Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
slack-ruby-bot-server
Advanced tools
Build a complete Slack bot service with Slack button integration, in Ruby.
A library that contains a web server and a RESTful Grape API serving a Slack bot to multiple teams. Use in conjunction with slack-ruby-bot-server-events to build a complete Slack bot service, or slack-ruby-bot-server-rtm to build a (legacy) Classic RealTime Slack bot. Your customers can use a Slack button to install the bot.
You're reading the documentation for the stable release of slack-ruby-bot-server, 2.1.1. See UPGRADING when upgrading from an older version. See MIGRATING for help with migrating Legacy Slack Apps to Granular Scopes.
This library alone will only register a new bot, but will not include any bot functionality. To make something useful, we recommend you get started from either slack-ruby-bot-server-events-app-mentions-sample (handles a single kind of event), or slack-ruby-bot-server-events-sample (handles all kinds of events) to bootstrap your project.
A database is required to store teams.
Use MongoDB with Mongoid as ODM. Configure the database connection in mongoid.yml
. Add the mongoid
gem in your Gemfile.
gem 'mongoid'
gem 'kaminari-mongoid'
gem 'mongoid-scroll'
gem 'slack-ruby-bot-server'
Use ActiveRecord with, for example, PostgreSQL via pg. Add the activerecord
, pg
, otr-activerecord
and pagy_cursor
gems to your Gemfile.
Currently supports ActiveRecord/Rails major versions 6.0, 6.1 and 7.0.
gem 'pg'
gem 'activerecord', require: 'active_record'
gem 'slack-ruby-bot-server'
gem 'otr-activerecord'
gem 'pagy_cursor'
Configure the database connection in config/postgresql.yml
.
default: &default
adapter: postgresql
pool: 10
timeout: 5000
encoding: unicode
development:
<<: *default
database: bot_development
test:
<<: *default
database: bot_test
production:
<<: *default
database: bot
Establish a connection in your startup code.
yml = ERB.new(File.read(File.expand_path('config/postgresql.yml', __dir__))).result
db_config = if Gem::Version.new(Psych::VERSION) >= Gem::Version.new('3.1.0.pre1')
::YAML.safe_load(yml, aliases: true)[ENV['RACK_ENV']]
else
::YAML.safe_load(yml, [], [], true)[ENV['RACK_ENV']]
end
ActiveRecord::Base.establish_connection(db_config)
Configure your app's OAuth version and scopes as needed by your application.
SlackRubyBotServer.configure do |config|
config.oauth_version = :v2
config.oauth_scope = ['channels:read', 'chat:write']
end
The "Add to Slack" button uses the standard OAuth code grant flow as described in the Slack docs. Once clicked, the user is taken through the authorization process at Slack's site. Upon successful completion, a callback containing a temporary code is sent to the redirect URL you specified. The endpoint at that URL contains code that persists the bot token each time a Slack client is instantiated for the specific team.
Create a new Slack App here.
Follow Slack's instructions, note the app client ID and secret, give the bot a default name, etc.
Within your application, edit your .env
file and add SLACK_CLIENT_ID=...
and SLACK_CLIENT_SECRET=...
in it.
Run bundle install
and foreman start
to boot the app.
$ foreman start
07:44:47 web.1 | started with pid 59258
07:44:50 web.1 | * Listening on tcp://0.0.0.0:5000
Set the redirect URL in "OAuth & Permissions" be the location of your app. Since you cannot receive notifications on localhost from Slack use a public tunneling service such as ngrok to expose local port 9292 for testing.
$ ngrok http 5000
Forwarding https://ddfd97f80615.ngrok.io -> http://localhost:5000
Navigate to either localhost:9292 or the ngrok URL above. You should see an "Add to Slack" button. Use it to install the app into your own Slack team.
This library implements an app, SlackRubyBotServer::App and a service manager, SlackRubyBotServer::Service. It also provides default HTML templates and JS scripts for Slack integration.
