feat(security): add approved rooms/users/domains as env variables

2024-08-30 19:18:04 +01:00
parent 56f1cb924e
commit c2bd36eabc
8 changed files with 92 additions and 15 deletions
--- a/app/main.py
+++ b/app/main.py
@ -2,14 +2,12 @@

 import sentry_sdk
 from sentry_sdk.integrations.stdlib import StdlibIntegration
-
 from webex_bot.webex_bot import WebexBot

 from app.commands.exit import ExitCommand
 from app.commands.submit_task import SubmitTaskCommand
 from app.utils.config import config

-
 if config.sentry_enabled:
    apm = sentry_sdk.init(
        dsn=config.sentry_dsn,
@ -17,7 +15,7 @@ if config.sentry_enabled:
        environment=config.environment,
        release=config.version,
        integrations=[StdlibIntegration()],
-        spotlight=True
+        spotlight=True,
    )


@ -26,7 +24,9 @@ def create_bot() -> WebexBot:
    webex_bot: WebexBot = WebexBot(
        bot_name=config.bot_name,
        teams_bot_token=config.webex_token,
-        approved_domains=["cisco.com"],
+        approved_domains=config.approved_domains,
+        approved_rooms=config.approved_rooms,
+        approved_users=config.approved_users,
    )
    webex_bot.commands.clear()
    webex_bot.add_command(SubmitTaskCommand())
--- a/app/utils/config.py
+++ b/app/utils/config.py
@ -2,9 +2,12 @@

 import os

+from app.utils.helpers import validate_email_syntax
+

 class Config:
    """Configuration module."""
+
    def __init__(self) -> None:
        """Configuration module."""
        self.__environment: str = os.environ.get("APP_LIFECYCLE", "DEV").upper()
@ -68,5 +71,24 @@ class Config:
        """Returns the n8n webhook URL."""
        return self.__n8n_webhook_url

+    @property
+    def approved_users(self) -> list:
+        """Returns a list of approved users."""
+        emails: list[str] = os.environ.get("APPROVED_USERS", "").split(",")
+        emails = [i.strip() for i in emails if validate_email_syntax(i.strip())]
+        return emails
+
+    @property
+    def approved_rooms(self) -> list:
+        """Returns a list of approved rooms."""
+        rooms: list[str] = os.environ.get("APPROVED_ROOMS", "").split(",")
+        return [i.strip() for i in rooms]
+
+    @property
+    def approved_domains(self) -> list:
+        """Returns a list of approved domains."""
+        domains: list[str] = os.environ.get("APPROVED_DOMAINS", "").split(",")
+        return [i.strip() for i in domains]
+

 config: Config = Config()
--- a/app/utils/helpers.py
+++ b/app/utils/helpers.py
@ -0,0 +1,14 @@
+import re
+
+
+def validate_email_syntax(email: str) -> bool:
+    """Validate email syntax.
+
+    Args:
+        email (str): Email address.
+
+    Returns:
+        bool: True if valid, else False.
+    """
+    pattern = r"^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$"
+    return re.match(pattern, email) is not None