Store Authentication tokens of ChatShipper in Google Cloud Secret Storage
ChatShipper uses access tokens (token and refreshToken) to gain access to the api. You normally pass them when you initilialize the sdk like this:
const Sdk = require('chipchat');
const api = new Sdk({ token: 'your access token', refreshToken: 'your refresh token'})
You get these tokens via the interface of ChatShipper by going to the user or bot that you want to use when accessing the api and in it's properties panel you can generate tokens.
These tokens expire though. And altough the chipchat sdk will automatically refresh the tokens for you when the access token expires,
it only remembers those new tokens while the app is running. When you restart it will use the old tokens again that
you passed to the initilialization process. Which will work as long as the refreshToken is valid, which is a month (at the moment)
So you need some way to store the (new) tokens somewhere save and reuse them. Tokens give access and should be kept very save.
Do not commit tokens to github or put them in env variable even.
Big cloud platforms like Google or AWS have special secret stores where you can savely store tokens.
This package uses the Google Secret Manager to store the tokens. It does so by overwriting the special chipchat functions getTokens and setTokens via a mixin to add the store to google secrets functionality.
You need to have basic understandings of the Google platform and have your service account file with sufficient rights to the project stored locally.
Before you can use this, you have to set the _tokens
in the store from the CLI (terminal) with:
export GOOGLE_APPLICATION_CREDENTIALS=/full/path/to/serviceaccountfile.json
export TOKEN=<paste your access token here>
export REFRESHTOKEN=<paste your refresh token here>
export WPROJECT=<type the name of the project in google where you will create the secret and the service account has acces to>
export BOTID=<paste the bot id here>
export CONCERSATION=<paste a conversation id (from CS UI) here. we will retrieve this conv as an example>
echo -n '{"token":"'$TOKEN'", "refreshToken":"'$REFRESHTOKEN'"}' | gcloud secrets create ${BOTID}_tokens \
--data-file=- --replication-policy automatic --project $WPROJECT
or even easier while in the cs2-bots/bot dir call the scripts/addsecret script.
Now that you have got you tokens in the store, lets use them via the mixin module like this:
const ChipChat = require('chipchat');
const { getTokens, setTokens } = require('chipchat-tokens-to-google-secretmanager-mixin');
ChipChat.mixin({ getTokens, setTokens });
const email = `bot+${process.env.BOTID}@chatshipper.com`;
const bot = new ChipChat({ email });
const conversationid = process.env.CONVERSATION;
bot.conversations.get(conversationid).then(console.log);
install the needed packages and test with node version 10 (use nvm) or higher:
npm init
npm i -s chipchat chipchat-tokens-to-google-secretmanager-mixin
DEBUG=* node test.js