feat(security): add approved rooms/users/domains as env variables (#277)
* feat(security): add approved rooms/users/domains as env variables * chore(lint): fix R0902 * chore(lint): fix C0114 * chore(lint): fix C0116 * chore(lint): fix C0413
This commit is contained in:
GitHub
@ -2,14 +2,12 @@
|
||||
|
||||
import sentry_sdk
|
||||
from sentry_sdk.integrations.stdlib import StdlibIntegration
|
||||
|
||||
from webex_bot.webex_bot import WebexBot
|
||||
|
||||
from app.commands.exit import ExitCommand
|
||||
from app.commands.submit_task import SubmitTaskCommand
|
||||
from app.utils.config import config
|
||||
|
||||
|
||||
if config.sentry_enabled:
|
||||
apm = sentry_sdk.init(
|
||||
dsn=config.sentry_dsn,
|
||||
@ -17,7 +15,7 @@ if config.sentry_enabled:
|
||||
environment=config.environment,
|
||||
release=config.version,
|
||||
integrations=[StdlibIntegration()],
|
||||
spotlight=True
|
||||
spotlight=True,
|
||||
)
|
||||
|
||||
|
||||
@ -26,7 +24,9 @@ def create_bot() -> WebexBot:
|
||||
webex_bot: WebexBot = WebexBot(
|
||||
bot_name=config.bot_name,
|
||||
teams_bot_token=config.webex_token,
|
||||
approved_domains=["cisco.com"],
|
||||
approved_domains=config.approved_domains,
|
||||
approved_rooms=config.approved_rooms,
|
||||
approved_users=config.approved_users,
|
||||
)
|
||||
webex_bot.commands.clear()
|
||||
webex_bot.add_command(SubmitTaskCommand())
|
||||
|
||||
@ -2,19 +2,19 @@
|
||||
|
||||
import os
|
||||
|
||||
from app.utils.helpers import validate_email_syntax
|
||||
|
||||
|
||||
class Config:
|
||||
"""Configuration module."""
|
||||
|
||||
def __init__(self) -> None:
|
||||
"""Configuration module."""
|
||||
self.__environment: str = os.environ.get("APP_LIFECYCLE", "DEV").upper()
|
||||
self.__version: str = os.environ["APP_VERSION"]
|
||||
self.__bot_name: str = os.environ["BOT_NAME"]
|
||||
self.__webex_token: str = os.environ["WEBEX_API_KEY"]
|
||||
self.__admin_first_name: str = os.environ["ADMIN_FIRST_NAME"]
|
||||
self.__admin_emails: list = os.environ["ADMIN_EMAIL"].split(",")
|
||||
self.__n8n_webhook_url: str = os.environ["N8N_WEBHOOK_URL"]
|
||||
|
||||
# Sentry config needs to be processed first for loop prevention.
|
||||
|
||||
self.__sentry_dsn: str = os.environ.get("SENTRY_DSN", "")
|
||||
|
||||
self.__sentry_enabled: bool = bool(
|
||||
os.environ.get("SENTRY_ENABLED", "False").upper() == "TRUE"
|
||||
and self.__sentry_dsn != ""
|
||||
@ -23,12 +23,12 @@ class Config:
|
||||
@property
|
||||
def environment(self) -> str:
|
||||
"""Returns the current app lifecycle."""
|
||||
return self.__environment
|
||||
return os.environ.get("APP_LIFECYCLE", "DEV").upper()
|
||||
|
||||
@property
|
||||
def version(self) -> str:
|
||||
"""Returns the current app version."""
|
||||
return self.__version
|
||||
return os.environ["APP_VERSION"]
|
||||
|
||||
@property
|
||||
def sentry_enabled(self) -> bool:
|
||||
@ -46,27 +46,46 @@ class Config:
|
||||
@property
|
||||
def bot_name(self) -> str:
|
||||
"""Returns the bot name."""
|
||||
return self.__bot_name
|
||||
return os.environ["BOT_NAME"]
|
||||
|
||||
@property
|
||||
def webex_token(self) -> str:
|
||||
"""Returns the Webex API key."""
|
||||
return self.__webex_token
|
||||
return os.environ["WEBEX_API_KEY"]
|
||||
|
||||
@property
|
||||
def admin_first_name(self) -> str:
|
||||
"""Returns the first name of the bot admin."""
|
||||
return self.__admin_first_name
|
||||
return os.environ["ADMIN_FIRST_NAME"]
|
||||
|
||||
@property
|
||||
def admin_emails(self) -> list:
|
||||
"""Returns a list of admin email addresses."""
|
||||
return self.__admin_emails
|
||||
return os.environ["ADMIN_EMAIL"].split(",")
|
||||
|
||||
@property
|
||||
def n8n_webhook_url(self) -> str:
|
||||
"""Returns the n8n webhook URL."""
|
||||
return self.__n8n_webhook_url
|
||||
return os.environ["N8N_WEBHOOK_URL"]
|
||||
|
||||
@property
|
||||
def approved_users(self) -> list:
|
||||
"""Returns a list of approved users."""
|
||||
emails: list[str] = os.environ.get("APPROVED_USERS", "").split(",")
|
||||
emails = [i.strip() for i in emails if validate_email_syntax(i.strip())]
|
||||
return emails
|
||||
|
||||
@property
|
||||
def approved_rooms(self) -> list:
|
||||
"""Returns a list of approved rooms."""
|
||||
rooms: list[str] = os.environ.get("APPROVED_ROOMS", "").split(",")
|
||||
return [i.strip() for i in rooms]
|
||||
|
||||
@property
|
||||
def approved_domains(self) -> list:
|
||||
"""Returns a list of approved domains."""
|
||||
domains: list[str] = os.environ.get("APPROVED_DOMAINS", "").split(",")
|
||||
return [i.strip() for i in domains]
|
||||
|
||||
|
||||
config: Config = Config()
|
||||
|
||||
16
app/utils/helpers.py
Normal file
16
app/utils/helpers.py
Normal file
@ -0,0 +1,16 @@
|
||||
"""Standalone helper functions."""
|
||||
|
||||
import re
|
||||
|
||||
|
||||
def validate_email_syntax(email: str) -> bool:
|
||||
"""Validate email syntax.
|
||||
|
||||
Args:
|
||||
email (str): Email address.
|
||||
|
||||
Returns:
|
||||
bool: True if valid, else False.
|
||||
"""
|
||||
pattern = r"^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$"
|
||||
return re.match(pattern, email) is not None
|
||||
Reference in New Issue
Block a user