github.com/mattermosttest/mattermost-server/v5@v5.0.0-20200917143240-9dfa12e121f9/model/incoming_webhook.go (about) 1 // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved. 2 // See LICENSE.txt for license information. 3 4 package model 5 6 import ( 7 "bytes" 8 "encoding/json" 9 "io" 10 "net/http" 11 "regexp" 12 ) 13 14 const ( 15 DEFAULT_WEBHOOK_USERNAME = "webhook" 16 ) 17 18 type IncomingWebhook struct { 19 Id string `json:"id"` 20 CreateAt int64 `json:"create_at"` 21 UpdateAt int64 `json:"update_at"` 22 DeleteAt int64 `json:"delete_at"` 23 UserId string `json:"user_id"` 24 ChannelId string `json:"channel_id"` 25 TeamId string `json:"team_id"` 26 DisplayName string `json:"display_name"` 27 Description string `json:"description"` 28 Username string `json:"username"` 29 IconURL string `json:"icon_url"` 30 ChannelLocked bool `json:"channel_locked"` 31 } 32 33 type IncomingWebhookRequest struct { 34 Text string `json:"text"` 35 Username string `json:"username"` 36 IconURL string `json:"icon_url"` 37 ChannelName string `json:"channel"` 38 Props StringInterface `json:"props"` 39 Attachments []*SlackAttachment `json:"attachments"` 40 Type string `json:"type"` 41 IconEmoji string `json:"icon_emoji"` 42 } 43 44 func (o *IncomingWebhook) ToJson() string { 45 b, _ := json.Marshal(o) 46 return string(b) 47 } 48 49 func IncomingWebhookFromJson(data io.Reader) *IncomingWebhook { 50 var o *IncomingWebhook 51 json.NewDecoder(data).Decode(&o) 52 return o 53 } 54 55 func IncomingWebhookListToJson(l []*IncomingWebhook) string { 56 b, _ := json.Marshal(l) 57 return string(b) 58 } 59 60 func IncomingWebhookListFromJson(data io.Reader) []*IncomingWebhook { 61 var o []*IncomingWebhook 62 json.NewDecoder(data).Decode(&o) 63 return o 64 } 65 66 func (o *IncomingWebhook) IsValid() *AppError { 67 68 if !IsValidId(o.Id) { 69 return NewAppError("IncomingWebhook.IsValid", "model.incoming_hook.id.app_error", nil, "", http.StatusBadRequest) 70 71 } 72 73 if o.CreateAt == 0 { 74 return NewAppError("IncomingWebhook.IsValid", "model.incoming_hook.create_at.app_error", nil, "id="+o.Id, http.StatusBadRequest) 75 } 76 77 if o.UpdateAt == 0 { 78 return NewAppError("IncomingWebhook.IsValid", "model.incoming_hook.update_at.app_error", nil, "id="+o.Id, http.StatusBadRequest) 79 } 80 81 if !IsValidId(o.UserId) { 82 return NewAppError("IncomingWebhook.IsValid", "model.incoming_hook.user_id.app_error", nil, "", http.StatusBadRequest) 83 } 84 85 if !IsValidId(o.ChannelId) { 86 return NewAppError("IncomingWebhook.IsValid", "model.incoming_hook.channel_id.app_error", nil, "", http.StatusBadRequest) 87 } 88 89 if !IsValidId(o.TeamId) { 90 return NewAppError("IncomingWebhook.IsValid", "model.incoming_hook.team_id.app_error", nil, "", http.StatusBadRequest) 91 } 92 93 if len(o.DisplayName) > 64 { 94 return NewAppError("IncomingWebhook.IsValid", "model.incoming_hook.display_name.app_error", nil, "", http.StatusBadRequest) 95 } 96 97 if len(o.Description) > 500 { 98 return NewAppError("IncomingWebhook.IsValid", "model.incoming_hook.description.app_error", nil, "", http.StatusBadRequest) 99 } 100 101 if len(o.Username) > 64 { 102 return NewAppError("IncomingWebhook.IsValid", "model.incoming_hook.username.app_error", nil, "", http.StatusBadRequest) 103 } 104 105 if len(o.IconURL) > 1024 { 106 return NewAppError("IncomingWebhook.IsValid", "model.incoming_hook.icon_url.app_error", nil, "", http.StatusBadRequest) 107 } 108 109 return nil 110 } 111 112 func (o *IncomingWebhook) PreSave() { 113 if o.Id == "" { 114 o.Id = NewId() 115 } 116 117 o.CreateAt = GetMillis() 118 o.UpdateAt = o.CreateAt 119 } 120 121 func (o *IncomingWebhook) PreUpdate() { 122 o.UpdateAt = GetMillis() 123 } 124 125 // escapeControlCharsFromPayload escapes control chars (\n, \t) from a byte slice. 