The app instance checks for a working database connection, ensures indexes, performs migrations, sets up bot aliases and log levels. You can introduce custom behavior into the app lifecycle by subclassing SlackRubyBotServer::App
and creating an instance of the child class in config.ru
.
class MyApp < SlackRubyBotServer::App
def prepare!
super
deactivate_sleepy_teams!
end
private
def deactivate_sleepy_teams!
Team.active.each do |team|
next unless team.sleepy?
team.deactivate!
end
end
end
MyApp.instance.prepare!
You can introduce custom behavior into the service lifecycle via callbacks. This can be useful when new team has been registered via the API or a team has been deactivated from Slack.
instance = SlackRubyBotServer::Service.instance
instance.on :started, :stopped do |team|
# team has been started or stopped
end
instance.on :created do |team, error, options|
# a new team has been registered
end
instance.on :deactivated do |team, error, options|
# an existing team has been deactivated in Slack
end
instance.on :error do |team, error, options|
# an error has occurred
end
The following callbacks are supported. All callbacks receive a team
, except error
, which receives a StandardError
object.
callback | description |
---|---|
error | an error has occurred |
creating | a new team is being registered |
created | a new team has been registered |
booting | the service is starting and is connecting a team to Slack |
booted | the service is starting and has connected a team to Slack |
stopping | the service is about to disconnect a team from Slack |
stopped | the service has disconnected a team from Slack |
starting | the service is (re)connecting a team to Slack |
started | the service has (re)connected a team to Slack |
deactivating | a team is being deactivated |
deactivated | a team has been deactivated |
The Add to Slack button also allows for an optional state
parameter that will be returned on completion of the request. The creating
and created
callbacks include an options hash where this value can be accessed (to check for forgery attacks for instance).
auth = OpenSSL::HMAC.hexdigest("SHA256", "key", "data")
<a href="<%= SlackRubyBotServer::Config.oauth_authorize_url %>?scope=<%= SlackRubyBotServer::Config.oauth_scope_s %>&client_id=<%= ENV['SLACK_CLIENT_ID'] %>&state=#{auth)"> ... </a>
instance = SlackRubyBotServer::Service.instance
instance.on :creating do |team, error, options|
raise "Unauthorized response" unless options[:state] == auth
end
You can introduce custom behavior into the service lifecycle on a timer. For example, check whether a team's trial has expired, or periodically clean-up data. Timers can run once on start (once_and_every
) and start running after a certain period (every
).
instance = SlackRubyBotServer::Service.instance
instance.every :hour do
Team.each do |team|
begin
# do something with every team once an hour
rescue StandardError
end
end
end
instance.once_and_every :minute do
# called once on start, then every minute
end
instance.every :minute do
# called every minute
end
instance.every :second do
# called every second
end
instance.every 30 do
# called every 30 seconds
end
Note that, unlike callbacks, timers are global for the entire service. Timers are independent, and a failing timer will not terminate other timers.
A number of extensions use service manager callbacks and service timers to implement useful functionality.
You can override the service class to handle additional methods.
class MyService < SlackRubyBotServer::Service
def url
'https://www.example.com'
end
end
SlackRubyBotServer.configure do |config|
config.service_class = MyService
end
SlackRubyBotServer::Service.instance # MyService
SlackRubyBotServer::Service.instance.url # https://www.example.com
This library provides a default HTML template and JS scripts that implement the "Add to Slack" button workflow. Customize your pages by adding a public
directory in your application and starting with a index.html.erb template. The application's views
and public
folders are loaded by default.
You can add to or override template paths as follows.
SlackRubyBotServer.configure do |config|
config.view_paths << File.expand_path(File.join(__dir__, 'public'))
end
By default the implementation of Team stores the value of the token with all the requested OAuth scopes in both token
and activated_user_access_token
(for backwards compatibility), along with oauth_version
and oauth_scope
. If a legacy Slack bot integration bot_access_token
is present, it is stored as token
, and activated_user_access_token
is the token that has all the requested OAuth scopes.
Copyright Daniel Doubrovkine and Contributors, 2015-2020
FAQs
Unknown package
We found that slack-ruby-bot-server demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.