Releases: josecoelho96/neecathon-slack-bot
Production launched version
Version launched to production, ready to be used in the event.
Current features:
- Request origin verification/validation
- Roles/Permissions
- Auto add users to channels
- Report money receival on buy operation
- Report logs to channel
- Add/remove staff from staff channel
List of available commands
Create team
/criar-equipa [team name]
Creates a new team, if the name doesn't exists already. Returns the newly created team information: The name, ID and a access key, which allows users to enter the team using that code. Reports an error stating that a team cannot be created if something fails. If the team name already exists the team isn't created and an error message appears in the chat.
Join team
/entrar [entry-code]
Joins the team with the defined entry-code, if exists. If the entry-code is valid, the user receives a message and joins the team. If it's invalid, an error message pops up.
Balance check
/saldo
Shows the team-wise current balance. If the user does not have a team, an error message appears stating how to join a team.
Buy
/compra [@destination_user] [qty] [description]
Allows to buy something from another user. It performs a transfer, between the command caller and the destination_user, by giving him qty credits. A short description must be provided to describe the transaction. If destination_user isn't enrolled in a team, an error message will be displayed stating that. If qty is invalid (unparsable, negative, null or above team actual balance), the user will get an error message explaining the problem.
List last transactions
/movimentos <qty>
List transactions. If the user has a team, list the last qty transactions of his team. If the current user doesn't have a team, an error message appears stating how to join a team.
List all teams
/ver-equipas
List all teams. Provides the team name and team id of each team participating (ie with members). If a team has no members, it will not show on this commands output.
List all teams registered
/ver-equipas-registo
List all registered teams. Provides the team name and team id and entry code of each team registered. All teams created will appear.
View team details
/detalhes-equipa <team_id>
Used to list all details of a team. The team-id must be provided. It shows the team information (name, balance and ID) among with the list of elements.
View user details
/detalhes <@user|user-id>
Used to list details of a participant. The @user or user-id must be provided. It will return the name (as a Slack @mention), ID and team ID (if any) of the user.
List last user transactions
/meus-movimentos <qty>
List the current user last qty transactions. If the user has a team, list his last qty transactions. If the current user doesn't have a team, an error message appears stating how to join a team.
Change user role/add to staff
/alterar-permissoes <@user> <admin|staff|remover>
Changes the permissions of user, adding it to the staff crew if it wasn't on it yet. If the remover option is selected, the user is removed from the staff team.
List staff elements
/ver-staff
List all elements in staff, along with their role and their ID. Only accessible to staff elements.
Hackerboy
/hackerboy <money-change> <description>
Used to change all teams balances, either to give them money or to remove it.
Team Hackerboy
/hackerboy-equipa <team-id> <money-change> <description>
Used to change a team balance, either to give it money or to remove it.
List given user transactions
/transacoes-participante @user <qty>
Lists the last qty transactions made/received by @user
List given team transactions
/transacoes-equipa <team-id> <qty>
Lists the last qty transactions made/received by users in team with id team-id
List all transactions
/transacoes-todas <qty>
Lists the last qty transactions made/received in the entire application.
Comands permission table
| Command | Description | Permission |
|---|---|---|
/entrar |
Join team | Any user (without team) |
/saldo |
View team balance | Any user (with team) |
/compra |
Buys an item | Any user (with team) |
/movimentos |
List last transactions | Any user (with team) |
/meus-movimentos |
View my transactions | Any user (with team) |
/ver-equipas |
List all teams | Admin, Staff |
/ver-equipas-registo |
List all registered teams | Admin, Staff |
/detalhes-equipa |
View one team details | Admin, Staff |
/detalhes |
View one participant details | Admin, Staff |
/ver-staff |
View staff crew | Admin, Staff |
/criar-equipa |
Create new team | Admin |
/alterar-permissoes |
Add, change, remove from staff | Admin |
/hackerboy |
Affect all teams balance | Admin |
/hackerboy-equipa |
Affect one team's balance | Admin |
/transacoes-participante |
List the given user's transactions | Admin |
/transacoes-equipa |
List the given team's transactions | Admin |
/transacoes-todas |
List the overall transactions | Admin |
Add HTTPS support and multiple bug fixing
Now all requests must be sent using HTTPS or they will fail.
NGINX configured as a reverse proxy and configured to reduce overhead on python server.
Bug fixes from rc2
Added nginx container and fix a few bugs found from rc2.