126 // Context: 127 // JSON strings are not supposed to contain control characters such as \n, \t, 128 // ... but some incoming webhooks might still send invalid JSON and we want to 129 // try to handle that. An example invalid JSON string from an incoming webhook 130 // might look like this (strings for both "text" and "fallback" attributes are 131 // invalid JSON strings because they contain unescaped newlines and tabs): 132 // `{ 133 // "text": "this is a test 134 // that contains a newline and tabs", 135 // "attachments": [ 136 // { 137 // "fallback": "Required plain-text summary of the attachment 138 // that contains a newline and tabs", 139 // "color": "#36a64f", 140 // ... 141 // "text": "Optional text that appears within the attachment 142 // that contains a newline and tabs", 143 // ... 144 // "thumb_url": "http://example.com/path/to/thumb.png" 145 // } 146 // ] 147 // }` 148 // This function will search for `"key": "value"` pairs, and escape \n, \t 149 // from the value. 150 func escapeControlCharsFromPayload(by []byte) []byte { 151 // we'll search for `"text": "..."` or `"fallback": "..."`, ... 152 keys := "text|fallback|pretext|author_name|title|value" 153 154 // the regexp reads like this: 155 // (?s): this flag let . match \n (default is false) 156 // "(keys)": we search for the keys defined above 157 // \s*:\s*: followed by 0..n spaces/tabs, a colon then 0..n spaces/tabs 158 // ": a double-quote 159 // (\\"|[^"])*: any number of times the `\"` string or any char but a double-quote 160 // ": a double-quote 161 r := `(?s)"(` + keys + `)"\s*:\s*"(\\"|[^"])*"` 162 re := regexp.MustCompile(r) 163 164 // the function that will escape \n and \t on the regexp matches 165 repl := func(b []byte) []byte { 166 if bytes.Contains(b, []byte("\n")) { 167 b = bytes.Replace(b, []byte("\n"), []byte("\\n"), -1) 168 } 169 if bytes.Contains(b, []byte("\t")) { 170 b = bytes.Replace(b, []byte("\t"), []byte("\\t"), -1) 171 } 172 173 return b 174 } 175 176 return re.ReplaceAllFunc(by, repl) 177 } 178 179 func decodeIncomingWebhookRequest(by []byte) (*IncomingWebhookRequest, error) { 180 decoder := json.NewDecoder(bytes.NewReader(by)) 181 var o IncomingWebhookRequest 182 err := decoder.Decode(&o) 183 if err == nil { 184 return &o, nil 185 } else { 186 return nil, err 187 } 188 } 189 190 func IncomingWebhookRequestFromJson(data io.Reader) (*IncomingWebhookRequest, *AppError) { 191 buf := new(bytes.Buffer) 192 buf.ReadFrom(data) 193 by := buf.Bytes() 194 195 // Try to decode the JSON data. Only if it fails, try to escape control 196 // characters from the strings contained in the JSON data. 197 o, err := decodeIncomingWebhookRequest(by) 198 if err != nil { 199 o, err = decodeIncomingWebhookRequest(escapeControlCharsFromPayload(by)) 200 if err != nil { 201 return nil, NewAppError("IncomingWebhookRequestFromJson", "model.incoming_hook.parse_data.app_error", nil, err.Error(), http.StatusBadRequest) 202 } 203 } 204 205 o.Attachments = StringifySlackFieldValue(o.Attachments) 206 207 return o, nil 208 } 209 210 func (o *IncomingWebhookRequest) ToJson() string { 211 b, err := json.Marshal(o) 212 if err != nil { 213 return "" 214 } else { 215 return string(b) 216 } 217 }