|
| 1 | +// @vitest-environment node |
| 2 | +import crypto from "crypto"; |
| 3 | +import fs from "fs"; |
| 4 | +import os from "os"; |
| 5 | +import path from "path"; |
| 6 | +import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; |
| 7 | + |
| 8 | +const TEST_DB_DIR = path.join(os.tmpdir(), `memroos-slack-events-${crypto.randomUUID()}`); |
| 9 | +const TEST_DB_PATH = path.join(TEST_DB_DIR, "routes.db"); |
| 10 | +const SIGNING_SECRET = "test-slack-signing-secret"; |
| 11 | + |
| 12 | +let closeDb: (() => void) | null = null; |
| 13 | + |
| 14 | +function signedRequest(body: unknown, options: { secret?: string; timestamp?: number; signature?: string } = {}): Request { |
| 15 | + const rawBody = typeof body === "string" ? body : JSON.stringify(body); |
| 16 | + const timestamp = String(options.timestamp ?? Math.floor(Date.now() / 1000)); |
| 17 | + const signature = |
| 18 | + options.signature ?? |
| 19 | + `v0=${crypto.createHmac("sha256", options.secret ?? SIGNING_SECRET).update(`v0:${timestamp}:${rawBody}`).digest("hex")}`; |
| 20 | + |
| 21 | + return new Request("http://localhost/api/integrations/slack/events", { |
| 22 | + method: "POST", |
| 23 | + headers: { |
| 24 | + "Content-Type": "application/json", |
| 25 | + "x-slack-request-timestamp": timestamp, |
| 26 | + "x-slack-signature": signature, |
| 27 | + }, |
| 28 | + body: rawBody, |
| 29 | + }); |
| 30 | +} |
| 31 | + |
| 32 | +function slackMessageEvent(overrides: Record<string, unknown> = {}) { |
| 33 | + return { |
| 34 | + type: "event_callback", |
| 35 | + team_id: "T123", |
| 36 | + api_app_id: "A123", |
| 37 | + event_id: "Ev123", |
| 38 | + event_time: 1782763200, |
| 39 | + authorizations: [{ team_id: "T123" }], |
| 40 | + event: { |
| 41 | + type: "message", |
| 42 | + channel: "C123", |
| 43 | + user: "U123", |
| 44 | + text: "Slack can be a MemroOS memory source.", |
| 45 | + ts: "1782763200.123456", |
| 46 | + thread_ts: "1782763000.000000", |
| 47 | + }, |
| 48 | + ...overrides, |
| 49 | + }; |
| 50 | +} |
| 51 | + |
| 52 | +async function loadRoute() { |
| 53 | + process.env.SQLITE_DB_PATH = TEST_DB_PATH; |
| 54 | + process.env.SLACK_SIGNING_SECRET = SIGNING_SECRET; |
| 55 | + process.env.MESSAGE_MEMORY_SLACK_ALLOW_TEAM_IDS = "T123"; |
| 56 | + vi.resetModules(); |
| 57 | + const route = await import("../route"); |
| 58 | + const dbModule = await import("@/lib/db"); |
| 59 | + closeDb = dbModule.closeDb; |
| 60 | + return { ...route, getDb: dbModule.getDb }; |
| 61 | +} |
| 62 | + |
| 63 | +describe("Slack Events API memory route", () => { |
| 64 | + beforeEach(() => { |
| 65 | + fs.rmSync(TEST_DB_DIR, { recursive: true, force: true }); |
| 66 | + fs.mkdirSync(TEST_DB_DIR, { recursive: true }); |
| 67 | + }); |
| 68 | + |
| 69 | + afterEach(() => { |
| 70 | + closeDb?.(); |
| 71 | + closeDb = null; |
| 72 | + fs.rmSync(TEST_DB_DIR, { recursive: true, force: true }); |
| 73 | + delete process.env.SQLITE_DB_PATH; |
| 74 | + delete process.env.SLACK_SIGNING_SECRET; |
| 75 | + delete process.env.MESSAGE_MEMORY_SLACK_ALLOW_TEAM_IDS; |
| 76 | + delete process.env.MESSAGE_MEMORY_SLACK_INCLUDE_BOT_MESSAGES; |
| 77 | + delete process.env.MESSAGE_MEMORY_SLACK_MAX_SKEW_SECONDS; |
| 78 | + delete process.env.MEMROOS_PUBLIC_BASE_URL; |
| 79 | + vi.restoreAllMocks(); |
| 80 | + }); |
| 81 | + |
| 82 | + it("returns a Slack app manifest with the configured Events API URL", async () => { |
| 83 | + process.env.MEMROOS_PUBLIC_BASE_URL = "https://memroos.example"; |
| 84 | + const { GET } = await loadRoute(); |
| 85 | + |
| 86 | + const response = await GET(new Request("http://localhost/api/integrations/slack/events")); |
| 87 | + const body = await response.json(); |
| 88 | + |
| 89 | + expect(response.status).toBe(200); |
| 90 | + expect(body.display_information.name).toBe("MemroOS Memory"); |
| 91 | + expect(body.settings.event_subscriptions.request_url).toBe("https://memroos.example/api/integrations/slack/events"); |
| 92 | + expect(body.settings.event_subscriptions.bot_events).toContain("message.channels"); |
| 93 | + }); |
| 94 | + |
| 95 | + it("answers Slack URL verification challenges after signature verification", async () => { |
| 96 | + const { POST } = await loadRoute(); |
