coop-cloud-chaos-patchs/outline
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Use Slack's domain for whitelisting

Browse Source
This commit is contained in:
Jori Lallo
2016-09-21 23:02:29 -07:00
parent 441c66b13f
commit ea1f9d7deb
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
server/api/auth.js
View File

@ -84,8 +84,10 @@ router.post('auth.slack', async (ctx) => {
if (!data.ok) throw httpErrors.BadRequest(data.error); if (!data.ok) throw httpErrors.BadRequest(data.error);
// Temp to block // Temp to block
const allowedSlackIds = process.env.ALLOWED_SLACK_IDS.split(','); const allowedSlackDomains = process.env.ALLOWED_SLACK_DOMAINS.split(',');
if (!allowedSlackIds.includes(data.team.id)) throw httpErrors.BadRequest('Invalid Slack team'); if (!allowedSlackDomains.includes(data.team.domain)) {
throw httpErrors.BadRequest('Invalid Slack team');
}
// User // User
let user = await User.findOne({ where: { slackId: data.user.id } }); let user = await User.findOne({ where: { slackId: data.user.id } });