repos/roboluke
5
0
Fork 0
Code Issues 1 Pull Requests Actions 1 Packages Releases 54 Activity

feat(security): add approved rooms/users/domains as env variables #277

Merged
luketainton merged 5 commits from 276-add-approved-usersdomains-as-an-environment-variable into main 2024-08-30 18:38:57 +00:00
Conversation 2 Commits 5 Files Changed 8 +92 -15
8 changed files with 92 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit c2bd36eabc - Show all commits

9
.env.default
View File

@@ -1,8 +1,11 @@
APP_LIFECYCLE="dev"
SENTRY_ENABLED="False"
SENTRY_DSN=""
ADMIN_EMAIL="" ADMIN_EMAIL=""
ADMIN_FIRST_NAME="" ADMIN_FIRST_NAME=""
APP_LIFECYCLE="dev"
APPROVED_DOMAINS="example.com,hello.com"
APPROVED_ROOMS="abc123,def456"
APPROVED_USERS="bob@example.com,john@me.com"
BOT_NAME="" BOT_NAME=""
N8N_WEBHOOK_URL="" N8N_WEBHOOK_URL=""
SENTRY_DSN=""
SENTRY_ENABLED="False"
WEBEX_API_KEY="" WEBEX_API_KEY=""

6
README.md
View File

@@ -9,8 +9,14 @@ Add tasks to a Wekan to do list via Webex and n8n.
3. Edit `.env` as required: 3. Edit `.env` as required:
- `ADMIN_EMAIL` - comma-separated list of admin (who owns the to-do list) email addresses - `ADMIN_EMAIL` - comma-separated list of admin (who owns the to-do list) email addresses
- `ADMIN_FIRST_NAME` - admin first name - `ADMIN_FIRST_NAME` - admin first name
- `APP_LIFECYCLE` - for use in Sentry only, set the name of the environment
- `APPROVED_DOMAINS` - comma-separated list of domains that users are allowed to message the bot from
- `APPROVED_ROOMS` - comma-separated list of room IDs that users are allowed to message the bot from
- `APPROVED_USERS` - comma-separated list of email addresses of approved users
- `BOT_NAME` - Webex bot name - `BOT_NAME` - Webex bot name
- `N8N_WEBHOOK_URL` - n8n webhook URL - `N8N_WEBHOOK_URL` - n8n webhook URL
- `SENTRY_DSN` - for use in Sentry only, set the DSN of the Sentry project
- `SENTRY_ENABLED` - for use in Sentry only, enable sending data to Sentry
- `WEBEX_API_KEY` - Webex API key - `WEBEX_API_KEY` - Webex API key
## How to use ## How to use

8
app/main.py
View File

@@ -2,14 +2,12 @@
import sentry_sdk import sentry_sdk
from sentry_sdk.integrations.stdlib import StdlibIntegration from sentry_sdk.integrations.stdlib import StdlibIntegration
from webex_bot.webex_bot import WebexBot from webex_bot.webex_bot import WebexBot
from app.commands.exit import ExitCommand from app.commands.exit import ExitCommand
from app.commands.submit_task import SubmitTaskCommand from app.commands.submit_task import SubmitTaskCommand
from app.utils.config import config from app.utils.config import config
if config.sentry_enabled: if config.sentry_enabled:
apm = sentry_sdk.init( apm = sentry_sdk.init(
dsn=config.sentry_dsn, dsn=config.sentry_dsn,
@@ -17,7 +15,7 @@ if config.sentry_enabled:
environment=config.environment, environment=config.environment,
release=config.version, release=config.version,
integrations=[StdlibIntegration()], integrations=[StdlibIntegration()],
spotlight=True spotlight=True,
) )
@@ -26,7 +24,9 @@ def create_bot() -> WebexBot:
webex_bot: WebexBot = WebexBot( webex_bot: WebexBot = WebexBot(
bot_name=config.bot_name, bot_name=config.bot_name,
teams_bot_token=config.webex_token, teams_bot_token=config.webex_token,
approved_domains=["cisco.com"], approved_domains=config.approved_domains,
approved_rooms=config.approved_rooms,
approved_users=config.approved_users,
) )
webex_bot.commands.clear() webex_bot.commands.clear()
webex_bot.add_command(SubmitTaskCommand()) webex_bot.add_command(SubmitTaskCommand())