| 97 | + |
| 98 | + const response = await POST(signedRequest({ type: "url_verification", challenge: "challenge-token" })); |
| 99 | + const body = await response.json(); |
| 100 | + |
| 101 | + expect(response.status).toBe(200); |
| 102 | + expect(body).toEqual({ challenge: "challenge-token" }); |
| 103 | + }); |
| 104 | + |
| 105 | + it("ingests signed Slack message events into provider-agnostic memory", async () => { |
| 106 | + const { POST, getDb } = await loadRoute(); |
| 107 | + |
| 108 | + const response = await POST(signedRequest(slackMessageEvent())); |
| 109 | + const body = await response.json(); |
| 110 | + |
| 111 | + expect(response.status).toBe(201); |
| 112 | + expect(body).toMatchObject({ ok: true, created: true, duplicate: false }); |
| 113 | + |
| 114 | + const memoryRow = getDb() |
| 115 | + .prepare("SELECT provider, workspace_id, channel_id, thread_id, author_id, content FROM platform_message_memory") |
| 116 | + .get() as Record<string, unknown>; |
| 117 | + expect(memoryRow).toMatchObject({ |
| 118 | + provider: "slack", |
| 119 | + workspace_id: "T123", |
| 120 | + channel_id: "C123", |
| 121 | + thread_id: "1782763000.000000", |
| 122 | + author_id: "U123", |
| 123 | + content: "Slack can be a MemroOS memory source.", |
| 124 | + }); |
| 125 | + |
| 126 | + const recallRow = getDb().prepare("SELECT session_id, project, request_id, policy FROM messages").get() as Record<string, unknown>; |
| 127 | + expect(recallRow).toMatchObject({ |
| 128 | + session_id: "platform:slack:T123:C123", |
| 129 | + project: "platform:slack", |
| 130 | + request_id: body.dedupeKey, |
| 131 | + policy: "indexable", |
| 132 | + }); |
| 133 | + }); |
| 134 | + |
| 135 | + it("dedupes retried Slack events by provider/team/channel/thread/message id", async () => { |
| 136 | + const { POST, getDb } = await loadRoute(); |
| 137 | + const event = slackMessageEvent(); |
| 138 | + |
| 139 | + const first = await POST(signedRequest(event)); |
| 140 | + const second = await POST(signedRequest(event)); |
| 141 | + |
| 142 | + expect(first.status).toBe(201); |
| 143 | + expect(second.status).toBe(200); |
| 144 | + expect(await second.json()).toMatchObject({ ok: true, created: false, duplicate: true }); |
| 145 | + expect((getDb().prepare("SELECT COUNT(*) AS count FROM platform_message_memory").get() as { count: number }).count).toBe(1); |
| 146 | + expect((getDb().prepare("SELECT COUNT(*) AS count FROM messages").get() as { count: number }).count).toBe(1); |
| 147 | + }); |
| 148 | + |
| 149 | + it("rejects invalid signatures before reading events", async () => { |
| 150 | + const { POST } = await loadRoute(); |
| 151 | + |
| 152 | + const response = await POST(signedRequest(slackMessageEvent(), { signature: "v0=bad" })); |
| 153 | + const body = await response.json(); |
| 154 | + |
| 155 | + expect(response.status).toBe(401); |
| 156 | + expect(body).toEqual({ ok: false, error: "invalid_signature" }); |
| 157 | + }); |
| 158 | + |
| 159 | + it("skips bot messages by default", async () => { |
| 160 | + const { POST } = await loadRoute(); |
| 161 | + const botEvent = slackMessageEvent({ |
| 162 | + event: { |
| 163 | + type: "message", |
| 164 | + channel: "C123", |
| 165 | + bot_id: "B123", |
| 166 | + username: "summary-bot", |
| 167 | + text: "Automated message", |
| 168 | + ts: "1782763201.000000", |
| 169 | + }, |
| 170 | + }); |
| 171 | + |
| 172 | + const response = await POST(signedRequest(botEvent)); |
| 173 | + const body = await response.json(); |
| 174 | + |
| 175 | + expect(response.status).toBe(200); |
| 176 | + expect(body).toEqual({ ok: true, ignored: true, reason: "bot_message" }); |
| 177 | + }); |
| 178 | + |
| 179 | + it("rejects non-allowlisted Slack teams", async () => { |
| 180 | + const { POST } = await loadRoute(); |
| 181 | + |
| 182 | + const response = await POST(signedRequest(slackMessageEvent({ team_id: "T999", authorizations: [{ team_id: "T999" }] }))); |
| 183 | + const body = await response.json(); |
| 184 | + |
| 185 | + expect(response.status).toBe(403); |
| 186 | + expect(body).toEqual({ ok: false, error: "Slack team is not allowlisted" }); |
| 187 | + }); |
| 188 | +}); |
0 commit comments