unsplash / mercury Goto Github PK

We currently warn! on a missing or invalid Heroku secret. We don't do the same thing for Slack bearer tokens, probably because it's implemented in a more shorthand way via ValidateRequestHeaderLayer. We should be logging this because in this type of application any such occurrences are likely to be due to a bug or bad configuration somewhere.

There may be a wider question here about our lack of logging on invalid requests aside from the resultant status code. The client tends to get more information in the body at least.

If/when we're using this, we should open source it! The only urgent consideration is #9. Beyond that it'd be nice to solve #6 more generally. The README should be adjusted a bit accordingly as well.

Doable with some additional boilerplate: tokio-rs/axum#1654

nix run works on macOS, however because it's built against our host system the binary fails inside of a container:

$ nix run
2023-10-30T14:53:25.596675Z  WARN No .env found
[...]

$ nix build ".#dockerImage" && ./result | podman load
$ podman run mercury
{"msg":"exec container process `/nix/store/zi27abixfpaq0x4czinw34dyjwvb7lrb-mercury-0.0.0/bin/mercury`: Exec format error","level":"error","time":"2023-10-30T14:55:01.480708Z"}

We could potentially use crossSystem ¹, however that loses access to the Nix binary cache, meaning we end up building the universe.

Thus our options for building the container on macOS are:

• Building the universe.
• Running an entire Linux container locally, and then running Nix and the container within that (container-ception).
• Building the binary outside of Nix with cross, and then somehow incorporating that into Nix, or building the image outside of Nix entirely.
• Using an obscure overlay ^{2 3} with its own binary cache.

And add a full E2E test that brings up the server using it.

The channel map is cached in memory after the first successful request, and there's currently no way to reset it without restarting the app. This could be an issue if channels are renamed.

Repro directly against the Slack API:

$ # Replaced with a space character
$ curl -X POST https://slack.com/api/chat.postMessage --oauth2-bearer TOKEN -d channel=CHANNEL -d text=+

$ # Works
$ curl -X POST https://slack.com/api/chat.postMessage --oauth2-bearer TOKEN -d channel=CHANNEL -d text='%2B'

$ # Works
$ curl -X POST https://slack.com/api/chat.postMessage --oauth2-bearer TOKEN -d channel=CHANNEL --data-urlencode text=+

So far this has been confirmed to affect + and &.

Also -X POST is technically redundant but I guess better to be explicit.

There are some third-party middlewares for reqwest. I tried one to no avail. This is the first-party issue: seanmonstar/reqwest#155

In terms of authentication we act as a proxy in front of the Slack API. This poses the risk that someone uses their own access token on our hosted instance - which will be visible in public repos - to send messages to their own instance.

This is particularly unlikely given that they can't be sure we won't steal their access token, but I thought it's worth documenting.

It should be noted that this is an improvement over Otto which allows anyone to post arbitrary messages to our own Slack instance.

Heroku webhooks could offer support for notifications for the following:

• Rollbacks
• Environment variable changes

Otto does at least the latter.

Now, the docs... https://devcenter.heroku.com/articles/webhook-events

We support dynamically mapping channel names to IDs. Could we do the same for user and/or group mentions?:

Mercury currently anticipates a single Slack token which is present at runtime. This is used to:

• Validate direct Slack messages, ensuring our public endpoint isn't used by anyone else.
• Determine ahead of time where Heroku messages should be sent.

This appears incompatible with potentially supporting multiple Slack workspaces.

We should be able to use ok: bool as a tag:

This is why the custom only_true and only_false deserialisers exist.

Blocked by: serde-rs/serde#745 (comment)

This limitation is why none of the fields in Message take a Vec: nox/serde_urlencoded#52