From 869059040bf8c04ac5fbb558a476459fe02cd183 Mon Sep 17 00:00:00 2001
From: Jori Lallo <jtlallo@gmail.com>
Date: Sun, 22 May 2016 22:08:28 -0700
Subject: [PATCH] Block unknown slacks

---
 server/api/auth.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/server/api/auth.js b/server/api/auth.js
index 8a45c8d5..6cacd9d3 100644
--- a/server/api/auth.js
+++ b/server/api/auth.js
@@ -30,6 +30,10 @@ router.post('auth.slack', async (ctx) => {
 
   if (!data.ok) throw httpErrors.BadRequest(data.error);
 
+  // Temp to block
+  let allowedSlackIds = process.env.ALLOWED_SLACK_IDS.split(',');
+  if (!allowedSlackIds.includes(data.team_id)) throw httpErrors.BadRequest("Invalid Slack team");
+
   // User
   let userData;
   let user = await User.findOne({ slackId: data.user_id });