App) SubmitInteractiveDialog(rctx request.CTX, request model.SubmitDialogRequest) (*model.SubmitDialogResponse, *model.AppError) {
|
|
url := request.URL
|
|
request.URL = ""
|
|
|
|
// Preserve Type field for field refresh functionality, otherwise default to dialog_submission
|
|
if request.Type != "refresh" {
|
|
request.Type = "dialog_submission"
|
|
}
|
|
|
|
b, err := json.Marshal(request)
|
|
if err != nil {
|
|
return nil, model.NewAppError("SubmitInteractiveDialog", "app.submit_interactive_dialog.json_error", nil, "", http.StatusBadRequest).Wrap(err)
|
|
}
|
|
|
|
// Log request, regardless of whether destination is internal or external
|
|
rctx.Logger().Info("SubmitInteractiveDialog POST request, through DoActionRequest",
|
|
mlog.String("url", url),
|
|
mlog.String("user_id", request.UserId),
|
|
mlog.String("channel_id", request.ChannelId),
|
|
mlog.String("team_id", request.TeamId),
|
|
)
|
|
|
|
ctx, cancel := context.WithTimeout(context.Background(), time.Duration(*a.Config().ServiceSettings.OutgoingIntegrationRequestsTimeout)*time.Second)
|
|
defer cancel()
|
|
resp, appErr := a.DoActionRequest(rctx.WithContext(ctx), url, b)
|
|
if appErr != nil {
|
|
return nil, appErr
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
// Limit response size to prevent OOM attacks
|
|
limitedReader := io.LimitReader(resp.Body, MaxDialogResponseSize)
|
|
body, err := io.ReadAll(limitedReader)
|
|
if err != nil {
|
|
return nil, model.NewAppError("SubmitInteractiveDialog", "app.submit_interactive_dialog.read_body_error", nil, "", http.StatusInternalServerError).Wrap(err)
|
|
}
|
|
|
|
var response model.SubmitDialogResponse
|
|
if len(body) == 0 {
|
|
// Don't fail, an empty response is acceptable
|
|
return &response, nil
|
|
}
|
|
|
|
err = json.Unmarshal(body, &response)
|
|
if err != nil {
|
|
return nil, model.NewAppError("SubmitInteractiveDialog", "app.submit_interactive_dialog.decode_json_error", nil, "", http.StatusInternalServerError).Wrap(err)
|
|
}
|
|
|
|
// Validate the response
|
|
if err := response.IsValid(); err != nil {
|
|
if strings.Contains(err.Error(), "invalid form") {
|
|
rctx.Logger().Info("Interactive dialog is invalid", mlog.Err(err))
|
|
} else {
|
|
return nil, model.NewAppError("SubmitInteractiveDialog", "app.submit_interactive_dialog.invalid_response", nil, err.Error(), http.StatusBadRequest)
|
|
}
|
|
}
|
|
|
|
return &response, nil
|
|
}
|
|
|
|
func (a *App) LookupInteractiveDialog(rctx request.CTX, request model.SubmitDialogRequest) (*model.LookupDialogResponse, *model.AppError) {
|
|
url := request.URL
|
|
request.URL = ""
|
|
request.Type = "dialog_lookup"
|
|
|
|
b, err := json.Marshal(request)
|
|
if err != nil {
|
|
return nil, model.NewAppError("LookupInteractiveDialog", "app.lookup_interactive_dialog.json_error", nil, "", http.StatusBadRequest).Wrap(err)
|
|
}
|
|
|
|
// Log request, regardless of whether destination is internal or external
|
|
rctx.Logger().Info("LookupInteractiveDialog POST request, through DoActionRequest",
|
|
mlog.String("url", url),
|
|
mlog.String("user_id", request.UserId),
|
|
mlog.String("channel_id", request.ChannelId),
|
|
mlog.String("team_id", request.TeamId),
|
|
)
|
|
|
|
ctx, cancel := context.WithTimeout(context.Background(), time.Duration(*a.Config().ServiceSettings.OutgoingIntegrationRequestsTimeout)*time.Second)
|
|
defer cancel()
|
|
resp, appErr := a.DoActionRequest(rctx.WithContext(ctx), url, b)
|
|
if appErr != nil {
|
|
return nil, appErr
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
// Limit response size to prevent OOM attacks
|
|
limitedReader := io.LimitReader(resp.Body, MaxDialogResponseSize)
|
|
body, err := io.ReadAll(limitedReader)
|
|
if err != nil {
|
|
return nil, model.NewAppError("LookupInteractiveDialog", "app.lookup_interactive_dialog.read_body_error", nil, "", http.StatusInternalServerError).Wrap(err)
|
|
}
|
|
|
|
var response model.LookupDialogResponse
|
|
if len(body) == 0 {
|
|
// Return empty response if no data
|
|
return &response, nil
|
|
}
|
|
|
|
err = json.Unmarshal(body, &response)
|
|
if err != nil {
|
|
return nil, model.NewAppError("LookupInteractiveDialog", "app.lookup_interactive_dialog.decode_json_error", nil, "", http.StatusInternalServerError).Wrap(err)
|
|
}
|
|
|
|
return &response, nil
|
|
}
|