Block unknown slacks

2016-05-22 22:08:28 -07:00 · 2016-05-22 22:08:28 -07:00 · 869059040b
parent d53bd8cebb
commit 869059040b
1 changed files with 4 additions and 0 deletions
--- a/server/api/auth.js
+++ b/server/api/auth.js
@ -30,6 +30,10 @@ router.post('auth.slack', async (ctx) => {

  if (!data.ok) throw httpErrors.BadRequest(data.error);

+  // Temp to block
+  let allowedSlackIds = process.env.ALLOWED_SLACK_IDS.split(',');
+  if (!allowedSlackIds.includes(data.team_id)) throw httpErrors.BadRequest("Invalid Slack team");
+
  // User
  let userData;
  let user = await User.findOne({ slackId: data.user_id });