22
app/utils/config.py
View File

@@ -2,9 +2,12 @@
import os import os
from app.utils.helpers import validate_email_syntax
class Config: class Config:
"""Configuration module.""" """Configuration module."""
def __init__(self) -> None: def __init__(self) -> None:
"""Configuration module.""" """Configuration module."""
self.__environment: str = os.environ.get("APP_LIFECYCLE", "DEV").upper() self.__environment: str = os.environ.get("APP_LIFECYCLE", "DEV").upper()
@@ -68,5 +71,24 @@ class Config:
"""Returns the n8n webhook URL.""" """Returns the n8n webhook URL."""
return self.__n8n_webhook_url return self.__n8n_webhook_url
@property
def approved_users(self) -> list:
"""Returns a list of approved users."""
emails: list[str] = os.environ.get("APPROVED_USERS", "").split(",")
emails = [i.strip() for i in emails if validate_email_syntax(i.strip())]
return emails
@property
def approved_rooms(self) -> list:
"""Returns a list of approved rooms."""
rooms: list[str] = os.environ.get("APPROVED_ROOMS", "").split(",")
return [i.strip() for i in rooms]
@property
def approved_domains(self) -> list:
"""Returns a list of approved domains."""
domains: list[str] = os.environ.get("APPROVED_DOMAINS", "").split(",")
return [i.strip() for i in domains]
config: Config = Config() config: Config = Config()

14
app/utils/helpers.py Normal file
View File

@@ -0,0 +1,14 @@
import re
def validate_email_syntax(email: str) -> bool:
"""Validate email syntax.
Args:
email (str): Email address.
Returns:
bool: True if valid, else False.
"""
pattern = r"^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$"
return re.match(pattern, email) is not None

4
test.sh
View File

@@ -1,3 +1,3 @@
export $(cat .env | xargs) export $(cat .env.test | xargs)
python -B -m app.main python -B -m app.main
unset APP_LIFECYCLE SENTRY_ENABLED SENTRY_DSN BOT_NAME WEBEX_API_KEY ADMIN_FIRST_NAME ADMIN_EMAIL N8N_WEBHOOK_URL unset ADMIN_EMAIL ADMIN_FIRST_NAME APP_LIFECYCLE APP_VERSION APPROVED_DOMAINS APPROVED_ROOMS APPROVED_USERS BOT_NAME N8N_WEBHOOK_URL SENTRY_DSN SENTRY_ENABLED WEBEX_API_KEY

24
tests/test_config.py
View File

@@ -4,7 +4,6 @@
import os import os
vars: dict = { vars: dict = {
"APP_VERSION": "dev", "APP_VERSION": "dev",
"BOT_NAME": "TestBot", "BOT_NAME": "TestBot",
@@ -13,7 +12,10 @@ vars: dict = {
"ADMIN_EMAIL": "test@test.com", "ADMIN_EMAIL": "test@test.com",
"N8N_WEBHOOK_URL": "https://n8n.test.com/webhook/abcdefg", "N8N_WEBHOOK_URL": "https://n8n.test.com/webhook/abcdefg",
"SENTRY_ENABLED": "false", "SENTRY_ENABLED": "false",
"SENTRY_DSN": "http://localhost" "SENTRY_DSN": "http://localhost",
"APPROVED_USERS": "test@test.com",
"APPROVED_DOMAINS": "test.com",
"APPROVED_ROOMS": "test",
} }
@@ -21,12 +23,22 @@ for var, value in vars.items():
os.environ[var] = value os.environ[var] = value
# needs to be imported AFTER environment variables are set # needs to be imported AFTER environment variables are set
from app.utils.config import config # pragma: no cover from app.utils.config import config # pragma: no cover # noqa: E402
def test_config() -> None: def test_config() -> None:
assert config.bot_name == vars["BOT_NAME"]
assert config.webex_token == vars["WEBEX_API_KEY"]
assert config.admin_first_name == vars["ADMIN_FIRST_NAME"]
assert config.admin_emails == vars["ADMIN_EMAIL"].split(",") assert config.admin_emails == vars["ADMIN_EMAIL"].split(",")
assert config.admin_first_name == vars["ADMIN_FIRST_NAME"]
assert config.approved_domains == vars["APPROVED_DOMAINS"].split(",")
assert config.approved_rooms == vars["APPROVED_ROOMS"].split(",")
assert config.approved_users == vars["APPROVED_USERS"].split(",")
assert config.bot_name == vars["BOT_NAME"]
assert config.n8n_webhook_url == vars["N8N_WEBHOOK_URL"] assert config.n8n_webhook_url == vars["N8N_WEBHOOK_URL"]
assert config.sentry_enabled == bool(vars["SENTRY_ENABLED"].upper() == "TRUE")
assert config.version == vars["APP_VERSION"]
assert config.webex_token == vars["WEBEX_API_KEY"]
if config.sentry_enabled:
assert config.sentry_dsn == vars["SENTRY_DSN"]
else:
assert config.sentry_dsn == ""

20
tests/test_helpers.py Normal file
View File

@@ -0,0 +1,20 @@
#!/usr/bin/env python3
"""Provides test cases for app/utils/helpers.py."""
from app.utils.helpers import validate_email_syntax # pragma: no cover
def test_validate_email_syntax_true() -> None:
email: str = "test@test.com"
assert validate_email_syntax(email)
def test_validate_email_syntax_false1() -> None:
email: str = "test@test"
assert not validate_email_syntax(email)
def test_validate_email_syntax_false2() -> None:
email: str = "test"
assert not validate_email_syntax(email)