don't allow external channels in app mentions or messages

scazan · scazan · commit bf2ccada7221 · 2023-11-13T10:21:32.000+01:00
diff --git a/integrations/slack/src/handlers/handlers.ts b/integrations/slack/src/handlers/handlers.ts
@@ -1,9 +1,9 @@
 import { Logger } from '@gitbook/runtime';
 
+import type { SlashEvent } from './commands';
 import { notifyOnlySupportedThreads, queryLens, saveThread } from '../actions';
 import { SlackRuntimeContext } from '../configuration';
 import { isSaveThreadMessage, stripBotName } from '../utils';
-import type { SlashEvent } from './commands';
 
 const logger = Logger('slack:api');
 
@@ -40,9 +40,10 @@ export async function queryLensSlashHandler(slashEvent: SlashEvent, context: Sla
 export async function messageEventHandler(eventPayload: any, context: SlackRuntimeContext) {
     // pull out required params from the slashEvent for queryLens
     const { type, text, bot_id, thread_ts, channel, user, team } = eventPayload.event;
+    const isExternalChannel = eventPayload.is_ext_shared_channel;
 
     // check for bot_id so that the bot doesn't trigger itself
-    if (['message', 'app_mention'].includes(type) && !bot_id) {
+    if (['message', 'app_mention'].includes(type) && !bot_id && !isExternalChannel) {
         // strip out the bot-name in the mention and account for user mentions within the query
         // @ts-ignore
         const parsedQuery = stripBotName(text, eventPayload.authorizations[0]?.user_id);
@@ -73,9 +74,10 @@ export async function messageEventHandler(eventPayload: any, context: SlackRunti
 export async function appMentionEventHandler(eventPayload: any, context: SlackRuntimeContext) {
     // pull out required params from the slashEvent for queryLens
     const { type, text, bot_id, thread_ts, channel, user, team } = eventPayload.event;
+    const isExternalChannel = eventPayload.is_ext_shared_channel;
 
     // check for bot_id so that the bot doesn't trigger itself
-    if (['message', 'app_mention'].includes(type) && !bot_id) {
+    if (['message', 'app_mention'].includes(type) && !bot_id && !isExternalChannel) {
         // strip out the bot-name in the mention and account for user mentions within the query
         // @ts-ignore
         const parsedMessage = stripBotName(text, eventPayload.authorizations[0]?.user_id);
diff --git a/integrations/slack/src/router.ts b/integrations/slack/src/router.ts
@@ -112,6 +112,7 @@ export const handleFetchEvent: FetchEventCallback = async (request, context) =>
         verifySlackRequest,
         createSlackCommandsHandler({
             '/gitbook': queryLensSlashHandler,
+            '/gitbookstaging': queryLensSlashHandler, // needed to allow our staging app to co-exist with the prod app
         }),
         acknowledgeSlackRequest
     );
