From cd6536285e5a790608a435966637368fcfcd96a5 Mon Sep 17 00:00:00 2001
From: Miroslav Pejic <miroslav.pejic.85@gmail.com>
Date: Mon, 18 Mar 2024 12:52:53 +0100
Subject: [PATCH] [mirotalksfu] - check slack endpoint

---
 app/src/Server.js          | 24 +++++++++++++++---------
 app/src/config.template.js |  1 +
 2 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/app/src/Server.js b/app/src/Server.js
index af321f0a..43b6c0d8 100644
--- a/app/src/Server.js
+++ b/app/src/Server.js
@@ -637,24 +637,30 @@ function startServer() {
     app.post('/slack', (req, res) => {
         if (!slackEnabled) return res.end('`Under maintenance` - Please check back soon.');
 
+        if (restApi.allowed && !restApi.allowed.slack) {
+            return res.end(
+                '`This endpoint has been disabled`. Please contact the administrator for further information.',
+            );
+        }
+
         log.debug('Slack', req.headers);
 
         if (!slackSigningSecret) return res.end('`Slack Signing Secret is empty!`');
 
-        let slackSignature = req.headers['x-slack-signature'];
-        let requestBody = qS.stringify(req.body, { format: 'RFC1738' });
-        let timeStamp = req.headers['x-slack-request-timestamp'];
-        let time = Math.floor(new Date().getTime() / 1000);
+        const slackSignature = req.headers['x-slack-signature'];
+        const requestBody = qS.stringify(req.body, { format: 'RFC1738' });
+        const timeStamp = req.headers['x-slack-request-timestamp'];
+        const time = Math.floor(new Date().getTime() / 1000);
 
         if (Math.abs(time - timeStamp) > 300) return res.end('`Wrong timestamp` - Ignore this request.');
 
-        let sigBaseString = 'v0:' + timeStamp + ':' + requestBody;
-        let mySignature = 'v0=' + CryptoJS.HmacSHA256(sigBaseString, slackSigningSecret);
+        const sigBaseString = 'v0:' + timeStamp + ':' + requestBody;
+        const mySignature = 'v0=' + CryptoJS.HmacSHA256(sigBaseString, slackSigningSecret);
 
         if (mySignature == slackSignature) {
-            let host = req.headers.host;
-            let api = new ServerApi(host);
-            let meetingURL = api.getMeetingURL();
+            const host = req.headers.host;
+            const api = new ServerApi(host);
+            const meetingURL = api.getMeetingURL();
             log.debug('Slack', { meeting: meetingURL });
             return res.end(meetingURL);
         }
diff --git a/app/src/config.template.js b/app/src/config.template.js
index 105c73de..12a44fb1 100644
--- a/app/src/config.template.js
+++ b/app/src/config.template.js
@@ -86,6 +86,7 @@ module.exports = {
             meeting: true,
             join: true,
             token: false,
+            slack: true,
             //...
         },
     },