Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle file uploads #14

Open
wdoekes opened this issue Aug 29, 2017 · 0 comments
Open

Handle file uploads #14

wdoekes opened this issue Aug 29, 2017 · 0 comments

Comments

@wdoekes
Copy link
Member

wdoekes commented Aug 29, 2017

Turns out we can handle file uploads in a fairly reasonable manner:

  • the file is posted as:
Handle POST: /outgoing, FieldStorage(None, None, [
  MiniFieldStorage('token', 'O3xxx'),
  MiniFieldStorage('team_id', 'T0xxx'),
  MiniFieldStorage('team_domain', 'gexxx'),
  MiniFieldStorage('service_id', '11xxx'),
  MiniFieldStorage('channel_id', 'C0xxx'),
  MiniFieldStorage('channel_name', 'osxxx'),
  MiniFieldStorage('timestamp', '1503649959.000043'),
  MiniFieldStorage('user_id', 'U0xxx'),
  MiniFieldStorage('user_name', 'e.xxx'),
  MiniFieldStorage('text',
    '<@U0xxx|e.xxx> uploaded a file: <https://gexxx.slack.com/files/e.xxx/F6xxx/img.jpg|a bit of text>')])

{
  "ok": true,
  "file": {
    "id": "F6xxx",
    "created": 1503649955,
    "timestamp": 1503649955,
    "name": "img.jpg",
    "title": "a bit of text",
    "mimetype": "image/jpeg",
    "filetype": "jpg",
    "pretty_type": "JPEG",
    "user": "U0xxx",
    "editable": false,
    "size": 307887,
    "mode": "hosted",
    "is_external": false,
    "external_type": "",
    "is_public": true,
    "public_url_shared": false,
    "display_as_bot": false,
    "username": "",
    "url_private": "xxx",
    "url_private_download": "https://files.slack.com/files-pri/T0xxx-F6xxx/download/img.jpg",
    "thumb_64": "xxx",
    "thumb_80": "xxx",
    "...": "..."
  }
}

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 307887
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=31536000, public
Content-Disposition: attachment; filename="img.jpg"; filename*=utf8''img%20with%20space%20in%20the%20name.jpg
Date: Tue, 29 Aug 2017 14:58:52 GMT
Etag: "c3xxx"
X-Backend: imgproxy-0fxxx
X-Robots-Tag: noindex
X-Slack-Meta: S3TA
X-Cache: Miss from cloudfront
Via: 1.1 1e07xxx.cloudfront.net (CloudFront)
X-Amz-Cf-Id: HwWxxx-hMxxx==
  • we can reupload this file: curl 'https://slack.com/api/files.upload' -XPOST -F token=$YYY -F channels=C0otherchan -F file=@recently_downloaded.jpg -d filename=img.jpg -d title='a bit of text'
{"ok":true,"file":{"id":"F6yyy","created":1504019408,"timestamp":1504019408,
"name":"img.jpg","title":"a bit of text",
"mimetype":"image\/jpeg","filetype":"jpg","pretty_type":"JPEG","user":"U6botuser",
"editable":false,"size":307887,"mode":"hosted","is_external":false,"external_type":"",
"is_public":true,"public_url_shared":false,"display_as_bot":false,"username":"",
"url_private":"https:\/\/files.slack.com\/files-pri\/T0yyy-F6yyy\/yyy.jpg",
"url_private_download":"https:\/\/files.slack.com\/files-pri\/T0yyy-F6yyy\/download\/yyy.jpg",
"...": "...",
"original_w":2550,"original_h":3489,
"permalink":"https:\/\/osso.slack.com\/files\/slyyy\/F6yyy\/yyy.jpg",
"permalink_public":"https:\/\/slack-files.com\/T0yyy-F6yyy-e0yyy",
"channels":["C0otherchan"],"groups":[],"ims":[],"comments_count":0}}
  • we will however get this message in the outgoing webhook again, which we'll need to exclude:
[2017-08-29 17:10:12 CEST] DEBUG/9917: Handle POST: /outgoing, FieldStorage(None, None, [
MiniFieldStorage('token', 'cnyyy'), MiniFieldStorage('team_id', 'T0xxx'),
MiniFieldStorage('team_domain', 'osyyy'), MiniFieldStorage('service_id', '11yyy'),
MiniFieldStorage('channel_id', 'C0yyy'), MiniFieldStorage('channel_name', 'shyyy'),
MiniFieldStorage('timestamp', '1504019411.000464'), MiniFieldStorage('user_id', 'U6botuser'),
MiniFieldStorage('user_name', 'slackbridge'), MiniFieldStorage('text',
'<@U6botuser|slackbridge> uploaded a file: <https://osso.slack.com/files/slackbridge/F6yyy/img.jpg|a bit of text>')])
  • so: if we look up the BOTUSER username at login time, and then exclude all "file uploads" from that user, we should be good: we can still forward the rest as-is, as we'll get the link to the original private URL and a proper reference to who uploaded the original.
wdoekes added a commit that referenced this issue Jul 23, 2019
@wdoekes
attachments: Quick hack to report that we'r NOT handling non-text
051d289 
If you send an image/attachment without text, you'll now get a message
that it cannot get sent.

The outgoing webhook only gives us text. And only if there is none, do
we realise that someone tried to send non-text.

For attachments *with* text, this heuristic fails and no one will be
notified that the image/attachment does not reach the peer side. (This
is unchanged/untouched by this changeset.)

See also #14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wdoekes