Security News
Fluent Assertions Faces Backlash After Abandoning Open Source Licensing
Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.
chipchat-tokens-to-google-secretmanager-mixin
Advanced tools
ChatShipper uses access tokens (token and refreshToken) to gain access to the api. You normally pass them when you initilialize the sdk like this: ```js const Sdk = require('chipchat'); const api = new Sdk({ token: 'your access token', refreshToken: 'your
ChatShipper uses access tokens (token and refreshToken) to gain access to the api. You normally pass them when you initilialize the sdk like this:
const Sdk = require('chipchat');
const api = new Sdk({ token: 'your access token', refreshToken: 'your refresh token'})
You get these tokens via the interface of ChatShipper by going to the user or bot that you want to use when accessing the api and in it's properties panel you can generate tokens.
These tokens expire though. And altough the chipchat sdk will automatically refresh the tokens for you, when the access token expires, the sdk will request new tokens with the refreshToken, it only remembers those tokens while the app is running. When you restart it will use the tokens you passed to the initilialization process again. Which will work as long as the refreshToken is valid, which is a month (at the moment)
So you need some way to store the (new) tokens somewhere save and reuse them. Tokens give access and should be kept very save. Do not commit tokens to github or put them in env variable even.
Big cloud platforms like Google or AWS have special secret stores where you can savely store tokens.
This package uses the Google Secret Manager to store the tokens. It idoes so by overwriting the special chipchat functions getTokens and setTokens via a mixin to add the store to google secrets functionality.
You need to have basic understandings of the Google platform and have your service account file with sufficient rights to the project stored locally.
Before you can use this, you have to set the _tokens in the store from the CLI (terminal) with:
#first we export some stuff to make the command more readable
export GOOGLE_APPLICATION_CREDENTIALS=/full/path/to/serviceaccountfile.json #Get access to your project
# security tip: add a space in front of the tokens to prevent them from being stored in your (bash) history
export TOKEN=<paste your access token here>
export REFRESHTOKEN=<paste your refresh token here>
export WPROJECT=<type the name of the project in google where you will create the secret and the service account has acces to>
export BOTID=<paste the bot id here>
export CONCERSATION=<paste a conversation id (from CS UI) here. we will retrieve this conv as an example>
#then create the secret holding the bots tokens:
echo -n '{"token":"'$TOKEN'", "refreshToken":"'$REFRESHTOKEN'"}' | gcloud secrets create ${BOTID}_tokens \
--data-file=- --replication-policy automatic --project $WPROJECT
Now that you have got you tokens in the store, lets use them via the mixin module like this:
const ChipChat = require('chipchat');
const { getTokens, setTokens } = require('chipchat-tokens-to-google-secretmanager-mixin');
ChipChat.mixin({ getTokens, setTokens });
// The bots email is needed to request new tokens
// and to get and store the tokens in/from the google secrest store.
// The bots user id that is found in
// the properties panel of the bot (if you are the bot owner)
const email = `bot+${process.env.BOTID}@chatshipper.com`;
const bot = new ChipChat({ email }); // no need for tokens, they will be retrieved from the secret store now
// As an example we will get a conversation and dump it to the console.
const conversationid = process.env.CONVERSATION;
bot.conversations.get(conversationid).then(console.log);
test.js
install the needed packages and test with node version 10 (use nvm) or higher:
npm init # enter enter enter etc
npm i -s chipchat chipchat-tokens-to-google-secretmanager-mixin
DEBUG=* node test.js
FAQs
ChatShipper uses access tokens (token and refreshToken) to gain access to the api. You normally pass them when you initilialize the sdk like this: ```js const Sdk = require('chipchat'); const api = new Sdk({ token: 'your access token', refreshToken: 'your
We found that chipchat-tokens-to-google-secretmanager-mixin demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.
Research
Security News
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
Security News
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.