Second release candidate - Bug fixes and new features
This release candidate contains many bug fixes found in rc1 and some new features.
Bug fixes:
- Max cap on listing quantities
- UUID4 validation on every command
- Block transactions with values values below 0.01 (absolute value) on all transactions
- Responder: Check if team really exists, not only by length.
New features:
- Add staff to private channel when join, remove when removed from staff.
- Deploy scripts:
- Create channels
- Create env file
First release candidate with all functionalities
This release candidate will be tested by several users to ensure a normal behaviour of the program.
List of available commands
Create team
/criar-equipa [team name]
Creates a new team, if the name doesn't exists already. Returns the newly created team information: The name, ID and a access key, which allows users to enter the team using that code. Reports an error stating that a team cannot be created if something fails. If the team name already exists the team isn't created and an error message appears in the chat.
Join team
/entrar [entry-code]
Joins the team with the defined entry-code, if exists. If the entry-code is valid, the user receives a message and joins the team. If it's invalid, an error message pops up.
Balance check
/saldo
Shows the team-wise current balance. If the user does not have a team, an error message appears stating how to join a team.
Buy
/compra [@destination_user] [qty] [description]
Allows to buy something from another user. It performs a transfer, between the command caller and the destination_user, by giving him qty credits. A short description must be provided to describe the transaction. If destination_user isn't enrolled in a team, an error message will be displayed stating that. If qty is invalid (unparsable, negative, null or above team actual balance), the user will get an error message explaining the problem.
List last transactions
/movimentos <qty>
List transactions. If the user has a team, list the last qty transactions of his team. If the current user doesn't have a team, an error message appears stating how to join a team.
List all teams
/ver-equipas
List all teams. Provides the team name and team id of each team participating (ie with members). If a team has no members, it will not show on this commands output.
List all teams registered
/ver-equipas-registo
List all registered teams. Provides the team name and team id and entry code of each team registered. All teams created will appear.
View team details
/detalhes-equipa <team_id>
Used to list all details of a team. The team-id must be provided. It shows the team information (name, balance and ID) among with the list of elements.
View user details
/detalhes <@user|user-id>
Used to list details of a participant. The @user or user-id must be provided. It will return the name (as a Slack @mention), ID and team ID (if any) of the user.
List last user transactions
/meus-movimentos <qty>
List the current user last qty transactions. If the user has a team, list his last qty transactions. If the current user doesn't have a team, an error message appears stating how to join a team.
Change user role/add to staff
/alterar-permissoes <@user> <admin|staff|remover>
Changes the permissions of user, adding it to the staff crew if it wasn't on it yet. If the remover option is selected, the user is removed from the staff team.
List staff elements
/ver-staff
List all elements in staff, along with their role and their ID. Only accessible to staff elements.
Hackerboy
/hackerboy <money-change> <description>
Used to change all teams balances, either to give them money or to remove it.
Team Hackerboy
/hackerboy-equipa <team-id> <money-change> <description>
Used to change a team balance, either to give it money or to remove it.
List given user transactions
/transacoes-participante @user <qty>
Lists the last qty transactions made/received by @user
List given team transactions
/transacoes-equipa <team-id> <qty>
Lists the last qty transactions made/received by users in team with id team-id
List all transactions
/transacoes-todas <qty>
Lists the last qty transactions made/received in the entire application.
Comands permission table
| Command | Description | Permission |
|---|---|---|
/entrar |
Join team | Any user (without team) |
/saldo |
View team balance | Any user (with team) |
/compra |
Buys an item | Any user (with team) |
/movimentos |
List last transactions | Any user (with team) |
/meus-movimentos |
View my transactions | Any user (with team) |
/ver-equipas |
List all teams | Admin, Staff |
/ver-equipas-registo |
List all registered teams | Admin, Staff |
/detalhes-equipa |
View one team details | Admin, Staff |
/detalhes |
View one participant details | Admin, Staff |
/ver-staff |
View staff crew | Admin, Staff |
/criar-equipa |
Create new team | Admin |
/alterar-permissoes |
Add, change, remove from staff | Admin |
/hackerboy |
Affect all teams balance | Admin |
/hackerboy-equipa |
Affect one team's balance | Admin |
/transacoes-participante |
List the given user's transactions | Admin |
/transacoes-equipa |
List the given team's transactions | Admin |
/transacoes-todas |
List the overall transactions | Admin |
Multiple fixes and new features
This release aims to fix some bugs and to implements a set of new features.
