From 67ab86940caf742f19f3a7d6a21496b11a4b5590 Mon Sep 17 00:00:00 2001
From: Brian Peiris <brianpeiris@gmail.com>
Date: Mon, 22 Mar 2021 20:26:38 -0400
Subject: [PATCH] Add env config to restrict slackbot command to particular
 channels

---
 .../modules/slackbot/mr-ops-command-slackbot/main.js      | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/terraform/modules/slackbot/mr-ops-command-slackbot/main.js b/terraform/modules/slackbot/mr-ops-command-slackbot/main.js
index a0c39f0..6af439a 100644
--- a/terraform/modules/slackbot/mr-ops-command-slackbot/main.js
+++ b/terraform/modules/slackbot/mr-ops-command-slackbot/main.js
@@ -6,13 +6,19 @@ const https = require('https');
 
 const slackToken = process.env.slackToken;
 const jenkinsToken = process.env.jenkinsToken;
-const reticulumToken = process.env.reticulumToken;
+const allowedChannels = (process.env.allowedChannels || "").split(",").map(s => s.trim());
 
 let token;
 let jtoken;
 
 function processEvent(event, callback) {
     const params = qs.parse(event.body);
+
+    if (!allowedChannels.includes(params.channel_id)) {
+        console.error(`Channel id ${params.channel_id} is not in the allowed channel list.`);
+        return callback('Invalid channel id');
+    }
+
     const requestToken = params.token;
     if (requestToken !== token) {
         console.error(`Request token (${requestToken}) does not match expected`);