Skip to content

Commit 19f44b9

Browse files
committed
fix(security): remove hardcoded Slack credentials
Replace hardcoded token/channel with env vars SLACK_BOT_TOKEN and SLACK_CHANNEL_ID.
1 parent a73f1c1 commit 19f44b9

File tree

1 file changed

+17
-12
lines changed

1 file changed

+17
-12
lines changed

qqq-middleware-slack/src/main/java/com/kingsrook/qqq/slack/QSlackImplementation.java

Lines changed: 17 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -445,18 +445,23 @@ private static void buildExportMessage(Context context, String tableName, String
445445
response.put("blocks", blocksArray);
446446
context.result(response.toString());
447447

448-
//////////////////////////////////////////////////////////////
449-
// you can get this instance via ctx.client() in a Bolt app //
450-
//////////////////////////////////////////////////////////////
451-
var client = Slack.getInstance().methods();
452-
client.filesUpload(FilesUploadRequest.builder()
453-
.token("xoxb-1413823704023-4637156460004-e6Vwq23PjTDw5D7OzOp2fIWi")
454-
.channels(List.of("C04JNM6BTMY"))
455-
.filetype(format)
456-
.filename("test." + format)
457-
.fileData(baos.toByteArray())
458-
.build()
459-
);
448+
///////////////////////////////////////////////////////////////////////////////////
449+
// Upload file to Slack - token and channel should come from QInstance config //
450+
///////////////////////////////////////////////////////////////////////////////////
451+
String slackToken = System.getenv("SLACK_BOT_TOKEN");
452+
String slackChannel = System.getenv("SLACK_CHANNEL_ID");
453+
if(slackToken != null && slackChannel != null)
454+
{
455+
var client = Slack.getInstance().methods();
456+
client.filesUpload(FilesUploadRequest.builder()
457+
.token(slackToken)
458+
.channels(List.of(slackChannel))
459+
.filetype(format)
460+
.filename("export." + format)
461+
.fileData(baos.toByteArray())
462+
.build()
463+
);
464+
}
460465
}
461466
catch(Exception e)
462467
{

0 commit comments

Comments
 (0)