New features:
- All ids were changed to
UUID - Users are added to team private channels when joining a team.
- Money transactions are acknowledged on the destination team with a message on their private channel.
- Hackerboy commands are listed and a notification message appears on team channels.
Bug fixes:
- Users are now added to the
userstable on every command. - Entry codes are now unique.
Add more commands
Adding a few more commands to handle and ease the event.
The newly added commands are:
List last user transactions
/meus-movimentos <qty>
List the current user last qty transactions. If the user has a team, list his last qty transactions. If the current user doesn't have a team, an error message appears stating how to join a team.
Change user role/add to staff
/alterar-permissoes <@user> <admin|staff|remover>
Changes the permissions of user, adding it to the staff crew if it wasn't on it yet. If the remover option is selected, the user is removed from the staff team.
List staff elements
/ver-staff
List all elements in staff, along with their role and their ID. Only accessible to staff elements.
Hackerboy
/hackerboy <money-change> <description>
Used to change all teams balances, either to give them money or to remove it.
Team Hackerboy
/hackerboy-equipa <team-id> <money-change> <description>
Used to change a team balance, either to give it money or to remove it.
List given user transactions
/transacoes-participante @user <qty>
Lists the last qty transactions made/received by @user
List given team transactions
/transacoes-equipa <team-id> <qty>
Lists the last qty transactions made/received by users in team with id team-id
List all transactions
/transacoes-todas <qty>
Lists the last qty transactions made/received in the entire application.
And the permission table for the new commands is:
| Command | Description | Permission |
|---|---|---|
/meus-movimentos |
View my transactions | Any user (with team) |
/alterar-permissoes |
Add, change, remove from staff | Admin |
/ver-staff |
View staff crew | Admin, Staff |
/hackerboy |
Affect all teams balance | Admin |
/hackerboy-equipa |
Affect one team's balance | Admin |
/transacoes-participante |
List the given user's transactions | Admin |
/transacoes-equipa |
List the given team's transactions | Admin |
/transacoes-todas |
List the overall transactions | Admin |
Add permissions system
Add a permissions/roles system. Some commands, which should only available to the staff of the event, are now executed only if the user has enough permissions.
Currently implemented 2 roles (Admin and Staff), which allows to have a hierarchical system.
Here follows the list of roles:
Admin: Has maximum access and can perform any action.Staff: Has more access than the normal user but can't perform all comands that anAdmincan.
The actual list of commands and the permission needed to execute it are as follows:
| Command | Description | Permission |
|---|---|---|
/criar-equipa |
Create new team | Admin |
/entrar |
Join team | Any user (without team) |
/saldo |
View team balance | Any user (with team) |
/compra |
Buys an item | Any user (with team) |
/movimentos |
List last transactions | Any user (with team) |
/ver-equipas |
List all teams | Admin, Staff |
/ver-equipas-registo |
List all registered teams | Admin, Staff |
/detalhes-equipa |
View one team details | Admin, Staff |
/detalhes |
View one participant details | Admin, Staff |
Add extra commands
Adding new commands to the bot, mostly for the organization to keep a track on everything.
The list of newly added commands follows below, along with some explanations on each command.
List all teams
/ver-equipas
List all teams. Provides the team name and team id of each team participating (ie with members). If a team has no members, it will not show on this commands output.
List all teams registered
/ver-equipas-registo
List all registered teams. Provides the team name and team id and entry code of each team registered. All teams created will appear.
View team details
/detalhes-equipa <team_id>
Used to list all details of a team. The team-id must be provided. It shows the team information (name, balance and ID) among with the list of elements.
View user details
/detalhes <@user|user-id>
Used to list details of a participant. The @user or user-id must be provided. It will return the name (as a Slack @mention), ID and team ID (if any) of the user.
Add request origin validation
Each request is now validated (see Slack docs for details here).
Implementation Details
Each requests now contains two Slack custom headers: X-Slack-Request-Timestamp and X-Slack-Signature. The first contains the timestamp of the request and the second is computed by combining the signing secret (secret value for each app) with the body of the request sent, using a standard HMAC-SHA256 keyed hash.
On the server side, each request is checked to have those headers, if they are not present the request is refused. If they are present, the timestamp must not differ from the local time by more than SLACK_REQUEST_TIMESTAMP_MAX_GAP_MINUTES (constant defined in definitions.py). Then, a local signature is computed using the same method and algorithm. The request is considerer valid only if they match, otherwise is refused.